Cyber-attacks detection and prevention

Using computer technology, information systems and information technologies and their integration into almost all branches of human activity is a phenomenon that is characteristic of today. It can be stated that in principle it is not possible to find such an area of ​​human activity, where computer technology, or information system or information or communication technology, would not be used directly or indirectly.

Unfortunately, as the possibilities of using these modern-day conveniences and scientific and technical progress increase, so do the possibilities and at the same time the frequency of their misuse to commit crime.

In the 1990s, the term “computer crime” (počítačovákriminalita, Computerkriminalität) became established for information technology crime. In his publication, Smejkal defines, in the mid-1990s, computer crime as a diverse mix of crimes whose common factor is the computer, program and data. The term computer crime “… is to be understood as committing a crime in which the computer as an aggregate of hardware and software, including data, or a large number of computers separate or connected to a computer network is central to either being the subject of such a crime, though with the exception of a crime where the mentioned device is the subject of the crime as simple property, or as instruments of crime.”^[1] It is clear from the above definition that computer crime related only to computer systems as targets of attack.

The term “computer crime” evokes the idea that a crime must be committed on a computer or through a computer, most often a personal computer (PC). Such an understanding is now simplistic, and at the same time reduces somewhat, in quantitative terms, the number of phenomena that can be included in the concept of crime committed by means of information and communication technologies. Many technical devices today, thanks to the implementation of microprocessors together with their miniaturisation, assumed the role of personal computers (PCs) a long time ago, without being called personal computers. These are hybrids performing various functions, which were previously performed by special devices. Modern technical devices enabling communication between them and their users and whose design is guided by the principle of ​​ALL-IN-ONE are capable of much higher computing power than the most modern computing units from the first half of the 90s. And even these devices[2], although not called computers, can be the target of crime or a means of committing it. For these reasons, the terms “computer crime” or “computer offence” are now almost non-existent in the scientific literature. Instead of the term “computer”, the terms “information and communication technology” (ICT) and “ICT crimes” are used.

In 2000, the Council of Europe issued a definition of computer crime under the Statute of the Commission of Experts on Cybercrime: “An offence against the integrity, availability or secrecy of computer systems or an offence in the traditional sense using modern information and communication technologies"^[3]

EU Council Framework Decision 2002/584/JHA on the European Arrest Warrant refers to “computer-related crime” as conduct directed against a computer or conduct where the computer is a means of committing a crime. The definition of cybercrime is also based on the wording of the European Arrest Warrant.

In international conventions, the term “cybercrime” is most often used for crime committed by means of information technology, and the use of this term has also been transferred from the normative area to the vocabulary of the professional public. The concept of cybercrime has a similar character to the concepts of “violent crime”, “juvenile delinquency”, “economic crime”, etc. Such terms refer to groups of offences having a certain common factor, such as the manner of execution, the person of the perpetrator (at least generically), etc. in essence, it can be a very diverse mix of offences, connected by a common factor (computer, program, data).[4]

When defining the content of the concept of cybercrime, it is necessary to realise that along with the growth of the possibilities of using information and communication devices, the possibility of their use (abuse) to commit crime is also growing. Therefore, in essence, there is no universal, generally accepted definition that would fully affect the scope and depth of this concept.

One of the possible definitions of computer crime or cybercrime can also be found in the Cybersecurity Glossary[5]:

Cyber crime

„Criminal activity in which a computer appears in some way as an aggregate of hardware and software (including data), or only some of its components may appear, or sometimes a larger number of computers either standalone or interconnected into a computer network appear, and this either as the object of interest of this criminal activity (with the exception of such criminal activity whose objects are the described devices considered as immovable property) or as the environment (object) or as the instrument of criminal activity (See Computer crime).“

Computer crime / Cyber crime

“Crime committed using a data processing system or computer network or directly related to them.”

These two definitions show an effort to define all aspects of cybercrime, but the authors have been guilty of some inaccuracies. First, they use both terms synonymously, but in the definition of cybercrime, they ignore the factors that the computer is both a target and a means of attack. Similar problems associated with this actual definition of cybercrime can be found also elsewhere. 

In an effort to define cybercrime, it is appropriate to make use of Council of Europe Convention No. 185 on Cybercrime of 23 November 2001.[6] However, this convention does not define the concept of cybercrime. It only defines the measures that should be adopted by a ratifying party at the national level. These substantive criminal law measures then define a rough framework of crimes that are considered cybercrimes. This framework (together with other crimes contained in the Council of Europe Additional Protocol No. 189 to the Convention on Cybercrime[7]) provides a basic scope for uniform legal unification of criminal offences that can be considered cyber, across countries. The actual, often very strict definition of the given crimes is rather beneficial as it does not limit the national (more detailed or elaborate) implementation of these crimes but, at the same time, guarantees the fulfilment of minimum requirements (standards) by all ratifying parties.

Also due to considerable disagreement on what is and what is not cybercrime, in the following part of this chapter we will define this concept, both in terms of positive and negative.

In the most general terms, cybercrime can be defined as conduct directed against a computer, or computer network, or as conduct in which a computer is used as a tool to commit a crime.An indispensable criterion for the application of the definition of cybercrime is the fact that the computer network, or cyberspace, is then the environment in which this activity takes place.

When defining the concept of cybercrime, it is first necessary to define the concept of crime in general. Concerning the use of information systems, computer technology or communication devices, there are a number of actions that are certainly undesirable, but are not punishable under criminal law, although they can be very dangerous (harmful) for society. Such actions a priori cannot be qualified as computer, informational or any other crime – they are not crimes at all. When defining the term of criminality (and this definition can be given from several points of view – sociologically, criminally, etc.), we rely on the definition of criminality as a summary of all actions that can be classified under an objective element, regulated by criminal law. Therefore, based on this definition, criminality does not involve such acts which do not meet any objective element of a criminal offence, i.e. not even a misdemeanour or other administrative offence. Such a definition of the term criminality is relatively precise and can be used in the field of information and communication technology.

However, it is a characteristic of committing ICT crimes that such practices or means are used when committing them, the use of which does not fulfil any objective element of a crime, but are an integral part or prerequisite for engaging in criminal behaviour.[8] In addition, these non-criminal practices or means are important components in the process of uncovering and shedding light on crime, the identification and understanding of which plays an important role in detecting perpetrators of this type of crime.[9]

Cybercrime represents the broadest set for all crimes that occur in the information and communication technology environment. Offences committed within this set can be further classified and labelled with different terms according to various aspects. “Internet crime”, “e-crime”, “cyberterrorism” or, for example, “piracy” can then form subsets of cybercrime, though this list does not exhaust the possible subsets of actions that can be classified as cybercrime.

Cybercrime is most often used in professional publications to describe such criminal acts in which the means of information and communication technologies are:

a)             used as a tool for committing a crime,

b)             the target of the offender's attack, which is an offence.

However, such a definition of cybercrime is no longer valid today. This would include crimes involving the use of information technology but not in the context of their normal use or intention (e.g. cases where an offender injures a person by hitting a monitor or other part of the computer over the injured party’s head with the intent to cause personal injury; or in the case of a theft of a truck carrying computer components, etc.). These are crimes where ICT is used beyond its intended purpose – for example, as a weapon, as a thing that has a certain monetary value, regardless of the purpose for which it is or should be intended. When uncovering and shedding light on these acts, other investigative methodologies (such as theft investigation methodology, etc.) will be used, not cybercrime investigation methods.

In order to talk about cybercrime, information and communication technologies that have been used to commit a crime or that have been the target of such a crime must be put into context. In this spirit, it is therefore necessary to assign another point containing this condition to the two above points. Cybercrime, then, is a crime where the means of information and communication technologies are:

a)      used as a tool for committing a crime,

b)      are the target of the perpetrator's attack, and said attack is an offence,

provided that these devices are used or misused in an information, system, program or communication environment (i.e. in cyberspace).

However, such a definition of cybercrime is still inadequate. Using the criteria set in this way to determine whether or not a specific conduct can be considered cybercrime, we conclude that, for example, aspects of defining participation (organisation, guidance and assistance) in the sense of Section 24 of Act No. 40/2009 Sb., Criminal Code, as amended,^[10] it is possible to commit any intentional crime through information means (e.g. a person causes another person to commit an intentional murder crime by e-mail). It will be similar for other forms of criminal cooperation (e.g. incitement, endorsement of a crime). These can also be committed using information technology. However, such actions cannot be described as cybercrime. As a result, accepting the opposite view would lead to the only possible conclusion – any crime in which an offender used information and communication technology in any way is a cybercrime. From this point of view, it would be difficult to find crimes that cannot be considered cybercrime.

It follows from the above that it is not enough to define cybercrime only positively, but it is also necessary to define it by a list of actions that cannot be considered cybercrime in principle.

In this spirit, it will be possible to include crimes of three different categories under the term cybercrime:

1)      crimes where the individual object characterising the objective element is directly the protection of the computer system, its equipment and components against specific types of attack or the legitimate interests of persons in the uninterrupted use of these technical devices,

2)      crimes that are committed by means of information and communication technology is one of the features of the objective element,

3)      other eligible crimes which do not fall into either the first or the second category, but which may also be committed in the specific case by means of information technology and which meet the above definition because similar detection procedures as when investigating of crimes from the 1st and 2nd category (e.g. similarly focused expert opinions) may be used to uncover and shed light on them.