SlideShare a Scribd company logo

Cybercrime Deterrence and International Legislation: Evidence from Distributed Denial of Service Attacks

MIS Quarterly
MIS Quarterly

By Kai-Lung Hui, Seung Hyun Kim, and Qui-Hong Wang

Technology
1 of 42
Download to read offline
Cybercrime Deterrence and International Legislation: Evidence from Distributed Denial of Service Attack Kai-Lung Hui (Hong Kong University of Science and Technology) Seung Hyun Kim (Yonsei University) Qiu-Hong Wang (Singapore Management University) MIS Quarterly,Vol. 41, No. 2, pp. 497-523, June 2017
In a Nutshell (c) Hui, Kim and Wang 20172  We study the empirical effect of international legislation on cybercrime deterrence  Enforcing the Convention on Cybercrime:  Reduces the number of DDOS attack victims within the enforcing countries  Redirects DDOS attacks to non-enforcing countries  Reduces DDOS attacks largely because of the provision of international co-operation  Implications:  Network effect exists in international law enforcement  Cyber criminals are rational, meaning economic incentives may work in deterring cybercrimes  The world should work together in cybercrime deterrence!
Cybercrime  Causes annual global lost of $400 billion, ranges $375- 575 billion (McAfee, June 2014)  Characteristics of cybercrimes  Not confined by national boundaries  Extremely low cost  E.g., DDoS, cross-site scripting, phishing, …  Low observability and hence low probability of apprehension and punishment  Key issue: How to tackle such cybercrime? 3 (c) Hui, Kim and Wang 2017
The Big Picture 4 (c) Hui, Kim and Wang 2017
Solution 5  Prevention and detection  Operate at the individual level  Do not ex ante reduce attack motivation  Legislation  Heightens the penalty of aggression  Depending on implementation, may increase the chance of apprehension and conviction  Applies at the national, or even international level  May ex ante affect hacker decisions? (c) Hui, Kim and Wang 2017
Scope of Legislation 6  Domestic enforcement  International cooperation  E.g., preserving data for investigating cybercrimes initiated from or targeting other countries  Requires similar treatment of crimes and mutual understanding of enforcement  Cybercrime specific international initiative: The Convention on Cybercrime (COC) (c) Hui, Kim and Wang 2017
The Convention on Cybercrime (COC; Europe Treaty Series No. 185) Convention on Cybercrime (COC) 7 (c) Hui, Kim and Wang 2017
The Convention on Cybercrime  Drafted by 41 Council of Europe member states + Canada, Japan, USA, and South Africa  Opened for signature on November 23, 2001  First enforced by Albania, Croatia, Estonia, Hungary, and Lithuania on July 1, 2004  As of 2015, 49 countries signed and 47 ratified (enforced) the COC 8 (c) Hui, Kim and Wang 2017
The COC: 4 Chapters 1. Definitions 2. National-level measures  Establishing substantive criminal laws on offences (e.g., illegal access and interception, data and system interference, etc.)  Procedural laws  Establishment of jurisdictions over offences 3. Principles of international cooperation  E.g., extradition arrangement, mutual assistance 4. Scope of application, reservations, etc. 9 (c) Hui, Kim and Wang 2017
 Not confined by national boundaries (Png et al. 2008, Kshetri 2013a, 2013b)  Extremely low cost  e.g., DDoS, cross-site scripting, phishing, …  Low observability and hence low probability of apprehension and punishment  The unique profiles of cyber criminals (Kshetri 2006, 2010)  Minors  Juvenile  Professional syndicates Characteristics of cybercrimes 10 (c) Hui, Kim and Wang 2017
Related Literature  The deterrence effect of perceived threat and punishment at the individual level in an organizational setting (D’Arcy et al. 2009; Johnston et al. 2015)  Supportive evidence on deterrence effectiveness  Capital sanctions and execution (Yang 2008)  Gun-carrying laws (Lott 1997a)  Enforcement against rape and other sexual offences (Vaillant 2009)  Counter evidence was also recorded (Kirchgassner 2011)  Lack of quality data 11 (c) Hui, Kim and Wang 2017
COC: Staggered Enforcement 12 31 3 3 1 5 0 0 3 0 1 0 0 2 00 0 0 6 5 4 6 2 3 4 1 6 3 2 5 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Signature Entry into force 2004 Albania Croatia Estonia Hungary Lithuania Romania 2005 Bulgaria Cyprus Denmark Macedonia Slovenia 2006 France Bosnia & Herzegovina Norway Ukraine 2007 Armenia Finland Iceland Latvia Netherlands U.S.A. 2008 Italy Slovakia 2009 Germany Moldova Serbia 2010 Azerbaijan Montenegro Portugal Spain 2011 U.K. 2012 Austria Belgium Georgia Japan Malta Switzerland 2013 Australia Czech Republic Dominican Republic 2014 Mauritius Panama 2015 Luxembourg Poland Turkey Canada Sri Lanka (c) Hui, Kim and Wang 2017
COC: Delay in Establishing Authorities Country Enforcement date Establishment of Responsible Authorities Albania 01/07/2004 19/06/2006 Armenia 01/02/2007 16/07/2008 Bosnia and Herzegovina 01/09/2006 15/11/2011 Bulgaria 01/08/2005 12/09/2005 Croatia 01/07/2004 09/01/2009 Cyprus 01/05/2005 05/08/2009 Estonia 01/07/2004 08/10/2007 Slovenia 01/01/2005 20/12/2006 Republic of Macedonia 01/01/2005 13/10/2006  Article 24 – authority responsible for extradition or provisional arrest  Article 27 – authorities responsible for mutual assistance  Article 35 – 24/7 Network 13 (c) Hui, Kim and Wang 2017
COC: Difference in adoption  Article 4 – Data interference  Article 6 – Misuse of devices  Article 11 – Attempt and aiding or abetting  Article 14 – Scope of procedural provisions  Article 22 – Jurisdiction  Article 29 – Expedited preservation of stored computer data 14 Country Article 4 Article 6 Article 11 Article 14 Article 22 Article 29 Australia*   Austria*  Azerbaijan*    Belgium*  Bulgaria  Canada*  Czech Republic*  Denmark  Finland   France  Germany*   Japan*     Latvia**   Lithuania   Montenegro*  Norway    Poland*  Slovakia   Switzerland*    Turkey*    Ukraine  U.K. *   U.S.A.    (c) Hui, Kim and Wang 2017
Research Questions  Does the enforcement of the COC help deter cybercrime?  Do establishment of responsible authorities and the reservation of Articles matter?  If the COC does reduce cybercrime, how does the enforcement of other countries affect a country’s victimization? 15 (c) Hui, Kim and Wang 2017
Theoretical Foundation: GDT & RAT Potential criminals as rational actors who would weigh the benefits and costs before committing a crime (Becker 1968; Mookherjee and Png 1994)  Criminal motivation General deterrence theory (GDT) – improper behavior can be deterred by raising the certainty and severity of punishment. (Gibbs 1975)  Crime victimization Routine activity theory (RAT) – crime is shaped by environmental factors, particularly the presence of a motivated offender and suitable target, and the absence of a capable guardian (Cohen and Felson 1979). 16 “someone whose mere presence serves as a gentle reminder that someone is looking” (Hollis-Peel et al. 2011). (c) Hui, Kim and Wang 2017
Potential Contributions  Pioneering evidence on whether international legislation helps curb cybercrime and how the deterrence effect is affected by implementation.  A formal test of enforcement externality and find cybercrime enforcement can be complementary and drives cyber-attacks to non-enforcing countries.  Evidences that hackers are rational and strategic  The innovative use of backscatter data and linking international legislation and the Internet topology to analyze cyber attack path. 17 (c) Hui, Kim and Wang 2017
COC: Does It Matter?  2007: Russian convicted for attacking Estonia’s government services  Estonia enforcement: 2004  2010: Programmer in USA convicted for attacking rollingstone.com in 2008  USA enforcement: 2007  2011: German convicted for cyber-extorting six online bookmakers  Germany enforcement: 2009 18 (c) Hui, Kim and Wang 2017
COC: Does It Matter?  From Hackforums:“I live in a small town in Romania. Until 1 months ago I thought is no danger in hacking...I've got only a warning because I was under 18...then I realized why this happened: that was because we just joined...European Union and there are new laws in IT...from now I take care because...it never knows when the cops catch you...”  “...the law follows the same guidelines for all countries in the european union and they're very strict about that”“There are conventions...within European Union borders he can be transported due to the crime, because of the European Unions conventions about partnership in law”  “...I would rethink your theory on Croatia not having cybercrime laws:The cybercrime convention is a European directive to which Croatia is a member state...As of 2007, Croatia integrated this into local laws...All of the offences proscribed in the Cybercrime Convention (to which Croatia is a State Party and which has been in force in Croatia since 1 July 2004), with the exception of offences that can generally be described as cyberterrorism, are incorporated into the domestic legal framework” 19 (c) Hui, Kim and Wang 2017
The Deterrence of the COC when the victim country has not enforced COC A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country Non-COC country ? ? ? COC country Non-COC country Router 20 (c) Hui, Kim and Wang 2017
A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country √ ? √ √ COC country Router The Deterrence of the COC when the victim country has enforced COC 21 (c) Hui, Kim and Wang 2017
The Reinforcement of the COC when only two countries enforced COC A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country Non-COC country ? √ ? ? Router 22 (c) Hui, Kim and Wang 2017
A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country √ √ √ √ COC country COC country √ Router The Reinforcement of the COC when four countries enforced COC 23 (c) Hui, Kim and Wang 2017
The Displacement of the COC Targeting enforcing country? A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country √ √ ? COC country √ Router Router 24 (c) Hui, Kim and Wang 2017
The Displacement of the COC Targeting non-enforcing country! A B D C Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country ? ? COC country ? Router 25 (c) Hui, Kim and Wang 2017
Study Setting  Distributed denial of service (DDOS) attack in 106 countries in 177 days in 2004-2008  Why DDOS attack?  Most prevalent cyber attack causing great damage  Unambiguously criminalized by the COC  Conducted on a network of electronic devices  international cooperation is relevant 26 (c) Hui, Kim and Wang 2017
Hypotheses 1: the deterrence effect of the COC  H1a (Enforcement): COC enforcement reduces the number of DDOS attack victims in the enforcing countries.  H1b (Establishing Responsible Authorities): Among enforcing countries, establishing the authority responsible for reacting to external requests for international co-operation reduces the number of DDOS attack victims more than those that have not established such an authority.  H1c (Reservation on international co-operation): Reservation on Article 29 (expedited preservation of stored computer data) increases the number of DDOS attack victims in the enforcing countries. 27 (c) Hui, Kim and Wang 2017
Hypotheses 2: the externalities of the COC  H2a (Network effect): The effect of COC enforcement on the number of DDOS attack victims in the enforcing countries is stronger as the enforcement in other countries increases.  H2b (Displacement): Enforcement of the COC will cause cybercrime displacement; non-enforcing countries will receive more DDOS attacks as the enforcement in other countries increases. 28 (c) Hui, Kim and Wang 2017
Attack Data  Country-level DDOS attack data on a daily basis  From the Cooperative Association for Internet Data Analysis (CAIDA)  Responses sent by DDOS attack victims to spoofed traffic for at least a week-long period in each quarter between 2004 and 2008 (“backscatter” data) 29 (c) Hui, Kim and Wang 2017
Model-Free Evidence 30 (c) Hui, Kim and Wang 2017
The Model (Fixed-effects OLS)  Cumulative domestic legislation Lit  Control variables, xit  Country and day fixed effects, μi and τt  Continuous country-specific time trends, γit  Spatial correlation consistent standard errors (Driscoll and Kraay, 1998) 31 H1a. Enforcement indicator H2b. Displacement effect H2a. Network effect Externality H1b. Enforcement indicators with or without the responsible authorities H1c. Enforcement indicators with various reservations the extent of enforcement in other countries ω-i, t (c) Hui, Kim and Wang 2017
Control Variables  Socio-economic: unemployment rate, gross domestic product (GDP) per capita in PPP, number of higher education students  IT Infrastructure: number of Internet hosts, number of Internet users, number of integrated services digital network (ISDN) subscribers, percentage of digital main lines  Others: domestic legislations, land area  Governance quality: control of corruption, government effectiveness, political stability and absence of violence/terrorism, regulatory quality, rule of law, voice and accountability 32 (c) Hui, Kim and Wang 2017
Descriptive statistics (106 countries, 16429 observations) 33 Variable Unit Mean Std. dev. Min Max Source COC enforcement 1 = enforce; 0 = not enforced 0.152 0.3587 0 1 COE COC signature 1 = signed; 0 = not signed 0.414 0.4925 0 1 COE Reservations Number of reservations 0.142 0.6098 0 6 COE CPHRFF enforcement 1 = enforce; 0 = not enforced 0.085 0.2789 0 1 COE Cumulative domestic legislation Number of legislations/revisions 1.123 2.464 0 36 COE, UNODC, ITU, GCLD Victim IP addresses 817.137 5,013.3900 0 91,755 CAIDA …per 1,000 Internet hosts 2.216 13.9751 0 621.359 Self-computed Internet hosts Per 1,000 inhabitants 87.377 156.7580 0 1,039.270 CIA Unemployment rate % economically active people 8.173 5.7605 0.400 37.300 GMID GDP in PPP Thousand dollars per capita 18.878 16.0343 0.620 84.249 GMID Higher education students Per 100 inhabitants 3.213 1.6346 0.033 6.713 GMID Internet users Per 1,000 inhabitants 356.875 259.8545 2.197 911.319 GMID % digital main lines % of telephone main lines 95.996 10.5286 34.000 100 GMID ISDN subscribers Per 1,000 inhabitants 16.822 32.4338 0 177.903 GMID Land area sq. km per 1,000 inhabitants 34.899 83.6094 0.142 617.118 GMID Control of corruption Normalized index 0.373 1.0340 -1.459 2.591 WGI Government effectiveness Normalized index 0.481 0.9271 -1.236 2.374 WGI Political stability and absence of violence/terrorism Normalized index 0.142 0.9014 -2.550 1.586 WGI Regulatory quality Normalized index 0.495 0.8625 -1.647 1.983 WGI Rule of law Normalized index 0.361 0.9703 -1.734 2.014 WGI Voice and accountability Normalized index 0.299 0.9390 -1.770 1.826 WGI % Internet users covered by others’ enforcement 0.120 0.101 0 0.285 Self-computed % AS connections to other enforcing countries 0.162 0.199 0 0.889 CAIDA (c) Hui, Kim and Wang 2017
Identification Strategies  Similar to DID, but staggered enforcement over time  Upward bias due to reverse causality  2SLS instrumented by the enforcement of Protocol No. 12 to the Convention for the Protection of Human Rights and Fundamental Freedoms  Falsification test replacing the enforcement indicator by signature  Effective enforcement relies on responsible authorities  Article 29 serves as an indirect assessment of the merit of international co-operation. 34 (c) Hui, Kim and Wang 2017
Results – Test of H1: COC deterrence effect 35 (c) Hui, Kim and Wang 2017
How to differentiate the externality? B COC country A C Non-COC country D E COC country AS1 AS2 AS3 AS4 AS5 AS6 AS7 AS8 AS9 AS10 Non-COC country 4/6 AS connections are between COC countries 2/6 AS connections are between COC countries COC country AS 12AS 11 The differential externality ω-i, t No. AS connections to other enforcing countries divided by the number of AS connections to all other countries The differential externality ω-i, t No. AS connections to other enforcing countries divided by the number of AS connections to all other countries 36 (c) Hui, Kim and Wang 2017
Results – Test of H2: Network Effects 37 (c) Hui, Kim and Wang 2017
Summary of Results 38 (c) Hui, Kim and Wang 2017
Really Deterrence?  Kaspersky (Q2, 2011) 39 (c) Hui, Kim and Wang 2017
Implications  Hackers indeed take into consideration expected cost of punishment  So, on top of preventive measures such as IDS, or advanced security intelligence systems, maybe the government can do more  Timely finding because conventional approaches, such as bandwidth overprovisioning or perimeter controls, are gradually losing the battle  Also curb insider threats which is difficult to prevent or detect 40 (c) Hui, Kim and Wang 2017
Implications  International cooperation matters a lot!  Note that DDOS is notoriously difficult to track  If COC enforcement works on DDOS, then we have good reason to believe it should work well on other cybercrimes (e.g., cyber extortion, phishing) 41 (c) Hui, Kim and Wang 2017
Concluding Remarks  COC enforcement is effective from victim-side data  At least 11.8% reduction in DDOS attack  Getting attacker side data will be a big leap forward, but data are difficult to come by  Our sample – 2004 to 2008, which predates DDOS attacks motivated by political ideologies or patriotism  North Korea vs. South Korea and USA in 2009  China vs. USA in 2013  Taiwan and Philippines in 2013 42 (c) Hui, Kim and Wang 2017

Recommended

Judgments on digital Evidence u/s 65 b of IE act
Judgments on digital Evidence u/s 65 b of IE actJudgments on digital Evidence u/s 65 b of IE act
Judgments on digital Evidence u/s 65 b of IE actArjunRandhir2
 
Cyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeCyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeVishni Ganepola
 
Laws governing the internet service provider & there rights and liabilities.
Laws governing the internet service provider & there rights and liabilities.Laws governing the internet service provider & there rights and liabilities.
Laws governing the internet service provider & there rights and liabilities.Gaurav Chordia
 
cyber forensics
cyber forensicscyber forensics
cyber forensicsAmbuj Kumar
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxApplied Forensic Research Sciences
 
Computer crime and the adequacy of the current legal framework in sri lanka
Computer crime and the adequacy of the current legal framework in sri lankaComputer crime and the adequacy of the current legal framework in sri lanka
Computer crime and the adequacy of the current legal framework in sri lankaVishni Ganepola
 
Urinary tract infections د طارق الضراط جامعة بنغازى
Urinary tract infections د طارق الضراط جامعة بنغازىUrinary tract infections د طارق الضراط جامعة بنغازى
Urinary tract infections د طارق الضراط جامعة بنغازىarabmed,BMC
 

Recommended

Judgments on digital Evidence u/s 65 b of IE act
Judgments on digital Evidence u/s 65 b of IE actJudgments on digital Evidence u/s 65 b of IE act
Judgments on digital Evidence u/s 65 b of IE actArjunRandhir2
 
Cyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeCyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeVishni Ganepola
 
Laws governing the internet service provider & there rights and liabilities.
Laws governing the internet service provider & there rights and liabilities.Laws governing the internet service provider & there rights and liabilities.
Laws governing the internet service provider & there rights and liabilities.Gaurav Chordia
 
cyber forensics
cyber forensicscyber forensics
cyber forensicsAmbuj Kumar
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxApplied Forensic Research Sciences
 
Computer crime and the adequacy of the current legal framework in sri lanka
Computer crime and the adequacy of the current legal framework in sri lankaComputer crime and the adequacy of the current legal framework in sri lanka
Computer crime and the adequacy of the current legal framework in sri lankaVishni Ganepola
 
Urinary tract infections د طارق الضراط جامعة بنغازى
Urinary tract infections د طارق الضراط جامعة بنغازىUrinary tract infections د طارق الضراط جامعة بنغازى
Urinary tract infections د طارق الضراط جامعة بنغازىarabmed,BMC
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsDr. Prashant Vats
 
THE JUVENILE JUSTICE SYSTEM IN MALAYSIA
THE JUVENILE JUSTICE SYSTEM IN MALAYSIATHE JUVENILE JUSTICE SYSTEM IN MALAYSIA
THE JUVENILE JUSTICE SYSTEM IN MALAYSIAsurrenderyourthrone
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsNicholas Davis
 
Existing Sri Lankan Legal Framework on Cyber Crimes
Existing Sri Lankan Legal Framework on Cyber CrimesExisting Sri Lankan Legal Framework on Cyber Crimes
Existing Sri Lankan Legal Framework on Cyber CrimesVishni Ganepola
 
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGESCYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGESIddi Yassin, Esq.
 
Cyber space: its legal jurisdiction
Cyber space: its legal jurisdictionCyber space: its legal jurisdiction
Cyber space: its legal jurisdictionITM UNIVERSITY, RAIPUR- SCHOOL OF LAW
 
Bacterial Gastroenteritis
Bacterial GastroenteritisBacterial Gastroenteritis
Bacterial Gastroenteritisfitango
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsAnyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxApplied Forensic Research Sciences
 
Cyber law2
Cyber law2Cyber law2
Cyber law2Setu Joshi
 
Recording of Statements of Suspects
Recording of Statements of Suspects Recording of Statements of Suspects
Recording of Statements of Suspects Nilendra Kumar
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacych samaram
 
L5 Cyber Crime.pptx
L5 Cyber Crime.pptxL5 Cyber Crime.pptx
L5 Cyber Crime.pptxBhupeshkumar Nanhe
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime008_Anuj
 
Croup; laryngotracheitis; LTB; LTBP
Croup; laryngotracheitis; LTB; LTBPCroup; laryngotracheitis; LTB; LTBP
Croup; laryngotracheitis; LTB; LTBPAnton Menukhov
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdfSIPLLEMDIKLAT
 

More Related Content

What's hot

Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsDr. Prashant Vats
 
THE JUVENILE JUSTICE SYSTEM IN MALAYSIA
THE JUVENILE JUSTICE SYSTEM IN MALAYSIATHE JUVENILE JUSTICE SYSTEM IN MALAYSIA
THE JUVENILE JUSTICE SYSTEM IN MALAYSIAsurrenderyourthrone
 
Existing Sri Lankan Legal Framework on Cyber Crimes
Existing Sri Lankan Legal Framework on Cyber CrimesExisting Sri Lankan Legal Framework on Cyber Crimes
Existing Sri Lankan Legal Framework on Cyber CrimesVishni Ganepola
 
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGESCYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGESIddi Yassin, Esq.
 
Bacterial Gastroenteritis
Bacterial GastroenteritisBacterial Gastroenteritis
Bacterial Gastroenteritisfitango
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh tManesh T
 
Recording of Statements of Suspects
Recording of Statements of Suspects Recording of Statements of Suspects
Recording of Statements of Suspects Nilendra Kumar
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacych samaram
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime008_Anuj
 
Croup; laryngotracheitis; LTB; LTBP
Croup; laryngotracheitis; LTB; LTBPCroup; laryngotracheitis; LTB; LTBP
Croup; laryngotracheitis; LTB; LTBPAnton Menukhov
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 

What's hot (20)

Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime Investigations
 
THE JUVENILE JUSTICE SYSTEM IN MALAYSIA
THE JUVENILE JUSTICE SYSTEM IN MALAYSIATHE JUVENILE JUSTICE SYSTEM IN MALAYSIA
THE JUVENILE JUSTICE SYSTEM IN MALAYSIA
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Existing Sri Lankan Legal Framework on Cyber Crimes
Existing Sri Lankan Legal Framework on Cyber CrimesExisting Sri Lankan Legal Framework on Cyber Crimes
Existing Sri Lankan Legal Framework on Cyber Crimes
 
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGESCYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
 
Cyber space: its legal jurisdiction
Cyber space: its legal jurisdictionCyber space: its legal jurisdiction
Cyber space: its legal jurisdiction
 
Bacterial Gastroenteritis
Bacterial GastroenteritisBacterial Gastroenteritis
Bacterial Gastroenteritis
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Digital forensic science and its scope manesh t
Digital forensic science and its scope manesh tDigital forensic science and its scope manesh t
Digital forensic science and its scope manesh t
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptx
 
Cyber law2
Cyber law2Cyber law2
Cyber law2
 
Recording of Statements of Suspects
Recording of Statements of Suspects Recording of Statements of Suspects
Recording of Statements of Suspects
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacy
 
L5 Cyber Crime.pptx
L5 Cyber Crime.pptxL5 Cyber Crime.pptx
L5 Cyber Crime.pptx
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime
 
Croup; laryngotracheitis; LTB; LTBP
Croup; laryngotracheitis; LTB; LTBPCroup; laryngotracheitis; LTB; LTBP
Croup; laryngotracheitis; LTB; LTBP
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 

Similar to Cybercrime Deterrence and International Legislation: Evidence from Distributed Denial of Service Attacks

Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdfSIPLLEMDIKLAT
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nationsblogzilla
 
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...Cameron Brown
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crimeIshitaSrivastava21
 
A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...ePractice.eu
 
CYBER PEACE PROPOSALRunning head.docx
CYBER PEACE PROPOSALRunning head.docxCYBER PEACE PROPOSALRunning head.docx
CYBER PEACE PROPOSALRunning head.docxalanrgibson41217
 
Security technology and democratic legitimacy
Security technology and democratic legitimacySecurity technology and democratic legitimacy
Security technology and democratic legitimacyblogzilla
 
The Effect of International Prosecutions on the Commission of Norm Violations
The Effect of International Prosecutions on the Commission of Norm ViolationsThe Effect of International Prosecutions on the Commission of Norm Violations
The Effect of International Prosecutions on the Commission of Norm ViolationsPeter Grenzow
 
Cyber crime legislation part 1
Cyber crime legislation part 1Cyber crime legislation part 1
Cyber crime legislation part 1MohsinMughal28
 
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...Gamaliel Olayiwola Fasuyi
 
Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...
Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...
Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...IJARIIT
 
Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...
Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...
Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...Oleg Demidov
 
A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...
A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...
A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...Arlene Smith
 

Similar to Cybercrime Deterrence and International Legislation: Evidence from Distributed Denial of Service Attacks (20)

Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
 
1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nations
 
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
Investigating and Prosecuting Cyber Crime - Forensic Dependencies and Barrier...
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
 
CTO Cybersecurity Forum 2013 Alexander Seger Budapest Convention on Cybercrime
CTO Cybersecurity Forum 2013 Alexander Seger Budapest Convention on CybercrimeCTO Cybersecurity Forum 2013 Alexander Seger Budapest Convention on Cybercrime
CTO Cybersecurity Forum 2013 Alexander Seger Budapest Convention on Cybercrime
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
 
A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...
 
Russia and cybercrime
Russia and cybercrimeRussia and cybercrime
Russia and cybercrime
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
CYBER PEACE PROPOSALRunning head.docx
CYBER PEACE PROPOSALRunning head.docxCYBER PEACE PROPOSALRunning head.docx
CYBER PEACE PROPOSALRunning head.docx
 
Security technology and democratic legitimacy
Security technology and democratic legitimacySecurity technology and democratic legitimacy
Security technology and democratic legitimacy
 
CTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste YankeyCTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste Yankey
 
The Effect of International Prosecutions on the Commission of Norm Violations
The Effect of International Prosecutions on the Commission of Norm ViolationsThe Effect of International Prosecutions on the Commission of Norm Violations
The Effect of International Prosecutions on the Commission of Norm Violations
 
Cyber crime legislation part 1
Cyber crime legislation part 1Cyber crime legislation part 1
Cyber crime legislation part 1
 
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
 
Cyber2
Cyber2Cyber2
Cyber2
 
Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...
Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...
Physical and Cyber Crime Detection using Digital Forensic Approach: A Complet...
 
Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...
Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...
Chatham House Cyber+Space Conference June 2013 - International Norms for Cybe...
 
A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...
A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...
A Theoretical Examination Of The Objections To Body-Worn Cameras With The Add...
 

More from MIS Quarterly

Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...
Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...
Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...MIS Quarterly
 
Control Configuration and Control Enactment in Information Systems Projects: ...
Control Configuration and Control Enactment in Information Systems Projects: ...Control Configuration and Control Enactment in Information Systems Projects: ...
Control Configuration and Control Enactment in Information Systems Projects: ...MIS Quarterly
 
TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...
TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...
TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...MIS Quarterly
 
Does Information and Communication Technology Lead to the Well-Being of Natio...
Does Information and Communication Technology Lead to the Well-Being of Natio...Does Information and Communication Technology Lead to the Well-Being of Natio...
Does Information and Communication Technology Lead to the Well-Being of Natio...MIS Quarterly
 
The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...
The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...
The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...MIS Quarterly
 
Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...
Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...
Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...MIS Quarterly
 

More from MIS Quarterly (7)

Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...
Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...
Healthcare Predicitive Analytics for Risk Profiling in Chronic Care: A Bayesi...
 
Control Configuration and Control Enactment in Information Systems Projects: ...
Control Configuration and Control Enactment in Information Systems Projects: ...Control Configuration and Control Enactment in Information Systems Projects: ...
Control Configuration and Control Enactment in Information Systems Projects: ...
 
TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...
TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...
TV’s Dirty Little Secret: The Negative Effect of Popular TV on Online Auction...
 
Does Information and Communication Technology Lead to the Well-Being of Natio...
Does Information and Communication Technology Lead to the Well-Being of Natio...Does Information and Communication Technology Lead to the Well-Being of Natio...
Does Information and Communication Technology Lead to the Well-Being of Natio...
 
The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...
The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...
The Emergence of Self-organizing E-commerce Ecosystems in Remote Villages of ...
 
SOPA Infographic
SOPA InfographicSOPA Infographic
SOPA Infographic
 
Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...
Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...
Are Social Media Emancipatory or Hegemonic? Societal Effects of Mass Media D...
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Cybercrime Deterrence and International Legislation: Evidence from Distributed Denial of Service Attacks

  • 1. Cybercrime Deterrence and International Legislation: Evidence from Distributed Denial of Service Attack Kai-Lung Hui (Hong Kong University of Science and Technology) Seung Hyun Kim (Yonsei University) Qiu-Hong Wang (Singapore Management University) MIS Quarterly,Vol. 41, No. 2, pp. 497-523, June 2017
  • 2. In a Nutshell (c) Hui, Kim and Wang 20172  We study the empirical effect of international legislation on cybercrime deterrence  Enforcing the Convention on Cybercrime:  Reduces the number of DDOS attack victims within the enforcing countries  Redirects DDOS attacks to non-enforcing countries  Reduces DDOS attacks largely because of the provision of international co-operation  Implications:  Network effect exists in international law enforcement  Cyber criminals are rational, meaning economic incentives may work in deterring cybercrimes  The world should work together in cybercrime deterrence!
  • 3. Cybercrime  Causes annual global lost of $400 billion, ranges $375- 575 billion (McAfee, June 2014)  Characteristics of cybercrimes  Not confined by national boundaries  Extremely low cost  E.g., DDoS, cross-site scripting, phishing, …  Low observability and hence low probability of apprehension and punishment  Key issue: How to tackle such cybercrime? 3 (c) Hui, Kim and Wang 2017
  • 4. The Big Picture 4 (c) Hui, Kim and Wang 2017
  • 5. Solution 5  Prevention and detection  Operate at the individual level  Do not ex ante reduce attack motivation  Legislation  Heightens the penalty of aggression  Depending on implementation, may increase the chance of apprehension and conviction  Applies at the national, or even international level  May ex ante affect hacker decisions? (c) Hui, Kim and Wang 2017
  • 6. Scope of Legislation 6  Domestic enforcement  International cooperation  E.g., preserving data for investigating cybercrimes initiated from or targeting other countries  Requires similar treatment of crimes and mutual understanding of enforcement  Cybercrime specific international initiative: The Convention on Cybercrime (COC) (c) Hui, Kim and Wang 2017
  • 7. The Convention on Cybercrime (COC; Europe Treaty Series No. 185) Convention on Cybercrime (COC) 7 (c) Hui, Kim and Wang 2017
  • 8. The Convention on Cybercrime  Drafted by 41 Council of Europe member states + Canada, Japan, USA, and South Africa  Opened for signature on November 23, 2001  First enforced by Albania, Croatia, Estonia, Hungary, and Lithuania on July 1, 2004  As of 2015, 49 countries signed and 47 ratified (enforced) the COC 8 (c) Hui, Kim and Wang 2017
  • 9. The COC: 4 Chapters 1. Definitions 2. National-level measures  Establishing substantive criminal laws on offences (e.g., illegal access and interception, data and system interference, etc.)  Procedural laws  Establishment of jurisdictions over offences 3. Principles of international cooperation  E.g., extradition arrangement, mutual assistance 4. Scope of application, reservations, etc. 9 (c) Hui, Kim and Wang 2017
  • 10.  Not confined by national boundaries (Png et al. 2008, Kshetri 2013a, 2013b)  Extremely low cost  e.g., DDoS, cross-site scripting, phishing, …  Low observability and hence low probability of apprehension and punishment  The unique profiles of cyber criminals (Kshetri 2006, 2010)  Minors  Juvenile  Professional syndicates Characteristics of cybercrimes 10 (c) Hui, Kim and Wang 2017
  • 11. Related Literature  The deterrence effect of perceived threat and punishment at the individual level in an organizational setting (D’Arcy et al. 2009; Johnston et al. 2015)  Supportive evidence on deterrence effectiveness  Capital sanctions and execution (Yang 2008)  Gun-carrying laws (Lott 1997a)  Enforcement against rape and other sexual offences (Vaillant 2009)  Counter evidence was also recorded (Kirchgassner 2011)  Lack of quality data 11 (c) Hui, Kim and Wang 2017
  • 12. COC: Staggered Enforcement 12 31 3 3 1 5 0 0 3 0 1 0 0 2 00 0 0 6 5 4 6 2 3 4 1 6 3 2 5 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Signature Entry into force 2004 Albania Croatia Estonia Hungary Lithuania Romania 2005 Bulgaria Cyprus Denmark Macedonia Slovenia 2006 France Bosnia & Herzegovina Norway Ukraine 2007 Armenia Finland Iceland Latvia Netherlands U.S.A. 2008 Italy Slovakia 2009 Germany Moldova Serbia 2010 Azerbaijan Montenegro Portugal Spain 2011 U.K. 2012 Austria Belgium Georgia Japan Malta Switzerland 2013 Australia Czech Republic Dominican Republic 2014 Mauritius Panama 2015 Luxembourg Poland Turkey Canada Sri Lanka (c) Hui, Kim and Wang 2017
  • 13. COC: Delay in Establishing Authorities Country Enforcement date Establishment of Responsible Authorities Albania 01/07/2004 19/06/2006 Armenia 01/02/2007 16/07/2008 Bosnia and Herzegovina 01/09/2006 15/11/2011 Bulgaria 01/08/2005 12/09/2005 Croatia 01/07/2004 09/01/2009 Cyprus 01/05/2005 05/08/2009 Estonia 01/07/2004 08/10/2007 Slovenia 01/01/2005 20/12/2006 Republic of Macedonia 01/01/2005 13/10/2006  Article 24 – authority responsible for extradition or provisional arrest  Article 27 – authorities responsible for mutual assistance  Article 35 – 24/7 Network 13 (c) Hui, Kim and Wang 2017
  • 14. COC: Difference in adoption  Article 4 – Data interference  Article 6 – Misuse of devices  Article 11 – Attempt and aiding or abetting  Article 14 – Scope of procedural provisions  Article 22 – Jurisdiction  Article 29 – Expedited preservation of stored computer data 14 Country Article 4 Article 6 Article 11 Article 14 Article 22 Article 29 Australia*   Austria*  Azerbaijan*    Belgium*  Bulgaria  Canada*  Czech Republic*  Denmark  Finland   France  Germany*   Japan*     Latvia**   Lithuania   Montenegro*  Norway    Poland*  Slovakia   Switzerland*    Turkey*    Ukraine  U.K. *   U.S.A.    (c) Hui, Kim and Wang 2017
  • 15. Research Questions  Does the enforcement of the COC help deter cybercrime?  Do establishment of responsible authorities and the reservation of Articles matter?  If the COC does reduce cybercrime, how does the enforcement of other countries affect a country’s victimization? 15 (c) Hui, Kim and Wang 2017
  • 16. Theoretical Foundation: GDT & RAT Potential criminals as rational actors who would weigh the benefits and costs before committing a crime (Becker 1968; Mookherjee and Png 1994)  Criminal motivation General deterrence theory (GDT) – improper behavior can be deterred by raising the certainty and severity of punishment. (Gibbs 1975)  Crime victimization Routine activity theory (RAT) – crime is shaped by environmental factors, particularly the presence of a motivated offender and suitable target, and the absence of a capable guardian (Cohen and Felson 1979). 16 “someone whose mere presence serves as a gentle reminder that someone is looking” (Hollis-Peel et al. 2011). (c) Hui, Kim and Wang 2017
  • 17. Potential Contributions  Pioneering evidence on whether international legislation helps curb cybercrime and how the deterrence effect is affected by implementation.  A formal test of enforcement externality and find cybercrime enforcement can be complementary and drives cyber-attacks to non-enforcing countries.  Evidences that hackers are rational and strategic  The innovative use of backscatter data and linking international legislation and the Internet topology to analyze cyber attack path. 17 (c) Hui, Kim and Wang 2017
  • 18. COC: Does It Matter?  2007: Russian convicted for attacking Estonia’s government services  Estonia enforcement: 2004  2010: Programmer in USA convicted for attacking rollingstone.com in 2008  USA enforcement: 2007  2011: German convicted for cyber-extorting six online bookmakers  Germany enforcement: 2009 18 (c) Hui, Kim and Wang 2017
  • 19. COC: Does It Matter?  From Hackforums:“I live in a small town in Romania. Until 1 months ago I thought is no danger in hacking...I've got only a warning because I was under 18...then I realized why this happened: that was because we just joined...European Union and there are new laws in IT...from now I take care because...it never knows when the cops catch you...”  “...the law follows the same guidelines for all countries in the european union and they're very strict about that”“There are conventions...within European Union borders he can be transported due to the crime, because of the European Unions conventions about partnership in law”  “...I would rethink your theory on Croatia not having cybercrime laws:The cybercrime convention is a European directive to which Croatia is a member state...As of 2007, Croatia integrated this into local laws...All of the offences proscribed in the Cybercrime Convention (to which Croatia is a State Party and which has been in force in Croatia since 1 July 2004), with the exception of offences that can generally be described as cyberterrorism, are incorporated into the domestic legal framework” 19 (c) Hui, Kim and Wang 2017
  • 20. The Deterrence of the COC when the victim country has not enforced COC A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country Non-COC country ? ? ? COC country Non-COC country Router 20 (c) Hui, Kim and Wang 2017
  • 21. A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country √ ? √ √ COC country Router The Deterrence of the COC when the victim country has enforced COC 21 (c) Hui, Kim and Wang 2017
  • 22. The Reinforcement of the COC when only two countries enforced COC A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country Non-COC country ? √ ? ? Router 22 (c) Hui, Kim and Wang 2017
  • 23. A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country √ √ √ √ COC country COC country √ Router The Reinforcement of the COC when four countries enforced COC 23 (c) Hui, Kim and Wang 2017
  • 24. The Displacement of the COC Targeting enforcing country? A B C D Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country √ √ ? COC country √ Router Router 24 (c) Hui, Kim and Wang 2017
  • 25. The Displacement of the COC Targeting non-enforcing country! A B D C Hacker zombie zombie zombie zombie Victim' infrastructure COC country COC country Non-COC country ? ? COC country ? Router 25 (c) Hui, Kim and Wang 2017
  • 26. Study Setting  Distributed denial of service (DDOS) attack in 106 countries in 177 days in 2004-2008  Why DDOS attack?  Most prevalent cyber attack causing great damage  Unambiguously criminalized by the COC  Conducted on a network of electronic devices  international cooperation is relevant 26 (c) Hui, Kim and Wang 2017
  • 27. Hypotheses 1: the deterrence effect of the COC  H1a (Enforcement): COC enforcement reduces the number of DDOS attack victims in the enforcing countries.  H1b (Establishing Responsible Authorities): Among enforcing countries, establishing the authority responsible for reacting to external requests for international co-operation reduces the number of DDOS attack victims more than those that have not established such an authority.  H1c (Reservation on international co-operation): Reservation on Article 29 (expedited preservation of stored computer data) increases the number of DDOS attack victims in the enforcing countries. 27 (c) Hui, Kim and Wang 2017
  • 28. Hypotheses 2: the externalities of the COC  H2a (Network effect): The effect of COC enforcement on the number of DDOS attack victims in the enforcing countries is stronger as the enforcement in other countries increases.  H2b (Displacement): Enforcement of the COC will cause cybercrime displacement; non-enforcing countries will receive more DDOS attacks as the enforcement in other countries increases. 28 (c) Hui, Kim and Wang 2017
  • 29. Attack Data  Country-level DDOS attack data on a daily basis  From the Cooperative Association for Internet Data Analysis (CAIDA)  Responses sent by DDOS attack victims to spoofed traffic for at least a week-long period in each quarter between 2004 and 2008 (“backscatter” data) 29 (c) Hui, Kim and Wang 2017
  • 30. Model-Free Evidence 30 (c) Hui, Kim and Wang 2017
  • 31. The Model (Fixed-effects OLS)  Cumulative domestic legislation Lit  Control variables, xit  Country and day fixed effects, μi and τt  Continuous country-specific time trends, γit  Spatial correlation consistent standard errors (Driscoll and Kraay, 1998) 31 H1a. Enforcement indicator H2b. Displacement effect H2a. Network effect Externality H1b. Enforcement indicators with or without the responsible authorities H1c. Enforcement indicators with various reservations the extent of enforcement in other countries ω-i, t (c) Hui, Kim and Wang 2017
  • 32. Control Variables  Socio-economic: unemployment rate, gross domestic product (GDP) per capita in PPP, number of higher education students  IT Infrastructure: number of Internet hosts, number of Internet users, number of integrated services digital network (ISDN) subscribers, percentage of digital main lines  Others: domestic legislations, land area  Governance quality: control of corruption, government effectiveness, political stability and absence of violence/terrorism, regulatory quality, rule of law, voice and accountability 32 (c) Hui, Kim and Wang 2017
  • 33. Descriptive statistics (106 countries, 16429 observations) 33 Variable Unit Mean Std. dev. Min Max Source COC enforcement 1 = enforce; 0 = not enforced 0.152 0.3587 0 1 COE COC signature 1 = signed; 0 = not signed 0.414 0.4925 0 1 COE Reservations Number of reservations 0.142 0.6098 0 6 COE CPHRFF enforcement 1 = enforce; 0 = not enforced 0.085 0.2789 0 1 COE Cumulative domestic legislation Number of legislations/revisions 1.123 2.464 0 36 COE, UNODC, ITU, GCLD Victim IP addresses 817.137 5,013.3900 0 91,755 CAIDA …per 1,000 Internet hosts 2.216 13.9751 0 621.359 Self-computed Internet hosts Per 1,000 inhabitants 87.377 156.7580 0 1,039.270 CIA Unemployment rate % economically active people 8.173 5.7605 0.400 37.300 GMID GDP in PPP Thousand dollars per capita 18.878 16.0343 0.620 84.249 GMID Higher education students Per 100 inhabitants 3.213 1.6346 0.033 6.713 GMID Internet users Per 1,000 inhabitants 356.875 259.8545 2.197 911.319 GMID % digital main lines % of telephone main lines 95.996 10.5286 34.000 100 GMID ISDN subscribers Per 1,000 inhabitants 16.822 32.4338 0 177.903 GMID Land area sq. km per 1,000 inhabitants 34.899 83.6094 0.142 617.118 GMID Control of corruption Normalized index 0.373 1.0340 -1.459 2.591 WGI Government effectiveness Normalized index 0.481 0.9271 -1.236 2.374 WGI Political stability and absence of violence/terrorism Normalized index 0.142 0.9014 -2.550 1.586 WGI Regulatory quality Normalized index 0.495 0.8625 -1.647 1.983 WGI Rule of law Normalized index 0.361 0.9703 -1.734 2.014 WGI Voice and accountability Normalized index 0.299 0.9390 -1.770 1.826 WGI % Internet users covered by others’ enforcement 0.120 0.101 0 0.285 Self-computed % AS connections to other enforcing countries 0.162 0.199 0 0.889 CAIDA (c) Hui, Kim and Wang 2017
  • 34. Identification Strategies  Similar to DID, but staggered enforcement over time  Upward bias due to reverse causality  2SLS instrumented by the enforcement of Protocol No. 12 to the Convention for the Protection of Human Rights and Fundamental Freedoms  Falsification test replacing the enforcement indicator by signature  Effective enforcement relies on responsible authorities  Article 29 serves as an indirect assessment of the merit of international co-operation. 34 (c) Hui, Kim and Wang 2017
  • 35. Results – Test of H1: COC deterrence effect 35 (c) Hui, Kim and Wang 2017
  • 36. How to differentiate the externality? B COC country A C Non-COC country D E COC country AS1 AS2 AS3 AS4 AS5 AS6 AS7 AS8 AS9 AS10 Non-COC country 4/6 AS connections are between COC countries 2/6 AS connections are between COC countries COC country AS 12AS 11 The differential externality ω-i, t No. AS connections to other enforcing countries divided by the number of AS connections to all other countries The differential externality ω-i, t No. AS connections to other enforcing countries divided by the number of AS connections to all other countries 36 (c) Hui, Kim and Wang 2017
  • 37. Results – Test of H2: Network Effects 37 (c) Hui, Kim and Wang 2017
  • 38. Summary of Results 38 (c) Hui, Kim and Wang 2017
  • 39. Really Deterrence?  Kaspersky (Q2, 2011) 39 (c) Hui, Kim and Wang 2017
  • 40. Implications  Hackers indeed take into consideration expected cost of punishment  So, on top of preventive measures such as IDS, or advanced security intelligence systems, maybe the government can do more  Timely finding because conventional approaches, such as bandwidth overprovisioning or perimeter controls, are gradually losing the battle  Also curb insider threats which is difficult to prevent or detect 40 (c) Hui, Kim and Wang 2017
  • 41. Implications  International cooperation matters a lot!  Note that DDOS is notoriously difficult to track  If COC enforcement works on DDOS, then we have good reason to believe it should work well on other cybercrimes (e.g., cyber extortion, phishing) 41 (c) Hui, Kim and Wang 2017
  • 42. Concluding Remarks  COC enforcement is effective from victim-side data  At least 11.8% reduction in DDOS attack  Getting attacker side data will be a big leap forward, but data are difficult to come by  Our sample – 2004 to 2008, which predates DDOS attacks motivated by political ideologies or patriotism  North Korea vs. South Korea and USA in 2009  China vs. USA in 2013  Taiwan and Philippines in 2013 42 (c) Hui, Kim and Wang 2017