Cybercrime investigations are different from traditional crime investigation, requiring in-depth technical expertise and large-scale cross-jurisdictional effort. In May 2016, a well-organized group of 100 in Tokyo used stolen South African credit cards to make 14,000 automated teller machine (ATM) withdrawals. In three hours, $18 million was netted with only fuzzy closed-circuit television (CCTV) footage left behind. In February 2016, cybercriminals attempted to steal $951 million from the central bank of Bangladesh by issuing fraudulent instructions via the SWIFT network to the New York Federal Reserve Bank. Although some transactions were rejected, $81 million was transferred to the Philippines to an account opened under a fictitious identity. A cybercriminal withdrew $58 million in Manila and then disappeared.
Banks and corporations aren’t the only targets. Cybercriminals affect individuals when personal information is stolen. Five hundred million users of Yahoo! were affected by a recent data breach, which was discovered when part of that personal data was put up for sale on the dark web in 2016.
Written by 42 authors, of which two are also editors, the book is composed of 16 chapters in three sections: “Approaching Cybercrime and Cyberterrorism Research”; “Legal, Ethical and Privacy Considerations”; and “Technologies, Scenarios and Best Practices.”
Seventy-five percent of the chapters received funding from EU grants (COURAGE, https://www.courage-project.eu/; Cyberroad, https://www.cyberroad-project.eu/; and CAMINO, http://www.fp7-camino.eu/). The EU’s Seventh Framework Programme for Research and Technological Development (FP7) funded all three projects.
It should be noted there is no commonly agreed-upon definition of either “cybercrime” (CC) or “cyberterrorism” (CT), and several chapters of the book use different definitions. Readers may find that reading the last chapter first is useful. Titled “Consolidated Taxonomy and Research Roadmap for CC and CT,” it provides definitions of the terms as defined by the ITU, a specialized United Nations agency on information and communication technologies, and the Budapest Convention on Cybercrime, which is foundational material. The Budapest treaty stems from an effort made in 2001. The international conference resulted in a treaty, which about 60 countries have ratified. The differences in definitions go to the highest levels in Europe. Different definitions create a debate and create challenges for law enforcement.
The output of these book chapters may be used by EU policy makers in multiple ways. Policy makers from the five nations without a national strategy may find the book more relevant than those who already have a published strategy.
Each chapter is a standalone research paper. Only the most dedicated policy analyst is likely to read the book from cover to cover. More likely, this book will be used as a supplement to the data available on the EU-funded project websites, with users most likely from the EU. The last chapter provides topics for future research across four dimensions: technical, human, organizational, and regulatory (THOR). It may be the most read because it provides an answer to the academic’s question: Where do we go from here?
Are there options available to readers who are looking for a book more focused on the US? Since the topics covered are so broad, the best place to begin to look is a bibliography published by the Congressional Research Service [1]. This report is intended to serve as a starting point for US congressional staff assigned to cover cybersecurity issues. Included are resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources. Other resources are also available [2,3,4].
Perhaps it is an unintentional reinforcement of a real problem in fighting cybercrime--the fragmented approach by multiple parties, each with differing agendas: an index of authors is provided, but not a content index.
