Innovative Technologies in Combating Cyber Crime

So far, development and enhancement of global communication networks, distribution of software, and upgrading of computer systems are accompanied by the evolution of criminal environment, with the latter evolving not only within one particular nation but throughout the international community. New opportunities in cyber crime translate into new threats for global information networks and community as a whole, which in terms of preventing and combating cyber crime requires substantial strengthening of information security measures and an approach that is completely different from that applied to combating common crime. The article presents innovative technologies in combating cyber crime and an ever-increasing significance of information security as a system of protecting private, public and state interests. Keywords: cyber crime, cyber security, Internet, information security, innovative technologies, computer systems, information technologies (IT), cyber threats, cyber space

Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness

Secure web application development and global regulation

The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today’s global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization’s policy compatibility, needs to be acknowledged in secure Web application development methodologies

National plan to combat cybercrime

Australia is a highly connected country - technology and the internet are crucial to Australia\u27s way of life. However, while the potential of the internet and digital economy is clearly a massive opportunity for Australia, it is also quickly emerging as a key enabler for criminal activity. In Australia, the term \u27cybercrime\u27 is used to describe both: crimes directed at computers or other information communications technologies (ICTs) (such as hacking and denial of service attacks) and crimes where computers or ICTs are an integral part of an offence (such as online fraud, identity theft and the distribution of child exploitation material). Responsibility for combating the different forms of cybercrime in Australia is shared between Australian Government agencies state and territory agencies. All jurisdictions have criminal laws directed at the various forms of cybercrime. The Australian Attorney-General\u27s Department has led the development of a National Plan to Combat Cybercrime, in consultation with Australian Government agencies, state and territory agencies

Hybrid threats, cyber warfare and NATO's comprehensive approach for countering 21st century threats: mapping the new frontier of global risk and security management

The end of the so-called ‘Cold War’ has seen a change in the nature of present threats and with it to the overall role and mission of NATO, the North Atlantic Treaty Organization. The collapse of the Soviet Union and the Warsaw Pact in 1991 also removed the original raison d’etre of the Alliance: the prospect of having to repel a Soviet led attack by the Warsaw Pact on the West through the so called ‘Fulda gap’ in Germany (referring to the German lowlands between Frankfurt am Main and the former East German border which was regarded as the most likely terrain for an armour led Soviet breakout) was replaced by the recognition of the need to counter new – often hybrid – threats, which have little in common with bygone acts of interstate aggression. These new, modern threats to global peace, prosperity and security seriously threaten the present steady state environment at home (before the backdrop of the ongoing asymmetric conflicts in Afghanistan, Pakistan and Iraq) and warrant a comprehensive, multi-stakeholder driven response. Multimodal, low intensity, kinetic as well as non-kinetic threats to international peace and security including cyber war, low intensity asymmetric conflict scenarios, global terrorism, piracy, transnational organized crime, demographic challenges, resources security, retrenchment from globalization and the proliferation of weapons of mass destruction were identified by NATO as so called “Hybrid Threats” (cf BI-SC Input for a New NATO Capstone Concept for The Military Contribution to Countering Hybrid Enclosure 1 to 1500/CPPCAM/FCR/10-270038 and 5000 FXX/0100/TT-0651/SER: NU0040, dated 25 August 2010). NATO’s Bi-Strategic Command Capstone Concept describes these Hybrid Threats as ‘those posed by adversaries, with the ability to simultaneously employ conventional and non-conventional means adaptively in pursuit of their objectives.’ (See Hybrid Threats Description in 1500/CPPCAM/FCR/10-270038 and 5000 FXX/0100/TT-0651/SER: NU0040 dated 25 August 2010: Paragraph 7). Having identified this kind of emerging threat, NATO is working on a comprehensive conceptual framework, (the Capstone Concept) which provides the framework for identifying and discussing such threats and possible multi-stakeholder responses. In essence, Hybrid Threats faced by NATO and its non-military partners require a comprehensive approach allowing a wide spectrum of responses, kinetic and non-kinetic by military and non-military actors (see “Updated List of Tasks for the Implementation of the Comprehensive Approach Action Plan and the Lisbon Summit Decisions on the Comprehensive Approach”, dated 4 march 2011, p 1-10, paragraph 1). NATO Allied Command Transformation (ACT) supported by the US Joint Forces Command Joint Irregular Warfare Centre (USJFCOM JIWC) and the US National Defence University (NDU) conducted specialised workshops related to “Assessing Emerging Security Challenges in the Globalised Environment (Countering Hybrid Threats) Experiment” in 2011(cf NATO’s Transnet network on Countering Hybrid Threats (CHT) at https://transnet.act.nato.int/WISE/Transforma1/ACTIPT/JOUIPT). The workshops of the experiment took place in Brussels, Belgium and Tallinn, Estonia and had the aim of identifying possible threats and to discuss some or the key implications that need to be addressed in countering such risks & challenges. Essential is the hypothesis that such a response will have to be in partnership with other stakeholders such as international and regional organizations as well as representatives of business and commerce. This short article introduces the reader to a new form of global threat scenario and the possibilities of response and deterrence within their wider legal and political context

PRECEPT: A Framework for Ethical Digital Forensics Investigations.

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability. In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure. The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this. Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced. Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Social Aspects of New Technologies - the CCTV and Biometric (Framing Privacy and Data Protection) in the Case of Poland

The purpose of this paper is to review the institution responsible for the protection of personal data within the European Union and national example - Polish as a country representing the new Member States. The analysis of institutional system - providing legal security of communication and information institutions, companies and citizens against the dangers arising from the ongoing development of innovative new technologies in the European Union and Poland. This article is an attempt to analyze the possibility of using security systems and Biometry CTTV in Poland in terms of legislation. The results of the analysis indicate that, in terms of institutions Poland did not do badly in relation to the risks arising from the implementation of technology. The situation is not as good when it comes to the awareness of citizens and small businesses. This requires that facilitate greater access to free security software companies from data leakage or uncontrolled cyber-terrorist attacks. With regard to the use of security systems, CCTV and biometrics, Poland in legal terms is still early in the process of adapting to EU Directive. The continuous development of technology should force the legislature to establish clear standards and regulations for the application of CCTV technology and biometrics, as it is of great importance in ensuring the fundamental rights and freedoms of every citizen of the Polish Republic.Wyniki analizy wskazują, że pod względem instytucji Polska nie wypada źle w odniesieniu do zagrożeń wynikających z wdrożenia technologii. Sytuacja nie jest tak dobra, jeśli chodzi o świadomość obywateli i mniejszych firm. Wymaga to ułatwiania szerszego dostępu do darmowych programów zabezpieczających firmy przed wyciekiem danych lub niekontrolowanych cyber-ataków terrorystycznych. W odniesieniu do stosowania systemów zabezpieczeń CCTV oraz biometrii, Polska pod względem prawnym jest wciąż na początku procesu dostosowania do dyrektywy UE. Ciągły rozwój technologii powinien zmusić ustawodawcę do stworzenia jednoznacznych standardów i przepisów obowiązujących w zakresie stosowania technologii CCTV oraz biometrii, gdyż ma to ogromne znaczenie w zapewnieniu podstawowych praw i wolności każdego obywatela Rzeczypospolitej Polskiej