Week 6 Flashcards
(24 cards)
White collar crime
No generally agreed upon definition of white collar crime (wcc). One definition is:
“White collar crimes are illegal or unethical acts that violate fiduciary responsibility of public trust committed by an individual or organization, usually during the course of legitimate occupational activity, by persons of high or respectable social status for personal of organizational gain”
Types of white collar crime
- Corporate crime | - Occupational crime
- Governmental crime | - State corporate crime
- Financial crime | - Crimes of globalisation
- Contrepreneurial crime | - Techno-crime
- Avocational crime
Corporate crime (Payne, 2013)
- Antitrust offences
- Price fixing, cartels, price gouging
- False advertising
- Misrepresentation, bait and switch
- Deceptive sales
- Unfair labour practices
- Unsafe work environments
- Harmful consumer products
- Harmful treatment of consumers
Implications for measuring WCC
Calculating the incidence of white collar crime is difficult due to:
- The lack of compulsory and reliable data collection systems for WCC
- WCC is not a focus of uniform crime reports (US); ABS; Police agencies; AIC
- Reported crime and criminal court statistics will substantially under-count the incidence of WCC
eg. because agencies may not classify it as WCC, it is mixed in with other crimes in offence categories; or outside the scope in regulatory categories
Corporate crime research - Bartlett and Ransley
- Examined the Top 3 ASX200 listed corporations in each of the 11 industry sectors, plus their wholly owned subsidiary corporations
- Total sample = 1941 corporations (33 parent corporations and 1908 subsidiary corporations).
- Utilised publicly available information from Australia’s four largest national regulators (ASIC, ACCC, ATO and FWA/FWO) to examine offending profiles and regulatory action over the period 1 January 2010 to 31 December 2015.
Bartlett and Ransley insights
- 27.2% of corporate groups (parent corporations and the subsidiaries) had at least one offence
- In some instances offending was limited to subsidiaries
- Total of 161 offences were identified (but a significant under-count)
- Three corporate groups (F1, U1 and C2), or 33.3% of offending corporate groups, accounted for 76.4% of offences
Corporate crime research insights
- Offending largely fell into one of three broad categories: (1) breaches of market integrity (including cartel offences), (2) misleading or deceptive conduct (including making false and misleading representations)
(3) unconscionable conduct. - > Together these three categories of offending accounted for 78.8% of identified offences
- 8/9 offending corporate groups, (24.2% of all corporate groups studied) had engaged in conduct which was misleading or deceptive, or had made false and misleading representations.
- 2/9 offending corporate groups had offences spanning more than one regulator
Techno crime
Internet crimes comes in three varieties:
- ‘Computer focused’
- ‘Computer enabled’
- Online versions of ‘old offences’
Computer focused crimes
‘Computer focused’ crimes which can only be committed due to the existence of the internet :
- Computer hacking
- Distribution of viruses
Computer enabled crimes
‘Computer enabled’: crimes that use computers/internet but can be committed with or without a computer
- Fraud
- Theft
- Money laundering
- Harassment
- Distribution of child exploitation material
- Piracy
- look up image
Policing techno-crime
Problems with policing this type of crime:
- crimes may not fit traditional definitions so new laws have to be passed
- technology changes quickly & the laws may not keep up.
Problems of enforcement :
- specialised area
- cross jurisdictional boundaries
Reporting and investigation of computer crime
Most cybercrime incidents go unreported (Center for Strategic and International Studies, 2014; AIC, 2011)
- Victims need to recognise they have been victimised
- Even if recognise that you’ve been victimised, may not report for a range of reasons
Why cybercrime isn’t reported
- Embarrassment
- CERT Australia Cybercrime Survey 2015 – 43% of businesses who experienced cybercrime did not report it to anyone
60% - no benefit in reporting
22% - offenders wouldn’t get caught/prosecuted
22% - didn’t want negative publicity - Don’t know who to report too
Who to report cybercrime to
Internet crime may be reported to multiple agencies depending upon the nature of the offence and who is reporting, for example:
- AFP & State/Territory Police Services (QPS Financial and Cybercrime Group)
- CERT Australia (part of C’wlth Attorney-General’s Dept)
- ACCC (Scamwatch)
- ACORN
Cost of internet crime
- Estimated annual cost globally of internet crime is $375 billion - $575 billion (FBI, 2014)
- Australian government estimates that cybercrime costs the nation $1.2 billion annually in direct financial losses (Symantec estimate it is closer to $2 billion)
- Two banks in the Persian Gulf lost $45 million in a few hours
- A British company reported that it lost $1.3 billion from a single attack
- Brazilian banks say their customers lose millions annually to cyberfraud.
Extent of internet crime
- In 2013 estimated that more than 5 million Australians had been a victims of cybercrime in the last 12 months.
- In the US, for example, the government notified 3,000 companies in 2013 that they had been hacked
- India’s CERT reported that 308,371 websites were hacked between 2011 and June 2013
Businesses as victims of cybercrime
- In 2016, globally, 36% of businesses reported being a victim of ‘economic crime. Of those, 32% of businesses reported being the victim of ‘cybercrime’.
- 52% of Australian businesses have been the victim of an ‘economic crime’.
- Of those, 65% had been the victim of cybercrime…the #1 type of economic crime committed against Australian businesses
- 2015 ACSC Cyber Security Survey of Major Australian Businesses – 50% of respondents had experienced at least one cyber security incident in the past 12 months.
- 5% reported more than 10 cyber security incidents.
- look up images
Individuals of cybercrime
- “More than $234 million worth of financial loss was self-reported by victims of cybercrime to the Australian Cybercrime Online Reporting Network (ACORN) in the first quarter of 2015. If similar figures continue to be reported each period, this would equate to A$936 million over one year
- It is important to note that this estimate would only account for losses affecting members of the public and small to medium businesses.” (ACC, 2015)
Cybercrime offender characteristics
- Cybercrime committed against Australians is assessed to be largely carried out by individuals and organised crime groups based offshore.
- increasing awareness and access, online criminal forums and marketplaces (‘darknets’) enables Aus-based criminal actors to share info and trade illicit services and commodities internationally.
- Cybercrime toolsets, predominantly malicious software (‘malware’), are available for purchase and ongoing service support is provided. This widens access to a previously highly technical capability to any actor with an average proficiency and a criminal intent to pursue an illicit profit”. (ACC, 2015)
Human error
Survey found that 59% of respondents agree that most information security threats that result from insiders are resultant from innocent mistakes rather than malicious abuse of privileges (Federal Computer Week, 2014)
2014 IBM’s Cyber Security Intelligence Index found that 95% of security incidents involved human error – offenders preyed on human weaknesses to lure insiders to unwittingly provide access to sensitive information
USB tests
- U.S. Department of Homeland Security ran a test to see how hard it was for hackers to corrupt workers and gain access to computer systems by dropping computer discs and USB thumb drives in the parking lots of government buildings and private contractors
- Of those who picked them up, 60% plugged the devices into office computers; if the drive or CD case had an official logo, 90% were installed
Social engineering
The manipulation of people to get them to unwittingly perform actions that cause harm (or increase the probability of causing future harm) to the confidentiality, integrity, or availability of the organisation’s resources or assets, including information, information systems, or financial systems (Carnegie Mellon, 2014, pp. xi)
Used proficiently, social engineering can enable adversaries to bypass security measures they were unable to overcome via technical means. (ACSC, 2016)
Social engineering in action
- Not all social engineering attacks are designed to yield pieces of sensitive information
- Phishing scams might be the most common types of social engineering attacks
- Spear-Phishing: increase in sophistication of attack - limit the target audience and increase the precision of their messages; increases the appeal of the message and apparent legitimacy
Phishing
- Seek to obtain personal information, such as names, addresses, date of birth and tax file numbers
- Use link shorteners or embed links that redirect users to suspicious websites in URLs (appear legitimate)
- Incorporates threats, fear and/or sense of urgency to manipulate the user into acting quickly
