Abstract
The rapid growth in Internet use in Asia, including a tenfold or more increases in access in China, Indonesia, and India since 2002 has also been accompanied by significant increases in cybercrime. The development of commercial-scale exploit toolkits and criminal networks that focus on monetization of malware has amplified the risks of cybercrime. The law-enforcement response in Asia is briefly reviewed in the context of the 2001 Council of Europe’s Cybercrime (Budapest) Convention. We describe the nature of cybercrime (including both “hate” or content and “crime-ware” such as botnets) and compare the laws and regulations in Asian states with the provisions of the Convention. The challenges faced in developing effective cross-national policing of cybercrime in Asia are also addressed as problems emerge around cloud computing, social media, wireless/smart phone applications and other innovations in digital technology.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
A worm is a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, can travel without any help from a person. The danger with a worm is its ability to replicate itself.
- 2.
A botnet is a network of individual computers infected with malware. These compromised computers are also known as zombie computers. The zombies, part of a botnet under the control of the botnet controller, can then be used as remote attack tools to facilitate the sending of spam, hosting of phishing websites, distribution of malware and mounting denial of service attacks. The most commonly used are centralised and P2P modes—hence the focus on command and control servers for a botnet that may comprise of thousands of zombies.
- 3.
The Symantec “APJ Internet Security Threat Report” measured malicious activity that mainly involved botnet-infected computers, bot command-and-control servers, phishing Web sites hosts, malicious code reports, spam zombies and Internet attack origins that took place or originated in each country. Rankings were based on a calculation of the mean average of the proportion of these malicious activities originating in each country (Symantec 2007a, b, 2008, 2009, 2011).
- 4.
The survey includes the United States, Australia, Brazil, Canada, China, France, German, India, Italy, Japan, New Zealand, Spain, Sweden and the United Kingdom.
- 5.
Rootkits are cloaking technologies usually employed by other malware programs to misuse compromised systems by hiding files, registry keys and other operating system objects from diagnostic, antivirus and security programs.
- 6.
Budapest was the city in which the Convention was opened for signature November 8, 2001.
- 7.
The Council of Europe (CoE), founded in 1949, comprises 45 countries, including the members of the European Union (a separate entity), as well as countries from Central and Eastern Europe. Headquartered in Strasbourg, France, the CoE was formed as a vehicle for integration in Europe, and its aims include agreements and common actions in economic, social, cultural, legal and administrative matters.
- 8.
Only after ratification by five states (including at least three from members of the CoE) will the Convention enter into force. Albania, Croatia, Estonia, Hungry and Lithuania were the first five states to ratify the Convention.
- 9.
- 10.
The countries investigated include Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam.
References
AFP. (2010, March 12). Cybercrime surge pushes 2009 losses to 559 million dollars. Retrieved August 25, 2011, from http://www.france24.com/en/20100312-cybercrime-surge-pushes-2009-losses-559-million-dollars
Archick, K. (2006). Cybercrime: The Council of Europe Convention. Washington, DC: The Library of Congress.
Barboza, D. (2010, February 1). Hacking for fun and profit in China’s underworld. The New York Times. Retrieved 2011, from http://www.nytimes.com/2010/02/02/business/global/02hacker.html?pagewanted=all
Brenner, S. (2006). Cybercrime jurisdiction. Crime, Law and Social Change, 46, 189–206.
Broadhurst, R. (2006a). Content cybercrimes: Criminality and censorship in Asia. Indian Journal of Criminology, 34(1&2), 11–30.
Broadhurst, R. (2006b). Developments in the global law enforcement of cyber-crime. Policing: An International Journal of Police Strategies and Management, 29(3), 408–433.
Broadhurst, R., & Kim-Kwang Raymond Choo. (2011). Cybercrime and on-line safety in cyberspace. In C. Smith, S. Zhang, & R. Barbaret (Eds.), International handbook of criminology (pp. 153–165). New York: Routledge.
Bullwinkel, J. G. (2005). International cooperation in combating cyber-crime in Asia: Existing mechanisms and new approaches. In R. Broadhurst & P. Grabosky (Eds.), Cyber-crime: The challenge in Asia (pp. 269–302). Hong Kong: Hong Kong University Press.
Chang, L. Y. C. (2012). Cybercrime in the Greater China Region: Regulatory Responses and Crime Prevention across the Taiwan Strait. Cheltenham: Edward Elgar.
Chang, Y. C. (2011). Cyber conflict between Taiwan and China. Strategic Insights, 10(1), 26–35.
Chantler A.N., & Broadhurst, R. (2008, October 30). Social engineering and crime prevention in cyberspace’. Paper presented to the Korean Institute of Criminology, Seoul.
Chu, B., Holt, T. J., & Ahn, G. J. (2010). Examining the creation, distribution, and function of malware on-line. Washington, DC: National Institute of Justice, US Department of Justice.
Council of Europe. (2001a). Convention on cybercrime. Retrieved November 17, 2009, from http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
Council of Europe. (2001b). Convention on cybercrime: Explanatory report. Retrieved November 10, 2009, from http://conventions.coe.int/Treaty/en/Reports/Html/185.htm
Council of Europe. (2009). Project on cyebercrime—final report. Strasbourg: Council of Europe.
Council of Europe. (n.d.). Convention on cybercrime CETS No. 185. Retrieved September 13, 2011, from http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=&DF=&CL=ENG
Csonka, P. (2000). The draft Council of Europe Convention on Cybercrime: A response to the challenge of crime in the age of the Internet? Computer Law & Security Report, 16, 329–330.
Gordon, S. (2009). Regionalism and Cross-Border Cooperation against crime and terrorism in the Asia-Pacific. Security Challenges, 5(4), 75–102.
Guenther M. (2001). Social engineering—security awareness series’; Information Warfare Site U.K. Accessed December 20, 2006, from http://www.iwar.org.uk/comsec/resources/sa-tools/Social-Engineering.pdf
Harley, B. (2010, March 23). A global convention on cybercrime? Columbia Science and Technology Law Review, XI. Retrieved July 20, 2010, from http://www.stlr.org/2010/03/a-global-convention-on-cybercrime/
Huang, J. P. (2006, May 15). Chinese Net-army again stormed the Ministry of National Defence. AppleDaily. Retrieved January 10, 2011, from http://tw.nextmedia.com/applenews/article/art_id/2609544/IssueID/20060515
IBM. (2009). IBM Internet Security Systems X-Force 2009 mid-year trend and risk report. Somers, NY: IBM Corporate.
Isakova, Y. (2011, July20). Russia opts for university anti-cybercrime convention. Voice of Russia. Retrieved September 7, 2011, from http://english.ruvr.ru/2011/07/20/53481702.html
ITU. (2009). ITU toolkit for cybercrime legislation. Geneva: International Telecommunication Union.
Katyal, N. K. (2003). Digital architecture as crime control. Yale Law Journal, 112(8), 2261–2289.
Keyser, M. (2003). The Council of Europe Convention on Cybercrime. Journal of Transnational Law and Policy, 12(2), 287–326.
Korean Institute of Criminology. (2011, August). Newsletter: Virtual forum against cybercrme, 2011. www.vfac.org
Kyodo. (2011, June 17). Domestic cybercrime bill passed. Japan Times. Retrieved September 6, 2011, from http://search.japantimes.co.jp/cgi-bin/nn20110617x3.html
Lee, M. (2012). Cybercrime Bill passes Senate, set to become law. ZDNet. Retrieved September 17, 2012, from http://www.zdnet.com/au/cybercrime-bill-passes-senate-set-to-become-law-7000002971/
Lessig, L. (1999). Code and other laws of cyberspace. New York: Basic Books.
Masters, G. (2010, April 23). Global cybercrime treaty rejected. SC Magazine. Retrieved September 21, 2010, from http://www.scmagazineus.com/global-cybercrime-treaty-rejected-at-un/article/16863/
Microsoft. (2007). Asia Pacific legislative analysis: Current and pending online safety and cybercrime laws. Retrieved July 11, 2011, from http://www.itu.int/ITU-D/cyb/cybersecurity/docs/microsoft_asia_pacific_legislative_analysis.pdf
Miniwatts Marketing Group. (2011). Internet World Stats. Retrieved August 25, 2011, from http://www.internetworldstats.com/stats.htm
Newman, G., & Clarke, R. (2003). Superhighway robbery: Preventing e-commerce crime. Devon: Willan Publishing.
Noor, M. (2010). Cyber legislation of Indonesia. Paper presented at the Octopus Interface Conference—Cooperation against Cybercrime. Retrieved July 11, 2011, from http://unpan1.un.org/intradoc/groups/public/documents/UNGC/UNPAN040467.pdf
Norton. (2010). Norton cybercrime report: The human impact. Retrieved July 25, 2011, from http://us.norton.com/theme.jsp?themeid=cybercrime_report
Ollman, G. (2008). The evolution of commercial malware development kits and colour-by-numbers custom malware. Computer Fraud & Security, 9, 4–7.
OpenNet. (2010). OpenNet Institute 2009 survey. Accessed July 5, 2010, from http://opennet.net/research/regions/asia.
Parry, R. L. (2009). North Korea launches massive cyber attack on Seoul. The Times. Retrieved July 26, 2011, from http://www.timesonline.co.uk/tol/news/world/asia/article6667440.ece
Poulsen, K. (2011, April 27). PlayStation network hack: Who did it? Wired New. Accessed September 28, 2011, from http://www.wired.com/threatlevel/2011/04/playstation_hack/
Schjolberg, S. (2010). A cyberspace treaty—a United Nations convention or protocol on cybersecurity and cybercrime (A/CONF.213/IE/7). Retrieved March 11, 2011, from http://www.cybercrimelaw.net/documents/UN_12th_Crime_Congress.pdf
Schjolberg, S. (2011). An international criminal court or tribunal for cyberspace (ICTC). New York: EastWest Institute.
Schjolberg, S., & Ghernaouti-Helie, S. (2011). A global treaty on cybersecurity and cybercrime (2nd ed.). http://www.cybercrimelaw.net/documents/A_Global_Treaty_on_Cybersecurity_and_Cybercrime,_Second_edition_2011.pdf
Symantec. (2010b, April). Symantec internet security threat report. Regional Data Sheet—Asia Pacific/Japan. Cupertino, CA: Symantec Corporation.
Symantec. (2011, April 2011). Symantec internet security threat report (Vol. 16). Cupertino, CA: Symantec Corporation.
Symantec. (2007a). Symantec APJ Internet Security Threat Report XI: Trend for July–December 06. Cupertino, CA: Symantec Corporation.
Symantec. (2007b). Symantec APJ Internet Security Threat Report XII: Trend for January–June 07. Cupertino, CA: Symantec Corporation.
Symantec. (2008). Symantec APJ Internet Security Threat Report XIII: Trend for July—December 2007. Cupertino, CA: Symantec Corporation.
Symantec. (2009). Symantec APJ Internet Security Threat Report XIII: Trend for 2008. Cupertino, CA: Symantec Corporation.
Symantec. (2010). Symantec report on attack kits and malicious websites. Cupertino, CA: Symantec Corporation.
Takahashi, D. (2011). Hacktivist group Anonymous launches “payback” cyber attack on Sony. Retrieved July 25, 2011, from http://venturebeat.com/2011/04/03/hacktivist-group-anonymous-launches-payback-cyber-attack-on-sony/
Telegraph. (2011). Sony says 25 m more users hit in second cyber attack. The Telegraph. Retrieved July 25, 2011, from http://www.telegraph.co.uk/technology/sony/8489147/Sony-says-25m-more-users-hit-in-second-cyber-attack.html
The Parliament of the Commonwealth of Australia. (2011). Report 116 treaties tabled on 24 and 25 November 2010, 9 February and 1 March 2011. Canberra: The Parliament of the Commonwealth of Australia.
Thomas, N. (2009). Cyber security in East Asia: Governing anarchy. Asian Security, 5, 1–23.
Trend Micro. (2009). Trend micro 2008 annual threat roundup and 2009 forecast. Cupertino, CA: Trend Micro Inc.
United Nations. (2002). Resolution adopted by the general assembly on combating the criminal misuse of information technologies (A/RES/56/121). Retrieved September 25, 2009, from http://daccessdds.un.org/doc/UNDOC/GEN/N01/482/04/PDF/N0148204.pdf?OpenElement.
United Nations. (2010). Recent developments in the use of science and technology by offenders and by competent authorities in fighting crime, including the case of cybercrime’. Working paper A/CONF.213/9, UN 12th Congress on Crime Prevention and Criminal Justice, Salvador, Brazil, 12–19 April 2010 22 January 2010. Accessed July 6, 2010, from http://www.unodc.org/documents/crime-congress/12th-Crime-Congress/Documents/A_CONF.213_9/V1050382e.pdf
United States General Accounting Office. (2010, June). Cybersecurity: Key challenges need to be addressed to improve research and development. Accessed July 5, 2010, from http://www.gao.gov/new.items/d10466.pdf
United States of America. (2011, May). International strategy for cyberspace: Prosperity, Security, and Openness in a Networked World. White House. Accessed September 26, from www.whitehouse.org
Venkatesan, J. (2011). Bill on ‘right to privacy’ in monsoon session: Moily. The Hindu. Retrieved July 11, 2011, from http://www.thehindu.com/news/national/article2082643.ece
Wall, D. (2007). Policing cybercrimes: Situating the public police in networks of security within cyberspace’. Police Practice and Research: An International Journal, 8(2), 183–205.
Weber, A. M. (2003). The Council of Europe’s convention on cybercrime. Berkeley Technology Law Journal, 18, 425–446.
White, M., & Fisher, C. (2008). Assessing our knowledge of identity theft: The challenges to effective prevention and control efforts. Criminal Justice Policy Review, 19(1), 3–24.
Xu, S. C. (2009). Over 3,100 cyber attacks towards Taiwanese Government System were originated by Chinese cyber army. Liberty Times. Retrieved September 21, 2010, from http://www.libertytimes.com.tw/2009/new/mar/24/today-fo2.htm
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this chapter
Cite this chapter
Broadhurst, R., Chang, L.Y.C. (2013). Cybercrime in Asia: Trends and Challenges. In: Liu, J., Hebenton, B., Jou, S. (eds) Handbook of Asian Criminology. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-5218-8_4
Download citation
DOI: https://doi.org/10.1007/978-1-4614-5218-8_4
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-5217-1
Online ISBN: 978-1-4614-5218-8
eBook Packages: Humanities, Social Sciences and LawSocial Sciences (R0)