also known as computer crimeAny use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government. The international nature of cybercrimes has led to international cyberlaws.
* * *Introductionalso known as computer crimethe use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.Because of the early and widespread adoption of computers and the Internet in the United States, most of the earliest victims and villains of cybercrime were Americans. By the 21st century, though, hardly a hamlet remained anywhere in the world that had not been touched by cybercrime of one sort or another.Defining cybercrimeNew technologies create new criminal opportunities but few new types of crime. What distinguishes cybercrime from traditional criminal activity? Obviously, one difference is the use of the digital computer, but technology alone is insufficient for any distinction that might exist between different realms of criminal activity. Criminals do not need a computer to commit fraud, traffic in child pornography and intellectual property, steal an identity, or violate someone's privacy. All those activities existed before the “cyber” prefix became ubiquitous. Cybercrime, especially involving the Internet, represents an extension of existing criminal behaviour alongside some novel illegal activities.Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the Internet. In other words, in the digital age our virtual identities are essential elements of everyday life: we are a bundle of numbers and identifiers in multiple computer databases (database) owned by governments and corporations. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity.An important aspect of cybercrime is its nonlocal character: actions can occur in jurisdictions separated by vast distances. This poses severe problems for law enforcement since previously local or even national crimes now require international cooperation. For example, if a person accesses child pornography located on a computer in a country that does not ban child pornography, is that individual committing a crime in a nation where such materials are illegal? Where exactly does cybercrime take place? Cyberspace is simply a richer version of the space where a telephone conversation takes place, somewhere between the two people having the conversation. As a planet-spanning network, the Internet offers criminals multiple hiding places in the real world as well as in the network itself. However, just as individuals walking on the ground leave marks that a skilled tracker can follow, cybercriminals leave clues as to their identity and location, despite their best efforts to cover their tracks. In order to follow such clues across national boundaries, though, international cybercrime treaties must be ratified.In 1996 the Council of Europe, together with government representatives from the United States, Canada, and Japan, drafted a preliminary international treaty covering computer crime. Around the world, civil libertarian groups immediately protested provisions in the treaty requiring Internet service providers (Internet service provider) (ISPs) to store information on their customers' transactions and to turn this information over on demand. Work on the treaty proceeded nevertheless, and on November 23, 2001, the Council of Europe Cybercrime Convention was signed by 30 states. Additional protocols, covering terrorist activities and racist and xenophobic cybercrimes, were proposed in 2002. In addition, various national laws, such as the USA PATRIOT Act of 2001, have expanded law enforcement's power to monitor and protect computer networks.Types of cybercrimeCybercrime ranges across a spectrum of activities. At one end are crimes that involve fundamental breaches of personal or corporate privacy, such as assaults on the integrity of information held in digital depositories and the use of illegally obtained digital information to blackmail a firm or individual. Also at this end of the spectrum is the growing crime of identity theft. Midway along the spectrum lie transaction-based crimes such as fraud, trafficking in child pornography, digital piracy, money laundering, and counterfeiting. These are specific crimes with specific victims, but the criminal hides in the relative anonymity provided by the Internet. Another part of this type of crime involves individuals within corporations or government bureaucracies deliberately altering data for either profit or political objectives. At the other end of the spectrum are those crimes that involve attempts to disrupt the actual workings of the Internet. These range from spam, hacking, and denial of service attacks against specific sites to acts of cyberterrorism—that is, the use of the Internet to cause public disturbances and even death. Cyberterrorism focuses upon the use of the Internet by nonstate actors to affect a nation's economic and technological infrastructure. Since the September 11 attacks of 2001, public awareness of the threat of cyberterrorism has grown dramatically.Identity theft and invasion of privacyCybercrime affects both a virtual and a real body, but the effects upon each are different. This phenomenon is clearest in the case of identity theft. In the United States, for example, individuals do not have an official identity card but a Social Security number that has long served as a de facto identification number. Taxes are collected on the basis of each citizen's Social Security number, and many private institutions use the number to keep track of their employees, students, and patients. Access to an individual's Social Security number affords the opportunity to gather all the documents related to that person's citizenship—i.e., to steal his identity. Even stolen credit card information can be used to reconstruct an individual's identity. When criminals steal a firm's credit card records, they produce two distinct effects. First, they make off with digital information about individuals that is useful in many ways. For example, they might use the credit card information to run up huge bills, forcing the credit card firms to suffer large losses, or they might sell the information to others who can use it in a similar fashion. Second, they might use individual credit card names and numbers to create new identities for other criminals. For example, a criminal might contact the issuing bank of a stolen credit card and change the mailing address on the account. Next, the criminal may get a passport or driver's license with his own picture but with the victim's name. With a driver's license, the criminal can easily acquire a new Social Security card; it is then possible to open bank accounts and receive loans—all with the victim's credit record and background. The original cardholder might remain unaware of this until the debt is so great that the bank contacts the account holder. Only then does the identity theft become visible. Although identity theft takes places in many countries, researchers and law-enforcement officials are plagued by a lack of information and statistics about the crime worldwide. Interpol, the international policing agency, has not added any type of cybercrime, including identity theft, to its annual crime statistics. Cybercrime is clearly, however, an international problem.In 2003 the U.S. Federal Trade Commission released the first national survey on identity theft; according to the report, in the previous year 3.3 million Americans (United States) had their identities fraudulently used to open bank, credit card, or utility accounts, with losses of $32.9 billion to businesses and $3.8 billion to individuals. The report also stated that 6.6 million Americans were victimized by account theft, such as use of stolen credit cards and automatic teller machine (ATM) cards, with losses of $14 billion to businesses and $1.1 billion to individuals.Internet fraudSchemes to defraud consumers abound on the Internet. Among the most famous is the Nigerian, or “419,” scam; the number is a reference to the section of Nigerian law that the scam violates. Although this con has been used with both fax and traditional mail, it has been given new life by the Internet. In the scheme, an individual receives an e-mail asserting that the sender requires help in transferring a large sum of money out of Nigeria or another distant country. Usually, this money is in the form of an asset that is going to be sold, such as oil, or a large amount of cash that requires “laundering” to conceal its source; the variations are endless, and new specifics are constantly being developed. The message asks the recipient to cover some cost of moving the funds out of the country in return for receiving a much larger sum of money in the near future. Should the recipient respond with a check or money order, he is told that complications have developed; more money is required. Over time, victims can lose thousands of dollars that are utterly unrecoverable.In 2002 the U.S. Internet Fraud Complaint Center reported that more than $54 million dollars had been lost through a variety of fraud schemes; this represented a threefold increase over estimated losses of $17 million in 2001. In the United States, the largest source of fraud was online auctions. In many cases, individuals would put products up for sale on Internet auction sites, demand money before delivery, and never fulfill their obligations to the consumer. Such scams accounted for 46 percent of the fraud cases in 2002, with an average individual loss of $299. Unlike identity theft, where the theft occurs without the victim's knowledge, these more traditional forms of fraud occur in plain sight. The victim willingly provides private information that enables the crime; hence, these are transactional crimes. Few people would believe someone who walked up to them on the street and promised them easy riches; however, receiving an unsolicited e-mail or visiting a random Web page is sufficiently different that many people easily open their wallets. Despite a vast amount of consumer education, Internet fraud remains a growth industry for criminals and prosecutors. Europe and the United States are far from the only sites of cybercrime. South Korea (Korea, South) is among the most wired countries in the world, and its cybercrime fraud statistics are growing at an alarming rate. In 2003 some 40,000 cases of cybercriminal activity, mostly fraud, had been reported to authorities. This represented an 18 percent increase from 2002. Japan has also experienced a rapid growth in similar crimes; in 2003 official National Police Agency statistics cited a 94 percent increase in Internet fraud since 2000.ATM fraudComputers also make more mundane types of fraud possible. Take the automated teller machine (ATM) through which many people now get cash. In order to access an account, a user supplies a card and personal identification number (PIN). Criminals have developed means to intercept both the data on the card's magnetic strip as well as the user's PIN. In turn, the information is used to create fake cards that are then used to withdraw funds from the unsuspecting individual's account. In 1999 there were 251 reported cases of ATM fraud in the United States; in 2002 the New York Times reported that more than 21,000 American bank accounts had been skimmed by a single group engaged in acquiring ATM information illegally. A particularly effective form of fraud has involved the use of ATMs in shopping centres and convenience stores. These machines are free-standing and not physically part of a bank. Criminals can easily set up a machine that looks like a legitimate machine; instead of dispensing money, however, the machine gathers information on users and only tells them that the machine is out of order after they have typed in their PINs. Given that ATMs are the preferred method for dispensing currency all over the world, ATM fraud has become an international problem with multiple solutions. In August 2003 an individual in Australia pleaded guilty to stealing $A 623,000 from bank customers by using a small camera and an electronic recording device at multiple ATMs. Australia is now considering a ban on the purchase of equipment that criminals might use in ATMs to defraud customers. However, the range of equipment under consideration is quite large and useful for a variety of legitimate purposes as well.Wire fraudThe international nature of cybercrime is particularly evident with wire fraud. One of the largest, and best-organized, wire fraud schemes was orchestrated by Vladimir Levin, a Russian programmer with a computer software firm in St. Petersburg. In 1994, with the aid of dozens of confederates, Levin began transferring some $10 million from subsidiaries of Citibank, N.A., in Argentina and Indonesia to bank accounts in San Francisco, Tel Aviv, Amsterdam, Germany, and Finland. According to Citibank, all but $400,000 was eventually recovered as Levin's accomplices attempted to withdraw the funds. Levin himself was arrested in 1995 while in transit through London's Heathrow Airport (at the time, Russia had no extradition treaty for cybercrime). In 1998 Levin was finally extradited to the United States, where he was sentenced to three years in jail and ordered to reimburse Citibank $240,015. Exactly how Levin obtained the necessary account names and passwords has never been disclosed, but no Citibank employee has ever been charged in connection with the case. Because a sense of security and privacy are paramount to financial institutions, the exact extent of wire fraud is difficult to ascertain.File sharing and piracySales of compact discs (compact disc) (CDs) are the major source of revenue for recording companies. Although piracy—that is, the illegal duplication of copyrighted (copyright) materials—has always been a problem, especially in the Far East, the proliferation on college campuses of inexpensive personal computers capable of capturing music off CDs and sharing them over high-speed (“broadband”) Internet connections has become the recording industry's greatest nightmare. In the United States, the recording industry, represented by the Recording Industry Association of America (RIAA), attacked a single file-sharing service, Napster, which from 1999 to 2001 allowed users across the Internet access to music files, stored in the data-compression (data compression) format known as MP3, on other users' computers by way of Napster's central computer. According to the RIAA, Napster users regularly violated the copyright of recording artists, and the service had to stop. For users, the issues were not so clear-cut. At the core of the Napster case was the issue of fair use. Individuals who had purchased a CD were clearly allowed to listen to the music, whether in their home stereo, automobile sound system, or personal computer. What they did not have the right to do, argued the RIAA, was to make the CD available to thousands of others who could make a perfect digital copy of the music and create their own CDs. Users rejoined that sharing their files was a fair use of copyrighted material for which they had paid a fair price. In the end, the RIAA argued that a whole new class of cybercriminal had been born—the digital pirate—that included just about anyone who had ever shared or downloaded an MP3 file. Although the RIAA successfully shuttered Napster, a new type of file-sharing service, known as peer-to-peer (P2P) networks, sprang up. These decentralized systems do not rely on a central facilitating computer; instead, they consist of millions of users who voluntarily open their own computers to others for file sharing.The RIAA continues to battle these file-sharing networks, demanding that ISPs turn over records of their customers who move large quantities of data over their networks, but the effects have been minimal. The RIAA's other tactic has been to push for the development of technologies to enforce the digital rights of copyright holders. So-called digital rights management technology is an attempt to forestall piracy through technologies that will not allow consumers to share files or possess “too many” copies of a copyrighted work. As companies work on the hardware and software necessary to meet these goals, it is clear that file sharing has brought about a fundamental reconstruction of the relationship between producers, distributors, and consumers of artistic material. As broadband Internet connections proliferate, the motion-picture industry faces a similar problem, although the digital videodisc (DVD (compact disc)) came to market with encryption and various built-in attempts to avoid the problems of a video Napster.counterfeiting and forgeryFile sharing of intellectual property is only one aspect of the problem with copies. Another more mundane aspect lies in the ability of digital devices to render nearly perfect copies of material artifacts. Take the traditional crime of counterfeiting. Until recently, creating passable currency required a significant amount of skill and access to technologies that individuals usually do not own, such as printing presses, engraving plates, and special inks. The advent of inexpensive, high-quality colour copiers and printers has brought counterfeiting to the masses. Ink-jet printers now account for a growing percentage of the counterfeit currency confiscated by the U.S. Secret Service. In 1995 ink-jet currency accounted for 0.5 percent of counterfeit U.S. currency; in 1997 ink-jet printers produced 19 percent of the illegal cash. The widespread development and use of computer technology has prompted the U.S. Treasury to redesign much of the U.S. paper currency to include a variety of anticounterfeiting technologies. The new European Union currency, the euro, has had security designed into it from the start. Special features, such as embossed foil holograms and special ribbons and paper, are designed to make counterfeiting difficult. Indeed, the switch to the euro presented an unprecedented opportunity for counterfeiters of preexisting national currencies. The great fear was that counterfeit currency would be laundered into legal euros. Fortunately, it was not the problem that some believed it would be.Nor is currency the only document being copied. Immigration documents are among the most valuable, and they are much easier to duplicate than currency. In the wake of the September 11 attacks, this problem came under increasing scrutiny in the United States. In particular, the U.S. General Accounting Office (GAO) issued several reports during the late 1990s and early 2000s concerning the extent of document fraud that had been missed by the Immigration and Naturalization Service (INS). Finally, a 2002 report by the GAO reported that more than 90 percent of certain types of benefit claims were fraudulent and further stated that immigration fraud was “out of control.” Partially in response to these revelations, the INS was disbanded and its functions assumed by the newly constituted U.S. Department of Homeland Security in 2003.Child pornographyWith the advent of almost every new media technology, pornography has been its “killer app,” or the application that drove early deployment of technical innovations in search of profit. The Internet was no exception, but there is a criminal element to this business bonanza—child pornography, which is unrelated to the lucrative business of legal adult-oriented pornography. The possession of child pornography, defined here as images of children under age 18 engaged in sexual behaviour, is illegal in the United States, the European Union, and many other countries, but it remains a problem that has no easy solution. The problem is compounded by the ability of “kiddie porn” Web sites to disseminate their material from locations, such as states of the former Soviet Union as well as Southeast Asia, that lack cybercrime laws. Some law-enforcement organizations believe that child pornography represents a $3-billion-a-year industry and that more than 10,000 Internet locations provide access to these materials.The Internet also provides pedophiles (pedophilia) with an unprecedented opportunity to commit criminal acts through the use of “chat rooms” to identify and lure victims. Here the virtual and the material worlds intersect in a particularly dangerous fashion. In many countries, state authorities now pose as children in chat rooms; despite the widespread knowledge of this practice, pedophiles continue to make contact with these “children” in order to meet them “off-line.” That such a meeting invites a high risk of immediate arrest does not seem to deter pedophiles. Interestingly enough, it is because the Internet allows individual privacy to be breached that the authorities are able to capture pedophiles.HackingWhile breaching privacy to detect cybercrime works well when the crimes involve the theft and misuse of information, ranging from credit card numbers and personal data to file sharing of various commodities—music, video, or child pornography—what of crimes that attempt to wreak havoc on the very workings of the machines that make up the network? The story of hacking actually goes back to the 1950s, when a group of phreaks (short for “phone freaks”) began to hijack portions of the world's telephone networks, making unauthorized long-distance calls and setting up special “party lines” for fellow phreaks. With the proliferation of computer bulletin board systems (BBSs) in the late 1970s, the informal phreaking culture began to coalesce into quasi-organized groups of individuals who graduated from the telephone network to “hacking” corporate and government computer network systems.Although the term hacker predates computers and was used as early as the mid-1950s in connection with electronic hobbyists, the first recorded instance of its use in connection with computer programmers who were adept at writing, or “hacking,” computer code seems to have been in a 1963 article in a student newspaper at the Massachusetts Institute of Technology (MIT). After the first computer systems were linked to multiple users through telephone lines in the early 1960s, hacker came to refer to individuals who gained unauthorized access to computer networks (computer network), whether from another computer network or, as personal computers (personal computer) became available, from their own computer systems. Although it is outside the scope of this article to discuss hacker culture, most hackers have not been criminals in the sense of being vandals or of seeking illicit financial rewards. Instead, most have been young people driven by intellectual curiosity; many of these people have gone on to become computer security architects. However, as some hackers sought notoriety among their peers, their exploits led to clear-cut crimes. In particular, hackers began breaking into computer systems and then bragging to one another about their exploits, sharing pilfered documents as trophies to prove their boasts. These exploits grew as hackers not only broke into but sometimes took control of government and corporate computer networks.One such criminal was Kevin Mitnick, the first hacker to make the “most wanted list” of the U.S. Federal Bureau of Investigation (FBI). He allegedly broke into the North American Aerospace Defense Command (NORAD) computer in 1981, when he was 17 years old, a feat that brought to the fore the gravity of the threat posed by such security breaches. Concern with hacking contributed first to an overhaul of federal sentencing in the United States, with the 1984 Comprehensive Crime Control Act and then with the Computer Fraud and Abuse Act of 1986.In 2001 hackers cost U.S. firms approximately $455 million; in 2003 the total fell to roughly $202 million as firms instituted better security measures. Earlier, in 2000 an “unauthorized intruder” stole eight million credit card numbers from the United States, Canada, the United Kingdom, Japan, and Thailand. The scale of such crimes is among the most difficult to assess, however, because the victims often prefer not to report the crimes—sometimes out of embarrassment or fear of further security breaches. Officials estimated that hacking cost the world economy roughly $2.5 billion in 2000. Hacking is not always an outside job—a related criminal endeavour involves individuals within corporations or government bureaucracies deliberately altering database records for either profit or political objectives. The greatest losses stem from the theft of proprietary information, sometimes followed up by the extortion of money from the original owner for the data's return. In this sense, hacking is old-fashioned industrial espionage by other means.Computer viruses (computer virus)The deliberate release of damaging computer viruses (computer virus) is yet another type of cybercrime. In fact, this was the crime of choice of the first person to be convicted in the United States under the Computer Fraud and Abuse Act of 1986. On November 2, 1988, a computer science student at Cornell University named Robert Morris released a software “worm” onto the Internet from MIT (as a guest on the campus, he hoped to remain anonymous). The worm was an experimental self-propagating and replicating computer program that took advantage of flaws in certain e-mail protocols. Due to a mistake in its programming, rather than just sending copies of itself to other computers, this software kept replicating itself on each infected system, filling all the available computer memory. Before a fix was found, the worm had brought some 6,000 computers (one-tenth of the Internet) to a halt. Although Morris's worm cost time and millions of dollars to fix, the event had few commercial consequences, for the Internet had not yet become a fixture of economic affairs. That Morris's father was the head of computer security for the U.S. National Security Agency led the press to treat the event more as a high-tech Oedipal drama than as a foreshadowing of things to come. Since then, ever more harmful viruses have been cooked up by anarchists and misfits from locations as diverse as the United States, Bulgaria, Pakistan, and the Philippines.Denial of service attacks (denial of service attack)Compare the Morris worm with the events of the week of February 7, 2000, when “mafiaboy,” a 15-year-old Canadian hacker, orchestrated a series of “denial of service” attacks (DoS) against several e-commerce sites, including Amazon.com and eBay.com. These attacks used computers at multiple locations to overwhelm the vendors' computers and shut down their World Wide Web (WWW) sites to legitimate commercial traffic. The attacks crippled Internet commerce, with the FBI estimating that the affected sites suffered $1.7 billion in damages. In 1988 the Internet played a role only in the lives of researchers and academics; by 2000 it had become essential to the workings of the U.S. government and economy. Cybercrime had moved from being an issue of individual wrongdoing to being a matter of national security.Distributed DoS attacks are a special kind of hacking. A criminal salts an array of computers with computer programs that can be triggered by an external computer user. These programs are known as Trojan horses (trojan) since they enter the unknowing users' computers as something benign, such as a photo or document attached to an e-mail. At a predesignated time, this Trojan horse program begins to send messages to a predetermined site. If enough computers have been compromised, it is likely that the selected site can be tied up so effectively that little if any legitimate traffic can reach it. One important insight offered by these events has been that much software is insecure, making it easy for even an unskilled hacker to compromise a vast number of machines. Although software companies regularly offer patches to fix software vulnerabilities, not all users implement the updates, and their computers remain vulnerable to criminals wanting to launch DoS attacks. In 2003 the Internet service provider PSINet Europe connected an unprotected server to the Internet. Within 24 hours the server had been attacked 467 times, and after three weeks more than 600 attacks had been recorded. Only vigorous security regimes can protect against such an environment. Despite the claims about the pacific nature of the Internet, it is best to think of it as a modern example of the Wild West of American lore—with the sheriff far away.e-mail has spawned one of the most significant forms of cybercrime—spam, or unsolicited advertisements for products and services, which experts estimate to comprise roughly 50 percent of the e-mail circulating on the Internet. Spam is a crime against all users of the Internet since it wastes both the storage and network capacities of ISPs, as well as often simply being offensive. Yet, despite various attempts to legislate it out of existence, it remains unclear how spam can be eliminated without violating the freedom of speech in a liberal democratic polity. Unlike junk mail, which has a postage cost associated with it, spam is nearly free for perpetrators—it typically costs the same to send 10 messages as it does to send 10 million—and some of the most prolific originating states for spammers (particularly China) have been slow to act.E-mail also serves as an instrument for both criminals and terrorists. While libertarians laud the use of cryptography to ensure privacy in communications, criminals and terrorists may also use cryptographic means to conceal their plans. Law-enforcement officials report that some terrorist groups embed instructions and information in images via a process known as steganography, a sophisticated method of hiding information in plain sight. Even recognizing that something is concealed in this fashion often requires considerable amounts of computing power; actually decoding the information is nearly impossible if one does not have the key to separate the hidden data.Another type of hacking involves the hijacking of a government or corporation Web site. Sometimes these crimes have been committed in protest over the incarceration of other hackers; in 1996 the Web site of the U.S. Central Intelligence Agency (CIA) was altered by Swedish hackers to gain international support for their protest of the Swedish government's prosecution of local hackers, and in 1998 the New York Times's Web site was hacked by supporters of the incarcerated hacker Kevin Mitnick. Still other hackers have used their skills to engage in political protests: in 1998 a group calling itself the Legion of the Underground declared “cyberwar” on China and Iraq in protest of alleged human rights abuses and a program to build weapons of mass destruction, respectively.Defacing Web sites is a minor matter, though, when compared with the specter of cyberterrorists using the Internet to attack the infrastructure of a nation, by rerouting airline traffic, contaminating the water supply, or disabling nuclear plant safeguards. One consequence of the September 11 attacks on New York City was the destruction of a major telephone and Internet switching centre. Lower Manhattan was effectively cut off from the rest of the world, save for radios and cellular telephones. Since that day, there has been no other attempt to destroy the infrastructure that produces what has been called that “consensual hallucination,” cyberspace. Large-scale cyberwar (or “information warfare”) has yet to take place, whether initiated by rogue states or terrorist organizations, although both writers and policy makers have imagined it in all too great detail.Michael Aaron DennisAdditional ReadingBruce Sterling, The Hacker Crackdown: Law and Disorder on the Electronic Frontier (1992), is an engaging and thoughtful discussion of the crackdown on hackers in the early 1990s. Steven Levy, Hackers: Heroes of the Computer Revolution, updated ed. (2001), is an excellent introduction to hacker culture and computer security issues. Paul Mungo and Bryan Clough, Approaching Zero (1992), covers computer crime in Europe and the efforts of international police organizations to capture cybercriminals. John R. Vacca, Identity Theft (2003), by a retired computer security expert from NASA, explains steps to identify, investigate, and recover from identity theft. James R. Richards, Transnational Criminal Organizations, Cybercrime, and Money Laundering (1999), explains the workings of international criminal organizations, with particular emphasis on money laundering and wire fraud. Edward Waltz, Information Warfare: Principles and Operations (1998), details the potential threat to commercial, civil, and government information systems by belligerent states or organizations. Other useful references on cybercrime include Bruce Schneier, Secrets and Lies: Digital Security in a Networked World (2000); Samuel C. McQuade III, Understanding and Managing Cybercrime (2006); Daniel J. Solove, The Digital Person: Technology and Privacy in the Information Age (2004); Markus Jakobsson and Steven Myers (eds.), Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft (2007); J.M. Balkin et al. (eds.), Cybercrime: Digital Cops in a Networked Environment (2007); David S. Wall, Cybercrime: The Transformation of Crime in the Information Age (2007); Julie E. Mehan, Cyberwar, Cyberterror, Cybercrime (2008); Byron Acohido and Jon Swartz, Zero Day Threat (2008); Phillip Hallam-Baker, The dotCrime Manifesto: How to Stop Internet Crime (2008); and Markus Jakobsson and Zulfikar Ramzan, Crimeware: Understanding New Attacks and Defenses (2008).Michael Aaron Dennis
* * *