1. Cybercrime Response Policy_Gibum Kim.pdf

Cybercrime
Strategy
for Indonesia
Professor: Gibum Kim

• Affiliation/Name
- Department of Forensic Science, Graduate Schools, Sungkyunkwan University
- Gibum KIM (freekgb02@gmail.com)
• Education
- Graduated from Public Administration, Korea National Police University
- Ph.D. of Engineering, Graduate School of Information Security, Korea University
• Career
- 23 years of cybercrime investigation, digital forensic and crime prevention in various
organizations such as Korea National Police Agency, Seoul National Police Agency, Etc
(1997-2020)
- Director of International Cybercrime Research Center at Korea National Police
University(2014-2020)
- Director of the Korea Institute of Information Security & Cryptology(2017-Present)
- Digital Forensics Advisor in the National Police Agency (2018-Present)
- Vice-Chairman of the Korean Digital Forensics Society (2020-Present)
- Advisor(T/F) of Digital Sex Crimes in the Ministry of Justice (2021.10-2022.5)
• Interests
- Cybercrime, Digital forensics, information Security, Policing, International Development
Cooperation
Cybercrime
Response
Strategy
Presenter Introduction

1. Concepts and Classifications
2. Global Trends
3. Legislation and Issues
4. Response Systems in Korea
5. Considerations of Strategy
6. Evaluation
7. Q & A
Cybercrime
Response
Strategy
Contents

01
Concepts and
Classifications

01
Concepts and Classifications
1. Emergence of Cybercrime
• Cybercrime evolves in a variety of technology
environment
hacking Malicious Code Child sexual abuse material
Gambling Site
Joonggonara scam item scam DDoS watering hole
Personal Information Sextorsion Sports Toto
Cryptocurrency Body cam phishing APT
Defamation Copyright infringement Ransomware Spam
Industry secret ID theft Phishing Pharming
Memory hacking Insult Smishing voice phishing
Cyberbulling Illegal filming
Facebook/Twitter
Network
WIFI/3G/4G/5G
Smartphone
Web/App
Crypto Currency
Role playing game
Encryption
Steganography
Internet Banking
Email/messenger
Programming
Database/Sqlite
Telegram
Cybercrimes
Technologies

01
2. Concept of Cybercrime
• There is no globally generalized definition
Scholar/
Institution
Cybercrime definition
Geun-won Yang
Criminal acts centered on computer systems connected through information and
communication networks such as the Internet or cyberspace formed through them.
Dong-beom Kang Any criminal phenomenon that takes place in cyberspace, including computer crime.
Ji-yeon Jeon
Crimes that occur in cyberspace are divided into computer crimes in the traditional sense and
crimes committed using computer network connectivity.
Robinson, et.al
Used as a term to refer to a very wide range of other acts involving the misuse of data,
computers and information systems for economic, personal or psychological gain
Eoghan Casey
Even crimes that do not involve computers or networks are included in cybercrime in the
broadest sense when digital evidence is involved in a specific crime.
Budapest
Convention
Offences against the confidentiality, integrity and availability of computer data and systems +
Offences committed by means of computer systems.
European
Commission
Criminal acts committed using electronic communications networks and information system
s or against such networks and systems
ISO/IEC
27032: 2012
Criminal activity where services or applications in the Cyberspace are used for or are the
target of a crime, or where the Cyberspace is the source, tool, target, or place of a crime

01
3. Limitations of Concept Definition
• Absence of an agreed upon concept
Classification Concept description
Fanfinski
(2010)
Because it is not easy to explain cybercrime no matter which definition and classification is
used, it is necessary to subdivide the actual term when using it.
UN Manual
(1995)
There is no doubt that the phenomenon exists among experts who have attempted to define
computer crime. However, their definitions tend to relate to the discipline in which they have
written. A comprehensive definition of computer crime has not yet been established; rather,
a functional definition has become the norm.
* UN Manual on the Prevention and Control of Computer-Related Crime(p.5)
ITU
(2009)
The fact that there is no single definition of "cybercrime" need not be important, as long as
the term is not used as a legal term .
* ITU, Understanding cybercrime: a guide for developing countries
• Limitations on use as those are legal terms
• Korea, not used
• Japan, not used. However, the terms appeared in the Budapest
Convention to which they joined
• The United States uses the term in the law but there is no
definition regarding concept

01
4. Possibility of Defining Concept
• A view that it is possible
• The concept of cybercrime was defined in the Council of Europe Cybercrime Convention, an
international convention
• Legal definition is about legislative technique, so it can be done if there is a social consensus
• A view that it is difficult
• Very few examples of cybercrime in law
• Because it is based on a means called “cyber,” there are inherent limitations in defining the scope
• As cybercrime becomes linked to offline crime, the usefulness of the concept definition decreases
• Increase in crime with on/off mix due to Internet of Things (IOT) and self-driving cars
• What are the benefits that differentiate cybercrime from other crimes?
• Are there new protection interests to be protected that were not foreseen in traditional crimes?
Personal benefit of the law Social benefit of the law National benefit of the law
• Life and body
• Freedom (intimidation,
arrest, rape, etc.)
• Honor, credit
• Privacy
• Property
• Public safety/tranquility
• Public health (drinking water,
opium)
• Public credit (forgery of currency/
document, etc.)
• Social morals (sexual morals,
gambling, faith)
• State existence and authority
(civil war, national flag)
• State functions (obstruction of
official duties, perjury, false
accusation)

01
5. Comparison of Cybersecurity and Cybercrime Control
• Cybersecurity and cybercrime control are different but
interrelated and intersecting concepts
• Measures for cybersecurity and cybercrime control
complement each other.
Source: Alexander Seger, "Cybercrime strategies", Global Project on Cybercrime, 2012

01
6. Cybercrime Classifications
• Scopes of Classifications
• Narrowest range: acts against CIA of system
• Narrow range: acts against CIA of system + crime of utilizing
information and communications network + illegal content crime
• Broad range: any crime that occurs in cyberspace
• Broadest range: including crimes that occur offline while connected to
cyberspace
• Classification (Korean National Police Agency, 2021)
Crime of damaging information
and communications network
Crime of using the information
and communications network
Illegal content crime
• Hacking
- Account theft, simple intrusion
- Data leakage, data damage
• Denial of Service attack ((DDoS))
• Malware
• Other
• Internet fraud
- Direct trading, shopping malls,
games, and more
• Telecommunications financial fraud
- Phishing, pharming, smishing,
memory hacking, etc.
• Cyber copyright infringement
• Privacy infringement
• Location information infringement
• Other
• Cyber pornography
- General pornography, child
sexual abuse material
• Cyber defamation
• Cyber insult
• Cyber stalking
• Cyber gambling
- Sports Toto, horse/bicycle/boat racing, etc.
• Spam mail
• Other

01
7. Classification of Convention on Cybercrime
• The Council of Europe (COE), Convention on Cybercrime
(2001)
The type of crime Punishment
Crimes related to
computer system/data
misuse and breach of
confidentiality/integrity/
availability
Article 2 Illegal access
Article 3 Illegal interception
Article 4 Data interference
Article 5 System interference
Article 6 Misuse of devices
Content-related crime
Article 9 Offences related to child pornography
(Offences related to child pornography)
Intellectual property-
related crimes
Article 10 Offences related to infringements of copyright and related rights
(Offences related to infringements of copyright and related rights)
Computer-related crimes
Article 7 Computer-related forgery
Article 8 Computer-related fraud

01
8. UNODC Classification
• Characteristics (2013)
- Acts against CIA of computer
system
• Including privacy and data
protection
- Computer-related acts
• Fraud, copyright/trademark,
spam, grooming
- Computer content-related acts
• Hate crime
• Child pornography
• Cyber terrorism
• Implications
- Including data protection
- Including hate/grooming crime
- Not including online gambling
Source: UNODC(2013)

01
9. FBI Classification
• 2019 Internet Crime Report(Internet Crime Complaint
Center)

01
10. Problems with the Classification System
• How to deal with new crimes according to technological evolution?
• Isn't memory hacking actually on the way to extinction?
• Is Ransomware just a malicious program or a separate crime?
• If one act constitutes multiple crimes, how will they be classified?
• Isn't pharming linked to hacking, malware programs, personal information, and
financial fraud?
• Don't DDoS attacks include all hacking/malware programs?
• Can all crimes as a means be covered?
• If hate crimes and online grooming are defined as crimes, where should they be
established in the legal system?
• Shouldn't the classification of crimes be different according to
culture and history?
• Is tearing the Qur'an unpunished in Islamic culture?
• Isn't Europe tolerant of decriminalizing online gambling?
• Can all crimes as a means be covered?

02
Global Trends
1. Evolution of Cybercrime in Korea
• A variety of new crimes are emerging every year
1973
Computerized manipulation of AID loan apartment
Hacking the nuclear Research Institute
2000
First detection of gambling sites
2005
Bank phishing
Opening of Soranet
1999 2017
1994 2004
The hacking incident of a government agency from China
2013
Cryptocurrency exchange hacking
Ransomware, memory hacking
2011
Smishing, pharming
2009
Hacking from North Korea
2010
Illegal sports t
oto
Cyber election offender’s crackdown
2002
Sextorsion
2014
1995
Controversy over KAIST/Pohang University Hacking
1996
Hacking University in Busan
2020
Telegram Room N
2016
Arresting Soranet
2008
Personal information leakage from Auction/GS Caltex

02
Global Trends
2. Cybersecurity as a National Security
• Cyberattacks in early days
• Cyberattack to Estonia, denial from Russia (2007)
• Cyberattack to Georgia, denial from Russia (2008)
• Publishing Tallinn Manual 1.0/2.0 (2013)
• NATO CCD(Cooperative Cyber Defence), Led by COE, preparing rules of
engagement in cyber warfare
• Cybersecurity Strategy within the National Security Strategy
No Country Year Name of Strategy
1 Estonia 2008 Ministry of Defence Cyber Security Strategy
2 Australia 2009 Attorney General Department : Cyber Security Strategy
3 United Kingdom 2009 Cyber Security Strategy for the United Kingdom
4 South Korea 2009 The National Cybersecurity Strategy (The official version enacted in 2019)
5 Canada 2010 Canada’s Cyber Security Strategy
6 Colombia 2011 Policy Guidelines on Cybersecurity and Cyberdefence
7 France 2011 Agence Nationale de la S’ecurit’e des Systems d’Information
8 Germany 2011 Federal Ministry of the Interior : Cyber Security Strategy for Germany
9 Netherlands 2011 The National Cyber Security Strategy (NCSS)
10 USA 2011 Strategy for Operating in Cyberspace
Source: Cybercrime Strategies, Global Project on Cybercrime(www.coe.int/cybercrime), modified, 2011

02
Global Trends
3. State-sponsored Cyberattacks
• Tracking major hacking incidents by such as the
US FBI
• Sony Pictures hacking incident in 2014
• 81 million dollar hacking of Bangladesh Central Bank in 2016
• WannaCry 2.0 Ransomware distribution case in 2017
• The U.S. Treasury Department
froze the assets of three
hacking groups in
North Korea (2019)
• Lazarus Group
• Bluenoroff
• Andariel
Source: Us FBI homepage (2021)

02
Global Trends
4. Hacking Target: Virtual Asset Exchange
• Current status of cryptocurrency exchange (2019,
CoinDesk)
Number
Name of
Exchange
Country
The amount
of damage
The damaged currency Note
1 Cryptopia
New
Zealand
16 million
dollars
ETH, etc. Bankruptcy
2 DragonEx Singapore
7 million
dollars
BTC, ETH, XRP, LTC, EOS, USDT
3 Bithumb Korea
22.1 billion
won
EOS, XRP
4 BINANCE Malta
KRW 47
billion
BTC
5 Bitrue Singapore
KRW 4.9
billion
XRP, ADA
6 Bitpoint Japan
KRW 38
billion
BTC, BCH, ETH, LTC, XRP (estimated)
7 Upbit Korea
KRW 126
billion
Eth, BTT, TRX, XLM, OMG, EOS, etc.

02
Global Trends
5. Game Changer : Ransomware
• Appeared in Russia/Eastern Europe in 2009, landed in Korea
via Europe/USA (in 2015)
• Infection by just accessing the website (Drive by download)
• Damage occurred to those who did not take Internet Explorer / Flash
security update on the connected PC
• Encryption of documents (Tin, doc, ppt, pdf), pictures (jpg), videos,
compressed files (zip)
• Requesting a settlement amount with a bitcoin address
• Arrest case
• Dutch police arrested in cooperation with Kaspersky (2014)
• The National Police Agency arrested Gandcrap Ransomware distributor
(2021)
• The National Police Agency arrested the Clop Ransomware distributor (2021)
• Implications
• Possible indiscriminate crimes against the world
• Changing the target of attack from individuals to companies
• Arrest performance is insufficient, and negotiations with criminals are also
problems in the international communities

02
Global Trends
5. Game Changer : Ransomware (Colonial Pipeline Ransomware)
• How the FBI got Colonial Pipeline’s ransom money back(2021)
Source: FBI+KISA Insight(2021)
Colonial Pipeline attack timeline
• May 6, 2021
• Initial intrusion and data theft
• May 7, 2021
• Ransomware attack begins
• Law enforcement and federal
government authorities notified of the attack
• Colonial Pipeline pays ransom of 75 bitcoin ($4.4 million) to
• May 9, 2021
• Emergency declaration by President Joe Biden
• May 12, 2021
• Pipeline restarted as normal operations resumed
• June 7, 2021
• Department of Justice recovers 63.7 bitcoin --
approximately $2.3 million -- from the attackers
• June 8, 2021
• Congressional hearing on the attack

02
Global Trends
6. Business Email Compromise(BEC)
• Further intelligent form of Nigeria 419 SCAM
• In Korea, it appeared in mid-2010, and LG Chem damaged KRW 24 billion in 2016
• Case Overview
• Indiscriminate distribution of malicious code to computers/smartphones
• Sending an email stating that the account has been changed after the email is
stolen
• Seller account hacking: direct sending from the account
• Buyer account hacking: sending after creating an account similar to the seller
• Buyer sends money to the changed account number
Type Original address Fake address
Add or delete more alphabet widgets@ widget@
Alphabet rearrangement acme868@ acme686@
Alphabet substitution sales@ sa1es@
Changing mail name server @korea.com @krea.com

02
Global Trends
7. Child sexual abuse, dark web (Playpen Case)
• Overview
• In August 2014, the FBI confirmed that Playpen, a child pornography site,
was operating
on the dark web
• Moving the server from California to Virginia’s own facility and operated
until February 20, 2015-March. 4. 100,000 out of 215,000 people visited the
site during the above period
• Investigation process
• IP tracking of visitors by inserting code (NIT) after
relocating its own facility
• After identifying the whereabouts of a total of 1,300
people, 137 people were indicted
• Issues
• Legality of online search using the code
• It was operated for a long time as part of a secret
investigation
• Execution of search and seizure warrants in violation
of jurisdiction

02
Global Trends
8. Child sexual abuse, Telegram room N
• Overview
• Arrest of suspects who lured children and adolescents using Telegram,
threatened to provide sexual abuse material, and sold the sexual abuse
materials for a fee
• Directly linked to sexual offenses
• Case analysis
• Utilizing various messenger apps such as
Telegram, Discord, Line, Wicker, and Wire
• Operation through membership system
• Payment using cryptocurrency
• Smartphone password
• Ripple effect
• Introduction of the crime against viewing
child sexual abuse material and illegal
filming
• Criminal punishment on online grooming
• Introduction of the digital sex crime
disguised investigation system for children

02
Global Trends
9. Operation of gambling site (Ace Star)
• Overview (2012)
• 12 people were arrested in Cambodia for building about 400 servers in Taiwan,
Japan, and
China From 2007 to 2012
• About 470 billion won in revenue over 5 years from 75,000 members
• Number of members: 75,000 (based on the number of withdrawal accounts)
• Servers: 400 or more
• Domain: 25,000
• Fake deposit bank passbook: 1,000 or more
• Gambler: 82 people with more than 1 Billion won
• Implications
• The crime scale and profit scale of online gambling
are beyond imagination!
• Involved in a total of 82 people, became organized
crime
Operating
period
Total amount
of deposit
Total withdrawal
amount
Revenue
5 years
3.76 trillion
won
3.29 trillion
won
470 billion
won

02
Global Trends
10. Operation of illegal webtoon “The Night Rabbit”
• Overview (2018)
• Operation of the illegal webtoon site from 2016 to 2018
• 83,347 webtoon contents were uploaded without permission, unfair
profits worth 950 million won
• Implications
• Ranked 13th in website visitor rankings!
• Received advertisement orders from 40 illegal Spots Toto and other
gambling sites
[Photo Source] Source: E-Daily (2018.05.24), Dong-A Ilbo (2018.12.13)

02
Global Trends
11. The emergence of crimes using artificial intelligence
• Artificial Intelligence as crime methods
Source: Dr. Hyun-seong Cho (ETRI, 2019)

03
Legislation and Issues
1. Contents of Legislation
• Main Contents
• Criminalization(Dual Criminality)
• Investigative measures
• Jurisdiction
• Electronic evidence
• International Cooperation
• Prevention
• Public-private cooperation
• Other
• Analysis
• Criminalization is achieved to some extent worldwide
• Increasing interest in legislation such as investigative measures,
jurisdiction, electronic evidence, international cooperation, prevention,
and public-private cooperation
Source: UNODC(2013)

03
2. Approach of Legislation
• Criminal law amendment VS Special law enactment
Classification Criminal law (unification) Special act (dualization)
Advantage
Compatible with existing legislative systems
(Securing the consistency of punishment and
systemic criminalization)
Increasing general preventive effect
New abuses can be enacted quickly
Disadvantage New abuses cannot be enacted quickly
Incongruity between the existing law and
the legislative system
(Penalty imbalance, over-criminalization, o
ver-punishment)
Lack of general preventive effects
• Determination
• Determined according to each country's legislative method and culture
• It is desirable to incorporate it into the criminal law. However, special laws
are also needed to reflect new technological phenomena. In the case of
Korea, the method of enacting special laws after 2000 is chosen
• Indonesia adopt the enactment of the Special LAW(ETA, IT Bill)

03
3. Legislation of Korea(1)
• Development centering on special law rather than criminal
law/criminal procedure code
Fundamental
law
Major special laws Other special laws
• Criminal
Law
• ACT ON PROMOTION
OF INFORMATION AND
COMMUNICATIONS
NETWORK UTILIZATION
AND INFORMATION
PROTECTION, ETC.
• ACT ON THE PROTECTIO
N OF INFORMATION AND
COMMUNICATIONS
INFRASTRUCTURE
• PERSONAL INFORMATION PROTECTION ACT
• RESIDENT REGISTRATION ACT
• ACT ON THE PROTECTION, USE, ETC. OF LOCATION INFORMATION
• THE FRAMEWORK ACT ON TELECOMMUNICATIONS
• COPYRIGHT ACT, GAME INDUSTRY PROMOTION ACT
• ACT ON SPECIAL CASES CONCERNING REGULATION AND PUNISH
MENT OF SPECULATIVE ACTS, ETC.
• NATIONAL SPORTS PROMOTION ACT, Korea Racing Authority Act,
Horse and Bicycle racing act
• ELECTRONIC FINANCIAL TRANSACTIONS ACT
• SPECIAL ACT ON THE PREVENTION OF LOSS CAUSED BY TELECO
MMUNICATIONS-BASED FINANCIAL FRAUD AND REFUND FOR LO
SS
• ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERC
E, ETC.
• ACT ON THE PROTECTION OF CHILDREN AND YOUTH AGAINST SE
X OFFENSES
• SEXUAL VIOLENCE PREVENTION AND VICTIMS PROTECTION ACT
• ACT ON THE AGGRAVATED PUNISHMENT, ETC. OF SPECIFIC CRIMES

03
3. Legislation of Korea(2)
• Development centering on special law rather than criminal
law/criminal procedure code
Fundamental
law
Major special laws Other special laws
• Criminal
procedure
code
• PROTECTION OF COMMU
NICATIONS SECRETS ACT
• TELECOMMUNICATIONS
BUSINESS ACT
• ACT ON REAL NAME FINANCIAL TRANSACTIONS AND
CONFIDENTIALITY
• CREDIT INFORMATION USE AND PROTECTION ACT
• ACT ON REGULATION AND PUNISHMENT OF CRIMINAL PROCEED
S CONCEALMENT
• ACT ON REPORTING AND USING SPECIFIED FINANCIAL
TRANSACTION INFORMATION

03
4. Difference in legislation
• Multi-layered legal system (National, Regional, International)
• It's not just an issue about cybercrime
• In the past, related problems occurred in illegal transactions such as
drugs and weapons
• Problems such as conflicts of law, failure to overlap, and GAP of
jurisdiction occur
• Differences between legal families
• Formation of different legal systems according to socio-cultural and
historical differences
• Existence of various legal families
• Continental European law, Common law, Islamic law, Mixed law(Chinese
law), etc.
• Standards such as freedom of expression and privacy
influence the law
• Degree of punishment for pornography
• Degree of freedom of expression protection
• ISP regulations and obligations
• Protection of investigative rights and control of abuse, etc.

03
5. Necessity for Harmonization of Legislation
• Necessity
• Eradication of crime havens
• Difficulty in punishment due to decriminalization → Dual Criminality in
certain countries
• Important in criminal justice cooperation (seizure and search,
investigation of witnesses and collection of evidence) and extradition
• Ease of international evidence gathering
• Expressing the seriousness of the crime and reducing the haven of
punishment
• Limitation
• Conflicts with national constitutions and current laws, federal and state
issues
• Contextual application, etc.
• Direction for solution
• The customs, traditions, usage and legal system of each country should
be fully considered
• Wide range of spectrum utilization from treaty to non-binding guidelines

03
6. The emergence of international conventions
• Cybercrime (security) field
• CIS Agreement(the Commonwealth of Independent States)
• AU Convention(the African context)
• CoE Cybercrime Convention (the Council of Europe)
• League of Arab State Convention (the League of Arab States)
• SCO Agreement (The Shanghai Cooperation Organization)
• Crime and Criminal field
• United Nations Convention against Transnational Organized Crime
• UN Convention on the Rights of the Child
• Optional Protocol to the Convention on the Rights of the
Child on the Sale of Children, Child Prostitution and Child
Pornography Extradition treaty on Mutual Legal
Assistance in Criminal Matters
• Personal information protection field
• European Union General Data Protection Regulation
Source: UNODC(2013)

03
Materiality of Information (substantive law)
Issue 1
• Whether or not the information is property (Supreme Court
decision 2002do, 745)
• In order to establish theft, property including manageable power + transfer
for exclusive use/occupation is required
• Information is neither a physical object nor a material power, and even if
copied/printed, it does not reduce the information itself or reduce the
possibility of occupancy/use
→ Therefore, no theft
• However, there is room for the theft of the paper on which the information
was printed
• Properties of computer program files (Supreme Court
• According to Article 243 of the Criminal Act (distribution of obscene
pictures, etc.), “obscene documents, drawings, films and other objects” are
punished
• Judgment that computer program files do not fall under documents,
drawings, films and other objects (apart from the fact that the provisions of
Article 48-2 of the Framework Act on Telecommunications can be applied)

03
Materiality of Information (Procedural law)
Issue 2
• Object for seizure
• Article 106 (Seizure) of the Criminal Procedure Act ① (1) If necessary, a
court may seize any articles thought to be used as evidence or liable to
confiscation, only when such articles are deemed to be connected with
the accused case: Provided, That the same shall not apply where otherwise
provided in Acts.
• Can regulations on the scope and method of data storage
media seizure be grounds for seizure?
• Article 106 of the Criminal Procedure Act ① if necessary, a court may seize
any articles thought to be used as evidence or liable to confiscation, only
when such articles are deemed to be connected with the accused case:
Provided, That the same shall not apply where otherwise provided in Acts.
③ Where the object to be seized is a computer disc or other data storage
medium similar thereto, the court shall require it should be submitted
after the data therein are printed out or it is copied within the specified
scope of the data stored

03
Materiality of Information (Procedural law)
Issue 2
• Can telecommunication be confiscated?
• Article 114 (Form of Warrants) (①) A warrant of seizure or of search shall
contain the names of the criminal defendant and the offense; the articles
to be seized; the place, person, or articles to be searched; the date of its
issue; the effective period; a statement that the warrant shall not be
executed after the lapse of such period and shall be returned to the court
of issuance; the signature and seal of the presiding judge or
commissioned judge; and such other matters as prescribed by the
Supreme Court Regulations: Provided, That where the articles to be seized
or searched relate to telecommunications, the period during which such
telecommunications are prepared shall be stated.

03
Location of Information
Issue 3
• Opening gambling place in cyberspace
• Controversy over place of gambling opening in online gambling
→ Supreme Court recognized online as a place, but controversy continues
• Revision of the Criminal Act (2013): “Opening a gambling place”
→ “Opening a place or space for gambling”
• Illegal ticket sales in cyberspace
• Controversy over whether to apply the ‘places that allow
admission/riding/boarding’ of Article 3, Paragraph 2 of the Punishment of
Minor Offenses Act
• The website does not fall under the ‘place for admission/riding/boarding’
→ Not applicable
• Remote seizure and search
• A search and seizure needs to be site-specific. Searches and seizures are not
permitted except at the location specified in the warrant. In the beginning,
remote seizure and search was strictly controlled, but gradually it is allowed
under certain grounds and restrictions
• Furthermore, foreign e-mails with servers abroad are also allowed to seizure
and search(Supreme Court decision 2017do, 9747)

03
Interpretation on Link
Issue 4
• Whether the display/distribution of pornographic links is
applicable or not
• Act on Information and Communications Network
• Transmission of web page links → Equivalent to “display of obscene codes, etc.”
(Supreme Court decision 2001do, 1335)
• Torrent files fall under “distributing/openly displaying obscene images”
• Special Act on Sexual Violence
• Transmission of lewd photo link via messenger → Acknowledgement of the
crime of obscene through the use of communication media (Supreme Court
• Whether linking to a work constitutes duplication/transmission
• Simple link : Posting only URL and website name → Not illegal
• Deep link : Link to work page → Not copy/transfer (Supreme Court
decision 2008da, 77405)
• Frame link : Linking target pages to some frame on the homepage
→ Controversial
• Embedded link : Autoplay of target work on own homepage → Controversial

03
ISP Responsibilities
Issue 5
• Should criminal responsibility be strengthened?
• Initially, self-regulation was emphasized, but charges on instigation/abetting were gradually applied
• Recently, technical measures against illegal works / child sexual abuse materials are mandatory, and
strong responsibility is demanded
• Crime can be controlled by strengthening responsibility, but business development is limited by
strengthening corporate burden
• In civil law, ISP provides immunity for certain actions
• Act on Information and Communications Network: temporary measure system
• Copyright law: Notice and Take Down
• Key cases
• Auction was indicted on charges of abetting the sale of obscene CDs, but was acquitted
• Prosecuted for the corporation and its executive director on charges of abetting the advertising and
brokering obscene CDs (1.5% of commission)
• First trial guilty ? second trial not guilty ? Supreme Court decision not guilty
• Kakao, not guilty of violating technical measures to block pornography under the Juvenile
Sexuality Protection Act (2019)
• “No criminal responsibility for not being involved in decision-making and not recognizing
blocking measures”

03
Corporate Responsibilities(1)
Issue 6
• Is it appropriate to impose criminal responsibility for
cybercrimes on corporations?
• In modern society, criminal policy demands for corporate punishment
are increasing
• Nevertheless, is it possible to recognize the independent capacity of a
corporation?
• Legislative status
• In principle, the Korean Criminal Code does not recognize criminal
responsibility for corporations (Supreme Court)
• However, there is a separate penalty provision to impose criminal
responsibility equivalent to a fine
• Article 12 (Corporate liability) of the Council of Europe Cybercrime
Convention requires criminal/civil/administrative liability

03
Corporate Responsibilities(2)
Issue 6
Article Contents
12-1
Each Party shall adopt such legislative and other measures as may be necessary to ensure that legal
persons can be held liable for a criminal offence established in accordance with this Convention,
committed for their benefit by any natural person, acting either individually or as part of an organ
of the legal person, who has a leading position within it, based on: a. a power of representation of
the legal person; b. an authority to take decisions on behalf of the legal person; c. an authority to
exercise control within the legal person
12-2
In addition to the cases already provided for in paragraph 1 of this article, each Party shall take the m
easures necessary to ensure that a legal person can be held liable where the lack of supervision
or control by a natural person referred to in paragraph 1 has made possible the commission of a
criminal offence established in accordance with this Convention for the benefit of that legal person
by a natural person acting under its authority.
12-3
Subject to the legal principles of the Party, the liability of a legal person may be criminal, civil or
administrative.
12-4
Such liability shall be without prejudice to the criminal liability of the natural persons who have
committed the offence.

04
Response Policies in Korea
1. Cybercrime Policies Linking with the National Cybersecurity Strategy
• In 2019, the announcement of “National Cybersecurity Strategy”
from BH National Security Office
• Preparing measures to enhance the capacity to respond to various cybercrimes
related to security
• Preparing “National Cybersecurity Strategy Master Plan” as a follow-up measure
Source: https://www.kisa.or.kr/synap/doc.html?fn=201904031054238022.pdf&rs=/synapfile/

04
2. Current Status of Investigative Organizations(1)
• Supreme Prosecutor's Office(Scientific Investigation
Department)
• Direct investigation is not possible.
• Only secondary investigation is possible
• Integration of forensic and digital forensics
• Forensic Science Investigation Department under
Prosecutor General
• Forensic Science Division
• Forensic Genetics & Chemistry Division
• Digital Forensic Division
• Cybercrime Investigation Division

04
• National Police Agency (Cyber Investigation Bureau)
• It is composed of investigation planning, direct investigation, and
digital forensics Separation of digital forensics and
forensics
• Operating the investigation organization directly
from the central
• Cybercrime prevention function is reduced
• Special judicial police
• Ministry of Science and ICT (Spam-mail)
• Ministry of Culture, Sports and Tourism
(Digital Copyrights)

04
• Related agencies
• Ministry of Science and ICT (Cyber Security and Network Policy Bureau)
• Ministry of National Defense (Cyber Operations Command, Defense
Security Support Command)
• National Intelligence Service (National Cyber Security Center)
• Affiliated/research organizations
• Korea Institute of Criminology and Justice (KIC) Criminal Law System
and Criminal Approach
• National Information Society Agency (NIA) E-government, Internet
addiction, Informatization policy
• Korea Internet & Security Agency (KISA) Information protection and
Response to infringement incidents
• National Security Research Institute (NSR) Security technology, Cyber
terrorism response technology
• Electronics and Telecommunications Research Institute (ETRI) ICT and
information security technology development

04
• United States (FBI)
• Cyber investigation organization and the digital forensic organization
are operated separately
• United Kingdom (NCA)
• Deployment of Cybercrime Investigation Division and Child Sexual
Exploitation Investigation Division
• No organization for digital forensics
Source: United Kingdom NCA
(2021)

04
3. Personnel(Police)
• Status of investigational manpower (approximately, 2021.7)
TYPE Total HQ Local
Total 2,380 156 2,224
Cybercrime Investigators 2,157 114 2,040
Digital Examiners 223 42 184
2,380
1995 2021
2

04
4. Special Recruitment(Police)
• Number of officers hired as a police officer
No Total 00 01 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18
Appointment 500 30 46 20 19 19 19 21 26 15 18 17 21 55 58 55 34 29
Retirement 36 5 3 3 2 6 2 2 3 1 2 3 3 1
work 464 25 43 17 19 19 17 15 24 13 15 16 19 50 58 52 34 28
• Application requirements
• ICT certification and not less than three years of job experience in the
field
(college education is not required) or;
• Bachelor’s degree in ICT area and not less than two years of job
experience or;
• Master’s degree in ICT area In practice, → 2) or Master 3
• Issue
• Lack of investigative and legal knowledge, Lag of promotion
• Scouting from other public organization and private sector such as law
firms.

04
5. Education and Training(1)
• Education
• Established the Department of Digital forensics in University
• Prosecution Service
• Less than 15 members per a year since 2013
• Master degree of Science
• National Police Agency
• 20 members per a year since 2012
• Master degree of engineering
• Training
• Institute of Justice
• Capacity Building Course of Cybercrime investigation(3 days)
• Digital Forensic Experts Course(5 weeks)
• Korea Police Investigation Academy
• Cybercrime Investigation Course (4 weeks)
• Hacking Investigation Course (4 weeks)
• Digital Forensics Course (3 weeks)
• Advanced Course for Digital Forensics (4 weeks)

04
5. Education and Training(2)
• Issues
• Problem to solve in education and training
• Difficulty of training needs analysis
• Difficulty of curriculum design because different major, various
experience, and difference of knowledge
• Lack of focus on police-oriented skill in private sector
• Lack of planner of education and training
• Lack of lecturer and professor
• Limit budget
• How do we educate and train the officers?
• Contracting-out to the University(College)?
• Contracting-out to the private institute?
• In the Police Academy?
• In your House for oneself?

04
6. Online Reporting
• https://ecrm.cyber.go.kr/minwon/mainInternet Fraud
Checking System
• It cannot be processed online, and the investigation proceeds through
a visit to the nearest police station
• Korea (1-2-3-4), USA (5), UK (6)
5
1 2
3 4 6

04
7. Intelligence(1)
• KICS (Korea Information System of Criminal justice
Services), http://www.kics.go.kr
• Online Sexual Exploitation Investigation System
• Darkweb Trace Investigation System with the Intelligence
companies
• Internet Fraud Inquiry System
• Web Based Report are saved as Database including name of suspects,
phone numbers, banking accounts e-mail, etc
• Check before conduction online transaction
• Send out Warning Signals and Inform to the Public
• Cybercrime damage warning

04
7. Intelligence(2)
• Korea C-TAS(Cyber Threats Analysis System)
- Led by Korea Internet & Security Agency (KISA)
- Systematic collection of cyber threat information → information analysis
→ sharing
- Focusing on sharing between KISA and private companies, passive
participation of investigation/ intelligence agencies
① Collection of
intrusion accident
information
②Intrusion Accident Analysis
③ Information Sharing
Profiling Association Analysis
Collecting and verifying
threat information and
accident information
that occurred before and
after the intrusion
Classifying and grouping
collected information by
type for systematical
management
Response to cyberattacks
through association/threa
t analysis between individ
ual pieces of information
Preventing the spread of
intrusion incidents by pr
omptly delivering and sh
aring intrusion incident i
nformation to relevant o
rganizations

04
8. Expanding the role of the private sector in crime prevention
• Activation of code regulation from private sector
• Expansion of police support for related ministries/private
• Promotion of crime reporting rate
• Code regulation
• Identification/criminalization of new cases of abuse
• Information sharing with ministries/private sector/universities, etc
• Legislative support for relevant ministries
• Global crime prevention
Classification Legal regulation Code regulation
Subject Country Enterprise
Reason Social consensus Companies’ self-judgment
Method Law amendment System change
Applied subject The whole people Service users
Stability High Relatively low
Promptness Slow Fast
Execution method Individual execution Collective execution

04
9. Public-Private-Partnership(1)
• Common Actions
• Develop a culture of cooperation
• Develop written procedures for cooperation with each other
• Cooperate for the protection of rights and freedoms of individuals
• Respect each others’ roles, rights and limitations
• Mindful of cost of cooperation
• Individual Actions
LE Action ISP Action
• Broad and strategic cooperation with ISP
• Procedures for legally binding requests
• Designated & trained personnel for cooperation
• Verification of source of requests
• Standard request format
• Specificity and accuracy of requests
• Follow preservation orders with
production/disclosure orders
• Criminal compliance programme
• Report criminal incidents
• Assist LEA with training and other support
• Procedures for responding to requests
• Designated & trained personnel for Cooperation
• Emergency assistance outside business hours
• Criminal compliance programme
• Verification of source of requests
• Standard response format
• Explanation for information that is not provided
Source: the Octopus Conference of the Council of Europe adopted
"guidelines1 for the cooperation between law enforcement and internet service providers against cybercrime"

04
9. Public-Private-Partnership(2)
• Intrinsic limitations
• Concerns about impact on investigation/indictment and trial
• Victim protection
• Need to meet legal requirements such as the Personal Information
Protection Act
• If the information producer is a third party, consent is required
• Limitations of each subject
• ISP: Recognized as an investigation target / Excessive social
responsibility demands / Increased privacy demands
• Agencies: Lack of leadership in the police, conflicting initiatives
between agencies and
overlapping roles
• Academia: R&D / neglect of information provision, lack of mutual trust
• Enterprise: Refusal to provide information, indifference to the industrial
ecosystem

04
10. International Cooperation(1)
• Formal
• MLAT
• Extradition
• Informal
• INTERPOL NCRP for Computer Crime
• G7 High-tech Crime Directorate
• FBI Cyber Legal Attache dispatched in National Police
• UNODC, ICANN, APNIC
• Issues
• 24/7 contact points of Interpol are not updated
• Lack of channel to share the evidence
• When our country joins the Budapest convention,
24/7 contact points? Who will be in charge of
Extradition

04
Classification Traditional Classification New classification (Gibum Kim) Note
Formal
Cooperation
Mutual Legal Assistance (MLA)
Extradition
Mutual Legal Assistance (MLA)
Extradition
Informal
Cooperation
Cooperation with Interpol
Cooperation with investigative agencies
- Police vs. Police (Resident Officer, etc.)
- The prosecution versus the prosecution
Cooperation with international organizations
- Interpol (IGCI, I-24/7)
- Europole
- VGT
- ICANN/UNODC/ITU
Collaboration with private companies
- Facebook
- Google
- Financial/Telecom companies
- Cryptocurrency Exchange

04
• Technical cooperation between international organizations and countries
• Expansion of dispatch to international organizations such as UNODC, Interpol, ITU, EUROPOL,
and ICC
• Activation of Joint Investigation
• Leading joint investigation on ransomware/voice phishing/child sexual abuse materials
• Expansion of dispatch to international organizations such as UNODC, Interpol, ITU, and ICC
• Promotion of exchanges in the technical field
• Tracking/analysis techniques
• Establishment of evidence exchange platform
• Mutual authentication of analysis tool
• Standardization of imaging file format
• Expansion of ODA
• Bangladesh Cyber Investigation Capacity
Reinforcement Project (12-16, Future and World)
• Indonesia Cyber Investigation Capacity Reinforcement Project (2019-2022, National Police
University)

04
• Promotion of membership for the Cybercrime Convention
• Research and discussion has been conducted in academia since the 2000s
• In 2011, the US Assistant Secretary of Justice sent a letter to the President requesting
membership
• In 2012, the Secretary-General of the Council of Europe visited Korea and requested
membership through visits to ministries
• The 2013 Cyberspace Seoul General Assembly was an opportunity to promote membership,
but it was discontinued
• Declaration in 2019 of the promotion of membership in the implementation plan of the
National Cybersecurity Strategy
• Grounds for support and opposition
Support for membership Opposition against membership
• Participating in international community efforts and
contributing to strengthening security capabilities
• Effect of signing the Mutual Legal Assistance
Treaty with all the treaty countries
• Establishment of substantive law, procedural law
to the level of international law system
• Enhanced status as a leading country in response
to cybercrime in Asia (Japan/Korea)
• Cooperation with China is necessary, but no
membership  limited effect
• Many international cooperation issues can be
resolved through channels such as Interpol and
G7 with major contracting countries
• Academia and civic groups protest against
cybercrime interception and criminalization

04
11. Digital Forensics Competency(2)
• 2017 report in the Korea Institute of Criminology
• EnactmentofDigital
ForensicDevelopmentF
rameworkAct
• Establishmentofthe
NationalDigital
ForensicsCommittee
• Newestablishmentof
digitalforensicsinthe
nationalscienceand
technologystandard
classificationsystem
• Activationof
domesticstandards
• Leadinginternational
standards
• DesigningMid-to
long-termR&D
roadmap,etc.
• Establishmentofan
integrateddigital
forensiclabfor
regionalunits
• Introductionofdigital
evidence online
transmissionsystem
• Commercialsoftware
hashDBconstruction
• Analysistoolmanageme
ntsystem
• Developmentof
standardimagefor
R&D,etc.
• Strengthening
researchonbasic
technology
• Designationof
researchdedicated
toanalyzingnewOS
artifactsinuniversities/
researchinstitutes
• Anti-forensicresponse
technology,such as
cryptography,etc.
• ExpansionofKOLAS
Certification
• Openingstandard
trainingcurriculum
• Qualificationsystem
development
• Professional
manpowertraining,
etc.
• Cooperationwith
international
organizationssuch as
theUNandInterpol
• ITUcooperation
• UtilizationofKOICA
ODA,etc.
Preparing the
National Response
Strategy
Infrastructure/
Technology
Expansion
Expansion of R&D
investment
Establishing
the certification
qualification system
Strengthening
international
cooperation
Source: Han-kyun Kim et al.,
“A Study on Digital Evidence and Digital Forensic Development Plans
under the Criminal Procedure Act”, Korea Institute of Criminology (2017, unpublished)

04
12. Enhancement of cyber tracking capabilities
• Areas required for technology development
• Dark Web, Cryptocurrency, Crypto/Steganography, Malware Analysis,
VPN/PROXY
• Subject to review investigative authority
• It is possible to review telecommunications interception, undercover
investigation, online search, violation of decryption order, etc
• However, there is an issue of criminal investigation vs privacy protection,
and public consensus is needed
• Response strategy
• A small number of excellent workers are needed rather than the
general level of the majority
• Establishment of mid- to long-term R&D strategies, close collaboration
with ministries/universities/research institutes
• Cultivation of cyber investigation/digital forensics related companies

05
Considerations of Strategy
1. Establishment of National Cybercrime Strategy
• Prosecutors’ office & Police Agency → National agenda at pan-
government level
• Beyond safety issues, it connects to various issues such as
security/economics/diplomacy/human rights
Agencies Main tasks Related laws
National
Police Agency
Investigation and prevention
Police Act, Act On The Performance Of Duties By Police Officers
Criminal Law, Criminal Procedure Law
Ministry of Justice
(Supreme Prosecutor's Office)
Cybercrime investigation
and prosecution
Prosecutors’ Office Act, Criminal Law, Criminal Procedure Law,
Protection of Communications Secrets Act
National
Intelligence Service
Response to cyber crisis National Intelligence Service Korea Act
Ministry of Defense
Preparing for cyber warfare,
Response to cyber crisis
Decree on the National Cyber Command
Ministry of Science
and ICT
Information protection,
Response to intrusion incidents
Information and Communications Network Act, Information an
d Communication Infrastructure Protection Act
Ministry of Culture,
Sports and Tourism
Copyright, Online Game,
Sports Toto
Copyright Act, Game Industry Promotion Act
Ministry of Gender
Equality and Family
Child/juvenile sexual abuse
materials
Act on the Protection of Children and Youth against Sex
Offenses
Financial Services
Commission
Telecommunications-based
financial fraud
Special Act on the Prevention of Loss caused by Telecommunic
ations-based Financial Fraud and Refund for Loss

05
2. Global Cybercrime Strategies
• Canada: Royal Canadian Mounted Police Cybercrime Strategy (2014)
• http://www.rcmp-grc.gc.ca/wam/media/1088/original/30534bf0b95ec362a454c35f154da496.pdf
• Europe/European Union: Budapest Convention and related standards (2001)
• https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentI
d=0900001680081561
• Interpol: National Cybercrime Strategy Guidebook(2021)
• https://www.interpol.int/Crimes/Cybercrime/Cyber-capabilities-development/Cyber-Capabilities-
Capacity-Development-Project
• Korea: Cybercrime Strategy: Basic Plan to Secure Cyber Safety(2014)
• New Zealand: National Plan to Address Cybercrime (2015)
• https://dpmc.govt.nz/sites/default/files/2017-03/nz-cyber-security-cybercrime-plan- december-2015.pdf
• United Kingdom: Cyber Crime Strategy (2010)
• https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_
data/file/228826/7842.pdf

05
3. Components of Cybercrime Strategies
• Specific policy directions to carry out mission
U.K. (2010)
Cybercrime Strategy
Council of Europe(2011)
Cybercrime Strategies
South Korea(2014/2016)
Basic Plan to Secure Cyber Safety
• To coordinate across
Government
• Create a hostile environment
for cyber criminal
• Raising public confidence
• Working with the private
sector
• International Cooperation
• Cybercrime reporting and
intelligence
• Prevention
• Legislation
• High-tech crime and other
specialized units
• Interagency cooperation
• Law enforcement training
• Judicial training
• Public/private(LEA/ISP)
cooperation
• Effective international
cooperation
• Financial investigations and
prevention of fraud/money
laundering
• Protection of children
• Cyber Safety Service, focused on
Prevention
• Proactive Response using Prompt
Intelligence Analysis
• Crackdown on Cybercrime by
Better Investigation Capacity
• Improve Cyber Police Capacity by
Cooperation
• Specialized Agents and
Sophistication of Work System
• Active Response to Changes :
Reform Organization and Improve
R&D

05
Key Contents
of Initiatives
1. Legislation
2. Supporting National strategies
3. Organization and Personnel
4. Reporting and intelligence
5. Education and Training
6. Prevention
7. International cooperation
8. Public Private Partnership
9. Digital Forensics
10. Research and Development

05
1. Legislation
• Objective
• To handle legal issues with regard to jurisdiction, criminalization, investigation measures,
electronic evidence, prevention, international cooperation
• To contribute to the drafting of national legislation in the area of cybercrime
• Key activities
• Review laws to ensure all the online criminal acts be penalized
• Money laundering of Digital asset, cyber stalking, hate-crime, etc.
• Analyze criminal procedural laws and try to ensure that Evidence Act be amended
• Adopt legislation that is harmonized with international standards
• Cybercrime Convention, Second Additional Protocol to the Budapest Convention
• UN Resolution(Countering the use of information and communications technologies for criminal
purposes”(2019)
• Cloud Act(Executive agreement, UK/AU)
• Regulate special investigative means or techniques
• NIT, Interception, Undercover operation, Compelled decryption
• Consider social consensus, conflict of privacy protection, self-incrimination issue
• Address any breach on human rights and privacy

05
2. Supporting National Strategies
• Objective
• To comprehensively support many issues related to cybercrime and
cybersecurity at the national level for a safe, secure and resilient cyber
space
• Key activities
• Actively participate in the process of building National Security Strategy,
National Cybersecurity Strategy
• First of all, the R&R of the police should be arranged in the national level
• To protect Critical National Infrastructure, other assets as well as the well
being and safety of citizens against the threats offered by cybercrime and
other technology related criminality
• Set up National Cybercrime Strategy including the government bodies,
academies/research institutes, industries, NGOs
• Support policies for cybercrime response in various government bodies

05
3. Organization and Personnel(1)
• Objective
• To combat the cybercrime effectively and efficiently
• Key Activities
• Establish the specialized unit in HQ and provinces
• Divide the R & R between both sides
• Firstly, make the HQ, and then expand to the local level
• Cooperate with the Intelligence agency, Department of Defense, and
Department of telecommunication and technology
• Increase the number of personnel in charge of cybercrime investigation
and digital forensics
• Investigator is 43,043(9.7%) among the National Police 443,378 (2018)
• Cybercrime investigator 686(1.59%) among the total investigator 43,043
• Operate the special recruit system from the private sector in the various
ranks
• Establish the personnel system that allow experts to work for a long time
• No rotation work after the regular period passes
• No transference after promotion

05
3. Organization and Personnel(2)
• EU/COE Cybercrime Response Joint Project (Cybercrime@IPA)
(2011)
Strategic level Tactical level
• National cybercrime legislation
• National cybercrime strategy
• National cybercrime prevention programs
• Development of a national criminal activity
reporting system
• Cooperation at the national and international level
of both public and private partners
• Analysis and distribution of intelligence
• Provision of investigation guidelines
• Developing a training strategy at the national level
• Assessment and analysis of cybercrime
phenomena that provide information related to the
above
• Coordination and execution of investigations
• Collection/investigation and analysis of digital
evidence in the national forensic science
framework
• Coordination of work of regional/jurisdictional unit
departments
• Specialized support for departments other than the
cybercrime police department
• Practical interagency cooperation
• Private sector
• Internal cooperation
• Providing training to other law enforcement
personnel or persons in the criminal justice system
• Identifying equipment needs for primary or
regional departments

05
4. Reporting and Intelligence
• Objective
• To ensure that crimes are directed to the correct unit for investigation and to reduce the
time needed to initiate investigations
• To enhance the understanding of scope, threats and trends and the collation of data to
detect patterns of organized criminality
• To share the information to government bodies, citizens, academies/research institutes,
industries for prevention, legislation, technology development
• To assess threats and predict trends, and thus to help adjust measures against strategies
• Key Activities
• Create online reporting system to allow the public and business to report crime in a fast
and efficient manner
• Promote the system to be known and easily accessible
• Urgent and important reports should be received
• Co-ordinate with a number of areas which have its own reporting system or intelligence
• Promote the cybercrime / cyber security intelligence enterprises and academic
• Consider whether information is disclosed, who to disclose information to, whether
violates the Personal Information Protection Act

05
5. Education and Training
• Objective
• To ensure that law enforcement officers have the skills and competencies
necessary for their respective functions to;
• Key Activities
• Analyze the training needs
• covering requirements from first responders to generic investigators,
specialist investigators, internet crime investigators, covert internet crime
investigators, network crime investigators, digital forensic investigators and
managers
• Establish yearly plan, develop training curriculum
• Design a portfolio of specialist management both at individual and
organizational level
• Deliver in-house training with internal instructors
• The first policy of education and training is to train its own instructors
• Ensure all the staff are obligated to receive training with fixed time
framework
• Implement training program hosted by academia and private sector
• Develop Competency Model for cybercrime investigation and digital forensics

05
6. Prevention
• Objective
• To cut and minimize cybercrime cases and damage by carrying out
proactive measures with cybercrime enforcement
• Key Activities
• Establish a dedicated unit in charge of prevention
• Eliminate illegal information such as online gambling, child
exploitation, etc in cooperation with the related Authorities
• Consider the infringement of freedom of expression
• Develop an education program for public awareness delivered to
industry, citizen, especially youth
• Produce and publicize information on crime prevention for business and
citizen on a regular basis
• Set up the prevention campaigns as a cooperative effort of cybercrime
units, other governmental departments and the private sector

05
7. International Cooperation
• Objective
• To enhance cooperative relationship with international organization like
UNODC, Interpol, G7 and other law enforcement partners for better
tacking cybercrime
• Key Activities
• Develop formal and informal process such as MLA (Mutual legal
Assistance), Interpol
• Designate the Unit as the contact of point with 24/7 and keep updating
contact list of other countries
• Enlarge LE network with Interpol, ITU and other countries
• Co-ordinate all the international activities such as operation, conference,
training
• Foster a group of specialists equipped with good grasp of knowledge
and skills
• Establish relationships with Internet Service Provider abroad such as
Google, Facebook, Twitter and so on.

05
8. Public Private Partnership
• Objective
• To strengthen partnership with relevant government agencies, and
build firm foundation for amicable relationship with private sectors such
as ISPs, Industry, Academic, etc.
• Key Activities
• Share information for prevention and investigation
• Contribute to legislative actions of government to eradicate cybercrime
• Set up respective associations targeting different types of cybercrime
• Dispatch liaison officers to the major government bodies to build
standing cooperative channel(CERT Team)
• Provide the preventive education on cybercrime
• Create concrete technical forums with the private sector

05
9. Digital Forensics
• Objective
• To develop the policy for forensic search, retrieval, seizure, examination
and analysis process of digital forensics
• Ensure credibility of police investigation within the standardized
procedure
• Key Activities
• Review and produce findings on the retrieval and management of
digital forensics
• Identify the most appropriate and cost effective tool for forensic triage
• Develop digital forensic management system
• Create SOP with regard to digital evidence
• Produce a hash set library to be brigaded nationally
• Train examiners for certification
• Take the accreditation of digital forensic labs using ISO/IEC
• Formulate advisory group that consists of industry/academia

05
10. Research and Development
• Objective
• To support cybercrime response by providing expertise on issued policy
and new technology
• Key Activities
• Develop investigative systems and tools against new technologies
• Conduct the research of cyber threat assessment
• Establish evidential standards for analytical tools
• Allocate R&D budget for cybercrime investigation and digital forensics
• Solve the problem of investigation and forensic with academies and
industries.

③ The legislative system is generally divided into the criminal law
method and the special law method.
④ In Asia, Korea, Japan and Sri Lanka are member countries to the Council
of Europe Cybercrime Convention.
Which of the following statements about
cybercrime legislation and legislative
system is incorrect?
QUIZ
NO.1
① The contents of the legislation are diverse, such as Criminalization,
Investigative measures, Jurisdiction, Electronic evidence, International
Cooperation, Prevention, and Public-private cooperation.
② Legislation on criminalization has reached a considerable level
worldwide, but legislation on investigative authority, jurisdiction,
electronic evidence, and international cooperation is somewhat
insufficient.
Multiple Choice Question
④ In Asia, Korea, Japan and Sri Lanka are member countries to the Council
of Europe Cybercrime Convention.

③ In the special law method, it is difficult to quickly enact the abuse of
new technology.
④ There is a risk of punishment imbalance, excessive criminalization, and
excessive punishment in the special law method.
the cybercrime legislative system is
incorrect?
QUIZ
NO.2
① It is divided into the criminal law method of general law and the
individual law method of special law.
② The criminal law method can be harmonized with the existing
legislative system.
③ In the special law method, it is difficult to quickly enact the abuse of
new technology.

③ Article 12 of the Council of Europe Cybercrime Convention(Corporate
liability) does not require criminal, civil or administrative liability for
legal entities.
④ Whether the link constitutes the display and distribution of
pornography or work can be an issue.
issues arising in the cybercrime legislative
process is incorrect?
QUIZ
NO.3
① The issue is whether information can be judged as a thing in the
substantive law.
② In the procedural law, it is an issue whether information can be
included as a subject of seizure.
③ Article 12 of the Council of Europe Cybercrime Convention(Corporate
liability) does not require criminal, civil or administrative liability for
legal entities.

③ State-supported cyberattacks are gradually decreasing.
④ Child sexual abuse materials are traded on the dark web
and telegram.
cybercrime trends is incorrect?
QUIZ
NO.4
① Ransomware becomes a major threat to national security worldwide.
② Cryptocurrency exchanges are becoming a new target for crime.
③ State-supported cyberattacks are gradually decreasing.

③ For cybercrime investigation, telecommunication interception and
online search (Network Investigative Techniques or Equipment
Interference) can be conducted.
④ Although the Korea Internet & Security Agency is operating the
information sharing system (C-TAS), there is a limit to legal and
institutional sharing between investigative agencies and intelligence
agencies.
the current state of cybercrime response in
Korea is incorrect?
QUIZ
NO.5
① The National Police Agency is operating a system to hire private IT
experts as cyber investigators and digital analysts.
② In the implementation plan for the National Cybersecurity Strategy,
it is stipulated to promote membership in the Council of Europe
Cybercrime Convention.
③ For cybercrime investigation, telecommunication interception and
online search (Network Investigative Techniques or Equipment
Interference) can be conducted.

Essay
Questions
Question
NO.6
What are Indonesia's cybercrime classification system,
problems, and alternatives?
Question
NO.7
In your opinion, which of the method among the criminal
law methods and special law methods is more suitable for
the legislative method of cybercrime in Indonesia? And
would you state the reason?
Question
NO.8
Do you think Indonesia needs to join the Council of Europe
Cybercrime Convention? If you support or oppose, please
state your reason.
Question
NO.9
Please describe what policies should be implemented at the
government level to prevent ransom damage and arrest
criminals in Indonesia.
Question
NO.10
Do you think that online search (Network Investigative
Techniques or Equipment Interference) is necessary to respond
to cybercrime in Indonesia? If so, would you state the reason?

• Akhilesh Chandra, Melissa J. Snowe, "A taxonomy of cybercrime: Theory and design”,
International Journal of Accounting Information Systems 38, 2020
• Alexander Seger, "Cybercrime strategies, " Global Project on Cybercrime, Council of
Europe, 2012
• EU/COE Joint Project on Regional Cooperation against Cybercrime,
CyberCrime@IPA, "Specialised cybercrime units - Good practice study
• Fanfinski, S., Dutton, W.H. and Margetts, H., 2010. "Mapping and Measuring
Cybercrime, " Oxford Internet Institute Forum Discussion Paper No.18., June 2010.
• FBI, "2019 Internet Crime Report", 2020
• Gerald R. __LW_PS__}” South-Western”, edition, Ferrera et al., 3 Cyberlaw 2012
• "Understanding cybercrime: ITU, A Guide for Developing Countries”, 2009
• John Perry Barlow, " A Declaration of the Independence of Cyberspace , 1996.2
• K. "Establishing a Theory of Cyber Crimes," International Journal of Cyber
Criminology Vol 1 Issue 2 July Jaishankar, 2007
• Neil Robinson, Emma Disley, Dimitris Potoglou, Anais Reding, Deidre Culley, Maryse
Penny, Maarten Botterman, Gwendolyn Carpenter, Colin Blackman and Jeremy
Millard, "Feasibility study for a European Cybercrime Centre", RAND EUROPE, 2012
• Susan W. __LW_PS__}"Cybercrime(criminal threats from cyberspace)", Praeger,
Brenner, 2010
• Thomas J. Holt, Adam M.Bossler, and Kathryn C. Seigfried-spellar, "Cybercrime and
Digital Forensics(an introduction)," 2015
• __LW_PS__}"Comprehensive Study on Cybercrime" (draft), UNODC, 2013
• Guidelines for the Prevention of Crime, annex to United Nations Economic and
Social Council Resolution 2002/13 on Action to promote effective crime prevention,
2002
• UNODC, Comprehensive on Cybercrime, 2013
Reference

1. Cybercrime Response Policy_Gibum Kim.pdf

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 1. Cybercrime Response Policy_Gibum Kim.pdf

Similar to 1. Cybercrime Response Policy_Gibum Kim.pdf (20)

Recently uploaded

Recently uploaded (20)

1. Cybercrime Response Policy_Gibum Kim.pdf