Cyber crime
Cyber crimes are crimes that are based on the Internet or that occur with Internet technology. This is not to be confused with computer crime , in which the computer is primarily used as a weapon , even without internet use. Protection against cybercrime is also called online security . This term must be differentiated from Internet security, which also includes the protection of the infrastructure itself, i.e. also protection against criminal offenses against the Internet itself, online or material, but also against other dangers, as part of IT security .
Manifestations
The manifestations are very diverse; Examples include Internet fraud , the spying of data , breaches of the prohibition on disclosing or youth protection , identity theft , copyright infringement , cyber-terrorism , cyber-bullying , hate speech and the dissemination of child pornography .
The transition to methods and practices of Cyberwar ( "network war") has now become fluid; In individual cases, it is by no means easy to determine whether an attack on the Internet serves relevant criminal purposes or is militarily or politically intended (e.g. in the event of extensive sabotage of the heavily ICT-dependent financial system or the web presence of public institutions in the broadest sense). According to observations, the “ malware industry” is becoming increasingly professional , and attacks on computers and computer networks are becoming more and more sophisticated.
According to antivirus software developers, z. For example, the infection of computers with malware that is used to steal identity (such as spying on bank account data) increased by 800 percent from the first to the second half of 2008.
In the banking sector, in addition to online attacks on the accounts of private customers, attacks directly on the interbank business with the help of falsified versions of payment orders are increasing. The malware used here penetrates the network of the connected institutes and causes annual damage of tens of millions of dollars.
The target of CEO fraud are companies that, according to an FBI announcement in 2015, were defrauded for more than 740 million dollars.
Technical progress
Almost since the general establishment of the Internet since the 1990s and the increasing computerization further fields of public life, especially in the economic field, to criminals and security experts provide a hare and hedgehog -Wettlauf on different fields, so far mostly with resulted in a "positive stalemate" for security. In recent times (2010s) the methods of cyber criminals have become increasingly sophisticated and elaborate (this also applies, for example, to many virus programmers , whose products have meanwhile reached an astonishing, and in some cases frightening, technical level).
According to the US telecommunications service provider Verizon Business , criminals in the United States managed to crack the encryption when transmitting PIN codes . The hackers were able to get both encrypted and unencrypted PINs. According to media reports, experts assume that the problem can only be solved if the financial industry overtakes electronic payments as a whole.
Situation in Germany
For its 2014 report on the costs of cybercrime sponsored by HP Enterprise Security, the Ponemon Institute surveyed a representative cross-sector sample of 46 companies in Germany. The survey showed an average loss amount of € 6.1 million, with a range of € 425 thousand to € 20.2 million per year. Phishing, social engineering and web attacks accounted for more than 35% of the costs.
The Federal Criminal Police Office (BKA) has found in 2012 in Germany 229,408 offenses to which the term "adapted devices Internet" was true.
According to the BKA, " phishing " continues to be a focus in the area of cybercrime, despite a 46% decline in the number of cases, "with regard to the existing damage potential and the lucrity for the perpetrator." The BKA claims to have identified just under 3,500 cases in 2012, with an average amount of damage from approx. 4,000 euros per case. User awareness, increased protective measures and effective IT management are held responsible for the decline.
Smartphones are currently still an interesting target for criminals. Users are setting these more and more diverse such as B. for online banking, for the authorization of transactions, for direct access to e-mail accounts and accounts of social networks or even for the use of business data and are insufficiently aware of the mobile operating systems.
The number of crimes committed using the internet rose slightly in 2016. Compared to the previous year (244,528 cases), a total of 253,290 cases were recorded in 2016. These include crimes such as commodity and commercial credit fraud, computer fraud, performance and performance credit fraud, the distribution of pornographic literature and crimes against copyright law. As the police infographic shows, goods fraud alone accounted for 27.8 percent of the cases; Also noteworthy is the share of 20.7 percent in commercial credit fraud. Goods and credit fraud thus make up almost half of all cases. Of the 101,654 suspects, 68.7 percent were male and 31.4 percent were female. The clearance rate was 65 percent. The police crime statistics in 2007 also showed a significant increase in copyright infringements : by 54.6 percent to 32,374 cases. The music industry's tightened action against illegal downloading of copyrighted data was blamed for this.
There is an increase in fraudulent fake shops on online platforms where goods that have been paid for are not delivered or not delivered in the quality ordered. The police's crime statistics for 2015 show almost 75,000 cases of online fraud in Germany. The German Federal Criminal Police Office calls this a “mass phenomenon that poses great challenges for the law enforcement authorities”.
According to a BITKOM study, by mid-2008 almost four million Germans had already been victims of computer or internet crime. Seven percent of all computer users aged 14 and over have already suffered financial damage from viruses , online auctions or data misuse in online banking . Nonetheless, the low level of security awareness among users was lamented. In its report, The State of IT Security in Germany 2009 , presented at CeBIT , the Federal Office for Information Security (BSI) expressed its concern about the growing Internet crime; the situation was rated as “extremely serious” and “worse than feared”.
The careless handling of data in the “hands-on” applications of the web , especially in the increasingly popular social networks , is particularly alarming for security experts. “Users without hesitation reveal detailed private information in their user profiles. In doing so, they often forget that information on the Internet is and will remain accessible to practically everyone, ”according to the BSI study.
Botnets , by means of which cyber criminals often network and abuse hundreds of thousands of hijacked private and office computers without the knowledge of the user, according to the BSI "part of a professional and international shadow economy ", have meanwhile developed into an outstanding threat. A number of prominent discoveries have been made since 2007 ( cf. GhostNet ; Trojaner ).
In a Forsa survey commissioned by Schufa in 2018, 39 percent of those surveyed stated that they had been a victim of cybercrime themselves, while 12 percent were specifically victims of identity abuse on the Internet. There has been a sharp increase in child pornography since 2017.
Combating cybercrime
Because of the significantly increased dangers, the European Commission presented a five-point plan for the protection of critical information infrastructures in the member states of the European Union at the end of March 2009 .
In addition to forced coordination between the member states, it provides for:
- Prevention and preparedness
- Detection and response; Establishment of an early warning and information network
- Impact mitigation and recovery
- International cooperation
- Establishment of uniform criteria for European critical ICT infrastructures
According to the EU Commission, the European Agency for Network and Information Security ( ENISA ) should drive the initiative forward. The Commission will also work with Member States to “develop a roadmap to promote principles and guidelines at global level. As a means of building global consensus, strategic cooperation with third countries is being promoted, especially in the dialogues on information society issues. "
Convention on Cybercrime (Cybercrime Convention)
As early as November 23, 2001, the 26 countries of the Council of Europe, along with the USA, Canada, Japan and South Africa, signed the “Convention on Computer Crime”, also known as the “Budapest Convention against Data Network Crime” or Cybercrime Convention for short , in order to align the country-specific computer criminal law regulations. Among other things, Internet users or domain owners should be able to be identified across borders or websites whose content violates the convention should be able to be removed from the network across borders. The rights of unsuspecting third parties are not protected separately. Racist or xenophobic content is not taken into account at the request of the US with reference to freedom of expression . The convention also represents "a milestone in the treaty system of the Council of Europe to combat terrorism and organized crime" (Hans Christian Krüger, then Deputy Secretary General of the Council of Europe).
A round-the-clock international contact network for rapid administrative assistance was set up.
Germany
To combat Internet crime, the Technical Service Center for Information and Communication Technologies (TeSIT) was set up at the Federal Criminal Police Office in Germany , whose main task, according to the Ministry of the Interior, is " to provide technical support for executive measures and investigations in data networks". The TeSIT is also assigned the central office for independent research in data networks (ZaRD) set up at the beginning of 1999 . According to its own information, the Federal Criminal Police Office evaluates the Internet “around the clock, systematically and regardless of the occasion, for police-relevant content - especially child pornography - and, if necessary, collects, secures and documents evidence”. Reference is made to "a considerable number" of successful searches. It is also emphasized that “the police have to keep pace with rapid technical developments”. When it comes to persecution, however, it is a major problem that perpetrators can act globally, but authorities are only limited to national and regional levels.
The police forces of the individual federal states are also involved in the fight against internet crime. For example, since 2009 the Lower Saxony State Criminal Police Office has had a “Central Internet Crime Unit” with 20 employees.
The Bund Deutscher Kriminalbeamter (BDK) and the Foundation German Forum for Crime Prevention (DFK), with the cooperation of representatives from research and business, presented the federal government with a ready-made and immediately implementable concept for more security on the Internet. It is the Web Patrol online service under the motto The 8th Sense of the Net . The reason for this is unfiltered Internet access with content such as pornography , pedophilia , Islamism , right-wing and left-wing extremism , and terrorism , which are freely available to children and young people. Web Patrol includes an information portal the target groups to inform about issues of security and behavior and a program that is able to report suspicious content directly. Internet users should simply click on an additional button in the browser to send an automatically generated message about suspicious content, questionable activities , data theft, attacks in chat rooms and material relevant to criminal law to an independent clearing house made up of an interdisciplinary team of criminologists, psychologists and sociologists composed, can transmit. This evaluates incoming reports, gives initial feedback and forwards the process to the responsible institutions. Since the Internet is increasingly being used as a medium for the preparation and execution of deviant behavior up to and including the implementation of criminal acts , and people who are not sensitized become easy victims for Internet criminals or are even encouraged to commit criminal acts by the possibilities of the Internet, the BDK demands that Model to be implemented before the next legislative period .
See also
- Computer crime
- Cyber cop
- Information security
- Online search
- Computer Emergency Response Team
- Reporting and Analysis Center for Information Assurance MELANI ( Switzerland )
- National Cyber Defense Center
literature
- Andreas Janssen: lies and deceit on the Internet. 1st edition. WFB publishing group, Bad Schwartau 2007, ISBN 978-3-86672-001-5 .
- The situation of IT security in Germany in 2015. Federal Office for Information Security, 2015 (PDF, 1.50 MB)
- European Center for Media Literacy: In the Spotlight: Cybercrime. December 2, 2008.
- Jack M. Balkin, James Grimmelmann, Eddan Katz (eds.): Cybercrime: Digital Cops in a Networked Environment. New York University Press, 2007, ISBN 978-0-8147-9983-3 . (Series: Ex Machina: Law, Technology, and Society)
- Weber, Meckbach: utterance offenses in Internet forums. In: New journal for criminal law . 9/2006, p. 492.
- Gercke, Brunst (Ed.): Praxishandbuch Internetstrafrecht, commentary . 1st edition. Verlag W. Kohlhammer, Stuttgart 2009, ISBN 978-3-17-019138-9 .
- Manfred Wernert, Internet crime - basic knowledge, first measures and police investigations , 3rd edition, Richard Boorberg Verlag, Stuttgart / Munich 2017, ISBN 978-3-415-06009-8 .
Web links
- botfrei.de: The Anti-Botnet Advice Center - An initiative of the German Internet industry
- Website of the Federal Office for Information Security
- Task Force "IT Security in Business: Website of the BMWi Initiative"
- Tips for police crime prevention of the states and the federal government
- Overview of cyber crime at the independent State Center for Data Protection Schleswig-Holstein
- Data protection law: information obligations in the event of data leaks (Section 42a BDSG)
- CuMK - Modus Operandi: Media Offenses - Commentary on manifestations of ICT crime
- Swiss coordination office for the fight against cybercrime
- "Tatort Internet" - overview in SWR2 broadcast (as a radio play) or as PDF (65 kB)
- Independent in-depth work on Internet crime, methods, protection and laws in and around the Internet as PDF (214 kB) A summary of the methods and protective mechanisms used on the Internet that laymen can easily understand.
- Ulrich Hottelet: Danger from the Internet. In: Die ZEIT . August 21, 2007.
swell
- ↑ Symantec: Many data leaks can be traced back to the loss of PCs and data carriers (Heise Online, April 14, 2009)
- ↑ Elinor Mills: Report: ID fraud malware infecting PCs at increasing rates (Cnet, March 10, 2009)
- ↑ Malicious code is distributed more and more "by hand" (Heise Security, April 15, 2009); Report evaluation for the EMEA region (Europe, Middle East, Africa - Symantec, PDF, 50 pages, 1.12 MB)
- ↑ cf. "More and more banks are being robbed by hackers" in FAZ from September 1, 2016, p. 23.
- ↑ Die Welt : With this scam, the Chinese captured millions from February 18, 2016, loaded on April 4, 2017
- ↑ Karmen Horvat: Sinowal - Most Dangerous Trojan So Far ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (Javno, November 4, 2008)
- ↑ Brian Prince: Mebroot: The Stealthiest Rootkit in the Wild? (eWeek.com, April 15, 2009)
- ↑ Kim Zetter: PIN Crackers Nab Holy Grail of Bank Card Security (Wired, April 14, 2009) (English)
- ↑ 2014 Cost of Cyber Crime Study: Germany
- ↑ Internet as a means of action. (PDF) (No longer available online.) In: Bundeslagebild Cybercrime 2012. Bundeskriminalamt (BKA), 2012, p. 5 , archived from the original on March 8, 2014 ; Retrieved February 7, 2013 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Declining number of cases in phishing. (PDF) (No longer available online.) In: Bundeslagebild Cybercrime 2012. Bundeskriminalamt (BKA), 2012, p. 6f , archived from the original on March 8, 2014 ; Retrieved February 7, 2013 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Mobile devices - smartphones as a target. (PDF) (No longer available online.) In: Bundeslagebild Cybercrime 2012. Bundeskriminalamt (BKA), 2012, p. 7 , archived from the original on March 8, 2014 ; Retrieved February 7, 2013 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Police crime statistics April 2017. Accessed May 30, 2017 .
- ↑ Internet crime continues to advance (Onlinekosten.de, May 23, 2008)
- ↑ Fakeshops on Amazon: How unsuspecting buyers are lured and ripped off , test.de from November 23, 2016, accessed on November 24, 2016
- ↑ Stefan Beiersmann: Bitkom counts four million victims of Internet crime (ZDNet, July 7, 2008)
- ↑ Britta Widmann: CeBIT: BSI warns of growing Internet crime (ZDNet, March 5, 2009)
- ↑ Internet crime: Big booty in the botnet (Stern.de, March 17, 2009)
- ↑ Schufa-Kredit-Kompass 2018. Retrieved on July 19, 2018 .
- ↑ https://www.tagesschau.de/investigativ/wdr/bka-kinderpornographie-zunahme-101.html
- ↑ EU publishes five-point plan to protect against cyber attacks ( ZDNet , April 1, 2009)
- ↑ Protecting Europe against large-scale cyber attacks and disruptions: Strengthening preparedness, security and stability (EU Commission, March 2009; PDF; 184 kB)
- ^ Convention on Cybercrime. In: Liechtenstein Collection of Laws . Retrieved March 27, 2019 .
- ↑ heise.de / ... - 15 years of the Cybercrime Convention: Unlimited access to the cloud planned. (accessed on November 18, 2016)
- ↑ Internet crime ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (Homepage of the BMI )
- ↑ Crime on the Internet ( Memento of the original from December 19, 2007 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. ( GdP position paper, 2001; PDF; 101 kB)
- ↑ bdk.de: web-patrol: The '110' of the Internet ( Memento of the original from June 12, 2009 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. . Accessed 08/08/2009.
- ↑ heise online: Detective officers propose an “emergency telephone” on the net . June 8, 2009.
- ↑ : Detective officers present federal government security concept for the Internet . In: Neue Osnabrücker Zeitung , June 8, 2009.