ebook img

Combatting Cybercrime: Tools and Capacity Building for Emerging Economies PDF

484 Pages·2017·11.36 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Combatting Cybercrime: Tools and Capacity Building for Emerging Economies

Combatting Cybercrime Tools and Capacity Building for Emerging Economies Page 1 | Chapter 1 | § Table of Contents Combatting Cybercrime Tools and Capacity Building for Emerging Economies Some Rights Reserved This work is a co-publication of The World Bank and the United Nations. The fndings, interpretations, and conclusions expressed in this work do not necessarily refect the views of The World Bank, its Board of Executive Directors, or the governments they represent, or those of the United Nations. The World Bank and the United Nations do not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank or the United Nations concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be considered to be a limitation upon or waiver of the privileges and immunities of The World Bank or the United Nations, all of which are specifcally reserved. Rights & Permission This work is available under the Creative Commons Attribution 3.0 IGO license (CC BY 3.0 IGO) http://creativecommons.org/licenses/by/3.0/igo. Under the Creative Commons Attribution license, you are free to copy, distribute, transmit, and adapt this work, including for commercial purposes, under the following conditions: Attribution — Please cite the work as follows: World Bank and United Nations. 2017. Combatting Cybercrime: Tools and Capacity Building for Emerging Economies, Washington, DC: World Bank License: Creative Commons Attribution 3.0 IGO (CC BY 3.0 IGO). Translations — If you create a translation of this work, please add the following disclaimer along with the attribution: This translation was not created by the World Bank the United Nations and should not be considered an offcial World Bank or United Nations translation. Neither the World Bank nor the United Nations shall be liable for any content or error in this translation. Adaptations — If you create an adaptation of this work, please add the following disclaimer along with the attribution: This is an adaptation of an original work by The World Bank. Views and opinions expressed in the adaptation are the sole responsibility of the author or authors of the adaptation and are not endorsed by The World Bank. Third Party Content — The World Bank and/or the United Nations do not necessarily own each component of the content contained within the work. The World Bank and the United Nations therefore do not warrant that the use of any third-party-owned individual component or part contained in the work will not infringe on the rights of those third parties. The risk of claims resulting from such infringement rests solely with you. If you wish to re-use a component of the work, it is your responsibility to determine whether permission is needed for that re-use and to obtain permission from the copyright owner. Examples of components can include, but are not limited to, tables, fgures, or images. All queries on rights and licenses should be addressed to the World Bank Publications, The World Bank, 1818 H Street, NW, Washington, DC, 20433; USA; email: Acknowledgments Tis Toolkit was developed under a project, Combating Cybercrime: Tools and Capacity Building for Emerging Economies (Project), fnanced by a grant from the Korean Ministry of Strategy and Finance under the Korea- World Bank Group Partnership Facility (KWPF) Trust Fund. Te team gratefully acknowledges fnancial support from the Korean Ministry of Strategy and Finance that made this Project possible. The Project team was headquartered in the World Bank, and Marco Obiso, Preetam Maloor and Rosheen Awotar-Mauree included the following participating organizations: the Council of ITU; Francesca Bosco and Arthur Brocato of UNICRI; Sadie of Europe (CoE), the International Association of Penal Law Creese, Eva Ignatuschtschenko and Lara Pace of Oxford; Cecile (AIDP), the International Telecommunication Union (ITU), the Barayre of UNCTAD; Alexander Seger and Betty Shave of CoE; Korea Supreme Prosecutors Offce (KSPO), the Oxford Cyber- and Neil Walsh, Dimosthenis Chrysikos and Bilal Sen of security Capacity Building Centre (Oxford), the United Nations UNODC. Conference on Trade & Development (UNCTAD), the United The Team would also like to express its gratitude to peer Nations Interregional Crime and Justice Research Institute reviewers, Professor Ian Walden, Queen Mary University of (UNICRI) and the United Nations Offce on Drugs & Crime London, and Steven Malby of the Commonwealth. The team (UNODC). is also grateful for the time, consultations and valuable inputs The Project team at the World Bank was led by David Satola received from staff at INTERPOL’s Global Complex for and included Seunghyun Bahn, Evarist Baimu, Nigel Marc Innovation in Singapore including Madan Oberoi, Mustafa Bartlett, Jinyong Chung, Conrad C. Daly, Heike Gramckow, Erten, Steve Honiss, Silvino Schlickmann and Tomas Herko. Theodore Christopher Kouts, Clay Lin, Rishabh Malhotra, James The Toolkit and Assessment Tool were also the subject of several Neumann, Marco Nicoli, Diana Norman, Elizabeth Anne Norton, consultation events, conferences and workshops held at or with Seunghwan Park, Sandra Sargent, Dolie Schein, Hyunji Song, the sponsorship of the CoE, Europol, INTERPOL, ITU, the Korea Emilio C. Viano, Georgina Weise, Christiaan van der Does de Institute of Criminology, UNCTAD, UN and Central Bank of Willebois, Stuart Yikona, Keong Min Yoon and Tamika Zaun. Qatar. The team thanks the participants in all of these events The Team owes a special debt of gratitude to Hyunji Song, for and at these organizations for the opportunities to raise her unfagging commitment and contributions to this project awareness of this Project and for helpful comments and too numerous to mention here. Without her research and suggestions. organizational skills, initial drafting efforts and intellectual The team apologizes to any individuals or organizations guidance, this Project could not have been realized. inadvertently omitted from this list. The contributions of the following people from the participating The Toolkit, Assessment Tool, and Website designed and organizations are recognized. From KSPO, Youngdae Kim, developed by Informatics Studio: www.informatics-studio.com. Seokjo Yang, Heesuk Lee and Seungjin Choi. Luc Dandurand, Foreword Advances in technologies over the last 20 years have afected virtually every aspect of the way we live and conduct our daily lives. While these technologies have been a source of good and enabled social and economic progress around the world, hardly a day goes by without news of yet another cyberattack, or the use of technology in the commission of crime. Here, at the World Bank, we know that in order for technologies, including the internet, to continue to be used as a force for economic growth and development, measures must be taken to ensure the security of the internet and the data and communications that fow over it. Tis book, Combatting Cybercrime: Tools and Capacity Building for Emerging Economies, is an important contribution to the global efort for a safe, secure and equitable internet. It focuses on building the human capacity of policy-makers, legislators, judges, lawyers, prosecutors, investigators and civil society on the various legal issues that comprise the fght against cybercrime. Tough focusing on legal matters, Combatting Cybercrime recognizes that the challenge is much larger, and, accordingly, builds from the perspective that an efective response to ever-more sophisticated cybercrime requires a multidisciplinary, multi-stakeholder, public-private approach. In addition to serving as a resource in the traditional sense, Combatting Cybercrime includes an online Assessment Tool that enables countries to more accurately identify priority areas, that facilitates a focused and targeted allocation of scarce, capacity-building resources. Much like the collective approach that is required to fght cybercrime, Combatting Cybercrime is also the result of a collective efort among some of the key global and regional organizations, both public and private, whose expertise and experience are synthesized in this book. I would like to thank the organizations and their staf who contributed to this important work, as well as the Government of Korea for its generous funding and leadership in this area that made Combatting Cybercrime possible. It is our collective hope that Combatting Cybercrime will be a useful resource in building capacity on these key legal issues in the global fght against cybercrime, and would invite readers to consult the project website for updates. Te Toolkit, the Assessment Tool and a library of pertinent sources can be found and freely accessed at www.combattingcybercrime.org. Sandie Okoro Senior Vice President and General Counsel Te World Bank Table of Contents 1. Introductory Part 10 6. Capacity-Building 225 An overall introduction to the Toolkit, View An overview of capacity-building issues View highlighting some of the main the issues around for policy makers and legislators, law Print Print cybercrime and describing some of the main enforcement, consumers and cooperation challenges to fghting cybercrime. with the private sector. 2. Foundational Considerations 64 7. In-country Assessment Tool 268 An overview describing what is meant by View An overview of various existing tools to assess View “cybercrime” and the discusses what “basics” cybercrime preparedness and an introduction of Print Print regarding procedural, evidentiary, jurisdictional the Assessment Tool enabling users to determine and institutional issues. gaps in capacity and highlight priority areas to direct capacity-building resources. 3. National Legal Frameworks 157 8. Analysis & Conclusion 276 An overview of substantive criminal aspects View Concluding thoughts on evolving good View of cybercrime and how they are expressed in practices in combatting cybercrime. Print Print national legal frameworks. 4. Safeguards 170 9. Appendices 282 An overview examining procedural View View “safeguards” of due process, data protection/ Print Print privacy and freedom of expression as they relate to cybercrime. 5. International Cooperation 193 10. Bibliography 407 An introduction to both formal and informal View View aspects of international cooperation to Print Print combat cybercrime. Abbreviations & Acronyms ACHPR African Commission on Human and Peoples’ Rights EAC East African Community ACHR American Convention on Human Rights EaP EU Eastern Partnership AI Artifcial Intelligence EC3 European Cybercrime Centre ALADI Asociación Latinoamericana de Integración ECHR European Convention on Human Rights AML Anti-money Laundering ECJ European Court of Justice AP-CERT Asia Pacifc Computer Emergency Response Team ECtHR European Court of Human Rights APEC Asia-Pacifc Economic Cooperation ECOWAS Economic Community of West African States ASEAN Association of Southeast Asian Nations ECTF US Secret Service Electronic Crimes Task Force ATM Automated Teller Machine EJN European Judicial Network BEC Business Email Compromise ENISA European Network and Information Security Agency CCI Commonwealth Cybercrime Initiative EU European Union CCIPS Computer Crime and Intellectual Property Section EUISS EU Institute for Security Studies CCPCJ Commission on Crime Prevention and Criminal EUROJUST EU Judicial Cooperation Unit Justice EUROPOL European Police Offce CERT C omputer Emergency Response Team (or FBI US Federal Bureau of Investigation Computer Emergency Readiness Team) FOI Freedom of Information CETS Child Exploitation Tracking System G8 Group of Eight CFTT Computer Forensics Tool Testing GCA ITU Global Cybersecurity Agenda CIRT Computer Incidence Response Team GCI ITU Global Cybersecurity Index CIS Commonwealth of Independent States GCSCC G lobal Cyber Security Capacity Centre (Oxford CJEU Court of Justice of the European Union University’s Martin School) COMESA Common Market for Eastern and Southern Africa GLACY G lobal Action on Cybercrime (CoE & EU) CoE Council of Europe GLACY+ G lobal Action on Cybercrime Extended (CoE & COMSEC Commonwealth Secretariat EU) cPPP Contractual Public-Private Partnership GPEN Global Prosecutors E-crime Network C-PROC CoE Cybercrime Programme Offce GPS Global Positioning System CSIRT Computer Security Incident Response Team HIPCAR H armonization of ICT Policies, Legislation and CSIS Center for Strategic and International Studies Regulatory Procedures in the Caribbean CTO C ommonwealth Telecommunications Organisation HIPSSA Harmonization of ICT Policies in Sub-saharan Africa DC3 US Defense Cyber Crime Center IADB Inter-American Development Bank DDBMS Distributed Database Management System IAP International Association of Prosecutors DDoS Distributed Denial of Service IAPL International Association of Penal Law DEA US Drug Enforcement Agency IBRD I nternational Bank for Reconstruction and Development DHS US Department of Homeland Security IC3 Internet Crime Complaint Center DNS Domain Name System ICB4PAC Information and Communications Capacity DoD US Department of Defense Building for Pacifc Island Countries DoJ US Department of Justice ICCPR International Covenant on Civil and Political Rights DoS Denial of Service ICT Information and Communication Technology E2EE End-to-end Encryption IDCC INTERPOL Digital Crime Centre IoE Internet of Everything PPP Public-Private Partnership IGCI INTERPOL Global Complex for Innovation R&I Research and Innovation IGO Intergovernmental Organization RTI Right to information INTERPOL International Criminal Police Organization RICO US Racketeer Infuenced Corrupt Practices Act IOSCO I nternational Organization of Securities SADC Southern African Development Community Commissions SAR Suspicious Activity Reporting IoT Internet of Things SCO Shanghai Cooperation Organization IP Internet Protocol SDG Sustainable Development Goa iPROCEEDS C ooperation on Cybercrime under the Instrument SELA E l Sistema Económico Latinoamericano y del of Pre-accession (IPA) Caribe ISAC Intelligence Sharing and Analysis Center SIM Subscriber Identifcation Modulel ISP Internet Service Provider SME Small & Medium Sized Enterprise IT Information Technology SMS Short Message Service ITU International Telecommunication Union SNS Social Networking Service J-CAT Joint Cybercrime Action Taskforce SQL Structured Query Language JIT Joint Investigation Team SQLi Structured Query Language Injection JPIIT K SPO’s Joint Personal Information Investigation SWIFT S ociety for Worldwide Interbank Financial Team Telecommunication KSPO Korean Supreme Prosecutor’s Offce T-CY CoE Cybercrime Convention Committee MA Mutual Assistance Tor The Onion Router MLA Mutual Legal Assistance UDHR Universal Declaration of Human Rights MLAT Mutual Legal Assistance Treaty UK-CERT UK Computer Emergency Response Team MSN Microsoft Service Network UN United Nations NCA UK National Crime Agency UNAFEI U N Asia and Far East Institute for the Prevention NCB National Central Bureau of Crime and the Treatment of Offenders NCCIC U S National Cybersecurity and Communications UNCITRAL UN Commission on International Trade Law Integration Center UNCTAD UN Conference on Trade and Development NCFTA National Cyber-Forensics & Training Alliance UNESCO U N Educational, Scientifc and Cultural NCIJTF F BI’s National Cyber Investigative Joint Task Force Organization NCRP National Central Reference Points UNHRC UN Human Rights Council NCS National Cybercrime Strategy UNICRI U N Interregional Crime and Justice Research Institute NIST U S National Institute of Standards and Technology UNODC UN Offce on Drugs and Crime NSA US National Security Agency USB Universal Serial Bus OAS Organization of American States US-CERT US Computer Emergency Response Team OCSI UK Offce of Cyber Security and Information USSS US Secret Service OECD O rganization for Economic Co-operation and Development VoIP Voice-over Internet Protocol OECS Organization of Eastern Caribbean States VPN Virtual Private Network OSCE Organization for Security and Co-operation in VR Virtual Reality Europe WDR W orld Bank World Development Report: Digital OTP One-time Pad Dividends (2016) P2P Peer-to-peer WEF World Economic Forum PIN Personal Identifcation Number WSIS World Summit on Information Society CHAPTER 1 Intrtcudo ro y Part This chapter sets the stage for the rest of the Toolkit. It proiv des an oev rall introduction to the Toolkit , highlights some of the main the issues around cybercrime and describes some of the main challenges to g� hting cybercrime. In this Chapter A. Purpose of Toolkit 11 B. Phenomenon & Dimensions of Cybercrime 15 C. Challenges to Fighting Cybercrime 27 D. Framework for a Capacity-building Program 45 Page 10 | Chapter 1 | Introductory Part

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.