ER-RAFIK Najoua PhD Student at the Faculty of Law, Sidi Mohamed Ben Abdellah University, ESSOR Laboratory, Fez
Abstract
This article studies the dynamic realm of economic cybercrime within the digital era, and scrutinizes its evolution alongside the technological development. Delving into legal challenges, regulatory strategies, and institutional responses, the article underscores the need for global cooperation and harmonization of laws.
Keywords
Digital age – New technologies – Cybercrime – Criminal law – Legal challenges
Résumé
Cet article explore le domaine dynamique de la cybercriminalité économique à l’ère numérique, examinant son évolution aux côtés des avancées technologiques. En se penchant sur les défis juridiques, les stratégies réglementaires et les réponses institutionnelles, l’article souligne la nécessité d’une coopération mondiale et de l’harmonisation des lois.
Mots-clés
Ère numérique – Nouvelles technologies, Cybercriminalité, Droit pénal, Défis juridiques.
Introduction:
The emergence of the digital era has sparked an unprecedented revolution in the conduct of economic transactions. However, this transformation has not only influenced global economy but has also sparkled new legal challenges and a significant increase in cybercrime. Today’s society is highly oriented towards information and communication technologies, with almost everyone having access to the internet, mobile devices, and computers. The advent of new technologies, such as artificial intelligence (AI), has profoundly impacted the digital era, contributing to the formation of contemporary society. Yet, these advancements have also raised complex concerns regarding security, privacy protection, and legal liability implications. Individuals and businesses alike bear the burden of these attacks, being prime targets of cyber threats. Privileged targets of cyberattacks, “companies”[1].
This article aims to explore the legal challenges of economic cybercrime, emphasizing the need for constant adaptations of criminal law to address technological developments. It examines international cooperation, legislative adjustments, and the necessary skills for an effective legal response, with a special focus on businesses as primary targets of cybercriminal attacks. In this context, it becomes essential to define the concepts of cybercrime, cyber security, and new technologies. “New technologies” encompass ever-evolving domains, facilitating interaction between humans and machines. This term refers to high technology in general, specifically to new Information and Communication Technologies (ICT), such as the internet and other innovations affecting information exchange and processing[2]. As for “cybercrime”, it differs from traditional crime by incorporating a virtual element into the crime scene. An immaterial dimension complicates the nature of the act, covering criminal activities operating in cyberspace[3] via the internet[4]. This includes electronic malice using information and communication technologies, such as fraud, scams, extortion, vandalism, and harassment, exploiting internet characteristics to harm users, organizations, and society[5]. It is in this context that “cyber security” intervenes, aiming to ensure the resilience of information systems against threats compromising data and associated services’ availability, integrity, or confidentiality. For businesses, cyber security represents a crosscutting governance concern, involving various factors such as Chief Information Officers (CIOs) or Chief Information Security Officers (CISOs), both under the control of leaders defining acceptable risk based on the company’s stakes and financial decisions.
Cybercrime has become a recurring theme in global news. With the advent of new technologies, hackers exploit simpler methods to infiltrate systems and steal sensitive data. This phenomenon dates back centuries rather than decades. The first cyber-attack occurred in France in 1834, well before the internet, involving the theft of financial information via the telegraph system. Since then, cybercrime has exploded, characterized by a captivating history of malicious strategies.
The central question is to understand how the rapid evolution of new technologies impacts the frequency and sophistication of cybercrime and what legal and regulatory implications are required to effectively address them.
Testing the hypothesis that the constant evolution of new technologies leads to a quantitative and qualitative increase in economic crimes in cyberspace. An in-depth study, based on the analysis of official and academic documents, has been conducted to examine the extent of this transformation and explore how it influences the legal and regulatory mechanisms needed to counter economic cybercrime effectively.
To address our issue, we will proceed in two steps. Firstly, we will explore the evolution of crimes related to new technologies in the economic sector (I). Then, in the second step, we will attempt to examine the legal, regulatory, and institutional challenges in the fight against of economic Cybercrime (II).
I- Evolution of crimes related to New Technologies in the economic sector.
The 1990s witnessed the emergence of some of the most significant communication technologies in human history, notably the internet, marking a major advancement but also giving rise to cybercrime. Hackers exploited security gaps as trust and security were not prioritized during the development of these technologies. The absence of the term “cyber security” led to a surge in cybercrime, providing hackers with new opportunities for unauthorized access and data manipulation[6]. The early 21st century saw sophisticated cyber-attacks causing significant damage to critical sectors of the global digital economy. Cyber security became a global concern, especially for public agencies and large corporations facing substantial risks. Over the last decade, cybercrime has rapidly grown, transforming from a cottage industry into a “substantial business”[7]. Criminals take advantage of emerging technologies, plan customized attacks, and collaborate innovatively.
In the present day, digital connectivity is becoming more pronounced than ever, allowing criminals to exploit vulnerabilities in online systems, networks, and infrastructures. The economic and social consequences on a global scale for administrations, businesses, and individuals are highly significant. Digital criminals portray increasing skill and organization, exploiting emerging technologies for personalized attacks and innovative cooperation[8].
The rapid digitization of business transactions, accelerated by factors like the COVID-19 pandemic, has led companies to adopt online platforms for various processes. Many use platforms like Alibaba, Amazon Business, and PayPal for transactions[9], reflecting a broader trend of businesses prioritizing digital transformation in their commercial processes. According to a recent JP Morgan study, 59% of businesses are actively engaged in digitizing their commercial processes[10]. However, this digital acceleration has also led to a notable increase in financial and economic crimes related to cybercrime, as highlighted by Europol’s recent study, “The other side of the coin”[11].
Due to the rapid evolution of technologies, cybercrime encompasses various offenses committed through digital technologies, such as unauthorized access to computer systems, online fraud, the dissemination of malicious software, and electronic identity theft. It is important to note that new forms of cybercrime regularly emerge due to the swift evolution of technologies[12]. Therefore, in a perpetually changing technological environment, cyber security poses a significant challenge for businesses to combat potential threats, namely:
Phishing remains the tool of choice for many hackers. This technique is generally defined as a means used by cybercriminals to extract sensitive data or spread malicious software in users’ computer systems[13].
Ransomware
Currently, Ransomware, primarily through phishing activities, constitutes the main threat to businesses. A major concern for Chief Information and Digital Officers (CISOs), Ransomware has experienced explosive growth in volume and potency in recent years. These malicious programs encrypt sensitive data of companies, demanding a ransom for decryption. About a quarter of CISOs faced such cyber attacks in 2022[14], with heavy financial consequences and repercussions on the company’s image. During the global cyber attack NotPetya in June 2017, Ransomware targeted major logistics operators and their clients, resulting in substantial costs. Maersk incurred significant financial losses, estimated at nearly $300 million[15], due to last-minute redirection, compensations, and disruption in the global supply chain. The impact extended beyond Maersk, severely affecting its clients. For instance, the pharmaceutical company Merck recorded losses of $870 million, TNT Express (a FedEx subsidiary) of $400 million, and chocolate manufacturer Cadbury $188 million.
Distributed Denial of Service (DDoS) attacks, a perpetually evolving classic
Among the various forms of cyber attacks documented, DDoS attacks are by no means an innovation. Since the 1980s, this method has been used to remotely disrupt the information systems of businesses. Through massive requests and exploiting vulnerabilities, the goal is to render a third party’s network inoperative. Although this approach is not new, it continues to develop[16]. DDoS attacks are frequently orchestrated by hackers, with some sectors, such as the crypto currency industry, being particularly affected. It has become imperative to regularly update security measures, implement advanced detection mechanisms, adapt mitigation strategies, and incorporate modern protective measures such as adaptive firewalls and Content Delivery Networks (CDNs)[17] to effectively counter the ever-evolving tactics of cybercriminals. For example:
- The large-scale DDoS attack via the Mirai botnet against domain name provider Dyn in 2016 paralyzed the operations of most of the 178,000 clients whose Internet domain was hosted by the company[18].
- In August 2023, Google Cloud experienced the largest recorded DDoS attack, with a digital assault reaching a record of 398 million requests per second (RPS). To put it in perspective, this surpasses the total number of requests per second received by Wikipedia throughout the entire month of September 2023. In 2022, the largest recorded DDoS attack had only reached 46 million RPS[19].
II- Legal, Regulatory, and Institutional challenges in the fight against of economic Cybercrime
Given the rapid expansion of information and communication technologies, it is imperative for criminal law to constantly adjust to confront the new manifestations of resulting criminal activities. Cybercrime poses a significant challenge to legal systems globally, necessitating an in-depth study of its evolution to ensure the protection of citizens and their data. With the advent of the Covid-19 crisis accelerating digitization in society, traditional fraudulent methods are now obsolete. Crime is evolving towards new forms, leveraging data digitization to provide opportunities for cybercriminals. Cybercrime transcends national borders, with perpetrators, victims, and technical infrastructures located in distinct territories, complicating investigations and prosecutions significantly. Criminals exploit the border effect, acting as an obstacle for states due to the territorial limitations of their sovereignty, hindering their ability to act against offenders operating from abroad[20]. Combatting cybercrime represents a major challenge on the legal and economic fronts for businesses. Advances in new technologies and the digital revolution have heightened the risk to which these businesses are now exposed. While businesses can be potential targets of cybercrime, they remain responsible for the security of their own data. Therefore, only a comprehensive approach to cyber security can raise awareness among states and businesses about cyber threats, providing a response that is both technical and legal. It is imperative that the protection of individual and corporate data occupies a central place within this policy.
Internationally, various legal instruments have been developed to counter cybercrime. A notable example is the Convention on Cybercrime, known as the “Budapest Convention”, adopted in 2001 by the Council of Europe. This is the first international treaty aiming to standardize national legislation related to cybercrime and facilitate cooperation between states, with Morocco becoming a member in 2018. Despite the global concerted efforts, significant disparities persist in current national legislations. Some countries have passed specific laws against cybercrime, such as the United States with the “Computer Fraud and Abuse Act”, while others use their general criminal code to prosecute offenders, like Morocco and France with the “Penal Code”[21]. This legislative diversity can lead to complications in situations where the same act may be considered a crime in one country but not in another. Such circumstances create grey areas that cybercriminals can exploit to evade legal prosecution.
In Morocco, as in many countries embracing economic openness and transitioning to an information and communication society, cybercrime is a threat. Aware of this duality between the necessity of digital transformation and cyber risks, Morocco has developed a national cybersecurity strategy over the last decade. This strategy aims to promote the transition to a digital economy and an information and communication society. In July 2020, the House of Representatives adopted Law No. 05-20[22] on cyber security. Under this law, the government, with the assistance of the National Cyber security Agency, is empowered to control and protect computer systems and data within both public and private institutions. Two entities have been established: the Strategic Cyber security Commission, responsible for guiding state policies on cyber security, and the National Cyber security Authority, empowered to conduct technical investigations to counter potential cyber attacks. In this context, the National Defence Administration created a General Directorate for the Security of Information Systems (DGSSI), which developed the National Directive for the Security of Information Systems (DNSSI)[23]. Notably, the role of the National Telecommunications Regulatory Agency (ANRT) is crucial, being an authority closely connected with telecommunications operators and internet service providers. Despite these efforts, the private sector, especially small and medium-sized enterprises, lags behind in terms of strategy, training, and awareness of cyber security, mainly due to budget constraints and a lack of cyber security culture.
In response to the proliferation of cyber attacks, France has also committed to developing a defence policy to secure its information systems. Various organs and services specialized in combating cybercrime have been established within the police, gendarmerie, and customs, including:
- ANSSI (National Cybersecurity Agency): established in 2009, plays a central role in setting standards to protect the state’s information systems, monitoring threats, and advising private enterprises on security.
- OCLCTIC (Central Office for Combating Crime Linked to Information Technology and Communication): tasked with combating various offenses related to new technologies while coordinating the actions of the police and gendarmerie at the national level.
- BEFTI (Brigade for Investigations into Fraud Related to Information Technologies): intervenes in cases of intellectual property related to information systems and provides valuable support to cybercrime investigations.
- STRJD (Technical Service for Judicial Research and Documentation): centralizes judicial information on internet-related offenses, focusing particularly on the transmission of illicit data.
- The “Cyber Customs” service: maintains vigilance to detect and track online offenses, with a focus on counterfeiting acts.
While the institutional arsenal has considerably strengthened to effectively combat new forms of cybercrime, it is essential to develop the judicial arsenal in parallel. National and international legislations must adapt to integrate specificities related to digital technologies. To address challenges related to combating cybercrime, judicial authorities must consider regular legislative adaptation, amending or supplementing existing laws to keep pace with technological developments. Moreover, it is crucial to expedite judicial procedures, often long and complex in cybercrime cases, by exploring new protective methods, while respecting the fundamental rights of the parties involved. Strengthening technical skills through specialized training for magistrates and investigators in the field of cybercrime is necessary to master digital investigation techniques and effectively identify evidence during an inquiry. Finally, enhanced international cooperation among states is essential to prevent the impunity of cybercriminals exploiting the trans-border nature of the internet.
Conclusion:
The rapid evolution of digital technologies exposes businesses to increasing risks of cybercrime, with significant economic consequences. Despite the progress in the legal field and international cooperation, some challenges persist, particularly due to the transnational and anonymous nature of these offenses. While national and international initiatives have been implemented, additional efforts are needed to ensure effective protection against economic cybercrime. How can we ensure international harmonization of laws to ensure effective legal defence in this constantly changing cyber environment ?
References
[1] Report from the Legal Club “Law Tested by Cyberattacks” Ad Hoc Commission (March 2021). https://www.actu-juridique.fr/app/uploads/2021/04/22le-droit-penal-a-lepreuve-des-cyberattaques22.pdf Accessed on January 2, 2024.
[2] Cf. “New technologies”. https://fr.wikipedia.org/wiki/Nouvelles_technologies Accessed on January 2, 2024.
[3] The cyberspace represents a perilous and complex environment where socially condemnable behaviors have massively infiltrated the virtual world.
Cf. BADIL, M. “Legal and institutional framework for combating cybercrime in Morocco”, Edition Approches, 2022, p. 14.
[4] FORTIN, F. “Cybercrime: Between Misconduct and Organized Crime”, February 28, 2013, p.5.
[5] GHERNAOUTI, S, DUFOUR,A. “Internet”.University Press of France, 2017, p.10.
[6] Arctic Wolf, “The Incredible Decade of Cybercrime”. (21/02/2020). https://arcticwolf.com/resources/blog-fr/lincroyable-décennie-de-la-cybercriminalité/ Accessed on 24.12.2023.
[7] Ibid.
[8] Interpol, “Cybercrime”. https://www.interpol.int/en/Crimes/Cybercrime Accessed on December 26, 2023.
[9] Cf. https://french.alibaba.com/?isSpider=true , https://business.amazon.fr , https://www.paypal.com/fr/home Accessed on December 30, 2023.
[10] CHRYSTELE. “Digitization of Commercial Exchanges”. (13/04/2023). https://mappingo.fr/la-numerisation-des-echanges-commerciaux/ Accessed on December 28, 2023.
[11] Europol, “The Other Side of the Coin: An Analysis of Financial and Economic Crime”, European Financial and Economic, Crime Threat Assessment 2023, p.5. (13/09/2023). https://www.europol.europa.eu/publications-events/publications/other-side-of-coin-analysis-of-financial-and-economic-crime Accessed on December 26, 2023.
[12] PEREZ, S. LEGAL INFOS, “Challenges of Cybercrime: How Criminal Law Adapts to New Forms of Crime Related to Information and Communication Technologies”. (18/04/2023). https://www.congres-uinl-paris.org/les-defis-de-la-cybercriminalite-comment-le-droit-penal-sadapte-aux-nouvelles-formes-de-criminalite-liees-aux-technologies-de-linformation-et-de-la-communication/ Accessed on December 31, 2023.
[13] KETTLES, M. AMCS, “Cybersecurity Trends 2023”. (April 2023). https://www.amcsgroup.com/fr/blogs/tendances-en-matiere-de-cybersecurite-2023/ Accessed on December 31, 2023.
[14] THALES, “The Thales Data Threat Report 2023 reveals an increase in ransomware attacks and human errors as the main causes of data breaches in the cloud”. (18/04/2023). https://www.thalesgroup.com/fr/monde/groupe/press_release/le-thales-data-threat-report-2023-revele-une-augmentation-des-attaques Accessed on December 31, 2023.
[15] Cf. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ Accessed on December 31, 2023.
[16] Capgemini, “The major challenges and issues of cybersecurity in business in 2023”. (13/10/2023). https://www.institut.capgemini.fr/les-grands-defis-et-enjeux-de-la-cybersecurite-en-entreprise-en-2023/ Accessed on December 28, 2023.
[17] Ibid.
[18] CADZOW, E. « Financial Impact of Mirai DDoS Attack on Dyn Revealed in New Data ». (s.d.) https://www.corero.com/blog/financial-impact-of-mirai-ddos-attack-on-dyn-revealed-in-new-data/ Accessed on December 23, 2023.
[19] Cf. https://www.zdnet.fr/actualites/google-cloud-signale-la-plus-grande-attaque-ddos-jamais-enregistree-39961756.htm Accessed on December 23, 2023.
[20] WATIN-AUGOUARD, M. “Cybercrime, Crime Without Borders”. Administration, 2023, Vol. No. 279 (3), p.93-95.
[21] CHAMPLIN, E. “Cybercrime: Challenges, Legislation, and Challenges for 21st Century Justice”. https://www.unpeudedroit.fr/la-cybercriminalite-enjeux-legislation-et-defis-pour-la-justice-du-21e-siecle/ Accessed on January 4, 2024.
[22] Dahir No. 1-20-69 of 4 hija 1441 (July 25, 2020) promulgating Law No. 05-20 on cybersecurity.
[23] First published in December 2013, this directive specifies organizational and technical security measures to be applied by administrations, public bodies, as well as critical infrastructure.
Cf. https://www.dgssi.gov.ma/fr/actualités/mise-jour-de-la-directive-nationale-de-la-securite-des-systemes-dinformation Accessed on January 4, 2024.
تعليقات الزوار ( 0 )