Rule of Law — Criminal violence - Property Crime: Fraud - Money laundering - theft and robbery - homicide - rape - extortion - arson — Read-Me.Org -Open Access to All
Read-Me.Org
Open Access Publisher and Free Library
01-crime.jpg

CRIME

CRIME-VIOLENT & NON-VIOLENT-FINANCLIAL-CYBER

Posts in Rule of Law
Cyber Insurance and the Ransomware Challenge 

By Jamie MacColl, James Sullivan, Jason R C Nurse, Sarah Turner, Gareth Mott, Edward Cartwright and Anna Cartwright  

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. Over a 12-month research project, researchers from RUSI, the University of Kent, De Montfort University and Oxford Brookes University conducted a series of expert interviews and workshops to explore the relationship between cyber insurance and ransomware in depth. This paper argues that there is, in fact, no compelling evidence that victims with cyber insurance are much more likely to pay ransoms than those without. Ransomware remains one of the most persistent cyber threats facing the UK. Despite a range of government, law enforcement and even military cyber unit initiatives, ransomware remains lucrative for criminals. During this research, we identified three main drivers that ensure its continued success: 1. A profitable business model that continues to find innovative ways to extort victims. 2. Challenges around securing organisations of all sizes. 3. The low costs and risks for cybercriminals involved in the ransomware ecosystem, both in terms of the barriers to entry and the prospect of punishment. Despite this perfect storm of factors, the cyber insurance industry has been singled out for criticism with the claim that it is funding organised cybercrime by covering ransom payments. In reality, cyber insurance’s influence on victim decision-making is considerably more nuanced than the public debate has captured so far. While there is evidence that cyber insurance policies exfiltrated during attacks are used as leverage in negotiations and to set higher ransom demands, the conclusion that ransomware operators are deliberately targeting organisations with insurance has been overstated. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cybercriminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort. But the lack of clearly defined negotiation protocols and the challenges around learning from incidents make it difficult to develop a sense of collective responsibility and shared best  practices around ransomware response. This has not been helped by the UK government’s black-and-white position on ransom payments, which has created a vacuum of assurance and advice on best practices for ransom negotiations and payments. This paper does not advocate for an outright ban on ransom payments or for stopping insurers from providing coverage for them. Instead, it makes the case for interventions that would improve market-wide ransom discipline so that fewer victims pay ransoms, or pay lower demands. Ultimately, this involves creating more pathways for victims that do not result in ransom payments. Beyond ransom payments, cyber insurance has a growing role in raising cyber security standards, which could make it more difficult to successfully compromise victims and increase costs for ransomware operators. Successive years of losses from ransomware have led to more stringent security requirements and risk selection by underwriters. Although the overall effect of this on the frequency and severity of ransomware attacks remains to be seen, by linking improvements in security practices to coverage, cyber insurance is currently one of the few market-based levers for incentivising organisations to implement security controls and resilience measures. However, continued challenges around collecting and assessing reliable cyber risk and forensic claims data continue to place limits on the market’s effectiveness as a mechanism for reducing ransomware risk. This, along with cyber insurance’s low market penetration, makes clear that cyber insurance should not be treated as a substitute for the legislation and regulation required to improve minimum cyber security standards and resilience. Insurers are also commercial entities that primarily exist to help organisations transfer risk, rather than to improve national security and societal cyber resilience. The cyber insurance industry could be a valuable partner for the UK government through increased ransomware attack and payment reporting, sharing aggregated claims data, and distributing National Cyber Security Centre (NCSC) guidance and intelligence to organisations. However, the government has not made a compelling enough case to insurers and insureds about the benefits of doing so. Instead, it has relied on appealing to their general sense of altruism. While insurers will benefit if governments are able to generate more accurate and actionable data on ransomware, albeit indirectly, this needs to be sold to the industry in a more convincing way. Some principles and recommendations for both the insurance industry and the UK government are listed below. These are not designed to solve all the challenges of the cyber insurance market, nor do they present wide-ranging solutions to the ransomware challenge. Instead, they focus on where the cyber insurance industry can have the most impact on key ransomware drivers. This reflects the fact that disrupting the ransomware economy involves applying pressure from different angles in a whole-of-society approach. The recommendations also start from the position that the UK government’s light-touch approach is unsustainable and requires more intervention in private markets that are involved in ransomware prevention and response. While they are specifically aimed at UK policymakers, regulators and insurers, they may be applicable to other national contexts     

London: Royal United Services Institute for Defence and Security Studies, 2023.  84p.

Rule of Law, Justice, CrimeRead-Me.Orgransomware, insurance coverage, negotiation protocols, cyber resilience, policy recommendations
Cyber Insurance and the Cyber Security Challenge 

By Jamie MacColl, Jason R C Nurse and James Sullivan 

  GOVERNMENTS AND BUSINESSES are struggling to cope with the scale and complexity of managing cyber risk. Over the last year, remote working, rapid digitalisation and the need for increased connectivity have emphasised the cyber security challenge. As the pursuit of approaches to prevent, mitigate and recover from malicious cyber activity has progressed, one tool that has gained traction is cyber insurance. If it can follow the path of other insurance classes, it could play a significant role in managing digital risk. This paper explores whether cyber insurance can incentivise better cyber security practices among policyholders. It finds that the shortcomings of cyber insurance mean that its contribution to improving cyber security practices is more limited than policymakers and businesses might hope. Although several means by which cyber insurance can incentivise better cyber security practices are identified, they have significant limitations. Interviewees from across government, industry and business consistently stated that the positive effects of cyber insurance on cyber security have yet to fully materialise. While some mature insurers are moving in the right direction, cyber insurance as a whole is still struggling to move from theory into practice when it comes to incentivising cyber security. If this is to change, the insurance industry must overcome significant challenges. One is the competitiveness of the nascent cyber insurance market over the last two decades. Most of the market has used neither carrots (financial incentives) nor sticks (security obligations) to improve the cyber security practices of policyholders. The industry is also struggling to collect and share reliable cyber risk data that can inform underwriting and risk modelling. The difficulties inherent in understanding cyber risk, which is anthropogenic and systemic, mean insurers and reinsurers are unable to accurately quantify its causes and effects. This limits insurers’ ability to accurately assess an organisation’s risk profile or security practices and price policy premiums accordingly. The spectre of systemic incidents such as NotPetya1 and SolarWinds2 has also limited the availability of capital for cyber insurance markets. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals. These add fuel to the fire by incentivising cybercriminals’ engagement in ransomware operations and enabling existing operators to invest in and expand their capabilities. Growing losses from ransomware attacks have also emphasised that the current reality is not sustainable for insurers either.

To overcome these challenges and champion the positive effects of cyber insurance, this paper calls for a series of interventions from government and industry. Some in the industry favour allowing the market to mature on its own, but it will not be possible to rely on changing market forces alone. To date, the UK government has taken a light-touch approach to the cyber insurance industry. With the market undergoing changes amid growing losses, more coordinated action by government and regulators is necessary to help the industry reach its full potential. The interventions recommended here are still relatively light, and reflect the fact that cyber insurance is only a potential incentive for managing societal cyber risk. They include: developing guidance for minimum security standards for underwriting; expanding data collection and data sharing; mandating cyber insurance for government suppliers; and creating a new collaborative approach between insurers and intelligence and law enforcement agencies around ransomware. Finally, although a well-functioning cyber insurance industry could improve cyber security practices on a societal scale, it is not a silver bullet for the cyber security challenge. It is important to remember that the primary purpose of cyber insurance is not to improve cyber security, but to transfer residual risk. As such, it should be one of many tools that governments and businesses can draw on to manage cyber risk more effectively.   

RUSI Occasional Paper, June 2021, London: Royal United Services Institute for Defence and Security Studies , 2021. 68p.

Social Science, Rule of Law, CrimeRead-Me.Orgcyber insurance, cyber risk, digital security, ransomware, insurance market, cybersecurity policy
Global Cybersecurity Outlook 2025

By The World Economic Forum

In a complex cyberspace characterized by geopolitical uncertainties, widening cyber inequity and sophisticated cyberthreats, leaders must adopt a security-first mindset. While the 2024 edition of the Global Cybersecurity Outlook highlighted the growing inequity in cyberspace, this year’s report shines a light on the increasing complexity of the cyber landscape, which has profound and far-reaching implications for organizations and nations. This complexity is driven by a series of compounding factors: – Escalating geopolitical tensions are contributing to a more uncertain environment. – Increased integration of and dependence on more complex supply chains is leading to a more opaque and unpredictable risk landscape. – The rapid adoption of emerging technologies is contributing to new vulnerabilities as cybercriminals harness them effectively to achieve greater sophistication and scale. – Simultaneously, the proliferation of regulatory requirements around the world is adding a significant compliance burden for organizations. All of these challenges are exacerbated by a widening skills gap, making it extremely challenging to manage cyber risks effectively.

Geneva, SWIT: World Economic Forum , 2025. 49p.

Crime, Social Science, Rule of LawRead-Me.Orgcybersecurity, geopolitics, cyber threats, emerging technology, risk management, regulatory compliance
Multimedia Forensics

Edited by Husrev Taha Sencar, Luisa Verdoliva, Nasir Memon

Media forensics has never been more relevant to societal life. Not only media content represents an ever-increasing share of the data traveling on the net and the preferred communications means for most users, it has also become integral part of most innovative applications in the digital information ecosystem that serves various sectors of society, from the entertainment, to journalism, to politics. Undoubtedly, the advances in deep learning and computational imaging contributed significantly to this outcome. The underlying technologies that drive this trend, however, also pose a profound challenge in establishing trust in what we see, hear, and read, and make media content the preferred target of malicious attacks. In this new threat landscape powered by innovative imaging technologies and sophisticated tools, based on autoencoders and generative adversarial networks, this book fills an important gap. It presents a comprehensive review of state-of-the-art forensics capabilities that relate to media attribution, integrity and authenticity verification, and counter forensics. Its content is developed to provide practitioners, researchers, photo and video enthusiasts, and students a holistic view of the field.

Singapore: Springer Nature 2022, 490p.

Rule of Law, JusticeRead-Me.Orgmedia forensics, deepfakes, digital authenticity, cybersecurity, AI-generated content, verification
Criminal Expertise and Hacking Efficiency

By Asier Moneva, Stijn Ruiter, Daniël Meinsma

Criminal expertise plays a crucial role in the choices offenders make when committing a crime, including their modus operandi. However, our knowledge about criminal decision making online remains limited. Drawing on insights from cyber security, we conceptualize the cybercrime commission process as the sequence of phases of the cyber kill chain that offenders go through. We assume that offenders who follow the sequence consecutively use the most efficient hacking method. Building upon the expertise paradigm, we hypothesize that participants with greater hacking experience and IT skills undertake more efficient hacks. To test this hypothesis, we analyzed data from 69 computer security and software engineering students who were invited to hack a vulnerable website in a computer lab equipped with monitoring software, which allowed to collect objective behavioral measures. Additionally, we collected individual measures regarding hacking expertise through an online questionnaire. After quantitatively measuring efficiency using sequence analysis, a regression model showed that the expertise paradigm may also apply to hackers. We discuss the implications of our novel research for the study of offender decision-making processes more broadly.

Computers in Human Behavior, Volume 155, June 2024, 108180

Rule of Law, Social ScienceRead-Me.Orgcriminal expertise, hacking efficiency, cybercrime, technical proficiency, digital forensics, hacker profiling
Optimized Combined-Clustering Methods for Finding Replicated Criminal Websites

By Jake M. Drew and Tyler Moore

To be successful, cybercriminals must figure out how to scale their scams. They duplicate content on new websites, often staying one step ahead of defenders that shut down past schemes. For some scams, such as phishing and counterfeit goods shops, the duplicated content remains nearly identical. In others, such as advanced-fee fraud and online Ponzi schemes, the criminal must alter content so that it appears different in order to evade detection by victims and law enforcement. Nevertheless, similarities often remain, in terms of the website structure or content, since making truly unique copies does not scale well. In this paper, we present a novel optimized combined clustering method that links together replicated scam websites, even when the criminal has taken steps to hide connections. We present automated methods to extract key website features, including rendered text, HTML structure, file structure, and screenshots. We describe a process to automatically identify the best combination of such attributes to most accurately cluster similar websites together. To demonstrate the method’s applicability to cybercrime, we evaluate its performance against two collected datasets of scam websites: fake escrow services and high-yield investment programs (HYIPs). We show that our method more accurately groups similar websites together than those existing general-purpose consensus clustering methods.

• Smugglers were the top source of information for those who obtained information prior to starting their journey (50%), even more so for women (60%).This high percentage likely stems from the unique sampling criteria, in which all respondents used a smuggler. • However, 28% of migrants overall considered smugglers to be the most reliable source of information, and less so among women (21%).

London: Mixed Migration Centre, 2025. 12p.

Rule of Law, JusticeRead-Me.OrgCybercrime, Online Fraud, Phishing Scams, Law, Digital Forensics, Website Clustering
Trends in and Characteristics of Cybercrime in NSW.

By Ilya Klauzner, Amy Pisani

  AIM To examine the trends in, major characteristics of, and the police response to cybercrime in NSW. METHOD We extracted data from the ReportCyber Application Platform (RCAP), a national cybercrime reporting system operated by the Australian Cyber Security Centre. Data was analysed over a three-year period from 1 July 2019 to 30 June 2022 and was restricted to incidents where the victim resided in NSW. We separate cybercrime into five offence categories: cyber-enabled fraud, identity theft, cyber-enabled abuse, online image abuse (OIA), and device. We conducted a descriptive analysis on the victim, suspected perpetrator, and report characteristics to report on trends and characteristics of reported cybercrime. We estimated an ordinary least squares regression model to identify factors correlated with a referral to police of reported cybercrime. RESULTS Over the three years to June 2022, there were 39,494 reports of cybercrime where the victim resided in NSW, and more than $404 million reported lost. Cybercrime reports increased by 42%, with all cyber offence categories increasing except cyber abuse. Increases in cyber enabled fraud and identity crime, spurred a corresponding increase in reported cyber crime related financial losses by individuals. Most victims were individuals (89%), male (53%) and over 25 years of age (87%); however, differences in victim type were observed within offence categories. While a high proportion of victims have evidence about the incident (94%), the majority did not know their perpetrator and therefore few reports included suspect details (28%). The majority (71%) of reports were closed by police in RCAP with no further investigation undertaken. Reports were however more likely to be referred to police when the incident involved a victim aged 17 years or younger, the suspect was known to the victim, money was lost, or an OIA offence was indicated. CONCLUSION Our results show that cybercrime in NSW largely follows the same increasing trend that has been observed in national cybercrime studies. However, the statistics we report here only offer a partial view of reported cybercrime in NSW as we do not capture data reported directly to police or other national reporting systems. There are clear benefits in ongoing public reporting of cybercrime trends both at the national level and separately for individual states and territories, which could be enabled by integrating reporting systems and enhancing police data

Bureau Brief no. 165. 

Sydney:  NSW Bureau of Crime Statistics and Research. , 2023. 18p.

Rule of Law, Social ScienceRead-Me.Orgcybercrime, cybercrime trends, cyber enabled fraud, identity theft, online abuse, cybersecurity, NSW crime trends, cybercrime reporting
National Review of Child Sexual Abuse and Sexual Assault Legislation in Australia

By Christopher Dowling,  Siobhan Lawler,  Laura Doherty,  Heather Wolbers 

This is the Australian Institute of Criminology’s (AIC) national review of child sexual abuse and sexual assault legislation. The Australian Attorney-General’s Department (the Department) commissioned this review to support implementation of the Standing Council of Attorneys-General (SCAG) Work Plan to Strengthen Criminal Justice Responses to Sexual Assault 2022–2027 (the Work Plan), under which all jurisdictions agreed to take collective and individual action. Specifically, this review supports SCAG Work Plan Priority 1 (‘Strengthening legal frameworks to ensure victims and survivors have improved justice outcomes and protections’) and aligns with the following corresponding action: 1.1 Criminal laws: Review the criminal offences and legal definitions (including consent) relating to sexual offending in the context of the unique characteristics of each jurisdiction’s legislative framework and criminal justice system and, if necessary, consider progressing and implementing appropriate reforms. The national review also responds to concerns expressed by advocate Grace Tame during a presentation at the November 2021 Meeting of Attorneys-General around the inconsistencies in child sexual abuse and sexual assault laws across Australia. Importantly, this review is being undertaken in the wake of the Royal Commission into Institutional Responses to Child Sexual Abuse, which recommended a series of reforms to the criminal justice system (2017: 194). Although Commonwealth offences were strengthened in response to the Commission’s recommendations, Australian states and territories are at different stages of implementing the recommended reforms. The review broadly addresses these research questions: 1. What is the nature and scope of sexual assault and child sexual abuse legislation in Australia? 2. What differences and similarities (if any) are there between sexual assault and child sexual abuse legislative frameworks in Australia? 3. What impact (if any) do legislative inconsistencies have on: a. the investigation and prosecution of sexual assault and child sexual abuse matters in the criminal justice system; and b. the ability of victims and survivors to receive the support they require? 4. What are the barriers/challenges to achieving consistency in child sexual abuse and sexual assault legislation in Australia? 5. What are the gaps in current legislation for responding to new and emerging trends in sexual violence? 6. What does ‘best practice’ in relation to sexual assault and child sexual abuse legislation look like?   

Canberra:  Australian Institute of Criminology 2024 . 375p.

Rule of LawGuest UserAustralia, Child Sexual Abuse, Child Sexual Assault, Legislation
Combating Illicit Trade and Transnational Smuggling: Key Challenges for Customs and Border Control Agencies 

 By Gautam Basu 

 Customs and border control agencies face key challenges in preventing illicit trade and disrupting transnational smuggling operations. Maintaining the delicate balance between facilitating legitimate trade flows while concurrently deterring those that are illicit is a complex operational task. This paper identifies and delves deeper into three of those challenges: the scale of complexity of physical transportation geography in border management, adaptive capabilities of concealment, evasion, structural and operational flexibility by professional smugglers, and institutional coordination problems which may arise in customs and border control management.  

World Customs Journal,  Volume 8, Number 2

Rule of LawGuest UserIllicit Trade, Transnational Smuggling, Challenges, Customs, Customs and Border Control
Social Media Bots: Laws, Regulations, and Platform Policies

By Kasey Stricklin and Megan K McBride

Social media bots—simply, automated programs on social media platforms—affect US national security, public discourse, and democracy. As the country continues to grapple with both foreign and domestic disinformation, the laws and platform policies governing the use of social media bots are incredibly important. As part of CNA’s study, Social Media Bots: Implications for Special Operations Forces, our literature review found that the landscape of such regulations is difficult to piece together, and applicable provisions and policies are disparately catalogued. This CNA primer helps to fill this gap by helping policy-makers and national security practitioners understand the laws and social media platform policies as they currently exist. We also consider the challenges and dilemmas faced by legislators, and social media platforms, as they attempt to craft relevant provisions to address social media bots and malign influence, and we conclude with a brief look at the consequences for breaking platform policies.

The Legal Framework: US policy-makers are constrained in their passage of bot-related laws by a number of factors. First, legislators must consider free speech rights granted by the First Amendment of the Constitution. Additionally, Section 230 of the Communications Decency Act (CDA 230) hinders the ability of policy-makers to hold social media platforms legally responsible for any material posted on their site. Further, the slow speed of congressional action compared to technological advancement, and the barriers to obtaining reliable information on the social media bot threat, have proved difficult to overcome. There are no US federal laws governing social media automation, although members of Congress have introduced several relevant pieces of legislation over the last few years. While there is some congressional interest in crafting botrelated legislation, the political will to pass such provisions has yet to materialize.

In the international arena, the European Union has been a leader in efforts to counter disinformation; it introduced a nonbinding Code of Practice in October 2018, to which many of the most prominent social media companies signed on. As a result, the platforms committed themselves to self-regulation aimed at stamping out disinformation on their sites, which includes closing fake accounts and labeling bot communications. In May 2020, the European Commission reported that, though there were positive developments toward countering disinformation, there is still much room for improvement in labeling and removing bots. It is important to keep in mind, though, that the EU has a permanent bureaucracy to study problems and propose legally and non-legally binding legislation. In the US, legislation works differently, as a legislative champion with significant clout needs to emerge in order to push forward a proposal.

Platform Policies: The social media companies face their own dilemmas when thinking about the creation of effective bot regulations. Unlike policy-makers, platforms are beholden to shareholders; and higher platform engagement generally leads to higher share values. Because bots make up a large portion of monthly active users on some platforms, the companies may be reluctant to kick off these automated accounts. However, public pressure since the 2016 US election has created a greater financial incentive to ensure engagement is authentic. The companies also worry about regulating too extensively out of fear they will then be admitting they have an affirmative duty to moderate and thus lead to the revocation of their limited immunities under CDA 230. This tension is evident in the run-up to the US presidential elections, as the social media companies seek to ensure the truthfulness of candidates on their sites, they also risk one side of the political spectrum regarding them as politically biased and seeking to regulate them in response.

Instead of specifically focusing on bot activity, the platforms tend to address bot behavior through other policies on banned behavior. We broke out the policies relevant to bots into four categories: automation, fake accounts and misrepresentation, spam, and artificial amplification. Figure 1 depicts the way these policies often overlap in detailing prohibited bot behaviors. 

The consequences for breaking platform policies vary, with the sites often looking at the specific violation, the severity of the infraction, and the user’s history on the platform. While they may simply hand out a warning or restrict the post’s viewership, the sites also reserve the right to ban users or accounts, and can even go so far as to sue for violation of their terms.

The ever-evolving threats from disinformation and malicious bots will likely continue to cause consternation in the US government. However, experts are skeptical that Congress will find a legislative solution in the near future, despite enhanced attention to the problem. Therefore, the social media platforms are likely to shoulder much of the burden going forward, and it is an open question how and to what extent the platforms should police themselves. As they grapple with the prevalence of automated accounts operating on their sites, the platforms’ policies and enforcement provisions will continue to evolve to meet the threats of the day. However, it may ultimately be the attention of the press and American public, or the initiative of a regulatory agency like the Federal Trade Commission, that provides the needed impetus for change on these issues.

Arlington, VA: CNA, 2000. 40p.

Rule of LawGuest UserSocial Media, Laws, Regulations, Platform Policies
Good Practices in Addressing Illegal Betting: A Handbook for Racing and Sports Organisations to Uphold Integrity

By Asian Racing Federation

This Handbook highlights the risks to the integrity of horse racing and other sports from illegal betting-related sports corruption and provides practical guidance to administrators and other key stakeholders for mitigating against and combatting such corruption. Practical guidance in the Handbook includes an overview of major issues around illegal betting, how to conduct bet monitoring and betting analysis, intelligence gathering and analysis, how to conduct illegal betting investigations, and how to engage stakeholders to combat illegal betting and related corruption.

Hong Kong: Asian Racing Federation, 2020. 130p.

Rule of LawGuest Userintegrity, illegal betting, corruption, major issues
Online Gendered Abuse and Disinformation During the 2024 South African Elections

By Clara Martiny, Terra Rolfe, Bilen Zerie, Aoife Gallagher and Helena Schwertheim

ISD sought to understand how Online Gender-Based Violence (OGBV) affects South African women, focusing on the experience of women politicians, candidates, and political figures during one of South Africa’s most historic general elections in May 2024. ISD analysts used a combination of qualitative and quantitative analytical methods, interviews with experts, and knowledge drawn from online and in-person workshops. Specifically, three online case studies looked at abusive content, gendered disinformation, and harassment targeting women politicians on TikTok, X (formerly Twitter), and Facebook. ISD’s analysis found that South African women in politics often face abuse online in the form of replies or comments to their posts or content about them. Misogynistic actors tend to target their physical attributes, intelligence, and ability to lead. They also often engage with gendered disinformation narratives that sexualize or objectify women. While the legislative frameworks in South Africa are progressive and comprehensive, enforcement is difficult and many women are unaware of the resources available to them. Social media platforms also have policies that address OGBV and gendered disinformation but their enforcement is weak, especially outside of English language content.

Amman Berlin London Paris Washington D C: Institute for Strategic Dialogue , 2024. 37p.

Rule of LawGuest UserOnline Gender-based Violence, Violence, South American women, women politicians, election