By Zeb Holmes and Ugur Nedim
Internet crimes such as accessing computers without authorisation and downloading personal information are on the rise in Australia.
But one particularly insidious form of cybercrime is being used to blackmail individuals into handing over their hard-earned money. Cyber-criminals are using software to access computers, download images and personal information, and to activate webcams and record intimate footage. Threats are then made to forward the material to friends, family members and/or post it online unless a sum of money is paid for its destruction.
Hackers are able to gain access to computers using malicious software (malware) known as a remote-access Trojan (Rat).
The software is typically downloaded when the unsuspecting user clicks a link, often through an email, infecting the computer with a hidden program that enables the hacker to access and use the device as if it were in front of them.
The FBI has used the technology for many years to monitor those who it says are suspected of serious crimes, including organised criminal groups and suspected terrorists.
Opportunistic hackers prefer a ‘scattergun’ approach, where innocuous-looking emails containing the dangerous links are sent to millions of people, some of whom will click on the links and download the Trojan.
The use of blackmail
Hackers will often sell access to the compromised computers to criminal groups for as little as US$1 for a single female, or US$1 for a hundred males.
A 2014 FBI investigation found that webcam hackers across the globe preferred the use of a piece of software known as ‘Blackshades’.
The malicious tool had been purchased by thousands of hackers in over 100 countries, and had infected at least half a million computers worldwide.
Former FBI Director James Comey recommended that all users simply cover their webcams with tape.
This is a method famously employed by Facebook CEO Mark Zuckerberg, who covers both the camera and microphone jack on his laptop with tape.
The growth of cybercrime in Australia
According to the 2017 Norton Cyber Security Insights Report, six million Australians were victims of cybercrime in 2017, a 13% increase from the year before.
Norton’s Territory Manager, Mark Gorrie, says many people consider themselves “low-risk”, and engage in risky behaviour such as sharing passwords and using the same password across multiple accounts. The Report found that 44% of Australians share their password with someone else.
America’s leading cyber security think tank, CSIS, and security firm McAfee, have identified Australia as a key target for cyber-attacks, which they describe as “relentless”.
“Cybercrime remains far too easy, since many technology users fail to take the most basic protective measures, and many technology products lack adequate defences,” McAfee’s CTO, Steve Grobman remarked.
The law in NSW
Part 6 of the Crimes Act 1900 (NSW) contains a range of offences relating to accessing computers without authorisation.
Section 308H of the Act prescribes a maximum penalty of two years’ imprisonment for any person who:
- causes any unauthorised access to or modification of restricted data held in a computer, and
- knows that the access or modification is unauthorised, and
- intends to cause that access or modification
‘Restricted data’ is defined as data held in a computer for which access is restricted by a system associated with a function of that computer.
Proceedings for the offence must be commenced within 12 months of the alleged conduct.
Section 308C of the Act makes it an offence to access, modify or impair a computer without authorisation intending to commit a serious indictable offence.
The section states that a person who causes any unauthorised computer function knowing it is unauthorised, and intending to commit or facilitate a serious indictable offence is liable to the maximum penalty of the intended offence.
A ‘serious indictable offence’ is one which attracts a maximum penalty of at least five years’ imprisonment.
The law on blackmail in NSW
‘Blackmail’ is an offence under section 249K of the Act which comes with a maximum penalty of 10 years’ imprisonment.
It is where a person makes an unwarranted demand with menaces with the intention of:
- obtaining a gain or of causing a loss, or
- influencing the exercise of a public duty.
A demand is ‘unwarranted’ unless the person believes that he or she has reasonable grounds for making the demand and reasonably believes that the use of the menaces is a proper means of reinforcing the demand.
The definition of ‘menaces’ includes:
- an express or implied threat of any action detrimental or unpleasant to another person, and
- a general threat of detrimental or unpleasant action that is implied because the person making the unwarranted demand holds a public office.