INTRODUCTION TO

CYBERCRIMES
 Learning Outcomes
By the end of this session you will be able to:
• State the difference between cyber enabled and cyber
dependent crimes
• Outline common cybercrime trends
• Explain the challenges associated with cybercrime
investigations
 Scope

• Cyber enabled and cyber dependent crimes

• Research and trends
• Challenges
• Cybercrime investigations
Cybercrimes Overview
 Definitions
• Cyberspace can be interpreted as the mentally
constructed virtual environment within which
networked computer activity occurs
• Cybercrime broadly describes the crimes that take
place within that space
 Definitions
• Cyber dependent ( <10%)
– Hacks
– DDOS
– Malware
• Cyber enabled ( >90%)
– All crime types
– Use of technology
– Commit or facilitate traditional crimes
Research and Trends
 Current Situation

• Substantial threat to Australia

• Transnational serious and organised criminal syndicates
• Cyber has surpassed the threat of terrorism in USA
• Greatest threat to every company in the world
• Costed approximately $100 Billion to USA economy (2013)
• $400 Billion globally in 2016
• Projected to globally cost $2.1 Trillion in 2019
• Exponentially increasing costs
• Cyber will outgrow ALL other crime types combined
 Current Situation

• Substantial threat to Australia

• Transnational serious and organised criminal syndicates
• Cyber has surpassed the threat of terrorism in USA
• Greatest threat to every company in the world
• Costed approximately $100 Billion to USA economy (2013)
• $400 Billion globally in 2016
• Projected to globally cost $2.1 Trillion in 2019
• Exponentially increasing costs
• Cyber will outgrow ALL other crime types combined
Cybercrime Investigations
 Cybercrime Offences
• Cybercrime against property
– Online Fraud and Forgery
– Identity Crimes and Card Skimming
• Cybercrime against computers (Access / Modification /
Impairment)
– Hack
– Website defacement
– Ransomware
– DDOS / DOS
– Malware
 Cybercrime Offences
• Cybercrime against persons
– Stalking / Intimidation / Bullying / Harassment /
Sextortion / Revenge Pornography offences
• Online Copyright Crimes / Child Pornography /
Grooming / Cyber Terrorism
• Traditional crime facilitated by technology (Clear and
Dark Web)
– Purchase of drugs / firearms / identity documents /
software / illegal services
– Homicide?
Types of Cybercrime Investigations
• General Investigation
• Specialist Technical Investigation
• Intrusion Response
• Social Media Monitoring
• Cryptocurrency Investigations
• Dark Web Investigations
• Proactive Response and disruption
• Covert Intelligence Collection
General Cybercrime Challenges
• Scale (Internet allows communication to over 35% of
global population)
• Accessibility
• Anonymity
• Portability and transferability (portable devices /
phones)
• Absence of capable guardians
Challenges for Cybercrime Investigations
• Resources available
• Encryption
• Transnational nature
• Virtual Currency
• Dark Web
• Ransomware (RAAS)
• Ongoing advancements in Information Technology
• Training
• Raising and sustaining specialist investigators
expertise
 Cybercrime Investigations Referrals
• Referrals for can come from various information
sources:
– Intelligence holdings (Tactical, Operational and
Strategic)
– Local Law Enforcement Offices
– Internal reactive and proactive cybercrime
investigations
– Operations (Search & Seizures / Report from HS)
– Public Reports
– Other Government Agencies
 The Investigation Process
• Detecting that a crime has been committed and responding
to it
• Identifying the resources needed and requesting them
• Identifying where the crime took place, then preserving and
examining the crime scene
• Identifying and prioritising subsequent inquiries as a result
of the initial response
• Identifying witnesses and victims and obtaining their best
evidence
• Identifying techniques that may provide additional evidence
• Identifying suspect/s using a plan and checking alibis
• Compiling a detailed brief of evidence
• Preparing for the judicial process
How to Conduct an Investigation?

• What do we know?

• What do we need to know?

• How are we going to find out?

 Obtaining Evidence
Ideally EVIDENCE should be obtained through:
• Forensically extracted from a device (i.e. Cellebrite, ADF Triage, etc)
• Obtained through a search & seizure
• Obtained through an MLAT (Preservation Order)
• Obtained through other procedural
method
• Interview with victims / witnesses
• Interview with a suspect
• OSINT collected to an evidentiary standard
 Investigation Priorities
• Law enforcement preliminary assessments/investigations
– How available resources are deployed
– Whether particular lines of inquiry should be followed
– Whether certain crimes should be prosecuted
• Law Enforcement duty is primarily to:
“... Investigate whether there has been a breach of the law
for which an identifiable person might be convicted if
prosecuted...”
• Give due and proper consideration into initial inquiry
• Acts appropriately on view formed
• If, after initial investigation, there appears to be no serious
prospect of conviction against an identifiable person, quite
reasonable decision to not pursue any further
 Cybercrime Investigators

Specialise in:

• OSINT

• Cryptocurrency

• Dark Web
Summary
 Main Points

• Cyber enabled and cyber dependent crimes

• Research and trends
• Challenges
• Cybercrime investigations
QUESTIONS?
 Revision

• What is the definition of a cyber enabled crime?

• Name two types of cyber dependent crimes?

FINAL QUESTIONS?