Cyber Crime and Information Warfare

CYBER CRIME AND INFORMATION WARFARE

Dr Peter Grabosky

Australian Institute of Criminology, ACT

Paper presented at the Transnational Crime Conference

convened by the Australian Institute of Criminology

in association with the Australian Federal Police and

Australian Customs Service

and held in Canberra, 9-10 March 2000

2

Introduction

Willie Sutton, a notorious American bank robber of a half century ago, was once asked why he

persisted in robbing banks. “Because that’s where the money is,” he is said to have replied.1 The

theory that crime follows opportunity has become established wisdom in criminology;

opportunity reduction has become one of the fundamental principles of crime prevention.

But there is more to crime than opportunity. Crime requires a pool of motivated offenders,

and a lack of what criminologists would refer to as “capable guardianship”; someone to mind

the store, so to speak.

These basic principles of criminology apply to computer related crime no less than they do to

bank robbery or to shop lifting. They will appear from time to time throughout the following

discussion. Not all of these factors are amenable to control by governments alone. It follows,

therefore, that a variety of institutions will be required to control computer related crime.

This paper discusses current and emerging forms of computer-related illegality. It reviews nine

generic forms of illegality involving information systems as instruments or as targets of crime.

It will also discuss issues arising from the global reach of information systems. It is trite to

describe the ways in which computers have, figuratively speaking, made the world a smaller

place. The corresponding potential for trans-jurisdictional offending will pose formidable

challenges to law enforcement. For some crimes, this will necessitate a search for alternative

solutions.

The following pages will suggest that much computer-related illegality lies beyond the

capacity of contemporary law enforcement and regulatory agencies alone to control, and that

security in cyberspace will depend on the efforts of a wide range of institutions, as well as on

a degree of self-help by potential victims of cyber-crime.

The ideal configuration may be expected to differ, depending upon the activity in question,

but is likely to entail a mix of law enforcement, technological and market solutions. The paper

will conclude with a discussion of the most suitable institutional configuration to address

those forms of computer-related crime which have been identified.

Before we begin to review the various forms of criminality involving information systems as

instruments and/or as targets, and the most appropriate means of controlling them, let us first

look at the questions of motivation and of opportunity.

Motivations of Computer Criminals

The motivations of those who would commit computer related crime are diverse, but hardly

new. Computer criminals are driven by time-honoured motivations, the most obvious of which

are greed, lust, power, revenge, adventure, and the desire to taste “forbidden fruit”. The ability

to make an impact on large systems may, as an act of power, be gratifying in and of itself. The

desire to inflict loss or damage on another may also spring from revenge, as when a disgruntled

employee