law against cyber crime research paper

Information

• Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

• Active Journals
• Find a Journal
• Proceedings Series
• For Authors
• For Reviewers
• For Editors
• For Librarians
• For Publishers
• For Societies
• For Conference Organizers
• Open Access Policy
• Institutional Open Access Program
• Special Issues Guidelines
• Editorial Process
• Research and Publication Ethics
• Article Processing Charges
• Testimonials
• Preprints.org
• SciProfiles
• Encyclopedia

Article Menu

• Subscribe SciFeed
• Recommended Articles
• Google Scholar
• on Google Scholar
• Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

Cyber crime investigation: landscape, challenges, and future research directions.

1. Introduction

2. digital forensics, 2.1. host forensics, 2.2. mobile forensics, 2.2.1. investigation phases, 2.2.2. data extraction, 2.3. network forensics, 2.4. cloud forensics, 2.4.1. forensics as a service, 2.4.2. methods and frameworks, 2.4.3. cloud forensics and mobile devices, 3. online investigations, 3.1. sources of information, 3.1.1. open web, 3.1.2. deep web, 3.1.3. dark web, 3.2. specialized sources of information, 3.2.1. social media, 3.2.2. cryptocurrency flow, 3.3. data mining, 3.3.1. natural language processing, 3.3.2. social network analysis, 3.3.3. information extraction, 3.3.4. computer vision, 4. new forensic technologies, 4.1. automation, 4.2. machine learning (ai), 4.2.1. machine learning as an investigative tool, 4.2.2. machine learning as a criminal tool, 5. open issues and research directions.

• Technical issues (e.g., effectively implementing open-source intelligence tools used in investigations).
• Legal issues (e.g., obtaining legal basis for collecting evidence that is admissible in courts).
• Ethical issues (e.g., criminal profiling).

5.1. Technical Issues

5.2. legal issues, 5.3. ethical issues, 5.4. research directions of open issues, 6. conclusions and further research, author contributions, institutional review board statement, informed consent statement, conflicts of interest.

• Billard, D. Weighted Forensics Evidence Using Blockchain. In Proceedings of the 2018 International Conference on Computing and Data Engineering, Shanghai, China, 4–6 May 2018; pp. 57–61. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Zhang, L.; Li, F.; Wang, P.; Su, R.; Chi, Z. A Blockchain-Assisted Massive IoT Data Collection Intelligent Framework. IEEE Internet Things 2021 , 15 . [ Google Scholar ] [ CrossRef ]
• Barmpatsalou, K.; Cruz, T.; Monteiro, E.; Simoes, P. Current and Future Trends in Mobile Device Forensics. ACM Comput. Surv. 2018 , 51 , 1–31. [ Google Scholar ] [ CrossRef ]
• Gu, Y.; Lin, Z. Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA, 9–11 March 2016; ACM: New York, NY, USA, 2016; pp. 62–72. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Chernyshev, M.; Zeadally, S.; Baig, Z.; Woodward, A. Mobile Forensics: Advances, Challenges, and Research Opportunities. IEEE Secur. Priv. 2017 , 15 , 42–51. [ Google Scholar ] [ CrossRef ]
• Caviglione, L.; Wendzel, S.; Mazurczyk, W. The future of digital forensics: Challenges and the road ahead. IEEE Secur. Priv. 2017 , 15 , 12–17. [ Google Scholar ] [ CrossRef ]
• Stoyanova, M.; Nikoloudakis, Y.; Panagiotakis, S.; Pallis, E.; Markakis, E.K. A survey on the Internet of things (IoT) forensics: Challenges, approaches, and open issues. IEEE Commun. Surv. Tutor. 2020 , 22 , 1191–1221. [ Google Scholar ] [ CrossRef ]
• Manral, B.; Somani, G.; Choo, K.-K.R.; Conti, M.; Gaur, M.S. A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions. ACM Comput. Surv. 2020 , 52 , 1–38. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Khan, S.; Gani, A.; Wahab, A.W.; Bagiwa, M.A.; Shiraz, M.; Khan, S.U.; Zomaya, A.Y. Cloud Log Forensics: Foundations, State of the Art, and Future Directions. ACM Comput. Surv. 2016 , 49 , 1–42. [ Google Scholar ] [ CrossRef ]
• Tavabi, N.; Bartley, N.; Abeliuk, A.; Soni, S.; Ferrara, E.; Lerman, K. Characterizing Activity on the Deep and Dark Web. In Proceedings of the Companion of The 2019 World Wide Web Conference, San Francisco, CA, USA, 13–17 May 2019; ACM: New York, NY, USA, 2019; pp. 206–213. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Celestini, A.; Me, G.; Mignone, M. Tor marketplaces exploratory data analysis: The Drugs Case. In Global Security, Safety and Sustainability–The Security Challenges of the Connected World ; Springer: New York, NY, USA, 2016; pp. 218–229. [ Google Scholar ] [ CrossRef ]
• Internet Organized Crime Threat Assessment. 2020. Available online: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020 (accessed on 12 September 2021).
• Alonso-Fernandez, F.; Belvisi, N.M.; Hernandez-Diaz, K.; Muhammad, N.; Bigun, J. Writer Identification Using Microblogging Texts for Social Media Forensics. IEEE Trans. Biom. Behav. Identity Sci. 2021 , 3 , 405–426. [ Google Scholar ] [ CrossRef ]
• Nazah, S.; Huda, S.; Abawajy, J.; Hassan, M.M. Evolution of dark web threat analysis and detection: A systematic approach. IEEE Access 2020 , 8 , 171796–171819. [ Google Scholar ] [ CrossRef ]
• Edwards, M.; Rashid, A.; Rayson, P. A Systematic Survey of Online Data Mining Technology Intended for Law Enforcement. ACM Comput. Surv. 2015 , 48 , 54. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Zhang, X.; Li, W.; Ying, H.; Li, F.; Tang, S.; Lu, S. Emotion Detection in Online Social Networks: A Multilabel Learning Approach. IEEE Internet Things J. 2020 , 7 , 8133–8143. [ Google Scholar ] [ CrossRef ]
• Liao, X.; Yuan, K.; Wang, X.F.; Li, Z.; Xing, L.; Beyah, R. Acing the IoC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; ACM: New York, NY, USA, 2016; pp. 755–766. [ Google Scholar ] [ CrossRef ]
• Završnik, A. Criminal justice, artificial intelligence systems, and human rights. ERA Forum 2020 , 20 , 567–583. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Raaijmakers, S. Artificial Intelligence for Law Enforcement: Challenges and Opportunities. IEEE Secur. Priv. 2019 , 17 , 74–77. [ Google Scholar ] [ CrossRef ]
• Zhang, F.; Li, W.; Zhang, Y.; Feng, Z. Data Driven Feature Selection for Machine Learning Algorithms in Computer Vision. IEEE Internet Things J. 2018 , 5 , 4262–4272. [ Google Scholar ] [ CrossRef ]
• Du, X.; Hargreaves, C.; Sheppard, J.; Anda, F.; Sayakkara, A.; Le-Khac, N.-A.; Scanlon, M. SoK: Exploring the state of the art and the future potential of artificial intelligence in digital forensic investigation. In Proceedings of the 15th International Conference on Availability, Reliability and Security, Virtual Event, Ireland, 25–28 August 2020; pp. 1–10. [ Google Scholar ] [ CrossRef ]
• Shaukat, K.; Luo, S.; Varadharajan, V.; Hameed, I.A.; Xu, M. A Survey on Machine Learning Techniques for Cyber Security in the Last Decade. IEEE Access 2020 , 8 , 222310–222354. [ Google Scholar ] [ CrossRef ]
• Zhang, X.; Liu, L.; Xiao, L.; Ji, J. Comparison of Machine Learning Algorithms for Predicting Crime Hotspots. IEEE Access 2020 , 8 , 181302–181310. [ Google Scholar ] [ CrossRef ]
• Jeong, D. Artificial intelligence security threat, crime, and forensics: Taxonomy and open issues. IEEE Access 2020 , 8 , 184560–184574. [ Google Scholar ] [ CrossRef ]
• Quick, D.; Choo, K.-K.R. Digital forensic intelligence: Data subsets and Open-Source Intelligence (DFINT+OSINT): A timely and cohesive mix. Future Gener. Comput. Syst. 2018 , 78 , 558–567. [ Google Scholar ] [ CrossRef ]
• Amatoa, F.; Castiglione, A.; Cozzolino, G.; Narduccib, F. A semantic-based methodology for digital forensics analysis. J. Parallel Distrib. Comput. 2020 , 138 , 172–177. [ Google Scholar ] [ CrossRef ]
• Watson, S.; Dehghantanha, A. Digital forensics: The missing piece of the Internet of Things promise. Comput. Fraud. Secur. 2016 , 2016 , 5–8. [ Google Scholar ] [ CrossRef ]
• Wolfe, H. Evidence analysis. Comput. Secur. 2003 , 22 , 289–291. [ Google Scholar ] [ CrossRef ]
• Louw, D. Forensic psychology. In International Encyclopedia of the Social & Behavioral Sciences , 2nd ed.; Elsevier: Amsterdam, The Netherlands, 2015; pp. 351–356. [ Google Scholar ] [ CrossRef ]
• Rogers, M. The role of criminal profiling in the computer forensics process. Comput. Secur. 2003 , 22 , 292–298. [ Google Scholar ] [ CrossRef ]

Click here to enlarge figure

Share and Cite

Horan, C.; Saiedian, H. Cyber Crime Investigation: Landscape, Challenges, and Future Research Directions. J. Cybersecur. Priv. 2021 , 1 , 580-596. https://doi.org/10.3390/jcp1040029

Horan C, Saiedian H. Cyber Crime Investigation: Landscape, Challenges, and Future Research Directions. Journal of Cybersecurity and Privacy . 2021; 1(4):580-596. https://doi.org/10.3390/jcp1040029

Horan, Cecelia, and Hossein Saiedian. 2021. "Cyber Crime Investigation: Landscape, Challenges, and Future Research Directions" Journal of Cybersecurity and Privacy 1, no. 4: 580-596. https://doi.org/10.3390/jcp1040029

Article Metrics

Article access statistics, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Springer Nature - PMC COVID-19 Collection

Research trends in cybercrime victimization during 2010–2020: a bibliometric analysis

Huong thi ngoc ho.

1 School of Journalism and Communication, Huazhong University of Science and Technology, Wuhan, Hubei China

Hai Thanh Luong

2 School of Global, Urban and Social Studies, RMIT University, Melbourne, Australia

Associated Data

The datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request.

Research on cybercrime victimization is relatively diversified; however, no bibliometric study has been found to introduce the panorama of this subject. The current study aims to address this research gap by performing a bibliometric analysis of 387 Social Science Citation Index articles relevant to cybercrime victimization from Web of Science database during the period of 2010–2020. The purpose of the article is to examine the research trend and distribution of publications by five main fields, including time, productive authors, prominent sources, active institutions, and leading countries/regions. Furthermore, this study aims to determine the global collaborations and current gaps in research of cybercrime victimization. Findings indicated the decidedly upward trend of publications in the given period. The USA and its authors and institutions were likely to connect widely and took a crucial position in research of cybercrime victimization. Cyberbullying was identified as the most concerned issue over the years and cyber interpersonal crimes had the large number of research comparing to cyber-dependent crimes. Future research is suggested to concern more about sample of the elder and collect data in different countries which are not only European countries or the USA. Cross-nation research in less popular continents in research map was recommended to be conducted more. This paper contributed an overview of scholarly status of cybercrime victimization through statistical evidence and visual findings; assisted researchers to optimize their own research direction; and supported authors and institutions to build strategies for research collaboration.

Introduction

To date, the debate of cybercrime definition has been controversial which is considered as one of the five areas of cyber criminology (Ngo and Jaishankar 2017 ; Drew 2020 ). 1 Several terms are used to illustrate ‘cybercrime’, such as ‘high-tech crime’ (Insa 2007 ), ‘computer crime’ (Choi 2008 ; Skinner and Fream 1997 ), ‘digital crime’ (Gogolin 2010 ), or ‘virtual crime’ (Brenner 2001 ). ‘Cybercrime’, however, has been the most popular in the public parlance (Wall 2004 ). A propensity considers crime directly against computer as cybercrime, while other tendency asserts that any crime committed via internet or related to a computer is cybercrime (Marsh and Melville 2008 ; Wall 2004 ). Hence, there is a distinction between ‘true cybercrime’ or ‘high-tech’ cybercrime and ‘low-tech’ cybercrime (Wagen and Pieters 2020 ). Council of Europe defines ‘any criminal offense committed against or with the help of a computer network’ as cybercrime (Abdullah and Jahan 2020 , p. 90). Despite different approaches, cybercrime generally includes not only new types of crimes which have just occurred after the invention of computer and internet (Holt and Bossler 2014 ; Drew 2020 ) but also traditional types of crimes which took the advantages of information communication technology (ICT) as vehicle for illegal behaviors (Luong 2021 ; Nguyen and Luong 2020 ; Luong et al. 2019 ). Two main cybercrime categories identified, respectively, are cyber-dependent crime (hacking, malware, denial of service attacks) and cyber-enable crime (phishing, identity theft, cyber romance scam, online shopping fraud). Nevertheless, there are several different classifications of cybercrime such as cybercrime against certain individuals, groups of individuals, computer networks, computer users, critical infrastructures, virtual entities (Wagen and Pieters 2020 ); cyber-trespass, cyber-deceptions, cyber-pornography, and cyber-violence (Wall 2001 ).

Due to the common prevalence of cybercrime, the increasing threats of cybercrime victimization are obviously serious. Cybercrime victimization has become a crucial research subfield in recent years (Wagen and Pieters 2020 ). It is difficult to differ “forms of online victimization” and “acts that actually constitute a crime”, then it is usual for researchers to focus less on perspective of criminal law and consider any negative experiences online as cybercrime (Näsi et al. 2015 , p. 2). It was likely to lead to practical gaps between theory and practice in terms of investigating the nexus of offender and victims on cyberspace. In the light of literature review, numerous specific aspects of cybercrime victimization were investigated by questionnaire surveys or interview survey such as the prevalence of cybercrime victimization (Näsi et al. 2015 ; Whitty and Buchanan 2012 ); causes and predictors of cybercrime victimization (Abdullah and Jahan 2020 ; Algarni et al. 2017 ; Ilievski 2016 ; Jahankhani 2013 ; Kirwan et al. 2018 ; Näsi et al. 2015 ; Reyns et al. 2019 ; Saad et al. 2018 ); and the relationship between social networking sites (SNS) and cybercrime victimization (Das and Sahoo 2011 ; Algarni et al. 2017 ; Benson et al. 2015 ; Seng et al. 2018 ). To some extent, therefore, the current study examines cybercrime victimization in the large scale, referring to any negative experiences on cyberspace or computer systems. Nevertheless, no bibliometric analysis was found to show the research trend and general landscape of this domain.

Bibliometric is a kind of statistical analysis which uses information in a database to provide the depth insight into the development of a specified area (Leung et al. 2017 ). The present study aims to address this research gap by providing a bibliometric review of the relevant SSCI articles in WoS database during the period of 2010–2020. The pattern of publications, the productivity of main elements (authors, journals, institutions, and countries/regions), statistic of citations, classification of key terms, research gaps, and other collaborations will be presented and discussed in section four and five after reviewing literatures and presenting our methods conducted. This article contributes an overview of research achievements pertaining to cybercrime victimization in the given period through statistical evidence and visual findings; assists researchers to perceive clearly about the key positions in research maps of this field, and obtain more suggestions to develop their own research direction.

Literature review

Cybercrime victimization.

Cybercrime victimization may exist in two levels including institutional and individual level (Näsi et al. 2015 ). For the former, victim is governments, institutions, or corporations, whereas for the latter, victim is a specific individual (Näsi et al. 2015 ). A wide range of previous studies concerned about individual level of victim and applied Lifestyle Exposure Theory (LET), Routine Activity Theory (RAT) and General Theory of Crime to explain cybercrime victimization (Choi 2008 ; Holt and Bossler 2009 ; Ngo and Paternoster 2011 ). Basing on these theories, situational and individual factors were supposed to play an important role in understanding cybercrime victimization (Choi 2008 ; Van Wilsem 2013 ). However, there was another argument that situational and individual factors did not predict cybercrime victimization (Ngo and Paternoster 2011 ; Wagen and Pieters 2020 ). Overall, most of those studies just focused only one distinctive kind of cybercrime such as computer viruses, malware infection, phishing, cyberbullying, online harassment, online defamation, identity theft, cyberstalking, online sexual solicitation, cyber romance scams or online consumer fraud. Referring to results of the prior research, some supported for the applicability of mentioned theories but other did not share the same viewpoint (Leukfeldt and Yar 2016 ). It was hard to evaluate the effect of LET or RAT for explanation of cybercrime victimization because the nature of examined cybercrime were different (Leukfeldt and Holt 2020 ; Leukfeldt and Yar 2016 ).

Previous research determined that cybercrime victimization was more common in younger group compared to older group because the young is the most active online user (Näsi et al. 2015 ; Oksanen and Keipi 2013 ) and males tended to become victims of cybercrime more than females in general (Näsi et al. 2015 ). However, findings might be different in research which concerned specific types of cybercrime. Women were more likely to be victims of the online romance scam (Whitty and Buchanan 2012 ) and sexual harassment (Näsi et al. 2015 ), while men recorded higher rate of victimization of cyber-violence and defamation. Other demographic factors were also examined such as living areas (Näsi et al. 2015 ), education (Oksanen and Keipi 2013 ; Saad et al. 2018 ) and economic status (Oksanen and Keipi 2013 ; Saad et al. 2018 ). Furthermore, several prior studies focus on the association of psychological factors and cybercrime victimization, including awareness and perception (Ariola et al. 2018 ; Saridakis et al. 2016 ), personality (Kirwan et al. 2018 ; Orchard et al. 2014 ; Parrish et al. 2009 ), self-control (Ilievski 2016 ; Ngo and Paternoster 2011 ; Reyns et al. 2019 ), fear of cybercrime (Lee et al. 2019 ), online behaviors (Al-Nemrat and Benzaïd 2015 ; Saridakis et al. 2016 ). Psychological factors were assumed to have effects on cybercrime victimization at distinctive levels.

Another perspective which was much concerned by researchers was the relationship between cybercrime victimization and SNS. SNS has been a fertile land for cybercriminals due to the plenty of personal information shared, lack of guard, the availability of communication channels (Seng et al. 2018 ), and the networked nature of social media (Vishwanath 2015 ). When users disclosed their personal information, they turned themselves into prey for predators in cyberspace. Seng et al. ( 2018 ) did research to understand impact factors on user’s decision to react and click on suspicious posts or links on Facebook. The findings indicated that participants’ interactions with shared contents on SNS were affected by their relationship with author of those contents; they often ignored the location of shared posts; several warning signals of suspicious posts were not concerned. Additionally, Vishwanath ( 2015 ) indicated factors that led users to fall victims on the SNS; Algarni et al. ( 2017 ) investigated users’ susceptibility to social engineering victimization on Facebook; and Kirwan et al. ( 2018 ) determined risk factors resulting in falling victims of SNS scam.

Bibliometric of cybercrime victimization

“Bibliometric” is a term which was coined by Pritchard in 1969 and a useful method which structures, quantifies bibliometric information to indicate the factors constituting the scientific research within a specific field (Serafin et al. 2019 ). Bibliometric method relies on some basic types of analysis, namely co-authorship, co-occurrence, citation, co-citation, and bibliographic coupling. This method was employed to various research domains such as criminology (Alalehto and Persson 2013 ), criminal law (Jamshed et al. 2020 ), marketing communication (Kim et al. 2019 ), social media (Chen et al. 2019 ; Gan and Wang 2014 ; Leung et al. 2017 ; Li et al. 2017 ; You et al. 2014 ; Zyoud et al. 2018 ), communication (Feeley 2008 ), advertising (Pasadeos 1985 ), education (Martí-Parreño et al. 2016 ).

Also, there are more and more scholars preferring to use bibliometric analysis on cyberspace-related subject such as: cyber behaviors (Serafin et al. 2019 ), cybersecurity (Cojocaru and Cojocaru 2019 ), cyber parental control (Altarturi et al. 2020 ). Serafin et al. ( 2019 ) accessed the Scopus database to perform a bibliometric analysis of cyber behavior. All documents were published by four journals: Cyberpsychology, Behavior and Social Networking (ISSN: 21522723), Cyberpsychology and Behavior (ISSN: 10949313) , Computers in Human Behavior (ISSN: 07475632) and Human–Computer Interaction (ISSN: 07370024), in duration of 2000–2018. Findings indicated the use of Facebook and other social media was the most common in research during this period, while psychological matters were less concerned (Serafin et al. 2019 ). Cojocaru and Cojocaru ( 2019 ) examined the research status of cybersecurity in the Republic of Moldavo, then made a comparison with the Eastern Europe countries’ status. This study employed bibliometric analysis of publications from three data sources: National Bibliometric Instrument (database from Republic of Moldavo), Scopus Elsevier and WoS. The Republic of Moldavo had the moderate number of scientific publications on cybersecurity; Russian Federation, Poland, Romania, Czech Republic, and Ukraine were the leading countries in Eastern Europe area (Cojocaru and Cojocaru 2019 ). Altarturi et al. ( 2020 ) was interested in bibliometric analysis of cyber parental control, basing on publications between 2000 and 2019 in Scopus and WoS. This research identified some most used keywords including ‘cyberbullying’, ‘bullying’, ‘adolescents’ and ‘adolescence’, showing their crucial position in the domain of cyber parental control (Altarturi et al. 2020 ). ‘Cyber victimization’ and ‘victimization’ were also mentioned as the common keywords by Altarturi et al. ( 2020 ). Prior research much focus on how to protect children from cyberbullying. Besides, four online threats for children were determined: content, contact, conduct and commercial threats (Altarturi et al. 2020 ).

Generally, it has been recorded several published bibliometric analyses of cyber-related issues but remained a lack of bibliometric research targeting cybercrime victimization. Thus, the present study attempts to fill this gap, reviewing the achievements of existed publications as well as updating the research trend in this field.

In detail, our current study aims to address four research questions (RQs):

What is overall distribution of publication based on year, institutions and countries, sources, and authors in cybercrime victimization?

Which are the topmost cited publications in terms of cybercrime victimization?

Who are the top co-authorships among authors, institutions, and countries in research cybercrime victimization?

What are top keywords, co-occurrences and research gaps in the field of cybercrime victimization?

Data collection procedure

Currently, among specific approaches in cybercrime’s fileds, WoS is “one of the largest and comprehensive bibliographic data covering multidisciplinary areas” (Zyoud et al. 2018 , p. 2). This paper retrieved data from the SSCI by searching publications of cybercrime victimization on WoS database to examine the growth of publication; top keywords; popular topics; research gaps; and top influential authors, institutions, countries, and journals in the academic community.

This paper employed Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) for data collection procedure. For timeline, we preferred to search between 2010 and 2020 on the WoS system with two main reasons. First, when the official update of the 2009 PRISMA Statement had ready upgraded with the specific guidelines and stable techniques, we consider beginning since 2010 that is timely to test. Secondly, although there are several publications from the early of 2021 to collect by the WoS, its updated articles will be continued until the end of the year. Therefore, we only searched until the end of 2020 to ensure the full updates.

To identify publications on cybercrime victimization, the study accessed WoS and used two keywords for searching: ‘cybercrime victimization’ or ‘cyber victimization’ after testing and looking for some terminology-related topics. Accordingly, the paper applied a combination of many other searching terms besides two selected words such as “online victimization”, “victim of cybercrime”, “phishing victimization”, “online romance victimization”, “cyberstalking victim”, “interpersonal cybercrime victimization”, or “sexting victimization”, the results, however, were not really appropriate. A lot of papers did not contain search keywords in their titles, abstracts, keywords and were not relavant to study topic. After searching with many different terms and comparing the results, the current study selected the two search terms for the most appropriate articles. The query result consisted of 962 documents. Basing on the result from preliminary searching, retrieved publications were refined automatically on WoS by criteria of timespan, document types, language, research areas, and WoS Index as presented in Table ​ Table1. 1 . Accordingly, the criteria for automatic filter process were basic information of an articles and classified clearly in WoS system so the results reached high accuracy. The refined results are 473 articles.

Criteria for automatic filter

After automatic filters, file of data was converted to Microsoft Excel 2016 for screening. The present study examined titles and abstracts of 473 articles to assess the eligibility of each publication according to the relevance with given topic. There are 387 articles are eligible,while 86 irrelevant publications were excluded.

Data analysis

Prior to data analysis, the raw data were cleaned in Microsoft Excel 2016. Different forms of the same author’s name were corrected for consistency, for example “Zhou, Zong-Kui” and “Zhou Zongkui”, “Van Cleemput, Katrien” and “Van Cleemput, K.”, “Williams, Matthew L.” and “Williams, Matthew”. Similarly, different keywords (single/plural or synonyms) used for the same concept were identified and standardized such as “victimization” and “victimisation”; “adolescent” and “adolescents”; “cyber bullying”, “cyber-bullying” and “cyberbullying”; “routine activity theory” and “routine activities theory”.

The data were processed by Microsoft Excel 2016 and VOS Viewer version 1.6.16; then it was analyzed according to three main aspects. First, descriptive statistic provided evidence for yearly distribution and growth trend of publications, frequency counts of citations, the influential authors, the predominant journals, the top institutions and countries/territories, most-cited publications. Second, co-authorship and co-occurrence analysis were constructed and visualized by VOS Viewer version 1.6.16 to explore the network collaborations. Finally, the current study also investigated research topics through content analysis of keywords. The authors’ keywords were classified into 15 themes, including: #1 cybercrime; #2 sample and demographic factors; #3 location; #4 theory; #5 methodology; #6 technology, platforms and related others; #7 psychology and mental health; #8 physical health; #9 family; #10 school; #11 society; #12 crimes and deviant behaviors; #13 victim; #14 prevention and intervention; and #15 others. Besides, the study also added other keywords from titles and abstracts basing on these themes, then indicated aspects examined in previous research.

In this section, all findings corresponding with four research questions identified at the ouset of this study would be illustrated (Fig.  1 ).

PRISMA diagram depicts data collection from WoS database

Distribution of publication

Distribution by year, institutions and countries.

Basing on retrieved data, it was witnessed an increasing trend of articles relevant to cybercrime victimization in SSCI list during the time of 2010–2020 but it had slight fluctuations in each year as shown in Fig.  2 . The total number of articles over this time was 387 items, which were broken into two sub-periods: 2010–2014 and 2015–2020. It is evident that the latter period demonstrated the superiority of the rate of articles (79.33%) compared to the previous period (20.67%). The yearly quantity of publications in this research subject was fewer than forty before 2015. Research of cybercrime victimization reached a noticeable development in 2016 with over fifty publications, remained the large number of publications in the following years and peaked at 60 items in 2018.

Annual distribution of publications

Distribution by institutions and countries

Table ​ Table2 2 shows the top contributing institutions according to the quantity of publications related to cybercrime victimization. Of the top institutions, four universities were from the USA, two ones were from Spain, two institutions were from Australia and the rest ones were from Czech Republic, Belgium, Greece, and Austria. Specifically, Masaryk University (17 documents) became the most productive publishing institution, closely followed by Michigan State University (16 documents). The third and fourth places were University of Antwerp (13 documents) and Weber State University (10 documents). Accordingly, the institutions from The USA and Europe occupied the vast majority.

Top contributing institutions based on total publications

TP total publications, TC total citations for the publications reviewed, AC average citations per document

In Table ​ Table2, 2 , University of Seville (total citations: 495, average citations: 70.71) ranked first and University of Cordoba (total citations: 484, average citations: 60.50) stayed at the second place in both total citations and average citations.

Referring to distribution of publications by countries, there were 45 countries in database contributing to the literature of cybercrime victimization. The USA recorded the highest quantity of papers, creating an overwhelming difference from other countries (159 documents) as illustrated in Fig.  3 . Of the top productive countries, eight European countries which achieved total of 173 publications were England (39 documents), Spain (34 documents), Germany (22 documents), Netherlands (18 documents), Italy (17 documents) and Czech Republic (17 documents), Belgium (14 documents), Greece (12 documents). Australia ranked the fourth point (32 documents), followed by Canada (30 documents). One Asian country which came out seventh place, at the same position with Netherlands was China (18 documents).

Top productive countries based on the number of publications

Distribution by sources

Table ​ Table3 3 enumerates the top leading journals in the number of publications relevant to cybercrime victimization. The total publications of the first ranking journal— Computers in Human Behavior were 56, over twice as higher as the second raking journal— Cyberpsychology, Behavior and Social Networking (24 articles). Most of these journals have had long publishing history, starting their publications before 2000. Only three journals launched after 2000, consisting of Journal of School Violence (2002), Cyberpsychology: Journal of Psychosocial Research on Cyberspace (2007) and Frontiers in Psychology (2010). Besides, it is remarked that one third of the top journals focuses on youth related issues: Journal of Youth and Adolescence , Journal of Adolescence, School Psychology International and Journal of School Violence .

Top leading journals based on the quantity of publications

SPY Started Publication Year

In Table ​ Table3, 3 , relating to total citations, Computers in Human Behavior remained the first position with 2055 citations. Journal of Youth and Adolescence had total 1285 citations, ranked second and followed by Aggressive Behavior with 661 citations. In terms of average citations per documents, an article of Journal of Youth and Adolescence was cited 67.63 times in average, much higher than average citations of one in Computers in Human Behavior (36.70 times). The other journals which achieved the high number of average citations per document were School Psychology International (59.00 times), Journal of Adolescence (44.83 times) and Aggressive Behavior (44.07 times).

Distribution by authors

Table ​ Table4 4 displays ten productive authors based on article count; total citations of each author and their average citations per document are also included. Michelle F. Wright from Pennsylvania State University ranked first with twenty publications, twice as higher as the second positions, Thomas J. Holt (10 articles) from Michigan State University and Bradford W. Reyns (10 articles) from Weber State University. Rosario Ortega-Ruiz from University of Cordoba stayed at the third place in terms of total publications but the first place in aspect of total citations (483 citations) and the average citations (60.38 times).

Top productive authors based on article count

Of the most productive authors based on total publications, there were three authors from universities in the USA; one from the university in Canada (Brett Holfeld); the others were from institutions in Euro, including Spain (Rosario Ortega-Ruiz), Greece (Constantinos M. Kokkinos) and Belgium (Heidi Vandebosch), Netherlands (Rutger Leukfeldt) and Austria (Takuya Yanagida and Christiane Spiel).

Most-cited publications

The most-cited literature items are displayed in Table ​ Table5. 5 . The article which recorded the highest number of citations was ‘Psychological, Physical, and Academic Correlates of Cyberbullying and Traditional Bullying’ (442 citations) by Robin M. Kowalski et al. published in Journal of Adolescent Health , 2013. Seven of ten most-cited articles were about cyberbullying; focused on youth population; made comparisons between cyberbullying and traditional bullying; analyzed the impact of several factors such as psychological, physical, academic factors or use of Internet; discussed on preventing strategies. The other publications studied victimization of cyberstalking and cyber dating abuse. All most-cited articles were from 2015 and earlier.

The most-cited publications in subject of cybercrime victimization during 2010–2020

Of the top productive authors, only Bradford W. Reyns had an article appeared in the group of most-cited publications. His article ‘Being Pursued Online: Applying Cyberlifestyle-Routine Activities Theory to Cyberstalking Victimization’ (2011) was cited 172 times.

Co-authorship analysis

“Scientific collaboration is a complex social phenomenon in research” (Glänzel and Schubert 2006 , p. 257) and becomes the increasing trend in individual, institutional and national levels. In bibliometric analysis, it is common to assess the productivity and international collaboration of research; identify key leading researchers, institutions, or countries (E Fonseca et al. 2016 ) as well as potential collaborators in a specific scientific area (Romero and Portillo-Salido 2019 ) by co-authorship analysis which constructs networks of authors and countries (Eck and Waltman 2020 ).

This section analyses international collaboration relevant to research of cybercrime victimization among authors, institutions, and countries during 2010–2020 through visualization of VOS Viewer software.

Collaboration between authors

Referring to the threshold of choose in this analysis, minimum number of documents of author is three and there were 80 authors for final results. Figure  4 illustrates the relationships between 80 scientists who study in subject of cybercrime victimization during 2010–2020. It shows several big groups of researchers (Wright’s group, Vandebosch’s group, or Holt’s group), while numerous authors had limited or no connections to others (Sheri Bauman, Michelle K. Demaray or Jennifer D. Shapka).

Collaboration among authors via network visualization (threshold three articles for an author, displayed 80 authors)

Figure  5 displayed a significant network containing 23 authors who were active in collaboration in detail. The displayed items in Fig.  5 are divided into five clusters coded with distinctive colors, including red, green, blue, yellow, and purple. Each author item was represented by their label and a circle; the size of label and circle are depended on the weight of the item, measured by the total publications (Eck and Waltman 2020 ). The thickness of lines depends on the strength of collaboration (Eck and Waltman 2020 ).

Collaboration among authors via network visualization (threshold three articles for an author, displayed 23 authors)

The most significant cluster was red one which is comprised of six researchers: Michelle F. Wright, Sebastian Wachs, Yan Li, Anke Gorzig, Manuel Gamez-Guadix and Esther Calvete. The remarked author for the red cluster was Michelle F. Wright whose value of total link strength is 24. She had the strongest links with Sebastian Wachs; closely link with Yan Li, Anke Gorzig, Manuel Gamez-Guadix and collaborated with authors of yellow cluster, including Shanmukh V. Kamble, Li Lei, Hana Machackova, Shruti Soudi as well as Takuya Yanagida of blue cluster. Michelle F. Wright who obtained the largest number of published articles based on criteria of this study made various connections with other scholars who were from many different institutions in the world. This is also an effective way to achieve more publications.

Takuya Yanagida was the biggest node for the blue cluster including Petra Gradinger, Daniel Graf, Christiane Spiel, Dagmar Strohmeier. Total link strength for Takuya Yanagida was 28; twelve connections. It is observed that Takuya Yanagida’ s research collaboration is definitely active. Besides, other research groups showed limited collaborations comparing with the red and blue ones.

Collaboration between institutions

The connections among 156 institutions which published at least two documents per one are shown in Fig.  6 . Interestingly, there is obvious connections among several distinctive clusters which were coded in color of light steel blue, orange, purple, steel blue, green, red, yellow, light red, dark turquoise, light blue, brown and light green. These clusters created a big chain of connected institutions and were in the center of the figure, while other smaller clusters or unlinked bubbles (gray color) were distributed in two sides. The biggest chain consisted of most of productive institutions such as Masaryk University, Michigan State University, University of Antwerp, Weber State University, University of Cordoba, Edith Cowan University, University of Cincinnati, University of Victoria, University of Vienna, and University of Seville.

Collaboration among institutions via network visualization (threshold two articles for an institution, 156 institutions were displayed)

Light steel blue and orange clusters presented connections among organizations from Australia. Light green included institutions from Netherland, while turquoise and light blue consisted of institutions from the USA. Yellow cluster was remarked by the various collaborations among institutions from China and Hong Kong Special Administrative Region (Renmin University of China and South China Normal University, University of Hong Kong, the Hong Kong Polytechnic University and the Chinese University of Hong Kong), the USA (University of Virginia), Cyprus (Eastern Mediterranean University), Japan (Shizuoka University), India (Karnataka University) and Austria (University Applied Sciences Upper Austria). Central China Normal University is another Chinese institution which appeared in Fig.  5 , linking with Ministry of Education of the People’s Republic of China, Suny Stony Brook and University of Memphis from the USA.

Masaryk University and Michigan State University demonstrated their productivity in both the quantity of publications and the collaboration network. They were active in research collaboration, reaching twelve and eleven links, respectively, with different institutions, but focused much on networking with institutions in the USA and Europe.

Collaboration between countries

The collaboration among 45 countries which published at least one SSCI documents of cybercrime victimization during the given period was examined in VOS Viewer but just 42 items were displayed via overlay visualization. Figure  7 depicts the international collaborations among significant countries. The USA is the biggest bubble due to its biggest number of documents and shows connections with 26 countries/regions in Euro, Asia, Australia, Middle East. Excepting European countries, England collaborate with the USA, Australia, South Korea, Japan, Thailand, Singapore, Sri Lanka, and Colombia. Spain and Germany almost focus on research network within Euro. China has the strongest tie with the USA, link with Australia, Germany, Czech Republic, Austria, Cyprus and Turkey, Japan, Indian, Vietnam.

Collaboration among countries via overlay visualization

Color bar in Fig.  7 is determined by the average publication year of each country and the color of circles based on it. It is unsurprised that the USA, Australia, England, or Spain shows much research experience in this field and maintain the large number of publications steadily. Interestingly, although the average publication year of South Korea or Cyprus was earlier than other countries (purple color), their quantities of documents were moderate. The new nodes (yellow circles) in the map included Vietnam, Norway, Pakistan, Ireland, Scotland, Switzerland.

Keywords and co-occurrence

The present paper examined the related themes and contents in research of cybercrime victimization during 2010–2020 through collecting author keywords, adding several keywords from tiles and abstracts. Besides, this study also conducted co-occurrence analysis of author keywords to show the relationships among these keywords.

The keywords were collected and categorized into 15 themes in Table ​ Table6, 6 , including cybercrime; sample and demographic factors; location; theory; methodology; technology, platform, and related others; psychology and mental health; physical health; family; school; society; crimes and other deviant behaviors; victim; prevention and intervention; and others.

Statistic of keywords in themes

These keywords were most of author keyword, adding a few selected keywords from the titles and abstracts by the author of this current study

In the theme of cybercrime, there were numerous types of cybercrimes such as cyberbullying, cyber aggression, cyberstalking, cyber harassment, sextortion and other cyber dating crimes, cyber fraud, identity theft, phishing, hacking, malware, or ransomware. Generally, the frequency of interpersonal cybercrimes or cyber-enable crimes was much higher than cyber-dependent crimes. Cyberbullying was the most common cybercrime in research.

Relating to sample and demographic factors, there were sample of children, adolescent, adults, and the elder who were divided into more detail levels in each research; however, adolescent was the most significant sample. Besides, demographic factor of gender received a remarked concern from scholars.

It is usual that most of the research were carried out in one country, in popular it was the USA, Spain, Germany, England, Australia, Canada or Netherland but sometimes the new ones were published such as Chile, Vietnam, Thailand or Singapore. It was witnessed that some studies showed data collected from a group of countries such as two countries (Canada and the United State), three countries (Israel, Litva, Luxembourg), four countries (the USA, the UK, Germany, and Finland), or six Europe countries (Spain, Germany, Italy, Poland, the United Kingdom and Greece).

A wide range of theories were applied in this research focusing on criminological and psychological theories such as Routine Activities Theory, Lifestyle—Routine Activities Theory, General Strain Theory, the Theory of Reasoned Action or Self-control Theory.

Table ​ Table6 6 indicated a lot of different research methods covering various perspective of cybercrime victimization: systematic review, questionnaire survey, interview, experiment, mix method, longitudinal study, or cross-national research; many kinds of analysis such as meta-analysis, social network analysis, latent class analysis, confirmatory factor analysis; and a wide range of measurement scales which were appropriate for each variable.

Topic of cybercrime victimization had connections with some main aspects of technology (information and communication technologies, internet, social media or technology related activities), psychology (self-esteem, fear, attitude, personality, psychological problems, empathy, perceptions or emotion), physical health, family (parents), school (peers, school climate), society (norms, culture, social bonds), victim, other crimes (violence, substance use), prevention and intervention.

Co-occurrence analysis was performed with keywords suggested by authors and the minimum number of occurrences per word is seven. The result showed 36 frequent keywords which clustered into five clusters as illustrated in Fig.  8 .

Co-occurrence between author keywords via network visualization (the minimum number of occurrences per word is seven, 36 keywords were displayed)

Figure  8 illustrates some main issues which were concerned in subject of cybercrime victimization, as well as the relationship among them. Fifteen most frequent keywords were presented by big bubbles, including: ‘cyberbullying’ (174 times), ‘cyber victimization’ (90 times), ‘adolescent’ (79 times), ‘bullying’ (66 times), ‘victimization’ (56 times), ‘cybercrime’ (40 times), ‘cyber aggression’ (37 times), ‘depression’ (23 times), ‘aggression’ (14 times), ‘routine activities theory’ (13 times), ‘cyberstalking’ (11 times), ‘gender’ (11 times), ‘longitudinal’ (10 times), ‘peer victimization’ (10 times) and ‘self-esteem’ (10 times).

‘Cyberbullying’ linked with many other keywords, demonstrating the various perspectives in research of this topic. The thick lines which linked ‘cyberbullying’ and ‘bullying’, ‘adolescent’, ‘cyber victimization’, ‘victimization’ showed the strong connections between them; there were close relationship between ‘cyber aggression’, ‘bystander”, ‘self-esteem’ or ‘moral disengagement’ and ‘cyberbullying’.

‘Cybercrime’ had strong links with ‘victimization’, ‘routine activities theory’. In Fig.  8 , the types of cybercrime which occurred at least seven times were: cyberbullying, cyber aggression, hacking, cyberstalking, and cyber dating abuse.

The increasing trend over the years reveals the increasing concern of scholarly community on this field, especially in the boom of information technology and other communication devices and the upward trend in research of cyberspace-related issues (Altarturi et al. 2020 ; Leung et al. 2017 ; Serafin et al. 2019 ). It predicts the growth of cybercrime victimization research in future.

Psychology was the more popular research areas in database, defeating criminology penology. As part of the ‘human factors of cybercrime’, human decision-making based on their psychological perspectives plays as a hot topic in cyber criminology (Leukfeldt and Holt 2020 ). Then, it is observed that journals in psychology field was more prevalent in top of productive sources. Besides, journal Computers in Human Behavior ranked first in total publications, but Journal of Youth and Adolescence ranked higher place in the average citations per document. Generally, top ten journals having highest number of publications on cybercrime victimization are highly qualified ones and at least 10 years in publishing industry.

The USA demonstrated its leading position in the studied domain in terms of total publications as well as the various collaborations with other countries. The publications of the USA occupied much higher than the second and third countries: England and Spain. It is not difficult to explain for this fact due to the impressive productivity of institutions and authors from the USA. A third of top twelve productive institutions were from the USA. Three leading positions of top ten productive authors based on document count were from institutions of the USA, number one was Michelle F. Wright; others were Thomas J. Holt and Bradford W. Reyns.

Furthermore, these authors also participated in significant research groups and become the important nodes in those clusters. The most noticeable authors in co-authors network were Michelle F. Wright. The US institutions also had strong links in research network. The USA was likely to be open in collaboration with numerous countries from different continents in the world. It was assessed to be a crucial partner for others in the international co-publication network (Glänzel and Schubert 2006 ).

As opposed to the USA, most of European countries prefer developing research network within Europe and had a limited collaboration with other areas. Australia, the USA, or Japan was in a small group of countries which had connections with European ones. Nevertheless, European countries still showed great contributions for research of cybercrime victimization and remained stable links in international collaboration. The prominent authors from Euro are Rosario Ortega-Ruiz, Constantinos M. Kokkinos or Rutger Leukfeldt.

It is obvious that the limited number of publications from Asia, Middle East, Africa, or other areas resulted in the uncomprehensive picture of studied subject. For example, in the Southeast Asia, Malaysia and Vietnam lacked the leading authors with their empirical studies to review and examine the nature of cybercrimes, though they are facing to practical challenges and potential threats in the cyberspace (Lusthaus 2020a , b ). The present study indicated that Vietnam, Ireland, or Norway was the new nodes and links in research network.

Several nations which had a small number of publications such as Vietnam, Thailand, Sri Lanka, or Chile started their journey of international publications. It is undeniable that globalization and the context of global village (McLuhan 1992 ) requires more understanding about the whole nations and areas. Conversely, each country or area also desires to engage in international publications. Therefore, new nodes and clusters are expected to increase and expand.

The findings indicated that cyberbullying was the most popular topic on research of cybercrime victimization over the given period. Over a half of most-cited publications was focus on cyberbullying. Additionally, ‘cyberbullying’ was the most frequent author keyword which co-occurred widely with distinctive keywords such as ‘victimization’, ‘adolescents’, ‘bullying’, ‘social media’, ‘internet’, ‘peer victimization’ or ‘anxiety’.

By reviewing keywords, several research gaps were indicated. Research samples were lack of population of the children and elders, while adolescent and youth were frequent samples of numerous studies. Although young people are most active in cyberspace, it is still necessary to understand other populations. Meanwhile, the elderly was assumed to use information and communication technologies to improve their quality of life (Tsai et al. 2015 ), their vulnerability to the risk of cybercrime victimization did not reduce. Those older women were most vulnerable to phishing attacks (Lin et al. 2019 ; Oliveira et al. 2017 ). Similarly, the population of children with distinctive attributes has become a suitable target for cybercriminals, particularly given the context of increasing online learning due to Covid-19 pandemic impacts. These practical gaps should be prioritized to focus on research for looking the suitable solutions in the future. Besides, a vast majority of research were conducted in the scope of one country; some studies collected cross-national data, but the number of these studies were moderate and focused much on developed countries. There are rooms for studies to cover several countries in Southeast Asia or South Africa.

Furthermore, although victims may be both individuals and organizations, most of research concentrated much more on individuals rather than organizations or companies. Wagen and Pieters ( 2020 ) indicated that victims include both human and non-human. They conducted research covering cases of ransomware victimization, Bonet victimization and high-tech virtual theft victimization and applying Actor-Network Theory to provide new aspect which did not aim to individual victims. The number of this kind of research, however, was very limited. Additionally, excepting cyberbullying and cyber aggression were occupied the outstanding quantity of research, other types of cybercrime, especially, e-whoring, or social media-related cybercrime should still be studied more in the future.

Another interesting topic is the impact of family on cybercrime victimization. By reviewing keyword, it is clear that the previous studies aimed to sample of adolescent, hence, there are many keywords linking with parents such as ‘parent-adolescent communication’, ‘parent-adolescent information sharing’, ‘parental mediation’, ‘parental monitoring of cyber behavior’, ‘parental style’. As mentioned above, it is necessary to research more on sample of the elder, then, it is also essential to find out how family members affect the elder’s cybercrime victimization.

It is a big challenge to deal with problems of cybercrime victimization because cybercrime forms become different daily (Näsi et al. 2015 ). Numerous researchers engage in understanding this phenomenon from various angles. The current bibliometric study assessed the scholarly status on cybercrime victimization during 2010–2020 by retrieving SSCI articles from WoS database. There is no study that applied bibliometric method to research on the examined subject. Hence, this paper firstly contributed statistical evidence and visualized findings to literature of cybercrime victimization.

Statistical description was applied to measure the productive authors, institutions, countries/regions, sources, and most-cited documents, mainly based on publication and citation count. The international collaborations among authors, institutions, and countries were assessed by co-authors, while the network of author keywords was created by co-occurrence analysis. The overall scholarly status of cybercrime victimization research was drawn clearly and objectively. The research trend, popular issues and current gaps were reviewed, providing numerous suggestions for policymakers, scholars, and practitioners about cyber-related victimization (Pickering and Byrne 2014 ). Accordingly, the paper indicated the most prevalent authors, most-cited papers but also made summary of contributions of previous research as well as identified research gaps. First, this article supports for PhD candidates or early-career researchers concerning about cybercrime victimization. Identifying the leading authors, remarked journals, or influencing articles, gaps related to a specific research topic is important and useful task for new researchers to start their academic journey. Although this information is relatively simple, it takes time and is not easy for newcomers to find out, especially for ones in poor or developing areas which have limited conditions and opportunities to access international academic sources. Thus, the findings in the current paper provided for them basic but necessary answers to conduct the first step in research. Secondly, by indicating research gaps in relevance to sample, narrow topics or scope of country, the paper suggests future study fulfilling them to complete the field of cybercrime victimization, especial calling for publications from countries which has had a modest position in global research map. Science requires the balance and diversity, not just focusing on a few developed countries or areas. Finally, the present study assists researchers and institutions to determined strategy and potential partners for their development of research collaborations. It not only improve productivity of publication but also create an open and dynamic environment for the development of academic field.

Despite mentioned contributions, this study still has unavoidable limitations. The present paper just focused on SSCI articles from WoS database during 2010–2020. It did not cover other sources of databases that are known such as Scopus, ScienceDirect, or Springer; other types of documents; the whole time; or articles in other languages excepting English. Hence it may not cover all data of examined subject in fact. Moreover, this bibliometric study just performed co-authorship and co-occurrence analysis. The rest of analysis such as citation, co-citation and bibliographic coupling have not been conducted. Research in the future is recommended to perform these kinds of assessment to fill this gap. To visualize the collaboration among authors, institutions, countries, or network of keywords, this study used VOS Viewer software and saved the screenshots as illustrations. Therefore, not all items were displayed in the screenshot figures.

Data availability

Declarations.

The authors declare that they have no competing interest.

1 In the ‘commemorating a decade in existence of the International Journal of Cyber Criminoogy’, Ngo and Jaishankar ( 2017 ) called for further research with focusing on five main areas in the Cyber Criminiology, including (1) defining and classifying cybercrime, (2) assessing the prevalence, nature, and trends of cybercrime, (3) advancing the field of cyber criminology, (4) documenting best practices in combating and preventing cybercrime, and (5) cybercrime and privacy issues.

Contributor Information

Huong Thi Ngoc Ho, Email: moc.liamg@252nhgnouH .

Hai Thanh Luong, Email: [email protected] .

• Abdullah ATM, Jahan I. Causes of cybercrime victimization: a systematic literature review. Int J Res Rev. 2020; 7 (5):89–98. [ Google Scholar ]
• Al-Nemrat A, Benzaïd C (2015) Cybercrime profiling: Decision-tree induction, examining perceptions of internet risk and cybercrime victimisation. In: Proceedings—14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, vol 1, pp 1380–1385. 10.1109/Trustcom.2015.534
• Alalehto TI, Persson O. The Sutherland tradition in criminology: a bibliometric story. Crim Justice Stud. 2013; 26 (1):1–18. doi: 10.1080/1478601X.2012.706753. [ CrossRef ] [ Google Scholar ]
• Algarni A, Xu Y, Chan T. An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook. Eur J Inf Syst. 2017; 26 (6):661–687. doi: 10.1057/s41303-017-0057-y. [ CrossRef ] [ Google Scholar ]
• Altarturi HHM, Saadoon M, Anuar NB. Cyber parental control: a bibliometric study. Child Youth Serv Rev. 2020 doi: 10.1016/j.childyouth.2020.105134. [ CrossRef ] [ Google Scholar ]
• Ariola B, Laure ERF, Perol ML, Talines PJ. Cybercrime awareness and perception among Students of Saint Michael College of Caraga. SMCC Higher Educ Res J. 2018; 1 (1):1. doi: 10.18868/cje.01.060119.03. [ CrossRef ] [ Google Scholar ]
• Benson V, Saridakis G, Tennakoon H. Purpose of social networking use and victimisation: are there any differences between university students and those not in HE? Comput Hum Behav. 2015; 51 :867–872. doi: 10.1016/j.chb.2014.11.034. [ CrossRef ] [ Google Scholar ]
• Brenner SW. Is there such a thing as “rough”? Calif Crim Law Rev. 2001; 4 (1):348–349. doi: 10.3109/09637487909143344. [ CrossRef ] [ Google Scholar ]
• Chen X, Wang S, Tang Y, Hao T. A bibliometric analysis of event detection in social media. Online Inf Rev. 2019; 43 (1):29–52. doi: 10.1108/OIR-03-2018-0068. [ CrossRef ] [ Google Scholar ]
• Choi K. Computer Crime Victimization and Integrated Theory: an empirical assessment. Int J Cyber Criminol. 2008; 2 (1):308–333. [ Google Scholar ]
• Cojocaru I, Cojocaru I (2019) A bibliomentric analysis of cybersecurity research papers in Eastern Europe: case study from the Republic of Moldova. In: Central and Eastern European E|Dem and E|Gov Days, pp 151–161
• Das B, Sahoo JS. Social networking sites—a critical analysis of its impact on personal and social life. Int J Bus Soc Sci. 2011; 2 (14):222–228. [ Google Scholar ]
• Drew JM. A study of cybercrime victimisation and prevention: exploring the use of online crime prevention behaviours and strategies. J Criminol Res Policy Pract. 2020; 6 (1):17–33. doi: 10.1108/JCRPP-12-2019-0070. [ CrossRef ] [ Google Scholar ]
• E Fonseca B, Sampaio, de Araújo Fonseca MV, Zicker F (2016). Co-authorship network analysis in health research: method and potential use. Health Res Policy Syst 14(1):1–10. 10.1186/s12961-016-0104-5 [ PMC free article ] [ PubMed ]
• Feeley TH. A bibliometric analysis of communication journals from 2002 to 2005. Hum Commun Res. 2008; 34 :505–520. doi: 10.1111/j.1468-2958.2008.00330.x. [ CrossRef ] [ Google Scholar ]
• Gan C, Wang W. A bibliometric analysis of social media research from the perspective of library and information science. IFIP Adv Inf Commun Technol. 2014; 445 :23–32. doi: 10.1007/978-3-662-45526-5_3. [ CrossRef ] [ Google Scholar ]
• Glänzel W, Schubert A. Analysing scientific networks through co-authorship. Handb Quant Sci Technol Res. 2006 doi: 10.1007/1-4020-2755-9_12. [ CrossRef ] [ Google Scholar ]
• Gogolin G. The digital crime tsunami. Digit Investig. 2010; 7 (1–2):3–8. doi: 10.1016/j.diin.2010.07.001. [ CrossRef ] [ Google Scholar ]
• Holt TJ, Bossler AM. Examining the applicability of lifestyle-routine activities theory for cybercrime victimization. Deviant Behav. 2009; 30 (1):1–25. doi: 10.1080/01639620701876577. [ CrossRef ] [ Google Scholar ]
• Holt TJ, Bossler AM. An assessment of the current state of cybercrime scholarship. Deviant Behav. 2014; 35 (1):20–40. doi: 10.1080/01639625.2013.822209. [ CrossRef ] [ Google Scholar ]
• Ilievski A. An explanation of the cybercrime victimisation: self-control and lifestile/routine activity theory. Innov Issues Approaches Soc Sci. 2016; 9 (1):30–47. doi: 10.12959/issn.1855-0541.iiass-2016-no1-art02. [ CrossRef ] [ Google Scholar ]
• Insa F. The Admissibility of Electronic Evidence in Court (A.E.E.C.): Fighting against high-tech crime—results of a European study. J Digital Forensic Pract. 2007; 1 (4):285–289. doi: 10.1080/15567280701418049. [ CrossRef ] [ Google Scholar ]
• Jahankhani H. Developing a model to reduce and/or prevent cybercrime victimization among the user individuals. Strategic Intell Manag. 2013 doi: 10.1016/b978-0-12-407191-9.00021-1. [ CrossRef ] [ Google Scholar ]
• Jamshed J, Naeem S, Ahmad K (2020) Analysis of Criminal Law Literature: a bibliometric study from 2010–2019. Library Philos Pract
• Kim J, Kang S, Lee KH (2019) Evolution of digital marketing communication: Bibliometric analysis and networs visualization from key articles. J Bus Res
• Kirwan GH, Fullwood C, Rooney B. Risk factors for social networking site scam victimization among Malaysian students. Cyberpsychol Behav Soc Netw. 2018; 21 (2):123–128. doi: 10.1089/cyber.2016.0714. [ PubMed ] [ CrossRef ] [ Google Scholar ]
• Lee S-S, Choi KS, Choi S, Englander E. A test of structural model for fear of crime in social networking sites A test of structural model for fear of crime in social networking sites. Int J Cybersecur Intell Cybercrime. 2019; 2 (2):5–22. doi: 10.52306/02020219SVZL9707. [ CrossRef ] [ Google Scholar ]
• Leukfeldt R, Holt T, editors. The human factor of cybercrime. New York: Routledge; 2020. [ Google Scholar ]
• Leukfeldt ER, Yar M. Applying routine activity theory to cybercrime: a theoretical and empirical analysis. Deviant Behav. 2016; 37 (3):263–280. doi: 10.1080/01639625.2015.1012409. [ CrossRef ] [ Google Scholar ]
• Leung XY, Sun J, Bai B. Bibliometrics of social media research: a co-citation and co-word analysis. Int J Hosp Manag. 2017; 66 :35–45. doi: 10.1016/j.ijhm.2017.06.012. [ CrossRef ] [ Google Scholar ]
• Li Q, Wei W, Xiong N, Feng D, Ye X, Jiang Y. Social media research, human behavior, and sustainable society. Sustainability. 2017; 9 (3):384. doi: 10.3390/su9030384. [ CrossRef ] [ Google Scholar ]
• Lin T, Capecci DE, Ellis DM, Rocha HA, Dommaraju S, Oliveira DS, Ebner NC. Susceptibility to spear-phishing emails: effects of internet user demographics and email content. ACM Trans Comput-Hum Interact. 2019; 26 (5):1–28. doi: 10.1145/3336141. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
• Luong TH. Prevent and combat sexual assault and exploitation of children on cyberspace in Vietnam: situations, challenges, and responses. In: Elshenraki H, editor. Combating the exploitation of children in cyberspace: emerging research and opportunities. Hershey: IGI Global; 2021. pp. 68–94. [ Google Scholar ]
• Luong HT, Phan HD, Van Chu D, Nguyen VQ, Le KT, Hoang LT. Understanding cybercrimes in Vietnam: from leading-point provisions to legislative system and law enforcement. Int J Cyber Criminol. 2019; 13 (2):290–308. doi: 10.5281/zenodo.3700724. [ CrossRef ] [ Google Scholar ]
• Lusthaus J (2020a) Cybercrime in Southeast Asia: Combating a Global Threat Locally. Retrieved from Canberra, Australia: https://s3-ap-southeast-2.amazonaws.com/ad-aspi/202005/Cybercrime%20in%20Southeast%20Asia.pdf?naTsKQp2jtSPYsWpSo4YmE1sVBNv_exJ
• Lusthaus J. Modelling cybercrime development: the case of Vietnam. In: Leukfeldt R, Holt T, editors. The human factor of cybercrime. New York: Routledge; 2020. pp. 240–257. [ Google Scholar ]
• Marsh I, Melville G. Crime justice and the media. Crime Justice Med. 2008 doi: 10.4324/9780203894781. [ CrossRef ] [ Google Scholar ]
• Martí-Parreño J, Méndez-Ibáñezt E, Alonso-Arroyo A (2016) The use of gamification in education: a bibliometric and text mining analysis. J Comput Assist Learn
• McLuhan M. The Global Village: Transformations in World Life and Media in the 21st Century (Communication and Society) Oxford: Oxford University Press; 1992. [ Google Scholar ]
• Näsi M, Oksanen A, Keipi T, Räsänen P. Cybercrime victimization among young people: a multi-nation study. J Scand Stud Criminol Crime Prev. 2015 doi: 10.1080/14043858.2015.1046640. [ CrossRef ] [ Google Scholar ]
• Ngo F, Jaishankar K. Commemorating a decade in existence of the international journal of cyber criminology: a research agenda to advance the scholarship on cyber crime. Int J Cyber Criminol. 2017; 11 (1):1–9. [ Google Scholar ]
• Ngo F, Paternoster R. Cybercrime victimization: an examination of individual and situational level factors. Int J Cyber Criminol. 2011; 5 (1):773. [ Google Scholar ]
• Nguyen VT, Luong TH. The structure of cybercrime networks: transnational computer fraud in Vietnam. J Crime Justice. 2020 doi: 10.1080/0735648X.2020.1818605. [ CrossRef ] [ Google Scholar ]
• Oksanen A, Keipi T. Young people as victims of crime on the internet: a population-based study in Finland. Vulnerable Child Youth Stud. 2013; 8 (4):298–309. doi: 10.1080/17450128.2012.752119. [ CrossRef ] [ Google Scholar ]
• Oliveira D, Rocha H, Yang H, Ellis D, Dommaraju S, Muradoglu M, Weir D, Soliman A, Lin T, Ebner N (2017) Dissecting spear phishing emails for older vs young adults: on the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In: Conference on Human Factors in Computing Systems—Proceedings, 2017-May, 6412–6424. 10.1145/3025453.3025831
• Orchard LJ, Fullwood C, Galbraith N, Morris N. Individual differences as predictors of social networking. J Comput-Mediat Commun. 2014; 19 (3):388–402. doi: 10.1111/jcc4.12068. [ CrossRef ] [ Google Scholar ]
• Parrish JL, Jr, Bailey JL, Courtney JF. A personality based model for determining susceptibility to phishing attacks. Little Rock: University of Arkansas; 2009. pp. 285–296. [ Google Scholar ]
• Pasadeos Y. A bibliometric study of advertising citations. J Advert. 1985; 14 (4):52–59. doi: 10.1080/00913367.1985.10672971. [ CrossRef ] [ Google Scholar ]
• Pickering C, Byrne J. The benefits of publishing systematic quantitative literature reviews for PhD candidates and other early-career researchers. Higher Educ Res Devel ISSN. 2014; 33 (3):534–548. doi: 10.1080/07294360.2013.841651. [ CrossRef ] [ Google Scholar ]
• Reyns BW, Fisher BS, Bossler AM, Holt TJ. Opportunity and Self-control: do they predict multiple forms of online victimization? Am J Crim Justice. 2019; 44 (1):63–82. doi: 10.1007/s12103-018-9447-5. [ CrossRef ] [ Google Scholar ]
• Romero L, Portillo-Salido E. Trends in sigma-1 receptor research: a 25-year bibliometric analysis. Front Pharmacol. 2019 doi: 10.3389/fphar.2019.00564. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
• Saad ME, Huda Sheikh Abdullah SN, Murah MZ. Cyber romance scam victimization analysis using Routine Activity Theory versus apriori algorithm. Int J Adv Comput Sci Appl. 2018; 9 (12):479–485. doi: 10.14569/IJACSA.2018.091267. [ CrossRef ] [ Google Scholar ]
• Saridakis G, Benson V, Ezingeard JN, Tennakoon H. Individual information security, user behaviour and cyber victimisation: an empirical study of social networking users. Technol Forecast Soc Change. 2016; 102 :320–330. doi: 10.1016/j.techfore.2015.08.012. [ CrossRef ] [ Google Scholar ]
• Seng S, Wright M, Al-Ameen MN (2018) Understanding users’ decision of clicking on posts in facebook with implications for phishing. Workshop on Technology and Consumer Protection (ConPro 18), May, 1–6
• Serafin MJ, Garcia-Vargas GR, García-Chivita MDP, Caicedo MI, Correra JC. Cyberbehavior: a bibliometric analysis. Annu Rev Cyber Ther Telemed. 2019; 17 :17–24. doi: 10.31234/osf.io/prfcw. [ CrossRef ] [ Google Scholar ]
• Skinner WF, Fream AM. A social learning theory analysis of computer crime among college students. J Res Crime Delinq. 1997; 34 (4):495–518. doi: 10.1177/0022427897034004005. [ CrossRef ] [ Google Scholar ]
• Tsai H, Yi S, Shillair R, Cotten SR, Winstead V, Yost E. Getting grandma online: are tablets the answer for increasing digital inclusion for older adults in the US? Educ Gerontol. 2015; 41 (10):695–709. doi: 10.1080/03601277.2015.1048165. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
• van Eck NJ, Waltman L (2020) Manual for VOSviewer version 1.6.16
• Van Wilsem J. “Bought it, but never got it” assessing risk factors for online consumer fraud victimization. Eur Sociol Rev. 2013; 29 (2):168–178. doi: 10.1093/esr/jcr053. [ CrossRef ] [ Google Scholar ]
• van der Wagen W, Pieters W. The hybrid victim: re-conceptualizing high-tech cyber victimization through actor-network theory. Eur J Criminol. 2020; 17 (4):480–497. doi: 10.1177/1477370818812016. [ CrossRef ] [ Google Scholar ]
• Vishwanath A. Habitual Facebook use and its impact on getting deceived on social media. J Comput-Mediat Commun. 2015; 20 (1):83–98. doi: 10.1111/jcc4.12100. [ CrossRef ] [ Google Scholar ]
• Wall D. Crime and the Internet: Cybercrime and cyberfears. 1. London: Routledge; 2001. [ Google Scholar ]
• Wall D. What are cybercrimes? Crim Justice Matters. 2004; 58 (1):20–21. doi: 10.1080/09627250408553239. [ CrossRef ] [ Google Scholar ]
• Whitty MT, Buchanan T. The online romance scam: a serious cybercrime. Cyberpsychol Behav Soc Netw. 2012; 15 (3):181–183. doi: 10.1089/cyber.2011.0352. [ PubMed ] [ CrossRef ] [ Google Scholar ]
• You GR, Sun X, Sun M, Wang JM, Chen YW (2014) Bibliometric and social network analysis of the SoS field. In: Proceedings of the 9th International Conference on System of Systems Engineering: The Socio-Technical Perspective, SoSE 2014, 13–18. 10.1109/SYSOSE.2014.6892456
• Zyoud SH, Sweileh WM, Awang R, Al-Jabi SW. Global trends in research related to social media in psychology: Mapping and bibliometric analysis. Int J Ment Health Syst. 2018; 12 (1):1–8. doi: 10.1186/s13033-018-0182-6. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]

Cybercrime and its Legal Implications: Analysing the challenges and Legal frameworks surrounding Cybercrime, including issues related to Jurisdiction, Privacy, and Digital Evidence

International Journal of Research and Analytical Reviews, July 2023, Volume 10, Issue 3

15 Pages Posted: 26 Apr 2024

Ishan Atrey

University of Petroleum & Energy Studies (UPES) School of Law; Indian Institute of Management (IIM), Rohtak

Date Written: July 9, 2023

This research paper delves into the complex landscape of cybercrime and its legal implications within India. The advent of the digital age has given rise to numerous challenges for law enforcement agencies, policymakers, and legal systems worldwide. This paper examines the multifaceted issues surrounding cybercrime, focusing on jurisdictional challenges, privacy concerns, and the admissibility of digital evidence. Through an analysis of existing legal frameworks, case studies, and scholarly research, this paper aims to shed light on the evolving nature of cybercrime and the legal responses required to address this growing threat. Cybercrime has emerged as one of the most significant threats in the digital age. Cyberattacks' frequency, scale, and sophistication continue to increase, affecting individuals, organisations, and governments worldwide. It is essential to comprehend the nature of cybercrime to develop effective strategies to prevent, detect, and respond to these threats. cybercrime represents a significant challenge in the digital era, requiring a comprehensive understanding of its nature, scope, and legal implications. By studying cybercrime, researchers, policymakers, legal professionals, and law enforcement agencies can develop proactive measures to combat this growing threat, safeguard individuals and organisations, and ensure a secure digital environment. This research paper seeks to provide insights into the evolving nature of cyber threats, identify areas of improvement in legal frameworks, and offer recommendations for enhancing responses to cybercrime regarding jurisdictional issues, privacy concerns, and the admissibility of digital evidence. privacy concerns in cybercrime investigations require striking a balance between effective law enforcement and protecting individual privacy rights. This can be achieved through adherence to legal safeguards, such as obtaining proper warrants, conducting targeted surveillance, minimising data collection and retention, implementing strong security measures, and ensuring transparent oversight and accountability mechanisms.

Keywords: Cyber Crimes, Identity Theft, Cyber Security, Digital Evidence, Privacy,

Suggested Citation: Suggested Citation

Ishan Atrey (Contact Author)

University of petroleum & energy studies (upes) school of law ( email ).

Kandoli Campus Dehradun, Uttrakhand 248007 India

Indian Institute of Management (IIM), Rohtak ( email )

Maharshi Dayanand University Delhi Rd Rohtak, Haryana 124001 India

Do you have a job opening that you would like to promote on SSRN?

Paper statistics, related ejournals, cyberspace law ejournal.

Subscribe to this fee journal for more curated articles on this topic

Criminal Law eJournal

Evidence & evidentiary procedure ejournal, information privacy law ejournal, cybersecurity, privacy, & networks ejournal, cybersecurity & data privacy law & policy ejournal.

• My Shodhganga
• Receive email updates
• Edit Profile

Shodhganga : a reservoir of Indian theses @ INFLIBNET

• Shodhganga@INFLIBNET
• Maharaja Agrasen University
• Maharaja Agrasen School of Law

Items in Shodhganga are licensed under Creative Commons Licence Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).

Cyber Laws in India: An Overview

• February 2022
• 04(01):1391-1411

• Narsee Monjee Institute of Management Studies

Discover the world's research

• 25+ million members
• 160+ million publication pages
• 2.3+ billion citations

• Pranav Prakash
• Yash Vasoya

• Ketan Sabale
• Saraswati Kumari
• Ashwani Sharma
• Vishwas Khattar
• Vardaan Khattar
• Nitisha Aggarwal
• Mitu Sehgal

• Marco Gercke
• Recruit researchers
• Join for free
• Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

Laws Relating to Cyber Crimes: Theories and Legal Aspects

This paper mainly deals with the laws relating to the cyber crimes in India. The objectives of this research paper are four-fold: firstly, to analyze the concept of jurisdiction and the various theories to determine jurisdiction in cases where such offences are committed relating to cyber crimes; secondly, to analyze the jurisdiction theories applicable under Cybercrime Convention; thirdly, to analyze the jurisdiction theories applicable under the Information Technology Act, 2000; and fourthly, to analyze whether there can be one jurisdiction theory that may globally be applicable to all cyber crimes. For the sake of convenience, this research paper has been divided into various parts. The paper focuses on the various theories of jurisdiction and the jurisdiction principles applicable under the Cybercrime Convention, 2001 on cybercrime. The jurisdiction principle applicable under the Information Technology Act, 2000 have also been discussed in the paper.

Related Papers

Armando Cottim

Ever since Cain and Abel, crime is a “known known” to human kind. Modern criminal codes have dealt quite well with crime within terri torial boundaries and even, sometimes, outside those boundaries, by applying themselves to crimes committed by nationals abroad. Criminal law has then been almost purely domestic, w th external threats to the public order of States being dealt with by the military. Yet, the revolution in information technologies has changed society to a point where advances in programming artificial intelligence sof tware and in the processing capacity of desktop and/or laptop computers are leading society to a time when a cyberbot will be impossible (or at least very difficult) to distingu ish from a human person. 1

Ahmed Yousef ElGohary Yousef

Ahmed Y. ElGohary Yousef

The cyber operations that are not at the level of the prohibited use of force under article 2(4) or are not at the level of an armed attack under article 51; can nevertheless form a breach of many other laws, such as the principle of state sovereignty.

Computer Law & Security Review

Nazura Abdul Manap

International Review of Law, Computers & Technology

Subhajit Basu

In India, the Information Technology Act, received the Presidential Assent in June 2000. The Act is based on the Model Law on E-Commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL). The essence of the Act is captured in the long title: ‘An act to provide for the legal recognition of transactions carried out by … alternatives to paper-based methods of communication and storage of information …’. In a previous article the authors reviewed the ‘heavy handed’ approach taken by the Indian government to the regulation of Certificating Authorities,1 this article continues this theme and evaluates the provisions of the Act in and around a range of jurisdiction, crime and privacy issues. Unlike similar legislation in Singapore, Malaysia, South Korea and Thailand, which primarily focuses on the regulation of e-commerce, the Information Technology Act 2000 introduces and enacts for the first time in India a range of e-commerce and Internet related criminal offences, these provisions provide a range of executive powers that the authors consider will significantly impair the rights of privacy and free speech of both citizens of India and of other countries.

Michael Vagias

This article discusses the question of the territorial jurisdiction of the International Criminal Court over international crimes committed through the Internet. It argues that the Court may assert its territorial jurisdiction over such conduct consistently with international law and the Rome Statute, by localising the cyber-commission of a core crime in whole or in part within the territory of States Parties. However, to mitigate state complaints of jurisdictional overreach, it further argues that the Court could avoid the outright endorsement of extensive versions of territorial jurisdiction. Instead, it should pursue first a detailed analysis of core crimes, followed by a well-versed application of territoriality. In closing, the article discusses the application of this approach in the example of online incitement to commit genocide.

Nahida Siddika

Abstract : Peoples from any country or nation have the access to cyberspace and this it’s like a global village. Law permits the exercise of states jurisdiction within or outside of the territory if the interests of that nation or any of its nationals are prejudiced by any act committed by any person of the world. That might be a real life offence or any virtual offence with or without any real life effect. From that point of view cyberspace is supposed to be regulated by the universally accepted and regulated rules. All user states should have equal opportunity to exercise their jurisdiction when the interest of the state or any of its nationals has been prejudiced. Right to “Equality” and “Non discrimination” are also established as peremptory norms ( jus cogens) under international law, derogation from which are not permissible. But unfortunately all the states do not get equal and non discriminatory treatment in cyberspace and the actual governing or controlling power of cyberspace are in the hand of some particular owner states of the internet intermediaries. This jurisdictional inequality has created an imbalanced situation in cyberspace which has affected the sovereign power of the other states both in virtual and real life.

Jurisdiction and the Internet: Regulatory Competence over Online Activity

chibuko ibekwe

Information & …

Kim Stevenson

Electronic Business Law Reports

Yaman Akdeniz

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

RELATED PAPERS

Myriam Dunn Cavelty

Michelle Manda

Ignas Kalpokas

Aaron Alasa

FACULTY OF LAW, UNIVERSITY OF LAGOS

Victor Bett

Luisa Zappalà

Nazeni Simonyan

Bond Law Review

Jasmine Valcic

David Silla (Advocate)

Sorowar Nizami

Paul Arnell

Abdul Moomin

SMART M O V E S J O U R N A L IJELLH

Ketan Patel

Revista de Informação Legislativa

Jacqueline Abreu

Advocate Dipen Shah

Sibaleya Chikuba

James Banks

Mulungushi University

NYUJ Int'l L. & Pol.

Julien Mailland

Robert Currie

Tommaso De Zan

Research Handbook on Jurisdiction and Immunities in International Law

Tuan Phung Minh

Criminal Justice Matters

Russell Smith

H van der Wilt (ed), The Internationalisation of Transnational Law (Edward Elgar)

Ilias Bantekas

Center for International Security …

Seymour Goodman

Jurimetrics

Joel Reidenberg

Research Handbook on EU Internet Law

Alisdair Gillespie

Mahboob Usman

Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad

Murdoch M Watney

Fahad Bin Siddique

RELATED TOPICS

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

Advertisement

Cybercrime and Artificial Intelligence. An overview of the work of international organizations on criminal justice and the international applicable instruments

• Open access
• Published: 22 February 2022
• Volume 23 , pages 109–126, ( 2022 )

Cite this article

You have full access to this open access article

• Cristos Velasco 1 , 2 , 3  

16k Accesses

9 Citations

6 Altmetric

Explore all metrics

The purpose of this paper is to assess whether current international instruments to counter cybercrime may apply in the context of Artificial Intelligence (AI) technologies and to provide a short analysis of the ongoing policy initiatives of international organizations that would have a relevant impact in the law-making process in the field of cybercrime in the near future. This paper discusses the implications that AI policy making would bring to the administration of the criminal justice system to specifically counter cybercrimes. Current trends and uses of AI systems and applications to commit harmful and illegal conduct are analysed including deep fakes. The paper finalizes with a conclusion that offers an alternative to create effective policy responses to counter cybercrime committed through AI systems.

Similar content being viewed by others

Artificial Intelligence Crime: An Interdisciplinary Analysis of Foreseeable Threats and Solutions

Cyber Threats and National Security: The Use and Abuse of Artificial Intelligence

Avoid common mistakes on your manuscript.

1 Introduction

Undoubtedly, AI has brought enormous benefits and advantages to humanity in the last decade and this trend will likely continue in coming years since AI is gradually becoming part of the digital services that we use in our daily lives. Many governments around the world are considering the deployment of AI systems and applications to help them achieve their activities and more concretely to facilitate the identification and prediction of crime. Footnote 1 Further, national security and intelligence agencies have also realized the potential of AI technologies to support and achieve national and public security objectives.

There are significant developments of AI technologies like the use of facial recognition in the criminal justice realm, the use of drones, lethal autonomous weapons and self-driving vehicles that when not properly configured or managed without proper oversight mechanisms in place have the potential to be used for disruptive purposes and harm individual’s rights and freedoms.

Currently, there is an ongoing discussion in international policy and legislative circles on the revision and improvement of the liability framework and threshold concerning AI systems and technologies, Footnote 2 although due to the complexity of the topic and the different legal approaches around the world concerning civil liability, there will probably not be a consensus on a harmonized and uniformed response, at least not in the near future.

Further, AI and machine learning have the potential and offer the possibility to detect and respond to cyberattacks targeted to critical infrastructure sectors including water, energy and electricity supplies, as well as the correct management of cybersecurity solutions to help reduce and mitigate security risks. Footnote 3 However, many complex challenges remain particularly for small and medium enterprises which continue to rely on limited budgets to improve their cybersecurity capabilities.

Due to the COVID-19 pandemic, a large part of the world’s connected population was confined. This situation made companies and individuals more dependent on the use of systems, technologies and applications based on AI to conduct their activities, including remote work, distance learning, online payments or simply having access to more entertainment options like streaming and video on demand services. Unfortunately, this situation also led organized criminal groups to reconsider and re-organized their criminal activities in order to specifically target a number of stakeholders, including international organizations, Footnote 4 research and health sector entities, Footnote 5 supply chain companies Footnote 6 and individuals. We have witnessed that organized criminal groups have largely improve their CasS (crime as a service) capabilities and turn their activities into higher financial profits with very small possibilities of being traced by law enforcement and brought to justice.

Through the use of AI technologies, cybercriminals have not only found a novel vehicle to leverage their unlawful activities, but particularly new opportunities to design and conduct attacks against governments, enterprises and individuals. Although, there is no sufficient evidence that criminal groups have a strong technical expertise in the management and manipulation of AI and machine learning systems for criminal purposes, it is true that said groups have realized its enormous potential for criminal and disruptive purposes. Footnote 7 Further, organized criminal groups currently recruit and bring technical skilled hackers into their files to manipulate, exploit and abuse computer systems and to perpetrate attacks and conduct criminal activities 24/7 from practically anywhere in the world. Footnote 8

2 Current cybercrime trends

Current trends and statistics show that cybercriminals are relying more on the use of IoT to write and distribute malware and target ransomware attacks which are largely enhanced through AI technologies. Footnote 9 This trend will likely continue as it is expected that more than 2.5 million devices will be fully connected online in the next 5 years including industrial devices and critical infrastructure operators which will make companies and consumers more vulnerable to cyberattacks. Footnote 10

Furthermore, the discussion on bias and discrimination Footnote 11 are also relevant debated aspects on AI policy in many international and policy making circles. Footnote 12 The widespread use of technologies based on facial recognition systems, Footnote 13 deserves further attention in the international policy arena because even when facial recognition may be very appealing for some governments to enhance aspects of public security and safety to prioritize national security activities, including terrorist activities, this technology may as well raises relevant and polemic issues concerning the protection of fundamental rights, including privacy and data protection under existing international treaties and conventions, topics that are currently being discussed in relevant international fora including the Council of Europe, the European Commission, the European Parliament Footnote 14 and the OECD.

There is an ongoing global trend to promote misinformation with the support of AI technologies known as ‘bots’. Footnote 15 Bots are mainly used to spread fake news and content throughout the internet and social networks and have the chilling effect of disinforming and misleading the population, particularly younger generations who cannot easily differentiate between legitimate sources of information and fake news. Further, the use of ‘bots’ have the potential to erode trust and question the credibility of the media and destabilize democratic and government institutions.

Although AI holds the prospect to enhance the analysis of big amounts of data to avoid the spread of misinformation in social networks, Footnote 16 humans still face the challenge to check and verify the credibility of the sources, an activity which is usually conducted by content moderators of technology companies and media outlets without specific links to government spheres, a situation that has led relevant policy making institutions like the European Commission to implement comprehensive and broad sets of action to tackle the spread and impact of online misinformation. Footnote 17

Another trend and technology widely used across many industries are deep fakes. Footnote 18

The abuse and misuse of deepfakes has become a major concern in national politics Footnote 19 and among law enforcement circles. Footnote 20 Deepfakes have been used to impersonate politicians, Footnote 21 celebrities and CEO’s of companies which may be used in combination with social engineering techniques and system automatization to perpetrate fraudulent criminal activities and cyberattacks. The use of deep fake technologies for malicious purposes is expanding rapidly and is currently being exploited by cybercriminals on a global scale. For example, in 2019, cybercriminals used AI voice generating software to impersonate the voice of a Chief Executive of an energy company based in the United Kingdom and were able to obtain $243,000 and distribute the transfers of the funds to bank accounts located in Mexico and other countries. Footnote 22

Another relevant case occurred in January 2020 where criminals used deep voice technology to simulate the voice of the director of a transnational company. Through various calls with the branch manager of a bank based in the United Arab Emirates, criminals were able to steal $35 million that were deposited into several bank accounts, making the branch manager of the bank believe that the funds will be used for the acquisition of another company. Footnote 23

The spoofing of voices and videos through deep fakes raise relevant and complex legal challenges for the investigation and prosecution of these crimes. First and foremost, many law enforcement authorities around the world do not yet have full capabilities and trained experts to secure evidence across borders, and often times the lack of legal frameworks particularly procedural measures in criminal law to order the preservation of digital evidence and investigate cybercrime represents another major obstacle. Second, since most of these attacks are usually orchestrated by well organized criminal groups located in different jurisdictions, there is the clear need for international cooperation, and in particular a close collaboration with global services providers to secure subscriber and traffic data, as well as to conduct more expedited investigations and law enforcement actions with other countries through the deployment of joint investigation teams in order to be able to trace and locate the suspects and follow the final destination of illicit funds. Footnote 24 Cross-border cybercrime investigations are complex, lengthy, and do not always necessarily result in convictions of the perpetrators.

Further, cyberattacks based on AI systems is a growing trend identified by the European Cybercrime Centre (EC3) of EUROPOL in its Internet Crime Threat Assessment Report 2020 . According to the EC3, the risks concerning the use of AI for criminal purposes need to be well understood in order to protect society against malicious actors. According to the EC3, “through AI, criminals may facilitate and improve their attacks by maximizing their opportunities for profit in a shorter period of time and create more innovative criminal business models, while reducing the possibility of being traced and identified by criminal justice authorities”. Footnote 25

Further, the EC3 of EUROPOL recommends the development of further knowledge regarding the potential use of AI by criminals with a view to better anticipating possible malicious and criminal activities facilitated by AI, as well as to prevent, respond to, or mitigate the effects of such attacks in a more proactive manner and in close cooperation with industry and academia. Footnote 26

3 Strategic partnerships

Due to the complexities that the misuse and abuse of AI systems for criminal purposes entail for law enforcement agencies, key stakeholders are trying to promote the development of strategic partnerships between law enforcement, international organizations and the private sector to counter more effectively against the misuse and abuse of AI technologies for criminal purposes. For example, in November 2020, Trend Micro Research, the EC3 of EUROPOL and the Centre for Artificial Intelligence and Robotics of the UN Interregional Crime and Justice Research Institute (UNICRI) published the report: Malicious Uses and Abuses of Artificial Intelligence . Footnote 27 This report contains an in-depth technical analysis of present and future malicious uses and abuses of AI and related technologies that drew from the outcomes of a workshop organized by EUROPOL, Trend Micro and UNICRI in March 2020. The report highlights relevant technical findings and contains examples of AI capabilities divided into “malicious AI uses” and “malicious AI abuses”. The report also sets forth future scenarios in areas like AI supported ransomware, AI detection systems, and developed a case study on deepfakes highlighting the development of major policies to counter it, as well as recommendations and considerations for further and future research. Footnote 28

Strategic initiatives and more partnerships like the one mentioned above are further needed in the field of AI and cybercrime to ensure that relevant stakeholders particularly law enforcement authorities and the judiciary understand the complexities and dimensions of AI systems and start developing cooperation partnerships that may help to identify and locate perpetrators that misuse and abuse AI systems with the support of the private sector. The task is complex and needs to be achieved with the support of the technical and business community, otherwise isolated investigative and law enforcement efforts against criminals making use of AI systems will not likely succeed.

AI policy has been at the core of the discussions only in recent years. At the regional level, the European Commission has recently published a regulation proposal known as the Digital Services Act Footnote 29 though this proposal has just recently been opened for consultation and it will take a few years until it is finally approved.

On April 21, 20021, the European Commission published its awaited Regulation proposal for Artificial Intelligence Systems . Footnote 30 The proposal contains broad and strict rules and obligations before AI services can be put into the European market based on the assessment of different levels of risks. The regulation proposal of the European Commission also contains express prohibitions of AI practices that may contravene EU values and violate fundamental rights of citizens, and it establishes the European Artificial Intelligence Board (EIAB) as the official body that will supervise the application and enforcement of the regulation across the EU. Footnote 31

The prospect of developing a new international convention that will regulate relevant aspects concerning the impact and development of AI systems and the intersection with the protection of fundamental rights has been proposed by the Ad-Hoc Committee on Artificial Intelligence of the Council of Europe, better known as ‘CAHAI’. The work of CAHAI will be analysed in section 5.1 of this paper.

4 International instruments to counter cybercrime

At the international level, there are a number of international and regional instruments that are used to investigate “cyber dependent crime”, “cyber enabled crime” and “computer supported crime”. Footnote 32 This paper will only focus on the analysis of three major instruments of the Council of Europe which are applicable to criminal conduct and activities concerning the use of computer and information systems, the exploitation and abuse of children and violence against women committed through information and computer systems:

The Convention on Cybercrime better known as the ‘the Budapest Convention’ ;

The Convention on Protection of Children against Sexual Exploitation and Sexual Abuse, better known as ‘the Lanzarote Convention’ ; and

The Convention on preventing and combating violence against women and domestic violence better known as the ‘the Istanbul Convention’ .

4.1 The Budapest Convention

The Council of Europe’s Budapest Convention on Cybercrime is the only international treaty that criminalizes conducts and typologies committed through computer and information systems. This instrument contains substantive and procedural provisions for the investigation, execution and adjudication of crimes committed through computer systems and information technologies. Footnote 33 The Budapest Convention is mainly used as a vehicle for international cooperation to investigate and prosecute cybercrime among the now 66 State Parties, which includes many countries outside Europe. Footnote 34

The Cybercrime Convention Committee (T-CY) which is formed by State Parties, country observers invited to accede to the Budapest Convention and ad-hoc participants is the entity responsible inter alia for conducting assessments of the implementation of the provisions of the Budapest Convention, as well as the adoption of opinions and recommendations regarding the interpretation and implementation of its main provisions. Footnote 35

During the 2021 Octopus Conference on Cooperation against Cybercrime in November 2021 that marked the 20th anniversary of the Budapest Convention, the organizers announced that the Committee of Ministers of the Council of Europe approved the adoption of the Second Additional Protocol to the Budapest Convention on enhanced cooperation and the disclosure of electronic evidence as originally adopted by 24 the Plenary Session of the T-CY Committee in May 2021. The text of the Second Additional Protocol will be officially opened for signature among State parties to the Budapest Convention in the summer of 2022. Footnote 36

The Second Additional Protocol to the Budapest Convention on enhanced cooperation and the disclosure of electronic evidence regulates inter alia how the information and electronic evidence - including subscriber information, traffic data and content data - may be ordered and preserved in criminal investigations among State Parties to the Budapest Convention. It provides a legal basis for disclosure of information concerning the registration of domain names from domain name registries and registrars and other key aspects concerning cross-border investigations including mutual legal assistance procedures, direct cooperation with service providers, disclosure of data in emergency situations, protection of safeguards for transborder access to data and joint investigation teams. Footnote 37

Although, the T-CY Committee has not yet fully explored how the Budapest Convention and its first additional protocol on xenophobia and racism may be applicable in the context of technologies and systems based on AI, it is worth mentioning that the Budapest Convention was drafted with broad consideration of the principle of technological neutrality precisely because the original drafters of this instrument anticipated how the threat landscape for cybercrime would likely evolve and change in the future. Footnote 38

The Budapest Convention contains only a minimum of definitions; however, this instrument criminalizes a number of conducts and typifies many offenses concerning computer and content related crimes that may as well be applicable to crimes committed through the use of AI systems.

During the 2018 Octopus Conference on Cooperation against Cybercrime, the Directorate General of Human Rights and Rule of Law of the Council of Europe convened a panel on AI and Cybercrime Footnote 39 where representatives of the CoE presented its early activities and findings on AI policy. Footnote 40 Although the panel presentations were more descriptive concerning the technical terminology used in the field AI at that time, some speakers highlighted and discussed some of the challenges that AI poses to law enforcement authorities like for instance the criminalization of video and document forgery and how authorities could advance the challenge to obtain and preserve electronic evidence in court. Footnote 41

The 2021 Octopus Conference on Cooperation against Cybercrime held fully online from 16-18 November 2021 due to the COVID-19 situation, held a panel on “Artificial Intelligence, cybercrime and electronic evidence”. Footnote 42 This panel discussed complex questions concerning criminal liability and trustworthiness of evidence of AI systems in auditing and driving automation and assistance; and other relevant aspects concerning harms and threats of misinformation and disinformation developed by AI systems and effective responses, countermeasures and technical solutions from the private sector.

AI and cybercrime are relevant aspects that need further analysis and detailed discussions among the TC-Y and State Parties to the Budapest Convention, particularly since there has been an increase of cases concerning the misuse of AI technologies by cybercriminals and as vehicles to launch cyberattacks and commit criminal offenses against individuals in the cyberspace. Questions such as who will bear the responsibility for a conduct committed through the use of algorithms and machine learning and the liability threshold among State Parties need further discussion and clarification since the regulation of criminal liability differs significantly among the legal systems of many countries, as well as to explore the development of strategic partnerships in other regions of the world to counter attacks based on AI systems.

4.2 The Lanzarote Convention

The Council of Europe Lanzarote Convention is an international treaty that contains substantive legal measures for the protection of children from sexual violence including sexual exploitation and abuse of children online. Footnote 43 This convention harmonizes minimum legal conducts at the domestic level to combat crimes against children and provide measures for international cooperation to counter the sexual exploitation of children. The Lanzarote Convention requires the current 48 State Parties to offer a holistic response to sexual violence against children through the “4Ps approach”: Prevention, Protection, Prosecution and Promotion of national and international cooperation. Footnote 44 The monitoring and implementation body of the Lanzarote Convention is conducted by the Committee of the Parties, also known as the ‘Lanzarote Committee’ . This committee is formed by State Parties and it is primarily responsible for monitoring how State Parties put legislation, policies and countermeasures into practice, including organizing capacity building activities to exchange information and best practices concerning the implementation of the Lanzarote Convention across State Parties. Footnote 45

Like, the TC-Y, the ‘Lanzarote Committee’ has not yet fully explored how the substantive and procedural criminal law provisions of the Lanzarote Convention may apply in the context of the use of AI systems for criminal related purposes, a situation that needs to be further discussed among State Parties in order to not only share and diffuse knowledge on current trends among State Parties of that treaty, but to also help identify illicit conducts and abuse and exploitation of children through AI systems, as well as an analysis of positive uses of AI technologies for the prevention of crimes concerning the protection of children online.

4.3 The Istanbul Convention

The Istanbul Convention is another treaty of the Council of Europe the main purpose of which is to protect women against all forms of violence and to counter and eliminate all forms of violence against women including aspects of domestic violence. Footnote 46 The Istanbul Convention consists of four main pillars: (i) prevention, (ii) protection of victims, (iii) prosecution of offenders, and (iv) implementation of comprehensive and coordinated policies to combat violence against women at all levels of government. The Istanbul Convention establishes an independent group of experts known as the GREVIO (Group of Experts on Action against Violence against Women and Domestic Violence). The GREVIO is responsible for monitoring the effective implementation of the provisions of the Istanbul Convention by the now 34 States Parties. Footnote 47

The Istanbul Convention does not specifically contain specific provisions in the context of violence committed through the use of information technologies, however the GREVIO is currently analysing approaches to extend the application of the commission of illegal conducts through the use of computer and information systems within the national legal framework of State Parties. Footnote 48 The GREVIO adopted during its twenty-fifth meeting on 20 October 2021, a General Recommendation on the Digital Dimension of Violence against Women . Footnote 49 The Recommendation addresses inter alia the application of the general provisions of the Istanbul Convention in relation to conducts and crime typologies committed against women in cyberspace and proposes specific actions to take, based on the four pillars of the Istanbul Convention: prevention, protection, prosecution and coordinated policies.

As part of promoting the scope of the adopted General Recommendation, the GREVIO held a conference in Strasbourg in November 24, 2021 that featured a keynote address of the Commissioner of Human Rights of the Council of Europe and presentations of the President of the GREVIO and the Chair of the Committee of the Parties to the Istanbul Convention followed by a panel discussion with representatives of EU member states, internet industry and civil society. Footnote 50 Among the relevant points made during the panel discussions were how the recommendation may help to advance legal and policy developments, attention of victims of current forms of cyberviolence, further international cooperation and to contribute to the general understanding of the scope of the provisions of the Istanbul Convention and other key instruments of the Council of Europe including the Budapest Convention and the Lanzarote Convention in relation to digital violence against women. Footnote 51

The Cybercrime Convention Committee (T-CY) issued a comprehensive report titled Mapping Study on Cyberviolence with recommendations adopted by the TC-Y on 9 July, 2018. Footnote 52

The mapping study developed a working definition on “cyberviolence” Footnote 53 and described how the different forms of cyberviolence may be classified and criminalized under the Budapest-, Lanzarote- and Istanbul Conventions. According to the mapping study “not all forms of violence are equally severe and not all of them necessarily require a criminal law solution but could be addressed with a combination of preventive, educational, protective and other measures” . The main conclusions of the Cybercrime Convention Committee (T-CY) in the Mapping Study on Cyberviolence were:

the Budapest Convention and its additional Protocol on Racism and Xenophobia covers and address some types of cyberviolence;

the procedural powers and the provisions on international cooperation of the Budapest Convention will help to support the investigation of cyberviolence and the secure and preservation of digital evidence; and

the Budapest, the Istanbul and Lanzarote conventions complement each other and should promote synergies. These synergies may include raising further awareness and capacity building activities among Parties to said treaties; encourage parties to the Lanzarote and Istanbul Conventions to introduce the procedural powers contained in the Budapest Convention ( Arts. 16-21 ) into domestic law and consider becoming parties to the Budapest Convention to facilitate international cooperation on electronic evidence in relation to crimes related to cyberviolence; encourage parties to the Budapest Convention to implement the provisions on psychological violence, stalking and sexual harassment of the Istanbul Convention, as well as the provisions on sexual exploitation and abuse of children online of the Lanzarote Convention, among others . Footnote 54

Cyberviolence and crimes concerning the abuse and exploitation of children online require strategic cooperation of different stakeholders. Other key institutions at the regional level like the European Commission have also explored paths on how AI systems may help to identify, categorise and remove child sexual abuse images and to minimise the exposure of human investigators to distressing images and the importance of the role of internet hotlines in facilitation the reporting process. Footnote 55

5 Ongoing work of international organizations

5.1 council of europe cahai.

The Ad-Hoc Committee on Artificial Intelligence of the Council of Europe (CAHAI) Footnote 56 was established by the Committee of Ministers during its 1353rd meeting on 11 September 2019. Footnote 57 The specific task of CAHAI is “to complete the feasibility study and produce the potential elements on the basis of broad multi-stakeholder consultations, of a legal framework for the development, design and application of artificial intelligence, based on the Council of Europe’s standards on human rights, democracy and the rule of law.”

The work of CAHAI is relevant because it sets forth a multi-stakeholder group where global experts may provide their views on the development of policies on AI, to forward meaningful proposals to ensure the application of international treaties and technical standards on AI and submit proposals for the creation of a future legal instrument that will regulate AI while ensuring the protection of fundamental rights, rule of law and democracy principles contained in relevant instruments of the Council of Europe, like Convention 108+, the Budapest, Lanzarote and Istanbul Conventions, among others. Footnote 58

The work of CAHAI will impact the 47 members states and country observers of the Council of Europe, particularly state institutions including national parliamentarians and policy makers who are responsible for the implementation of international treaties into their national legal frameworks. Therefore, the inclusion and participation of relevant stakeholders from different nations will play a decisive role in the future implementation of a global treaty on AI in the coming years.

5.2 European Parliament

The European Parliament (EP) is perhaps the most proactive legislative and policy making institution worldwide. The European Parliament has a Centre for Artificial Intelligence known as (C4AI) that was established in December 2019. Footnote 59 The EP has Committees that analyse the impact of policy related aspects of AI in many different areas including cybersecurity, defence, predictive policing and criminal justice. The most active committee is the Special Committee on Artificial Intelligence in a Digital Age (AIDA Committee) Footnote 60 that has organized many hearings and workshops with different experts and stakeholders on AI from different regions of the world to hear views and opinions on the Regulation proposal for Artificial Intelligence Systems . Footnote 61

According to the President of the AIDA Committee, “the use of AI in law enforcement is a political decision and not a technical one, our duty is to apply the political worldview to determine what are the allowed uses of AI and under which conditions” . Footnote 62

As a result of the existing dangers and risks posed by the use of AI systems across Europe, the European Parliament adopted a resolution on 6 October 2021 that calls for a permanent ban on AI systems which allow for the use of automated recognition of individuals by law enforcement in public spaces. Further, the resolution calls for a moratorium on the deployment of facial recognition systems for law enforcement purposes and a ban on predictive policing based on behavioural data and social scoring in order to ensure the protection of fundamental rights of European citizens. Footnote 63

The Committee on Civil Liberties, Justice and Home Affairs of the European Parliament has also conducted relevant work on AI and criminal justice. On February 20, 2020, said committee conducted a public hearing on “Artificial Intelligence in Criminal Law and its use by the Police and Judicial Authorities” where relevant opinions and recommendations of experts and international organizations were discussed and presented. Footnote 64

Further, the AIDA Committee of the European Parliament held a two-day public hearing with the AFET Committee on March 1 st and 4 th 2021. The first hearing was on “AI Diplomacy and Governance in a Global Setting: Toward Regulatory Convergence”, and the second hearing on “AI, Cybersecurity and Defence”. Footnote 65 Many relevant aspects of AI policy were mentioned during the hearings, including the support of a transatlantic dialogue and cooperation on AI, the development of ethical frameworks and standards, the development of a shared system of norms, respect of fundamental rights, diplomacy and capacity building among others. Although, there was mention on the importance of AI for cybersecurity in the defence realm and how AI might be helpful to mitigate cyberattacks and protect critical infrastructure, there was no specific mention on how the current international treaties on cybercrime and national legal frameworks may coexist with a future treaty on AI to counter cybercrime more effectively.

The dialogue and engagement of the different committees of the European Parliament on AI policy is key for the future implementation of policies in the criminal justice area concerning the use and deployment of AI systems and applications. The European Parliament should continue to promote further dialogues and activities with other international organizations like the Council of Europe and the OECD, as well as with national parliamentarians around the world to help them understand the dimensions and implications of creating regulations and policies on AI to specifically counter cybercrime.

5.3 The UN Interregional Crime and Justice Research Institute (UNICRI) Centre for Artificial Intelligence and Robotics

The Centre for Artificial Intelligence and Robotics of the United Nations Interregional Crime and Justice Research Institute (UNICRI), a research arm of the United Nations is very active in the organization of workshops and information and reports to demystify the world of robotics and AI and to facilitate an in-depth understanding of the crimes and threats conducted through AI systems among law enforcement officers, policy makers, practitioners, academia and civil society. UNICRI and INTERPOL drafted the report “ Artificial Intelligence and Robotics for Law Enforcement” Footnote 66 in 2019 that draws upon the discussions of a workshop held in Singapore in July 2018. Among the main findings of UNICRI and INTERPOL’s report are:

“AI and Robotics are new concepts for law enforcement and there are expertise gaps that should be filled to avoid law enforcement falling behind.” “Some countries have explored further than others and a variety of AI techniques are materializing according to different law enforcement authorities. There is, however, a need for greater international coordination on this issue.”

The mandate of the Centre for Artificial Intelligence and Robotics of UNICRI is quite broad. It covers policy related aspects of AI in the field of criminal justice including areas such as cybersecurity, autonomous weapons, self-driving vehicles and autonomous patrol systems. UNCRI organizes every year the Global Meeting on Artificial Intelligence for Law Enforcement , an event that discusses relevant developments on AI with experts and stakeholders from different sectors and countries to enhance and improve the capabilities for law enforcement authorities and the criminal justice system in the use and deployment of AI technologies. Footnote 67

The Centre for Artificial Intelligence and Robotics of UNICRI is currently working with a group of experts from INTERPOL, the European Commission and other relevant institutions and stakeholders in the development of a Toolkit for Responsible AI Innovation in Law Enforcement . The toolkit will provide and facilitate practical guidance for law enforcement agencies around the world on the use of AI in a trustworthy, lawful and responsible manner. The toolkit addresses practical insights, use cases, principles, recommendations, best practices and resources which will help to support law enforcement agencies around the world to use AI technologies and applications. Footnote 68

6 Conclusion

The use of AI systems across different sectors is an ongoing trend, and this includes authorities of the criminal justice system which have realized the benefits and advantages of using this technology. National law enforcement authorities involved in the investigation of cybercrime are not yet fully prepared to deal with the technical and legal dimensions of AI when used for disruptive or malicious purposes. Further, there is no yet sufficient evidence to justify whether law enforcement authorities around the world are well equipped and trained to gather cross-border evidence to conduct national investigations where an AI system was involved in the commission or perpetration of an illicit conduct.

Second, the coordination and cooperation with service providers and companies that manage and operate AI systems and services is crucial to help determine its abuse and misuse by perpetrators. However, these tasks bring a number of technical and legal challenges, since most AI systems rely on an internet connection to function where oftentimes subscriber and traffic data is needed to conduct an investigation. Therefore, global service providers will also have an important role to play in the possible identification and location of cybercriminals, a situation that needs well-coordinated efforts, measures and responses based on international treaties and national laws between law enforcement authorities and private sector entities. The need for further strategic partnerships to counter cybercrime is more important than ever.

The future work of international organizations like UNICRI, the Council of Europe through CAHAI and the T-CY Committee of the Budapest Convention will be very relevant for policy makers and law enforcement authorities for the correct guidance in the implementation of future national policies on AI. The CAHAI may fill up the missing discussions in international fora concerning AI to specifically counter cybercrime based on the current standards of the Council of Europe like the Budapest Convention, the Lanzarote Convention and the Istanbul Convention, as well as the emerging practices of members states to specifically counter cyber enable crimes.

The creation of national taskforces on cybercrime (composed of law enforcement authorities, representatives of the judiciary, AI technology developers and global service providers) may serve as a relevant vehicle to coordinate and tackle illicit conducts concerning the misuse and abuse of AI technologies. These taskforces may be articulated in the context of the national strategies on AI and should be linked to the tasks of the criminal justice authorities to specifically counter cybercrime.

Burgess, Matt, “Police built an AI to predict violent crime. It was seriously flawed”, WIRED, August 6, 2020, available at: https://www.wired.co.uk/article/police-violence-prediction-ndas .

European Commission, “Liability for Artificial Intelligence and other emerging digital technologies”, Report from the Experts Group on Liability and New Technologies-New Technologies Formation, European Union 2019, available at: https://digital-strategy.ec.europa.eu/en/policies/european-approach-artificial-intelligence . See also: European Parliament Research Service (EPRS), “The European added value of a common EU approach to liability rules and insurance for connected and autonomous vehicles” Study published by the European Added Value Unit, February 2018, available at: https://www.europarl.europa.eu/RegData/etudes/STUD/2018/615635/EPRS_STU(2018)615635_EN.pdf .

MIT Technology Review, “Transforming the Energy Industry with AI”, January 21, 2021, available at: https://www.technologyreview.com/2021/01/21/1016460/transforming-the-energy-industry-with-ai/ .

World Health Organization (WHO), “WHO reports fivefold increase in cyberattacks, urges vigilance”, April 23, 2020, available at: https://www.who.int/news/item/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance .

The New York Times, “Cyber Attack Suspected in German Woman’s Death”, September 18, 2020, available at: https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html .

Supply Chain, “Lessons Learned from the Vaccine Supply Chain Attack”, January 16, 2021, available at: https://www.supplychaindigital.com/supply-chain-risk-management/lessons-learned-vaccine-supply-chain-attack .

Prakarsh and Riya Khanna, “Artificial Intelligence and Cybercrime- A curate’s Egg”, Medium, June 14, 2020, available at: https://medium.com/the-%C3%B3pinion/artificial-intelligence-and-cybercrime-a-curates-egg-2dbaee833be1 .

INTSIGHTS, “The Dark Side of Latin America: Cryptocurrency, Cartels, Carding and the Rise of Cybercrime”, p.6, available at: https://wow.intsights.com/rs/071-ZWD-900/images/Dark%20Side%20of%20Latin%20America.pdf . See also, “The Next, El Chapo is Coming for your Smartphone”, June 26, 2020, available at: https://www.ozy.com/the-new-and-the-next/the-next-el-chapo-might-strike-your-smartphone-and-bank/273903/ .

Malwarebytes Lab, “When Artificial Intelligence goes awry: separating science fiction from fact”, without publication date, available at: https://resources.malwarebytes.com/files/2019/06/Labs-Report-AI-gone-awry.pdf .

SIEMENS Energy, “Managed Detection and Response Service”, 2020, available at: https://assets.siemens-energy.com/siemens/assets/api/uuid:a95b9cd3-9f4d-4a54-8c43-77fbdb6f418f/mdr-white-paper-double-sided-200930.pdf .

POLITICO, “Automated racism: How tech can entrench bias”, March 2, 2021, available at: https://www.politico.eu/article/automated-racism-how-tech-can-entrench-bias/ .

For a discussion on discrimination caused by algorithmic decision making on AI, see ZUIDERVEEN BORGESIUS, Frederik, “Discrimination, Artificial Intelligence and Algorithmic decision making”. Paper published by the Directorate General of Democracy of the Council of Europe, 2018, available at: https://rm.coe.int/discrimination-artificial-intelligence-and-algorithmic-decision-making/1680925d73 .

See the Special Report on Facial Recognition of the Center for AI and Digital Policy (CAIDP) that contains a summary of key references on this topic contained in the 2020 Report on Artificial Intelligence and Democratic Values / The AI Social Contract Index 2020 prepared by CAIDP, December 2020, available at: https://caidp.dukakis.org/aisci-2020/ .

In October 2021, the European Parliament adopted a resolution to ban the use facial recognition technologies in public spaces by law enforcement authorities to ensure the protection of fundamental rights. See European Parliament, “Use of Artificial Intelligence by the police: MEPs oppose mass surveillance”. LIBE Plenary Session press release, October 6, 2021, available at: https://www.europarl.europa.eu/news/en/press-room/20210930IPR13925/use-of-artificial-intelligence-by-the-police-meps-oppose-mass-surveillance .

BBC, “What are ‘bots’ and how can they spread fake news, available at: https://www.bbc.co.uk/bitesize/articles/zjhg47h .

FORBES, “Fake News is Rampant, Here is How Artificial Intelligence Can Help” , January 21, 2021, available at: https://www.forbes.com/sites/bernardmarr/2021/01/25/fake-news-is-rampant-here-is-how-artificial-intelligence-can-help/?sh=17a6616e48e4 .

European Commission, “Tackling online disinformation”, 18 January 2021, available at: https://ec.europa.eu/digital-single-market/en/tackling-online-disinformation . For a general review of policy implications in the UK concerning the use of AI and content moderation, see Cambridge Consultants, “Use of AI in Online Content Moderation” . 2019 Report produced on behalf of OFCOM, available at: https://www.ofcom.org.uk/__data/assets/pdf_file/0028/157249/cambridge-consultants-ai-content-moderation.pdf .

Deepfakes are based on AI deep learning algorithms, an area of machine learning that applies neural net simulation to massive data sets to create fakes videos of real people. Deepfakes are trained algorithms that allows the recognition of data patterns, as well as human facial movement and expressions and can match voices that can imitate the real voice and gestures of an individual. See: European Parliamentary Research Service, “What if deepfakes made us doubt everything we see and hear (Science and Technology podcast], available at: https://epthinktank.eu/2021/09/08/what-if-deepfakes-made-us-doubt-everything-we-see-and-hear/ . Like, many technologies, deepfakes can be used as a tool for criminal related purposes such as fraud, extortion, psychological violence and discrimination against women and minors, see: MIT Technology Review, “A deepfake bot is being used to “undress” underage girls”, October 20, 2020, available at: https://bit.ly/3qj1qWx .

For specific information regarding the work of the US government to counter the use of deepfakes, see CNN, “ Inside the Pentagon’s race against deepfake videos” , available at: https://bit.ly/38aEqCS https://edition.cnn.com/interactive/2019/01/business/pentagons-race-against-deepfakes/ .

EURACTIV, “EU police recommend new online ‘screening tech’ to catch deepfakes”, November 20, 2020, available at: https://www.euractiv.com/section/digital/news/eu-police-recommend-new-online-screening-tech-to-catch-deepfakes/ .

The Verge, “Watch Jordan Peele use AI to make Barack Obama deliver a PSA about fake news”, April 17, 2018, available at: https://www.theverge.com/tldr/2018/4/17/17247334/ai-fake-news-video-barack-obama-jordan-peele-buzzfeed .

Wall Street Journal, “Fraudsters Use AI to Mimic CEO’s Voice in Unusual Cybercrime Case”, August 30, 2019, available at: https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402 .

GIZMODO, “Bank Robbers in the Middle East Reportedly ‘Cloned’ Someone’s Voice to Assist with $35 Million Heist”, October 14, 2021, available at: https://gizmodo.com/bank-robbers-in-the-middle-east-reportedly-cloned-someo-1847863805 .

The EC3 of Europol has developed good capacities and practice with other countries in the deployment of joint investigation teams to counter organized crime, including cybercrime. See the section on Join Investigation Team of Europol at: https://www.europol.europa.eu/activities-services/joint-investigation-teams .

INTERPOL (EC3), “Internet Crime Assessment Report 2020” (IOCTA 2020 Report), p. 18, available at: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020 . The Internet Crime Assessment Report 2021 (IOCTA 2021 Report) was published on 11 November 2021. The report of this year does not actually make any novel references to misuse and abuse of AI systems for criminal purposes, available at: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2021 .

IOCTA 2020 Report, Op. cit . note 25, p. 18.

Trend Micro Research, EUROPOL EC3 and UN Interregional Crime and Justice Research Institute (UNICRI), Malicious Uses and Abuses of Artificial Intelligence , 19 November 2020, available at: https://www.europol.europa.eu/publications-documents/malicious-uses-and-abuses-of-artificial-intelligence .

This report was also presented in a workshop on cybercrime, e-evidence and artificial intelligence during the 2021 Octopus Conference on Cooperation against Cybercrime organized by the Council of Europe on November 17, 2021 where the representatives of each organization highlighted the main aspects and features of the report, including current trends and concrete examples of misuse of AI technologies. The presentation is available at: https://rm.coe.int/edoc-1193149-v1-coe-ai-ppt/1680a4892f . The Digital Services Act establishes new rules and requirements for intermediary service providers which includes hosting providers and online platforms. This regulation covers inter alia rules on liability for online intermediary service platforms, establishes internal complaint handling systems and implement measures against online legal content. The Digital Services Act is currently a draft proposal under discussion between the European Parliament and the Council of the EU and it may take some years until it is finally approved, available at: https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package .

See Proposal for a Regulation of the European Parliament and the Council laying down harmonized rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, Brussels 21.4.2021, available at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0206&from=EN .

See: European Commission, “Europe fit for the Digital Age: Commission proposes new rules and actions for excellence and trust in Artificial Intelligence”, Brussels, April 21, 2021, available at: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_1682 . See also the website of the European Commission that explains the approach of the EC on AI and the relevant milestones in this area, available at: https://digital-strategy.ec.europa.eu/en/policies/european-approach-artificial-intelligence .

Among those instruments are: (i) The United Convention against Organized Crime and its Protocols ( Palermo Convention ); (ii) The Council of Europe Convention on Cybercrime ( Budapest Convention ) and its Additional Protocol concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems; (iii) The Council of Europe Convention on Protection of Children against Sexual Exploitation and Sexual Abuse ( Lanzarote Convention ); (iv) The African Union Convention on Cyber Security and Personal Data Protection ( Malabo Convention ); (v) Directive 2013/40/UE on attacks against information systems; (vi) Directive 2011/92/UE on combating the sexual abuse and exploitation of children and child pornography, among others.

The Budapest Convention requires that Party States amend their substantive and procedural criminal legislation to make it consistent with the substantive and procedural criminal law provisions of that treaty. Considering that cybercrime has a transnational dimension, the Budapest Convention also requires that countries implement international cooperation measures either to supplement or complement the existing ones, particularly when a country does not have mutual assistance and cooperation treaties in criminal matters in place, as well as to equip investigative and law enforcement authorities with the necessary tools and procedural mechanisms to conduct cybercrime investigations including measures concerning: (i) expedited preservation of stored computer data, (ii) disclosure of preserved traffic data, (iii) mutual assistance measures regarding access to stored computer data, (iv) trans-border access to stored computer data, (v) mutual assistance regarding real-time collection of traffic data, (vi) mutual assistance regarding the interception of content data, and the (vii) creation of a network or point of contact 24/7 to centralize investigations and procedures related to requests for data and mutual assistance concerning cybercrime investigations with other 27/7 points of contact.

See the Budapest Convention Chart of Signatures and Ratifications at: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185/signatures?p_auth=yUQgCmNc .

Cybercrime Convention Committee, “T-CY Rules of Procedure. As revised by T-CY on 16 October 2020”, Strasbourg, 16 October 2020, available at: https://rm.coe.int/t-cy-rules-of-procedure/1680a00f34 .

Council of Europe, “Second Additional Protocol to the Budapest Convention adopted by the Committee of Ministers of the Council of Europe”, Strasbourg, 17 November 2021, available at: https://www.coe.int/en/web/cybercrime/-/second-additional-protocol-to-the-cybercrime-convention-adopted-by-the-committee-of-ministers-of-the-council-of-europe .

See the text of the Explanatory Report of the Second Additional Protocol to the Budapest Convention drafted by Cybercrime Convention Committee (T-CY) at: https://search.coe.int/cm/pages/result_details.aspx?objectid=0900001680a48e4b .

See the Explanatory Report to the Convention on Cybercrime at: https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=09000016800cce5b .

The Conference program of the 2018 Octopus conference on cooperation against cybercrime is available at: https://rm.coe.int/3021-90-octo18-prog/16808c2b04 .

See: Activities of the Council of Europe on Artificial Intelligence (AI), 9 May, 2018, available at: https://rm.coe.int/cdmsi-2018-misc8-list-ai-projects-9may2018/16808b4eac .

See the presentations of this panel at the Plenary Closing session of the 2018 Octopus Conference, available at: https://www.coe.int/en/web/cybercrime/resources-octopus-2018 .

The presentation and materials of this panel are available at: https://www.coe.int/en/web/cybercrime/workshop-cybercrime-e-evidence-and-artificial-intelligence .

The Lanzarote Convention entered in force on 1 July 2010, available at: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/201/signatures . Among the conducts that the Lanzarote Convention requires Sates parties to criminalize are: (i) Child sexual abuse; (ii) sexual exploitation through prostitution; (iii) child sexual abuse material; (iv) exploitation of a child in sexual performances; (v) corruption of children, and (vi) solicitation of children for sexual purposes.

See the Booklet of the Lanzarote Convention, available at: https://rm.coe.int/lanzarote-convention-a-global-tool-to-protect-children-from-sexual-vio/16809fed1d .

The Rules of procedure, adopted documents, activity reports and the Meetings of the ‘Lanzarote Committee’ are available at: https://www.coe.int/en/web/children/lanzarote-committee#{%2212441908%22:[] .

The Istanbul Convention entered into force on 1 August 2014 and it has been ratified by 34 countries. See the chart of signatures and ratifications at: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/210/signatures?p_auth=OwhAGtPd .

The Rules of procedure and adopted documents of the GREVIO are available at: https://www.coe.int/en/web/istanbul-convention/grevio .

See the presentations of the webinar, “Cyberviolence against Women” organized by the CyberEast Project of the Council of Europe, 12 November, 2020, available at: https://www.coe.int/en/web/cybercrime/cyberviolence-against-women .

The Text of the GREVIO General Recommendation No. 1 on the digital dimension of violence against women adopted on 20 October 2021 is available at: https://rm.coe.int/grevio-rec-no-on-digital-violence-against-women/1680a49147 .

Council of Europe, “Launch Event: Combating violence against women in a digital age-utilizing the Istanbul Convention”, 24 November 2021, available at: https://www.coe.int/en/web/istanbul-convention/launching-event-of-grevio-s-first-general-recommendation-on-the-digital-dimension-of-violence-against-women .

Council of Europe Media Release, “New Council of Europe Recommendation tackles the ‘digital dimension” of violence against women and girls”, Strasbourg, 24 November, 2021, available at: https://search.coe.int/directorate_of_communications/Pages/result_details.aspx?ObjectId=0900001680a4a67b .

Council of Europe Cybercrime Convention Committee (TC-Y), “Mapping Study on Cybercrime” with recommendations adopted by the TC-Y on 9 July 2018, available at: https://rm.coe.int/t-cy-2017-10-cbg-study-provisional/16808c4914 .

The definition is an adaptation of the definition of violence against women contained in Art. 3 of the Istanbul Convention to the cyber context as follows: “ Cyberviolence is the use of computer systems to cause, facilitate, or threaten violence against individuals that results in, or is likely to result in, physical, sexual, psychological or economic harm or suffering and may include the exploitation of the individual’s circumstances, characteristics or vulnerabilities” .

“Mapping Study on Cybercrime”, Op. cit . note 52, pp. 42-43.

European Commission, “Exploring potential of AI in fight against child online abuse”, Event report 11 June 2020, available at: https://ec.europa.eu/digital-single-market/en/news/exploring-potential-ai-fight-against-child-online-abuse .

CAHAI’s composition consist of three main groups composed of up to 20 experts appointed by Members States, as well as observers and participants. The mandate of the Policy Development Group (CAHAI-PDG) is the development of the feasibility study of a legal framework on artificial intelligence applications, building upon the mapping work already undertaken by the CAHAI and to prepare key findings and proposals on policy and other measures, to ensure that international standards and international legal instruments in this area are up-to-date and effective and prepare proposals for a specific legal instrument regulating artificial intelligence. The Consultation and Outreach Group (CAHAI-COG) is responsible for taking stock of the analysis undertaken by the Secretariat of responses to online consultations and analysis of ongoing developments and reports which are directly relevant for CAHAI’s working groups’ tasks. The Legal Frameworks Group (CAHAI-LFG) is responsible for the preparation of key findings and proposals on possible elements and provisions of a legal framework with a view to draft legal instruments, for consideration and approval by the CAHAI, taking into account the scope of existing legal instruments applicable to artificial intelligence and policy options set out in the feasibility study approved by the CAHAI. Further info on the composition of CAHAI working groups, the plenary meetings and the documents issued by the three working groups is available at: https://www.coe.int/en/web/artificial-intelligence/cahai .

The terms of reference of CAHAI are available at: https://search.coe.int/cm/Pages/result_details.aspx?ObjectId=09000016809737a1 .

The Final Virtual Plenary Meeting of CAHAI from 30.11.2021 to 02.12.2021 will facilitate meaningful discussions towards the adoption of a document outlining the possible elements of a legal framework on AI, which may include binding and non-binding standards based on the Council of Europe’s standards on human rights, democracy and rule of law. See Council of Europe, “The CAHAI to hold its final meeting”, Strasbourg, 24 November 2021, available at: https://www.coe.int/en/web/artificial-intelligence/-/cahai-to-hold-its-final-meeting .

European Parliament, “STOA Centre for Artificial Intelligence (C4AI)”. The C4AI produces studies, organises public events and acts as a platform for dialogue and information exchange and coordinate its efforts and influence global AI standard-setting, available at: https://www.europarl.europa.eu/stoa/en/centre-for-AI .

The AIDA Committee website is available at: https://www.europarl.europa.eu/committees/en/aida/home/highlights .

See supra note 30.

See Dragos Tudorache Plenary Speech on Artificial Intelligence of 4 October 2021, available at: https://www.youtube.com/watch?v=V9y5gt39AD0 .

European Parliament News, “Use of artificial intelligence by the police: MEPs oppose mass surveillance”. Press release of the Plenary Session, October 6, 2021, available at: https://www.europarl.europa.eu/news/en/press-room/20210930IPR13925/use-of-artificial-intelligence-by-the-police-meps-oppose-mass-surveillance and Eurocadres, “European Parliament adopts resolution on the use of AI in law enforcement”, October 6, 2021, available at: https://www.eurocadres.eu/news/european-parliament-adopts-resolution-on-the-use-of-ai-in-law-enforcement/ .

European Parliament. “MEPs to look into Artificial Intelligence in criminal law on Thursday”, February 18, 2020, available at: https://www.europarl.europa.eu/news/en/press-room/20200217IPR72718/meps-to-look-into-artificial-intelligence-in-criminal-law-on-thursday .

European Parliament, Special Committee on Artificial Intelligence in a Digital Age (AIDA), “Joint hearing on the external policy dimension of AI”, March 1 st and 4 th 2021, available at: https://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COMMITTEES/AIDA/DV/2021/03-01/Final_Programme_externalpolicydimensionofAI_V26FEB_EN.pdf .

UNICRI and INTERPOL, “ Artificial Intelligence and Robotics for Law Enforcement” , 2019, available at: https://issuu.com/unicri/docs/artificial_intelligence_robotics_la/4?ff .

UNCRI, “2 nd INTERPOL, UNICRI Global Meeting on Artificial Intelligence for Law Enforcement”, Singapore, July 3, 2019, available at: http://www.unicri.it/news/article/ai_unicri_interpol_law_enforcement .

UNICRI, “The European Commission provides support to UNICRI for the Development of the Toolkit for Responsible AI Innovation in Law Enforcement”, The Hague, Monday November 1, 2021, available at: http://www.unicri.it/index.php/News/EC-UNICRI-agreement-toolkit-responsible-AI .

Open Access funding enabled and organized by Projekt DEAL.

Author information

Authors and affiliations.

Center for AI and Digital Policy (CAIDP), Washington (DC), USA

Cristos Velasco

DHBW Cooperative State University in Mannheim and Stuttgart, Stuttgart, Germany

Mexico City, Mexico

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Cristos Velasco .

Additional information

Publisher’s note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

C. Velasco is Research Fellow and Outreach Committee Board Member of the Center for AI and Digital Policy (CAIDP), also Law Lecturer on “Information Technology Law” and “International Business Law & International Organizations” at the DHBW Cooperative State University in Mannheim and Stuttgart.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Velasco, C. Cybercrime and Artificial Intelligence. An overview of the work of international organizations on criminal justice and the international applicable instruments. ERA Forum 23 , 109–126 (2022). https://doi.org/10.1007/s12027-022-00702-z

Download citation

Accepted : 24 January 2022

Published : 22 February 2022

Issue Date : May 2022

DOI : https://doi.org/10.1007/s12027-022-00702-z

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Budapest Convention
• Criminal justice
• Istanbul Convention
• Law enforcement
• Lanzarote Convention
• Find a journal
• Publish with us
• Track your research

Protecting the public from abusive AI-generated content 

Jul 30, 2024 | Brad Smith - Vice Chair & President

• Share on Facebook (opens new window)
• Share on LinkedIn (opens new window)
• Share on Twitter (opens new window)

AI-generated deepfakes are realistic, easy for nearly anyone to make, and increasingly being used for fraud, abuse, and manipulation – especially to target kids and seniors. While the tech sector and non-profit groups have taken recent steps to address this problem, it has become apparent that our laws will also need to evolve to combat deepfake fraud. In short, we need new laws to help stop bad actors from using deepfakes to defraud seniors or abuse children.    

While we and others have rightfully been focused on deepfakes used in election interference, the broad role they play in these other types of crime and abuse needs equal attention. Fortunately, members of Congress have proposed a range of legislation that would go a long way toward addressing the issue, the Administration is focused on the problem, groups like AARP and NCMEC and deeply involved in shaping the discussion, and industry has worked together and built a strong foundation in adjacent areas that can be applied here.    

One of the most important things the U.S. can do is pass a comprehensive deepfake fraud statute to prevent cybercriminals from using this technology to steal from everyday Americans.   

We don’t have all the solutions or perfect ones, but we want to contribute to and accelerate action. That’s why today we’re publishing 42 pages on what’s grounded us in understanding the challenge as well as a comprehensive set of ideas including endorsements for the hard work and policies of others. Below is the foreword I’ve written to what we’re publishing.   

____________________________________________________________________________________  

The below is written by Brad Smith for Microsoft’s report Protecting the Public from Abusive AI-Generated Content. Find the full copy of the report here: https://aka.ms/ProtectThePublic

“The greatest risk is not that the world will do too much to solve these problems. It’s that the world will do too little. And it’s not that governments will move too fast. It’s that they will be too slow.”    

Those sentences conclude the book I coauthored in 2019 titled “Tools and Weapons.” As the title suggests, the book explores how technological innovation can serve as both a tool for societal advancement and a powerful weapon. In today’s rapidly evolving digital landscape, the rise of artificial intelligence (AI) presents both unprecedented opportunities and significant challenges. AI is transforming small businesses, education, and scientific research; it’s helping doctors and medical researchers diagnose and discover cures for diseases; and it’s supercharging the ability of creators to express new ideas. However, this same technology is also producing a surge in abusive AI-generated content, or as we will discuss in this paper, abusive “synthetic” content.   

Five years later, we find ourselves at a moment in history when anyone with access to the Internet can use AI tools to create a highly realistic piece of synthetic media that can be used to deceive: a voice clone of a family member, a deepfake image of a political candidate, or even a doctored government document. AI has made manipulating media significantly easier—quicker, more accessible, and requiring little skill. As swiftly as AI technology has become a tool, it has become a weapon. As this document goes to print, the U.S. government recently announced it successfully disrupted a nation-state sponsored AI-enhanced disinformation operation. FBI Director Christopher Wray said in his statement, “Russia intended to use this bot farm to disseminate AI-generated foreign disinformation, scaling their work with the assistance of AI to undermine our partners in Ukraine and influence geopolitical narratives favorable to the Russian government.” While we should commend U.S. law enforcement for working cooperatively and successfully with a technology platform to conduct this operation, we must also recognize that this type of work is just getting started.   

The purpose of this white paper is to encourage faster action against abusive AI-generated content by policymakers, civil society leaders, and the technology industry. As we navigate this complex terrain, it is imperative that the public and private sectors come together to address this issue head-on. Government plays a crucial role in establishing regulatory frameworks and policies that promote responsible AI development and usage. Around the world, governments are taking steps to advance online safety and address illegal and harmful content.   

The private sector has a responsibility to innovate and implement safeguards that prevent the misuse of AI. Technology companies must prioritize ethical considerations in their AI research and development processes. By investing in advanced analysis, disclosure, and mitigation techniques, the private sector can play a pivotal role in curbing the creation and spread of harmful AI-generated content, thereby maintaining trust in the information ecosystem.   

Civil society plays an important role in ensuring that both government regulation and voluntary industry action uphold fundamental human rights, including freedom of expression and privacy. By fostering transparency and accountability, we can build public trust and confidence in AI technologies.   

The following pages do three specific things: 1) illustrate and analyze the harms arising from abusive AI-generated content, 2) explain what Microsoft’s approach is, and 3) offer policy recommendations to begin combating these problems. Ultimately, addressing the challenges arising from abusive AI-generated content requires a united front. By leveraging the strengths and expertise of the public, private, and NGO sectors, we can create a safer and more trustworthy digital environment for all. Together, we can unleash the power of AI for good, while safeguarding against its potential dangers.   

Microsoft’s responsibility to combat abusive AI-generated content    

Earlier this year, we outlined a comprehensive approach to combat abusive AI-generated content and protect people and communities, based on six focus areas:   

• A strong safety architecture. 
• Durable media provenance and watermarking. 
• Safeguarding our services from abusive content and conduct.    
• Robust collaboration across industry and with governments and civil society. 
• Modernized legislation to protect people from the abuse of technology. 
• Public awareness and education. 

Core to all six of these is our responsibility to help address the abusive use of technology. We believe it is imperative that the tech sector continue to take proactive steps to address the harms we are seeing across services and platforms. We’ve taken concrete steps, including:   

• Implementing a safety architecture that includes red team analysis, preemptive classifiers, blocking of abusive prompts, automated testing, and rapid bans of users who abuse the system.   
• Automatically attaching provenance metadata to images generated with OpenAI’s DALL-E 3 model in Azure OpenAI Service, Microsoft Designer, and Microsoft Paint.   
• Developing standards for content provenance and authentication through the Coalition for Content Provenance and Authenticity (C2PA) and implementing the C2PA standard so that content carrying the technology is automatically labelled on LinkedIn.   
• Taking continued steps to protect users from online harms, including by joining the Tech Coalition’s Lantern program and expanding PhotoDNA’s availability.   
• Launching new detection tools like Azure Operator Call Protection for our customers to detect potential phone scams using AI.   
• Executing our commitments to the new Tech Accord to combat deceptive use of AI in elections.   

Protecting Americans through new legislative and policy measures     

  This February, Microsoft and LinkedIn joined dozens of other tech companies to launch the Tech Accord to Combat Deceptive Use of AI in 2024 Elections at the Munich Security Conference. The Accord calls for action across three key pillars that we utilized to inspire the additional work found in this white paper: addressing deepfake creation, detecting and responding to deepfakes, and promoting transparency and resilience.   

In addition to combating AI deepfakes in our elections, it is important for lawmakers and policymakers to take steps to expand our collective abilities to (1) promote content authenticity, (2) detect and respond to abusive deepfakes, and (3) give the public the tools to learn about synthetic AI harms. We have identified new policy recommendations for policymakers in the United States. As one thinks about these complex ideas, we should also remember to think about this work in straightforward terms. These recommendations aim to:   

• Protect our elections.  
• Protect seniors and consumers from online fraud.  
• Protect women and children from online exploitation.  

Along those lines, it is worth mentioning three ideas that may have an outsized impact in the fight against deceptive and abusive AI-generated content.   

• First, Congress should enact a new federal “deepfake fraud statute.” We need to give law enforcement officials, including state attorneys general, a standalone legal framework to prosecute AI-generated fraud and scams as they proliferate in speed and complexity.   
• Second, Congress should require AI system providers to use state-of-the-art provenance tooling to label synthetic content. This is essential to build trust in the information ecosystem and will help the public better understand whether content is AI-generated or manipulated.    
• Third, we should ensure that our federal and state laws on child sexual exploitation and abuse and non-consensual intimate imagery are updated to include AI-generated content. Penalties for the creation and distribution of CSAM and NCII (whether synthetic or not) are common-sense and sorely needed if we are to mitigate the scourge of bad actors using AI tools for sexual exploitation, especially when the victims are often women and children.   

These are not necessarily new ideas. The good news is that some of these ideas, in one form or another, are already starting to take root in Congress and state legislatures. We highlight specific pieces of legislation that map to our recommendations in this paper, and we encourage their prompt consideration by our state and federal elected officials.   

Microsoft offers these recommendations to contribute to the much-needed dialogue on AI synthetic media harms. Enacting any of these proposals will fundamentally require a whole-of-society approach. While it’s imperative that the technology industry have a seat at the table, it must do so with humility and a bias towards action. Microsoft welcomes additional ideas from stakeholders across the digital ecosystem to address synthetic content harms. Ultimately, the danger is not that we will move too fast, but that we will move too slowly or not at all.   

Tags: AI , elections , generative ai , LinkedIn , Online Safety , Responsible AI

• Check us out on RSS

Darktrace Half-Year Threat Report 2024 Reveals Persistent Cybercrime-as-a-Service Threats Amidst Evolving Attack Landscape

News provided by

Aug 06, 2024, 03:00 ET

Share this article

• Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) continue to dominate the threat landscape
• Email phishing remains a top threat, with 17.8 million phishing emails detected between December 2023 and July 2024 , and 62% bypassing DMARC checks designed to safeguard against unauthorized use
• Emergence of new threats such as Qilin ransomware and increased exploitation of edge infrastructure vulnerabilities

CAMBRIDGE, United Kingdom , Aug. 6, 2024 /PRNewswire/ -- Darktrace, a global leader in cybersecurity AI, has today released its " First 6: Half-Year Threat Report 2024 ," identifying key threats and attack methods facing businesses across the first half of 2024. These insights, observed by Darktrace's Threat Research team using its unique Self-Learning AI across its customer fleet, shed light on the persistent nature of cyber threats and new techniques adopted by attackers attempting to sidestep traditional defenses.

"The threat landscape continues to evolve, but new threats often build upon old foundations rather than replacing them. While we have observed the emergence of new malware families, many attacks are carried out by the usual suspects that we have seen over the last few years, still utilizing familiar techniques and malware variants," comments Nathaniel Jones , Director of Strategic Threat and Engagement at Darktrace. "The persistence of MaaS/RaaS service models alongside the emergence of newer threats like Qilin ransomware underscores the continued need for adaptive, machine learning powered, security measures that can keep pace with a rapidly evolving threat landscape."

Cybercrime-as-a-Service continues to pose significant risk for organizations

The findings show that cybercrime-as-a-service continues to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up a significant portion of malicious tools in use by attackers. Cybercrime-as-a-Service groups, such as Lockbit and Black Basta, provide attackers with everything from pre-made malware to templates for phishing emails, lowering the barrier to entry for cybercriminals with limited technical knowledge.

The most common threats Darktrace observed from January to June 2024 were:

• Information-stealing malware (29% of early triaged investigations)
• Trojans (15% of investigated threats)
• Remote Access Trojans (RATs) (12% of investigated threats)
• Botnets (6% of investigated threats)
• Loaders (6% of investigated threats)

The report also reveals the emergence of new threats alongside persistent ones. Notably, the rise of Qilin ransomware, which employs refined tactics such as rebooting infected machines in safe mode to bypass security tools and making it more difficult for human security teams to react quickly.

Per the report, double extortion methods are now prevalent amongst ransomware strains. As ransomware continues to be a top security concern for organizations, Darktrace's Threat Research Team has identified three predominant ransomware strains impacting customers: Akira , Lockbit and Black Basta . All three have been observed using double extortion methods.

Email phishing and sophisticated evasion tactics rise

Phishing remains a significant threat to organizations. Darktrace detected 17.8 million phishing emails across its customer fleet between December 21, 2023 , and July 5, 2024 . Alarmingly, 62% of these emails successfully bypassed Domain-based Message Authentication, Reporting, and Conformance ( DMARC) verification checks which are industry protocols designed to protect email domains from unauthorized use, and 56% passed through all existing security layers.

The report highlights how cybercriminals are embracing more sophisticated tactics, techniques and procedures (TTPs) designed to evade traditional security parameters. Darktrace observed an increase in attackers leveraging popular, legitimate third-party services and sites, such as Dropbox and Slack, in their operations to blend in with normal network traffic. Additionally, there's been a spike in the use of covert command and control (C2) mechanisms, including remote monitoring and management (RMM) tools, tunneling, and proxy services.

Edge infrastructure compromise and exploitation of critical vulnerabilities are top concerns

Darktrace observed an increase in mass-exploitation of vulnerabilities in edge infrastructure devices, particularly those related to Ivanti Connect Secure , JetBrains TeamCity, FortiClient Enterprise Management Server, and Palo Alto Networks PAN-OS . These compromises often serve as a springboard for further malicious activities.

It is imperative that organizations do not lose sight of existing attack trends and CVEs – cybercriminals may resort to previous, predominately dormant methods to trick organizations. Between January and June, in 40% of cases investigated by the Threat Research team, attackers exploited Common Vulnerabilities and Exposures (CVEs).

For more in-depth analysis, download the First 6: Half-Year Threat Report 2024 at www.darktrace.com/resources/first-6-half-year-threat-report-2024 .

ABOUT DARKTRACE

Darktrace (DARK.L), a global leader in cybersecurity artificial intelligence, is on a mission to free the world from cyber disruption. Breakthrough innovations from our R&D teams in Cambridge, UK , and The Hague, Netherlands have resulted in over 200 patent applications filed. Rather than study historic attacks, Darktrace's technology continuously learns and updates its knowledge of your business data and applies that understanding to help transform security operations to a state of proactive cyber resilience. The Darktrace ActiveAI Security Platform™ provides a full lifecycle approach to cyber resilience that can autonomously spot and respond to known and unknown in progress threats within seconds across the entire organization, including cloud, apps, email, endpoint, network and operational technology (OT). Darktrace, which listed on the London Stock Exchange in 2021, employs over 2,400 people around the world and protects over 9,700 customers globally from advanced cyber threats. To learn more, visit https://darktrace.com/ .

SOURCE Darktrace

Modal title

Also from this source.

Darktrace Introduces New Global Partner Program

Darktrace, a global leader in cybersecurity AI, today introduced its new global partner program, the Darktrace Defenders Partner Program, to...

Darktrace recognized as the winner of 2024 Microsoft UK Partner of the Year

Darktrace today announced it has won the UK 2024 Microsoft Partner of the Year Award. The company was honored among a global field of top Microsoft...

High Tech Security

Computer & Electronics

Computer Software