Snatched secrets: Cybercrime and trade secrets modelling a firms decision to report a theft of trade secrets
اسرار ربوده شده: جرایم سایبری و اسرار تجاری مدل سازی تصمیم یک شرکت برای گزارش سرقت اسرار تجاری-2019
Cybercrime and economic espionage are increasing problems for firms. We build on US FBI policy to frame the interaction between a cybercrime victim firm and a government security agency. We bring together several strands in the literature to model the strategies of the firm, which has suffered a cy- ber breach and theft of trade secrets, and the government security agency, which must investigate and prosecute crimes. We investigate the interactions between these two players, in which the firm has pri- vate information about its cybersecurity investment. This investment level is unknown to the security agency, which must nonetheless decide how to prioritize reported crime. We model this asymmetric in- formation problem within a game theoretic signaling framework derived from Becker’s work in crime and punishment. We suggest that such a framework can inform policy to encourage security investments by firms and more efficient resource utilization by security agencies. We particularly focus on an illustrative stylized example to highlight how our modelling approach can be helpful. In this example we compare two worlds; one where all security breaches become public knowledge and another where only reported breaches become public knowledge. We then formulate two potentially testable Hypotheses and several implications of these Hypotheses. Case studies and a policy analysis further highlight how our framework plays out in reality
Keywords: Cyber security | Cybercrime | Trade secrets | Economic espionage | Cyber breaches
An inquiry into the legal status of the ECOWAS cybercrime directive and the implications of its obligations for member states
An inquiry into the legal status of the ECOWAS cybercrime directive and the implications of its obligations for member states-2019
On 19 August 2011, the ECOWAS Council of Ministers adopted Directive C/DIR.1/08/11 on Fighting Cybercrime at its Sixty Sixth Ordinary Session in Abuja, Nigeria. The adoption of the Directive at that time arose from the need to tackle the growing trend in cybercrime within the ECOWAS region, as some Member States were already gaining global notoriety as major sources of email scams and Internet fraud. Accordingly, the Directive established a legal framework for the control of cybercrime within the ECOWAS region, and also imposed obligations on Member States to establish the necessary legislative, regulatory and administrative measures to tackle cybercrime. In particular, the Directive required Member States to implement those obligations “not later than 1st January, 2014 . This article undertakes an inquiry into the legal status of the Directive as an ECOWAS regional instrument in the domestic legal systems of Member States. In this regard, the article examines whether the requirement regarding the superiority or direct applicability of ECOWAS Community laws such as ECOWAS Acts and Regulations in the domestic legal systems of Member States also apply to ECOWAS Directives such as the Cybercrime Directive. The article also examines the legal implications of the Directive’s obligations for Member States. The article argues that while some Member States have not implemented the obligations under the Directive, that those obligations however provide a legal basis for holding Member States accountable, where the failure to implement has encouraged the perpetration of cybercrime that infringed fundamental rights guaranteed under human right instruments such as the African Charter on Human and Peoples’ Rights or under their national laws.
Keywords: Cybercrime | Cybercrime directive | ECOWAS | Regionalism | Regional obligations | West Africa
Unauthorized access crime in Jordanian law (comparative study)
جرم دسترسی غیرمجاز در قانون اردن (مطالعه مقایسه ای)-2019
This research cared about clarifying the legal provisions of the unauthorized access crime contained in article 3 of the Jordanian Cybercrime act of 2015 and comparing it to other Arabic legislations and French law as well as clarifying the position of international conventions on this crime. The analysis of the crime included clarifying its elements, its sanction and the aggravating circumstances of its penalty. At the end of the research we reached some recommendations which we hope from the Jordanian legislator to adopt.
Keywords: Cybercrimes | Penal code | Unauthorized access | Jordanian law
Attacks on the confidentiality, integrity and availability of data and computer systems in the criminal case law of the Czech Republic
حمله به محرمانه بودن ، یکپارچگی و در دسترس بودن سیستم های داده و رایانه ای در پرونده کیفری جمهوری چک-2019
Uncovering attacks on data and computer systems and those responsible for them is one of the contemporary problems that the authorities involved in criminal proceedings have to deal with. Where this sort of cybercrime is concerned we can expect not only high levels of latency but also a low clearup rate for crimes on file. This paper demonstrates this using the example of the Czech Republic, by providing an analysis of all cases of this type of cybercrime dealt with by courts between 2008 and 2016. It focuses in particular on proceedings concerned with illegal access and data and system interference. The cybercrimes that are brought to court in the Czech Republic is not representative of the cybercrime committed in the Czech Republic either in terms of its type or its extent. The cases dealt with by the courts are primarily connected with personal relationships and the Internet. The most frequent type of case thus concerns the misuse of passwords for accessing social networking sites or email inboxes. We were also surprised to find that the courts had begun to apply facts relevant to cybercrime cases in cases involving the manual manipulation of gambling machines. The Czech Republic has evidently not yet found a way of demonstrating criminals’ guilt in more complex cybercrime cases.
Keywords: Cybercrime | Czech Republic | Illegal access | Data interferecnce | System interference
Crime control in the sphere of information technologies in the Republic of Turkey
کنترل جرم در حوزه فناوری های اطلاعات در جمهوری ترکیه-2019
Cybercrime is considered an issue of both local and global concern. Therefore, this study focuses on the local experience in cybercrime control of different countries, including the Republic of Turkey. The article discusses issues in cybersecurity policy and analyzes the legislative framework of the Republic of Turkey on cybercrime issues. The findings underlie the continuing education policy for cybersecurity employees. The study concludes that Turkey handles the current cybercrime situation with efficiency.
Keywords: Cybercrime | Unauthorized access | Criminal law | Ratification | Training of police officers
A cybercrime incident architecture with adaptive response policy
معماری حوادث سایبری با سیاست واکنش تطبیقی-2019
Handling and mitigating the cybercrime incidents (CIs) have attracted significant research attention, over the last years, due to their increasing frequency of occurrence. However, the term cybercrime is often used interchangeably with other technology-linked malicious acts, such as cyberwarfare, and cyberterrorism, leading to misconceptions. In addition, there does not exist a management framework which would classify CIs, qualitatively and quantitatively evaluate their occurrence and promptly align them with appropriate measures and policies. This work introduces a Cybercrime Incident Architecture that enables a comprehensive cybercrime embodiment through feature identification, offence classification mechanisms, threats’ severity labeling and a completely novel Adaptive Response Policy (ARP) that identifies and interconnects the relevant stakeholders with preventive measures and response actions. The proposed architecture consists of four separate complementary components that lead to a manually – and in the future automatically – generated ARP. The idea is to build a holistic framework toward automated cybercrime handling. A criminal case study is selected to validate the introduced framework and highlight its potentiality to evolve into a CI expert system.
Keywords: Cybercrime incident | Offence classification system | Cyber-security | Threat severity | Security and privacy | Investigation techniques | Social engineering attacks | Malware/spyware crime
Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours
عوامل انسانی در امنیت سایبری؛ بررسی ارتباط بین اعتياد به اینترنت، تکانشگری، نگرش نسبت به امنیت سایبری و رفتارهای خطرناکی در زمینه امنیت سایبری-2017
The present study explored the relationship between risky cybersecurity behaviours, attitudes towards cybersecurity in a business environment, Internet addiction, and impulsivity. 538 participants in part-time or full-time employment in the UK completed an online questionnaire, with responses from 515 being used in the data analysis. The survey included an attitude towards cybercrime and cybersecurity in business scale, a measure of impulsivity, Internet addiction and a ‘risky’ cybersecurity behaviours scale. The results demonstrated that Internet addiction was a significant predictor for risky cybersecurity behaviours. A positive attitude towards cybersecurity in business was negatively related to risky cybersecurity behaviours. Finally, the measure of impulsivity revealed that both attentional and motor impulsivity were both significant positive predictors of risky cybersecurity behaviours, with non-planning being a significant negative predictor. The results present a further step in understanding the individual differences that may govern good cybersecurity practices, highlighting the need to focus directly on more effective training and awareness mechanisms.
Studying illicit drug trafficking on Darknet markets: Structure and organisation from a Canadian perspective
مطالعه قاچاق مواد مخدر در بازارهای دارکنت: ساختار و سازمان از دیدگاه کانادا-2016
Cryptomarkets are online marketplaces that are part of the Dark Web and mainly devoted to the sale of illicit drugs. They combine tools to ensure anonymity of participants with the delivery of products by mail to enable the development of illicit drug trafﬁcking.Using data collected on eight cryptomarkets, this study provides an overview of the Canadian illicit drug market. It seeks to inform about the most prevalent illicit drugs vendors offer for sale and preferred destination countries. Moreover, the research gives an insight into the structure and organisation of distribution networks existing online. In particular, we provide information about how vendors are diversifying and replicating across marketplaces. We inform on the number of listings each vendor manages, the number of cryptomarkets they are active on and the products they offer.This research demonstrates the importance of online marketplaces in the context of illicit drug trafﬁcking. It shows how the analysis of data available online may elicit knowledge on criminal activities. Such knowledge is mandatory to design efﬁcient policy for monitoring or repressive purposes against anonymous marketplaces. Nevertheless, trafﬁcking on Dark Net markets is difﬁcult to analyse based only on digital data. A more holistic approach for investigating this crime problem should be developed. This should rely on a combined use and interpretation of digital and physical data within a single collaborative intelligence model.© 2016 Elsevier Ireland Ltd. All rights reserved.
Keywords: Digital data | Cybercrime | Intelligence | Criminal evolution | TOR | PGP key