Professional Documents
Culture Documents
Cybercrime Investigations A Comprehensive Resource For Everyone 1St Edition John Bandler Full Chapter PDF
Cybercrime Investigations A Comprehensive Resource For Everyone 1St Edition John Bandler Full Chapter PDF
https://ebookmass.com/product/research-project-management-and-
leadership-a-handbook-for-everyone-paprica/
https://ebookmass.com/product/cognitive-processing-therapy-for-
ptsd-a-comprehensive-manual-1st-edition/
https://ebookmass.com/product/op-amps-for-everyone-5th-edition-
carter-b/
https://ebookmass.com/product/inquiry-and-leadership-a-resource-
for-the-dnp-project-1st-edition-ebook-pdf/
Xero : A Comprehensive Guide for Accountants and
Bookkeepers 1st Edition Amanda Aguillard
https://ebookmass.com/product/xero-a-comprehensive-guide-for-
accountants-and-bookkeepers-1st-edition-amanda-aguillard/
https://ebookmass.com/product/saunders-comprehensive-review-for-
the-navle-1st-edition/
https://ebookmass.com/product/comprehensive-clinical-
nephrology-6th-edition-john-feehally/
https://ebookmass.com/product/cybercrime-investigators-handbook-
graeme-edwards/
https://ebookmass.com/product/the-third-sector-as-a-renewable-
resource-for-europe-1st-ed-edition-bernard-enjolras/
Cybercrime Investigations
Cybercrime Investigations
A Comprehensive Resource for Everyone
John Bandler
Antonia Merzon
First edition published 2020
by CRC Press
6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742
and by CRC Press
2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN
© 2020 Taylor & Francis Group, LLC
CRC Press is an imprint of Taylor & Francis Group, LLC
International Standard Book Number-13: 978-0-367-19623-3 (Hardback)
International Standard Book Number-13: 978-1-003-03352-3 (eBook)
Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot
assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers
have attempted to trace the copyright holders of all material reproduced in this publication and apologize to
copyright holders if permission to publish in this form has not been obtained. If any copyright material has not
been acknowledged please write and let us know so we may rectify in any future reprint.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted,
or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including
photocopying, microfilming, and recording, or in any information storage or retrieval system, without written
permission from the publishers.
For permission to photocopy or use material electronically from this work, access www.copyright.com or contact
the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works
that are not available on CCC please contact mpkbookspermissions@tandf.co.uk
Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for
identification and explanation without intent to infringe.
Library of Congress Cataloging-in-Publication Data
To my wonderful family.
A.M.
Contents
About the Authors................................................................................................................xxi
Acknowledgments...............................................................................................................xxiii
vii
viii Contents
Chapter 9 Civil and Regulatory Implications of Cybercrime: Cyberlaw in the Civil and
Regulatory Sectors ...........................................................................................153
9.1 Introduction............................................................................................153
9.2 Attorney–Client Privilege........................................................................153
9.3 Civil Lawsuits against Cybercriminals: Actions for Intentional Torts .....154
9.4 “Hacking Back”: Intentional Acts by Cybercrime Victims that Could
Incur Liability .........................................................................................155
9.5 Cybercrime Statutory Causes of Action..................................................156
9.6 Negligent Cyber Torts: The Reasonable Person and the Standard of
Care ........................................................................................................157
9.6.1 Negligence that Directly Causes the Harm ..................................157
9.6.2 Negligence that Allows the Commission of a Crime by a Third
Party ............................................................................................158
9.6.2.1 Theft of Automobile ......................................................159
9.6.2.2 Premises Liability...........................................................159
9.6.2.3 Cybercrime Liability ......................................................159
9.7 Actions under Contract Law...................................................................160
9.7.1 Cyber Insurance Policies ..............................................................162
9.8 Civil Actions for Asset Forfeiture by the Government ............................162
9.8.1 Federal and State Laws ................................................................162
9.8.2 Temporary Restraining Orders (TROs)........................................163
9.8.3 Burden of Proof ...........................................................................163
9.9 General Civil Laws and Regulations Regarding Cybersecurity and
Privacy ....................................................................................................164
9.9.1 Data Disposal Laws and Rules ....................................................165
9.9.2 Information Security Laws...........................................................165
9.9.3 Data Breach Notification Laws....................................................166
9.9.4 Privacy Laws and Who Enforces Them .......................................166
9.9.4.1 FTC and State Attorneys General .................................167
9.9.4.2 GDPR............................................................................167
9.9.4.3 California Consumer Privacy Act ..................................168
9.9.4.4 Colorado Protections for Consumer Data Privacy Act
(PCDPA)........................................................................168
9.10 Civil Laws and Regulations for Specific Sectors......................................168
9.10.1 Financial Sector .........................................................................169
9.10.1.1 GLBA: Gramm-Leach-Bliley Act ................................169
9.10.1.2 FFIEC and SEC Requirements....................................169
9.10.1.3 New York Information Security Requirements for the
Financial Sector ...........................................................170
9.10.2 Health Sector Regulations: HIPAA and HITECH.....................170
9.11 Conclusion..............................................................................................170
xiv Contents
Chapter 17 Apprehending the Suspect and the Investigation that Follows .........................285
17.1 Introduction............................................................................................285
17.2 Charging Decisions .................................................................................285
17.2.1 Methods for Charging a Suspect ................................................286
17.2.2 “Sealing” Charges versus Publicizing Them...............................287
17.3 Interstate Procedures for Arresting and Extraditing Defendants ............287
17.4 International Procedures for Arresting and Extraditing Defendants.......289
17.5 Arrest Strategies and the Hunt for Evidence...........................................290
17.6 A Successful Arrest Does Not Mean “Case Closed”...............................291
17.7 Conclusion..............................................................................................292
19.6 The Civil Lawsuit and the Role of the Investigation ...............................320
19.7 Arbitration..............................................................................................322
19.8 Conclusion..............................................................................................323
Index....................................................................................................................................326
About the Authors
John Bandler and Antonia Merzon served together as Assistant District Attorneys at the
New York County District Attorney’s Office (DANY), hired by the legendary Robert Mor-
genthau. They investigated and prosecuted a wide variety of criminal offenses, ranging from those
that garnered headlines to the many that received little attention but were equally essential for the
administration of justice and protection of the public. Antonia founded and led the Identity Theft
Unit (since renamed the Cybercrime and Identity Theft Bureau), recruiting John as an early
member. The unit’s work quickly revealed the close connection between identity theft and cyber-
crime, and brought amazing cases, including the Western Express case, which you will read about.
As Unit Chief, Antonia supervised the work of hundreds of prosecutors and thousands of investi-
gations, guiding and developing both people and cases. This fledgling unit with scarce resources
did terrific work in a new and evolving area of crime. Eventually, their service at DANY came to
an end, and they share their expertise now as lawyers and consultants in a variety of areas.
Their experiences during and after DANY are what convinced them to write this book
together.
John Bandler runs a law firm and a consulting practice that helps organizations and individuals
with cybersecurity, cybercrime investigations, and anti-money laundering efforts among other
areas. Before becoming a prosecutor, he served as a State Trooper in the New York State Police
for eight years, assigned to one of the state’s busiest stations that provided full police services to
the local community. While serving in the State Police he attended law school at night at Pace
University School of Law, and upon graduating he went to work for Mr. Morgenthau. Since
leaving government service he has represented a range of clients, from individuals to banks, on
many issues ranging from cybersecurity, privacy, anti-fraud, and threats. John is admitted to
the bars of New York, Connecticut, and Washington D.C., holds a number of certifications,
and writes, lectures, and teaches on law, cybersecurity, cybercrime, and more.
Antonia Merzon provides legal and consulting expertise related to security, investigations,
and law enforcement, especially as they intersect with the worlds of law, technology, privacy,
and fraud. She graduated from Fordham University School of Law and then was hired by
Mr. Morgenthau. During her time at DANY, she built the new Identity Theft Unit that
investigated and prosecuted cybercrime and virtual currency money laundering – before
these areas were in the public awareness – and developed the unit’s digital forensic and
investigative capacity. Cybercrime and traditional investigations are among her specialties,
including developing best practices. She also is an expert on a diverse array of investigation
and litigation best practices for law enforcement, including the use of body-worn cameras,
eyewitness identification, and the electronic recording of custodial interrogations.
John Bandler
New York, NY
Antonia Merzon,
Boulder, Colorado
April, 2020
Part I
Understanding Cybercrime,
Computers, and Cybersecurity
1 The Need for Good
Introduction
Cybercrime Investigators
• You
• Law enforcement of all types: police, investigators, agents, prosecutors, analysts
• Those in the private sector investigating or dealing with cybercrime
• Regulators
• The technically skilled and those who are not
• Beginning cyber investigators, intermediate, and even experienced looking for
a comprehensive view
• Lawyers and non-lawyers.
At the start of each chapter, we will identify the type of cybercrime investigator for
whom that chapter is primarily intended. Cybercrime investigators do not just have the
title of “investigator”. They come from many jobs and backgrounds – lawyers and non-
lawyers; technical experts and technical beginners; experienced traditional investigators
who are learning about cybercrime, and investigators whose only experience is with
cybercrime; law enforcement agents, industry regulators, and members of the private
sector; and students and trainees just starting out. Given this diversity of backgrounds,
we recognize that some readers might read the book straight through, and some might
skip chapters because they are working on a time-sensitive matter, or because existing
skill sets make certain chapters less critical. That said, we think you will get something
out of every chapter.
1. We all can investigate cybercrime. Cybercriminals are running amok online partly
because of the misconception that only specialized investigators with vast techno-
logical resources can work these cases. Tech skills and gadgets are great to have,
but they are, by no means, a requirement for handling a cyber investigation.
3
4 Cybercrime Investigations
Bottom line: the common preconception that cybercrime is too difficult to investigate is
wrong. Every case can and should be investigated. Every investigator can take positive steps
to solve a case. Instead of looking at a cyber incident and assuming there is not much that
can be done, we can use these core truths about cybercrime to frame a plan of action.
Cybercrime is a relatively new phenomenon. Malicious actors no longer need to be in
the immediate vicinity of their victims, but can attack and steal remotely, even from abroad.
The reach of the Internet means cybercrime is a safety and security problem for every com-
munity, industry, business, and law enforcement agency – large or small.
Investigating cybercrime is an even newer endeavor than cybercrime itself, and because it
involves technology, it can seem daunting to many investigators and victims. How do you
start investigating when one of these incidents happens? How do you figure out who did it
when the perpetrator is hiding online? What do you do with a crime that seems to lead
across the country, let alone around the world?
When we first started working on cybercrime cases as prosecutors, we had the same
questions. We did not come to this work from a tech background, and we often had min-
imal resources available. But through time, effort, and creativity we learned how to find the
answers. We learned that cybercrime can be investigated, offenders can be found, and cases
can be successfully prosecuted.
We wrote this book to share this knowledge with you, and to inspire more people to
become cybercrime investigators – especially those who might think cybercrime is too chal-
lenging to take on.
We understand that, in some places, law enforcement and private security lack experi-
ence, training, and resources when it comes to cybercrime. That is another reason we wrote
this book. We want to give any interested investigator the knowledge and tools to handle
these cases. As cybercrime continues to grow, we need more investigators on the frontlines
ready, willing and able to take it on. There are concrete steps that every investigator can
take to tackle cybercrime. This book is designed to make these steps understandable and
doable for investigators everywhere.
Why is it so important to bolster the investigative response to cybercrime? Let’s look at
some of the major repercussions of cybercrime in today’s world.
moved in stored-value cards (like gift cards), criminal proceeds funneled through
multiplayer video games – these are some of the methods cybercriminals use, along
with more traditional money laundering mechanisms. Once proven successful, these
techniques are adopted not just by cyber thieves, but by other criminals looking to
conduct illicit transactions, such as child pornographers, narcotics dealers, and
terrorists.
• Stalking, Revenge, and Harassment. Stealing is not the only form of cybercrime –
the Internet is used to commit a wide variety of crimes meant to harass, stalk,
menace, or otherwise target specific individuals. The increasingly sophisticated
methods used to conduct these crimes are capable of inflicting tremendous, ongoing
harm to victims. The scenarios range from teen sexting to cyber-revenge acts dir-
ected at employers, intimate partners, and political figures – and often require
a response from a combination of law enforcement and private sector investigators.
• Civil Liability and Regulation. The scourge of cybercrime has an enormous impact
on both our civil law and regulatory systems. When cybercriminals steal funds or
data, injured victims may use the civil legal system to seek redress, including for
cybersecurity negligence. Government regulators create and enforce rules that deal
with the real threats that cybercrime presents to sensitive data and online
commerce.
This book discusses all of these topics, and many other pressing issues around cybercrime,
in a manner designed to help every kind of investigator find useful information.
• Law Enforcement
Law enforcement, including police, federal law enforcement, and prosecutors, receive thou-
sands of cybercrime reports every year from individual and corporate victims. When state
and local police investigate cybercrimes, along with prosecutors, it is usually because they
get the first calls when local residents are victimized. Traditionally, more complex cases are
tackled by federal law enforcement agencies (such as the FBI, U.S. Secret Service, and
Department of Homeland Security) and federal prosecutors. These agencies use monetary
thresholds and other criteria to take on a select number of investigations. Some state Attor-
ney General’s offices also handle “bigger” cybercrime cases. A few local District Attorneys’
(DA) offices handle significant cybercrime cases, as we did while working at the Manhattan
DA’s office. But the truth is, the vast majority of cybercrimes go uninvestigated.
One of this book’s goals is to change the way investigators look at cyber cases. Historic-
ally, investigators have categorized cases too quickly as being “local” or “small”, only real-
izing, after some investigation, that they are really one piece of a larger scheme. Nowadays,
all police agencies, whether an enormous department like the New York City Police Depart-
ment, or a small-town force with fewer than 20 sworn officers, will be called upon to take
a cybercrime complaint and conduct an initial investigation – actions that may lead to
uncovering larger, additional crimes. Since these investigations normally require prosecutor-
ial assistance, it is essential that prosecutors in local DAs’ offices also know how to
6 Cybercrime Investigations
investigate cybercrime. As we explain in this book, when a “small” case turns out to be
part of a big scheme, there are many choices investigators can make about how to proceed –
including identifying and collaborating with agencies that have the resources to assist with
or take on a broader investigation. Of course, the objective is always to better investigate,
identify, and prosecute those responsible for cybercrime.
Not all investigations of cybercrime are conducted for the purpose of criminal prosecution.
Federal regulators and state Attorneys General investigate cybercrime to determine whether
consumer protection laws have been violated, or to ensure compliance with industry regula-
tions. These regulatory investigations often focus on specific aspects of cybercrime that fall
under the agencies’ authority – such as ensuring private sector compliance with cybersecur-
ity, privacy, and data breach notification laws, or taking legal action when companies fail to
comply with laws or regulations.
• Private Sector
Many cybercrime investigations are undertaken by individuals and businesses who fall
victim to cybercrime, then want to know how it happened, who was responsible, and what
has to be done to prevent further harm. An increasing number of these investigations are
prompted by laws and regulations that require victimized businesses to investigate and
report cybercrime, including financial institutions, health care services, and businesses of all
sizes.
The goals of a private sector investigation may diverge from those of law enforcement
and government regulators. For example, businesses damaged by cybercrime may be con-
cerned about how to apportion legal responsibility among themselves for settlement or
insurance purposes. Even when law enforcement conducts an investigation, private entities
may investigate as well. At times, private sector resources and access to information can
greatly assist law enforcement, providing benefits to both groups.
Private sector investigations might be conducted in-house or might require the hiring
of specialized firms or individuals. The decision about who should investigate within
the private sector depends upon the size of the organization, circumstances, and
resources.
In Part II, we review the laws and rules about cybercrime and gathering evidence. It is
hard to conduct an investigation if you do not know what facts might be relevant and how
the legal process might play out. First, we provide an introduction to criminal and civil law.
Our intention here is to demystify central legal concepts and explain them in straightfor-
ward terms. Next, we look at the criminal statutes defining cybercrime. There is no “crime”
in cybercrime unless there is a statute prohibiting an act; thus, an important part of
a successful criminal investigation is focusing on the correct criminal charges to pursue.
Then, we examine the tools used by law enforcement to find and collect evidence of cyber-
crimes, while describing the restrictions our legal system imposes to protect privacy and
regulate government action. We also discuss the civil and regulatory implications of cyber-
crime, as government and business face increasing regulatory and security standards for
handling cyber threats. Part II includes an overview of cyber actions committed by nation-
states or terrorists, recognizing that some investigations may reveal these national cyber
threats.
Part III focuses on conducting a cyber investigation. After first looking at the broader
objectives and strategies of any cyber investigation, we devote individual chapters to investi-
gations performed within the private sector, by law enforcement, and by regulators. This
part also provides in-depth discussion of some of the key investigative methods and stages
in a cyber investigation – including the cyclical investigative process, open-source investiga-
tion, obtaining records and analyzing them, investigations into financial activity and money
laundering, uncovering cybercriminals’ true identities, and locating and apprehending sus-
pects once they are identified (within the United States and internationally).
Part IV explains how a cyber investigation plays out in the context of litigation. From
the perspectives of both criminal and civil cases, we look at how an investigator’s methods
and results are presented and dissected in court. Knowing how an investigation might even-
tually be used in litigation can enable better investigative decision-making.
Anecdotes. We also include interesting anecdotes throughout the text, including several
from our years spent as Manhattan prosecutors.
Cartoons and diagrams. The text of the book is illustrated by numerous diagrams and
cartoons. We offer these visual aids in order to present complex concepts in a digestible
format and to make the material easier to remember. As they say, a picture is worth
a thousand words, as depicted in Figure 1.1.
8 Cybercrime Investigations
2.1 INTRODUCTION
Before we can dive into learning how to investigate “cybercrime”, and all the underlying
law and technology, we need to understand the term itself. What activities are considered
a cybercrime? Who is committing these offenses? And what about the Internet has allowed
a criminal ecosystem to flourish? This chapter gives an overview of these fundamental
questions.
Very few cybercrimes consist of a single illegal act, even though a single act is all
a particular investigator may encounter.1 This chapter provides the context for individual
cybercrimes so that investigators can begin to see how a single event often fits into a larger
picture. While this world of cybercrime is relatively new, it is still just another form of
crime that needs to be investigated. It is important for investigators to realize that trad-
itional investigative skills are essential in cybercrime cases. This chapter also will discuss
comparisons between “street crimes” and “cybercrimes”, including traditional investigation
concepts that translate well to the investigation of cybercrime and some that need to be
adapted.
1
As we mentioned in the introduction, we use the term “investigator” not just for those with specific job titles, but
for all of those involved with investigating a cybercrime.
9
10 Cybercrime Investigations
Damaging someone’s property is unlawful, whether it is with a rock through the window, or
by tampering with their computer system.
When learning about various cybercrimes, and when investigating a new incident, it can
be helpful to think about what the same situation would look like in the physical world.
Was something stolen? Was someone hurt or something damaged? Was there an illegal sale
or purchase of stolen property or contraband? Framing your analysis in these terms can
make it easier to see past the technicalities of how the crime was committed, to what actu-
ally occurred. In addition, although a crime is “cyber” in nature, it inevitably has compo-
nents in the physical world (people, money, locations). Identifying those connections can be
helpful in understanding the nature of a cyber incident.
Here is a list of Internet-related activities that generally fall under the umbrella of cyber-
crime. In Chapter 6, we will cover the statutes outlawing this conduct.
We will describe these categories briefly to give you an overall sense of what actions each
one entails.
2
Firmware is a form of software that provides a basic operating system for computing components such as routers
and printers.
What Is Cybercrime and Why Is It Committed? 11
infected botnets and is called a distributed denial-of-service (DDOS) attack. In some instances,
criminals simply threaten these attacks to extort payments from a business’ worried owner. And
as discussed in Chapter 8, there have been DOS attacks for political reasons, such as the 2007
cyberattacks on the government of Estonia.
Identity theft and impersonation are hallmarks of cybercrime. Assuming the identity of another
person is both a crime in and of itself, and a tool used to commit numerous other cybercrimes.
Identity theft usually involves the use of another person’s identity and identifying information to
accomplish some criminal purpose, such as to gain use of the victim’s Internet accounts, financial
accounts, or medical insurance. In addition, cybercriminals often use stolen identities to create
new Internet and financial accounts unbeknownst to the victim. The ultimate goals are to steal
money, goods, or services, and to operate online under another person’s name and identifiers.
Identity theft operates on the same principles in the cyber realm as in the physical world.
Whether a criminal obtains a victim’s identifiers by illegally accessing his computer or by
stealing his wallet, the general steps to assume his identity and commit frauds are the same.
Identity theft schemes are many and diverse and include credit card fraud, check fraud,
and account takeovers. Synthetic identity fraud is a close relative, but instead of assuming
an actual person’s identity, the criminal creates a fictitious identity using a combination of
fake and stolen information.
Much like cybercrime, identity theft presents investigative challenges. Prosecutors and gov-
ernments hoping to crack down on cybercrime must address identity theft, because it so often
is the gateway to cyber schemes. Seemingly low-level crimes (like credit card fraud and check
fraud) are tied to cybercrime. These identity theft crimes can be lucrative with much lower risk
of apprehension than street crimes. If caught, the punishment is usually less, making identity
theft an attractive area of criminality for street criminals. It was through attention to identity
theft cases during our time with Mr. Morgenthau’s office that our unit successfully brought
many local cases, and also groundbreaking international cybercrime cases.3
3
Robert Morgenthau was District Attorney of New York County from 1974 until his retirement in 2009. He built
a renowned office that brought a number of landmark cases.
4
John Bandler, The Cybercrime Scheme that Attacks Email Accounts and Your Bank Accounts, Huffington Post
(August 3, 2017), www.huffingtonpost.com/entry/the-cybercrime-scheme-that-attacks-email-accounts-
and_us_59834649e4b03d0624b0aca6.
What Is Cybercrime and Why Is It Committed? 13
employees and induce others to purchase services that will never be provided. All of these
scams, like similar frauds conducted face-to-face or over the phone, are a form of theft. Many
cybercrime scams involve related activity which is known as “social engineering”, where con
artistry is employed and the victim is tricked into performing some type of action, whether it is
transferring funds, clicking on a link, or downloading an attachment.
Cyber money laundering also involves moving funds or goods back and forth between
the Internet and the physical world (through banks, money transfer services, virtual cur-
rency, or carrying it from place to place). Since cybercriminals frequently work internation-
ally and want to insulate themselves from their crimes, they often need to recruit someone
in the victim’s country to act as a “money mule”. These mules receive illicit funds stolen
from victims and then forward them to accounts (or other mules) set up by the criminal
participants. Money mules may have varying degrees of culpability, from unsophisticated
participants caught up in a scam, to street criminals looking for a more lucrative fraud.
When questioned or arrested, some mules may provide a full statement, explaining their
involvement in the scheme. Investigators should always follow the money, even when a low-
level participant is arrested or a small cyber incident occurs, since these cases provide far
more leads into the money trail of larger cyber schemes than many realize.
Sometimes, it may not be clear where the line is between illegal harassment and legal free
speech. Certain statements have protections under the First Amendment. Statements that
injure a personal reputation, but that do not rise to the level of harassment, might merit only
a civil remedy such as an action for defamation, rather than a criminal prosecution.
2.2.12 GAMBLING
Gambling that crosses state lines is illegal under federal law, and since Internet traffic rou-
tinely bounces across state and international boundaries, this rule means that online gam-
bling through a website based in the United States is prohibited. Placing bets using websites
established in other countries may be legal. Some states allow gambling within the state,
including sports betting. In addition, certain online “betting” activities generally are not
considered “gambling”, such as fantasy sports leagues.
Online gambling closely mirrors traditional gambling, and the same laws apply to both.
Gambling websites may offer new betting options, including the ability to bet against others
around the world, but many may escape the regulation that casinos are accustomed to
following.
a number of factors that make cybercrime different, and greatly affect how it should be
investigated. Some of these factors are:
behind. The pool of suspects cannot be narrowed by proximity, and investigation and
apprehension are made difficult due to distance and geographic boundaries.
From the cybercriminal’s perspective, the pool of victims is larger. They do not need to
focus on one potential victim; they can target thousands, or millions, of potential victims.
Though they might choose to target a specific individual or company, they also can play
the odds, netting occasional successes among thousands of failed attempts.
5
FBI: Uniform Crime Reporting – 2018 Crime in the United States: Offenses Cleared, https://ucr.fbi.gov/crime-in-
the-u.s/2018/crime-in-the-u.s.-2018/topic-pages/clearances.
18 Cybercrime Investigations
a victim’s cloud account or computer, just like some people might feel a thrill to trespass on
someone else’s property or break into a house.
Many of the earliest cybercriminals committed data breaches not for profit or espi-
onage, but for fun, thrills, bragging rights, or to expose security weaknesses. They
were brilliant technologists, understanding systems better than the creators, and
manipulating them in unintended ways. That is the origin of the term “hacker”,
though the word has been coopted by many who believe it means anyone who illegally
breaks into computer systems. Some famous early cybercriminals who were arrested
for their conduct have moved on to legitimate pursuits, including security research,
consulting, and journalism.
2.4.4 ACTIVISM
Some cybercriminals engage in crime as a form of activism, or so-called “hacktivism”. They
feel passionate about a cause, or passionately disagree with the words or actions of others
and commit cybercrimes to disrupt and make their voices heard. Hacktivists often feel they
have altruistic motives, or that the end justifies the means. Of course, in many instances,
their victims, and the government, would beg to differ.
Hacktivist crimes include tampering with websites to change what the public sees, denial-of-
service attacks that shut websites down, and data theft. Hacktivists’ stated goals sometimes
include providing the world with access to information, revealing the secrets of governments and
corporations, exposing greed or misconduct, exposing organizations with poor security, or simply
weakening organizations or governments with which they disagree.
2.4.7 TERRORISM
Terrorists’ main goal is to instill fear by attacking noncombatants. Some criminals commit
cybercrimes to serve these ends. Cybercrime frauds are a source of funding for terrorist
groups and have low risk of detection. In addition, through intrusions and other methods
of obtaining unauthorized access to computer systems, cybercriminals can steal or research
information about potential terrorist targets. As with many criminal organizations, individ-
ual members have specific roles. Those involved in committing cybercrime for terrorist pur-
poses may not be directly involved in physical attacks.
Cyberterrorism is an extension of terrorist activities that occur in the physical world.
This term generally refers to terror-motivated cyberattacks on critical infrastructure sys-
tems, which could have devastating consequences for large populations.
Language: English
Credits: Al Haines
BY
CHAPTER I
CHAPTER II
CHAPTER III
CHAPTER IV
CHAPTER V
CHAPTER VI
Lord Howard of Effingham, the Trusted of the Queen
CHAPTER VII
CHAPTER VIII
CHAPTER IX
CHAPTER X
CHAPTER XI
LIST OF ILLUSTRATIONS
"Sir Francis" ... Coloured Frontispiece [missing from source book]
Fire-Ships
Capture of an Eskimo
PUBLISHERS' NOTE
The contents of this volume have been taken from Mr. Gilliat's larger
book entitled "Heroes of the Elizabethan Age," published at five shillings.
CHAPTER I
THE ELIZABETHAN WORLD
Before we touch upon the lives of some of the heroes of the Maiden
Queen, it were well to consider briefly what life was like in those days, and
how it differed from our own.
Elizabeth sank upon her knees and exclaimed: "A Domino factum est
istud, et est mirabile in oculis nostris" ("This is the Lord's doing, and it is
marvellous in our eyes")—a text which the Queen caused to be engraved on
her gold coins, in memory of that day of release from anxiety. For the poor
young Princess had lived for years in a state of alarm; she had been
imprisoned in the Tower, the victim of plots for and against her; she had
been kept under severe control at Woodstock under Sir Henry Bedingfeld,
where she once saw a milkmaid singing merrily as she milked the cows in
the Park, and exclaimed, "That milkmaid's lot is better than mine, and her
life far merrier."
And now on a sudden her terrors were turned into a great joy; and what
the Princess felt all England was soon experiencing, as soon as men realised
that the tyranny of Rome and of Spain was shattered and gone.
Harrison notes how rich men were beginning to use stoves for sweating
baths, how glass was beginning to be used instead of lattice, which was
made out of wicker or rifts of oak chequer-wise, how panels of horn for
windows had been going out for beryl or fine crystal, as at Sudeley Castle.
Then for furniture, it was not rare to see abundance of arras in noblemen's
houses, with such store of silver vessels as might fill sundry cupboards.
There were three things that old men remembered to have been marvellously
changed; one was the multitude of chimneys lately erected, whereas only the
great religious houses and manor places of the lords had formerly possessed
them, but each one made his fire against a reredosse in the hall, where he
dined and dressed his meat in the smoke and smother; the second thing was
the improved bedding. Formerly folks slept on straw pallets covered only
with a sheet, and a good round log under their heads for a bolster. "As for
servants, if they had anie sheet above them, it was well, for seldom had they
any under them to keep them from the pricking straws that ran oft through
the canvas and rased their hardened hides."
The third thing was the exchange from wooden cups and platters into
pewter or tin. Now the farmers had featherbeds and carpets of tapestry
instead of straw, sometimes even silver salt-cellars and a dozen spoons of
pewter.
Harrison bewails the decay of archery, and says that all the young
fellows above eighteen wear a dagger. Noblemen wear a sword too, while
desperate cutters carry two rapiers, "wherewith in every drunken fray they
are known to work much mischief"; and as the trampers carry long staves,
the honest traveller is obliged to carry horse-pistols; for the tapsters and
ostlers are in league with the highway robbers who rob chiefly at Christmas
time, "till they be trussed up in a Tyburn tippet."
It was the same before and after a dance: you bowed, or curtseyed, and
kissed your partner in all formal ceremony. So Shakespeare—
We are told that Sir Walter Raleigh was once staying with a noble lady,
whom he heard in the morning scolding her servant and crying, "Have the
pigs been fed? have the pigs been fed?"
At eleven o'clock Master Walter came down to dinner, and could not
resist a sly remark to his hostess, "Have the pigs been fed?" The lady drew
herself up haughtily and rejoined, "You should know best, Sir Walter,
whether you have had your breakfast or no." So the laugh was turned on the
wit for once: for indeed it had become unusual for people to require any
breakfast before eleven o'clock in Queen Elizabeth's time. Formerly they had
four meals a day, consisting of breakfast, dinner, nuntion or beverage, and
supper. "Now these odd repasts," says Harrison, "thanked be God! are very
well left, and each one (except here and there some young hungrie stomach
that cannot fast till dinner-time) contenteth himself with dinner and supper
only." It was the custom at table amongst yeomen and merchants for the
guest to call for such drink as he desired, when a servant would bring him a
cup from the cupboard; but when he had tasted of it, he delivered it again to
the servant, who made it clean and restored it to the cupboard. "By this
device much idle tippling is cut off, for if the full pots should continually
stand neare the trencher, divers would be alwaies dealing with them." Yet in
the houses of the nobles it was not so, but silver goblets or glasses of Venice
graced the tables.
They were content with four or six dishes, finishing with jellies and
march-paine "wrought with no small curiosity"; potatoes, too, began to be
brought from Spain and the Indies. The best beer was usually kept for two
years and brewed in March; of light wines there were fifty-six kinds, mostly
foreign, from Italy, Greece, and Spain, clarets from France, and Malmsey
wine.
"I might here talk somewhat of the great silence that is used at the tables
of the honourable and wiser sort, likewise of the moderate eating and
drinking that is daily seen, and finally of the regard that each one hath to
keep himself from the note of surfeiting and drunkennesse."
In regard to their dress the English at that time seem to have been
somewhat extravagant, copying first the Spanish guise, then the French,
anon the Italian or German—nay, even Turkish and Moorish fashions gained
favour; "so that except it were a dog in a doublet, you shall not see any so
disguised as are my countrymen of England."
Our good friend Harrison waxes quite sarcastic as he describes, "What
chafing, what fretting, what reproachful language doth the poor workman
bear away! ... Then must we put it on, then must the long seams of our hose
be set by a plumb-line: then we puff, then we blow, and finally sweat till we
drop, that our clothes may stand well upon us."
It became the fashion for ladies to dye their hair yellow out of
compliment to the Queen, who however in her later years used wigs, and
was reputed to have a choice of eighty attires of false hair.
In 1579 the Queen gave her command to the Privy Council to prevent
excesses of apparel, and it was ordered that "No one shall use or wear such
excessive long cloaks; being in common sight monstrous." Neither were they
to wear such high ruffs of cambric about their necks as were growing
common, both with men and women. Quilted doublets, curiously slashed,
and lined with figured lace, Venetian hose and stockings of the finest black
yarn, with shoes of white leather, betokened the courtier, the clank of whose
gilded spurs announced his coming.
In regard to weapons, the long-bow had gone out of use, but they shot
with the caliver, a clumsy musket with a short butt, and handled the pike
with dexterity. Corslets and shirts of mail still remained; every village could
furnish forth three or four soldiers, as one archer, one gunner, one pikeman,
and a bill-man. As to artillery, the falconet weighed five hundred pounds,
with a diameter of two inches at the mouth; the culverin weighed four
thousand pounds, having a diameter of five inches and a half; the cannon
weighed seven thousand, and the basilisk nine thousand pounds.
In 1582 Queen Elizabeth had twenty-five great ships of war, the largest
being of 1000 tons burden, besides three galleys: there were 135 ships that
exceeded 500 tons, which could fight at a pinch, for many private owners
possessed ships of their own.
A man-of-war in those days was well worth two thousand pounds, and
"it is incredible to say how greatly her Grace was delighted with her fleet."
After all, it is the men that count most, and the men of that day were as full
of good courage as the best of us.
On the Continent they had a saying that "England is a paradise for
women, a prison for servants, and a purgatory for horses"; for the females
had more liberty in England than on the Continent, and were almost like
masters; while the servants could not escape from England without a
passport, and the poor horses were worked all too hard.
In those days they knew full well what deep ruts could do in the way of
lowering speed, and the jaded horses must sometimes have thought that they
were pulling a plough, and not a coach.
We may add that folk did not use night-gowns, as we see from George
Cavendishes "Life of Wolsey": "My master went to his naked bed." But a
night-gown in those days meant a dressing-gown. Hentzner gives us a
description of the life at Court, from which we will take a few passages. He
was at Greenwich Palace, being admitted to the presence-chamber, which
was hung with rich tapestry and strewn with hay, or rushes. After noticing
the small hands and tapering fingers of the Queen, her stately air and
pleasing speech, he says: "As she went along in all this state and
magnificence, she spoke very graciously, first to one foreign Minister, then
to another: for, besides being well skilled in Greek, Latin, and French, she is
mistress of Spanish, Scotch, and Dutch. Whoever speaks to her, it is
kneeling: now and then she will pull off her glove and give her hand to kiss,
sparkling, with rings and jewels. The Ladies of the Court that followed her,
very handsome and well-shaped, were dressed in white, while she was
guarded on either side by her gentlemen Pensioners, fifty in number, with
gilt battle-axes."
We rather suspect that Hentzner may have been mistaken about the Scot;
for surely she could not speak with a Highlander in Gaelic, and to
understand a Lowland Scot could not have taxed her royal powers much.
These men were the Robin Hoods of the sea, and when from selfish
plunderings they rose to be champions of religious freedom as well, their
career seemed in most men's minds to be worthy of all admiration. But in
order to understand fully the motives which induced the more noble spirits to
go forth and do battle with Spain on private grounds, and at their own
expense, we ought to have sat at the Mermaid, or other taverns, and heard
the mariners' tales as they told them fresh from the salt sea. We should have
listened to stories of cruel wrongs inflicted on the brave Indians of South
America, which would have stirred any dormant spirit of chivalry within us,
and made us long to champion the weak.
We should have heard the story of the Indian chief who was taken
prisoner by the Spaniards, and suffered the penalty of losing his hands
because he had fought so strenuously for his mother-land. This Indian
returned to his people, and devoted the rest of his life to encouraging and
heartening his countrymen to the great work of fighting for life and liberty,
showing his maimed arms, and calling to mind how many others had had
half a foot hacked off by the Spaniards that they might not sit on horseback.
Then, when a battle was being fought, we should have been told how this
chief loaded his two stumps with bundles of arrows and supplied the fighters
with fresh store, as they lacked them. Surely men so brave as this man
challenged admiration and deserved succour.
The young Queen of England had suffered herself, and these stories must
have stirred her heart to say with the Dido of Virgil—
It was not the massacres under Cortez and Pizarro, earlier in this century,
which roused the deepest indignation; it was the tales of inhuman cruelty
perpetrated by Spanish colonists in time of peace, and of the noble conduct
of the conquered Indians under the degrading conditions of their slavery,
which most moved pity and wrath and feelings of revenge.
Men told the story of the Cacique who was forced to labour in the mines
with his former subjects, how he called the miners together—ninety-five in
all—and with a dignity befitting a prince made them the following speech:—
"My worthy companions and friends, why desire we to live any longer
under so cruel a servitude? Let us now go unto the perpetual seat of our
ancestors, for we shall there have rest from these intolerable cares and
grievances which we endure under the subjection of the unthankful. Go ye
before, I will presently follow." So speaking, the Indian chief held out
handfuls of those leaves which take away life, prepared for the purpose; so
they disdainfully sought in death relief from the cruel bondage of their
Spanish masters.
CHAPTER II