A Wine Critic’s Guide to Defining Cybercrime

by Jonathan Lusthaus

When we talk about cybercrime, there is often one point that is easy to gloss over. This is a foundational point: what actually is cybercrime? Like many definitional discussions, heading down this rabbit hole can lead to a quagmire. The purpose of this post is to walk through some of the issues involved, though it may not quite provide a path out of the hole…

Since early discussions of cybercrime, a key conceptual debate in demarcating what is (and is not) cybercrime has been whether cybercrime constitutes a new frontier of crime or simply existing types of criminality taking a new form in a novel online environment. In examining these issues, social scientists have taken a particular liking to wine metaphors. On one hand, David Wall has argued that cybercrime is a case of “new wine, but no bottles”, such is the novelty of cyberspace and the new crimes that it supports. On the other hand, Peter Grabosky wrote an article with the title “Virtual Criminality: Old Wine in New Bottles?”. Here the argument was that cybercrime is nothing particularly new:

‘[V]irtual criminality’ is basically the same as the terrestrial crime with which we are familiar. To be sure, some of the manifestations are new. But a great deal of crime committed with or against computers differs only in terms of the medium. While the technology of implementation, and particularly its efficiency, may be without precedent, the crime is fundamentally familiar. It is less a question of something completely different than a recognizable crime committed in a completely different way.

While the discourse has evolved, the essence of this debate remains. Some consensus has now formed around defining cybercrime broadly: not as a particular subset of crimes, but rather as a range of illegal activities taking place within the realm of cyberspace. Yet the distinction between new and old crimes continues to find a place within this approach. A number of scholars and practitioners differentiate between those cybercrimes that are “traditional” crimes facilitated and enhanced by new technologies (cyber-enabled or assisted crimes such as fraud or theft) and those cybercrimes that could not exist without these new technologies because computers or networks are usually the target (cyber-dependent or focused crimes – such as computer/network intrusion, DDoS attacks and the spread of malware). These types of crime are sometimes known as “pure” cybercrimes.

This distinction has proved popular among both scholars and those within the policy and law enforcement communities. But it is unclear how useful this divide is in understanding how cybercrime works and how cybercriminals operate in practice. At their heart, crimes are those things which have been criminalised by various legal systems – they do not necessarily have an independent theoretical underpinning. Laws might make specific acts against computers and networks illegal, but this often means the use of new tools against new targets has been criminalised rather than the behaviours behind them.

The older criminal motivations remain. For instance, intrusions and the spread of malware can facilitate theft or vandalism, while DDoS attacks might be the tool of an extortion ring or employed in support of a political agenda. In practice, it would be unusual for one of these “technical” crimes not to be linked to some broader motivation and a more traditional crime type (theft, fraud, extortion, harassment, vandalism, espionage and so on).

In legal terms, the distinction between traditional crimes in cyberspace and pure cybercrimes continues to be a relevant one because it allows the criminalisation of nefarious activities that might be difficult to prosecute under existing laws. But in understanding cybercrime in more “human” terms, the distinction appears less helpful. When trying to make sense of the actors involved in cybercrime, the motivation behind the crimes should probably matter more than legal technicalities. When focusing on motivation, the division between old and new cybercrimes might collapse in on itself.

Ultimately we have to stop and think about why cybercrime is of interest to us as a subject of study. If we are curious about the structure, organisation and characteristics of cybercriminals, then our true interest probably lies in how new technologies may (or not) be changing the nature of crime. Definitions should reflect this and may be suitably broad, conceptualising cybercrime along the lines of illegal behaviours that make use of electronic devices and networks. There may be no need to get bogged down sub-categorising new and old types of cybercrime.

Of course the danger with this “loose” approach is that cybercrime could come to mean almost any crime, as technology pervades so many aspects of modern life. So it would also be sensible to specify that the use of such technology is central, rather than tangential/peripheral to the crime. As the diffusion of technology continues so far unabated, whether this distinction itself will collapse over time remains to be seen. Then we will truly know whether we are drinking new or old wine, or some kind of blend.