Skip to main content
SpringerLink
Log in
Book cover

Technology-Enhanced Methods of Money Laundering pp 5–24Cite as

Dark Web: Deterring Cybercrimes and Cyber-Attacks

  • Chapter
  • First Online:

Abstract

The cyberspace alone cannot curb online crimes. The study identifies known risks to the cyberspace when Internet is illegally being used to commit crimes. Giving people rights with regard to the protection and control of their personal rights, besides reportability, must be encouraged.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Griffin [1, p. 136].

  2. 2.

    In Pedrazzi [2].

  3. 3.

    Cf. Oliveira [3, p. 69].

  4. 4.

    In Cavero [4, pp. 276–277].

  5. 5.

    Apud Mir and Genovês [5].

  6. 6.

    In Garcia [6].

  7. 7.

    Fischer [7, p. 37].

  8. 8.

    Cf. Santos [8].

  9. 9.

    Oliveira [3, p. 71].

  10. 10.

    For more on this, see Sánchez [9, p. 11] and Rodrigues [10, pp. 484–485].

  11. 11.

    Vogel [11, p. 42].

  12. 12.

    See Clevlin [12, p. 255].

  13. 13.

    See Farley [13, pp. 1090–1991 and 1094].

  14. 14.

    Griffin [1, p. 145].

  15. 15.

    The United States Department of Justice [14].

  16. 16.

    FBI News [15]; The United States Department of Justice [16].

  17. 17.

    Vogel [11, p. 36].

  18. 18.

    (1) Has your company adopted a set of best practices to address its own cybersecurity needs? (2) If so, how were these cybersecurity practices developed? (3) Were they developed by the company solely, or were they developed outside the company? If developed outside the company, please list the institution, association, or entity that developed them. (4) When were these cybersecurity practices developed? How frequently have they been updated? Does your company’s board of directors or audit committee keep abreast of developments regarding the development and implementation of these practices? (5) Has the federal government played any role, whether advisory or otherwise, in the development of these cybersecurity practices? (6) What are your concerns, if any, with a voluntary program that enables the federal government and the private sector to develop, in coordination, best cybersecurity practices for companies to adopt as they so choose, as outlined in the Cybersecurity Act of 2012? (7) What are your concerns, if any, with the federal government conducting risk assessments in coordination with the private sector, to best understand where our nation’s cyber vulnerabilities are, as outlined in the Cybersecurity Act of 2012? (8) What are your concerns, if any, with the federal government determining, in coordination with the private sector, the country’s most critical cyber infrastructure as outlined in the Cybersecurity Act of 2012? Rockefeller [17].

  19. 19.

    See Office of the Director of National Intelligence [18].

  20. 20.

    Sec. 205. Federal cybersecurity requirements. (a) Implementation of federal cybersecurity standards. Consistent with section 3553 of title 44, United States Code, the Secretary, in consultation with the Director, shall exercise the authority to issue binding operational directives to assist the Director in ensuring timely agency adoption of and compliance with policies and standards promulgated under section 11331 of title 40, United States Code, for securing agency information systems. (b) Cybersecurity requirements at agencies. (1) In general.Consistent with policies, standards, guidelines, and directives on information security under subchapter II of chapter 35 of title 44, United States Code, and the standards and guidelines promulgated under section 11331 of title 40, United States Code, and except as provided in paragraph (2), not later than 1 year after the date of the enactment of this Act, the head of each agency shall—(A) identify sensitive and mission critical data stored by the agency consistent with the inventory required under the first subsection (c) (relating to the inventory of major information systems) and the second subsection (c) (relating to the inventory of information systems) of section 3505 of title 44, United States Code; (B) assess access controls to the data described in subparagraph (A), the need for readily accessible storage of the data, and individuals’ need to access the data; (C) encrypt or otherwise render indecipherable to unauthorized users the data described in subparagraph (A) that is stored on or transiting agency information systems; (D) implement a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication, as developed by the Administrator of General Services in collaboration with the Secretary; and (E) implement identity management consistent with section 504 of the Cybersecurity Enhancement Act of 2014 (Public Law 113–274; 15 U.S.C. 7464), including multi-factor authentication, for (i) remote access to an agency information system and (ii) each user account with elevated privileges on an agency information system. (2) Exception. The requirements under paragraph (1) shall not apply to an agency information system for which(A) the head of the agency has personally certified to the Director with particularity that (i) operational requirements articulated in the certification and related to the agency information system would make it excessively burdensome to implement the cybersecurity requirement; (ii) the cybersecurity requirement is not necessary to secure the agency information system or agency information stored on or transiting it; and (iii) the agency has taken all necessary steps to secure the agency information system and agency information stored on or transiting it; and (B) the head of the agency or the designee of the head of the agency has submitted the certification described in subparagraph (A) to the appropriate congressional committees and the agency’s authorizing committees. (3) Construction. Nothing in this section shall be construed to alter the authority of the Secretary, the Director, or the Director of the National Institute of Standards and Technology in implementing subchapter II of chapter 35 of title 44, United States Code. Nothing in this section shall be construed to affect the National Institute of Standards and Technology standards process or the requirement under section 3553(a)(4) of such title or to discourage continued improvements and advancements in the technology, standards, policies, and guidelines used to promote Federal information security. (c) Exception. The requirements under this section shall not apply to the Department of Defense, a national security system, or an element of the intelligence community. See US Congress [19].

  21. 21.

    Sec. 401. Study on mobile device security. (a) In general. Not later than 1 year after the date of the enactment of this Act, the Secretary of Homeland Security, in consultation with the Director of the National Institute of Standards and Technology, shall (1) complete a study on threats relating to the security of the mobile devices of the Federal Government; and (2) submit an unclassified report to Congress, with a classified annex if necessary, that contains the findings of such study, the recommendations developed under paragraph (3) of subsection (b), the deficiencies, if any, identified under (4) of such subsection, and the plan developed under paragraph (5) of such subsection. (b) Matters studied. In carrying out the study under subsection (a)(1), the Secretary, in consultation with the Director of the National Institute of Standards and Technology, shall (1) assess the evolution of mobile security techniques from a desktop-centric approach, and whether such techniques are adequate to meet current mobile security challenges; (2) assess the effect such threats may have on the cybersecurity of the information systems and networks of the Federal Government (except for national security systems or the information systems and networks of the Department of Defense and the intelligence community); (3) develop recommendations for addressing such threats based on industry standards and best practices; (4) identify any deficiencies in the current authorities of the Secretary that may inhibit the ability of the Secretary to address mobile device security throughout the Federal Government (except for national security systems and the information systems and networks of the Department of Defense and intelligence community); and (5) develop a plan for accelerated adoption of secure mobile device technology by the Department of Homeland Security. (c) Intelligence community defined. In this section, the term “intelligence community” has the meaning given such term in section 3 of the National Security Act of 1947 (50 U.S.C. 3003). See US Congress [19].

  22. 22.

    See US Congress [20].

  23. 23.

    The General Data Protection Regulation (GDPR) [21].

  24. 24.

    TROJAN, Viviane, JOTA Website, in https://www.jota.info/opiniao-e-analise/artigos/a-nova-lei-de-privacidadee-protecao-de-dados-na-california-ccpa-04052019, published on May 04, 2019, accessed on May 22, 2019.

  25. 25.

    The current legal framework is a patchwork of laws and regulations, as several soft laws have been adopted, mainly addressed issues in connection with the banking industry. See Loureiro and Palhares [22].

  26. 26.

    The Executive Branch Planalto [23].

  27. 27.

    Art. 10. The custody and the availability of the records of connection and access to internet applications referred to in this Law, as well as personal data and content of private communications, must take into account the preservation of privacy, privacy, honor, and image of the parties directly or indirectly involved.(…) Paragraph 4 Security and confidentiality measures and procedures shall be informed by the person responsible for the provision of services in a clear manner and in accordance with the standards defined in the regulations, respecting their right of confidentiality regarding business secrets. Art. 13. In the provision of connection to the internet, it is incumbent upon the respective autonomous system administrator to keep records of connection, under a confidential, controlled environment, for a period of one (1) year, pursuant to regulation. Art. 15. The Internet application provider established as a legal entity and carrying out this activity in an organized, professional and economic manner shall maintain the respective records of access to Internet applications, under secrecy, in a controlled environment and of security for a period of six (6) months, pursuant to the regulation. The Executive Branch Planalto [24].

  28. 28.

    See Loureiro and Palhares [22, p. 17].

  29. 29.

    Planalto [25].

  30. 30.

    Planalto [26].

  31. 31.

    See Borges [27].

References

  1. Griffin, R. C. (2012). Cybercrime. Journal of International Commercial Law and Technology, 7(2), 136–153.

    Google Scholar 

  2. Pedrazzi, C. (1965). O Direito Penal das Sociedades e o Direito Penal Comum. In Revista Brasileira de Criminologia e Direito Penal (Vol. 9, p. 133). Rio de Janeiro: Instituto de Criminologia do Estado da Guanabara.

    Google Scholar 

  3. Oliveira, E. P. (2011). Direito e processo penal na justiça federal: doutrina e jurisprudência. São Paulo: Atlas.

    Google Scholar 

  4. Cavero, P. G. (2007). Derecho Penal Económico – Parte General (2nd ed.). Lima: Grijley.

    Google Scholar 

  5. Mir, J. R. S., & Genovês, V. G. (1987). Delincuencia de cuella blanco (p. 71). Madrid: Instituto de Estudos de Política.

    Google Scholar 

  6. Garcia, J. Á. B. (2000). El delito de defraudación a la seguridad social (pp. 80–81). Valencia: Tirand lo Blanch.

    Google Scholar 

  7. Fischer, D. (2011). Inovações no Direito Penal Econômico: contribuições criminológicas, político-criminais e dogmáticas. Organizador: Artur de Brito Gueiros Souza. Brasília: Escola Superior do Ministério Público da União.

    Google Scholar 

  8. Santos, C. M. C. (2001). O crime de colarinho branco (da origem do conceito e sua relevância criminológica à questão da desigualdade na administração da justiça penal) (p. 175).

    Google Scholar 

  9. Sánchez, J.-M. S. (2004). Eficiência e direito penal. Coleção Estudos de Direito Penal (Vol. 11). São Paulo: Manole.

    Google Scholar 

  10. Rodrigues, A. M. (1999). Contributo para a fundamentação de um discurso punitivo em matéria fiscal. Direito Penal Económico e Europeu: textos doutrinários. Coimbra: Coimbra Ed..

    Google Scholar 

  11. Vogel, T. A. (2002). Dealing with cyber attacks on corporate network security. The Practical Lawyer, 48, 35–46.

    Google Scholar 

  12. Clevlin, D. (2005). Schemes and scams: Auction fraud and the culpability of host auction web sites. Loyola Consumer Law Review, 18, 223–255.

    Google Scholar 

  13. Farley, M., Franzblau, K., & Kennedy, M. A. (2013). Online prostitution and trafficking. Albany Law Review, 77, 1039–1094.

    Google Scholar 

  14. The United States Department of Justice. (2015, May 29). Ross Ulbricht, A/K/A “Dread Pirate Roberts,” sentenced in Manhattan Federal Court to life in prison. Retrieved August 3, 2018, from https://www.justice.gov/usao-sdny/pr/ross-ulbricht-aka-dread-pirate-roberts-sentenced-manhattan-federal-court-life-prison

  15. FBI News. (2017, July 20). Darknet takedown. Authorities shutter online criminal market AlphaBay. Retrieved August 3, 2018, from https://www.fbi.gov/news/stories/alphabay-takedown

  16. The United States Department of Justice. (2017, July 20). Justice News. AlphBay, the largest online ‘Dark Marke,’ shut down. Retrieved August 3, 2018, from https://www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down

  17. Rockefeller, J. D. (2012, September 19). Letter from Senator Johan D. Rockeffer IV (D-WV) to Virginia M. Rometty, President and Chif Executive Officer, International Business Machines. Retrieved June 1, 2018, from https://www.cadwalader.com/uploads/cfmemos/f6e347976c1cacb03e7d982e936e12cf.pdf

  18. Office of the Director of National Intelligence. The cybersecurity act of 2015. Retrieved September 2, 2018, from https://www.dni.gov/index.php/ic-legal-reference-book/cybersecurity-act-of-2015

  19. U.S. Congress. The cybersecurity act of 2015. Retrieved September 8, 2018, from https://www.congress.gov/114/bills/s754/BILLS-114s754es.pdf

  20. U.S. Congress. The cybersecurity act of 2017. Retrieved September 10, 2018, from https://www.congress.gov/bill/115th-congress/senate-bill/770

  21. European Union. The general data protection regulation (GDPR). EU official journal issue, L 119. Retrieved September 10, 2018, from http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=EN

  22. Loureiro, R. M., & Palhares, L. A. F. (2018, January). Brazil. In B. A. Powell, & J. C. Chipman (Eds.), Cybersecurity 2018. Getting the deal through (pp. 17–21). London: Law Business Research. Retrieved October 3, 2018, from https://gettingthedealthrough.com/area/72/jurisdiction/6/cybersecurity-brazil/

  23. The Executive Branch Planalto. Law 12,737, Nov. 30, 2012. Retrieved September 12, 2018, from http://www.planalto.gov.br/ccivil_03/_ato2011-2014/2012/lei/l12737.htm

  24. The Executive Branch Planalto. Law 12,965, April 23, 2014. Retrieved September 12, 2018, from http://www.planalto.gov.br/ccivil_03/_ato2011-2014/2014/lei/l12965.htm

  25. Planalto. The Brazilian protection of personal data act, Law n.° 13,709, August 14, 2018. Retrieved October 10, 2018, from http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/Lei/L13709.htm

  26. Planalto. The Brazilian civil rights for the internet. Retrieved October 10, 2018, from http://www.planalto.gov.br/ccivil_03/_Ato2011-2014/2014/Lei/L12965.htm

  27. Borges, B. (2018, July 2). Lei geral de proteção de dados pessoais avança no Senado. Retrieved October 10, 2018, from https://www.jota.info/coberturas-especiais/liberdade-de-expressao/protecao-de-dados-senado-02072018

Download references

Author information

Authors and Affiliations

  1. 3rd Region, Federal Court of Appeals, São Paulo, Brazil

    Fausto Martin De Sanctis

Authors
  1. Fausto Martin De Sanctis
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

De Sanctis, F.M. (2019). Dark Web: Deterring Cybercrimes and Cyber-Attacks. In: Technology-Enhanced Methods of Money Laundering. Springer, Cham. https://doi.org/10.1007/978-3-030-18330-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-18330-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-18329-5

  • Online ISBN: 978-3-030-18330-1

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation