Document Type : Research Paper
Authors
1 Department of criminal law policy and criminal law, Institute of Law Taras Shevchenko National University of Kyiv, Kyiv.
2 Candidate of Juridical Scienses, practicing lawyer, Kiev, Ukraine.
3 Attorney at law, partner of the bar association «Legal strategy».
4 Department of Law, Institute of Lviv Interregional Academy of Personnel Management, Lviv, Ukraine.
5 Department of Law Enforcement and Combating Corruption, National Research Institute of Law of Prince Volodymyr the Great, Interregional Academy of Personnel Management, Kyiv, Ukraine.
6 Department of the State guard of Ukraine, Taras Shevchenko National University of Kiev, Kyiv, Ukraine.
Abstract
Keywords
Introduction
With the development of the Internet, the cybercrime is gaining momentum. The cybercrime has cost the world economy more than $ 1 trillion in 2020 - just over 1% of world GDP (New McAfee, 2020). Compared to 2018, this figure increased by more than 50%. The cybercrime gained a special volume during quarantine, when work, shopping, and meetings went online.
The results of the Microsoft IT Cloud Security Survey conducted by the analytical company IDC in Central and Eastern Europe, due to the forced transition of most companies to remote work, significantly the number of vulnerabilities and the formation of new risks has increased (Fig. 1).
Among those surveyed, the 79% of respondents named secure remote access to corporate networks as the main risk for companies. Only 42% of companies in Central and Eastern Europe have developed a comprehensive security strategy, with the vast majority of respondents (86%) saying they are satisfied with their organization's level of cybersecurity.
This may mean that some companies have a false sense of security. It is vital that the approach to cybersecurity is dynamic, providing protection against attacks that are becoming more sophisticated with each passing day.
Figure 1. The key risks and vulnerabilities to cybercrime during a pandemic
By data FintechNews, the pandemic caused a surge of cyberattacks in August 2020. In particular, the number of attacks on banks increased by 238%, and 80% of companies in the world experienced an increase in the activity of criminals. According to researchers, international cyber infrastructures and data volumes are growing at an unprecedented rate, which creates difficulties for security experts and law enforcement agencies investigating cybercrime (Zawoad & Hasan, 2016; Ahmed et al, 2017; Albanian et al, 2018).
The cybercrime has already become a very lucrative type of business, which is not associated with high risk. After all, the proceeds of cybercrime can exceed millions of dollars. That is why today cybercrime is the number one problem in the world. Much attention is paid to its solution, programs of cooperation between special bodies of many countries are used (James, 2017). In this regard, it is necessary to implement active ways to protect and combat cybercrime. According to experts, one of the factors influencing the level of information security is cloud solutions: 54% of respondents said they plan to switch to cloud technology within two years (Barrett, 2020).
The cybercriminals use many methods - theft of personal data for profit and blackmail, data leakage, distributed denial of service and attacks by malware on medical devices and smart vehicles (Parker, 2007; Berghel, 2012; Gradon, 2013).
The cyberattacks can have a significant socio-economic impact on both global businesses and individuals. Therefore, the cybercriminals should be identified immediately, and high-quality evidence of attacks should be available in the courtroom (Gaggero et al, 2019). At the same time, cybercriminals are very difficult to identify, which constantly creates additional risks for business, is a significant problem that governments in many countries cannot solve (ACPO, 2012).
The forensic feature of cybercrimes is that their investigation and detection is impossible without the use and application of computer technology. There is a need for accurate, rapid response and search, recording, seizure and collection of evidence in electronic form, as well as operational and investigative measures (Oppliger et al, 2017). To prevent and combat cybercrime, it is necessary to systematically train qualified specialists capable of protecting the interests of the state.
Due to the constant increase in cyber and digital crimes, the digital forensic investigation (DFI) has already become a profession and a scientific field of activity (Adu & Adjei, 2018). Although the field of digital forensics is now well established, its research community can be considered relatively new, compared to related fields of traditional forensics and computer science (Apau & Koranteng, 2019). DFI includes a variety of digital investigation processes, including the identification, storage, analysis, documentation, and presentation of digital evidence. These processes must be carried out reliably and legally in order to withstand the review of legal review in the courts. Around the world, many institutions rely on digital storage media (Baylon & Antwi-Boasiako, 2016). Information is now processed, stored and exchanged using these media. As the use of digital media for storage is rapidly expanding, there has been a corresponding increase in computer crime and cyber-fraud (Becker et al, 2010). This growth has exacerbated the challenges facing law enforcement and security forces around the world. The factors that affect the increase in threats in cyberspace are: an active establishment and building of opportunities for cyber influence by leading states; a development of organizational structures of these states, increase in the number of units and their composition involved in the cybersecurity system of the world. At the same time, non-state resources are actively involved in cybersecurity activities; an active development of cyber weapons and implementation with its use of certain actions in cyberspace; an increasing opportunities for covert execution of cyberattacks and cyber operations by opposing parties; an increased influence of states on the national information spaces of other states, network traffic by means of access to global information networks; an active development of information technologies on a global scale, including in the interests of cyber defense, cyber influence, execution of cyber operations in general.
The internal factors that limit the state's ability to counter the negative impact in cyberspace are:
All the above requires the formation and implementation in the state of a single integrated approach to the further development and functioning of the national cybersecurity system, which should determine (specify) its purpose, principles, directions, main tasks, procedures for creating and operating the necessary organizational structures, training and management armed confrontation in cyberspace, other issues of the cyber security of the state. The purpose of the study is to develop scientifically sound proposals and recommendations for the introduction of tools for forensic research of computer tools and systems in the fight against cybercrime.
The object of study are public relations that arise in the implementation of information processes on the production, collection, processing, accumulation, storage, retrieval, transmission, distribution and consumption of computer information, as well as in other areas where computers are used, computer systems and networks. Subject of study - features of criminal offenses in the field of use of electronic computers (computers), systems and computer networks and telecommunication networks and countermeasures against cybercrime.
One of the main issues is to consider the jurisdiction of cybercrime, as the digital world does not have clearly defined borders and geographical areas. For this reason, the principle of nationality is usually used to determine jurisdiction, for example, it may be related to the nationality of the offender (active personality principle) or the nationality of the victim (passive personality principle). What most countries have in common is that ISPs are required to store user data and provide it to investigators upon request. Some countries assign jurisdiction even for a crime committed in another state, if it has affected the interests and security of the country abroad (protective principle). The study examines the experience of Ukraine through the prism of world experience countering cybercrime.
Literature Review
The cybercrime involves a wide range of illegal activities, from fraud and threats to the individual, to crimes resulting from hatred and drug trafficking (Boateng et al, 2011).
Table 1 presents the main terms and categories of the research question.
The cybercriminals use computer technology to access personal information and trade secrets, and use the Internet for operational or malicious purposes. Different types of criminals can also use computers to communicate, along with storing documents or data. The common forms of cybercrime include theft of online banking data, identity theft, cybercrime, and unauthorized access to a computer, along with serious and even bigger problems such as cyberterrorism.
Table 1. The terms and categories of issues of combating cybercrime
Terms and categories |
Definition |
Source |
Cyberspace |
a set of interconnected information resources, software, databases and data banks processed in computer networks and related infrastructure, together with the objects that fall under their control and management |
Cyber Security Strategy of the United Kingdom: safety, security and resilience in cyber space. |
Cybersecurity |
protection of vital interests of man and citizen, society and state during the use of cyberspace, which ensures sustainable development of information society and digital communication environment, timely detection, prevention and neutralization of real and potential threats to national security of Ukraine in cyberspace |
Draft of the Cybersecurity Strategy of Ukraine (2021-2025) |
Cybersecurity system |
interconnected by common goals and objectives for the realization of national interests in cyberspace, a set of bodies, which as a result of joint, agreed on the principles and methods of activity achieve common results using the inherent forms and methods of subject competence defined in law |
Law of Ukraine "On Basic Principles of Cyber Security of Ukraine" |
Organizational providing a cybersecurity system |
characterized by the place and role of special entities (relevant government agencies and their specialized units), their functions, powers, as well as the grounds, conditions and directions of their interaction in the implementation of security measures in cyberspace |
Draft of the Cybersecurity Strategy of Ukraine (2021-2025) |
Cybersecurity |
a set of organizational, legal, engineering and technical measures, as well as measures of cryptographic and technical protection of information aimed at preventing cyber incidents, detection and protection against cyber attacks, elimination of their consequences, restoration of sustainability and reliability of communication, technological systems |
Law of Ukraine "On Basic Principles of Cyber Security of Ukraine" |
Cybercrime (computer crime) |
socially dangerous criminal act in cyberspace and / or with its use, liability for which is provided by the law of Ukraine on criminal liability and / or which is recognized as a crime by international treaties of Ukraine |
From the point of view of fundamental legal doctrine, cybercrime consists of criminal acts committed with the help of electronic information and communication means.
In other words, the cybercrime can be any traditional offline crime (such as theft, fraud, money laundering), but committed on the Internet. Some researchers also single out "hybrid" or "cyber-driven" crimes and cyber-dependent crimes, which have become possible only through the development of the Internet and related digital technologies (Dolliver et al, 2017).
In Law of Ukraine "On Basic Principles of Cyber Security of Ukraine" the cybersecurity is defined asprotection of vital interests of man and citizen, society and the state during the use of cyberspace, which ensures the sustainable development of the information society and digital communication environment, timely detection, prevention and neutralization of real and potential threats to Ukraine's national security in cyberspace. At the same time, the cybersecurity is a set of organizational, legal, engineering and technical measures, as well as cryptographic and technical information protection measures aimed at preventing cyber incidents, detecting and protecting against cyberattacks, eliminating their consequences, restoring the stability and reliability of communication and technological systems. The cybercrime (computer crime) - a socially dangerous criminal act in cyberspace and / or with its use, liability for which is provided by the law of Ukraine on criminal liability and / or which is recognized as a crime by international treaties of Ukraine. Conventionally, cybercrime is divided into:
The main types of cybercrime are presented in Figure 2.
CYBER CRIMES |
Figure 2. Types of cybercrime
There are four main types of cybercrime:
The Criminal Code of Ukraine provides for criminal liability for:
Thus, in the forensic aspect, cybercrime (computer crime) is a socially dangerous criminal act in cyberspace and / or with its use, liability for which is provided by the Law of Ukraine on Criminal Liability and / or which is recognized as a crime by international treaties of Ukraine (On the basic principles of cybersecurity of Ukraine: the Law of Ukraine of October 5, 2017 № 2163-VIII).
The object of cybercrime, defined in the Criminal Code of Ukraine, is part of the information relationship, which can be defined as information relations, the means of which are computers, systems, computer networks and telecommunications networks. Thus, cybercrimes affect information relations with the use of special technical means. The current criminal law today lists four types of such means:
Depending on these means, information relations are of the following types: with the use of computers; computer systems; computer networks; means of communication - telecommunication networks.
The terms "digital forensics" and "cybercriminal", "cybercrime", "crimes in the field of IT technologies", "high-tech crimes", "internet crimes", "computer crimes", "crime in the field of high technologies", "e- crimes " are often used as synonyms for computer forensics.
The computer forensics is essentially the recovery of data by means of law enforcement instructions to make information acceptable in court. At the heart of computer forensics - the use of methods of investigation and analysis to collect and store evidence from a particular computer device in a way that is suitable for presentation in court. The purpose of computer forensics is to conduct a structured investigation and support documented chains of evidence in order to find out exactly what happened on the computer and who was responsible for it (Babenko et al., 2021).
The digital forensics begins with gathering information in a way that maintains its integrity. The investigators then analyze the data or system to determine if it has changed, how it has changed, and who made the change.
The use of computer forensics is not always associated with crime. A forensic process is also used as part of data recovery processes to collect data from an emergency server, a failed drive, a reformatted operating system, or another situation where the system has suddenly stopped working.
Therefore, the main challenges in combating cybercrime are the following:
Methodology
The basis of this study was methodological principles and approaches of legal science, which were used to solve the tasks.
The dialectical method was used in the work, as a general scientific method of cognition of social and legal phenomena in their contradictions - to determine the peculiarities of the criminal-legal qualification of crimes in the use of electronic computers, systems and computer networks and telecommunications networks. The logical-semantic method was used to study the main features of the criminal law qualification of cybercrime.
The system-structural method allowed to identify problematic research issues. The statistical method was used in the process of generalization, grouping and analysis of empirical material and evaluation of quantitative and qualitative indicators of the current state of crime in Ukraine. The application of the comparative method made it possible to study the experience of foreign countries in the fight against cybercrime.
Empirical basis the research consists of statistical data of the General Prosecutor's Office of Ukraine, the Ministry of Internal Affairs of Ukraine, the State Statistics Service of Ukraine for the period 2010-2020; selective analysis of materials of criminal proceedings (cases) for the period 2010-2020 under articles 361-363-1 Of the Criminal Code of Ukraine.
Results
Current trends in cybercrime: the situation in Ukraine, world experience
According to experts in the field of information technology, the situation with cybercrime in the world is deteriorating. The cybersecurity in the modern world has become global. The cyberattacks are becoming more complex and large-scale. The EU Cyber Security Agency (ENISA) has published a report on cyber incidents for the period 2019-2020. It follows that the geography of cyber attacks is constantly expanding, they are becoming more sophisticated, targeted, widespread, it is becoming increasingly difficult to identify customers. Cybercrime has increased dramatically with the introduction of artificial intelligence and machine learning technologies.
The cybercriminals infiltrate target systems using AI and ML (Machine Learning) in their malware. That is, cybercriminals will use artificial intelligence to carry out their intentions in the same way as in any sector, enhancing its ability to find and exploit vulnerabilities.
Deepfeak technology is becoming even more sophisticated and realistic, which could potentially call into question the results of video surveillance. The development of cybercrime also extends to proven methods, such as phishing lures, that will be harder to spot. As a result, company employees become even more vulnerable to these types of attacks. Among them will need to be constantly trained and reminded of the techniques developed in the field of cybersecurity.
The cybercrime statistics are deteriorating. The leader in the number of cyber attacks is the United States - 35.4% of the global cybercrime rate. In second place is South Korea - 12.8%; followed by China - 6.9%; Germany - 6.7%; France - 4%, Great Britain - 2.2% of the total cyberattack rate.
The most common types of cyberattacks in the world are: software viruses, computer viruses, self-replicating and other forms of software code failures. That is, the highest level of cybercrime are countries with the highest level of technological development, as it has the largest number of users (Budhijanto, 2019).
Regarding the state of cybercrime in Ukraine, caccording to the statistics of the Prosecutor General's Office of Ukraine, during 2010-2018 we have a tendency to increase.
For example, in 2018, 2,301 the criminal offenses in the field of the use of electronic computers, systems and computer networks and telecommunication networks were registered, 1,330 CP for such offenses were sent to court with an indictment (Fig. 3).
Figure 3. The number of reported criminal offenses in the field of cybercrime
The share of recorded criminal offenses in the use of electronic computers (computers), systems and computer networks and telecommunications networks from the total number of recorded criminal offenses also tends to increase (Fig. 4).
Figure 4. The share of recorded criminal offenses in the field of cybercrime in the total number of recorded criminal offenses
The analysis of the data of the official statistical reporting showed that the overwhelming majority in the structure of the investigated cybercrimes are those crimes for which the responsibility under Art. 362 of the Criminal Code of Ukraine (46.5%). In second place - the crimes under Art. 361 of the Criminal Code of Ukraine (44.5%). In third place - the crimes under Art. 361-1 of the Criminal Code of Ukraine (5.8%). On the fourth - the crimes provided by Art. 361-2 of the Criminal Code of Ukraine (2.3%). All other crimes in the field of use of electronic computers, systems and computer networks and telecommunication networks account for 0.5%. According to the Cyberpolice Department of the National Police of Ukraine, in 2018 the spread of 4 mass cyberattacks on the territory of Ukraine was prevented. In 2017, a number of cyber operations were carried out against Ukraine, the main of which were: BugDrop; "WannaCry" (known as "WannaCwt"); "NotPetya" (also known as "Petya. A", "Petya"). In 2019, the 32156 criminal cases of fraud were registered. The fight against Internet piracy continues: in 2018, more than 40 pirate sites were shut down. Within the framework of international cooperation, 8 transnational hacker groups were exposed and more than 30 international operations took part. During the period from January to November 2020, the 42563 criminal proceedings were registered on the facts of fraud. Such data indicate an overall increase in these offenses compared to 2019.
According to industry research, in 2020, 99% of organizations in the world survived attacks using mobile viruses due to the spread of remote control during the COVID pandemic.
According to calculations OpenDataBot, over the years the number of information crimes increased what at least 2.5 times. During the development of the new Cyber Security Strategy of Ukraine, an analytical study was conducted using an online survey of key cybersecurity actors, critical infrastructure facilities, enterprises of the real sector of the economy, financial sector, services, etc. (Assessment of the state of development of the national cybersecurity system, 2021; Gontareva et al., 2020).
An assessment of the readiness of organizations for modern cyberattacks. To do this, respondents on a scale of 1 to 10 assessed the level of readiness in different areas. Grades from 1 to 4 were defined as low, from 5 to 7 as average, from 8 to 10 as high.
The generalized results are shown in fig. 5.
Figure 5. Assessments of readiness of organizations for modern cyberattacks, Ukraine, 2021
The lowest level of readiness of organizations is observed in terms of the introduction of advanced technologies in the field of cybersecurity, adequacy of financial resources and efforts of organizations to improve the skills of employees in the field of cybersecurity (Vovk et al., 2020). Despite the high level of competencies of information security and cybersecurity specialists of the surveyed organizations, most respondents feel safe. At the same time, the most organizations monitor security events and define procedures for responding to cyber incidents.
However, as the results of the analysis showed, in most organizations there is no formalized division and the functions of information security and information technology units are not fixed in the administrative documents.
The generalized assessment of the level of readiness of organizations (by forms of ownership) to modern cyberattacks (in different directions) presented in Figure 6.
Figure 6. Assessment of the readiness of organizations (by form of ownership) to of modern cyberattacks, Ukraine, 2021
The generalized assessment of the level of readiness for modern cyberattacks of organizations in Ukraine is 53%, in the public sector - 51%, in the private sector - 63%. The businesses are not yet ready to fully meet the new challenges in the field of information security: more than half of companies (58%) do not have a comprehensive cybersecurity strategy.
The ability of organizations to counter cyberattacks in various areas was assessed on a scale from 1 to 10. The ratings from 1 to 4 were defined as low, from 5 to 7 - as medium, from 8 to 10 - as high. The generalized results are shown in fig. 7.
According to the results of the study, the ability of organizations to counter cyber threats is low in almost all areas. Only the ability to install updates and configure hardware to address identified vulnerabilities is considered high. Of course, the capacity of private organizations is higher (62%) than public sector organizations (45%), with an overall assessment of all respondents at 55%.
When assessing the ability to implement a cybersecurity strategy in Ukraine, it was found that a significant obstacle is the low level of interagency cooperation - only 41%, the implementation of organizational measures to comply with regulations in the field of cybersecurity is assessed (52%). 59% of companies that participated in Cisco's Future of Secure Remote Work survey acknowledged that they were hampered by a lack of employee awareness about cybersecurity. In such circumstances, even updating cybersecurity policies is difficult, as employees simply do not know how or do not follow the instructions correctly.
Figure 7. Assessment of the level of ability of organizations (by form of ownership) to counter cyberattacks
The low values in the public sector primarily indicate a low level of incident detection. On average, organizations spent 60.5 hours solving one incident, with a maximum of about 3 months. Some respondents said that the incident could not be resolved. A total of 128 organizations that answered the question about the time spent on resolving the incident spent more than 7,700 hours.
This state of affairs is a negative phenomenon that does not contribute to the implementation of effective measures to combat cybercrime, and, of course, requires special attention from the state.
Organized crime is increasingly using the Internet to cover up its activities. For example, the Darknet network was created as a black market platform for the sale of drugs, weapons, stolen goods and more. The technology provides network anonymity, so the Internet is uncontrolled and therefore secure for the activities of various criminal groups. According to the National Police of Ukraine, the number of organized groups and criminal organizations that commit criminal offenses using high information technology has increased by 36% over the last year.
The most common types of cybercrime are presented in table 2.
The most common types of cybercrime are: camcording; cardsharing; fake online auctions; mailing (spam); online gambling (with a deposit of money); creation of viruses; theft of personal data and personal information.The most common type of crime is fraud.
Fraud is the taking of another's property or the acquisition of property rights by deception or abuse of trust.
Table 2. The types of cybercrime
See |
Characteristic |
Carding |
credit card fraud (credit card details) not approved by the cardholder |
Phishing: SMS phishing Internet phishing |
fraudulent actions aimed at extorting card details from its holder. |
Viching |
the attackers use card calls to extract card details |
Skimming |
copying payment card data using a special device (skimmer) |
Shimming |
Scammers use an almost invisible device that is placed inside the card reader to copy credit card data |
Online fraud |
fake online auctions, online stores, websites and telecommunications |
Piracy |
illegal distribution of intellectual property on the Internet. |
Malware |
creation and spread of viruses and malware. |
Illegal content |
content that promotes extremism, terrorism, drug addiction, pornography, the cult of cruelty and violence. |
Refilling |
illegal substitution of telephone traffic. |
Theft of cryptocurrency |
fraudulent schemes where the owner of an e-wallet gives fraudsters access to their accounts and they transfer tens of thousands of dollars to another wallet |
The payment card fraud, theft of money from bank accounts, the spread of computer viruses, the theft of personal data by hackers, online drug trafficking, the fight against piracy and the distribution of illegal content are far from the complete tasks of the Cyberpolice. In total, more than 5,000 cybercrimes were registered last year, in which 106 people involved in criminal proceedings were promptly detained, including 13 pedophiles. With regard to quarantine fraud schemes, the Cyberpolice Department notes that in December 2020 received a number of appeals from citizens about the misappropriation of money by criminals, under the guise of compensation payments to entrepreneurs.
According to the press service, the most common schemes of Internet scammers in 2020 were:
In recent years, Ukraine has a high degree of latency of cybercrime due to industrial cyber espionage, which is ignored, as it is difficult to detect the leakage of confidential information such as personal data, information that constitutes banking or trade secrets, and so on.
The number of spam and targeted attacks on social media platforms is also increasing. In December in 2020, hackers attacked the European Medicines Agency and gained access to Pfizer / BioNTech vaccine documents stored on the Agency's server.
Cybercrime is cross-border in nature, ie the offender and the object of the crime can be located in one country or in different ones. However, the investigation of traces of cybercrime committed from other countries in relation to critical infrastructure is not allowed without the permission of the local authorities of the country from which such a crime was committed, so it is important to establish international cooperation.
Thus, attention should be paid to the lack of a legal mechanism to regulate cybersecurity, the recording and use of digital evidence and the regulatory framework for international cooperation, as some countries may not recognize acts as cybercrime and prohibit investigations on their territory.
This situation significantly increases the need for the European Union to strengthen cooperation with international partners.
The international cooperation, cyberdialogues focus more on the exchange of information on the institutional structure and powers of cyberspace authorities, on the latest developments in the development of relevant policies and legislative initiatives, including the update of the EU Network and Information Systems Directive (ISD), and partners in the development of cybersecurity policies and legislation in line with the EU legal and institutional framework. The particular attention is paid to coordination and cooperation within international organizations to strengthen cyber resilience and ensure responsible behavior of states in cyberspace.
The legal bases countering cybercrime
The experience of the European Union
The scientists note the existence of a lag in regulatory regulation from the development of technology, which significantly contributes to the development and spread of cybercrime.
Some crimes, such as terrorism, human trafficking, sexual abuse of children and drug trafficking, have largely moved to the digital world or been controlled from the Internet. Due to this, the investigation of criminal cases in most of such criminal offenses has a digital component.
The EU has focused its efforts on the above types of cybercrime, and the Council of Europe Convention on Cybercrime has led to the emergence of the following acts:
The Europol has also established and operates as a key body in the fight against cybercrime in the EU - the European Cybercrime Center. Its aim is to bring together European cybercrime expertise to support cybercrime investigations in the Member States.
The first EU Cyber Security Strategy, adopted in 2013, set out strategic goals and concrete actions to achieve cyber resilience, reduce cybercrime, develop cyber defense capabilities, develop technological resources and establish a coherent international cyberspace policy for the EU.
One of the foundations of the EU regulatory framework was Directive 2016/1148 on the security of network and information systems, adopted in 2016.
In the same year, the EU Global Strategy for Foreign and Security Policy was presented. The "Cybersecurity" section states that the strategic goal for the EU remains to strengthen the institutional capacity of the EU institutions and Member States to combat cyber threats, while maintaining open, free and secure cyberspace.
The European Commission has also adopted the Cyber Security Package, which aims to achieve the following goals: to take measures to ensure cyber resilience, to develop mechanisms for cyber deterrence and cyber defense. The importance of creating effective criminal liability for cybercrime is emphasized, for which international cooperation should be developed.
In 2018, the European Parliament adopted a resolution "Fighting Cybercrime", which states that Russia and China through governmental and non-governmental institutions are planning and implementing cyber attacks on critical infrastructure of EU member states.
In May 2019, the EU Council decided to impose restrictive measures against individuals and organizations that carry out cyber attacks. Thus was born a new sanctions regime, which first worked in 2020.
Last July, the EU Council decided to impose sanctions on cyber attacks and other malicious activity on the Internet. Russian individuals were found involved in cyber attacks on OPCW resources (The Hague, the Netherlands) in April 2018. They have been banned from entering the EU and their assets have been frozen.
The Main Center for Special Technologies of the Main Directorate of the General Staff of the Ministry of Defense of the Russian Federation is recognized as involved in the implementation of cyber attacks NotPetya and EternalPetya. It is established that this center plays a key role in the cyber activities of the Sandworm branch, which carried out a cyber attack on the Ukrainian power system. In October 2020, the EU Council decided to impose sanctions on two individuals and one Russian legal entity involved in a cyber attack on the German federal parliament.
A number of countries have developed special laws aimed at combating cybercrime. For example, Germany, Japan and China have amended the relevant provisions of their criminal codes to describe and combat cybercrime.
Some countries, instead of dividing cybercrime into separate criminal acts, have simply added specific clauses to their national legislation and codes to criminalize the illicit use of digital technology to commit any crime. This approach has resulted in the offender being charged with two crimes at the same time.
The legal support of the fight against cybercrime in Ukraine
The legal basis of information security of Ukraine is:
The cybersecurity is identified as one of the priorities in Ukraine's national security system.
In March 2021, the National Security and Defense Council approved a draft of the new Cyber Security Strategy of Ukraine for 2021-2025, which will significantly strengthen the existing institutional capacity to combat cyber threats.
The cybersecurity or cybersecurity units have been established in the State Service for Special Communications and Information Protection of Ukraine, the Security Service of Ukraine, the Ministry of Internal Affairs, the National Bank, the Ministry of Infrastructure, and the Ministry of Defense (Armed Forces of Ukraine).
A new powerful actor has appeared - the Ministry of Digital Transformation, the National Telecommunication Network is being developed, secure data processing centers (data centers) are functioning, and a system for detecting vulnerabilities and responding to cyber incidents and cyberattacks has been launched.
To improve the coordination of the activities of cyber security entities, a working body of the National Security and Defense Council of Ukraine was established - the National Coordination Center for Cyber Security, whose decisions allow solving the most difficult problems in this area.
In February 2021, the Cabinet of Ministers of Ukraine launched the National Center for Reservation of State Information Resources as a pilot project.
The cyberdialogues with foreign partners have become common practice, but dialogues with the European Union have become the first format to involve one of the world's most powerful intergovernmental associations.
The computer tools and systems in the fight against cybercrime
In the system of civil and criminal justice, computer forensics helps to ensure the integrity of digital evidence presented in court cases. The computers and other data collection devices are used more often in every aspect of life. Therefore, the digital evidence and the trial used to collect, preserve and investigate it are becoming increasingly important in the detection of crimes and other legal issues.
With the digitalization of all spheres of human activity, the role of information is growing, which may be critical in resolving a legal case or crime. The computer forensics often plays a role in identifying and storing this information. The digital evidence is useful not only for detecting crimes in the digital world, such as data theft, network intrusion, and illegal online transactions. The digital evidence is also used to uncover crimes in the physical world, such as theft, assault, accident and murder. The businesses often use multi-layered data management, and network security strategies to protect their own information. Having well-managed and secure data can help streamline litigation if this data is ever investigated.
The companies also use computer forensics to track information related to system or network compromise that can be used to detect and prosecute cyber criminals. The businesses can also use digital forensics and processes to help them recover data in the event of a system or network failure caused by a natural disaster or other circumstances (Ramazanov et al., 2020).
The specialists in computer forensic research, the police are widely used computer forensic methods to keep up with the growing rates of cybercrime.
There are different types of computer forensics.
Everyone is dealing with a certain aspect of information technology (Fig. 8).
Types of computer forensics |
Network forensics |
Forensics database |
Electronic forensics |
Forensics of memory |
Malware malware |
Mobile forensics |
Figure 8. The types of computer forensics
Some of the main types include the following:
The forensic investigators typically follow standard procedures, which vary depending on the context of the trial, the device under investigation, or the information that investigators are looking for. The stages of the criminological investigation are presented in Figure 9.
Figure 9. The stages of criminological investigation
In general, these procedures include the following three steps:
The computer tools are often used in computer forensic investigations to test the results they produce. The investigators use a variety of techniques and their own forensic programs to examine a copy they made of a broken device. They search the hidden folders and unallocated disk space for copies of deleted, encrypted, or corrupted files. Any evidence found on a digital copy shall be carefully documented in the report of the findings and verified by the original device in preparation for the trial, which involves the discovery, storage or actual trial.
The computer forensic investigations use a combination of methods and expertise. Some common methods include the following:
This is also known as anomaly detection.
The computer forensics has become an independent field of scientific experience. According to Salary.com, the average annual salary of a computer forensic analyst is about $ 65,000. Some examples of cyber forensic career paths include the following:
A bachelor's degree - and sometimes a master's degree - in computer science, cybersecurity or a related field is required of forensic experts. Several certificates are available in this field, including the following:
Conclusion
This study examines the main aspects introduction of tools for forensic research of computer tools and systems in the fight against cybercrime. It is proved that the investigation of criminal cases in most criminal offenses has a digital component. The analysis shows that currently the ability of organizations to counter cyber threats is low in almost all areas. A significant obstacle is the low level of interagency cooperation, and the implementation of enhanced cybersecurity measures in most cases is hindered by the lack of awareness of employees on these issues.
It is proposed to use computer forensic research methods more widely in order to keep up with the growing rates of cybercrime. The following types of computer forensic examinations are distinguished: criminology of the database; electronic forensics; malware forensics; criminology of memory; mobile forensics; network forensics. A combination of special methods and expertise is used in the process of computer forensic investigations.
Therefore, there is a need strengthening minternationaloh cooperationand in developing appropriate policies and legislative initiatives of securityand network and information systems, improvement legislation in the field countering cybercrime.
Conflict of interest
The authors declare no potential conflict of interest regarding the publication of this work. In addition, the ethical issues including plagiarism, informed consent, misconduct, data fabrication and, or falsification, double publication and, or submission, and redundancy have been completely witnessed by the authors.
Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article