Exploring the Intersection of Cybercrime and the Law02.05.2013 | Faculty, Law
Professor Susan Brenner says she wants to scare you. She wants to scare you into understanding that your personal information and your computers are at risk. So to are the financial institutions, companies and governments upon which we all rely.
So why does Brenner want to frighten you? "People are complicit," she said.
They don't take the threat of cybercrime, including the loss of their personal data, seriously. They also they don't hold accountable the financial institutions and businesses that retain our data and money or the governments that are supposed to protect us.
"People are obsessed with physical crime, but not cybercrime," said Brenner, the NCR professor of law and technology who also writes the blog CYB3BERCRIM3. That's why, she added, people are willing to click on suspicious links in emails and on websites, causing their computers to become infected with a virus.
According to Brenner, surveys show that most people don't have antivirus software on their computers and those who do often don't update the software. This makes computers susceptible to attacks from things like malware that turns the machines into zombies, which become soldiers in bot armies of thousands of computers.
"Every unsecured computer is a threat," she said. Pointing to her laptop, she said, "I'm reasonably sure it's not a zombie. But most people don't have virus software" on their computers.
Brenner examines the threat of cybercrime and cyberwarfare in her latest book, Cybercrime and the Law: Challenges, Issues and Outcomes.
Published last fall by the University Press of New England, the book explores the legal side of these threats, discussing how the law applies — and in some instances does not apply — to cybercrime and cyberwarfare. The book is written for undergraduate and graduate classes.
As Brenner explains in the book, most of today's cybercrime involves migrating real-world, physical crime into cyberspace. "Cyberspace becomes the tool criminals use to commit old crimes — like fraud, theft and extortion — in new ways," she writes.
Cyberspace erases the idea of borders or territory because it's so easy to access information or computers from anywhere in the world. Online tools make it possible for criminals or nation-state agents to carry out attacks remotely and anonymously.
"The borders are open so you have to deal with crimes all over the world," Brenner said. "What people don't understand is [cybercrime] is professional organized crime and your chances of getting caught are zero."
One example of cybercrime that Brenner often cites involved cybercriminals operating from outside the United States. Using a Trojan horse program, the group stole more than $415,000 from a bank account belonging to a small Kentucky county.
This case shows the challenges law enforcement officials have when investigating such crimes.
Computer forensics experts analyzed where the money had gone and tried to figure out who was responsible by tracing emails and other signals sent to the bank back to their source. “But it’s often difficult to tell where something really came from because messages and other traffic can be routed through various servers,” Brenner said. "It takes a great deal of time and effort to try to identify the perpetrators, and if you succeed, you still have to get them.”
While most people have unsecured computers, Brenner said that businesses are also not securing their systems, leading to the theft of billions of dollars. Businesses are ignoring cyberthreats, Brenner said, because of the costs needed to constantly maintain and update their security. "We are letting people steal from us," she said.
Brenner also pointed out that businesses and financial institutions are often hesitant to report a data breach to law enforcement officials because it might cause negative publicity for the institution. "Why damage your reputation when the people [who stole from you] won't get caught?" she asked.
Unless citizens and businesses do more to secure their data and computing systems, Brenner said, the United States could face a significant cyberattack. "Imagine what will happen if someone shuts down systems in Dayton and the Midwest and you don't know why?" she asked.
For more than 15 years, Brenner has researched how civilians, corporations and governments can combat crime in cyberspace and how cyberwar is likely to differ from traditional warfare. After 9/11, she became interested in cyberterrorism, which was being discussed as a real potential threat.
Cybercrime and the Law is the third book Brenner has written in recent years on her research.
In her 2010 book, Cybercrime: Criminal Threats from Cyberspace, published by Praeger, Brenner focused on the intersection of computer technology and crime, and how criminals use computer technology — particularly the Internet — to commit crimes.
A year earlier, Oxford University Press published Cyberthreats: The Emerging Fault Lines of the Nation State, which explored how cyberspace can be used not only to commit crimes and terrorism, but also to carry out warfare. Cyberthreats examined how governments, especially the U.S. government, deal with these emerging threats.