While technological advancements benefit society, they also provide new opportunities for criminals. Australia and other countries face significant challenges in preventing, detecting and prosecuting these computer-based crimes.
What is cybercrime?
The term “cybercrime” refers to a range of crimes involving the use of technology. Most cybercrimes fall into one of two types:
- Crimes against computers or other digital devices. Examples include hacking and denial-of-service attacks.
- Crimes where computers or other digital devices are used to commit traditional crimes. Examples include internet fraud and laundering money through digital currencies.
Types of cybercrime
Common types of cybercrime include:
- Internet fraud – any type of fraud scheme perpetrated through use of the internet.
- Phishing – when a cybercriminal attempts to steal confidential information through fraudulent emails.
- Online piracy – copyright infringement through bootlegging, ripping or torrenting.
- Identity theft – a cybercriminal accesses someone’s personal information without their consent, to gain benefits or steal money.
- Digital currency-related offences – criminals often exploit aspects of digital currencies such as greater anonymity, to facilitate crimes.
- Computer hacking – the identification and exploitation of weaknesses in computer systems and computer networks.
- DDoS attacks and botnets – overloading the processing capability of a target by sending massive amounts of data in a short period of time.
- Malware and ransomware – malicious software, which can be used to block someone’s access to their data until they pay a ransom.
Cybercrime under transnational criminal law
Cybercrime is transnational by nature and is not restricted by international borders. It is in the global interest for all countries to cooperate in the fight against cybercrime.
The Budapest Convention
The Convention on Cybercrime of the Council of Europe, also known as the Budapest Convention, is the first binding international instrument addressing cybercrime. It serves as a guideline for national legislation against cybercrime and as a framework for international cooperation between signatory parties.
The Budapest Convention aims to:
- Harmonise cybercrime offences across all domestic criminal jurisdictions.
- Provide the procedural powers needed to investigate and prosecute offences.
- Establish an effective framework for international cooperation between signatory nations.
The Budapest Convention is currently signed by 66 countries around the world. Although it is a European treaty, any country can join upon invitation. Australian signed the Budapest convention in 2012. This allows for more efficient information sharing with partner agencies.
International Investigations
As a result of the Budapest Convention and other treaties, the investigation and prosecution of cybercrime is becoming increasingly international, often involving multiple international law enforcement agencies.
Individuals and businesses may become the subject of parallel criminal investigations and prosecutions. This raises complex jurisdictional and procedural issues.
The threat of exposure to penalties outside of the jurisdiction where you live or operate is real.
Cybercrime under Australian Law
Commonwealth legislation
Cybercrime offences are criminalised under parts 10.7 and 10.8 of the Criminal Code Act 1995 (Cth) and include:
- Unauthorised access to, or modification of, restricted data: section 478.1(1).
- Unauthorised impairment of electronic communication: section 477.3(1).
- Using a carriage service to menace, harass or cause offence: section 474.17.
NSW legislation
Each State and Territory also has its own computer crimes that are similar to the Commonwealth legislation. Common offences under the Crimes Act 1900 (NSW) are set out under part 6 and include:
- Unauthorised modification of data with intent to cause impairment.
- Unauthorised impairment of electronic communication.
- Possession of data with intent to commit a serious computer crime.
- Unauthorised access to restricted data.
State legislation also criminalises the use of technology in traditional crimes. Under Section 308C of the Crimes Act, using a computer to commit a serious indictable offence carries the same maximum penalty as the offence itself.
An evolving landscape
Australian cybercrime law is constantly evolving to keep up with new threats, often raising complex international jurisdictional questions.
Nyman Gibson Miralis reviewed the key cybercrime laws applicable to Australia in the International Comparative Legal Guide to Cybersecurity 2022.
