Cybercrime is a phenomenon of our time, often reflected in the media. One study indicates that fear of attacks even exceed the intensity to ordinary theft or fraud. Criminological research on crime made by computer systems is still under exploration. Even the most accomplished to date tend to change the way are seen the offenses in current systems of criminal justice.
Only a small proportion of criminal offenses related to the use of computer systems come to the attention of the criminal investigation bodies, so it is very difficult to achieve an overview of the extent and evolution of the phenomenon. If it is possible to achieve an adequate description of the types of offenses encountered, it is very difficult to present a synthesis based on the extent of losses caused by them, and the actual number of crimes committed. The number of cases of computer crime is growing. Thus, in Germany was evidentiated in 1996 32.128 recorded in such cases, in the Netherlands in the period 1981-1992 was found 1400 cases, and in Japan between 1971 and 1995, 6671 cases. It is estimated that only 5% of their deeds come to the knowledge of the prosecution. To counter this lack of information, was used the process of surveys. The survey conducted by the Computer Crime Institute and Federal Bureau of Investigation (FBI) in 2003 indicated losses of 201,797,340 dollars for the 538 surveyed U.S. businesses and institutions.
Small number of reported offenses is attributed to several causes, among which:
- sophisticated technology used by perpetrators;
- lack of specific training of the officers of the prosecution;
- lack of a response plan in case of attack from the victims of these crimes, which can lead to the failure caused losses;
- reluctant to report crimes criminal investigation bodies.
In the latter case, even if the crime was seized, victims do not notify the prosecution to detect and punish the perpetrator. The reasons for this behavior are many. Among these, we mention concerns about the public image that could be affected by the publicity around the crime; desire not to bear the costs of any investigation, given the complexity of such research; not least, the lack of possibility to recover their losses, even if identifying the perpetrator.
Meanwhile, the cyber crime investigations are by their nature complex and involves the use of sophisticated equipment with high costs. Also, specialized staff training is a lengthy process and involves high costs. Such investigations are time consuming. A cybercrime investigator in the field can work at maximum 3-4 cases per month, while a traditional investigator may settle between 40 and 50 cases in the same period of time.
For the purposes of this paper we adopt the working definition given for the computer crimes by the OECD Expert Group in 1983:
any misconduct, unethical or unauthorized behaviour for am automatic treatment of data and/or data transmission
This definition, although formulated more decades ago, proves its worth in the first place by allowing the integration of subsequent developments in the field of information technology.
During the present paper we will work with two definitions formulated by UNAF.
Thus, computer crime broadly means:
any crime in which a computer or a computer network is the subject of an offense, or a computer or a network of computers is the instrument of carrying out a crime.
Narrow by computer crime means:
any offense the offender interfere without authorization, with automatic data processing processes.
The content of the concept of cybercrime is extremely varied, being approached from different perspectives in the literature. Within the report of the European Committee on Crime Problems, cybercrimes are grouped in the following categories:
- offense of computer fraud;
- computer crime of forgery;
- offense of damage of data or computer programs;
- crime of computer sabotage;
- offense of unauthorized access to a computer;
- offense of unauthorized interception;
- offense of unauthorized reproduction of software protected by law;
- offense of unauthorized reproduction of a topography;
- offense of alteration without rights of data or software;
- computer intelligence crime;
- offense of unauthorized use of a computer;
- offense of unauthorized use of a computer program protected by law.
The manual of United Nations for crime prevention and control of computer makes the following categories of offenses:
- fraud by manipulating electronic computers;
- fraud by forging documents;
- alteration or modification of data or computer programs;
- unauthorized access to computer systems and services;
- unauthorized reproduction of computer programs protected by law.
The study “The legal aspects of computer crime in the information society” (COMCRIM study) conducted for the European Commission by Prof. Dr. Ulrich Sieber, University of Wurzburg, Germany, presented the following categories and sub-categories of computer crime:
- violations of privacy;
- economic offenses:
- penetration of systems to overcome technical difficulties of security (“hacking”);
- intelligence information;
- piracy of computer programs;
- computer sabotage;
- computer fraud;
- distribution of illegal or harmful information (propaganda racist, dissemination of child pornography, etc.).
- other crimes:
- crimes against life;
- offenses related to organized crime;
- electronic warfare.
Cybercrime can be classified following different criteria. We will use for cybercrime classification the criterion of the role of computer systes in the offense. From this perspective, cybercrimes are classified into:
- crimes committed using computer systems, where computer systems are a tool to facilitate the commission of crime. These are “traditional” offenses improved by using computer systems; and
- offenses committed through computer systems, where computer systems, including data stored in them, are targeted crime. These offenses can only be committed through computer systems. They were subject to regulation in recent years.
We mention here another role that information systems can play in forensic investigation: the role of media and retrieval cues or evidence concerning how to commit a crime.
Awareness of the social danger of the crime such as computer triggered their criminalization in many states. He took as being the concept of “specific criminal information” as a reflection of the many new elements introduced into the criminal law to new forms of crime based on modern technology. Legislation in the field of cybercrime followed, since the ’70s, several “waves”. The first “wave” was prompted by the need to protect the right to privacy. Individual protection law to personal data processing were adopted in Sweden (1973), the USA (1974), Germany (1977), Austria, Denmark, France and Norway (1978), or more recently in Belgium, Spain, Switzerland (1992), Italy and Greece (1997). The second “wave” is linked to the repression of economic offenses, resulting legislative changes in the U.S. and Italy (1978), Australia (1979), UK (1981), and Switzerland (1994) and Spain (1995). A third set of rules is related to legislative intervention to protect intellectual property in the field of information technology in countries like U.S. (1980), Hungary (1983), Germany, France, Japan, Great Britain (1985) and Austria (1993), Romania (1996), Luxembourg (1997). The fourth “wave” of reforms for regulating the distribution of illegal or harmful information, and was strongly boosted in the late 80s the rise of the Internet. The fifth “wave” is related to changes in procedural law matters concerning criminal procedure issues raised within information technology, while the sixth “wave” of imposing limits and material security.
In this respect, Council of Europe has initiated a series of regulations on Cybercrime. Thus, in 1995 adopted Recommendation. R (95) 13 concerning problems of criminal procedural law connected with information technology on 23 November 2001, signed in Budapest Convention on Cybercrime. Convention aims to prevent acts directed against the confidentiality, integrity and availability of computer systems, networks and data, and fraudulent use of such systems, networks and data, by providing criminalize such conduct and encourage the adoption of measures that permit effective combating these types of crimes, to facilitate the discovery, investigation and prosecution of their both nationally and internationally, and by providing substantive provisions necessary to ensure a fast and reliable international cooperation.