Lawrence Peter Ampofo
Download 1.29 Mb.
|
Cybercrime in SpainCybercrime, which broadly describes the conflation of criminal activities and the internet, is an extensive problem in Europe and, in particular, Spain. The European Commission, in outlining the case for interstate cooperation on cybercrime legislation, declared that cybercrime has grown into a significant Europe-wide issue and is in a ‘permanent [state of] evolution, and legislation and operational law enforcement have obvious difficulties in keeping pace’ (Europa, 2007: 1). Indeed, as outlined briefly above, Bobbitt underscored the assertion made by the European Commission when he argued that internet and Web technologies enable criminal and terrorist organisations to conduct their activities utilising techniques such as phishing, identity theft and the creation of malicious software: ‘The internet has become an important tool for perpetuating terrorist groups, both openly and clandestinely. Many of them employ elaborate list serves, collect money from witting or unwitting donors, and distribute savvy political messages to a broad audience online...Clandestine methods include passing encrypted messages, embedding invisible graphic codes using steganography, employing the internet to send death threats and hiring hackers to collect intelligence such as the names and addresses of law enforcement officers from online databases…For example, higher casualties are brought about by simultaneous attacks, a diffusion in terrorist locations is made possible by internet communications, and extremist religious ideologies are spread through websites and videotapes accessible throughout the world’ (Bobbitt, 2008: 56). Bobbitt’s argument above, that the increase in global flows, particularly the burgeoning use of internet and Web technologies, has been employed by terrorist organisations as a means of generating an increase in funds, is one that has been applied to terrorist organisations operating in Spain (Framis, 2007, Buesa, 2011, Wiemann, 2007). One of the principal means by which this has been achieved is through the use of internet and Web technologies for criminal purposes. The European Commission, in its Convention on Cybercrime (2001), defined cybercrime as a term that encompasses a range of nefarious computer-based activities: ‘[T]he term cyber crime is applied to three categories of criminal activities. The first covers traditional forms of crime such as fraud or forgery, though in a cyber crime [sic] context relates specifically to crimes committed over electronic communication networks and information systems (hereafter: electronic networks). The second concerns the publication of illegal content over electronic media (i.e. child sexual abuse material or incitement to racial hatred). The third includes crimes unique to electronic networks, i.e. attacks against information systems, denial of service and hacking’ (Europa, 2007: 1). The complexity of the term cybercrime is indelibly apparent in the definition offered by the European Commission. For example, identity theft, the first category of cybercrime, is a complex issue that has many nuances: ‘Most people associate identity theft with money because most reported cases involve criminals using the identity for activities such as obtaining credit cards, applying for loans, obtaining expensive medical or pharmaceutical treatments, or even stealing house titles. However, financial identity theft is only one of the many types of identity theft that exists. The Identity Theft Resource Center (ITRC) categorises identity theft into five major types: financial (the identity is used to obtain goods and services); criminal (the identity is used during a criminal investigation or arrest); commercial (the identity of a business is used to obtain credit); governmental (the identity is used to obtain government-issued documents such as a passport or driver’s license); and cloning (the identity is assumed by another and used on a daily basis)’ (Fossi et al. 2008: 24). The evidence for Fossi’s claim comes from the internet security corporation Symantec’s analysis of the goods and services offered for sale online by organisations conducting cybercrime. In addition, he references data stemming from the Identity Theft Resource Center’s 2007 annual report, which conducts qualitative and quantitative analysis of consumer experiences of identity theft. The quote above outlines the inherent complexity involved in defining identity theft and the differences in approach by both the public and private sectors. Such ontological difficulties make more difficult the challenge of opposing terrorism and cybercrime in Spain. As mentioned previously, Spain currently experiences a significant cybercrime problem that is largely controlled by prominent organised crime groups (International Intellectual Property Alliance, 2010). Piracy and file-sharing of copyrighted material present a significant challenge with large, highly organised groups including the visible mochileros and manteros76 selling copyrighted DVDs and CDs, for example. This problem is compounded by permissive legislation which effectively permits users to download content that is copyrighted free of charge without fear of legal punishment. According to the International Intellectual Property Association: ‘Spain is among the worst-performing markets in the world, and has suffered greatly from an online piracy problem that is spiraling out of control. Contributing to Spain’s high piracy levels are the government’s policies that decriminalize illegal downloading of content distributed via peer-to-peer (P2P) file-sharing (as reflected in the 2006 Circular issued by the Attorney General), and its failure to meet the minimum EU-level requirements regarding liability for Internet service providers (ISPs) under the E-Commerce Directive. As a result of the legal uncertainties, the police refuse to take Internet enforcement actions, and the Attorney General’s circular instruction dismissal of current criminal cases against illegal portal and link sites remains in force’ (International Intellectual Property Alliance, 2010: 1). Spain’s increase in incidents of cybercrime as outlined above were addressed in February 2011 as the Spanish Government approved the launch of the Sustainable Economy Law (Ley de Economía Sostenible or Ley Sinde) which focused on implementing a national set of changes that are designed to re-energise the economy, create employment and transform the national mode of production (La Moncloa, 2011). With respect to internet governance in Spain, the wide-ranging law proposed to outlaw illegal downloads of copyrighted material through peer-to-peer websites, something that was openly permitted in the past (Slashdot, 2010). The Government declared that it would close any Spain-based site that was suspected of providing illegal access to copyrighted material as a means of making the economy more productive and competitive (Navarro, 2011, Ley de Economía Sostenible, 2011). However, the sharp shift in focus by the Government has been met with widespread popular protests against the new law with some online users and communities claiming that the law does much to limit net neutrality and limit freedom of expression (No al Cierre de Webs, 2011). While terrorists’ use of criminal techniques is one of the ways in which such organisations have been described as using the online space to further the aims of their agenda (Bobbitt, 2008, Barnett, 2005), much has also been written on the potential for real-world terrorist acts being committed using the internet or the Web as a tool (Denning, 2003, Pollitt, 2007, Nelson, et al., 1999). The internet and terrorism scholar Dorothy Denning defined cyberterrorism as: ‘[T]he convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not’ (Denning, 2000: 1). While scholars and practitioners (Salellas, 2005, Post, Ruby & Shaw, 2000, Zunzunegui, 2008) have also written about the phenomenon of cyberterrorism as it relates to Spain, it should be remembered that cyberterrorism, as defined above, has never been witnessed as part of a terrorist attack. Terrorist organisations have not, until now, used the internet and the Web to directly attack physical objects, leading industry experts to declare that cybercrime is conceptually fantastical (while it can be argued that the 9/11 and 11-M attackers used web-based email to coordinate their attacks, internet and Web technologies have not been used to directly perpetrate violent acts). Indeed, the internet security expert Luciano Salellas makes the point that the networks of many high-value targets are not even on the internet: ‘Nuclear installations and their communications strategies are not available on the internet; less than one percent of hackers have the requisite knowledge to cause widespread damage’ (Salellas, 2005: 12).77 While cyberterrorism as defined above has, therefore, never openly been committed by terrorist organisations, some nation states have deemed it appropriate to extend the parameters of the term to encapsulate more facets such as the conduct of behaviour that actively supports the objectives of terrorist organisations. This widening of the definition therefore could include all digital activity carried out by terrorist organisations in the furtherance of their cause, and cyberterrorism, therefore, becomes an eminently more prevalent online phenomenon. Bobbitt alluded to this new conception of cyberterrorism when he argued that: ‘As well as propaganda and ideological material, jihadist sites seem to be heavily used for practical training…since the loss of the Afghan training camps. Sites like Al Battar contain hugely detailed information on how to [conduct kidnappings and] surveillance [and how to fire] rocket propelled grenades. Careful instructions were…posted on one jihadist website on how to use mobile phones as detonators for explosives, as was [done] in Madrid’ (Bobbitt, 2008: 56). Based on Bobbitt’s above assertion, it could be construed that the possession of a Web presence by a terrorist organisation, or Web content that supports or enshrines the objectives of a terrorist organisation is a form of cyberterrorism. Indeed, this very interpretation of terrorism is enshrined in current counter-terrorism legislation, such as that of the United Kingdom: ‘All terrorist groups have an ideology. Promoting that ideology, often through the Internet, facilitates radicalisation and recruitment. Challenging ideology and disrupting the ability of terrorists to promote it is a fundamental part of Prevent…Challenge may mean simply debate about extremist ideas which form a part of terrorist narrative. But where propagandists break the law in encouraging or approving terrorism it must also mean arrest and law enforcement action. And where people seek to enter this country from overseas to engage in activity in support of extremist and terrorist groups we will also use the Home Secretary’s power to exclude them’ (UK Home Office, 2011, emphasis in original). The legislation from the UK Government above highlights that terrorism and the internet is a far more complex and widespread phenomenon than simply committing attacks using internet and Web technologies as tools. Such a conception underscores adherence to the social constructivist understanding of technological development and approach to counter-terrorism. The Spanish Government, however, has not undertaken such measures to incorporate such a definition into law as part of its counter-terrorism strategy. The reason for this might reside in the fact that the national security services already monitor a wide range of internet activity related to terrorist activity (Jordán, 2005), in much the same way as does the UK and France (Garapon, 2005). It can be perceived, if we take Bobbitt’s argument as our starting point, that ETA undertakes cyberterrorist activities as it possesses a strong web presence that details its principal arguments, images and video (ETA Website, 2011). In addition, al-Qaeda has an extensive Web presence that hosts content related to Spain. Al-Qaeda in the Maghreb (AQIM) generates a variety of content relating to Spain and according to the prior definition of cyberterrorism, could be conceived as engaging in this action (Filiu, 2009). Indeed, there is evidence to assert that the al-Qaeda-inspired perpetrators of the 11 March bombings in Madrid used a range of information and communications technologies to carry out their attacks. Web-based electronic mail was used by the attackers to coordinate and synchronise the attacks, as well as mobile phones. Given the above extension of the definition of cyberterrorism, the al-Qaeda cell did indeed engage in cyberterrorism for the purposes of communication, information gathering and reconnaissance. Justin Webster supported this assertion in his analysis of the role played by technology in the perpetration of the 11 March 2004 terrorist attacks in Madrid: “There are many more stories along the timeline which demonstrate just how important the internet was. One early one would be Sahan al Touibithan [who]…as he kept changing groups, and steadily getting into more radical and extremist groups, well, he started off as not very extremist and then ended up being very extremist, but the one point is that he started hanging out with people in the mosques, with more and more closed Muslim groups, and he would take them to use the internet in the university and that was one of the best things he had access to, was to be able to go into an office as a PhD student, sit down at a computer and surf the net and he used to come in the afternoons when the PhD common room was empty, he’d bring his friends there to surf the internet. This was in 1998 when Al-Qaeda made a declaration of war against the United States and the declaration of the Crusade. It was also the year of the bombings in Kenya and Tanzania.”78 Although Webster’s analysis demonstrates the importance of such technologies in the perpetration of the Madrid 2004 terrorist attacks, it is difficult to ascertain whether terrorist organisations have used internet and communications technologies to cause damage in the physical world. One reason for this is that cyber attacks against physical objects are normally carried out anonymously in order to protect the identities of the attacker(s) until such time that the organisation chooses to lay claim to a particular attack. This means that attacks to the electrical systems of certain organisations, for the most part, are indistinguishable from everyday malfunctions.79 The similarity of potential cyberterrorist attacks with general technical malfunction only serves to dilute the terrorists’ main narrative that an act of terror will be perpetrated in order to achieve a specific political goal. In addition, it detracts from the claim by Brian Jenkins which argued that modern terrorism is like theatre (Jenkins, 1974). This postulation, that the internet is an unsatisfactory tool for real-world attacks, was underscored by the VeriSign cybersecurity analyst Stewart Bertram who argued that the internet and the Web are nothing more than a communications node: “[Y]es you could [commit terrorist attacks] over IP but why bother?...it is just a communications node it’s not actually an attack vector…Terrorism on the web is all about people watching and even with Al Qaeda, even though they want lots of people dead, they still want a lot of people watching. So terrorists are not artists, they’re not looking for the most technically convoluted way to do it. They’re just looking for something effective and asymmetric warfare is exactly that you know, improvised explosive devices made of wood and plastic, you know, fertilizer, because you can’t mitigate against that – so that’s counter-intuitive to cyberterrorism.”80 Bertram’s assertion that it is nearly impossible for terrorists to inflict real-world damage using the internet, and is generally used more for pre and post attack uses such as communication, finance, recruitment and information gathering, is also highlighted by Gabriel Weimann at the University of Haifa (2008) as support for the notion that contemporary terrorism is a socio-technological endeavour – a complex entanglement of human social relation technologies - rather than a technologically-determined one. Directory: portal -> files -> 4733003 files -> Impact case study (ref3b) files -> Ethics and Factual Television: a short history files -> P. O. Box 27, 00014 University of Helsinki, Finland tel. 358-9-191 58080 / 22216; fax 358-9-191 58096 / 23008 files -> The impact of a pledge campaign and the promise of publicity: a randomized controlled trial of charitable donations files -> Diversity and Voice: the Political Participation of Young People in the European Union files -> Chapter 15 a voice in Decision Making: young children in Denmark Stig Broström Introduction Download 1.29 Mb. Share with your friends:
|