Victimisation of Cybercrime in the United Arab Emirates - Case Study Example

i. Abstract Information and communication technologies (ICTs) while has been providing a range of benefits to individuals, businesses, institutions and governments it provides a platform on which opportunities for criminal activities are conducted. This research focuses on cyber victimization in United Arabs Emirates (UAE). The research will provide the already growing cyber victimization problems in UAE and review theories that have been applied to the study of cyber victimization. The focus however, is to provide understanding on the impact of cyber victimization on victims as well as related technical, legal, professional and educational responses to cyber victimization. A number of law enforcement authorities in UAE have put strategies of combating a broad range of computer related victimization ranging from intrusions to property theft. This paper therefore reviews the current level of cyber victimization in UAE so as to understand the application of self-control as well as routine activity theory to the study of cyber victimization. The research recognizes that previous researches on cyber victimization has been based on broader context of responses victims provide in off-line settings this is why forms of cyber victimization will continue as new facets of ICTs continue to change. Therefore comprehensive research into dynamics, types, prevalence and impacts of cyber victimization is needed so as to inform legal authorities and victim service provision. Key words: Cyber Victimization, United Arabs Emirates, Cyber-Attacks, Cyber-Security, Controls Table of Contents i.Abstract 1 1.0.Introduction 3 1.1.Overview of cyber victimization in UAE 3 1.2.Framework of cyber victimization in UAE 4 1.3.Characteristics of cyber victimization in UAE 4 1.4.The profile of information technology victimizations’ criminal 5 1.5.UAE cyber victimization borderless 5 1.6.Gross damage 6 1.7.Literature Review 6 2.0.Research Methodology 11 2.1.Dataset Overview 12 2.2.Nature and patterns of cyber victimization 13 2.3.Trends on Business Sector 13 2.4.Main cause 14 2.5.Cyber victimization and the actors 14 2.6.Methods of detecting/discovering cyber victimization in UAE 15 1.0. Introduction 1.1. Overview of cyber victimization in UAE Contemporary findings discuss the dynamics of cyber victimisation in UAE [3; 5]. Based on the available statistics, cyber victimization in UAE has been growing and is anticipated to grow. Additionally, [1] reports that the trend is unpredictable due to the fact that cyber victimization is not may not be attacking anyone in particular but a group in general. What is known about cyber victimisation is that the regulatory body, Telecommunication Regulatory Authority (TRA) does surveillance of internet activities and censorship so as to mitigate cases of cyber victimisation activities within its jurisdictions and boundaries [6]. Currently, data and statistics on the prevalence, victims, offenders and demographics of cyber victimization are conflicting. [12] reports data and statistics released by [2] in 2012 regarding cases of cyber victimisation in United Arabs Emirates contradict information provided by Abu Dhabi’s State Security Apparatus (in most cases known as SSA). Alternatively, incidences of cyber victimization can be understood based on the Kaspersky official reports that have been generated from UAE. For instance, according to [13] statistics from Dubai shows a dramatic 80% increase in the number of electronic victimisation cases reported in 2014 compared to the year before. To underscore this figure, cyber investigation department of Dubai Police received a total of 1419 reports in 2013, 792 in 2012 and 588 in 2011 [7]. These figures and reports show that cyber victimization in UAE remains to be a challenge and proper analysis has to be conducted to underscore the thesis statement. 1.2. Framework of cyber victimization in UAE UAE have adopted the approach that has been considering such type of crime as a unique as well as special nature that requires special attention, legal framework and strategy to understand. In 2006 for instance, [9] reports that the first UAE law that aimed to provide the scope of cyber victimization was issued and though the aim was to provide strategies of dealing with the crime, it was seen as ICT’s UAE cyber law that was going to provide an understanding on the framework of the process of cyber victimization and the best strategies of dealing with the crime. UAE, just like any other country, has been facing tremendous development of the means of information technology and this has meant that there is difficulty when it comes to the detection of the gravity of cyber victimization [6]. What is currently known in UAE when it comes to cyber victimization is that people are greatly affected and the crime is derailing individual, institutional and State’s ability to effectively interact online. However, the extent of applying the existing legal rules in addition to the need to issue the newly drafted legislative underpinnings in the presence of the international agreements remains a challenge. This means that an understanding on cyber victimization in UAE requires that a research recognizes the characteristics thereof as well as explain how the characters of cyber victimization focus on the punishment of the committer thereof. 1.3. Characteristics of cyber victimization in UAE The characteristics of cyber victimization in UAE are not limited to internet. In as much as computers have been seen as tools for committing such crimes, [14] note that as a tool computer may commit different levels of victimisations offline. These include forgery or falsified obtaining of information stored in a given computers. In addition, cyber victimization as reported in UAE goes beyond the use of computers. For instance, [15] note that UAE is in the verge where phones are used as tool for victimizing others. However, this study focuses on Internet victimization where use Internet and computers to facilitate or commit the crime. Research has shown that the Internet is the link between all potential links such as companies, individuals, banks who fall victims in most cases. It therefore means cyber victimization in UAE is characterized by a connected computer targeting to victims different categories of people. 1.4. The profile of information technology victimizations’ criminal Cyber victimization is approached differently as compared to other nations owing to its culture and the rate of adoption of e-commerce [11]. That is, UAE is high cultured country meaning that in as much as the government has been making steps in establishing e-commerce platforms, not every person has had the will to engage in online transactions. Based on this understanding, the most significant features of information technology victimizations’ criminal are the wider experience as well as knowledge of Internet and computer in general and the targeted victim in particular. Cyber victimization in UAE cannot only be attributable to internet crimes but a common aspect in all information crimes including cyber victimization [9; 11]. 1.5. UAE cyber victimization borderless An element to understand before providing data on cyber victimization in UAE is that the act links different countries together naturally in as much as offenders and victims may be located in UAE [1]. Cases of victimization that have been targeting UAE and those that have been committed from UAE were borderless and may not have acknowledged time or place elements or legal factor. This makes it interesting to understand how possible in will be to recognize demographics of cyber victimization and strategies that can be used to understand the dispersion of international coordination and investigation to trace victims and offenders. 1.6. Gross damage Cyber victimization cases have been diverse in UAE recently [2]. This means that as an aspect of cyber-crime, cases of victimization have had serious implication on the victimization. The resulting losses are growing when compared with traditional crimes, more so, when repute, money, fame and social status is concerned. Additionally, an understanding of the crime in UAE should recognize the fact that the offenders have been those termed as ‘mane classes’ which even complicate the research on cyber victimization in country where predicting the suspect will become a daunting task. Thirdly, the process of cyber victimisaiton as reported in cities such as Abu Dhabi have been involving unfamiliar behaviors thus causing further damage to the victims and economy at large [3]. 1.7. Literature Review As mentioned in the previous section, the process of cyber victimization in UAE is dynamic. Research do not agree on a single strategy offenders use to victimize their victims [15]. What is known however, is that there are statutory systems in UAE that have been keen to establish the process of cyber victimization and criminalise a number of acts or words that affect public morals, ethics, and public order through the use of Internet or any other modern means technology. However, what is missing from these researches is whether there is legislations or a policy that has been set to formulate the offender’s victimizing words in specific legal provisions. There is therefore a need to specify the criminal act to individual offender because researches from scholars such as [14] have merely generalize the process thus providing ambiguity in the process. One dimension of cyber victimization takes is the electronic mail (E-mail). E-mail is one of the most effective communication tools in UAE as a civil society but the messaging style has since taken a different dimension thus characterized by elements of victimization [1]. According to Law No. 5 for the year 2012, amending the UAE Information Technology Crimes Act has since added incorporated a new paragraph in the previously existing laws that limit the extent to which E-mail can be used. Based on this, researches have shown that spamming email is regarded as the most traded way of victimizing or trespassing databases. It has to be noted that owing to the recent case of offenders refusing to report, cyber victimization in UAE may not mean that trespassing within the context of spams means victimizing the Internet. Law No. 5 for the year 2012 is already bringing confusions and dilemma. Within the context of UAE, the concept of cyber victimization is still multifaceted. What can be considered as victimizing in other countries is treated differently in accordance with legal structures in UAE [10; 5]. There are several crimes that sum up cyber victimisation. This is exactly what previous researches have failed to delink---failing to break down elements of cyber victimization so that each can be linked from the law and societal expectations. Cyber victimization common in United Arabs Emirates and United Kingdom UAE include online blackmailing, forgery, embezzlement and theft. What is missing however is the assessment to ascertain whether laws in United Arab Emirates are general in approaching different levels of victimisation. There are specific sections within Computer Misuse Act 1990 (CMA) and Police and Justice Act 2006 which deal with specific crimes as listed above. The general explanation of cyber victimisation fails to understand specific sections of the two laws thus denying the understanding that cyber victimisation is the consequence of information technology infrastructure which includes illegal access, interception, and interference with the data, interference systems, and others. This has been complicated by different definitions given to cyber victimisaiton including by the U.S. National Academy of Sciences, which defines the concept as “deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks”[7, 12]. The study considers the definition contradicting the underpinnings of different legal provisions including Computer Misuse Act 1990 that sees cyber victmisation in UAE as dedicated attacks that aim at a specific user, company, or organization to gain access to the critical data in a stealthy manner. Another motivator for the research to be done regards information provided by different ministries on trends and incidence of cyber victimisation in UAE. Initial data from [4] indicates that about 45% of cyber victimisation and incidences of computer related extortion and misuse are neither recognized nor punished by law every year because such laws have not been ratified to deal with specific aspects of crime thus making it difficult to succinctly deal with victimisation. This new statistics narrows this proposal to consider tenets of cyber victimisations since they only present a given partial picture to be termed as cases or incidences of cyber victimisations. In as much, data from Ministry of Justice shows that far more people have in fact been sentenced under different Acts for having committed cyber victimisations. A reported released by [8] indicated that cyber victimisation in UAE takes the steps as outlined in figure 1 below. According to the figure below, the crime begins with criminal marked 1 and stretches to legitimate compromised websites and victims. Figure 1: Stages of cyber victimisation in UAE From the figure above it is apparent that criminals positioned 1 are often not the only ones to blame for the success of the victimisation. Unaware people, faulty processes and technology vulnerabilities usually play an important part in collecting useful information, preparing and deploying the attack as shown in numbers 3, 4 and 5. 2.0. Research Methodology Based the literatures that have been reviewed thus far, this study will be based on two approaches. The first approach will be theoretical in nature whereby previous research findings will guide the decision made in this research. That is, it will rely on already established data, statistics and frequencies on cyber victimization in UAE. The literatures reviewed have offered different understandings regarding the definition of cyber victimization, the trend in UAE and policies and strategies that have been adopted to understand cyber victimization. These findings will be essential in developing a conclusion regarding the research. Secondly, the research will be empirical in its approach. The research will design research tools that will be used for data collection. These data will then be analysed statistically and findings on cyber victimization interpreted using statistical software such as SPSS or ANOVA. To work a sample study that will offer reliability and validity, the research has identified a total of 20 financial institutions, 20 religious organisations, 20 non-governmental organisations and 50 individuals picked from different sectors of economy within UAE. The analysis on the sample study will aim at providing directions on incidences of cyber victimization, purposes and aims of the offenders, extent of harm to the victims, patterns of action to the offenders and the nature of attacks. Other elements that will be captured in the process of data collection and analysis will include the targets such as business sector, country, revenue level, and number of employees, vulnerabilities that allowed the attack to take place, impact and estimated damages. The research tool for analysis of the data collected will be Microsoft Excel and where extensive analysis will be needed SPSS package or ANOVA will be incorporated. The main aim of using the data analysis tools as specified will to help in the understanding of cyber victimization in UAE under agendas that have been mentioned above. Importantly, the data will provide an insight regarding correlations between individual, business, organisations and cyber victimization. Data as they will be tabulated and interpreted through graphs and charts will help the research understand any statistically related patterns, correlations and frequencies regarding the thesis statement. 2.1. Dataset Overview For consistency and reliability of the dataset for analysis, two sources will be used to gather the relevant data other than the interviews that will be collected from persons identified earlier. The first source will be from MONDAQ database regarding instances of cybercrime in UAE. In as much as the site has generalized all instances of cybercrime, relevant data concerning cyber victimization will be identified and grouped accordingly. Based on the trend, there are 2,532 reported cases of cyber victimization from different sources. This information can be found here http://www.mondaq.com/. At the time of accessing the site these data were randomly gathered from different sources such as banks, businesses, organisations and individuals. Secondly the data was collected from VERIS Community Database which can be accessed from http://vcdb.org/. By the time of visit the database had about 4821 instances of cybercrime reported as cyber-attacks. Just like it was the case of MONDAQ data on cyber victimization will be selected and grouped so as to conform to research objectives. For reliability and validity of the data analysis, the data on cyber victimization will be cleansed and grouped according to preference, areas of occurrences, people attached, frequencies and time of attack. Grouping of these data will therefore be as follows; 2.2. Nature and patterns of cyber victimization There were a total of 6 nature and patterns that were available for the grouping of cyber victimization. Three were identified from MONDAQ and the other three were identified from VERIS Community Database. VERIS Community Database recorded a case of cyber-espionage where instances of victimization were based on access denials. People threatened or victimized through messages when they were making attempts to access or block unauthorized accesses. The ultimate goal of the process was to espionage. MONDAQ on the other hand recorded instances of misuse of privileges. These were cases where those with full access to a given department or webpage were victimization their juniors or sending unauthorized messages intending to victimize, solicit for favours or demean. Both MONDAQ and VERIS Community Database recorded instances of victimization on payment card skimmers. That is, data description on both sites indicated incidences of victimization to have certain information provided regarding payment cards. 2.3. Trends on Business Sector Both sites have categorized business entities not with their names but by the type of industry or services they engage in. The sectors are as listed below; Educational services--- MONDAQ and VERIS Community Database recorded 21 and 33 cases respectively. Information---- MONDAQ and VERIS Community Database recorded 12 and 18 instances respectively Food services and accommodation--- MONDAQ and VERIS Community Database recorded 22 and 24 respectively Manufacturing--- MONDAQ and VERIS Community Database recorded 11 and 16 respectively Retail trade--- MONDAQ and VERIS Community Database recorded 21 and 18 respectively. 2.4. Main cause This was considered to give answers to questions such as: why did the offender decide to victimize? What were the elements or enabling factors that necessitated attach? Based on the two sites identified, the following causes were ranked leading; There were causes that were as a result of random error from the offender towards the victim There was also a case of unavailable or inadequate personnel or staff Faulty process in places of work or in public computers The other problems were due to lack of technology. That is, there were faulty technology resources, network, systems or insufficient technological resources. 2.5. Cyber victimization and the actors Instances of cyber victimization in UAE were enabled by three actors. All sources of data/ MONDAQ and VERIS Community Database recorded these actors as; Internal actors---these included instances where the offender or the person/group of persons intending to victimize is coming from the scene or crime/the entity or organization from which instances of victimization occurred. External actors---unlike internal actor, external ones are people outside the crime scene. That is, the attackers are not members of the victims or sharing anything in common with the victim. Business partner---this is the case where the offender is not a family member neither business associate but has had some business before with the victim. As noted before, categories of cyber victimization were different and therefore tools and techniques used differed from one element of victimization to another. Social interactions---this include social interaction platforms such as Instagram or Twitter. Hacking---this include all attempts to access given information without permissions or authority. Malware---victimization at this level incorporated code or program run on a device without the user’s consent or even awareness. 2.6. Methods of detecting/discovering cyber victimization in UAE This included all the channels, individuals and parties who necessitated the detection of the attack. The research compiled the following sources. External methods –these included customers where the attack was reported by a customer or business partner directly or indirectly affected by the incident. External methods – these included the process of auditing: the attack was detected by a form of external audit such as security personnel. External sources – this incorporates process of monitoring: In most cases, this will include the detection of attack through the external security services Internal assessment – the process ranges from fraud detection to internal auditing process: the attack was detected by the internal fraud detection system/service. TO FOLLOW SHORTLY PRESENTATION OF DATA DISCUSSION OF THE DAT IN 2-3 DAYS References [1] Frith, U., & Frith, C. D. (2003). Development and neuropsychology of mentalizing. Philosophical Transactions of the Royal Society Biological Sciences, 358, 459–473. [2] Flewitt R, Conducting research with young children: some ethical considerations. Early Child Development and Care, 175(6), pp. 553–565. (2012) [3] Davis, M. H. (2010). Empathy: A social psychological approach. Madison, WI: Brown & Benchmark Publishers. [4] Bruce, V. (1994). Stability from variation - the case of face recognition. Quarterly Journal of Experimental Psychology Section A-Human Experimental Psychology, 47(1), 5-28. [5] AlKaabi, A. (2014). Strategic framework to minimise information security risks in the UAE. [6] Aloul, F. (2010, November). Information security awareness in UAE: A survey paper. In Internet Technology and Secured Transactions (ICITST), 2010 International Conference for (pp. 1-6). IEEE. [7] Baggili, I., Al Shamlan, M., Al Jabri, B., & Al Zaabi, A. (2013). Cybercrime, Censorship, Perception and Bypassing Controls: An Exploratory Study. In Digital Forensics and Cyber Crime (pp. 91-108). Springer Berlin Heidelberg. [8] Singh, A. J., & Bhardwaj, A. Android Security: An Overview of Risks and Security Measures. [9] Al-Khouri, A. M. (2012). eGovernment strategies: the case of the United Arab Emirates (UAE). European Journal of ePractice, 17, 126-150. [10] Bamatraf, S. O. (2014). Assessing the Level of Knowledge About Cybercrimes Among Young Adults Within the United Arab Emirates. 2014 NCUR. [11] Alkaabi, A., Mohay, G., McCullagh, A., & Chantler, N. (2011). Dealing with the problem of cybercrime. In Digital forensics and cyber crime (pp. 1-18). Springer Berlin Heidelberg. [12] Decety, J., & Jackson, P. L. (2004). The functional architecture of human empathy. Behavioral Cognition Neuroscience Review, 3, 71–100. [13] Eisenberg, N., Fabes, R. A., Carlo, G., Speer, A. L., Switzer, G., Karbon, M., & Troyer, D. (2010). The relations of empathy-related emotions and maternal practices to children’s comforting behavior. Journal of Experimental Child Psychology, 55, 131 150. [14] Fienberg S, and Kadane J, The presentation of Baysian Statistical Analyses in Legal Proceedings. The Statician, 32: 88-98. (2009) [15] Finkelhor, D., Mitchell, K., & Wolak, J.(2000). Online Victimization: A Report on the Nation's Youth (No. 6-00-020). Alexandria, VA, National Center for Missing & Exploited Children. Read More