On September 3rd, 2015 the TV show Envoyé Spécial, on the France 2 television network presented a report on cybercrime titled: Your ruin is just a click away. It tells of a now common story of French citizens who were victims of an internet enabled scam. In this case, the scam has its origins in Israel and virtually travels through Cyprus and Bulgaria to reach France. Criminals, the journalists tell us in the report, with apparently legitimate websites, take advantage of the lax complacency of the Cypriot authorities to enter the European economic zone. Between 2009 and 2012, online illegal trading sites made more than 13,000 European victims, who lost in excess of 175 million euros. On the Internet, there are dozens of sites offering low-risk financial investments with quick and guaranteed returns. They have the appearance of respectability and are sometimes well established. Yet all should know, especially after the many financial scandals of recent years, that a call for quick and guaranteed earnings is a signal to be wary of. Yet, the number of victims remains significant and continues to grow. But, as in the pyramidal scam of Charles Ponzi, in the early 20th century, greed, naivety, lack of understanding of financial markets, the complexity of investment products and the mismatch between regulations and technological change create a breach in which criminals find vulnerabilities to exploit for their benefit. Today, all this happens at the speed of the electron, quickly spanning the planet on the network of networks, the Internet.
In France, the market regulator, the Autorité des marchés, like its European conterparts, warns against this type of scam, but nothing works. Likeable criminals are experts at manipulating their victims who happily give them their money, convinced to be in the presence of Midas who turns everything into gold. The Europol Internet Facilitated Organized Crime Threat Assessment (iOCTA) report predicted in 2011 that there would be an increase in cybercrime targeting EU citizens in the coming years:
« The EU is a prime target for cybercrime due in part to its advanced Internet infrastructure, large numbers of Internet users, and the growing involvement of the Internet in business transactions and payment systems. The pace and sophistication of technological change explain that cybercrime is constantly changing. New technological trends, such as the rise of cloud computing and the increased use of mobile devices, create other threats for users and amplify the challenges that law enforcement faces. «
As Clough (2011) explains, technologies that allow us to collaborate virtually and share knowledge are at the heart of cybercrime. By their nature, information technologies (IT) offer great benefits to humanity, but they also have a dark side. Cyberbullying, cyberdependence, cyberpedophilia and cybercrime, to mention only these, are the extension in the digital world of the perversions and malice of man. In this essay, we will focus on cybercrime, a topic that concerns me as a business technology management and cybersecurity specialist.
The main objective of this article is to compare cybercrime in Europe and Canada, from literature and anecdotal experience. After defining the problem, this essay examines and compares the solutions being implemented in Europe and in Canada.
Definition of cybercrime
According to the Royal Canadian Mounted Police (RCMP), cybercrime can be any type of crime committed by using the Internet and IT. These are crimes that may use computers, PDAs or mobile devices. Cybercrime also refers to crimes that exploit the flaws of digital technologies. According to Clough (2011), cybercrime incorporates a broad set of offenses that use IT. Cybercrime can be divided into two broad categories:
- offenses where technology is the target – that is, criminal acts targeting computers and other IT, for example, to gain unauthorized access to data for the purpose of using the data for undue profit, to divulge, alter or delete data;
- offences where technology is the instrument – that is, criminal acts committed or facilitated through the use of the Internet or IT, such as fraud, identity theft, theft of credit card numbers, intellectual property theft, money laundering, drug trafficking, human trafficking, organized crime activities, child sexual exploitation or cyberbullying.
Cybercrime has a lot in common with classical crime. In analysing an act to assess if it is criminal, a prosecutor seeks to determine if there is mens rea: criminal intent. Daoud (2013) mentions that in French criminal law, « no one is criminally responsible except for his own doing » and « there is no crime or offense without intent to commit it ». Thus, in order to convict an accused, the court must establish beyond a reasonable doubt that an accused individual is personally liable for all the material and intentional elements of the crimes he is charged with. Without this, the crime is attenuated, even legitimized. Weigend (2013) reminds us that the negligence of the IT technicians of a company who have poorly protected an information system (IS) could be the source of a cybercrime committed by a user in spite of himself. Hense, it would not be fair to condemn this unlucky user.
Crime can also be explained with the MOVE model based on Cohen and Felson’s Routine Activity Theory: Motive, Opportunity, Value and Escape. Every criminal committing a crime has a motive, a justification which will appear rational to him to perpetrate a criminal action (Motive). He must have an opportunity to commit the offense. The opportunity exists, for example, if it is in the same location as the victim. He needs to gain an advantage (Value), financial or otherwise perceived as advantageous. Finally, if he considers that he will be able to escape (Escape), to avoid getting caught, not to suffer unacceptable effects or estimate that the control mechanisms are deficient (for example the lack of guard or an unlocked lock), then he will proceed to the commit the crime. Obviously, all this is subjective. That is to say, it is perceived by a potential criminal perpetrator with a whole list of possible biases and dissonances (eg cognitive dissonances, bias of optimism, etc.). From the work of Clough (2011) and Ekblom (2008), we identify the main distinguishing features of cybercrime in relation to classic crime.
- Scale: The Internet allows users to communicate easily and inexpensively with more than 3.1 billion internet users living in what McLuhan called the Global Village. This network creates new trading spaces and catalyzes innovation and creation, as well it creates opportunities for illicit gains. In addition, there are more than 10 billion connected objects of all kinds. Even worse, the network is growing; for example in China, the number of Internet users grew by 4% (24,021,070) in 2014, while in India the increase was 14% (29,859,598) for the same period. This also creates an interesting hunting ground for criminals. As the number of users increases, in absolute numbers, the number of potential cybercriminals also increases.
- Accessibility: The adoption of Information and Communication Technologies (ICT) and Internet use continue to increase in most countries. Ways to access the Internet are increasing and are becoming more user-friendly. In addition to computers, you can use smartphones, smart TVs, connected devices and more and more ITs that are easier to use for both legitimate users and cybercriminals. The connection becomes less and less expensive: from 0.02 $ US / Mbps in Romania and Japan, it costs 69 $ / Mbps in Greenland. High speed access to the Internet is today available on the oceans, Antarctica and even on the international space station
- Anonymity: an obvious advantage if one wants to hide deviant behavior, the Internet offers several opportunities for real or perceived anonymity, depending on the user’s abilities and its access to anonymization tools. From a simple Gmail account opened under a false identity to the DarkWeb subnet, sophisticated means allow the use of encryption, proxy servers, fake IP addresses and anonymization tools more and more. accessible to the uninitiated
- Portability: it is easy to store large amounts of data in a small space, to reproduce them or to move them very quickly without appreciable decrease in their quality. The computing power of the most powerful computer on the planet in 1990 can now fit in your pocket:
- Globalization: cybercriminals can act via the Internet on a global scale. Despite this, criminal law is generally limited to the territorial jurisdiction in which the offense was committed, which is often difficult to establish.
Cybercrime poses many challenges for police, prosecutors and judges. The skills of cybercriminals combined with their access to tools and software provide the motive to perpetrate an action. The scale of the network and accessibility to ICTs give them the opportunity to act. They find many benefits (Value), whether monetary or psychological. The relative anonymity of the Internet, the globalization of crime, the portability of data reinforces the cybercriminal belief that it will be reasonably able to not get caught (Escape). The cybercriminal, hidden behind his screen, may even dissociate completely from the victim, giving him the illusion of a crime without innocent victims. In his delirium, he will push the cognitive dissonance to take himself for a Robin Hood, for whom it is justified to take to the rich or challenge states. Some cybercriminals are also motivated by struggles they believe are « right », but they are still illegal: cyberactivism, jihad, anti-globalization or environmental struggle. It is difficult to estimate the total cost of cybercrime for a set of reasons. Indeed, loss of reputation, shame or commercial secrecy are some of the reasons why many cyber crimes are never reported to the authorities. For individuals who are victims of cybercrime, in addition to financial damage, loss of confidence, guilt and psychological disorders are almost impossible to quantify. Anderson et al. (2012) developed a model for estimating the cost of cybercrime. They estimated the overall cost, from criminal revenues, direct and indirect losses as well as incident prevention costs, to just over $ 150 billion. We present the main elements relevant to this test in Table 1.
|Cybercrime Categories||Global Estimate (millions of US$)|
|Online Banking Fraud||1 690|
|Payment card Fraud||2 783|
|Infrastructure, Cybersecurity Technology and Post-Incident Rehabilitation||24 840|
|Classic crime that becomes cybercrime||150 200|
Tableau 1 : Estimation of the cost of cybercrime
We believe, however, that these figures only show the tip of the iceberg. Indeed, cybersecurity software and services provider McAfee (2014) estimated the true cost between US $ 375 billion and US $ 575 billion, while its main competitor, Symantec, estimated it at US $ 113 billion. 2013 McAfee (2014) suggests that a cost of cybercrime and cyber espionage of less than 2% of GNP would be acceptable.
The trichotomy of cybercrime
As mentioned, cybercrime encompasses many types of crimes that use IT as a tool or target. As soon as a criminal intent takes shape, the neophyte as well as the initiate can obtain, acquire or create tools that will assist him in the execution of the offense. Taking advantage of the naivety of some, the lack of technical skills of others, bugs or vulnerabilities inherent in IT, the cybercriminal will easily find opportunities to exploit these flaws. The model of the trichotomy of cybercrime illustrates the complexity for police forces and law enforcement officials of this multidimensional issue.
Figure 1: The trichotomy model of cybercrime
The red triangle represents the number of cybercriminals. The green triangle represents the sums or the monetary value of profits made per incident by cybercriminals. The blue triangle represents the number of victims.
At the bottom of the figure is a large number of low-skilled cybercriminals who extort small sums of money from a large number of uninformed and poorly protected victims. For example, a small bandit sends millions of emails to phish his victims to obtain credit card numbers to sell them from $ 10 to $ 25 on DarkWeb. At the top, a small number of highly competent cybercriminals implement sophisticated plans, gain the trust of their victims through social engineering and innovate to extract large sums from a small number of victims despite being well informed. well protected and have put in place risk mitigation measures. For example, the theft of GBP 650 from a hundred banks by a group of Russian hackers discovered in 2015, but which took two years to plan and execute.
The gray arrow in the center indicates the actions of law enforcement officers. It is helpful to understand that cybersecurity is a three-pronged field of action: prevention, protection and punishment. At the bottom, prevention actions, such as user and organizational awareness, are put forward. They will encourage individuals and organizations to put in place protective measures (firewalls, antivirus, etc.) to mitigate risks. Finally, when prevention and protective measures are ineffective, punishment may be a last resort. But before punishing, you need a culprit. Investigations are limited to the top of the figure, ie where cybercrimes with large impacts are found. Given the limited resources of police forces, it is easy to understand why they limit their actions to categories of crimes – particularly hate crimes (cyber pedophilia, terrorism), more publicized (recruitment of jihadists) or against interests. (cyberwar, cyberespionage).
Warusfel (2010) reminds us that realizing that the transfer of our business activities to the IT world creates inherent risks is not new. The report of the Swedish SARK commission on the vulnerability of the computerized society was carried out between 1977 and 1979. It is regarded as a pioneering work in this field. This report did not merely identify the intrinsic vulnerability of information systems (IS), but took into account the consequences of these failures on the functioning of the social activities that depend on them. He concluded that major IS attacks that could affect the community could occur not only in a crisis or war, but also in times of peace. While the detailed analyzes of this report are less relevant, the typology of risk factors remains. She distinguished the following risk factors:
- criminal acts against the IS;
- the political use of certain forms of trade restrictions or sanctions on the provision of sensitive technical elements;
- acts of war affecting IT infrastructures;
- natural disasters or accidents;
- the existence of files containing confidential information susceptible of unfair or unlawful use;
- special sensitivity of certain systems used in major economic, financial or logistical activities;
- geographical and functional concentration of IS, in certain areas vulnerable to attacks or accidents;
- integration and interdependence between systems, which can lead to propagation of failures;
- accumulation of large volumes of data whose compilation and crossover can lead to intelligence operations;
- Inadequate and inadequate training of users and businesses in relation to risks and safety practices.
The human factor
We must emphasize one aspect of this last risk factor, deficient and inadequate training. A large number of users do not have sufficient skills to protect themselves effectively from cybercriminals. It was true in 1979 and still is today. In addition, the scale and accessibility of the Internet means that there are a large number of users who can become victims of cybercrimes. The opportunities are great for cybercriminals, who can find victims everywhere. While there are cultural differences between Canadians and Europeans that will have an impact on risk perception, risk decisions and risk appetite associated with new technologies, the fact remains that all those who grew up before the democratization of the Web, around 1994, will be more vulnerable.
Even if the model of the trichotomy of the cybercrime teaches us that they will undergo damages or losses relatively less important, it remains that, cumulated, they will be substantial. There is a great opportunity for cyber criminals motivated by the lure of profit to take advantage of the lack of skills of users, in their use of personal or professional IT, at home or in the office. The result is ultimately a wide breach. In addition, cybercriminals are more likely not to suffer the consequences of their actions or to perceive the risks of being apprehended to be very low. All elements of the MOVE model are at the rendezvous with Internet users. While states may implement safeguards to limit opportunities and punish cybercriminals, it remains difficult to establish effective crime prevention programs for millions of their citizens. , Internet users. This creates a large window of opportunity in this area of vulnerability. States can act more effectively on the protection of critical infrastructure, often under their direct or indirect control. Businesses, on the other hand, are motivated by the risk of direct and indirect financial losses. The possibility of losses will allow them to justify the financial means necessary to put in place adequate protection systems and to hire specialists who will be able to identify and mitigate the unacceptable risks. But for the average user, this is always problematic. He will always be the weakest link in the chain. Even in a business, a single bad decision of a single user can open a breach allowing the cybercriminal to sneak in, despite all the measures put in place. This is what makes the human – the user, the risk factor the most difficult to circumscribe.
Cybercrime in Canada
In terms of information technology, Canada benefited from its economic and geographic proximity to the United States. Canada was the first country outside the United States to be connected to the Arpanet network, the ancestor of the Internet. In 2017, the Internet is used by 90.1% of the Canadian population, representing more than 33 million users. According to the RCMP (2014) report, cybercrime incidents in Canada are difficult to assess and are not often reported to law enforcement. However, according to RCMP statistics, cybercrime continues to grow in Canada. Symantec estimates that 2% of global cybercrime targets Canada. In 2016, the most recent official data available, 23 996 cybercrimes where reported. This represented a rate of 68 cybercrime cases for every 100,000 inhabitants. This is a significant increase from 2012, when 9,084 cybercrime incidents, 33 per 100,000, were reported by police services serving 8035% of the population of Canada. Data from Statistics Canada indicate that Fraud accounted for the majority of cybercrimes in 2016. Next come offenses against people (threats and intimidation). Finally, sexual offenses, including cyber pedophilia and incitement to sexual acts, account for 16% of cybercrimes. According to Symantec, Canada ranks 10th in the world as the point of origin for cybercrime, far behind the United States (1st) and China (2nd).
|Crime in Canada||2014||2015||2016||2016%|
|Homicide and other related violations||0||0||0||0.0%|
|Other non-violent violations||4||8||27||0.1%|
|Utter threats to property or animal||33||45||48||0.2%|
|Breach of probation||39||39||68||0.3%|
|Invitation to sexual touching||160||109||77||0.3%|
|Offences against the person and reputation (Part VIII Criminal Code)||103||110||89||0.4%|
|Other Criminal Code||78||141||95||0.4%|
|Other violent violations||49||69||149||0.6%|
|Fail to comply with order||103||156||225||0.9%|
|Non-consensual distribution of intimate images||0||97||295||1.2%|
|Luring a child via a computer||931||850||1,108||4.6%|
|Making or distribution of child pornography||0||850||2,886||12.0%|
Because only a portion of cybercrimes are reported to authorities, it should be noted that these 2012 statistics only provide some of the information. Other studies and reports reveal increases in some aspects of cybercrime in Canada. For example, in 2013, the Canadian Anti-Fraud Center (CAFC) received more than 16,000 complaints of computer fraud (email scams or web scams), representing losses of more than $ 29 million.
The fight against cybercrime in Canada is multi-layered: federal, provincial and municipal. At the federal level, Canada established the Canadian Anti-Fraud Center in 2010, a joint initiative of the RCMP, the Ontario Provincial Police (OPP) and the Canadian Competition Bureau to combat cyber-fraud and fraud. by mass marketing. It is the central repository for fraud data, information and documentation in Canada.
The Criminal Code of Canada, a federal statute, is the main criminal law law that is applied in all provinces and territories of Canada. It has long contained general provisions on telecommunications that enable it to combat cybercrime. In practice, these provisions are little used, while criminals who use networks to commit illegal acts are rather prosecuted for fraud, theft and other mischief. In March 2015, the Protecting Canadians from Online Crime Act came into effect. This law provides police forces with specialized investigative powers to help them combat the sexual exploitation of children on the Internet, and to monitor the online activities of organized crime. In October 2010, the Canadian government launched its National Cybersecurity Strategy. Its goal is to improve the protection of individuals, industries and governments from coast to coast to coast against cyber threats. The RCMP is responsible for cybercrime investigations for federal departments and agencies, the national defense sector, certain areas of federal jurisdiction, including banks, in provinces that do not have provincial police and in the regions. rural areas of these same provinces. In fact, given its limited resources in the field, it intervenes only in high-profile cases or cases of pedophilia. In Quebec, the Sûreté du Québec is responsible for the application of the Criminal Code in rural areas and small municipalities. In 2003, it created a small squad specialized in cybercrime. Today, this squad has fewer than 200 agents. Like the RCMP and for the same reasons, it only intervenes in high-profile cases or cases of pedophilia. The municipal police is active in the major municipalities of Quebec, but has very few active resources in cybercrime and is content to register complaints. In this case too, she intervenes only in high-profile cases or cases of pedophilia.
Canada signed in 2001 and ratified in 2015 the Convention on Cybercrime of the Council of Europe, the Budape Convention
Cybercrime in Europe
The estimated number of Internet users in Europe in 2017 is just over 659,634,487 internet users, or 80.2 %of the population of 825,824,883 individuals. In the European Union, there are 433 651 879 users (85.7% of the population). Table 2 shows the ten EU countries with the largest number of Internet users.
|( 2017 Est. )||30-Jun-17||(% Population)||% Table||30-Jun-17|
|Europe||822,710,362||659,634,487||80.2 %||17.0 %||343,273,740|
|World||7,519,028,970||3,885,567,619||51.7 %||100.0 %||1,979,703,530|
Table 2: Internet users in Europe
The European territory has fast and reliable IT infrastructures, making it a fertile ground for cybercriminals. In addition to finding a critical mass of potential victims, they use it to host malicious content and launch attacks on targets inside and outside Europe. Security software vendor Symantec estimates that 2% of global cybercrime targets targets in Germany, 5% in the UK and 3% in France. According to the annual security roundup 2014 of the software publisher Trend Micro, the EU hosts about 13% of malicious Internet addresses. The Netherlands is the main source, followed by Germany, the United Kingdom and Portugal. Germany, the United Kingdom, the Netherlands, France and Russia host the most important control and command services for cyberattacks on infrastructure and phishing attacks. Italy, Germany, the Netherlands, Russia and Spain are also among the world’s leading sources of spam. Norton has estimated cybercrime in Europe at US $ 13 billion in 2013.
Since the creation of the European Community, efforts to harmonize laws and collaborative arrangements between law enforcement agencies have been undertaken. As early as 1991, the meeting of TREVI Ministers had already observed the need to study the effects of the legal, technical and commercial evolution of telecommunications. Their efforts are focused on changing the rules governing the interception of communications in criminal investigations. A European Cybercrime Committee was established in 1997 following a G8 decision and UN discussions on the rise of cybercrime. This European committee has produced numerous reports and sets of rules relating to this issue. He started to promote European cooperation on the issue of cybercrimes. The result of this work was the Council of Europe Convention on Cybercrime, better known as the Budapest Convention, signed in 2001. Originally thought of as a European document, it soon became the main instrument of the international cooperation in the fight against cybercrime. It puts in place mechanisms for the collection, storage and transfer of data for investigation and criminal justice purposes among the participating countries.
For its part, the European Union has been interested in technological changes for the purposes of transnational criminal investigation and cybercrime. It has issued recommendations on cybercrime in criminal law and procedural law. The EU has also promoted important measures to combat cybercrime, such as measures to strengthen the security of computer networks, the implementation of information security policies and the creation of the European Agency. information security (ENISA). It has proposed various legislative measures, rapid response plans in the event of cyber attacks, the creation of a European alert protocol and a cyber-security strategy for the EU.
The jurisdictional challenge
Sovereign states have full jurisdiction over cybersecurity for prevention and protection measures on their territory. But on the axis of punishment, which occurs when the other two have failed, it gets complicated. As mentioned, punishment can be a deterrent to cybercrime. However, the competent cybercriminal, that of the red triangle of the trichotomy of cybercrime, is convinced that his expertise will allow him to escape (Escape) when he decides to act. Moreover, he is also able to use techniques that make his formal identification difficult. He will be better able to gain the trust of vulnerable users. Thus, it may be difficult to establish, through police investigation, evidence of guilt beyond a reasonable doubt that passes the test of criminal law in a court of law when the cybercriminal is apprehended. Worse, the scale of the Internet and the globalization of crime pose a significant challenge in many ways. First, it is a global problem that affects all states. Then, during the act, incriminating elements can transit through several countries, on several continents. Finally, while cybercrime may be transnational, the application of criminal law is by its very nature local.
According to Clough (2011), it is difficult to strike a balance between the interests of criminal justice and the protection of legitimate users against inappropriate interference. On the one hand, the Internet has allowed the emergence of a cyberspace of creation, freedom and unprecedented trade. On the other hand, if the rules and the law are applied too broadly, the legitimate users will be deprived of the full potential it allows. The company would lose if Internet users were afraid to move there, for fear of being punished at the slightest step. Yet some states are tempted to do so, as Edward Snowden and Julian Assange have reminded us. The same technologies that allow Chinese or Iranian dissidents to communicate with foreign media can be used by Daesh to plan attacks, or by the Israeli fraudsters mentioned in the Special Envoy report quoted in our introduction. We must find a happy medium that will limit reprehensible behavior while minimizing constraints.
For Clough (2011), it is clear that a degree of harmonization and collaboration between countries is essential. It reminds us that harmonized does not mean identical. Countries can apply their own standards under national criminal law, while maintaining an international minimum threshold. This minimum may be the subject of an international agreement or a treaty. Under the EU, the harmonization of laws, police collaboration agreements and collaborative tools are being put in place. In Canada, the situation is simpler, as it is a single state. However, it sometimes encounters problems of lack of collaboration between the different levels of government of the Canadian Confederation. But if it’s about crimes that cross borders, it will always be complex.
Lawrence Lessig, cited in Clough (2011), identified four modalities of Internet regulation: law, network architecture, social norms and the market. This reminds us that the criminal law can play only a limited role and must be supported by other regulatory mechanisms. For example, civil litigation can be used to respond to privacy invasions, educational institutions can teach safe behavior online, and various private and public organizations can help educate consumers the dangers of online fraud and the technical solutions available to minimize the impact of malware, or the risk of accessing inappropriate content. The role of Internet police officers must be shared by the community, government, non-governmental organizations, businesses and individuals. Police officers must also have mechanisms to exchange information, assemble evidence and set up files for use in court.
Cybercrime is a multidimensional problem that is difficult to circumscribe in a few pages. To technological, political and legal elements are added human aspects that introduce a lot of uncertainty. In this essay, we tried to better understand the question. While it is utopian to think that cybercrime can be eliminated, a common approach to States, parties, non-governmental organizations, businesses and individuals, focused on prevention and protection, can help us reduce their impact. Otherwise, setting up protocols to investigate and, if necessary, to apply punishment can help to improve the situation. We have seen that this can not be achieved without harmonization of legal frameworks and police collaboration.
Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M.J.G., Levi, M., Moore, T., Savage, S. (2012). Measuring the cost of cybercrime, http://www.econinfosec.org/archive/weis2012/papers/Anderson_WEIS2012.pdf consulté le 24 novembre 2015
Clough, J. (2011). Cybercrime, Commonwealth Law Bulletin, 37:4, 671-680
Clough, J. (2012). The Concil of Europe convention on cybercrime: Defining crime in a digital world, Criminal Law Forum (2012) 23:363–391
Emmanuel Daoud, E. Pugliese, M. (2013). La responsabilité pénale des dirigeants sociaux, Sécurité et stratégie 2013/4 (15), p. 64-73
Ekblom, P. (2008). Conjunction of Criminal Opportunity Classic, http://www.designagainstcrime.com/files/crimeframeworks/06_cco_classic.pdf consulté le 5 novembre 2015
European Police Office (Europol), 2011, Internet Facilitated Organised Crime Threat Assessment (iOCTA), https://www.europol.europa.eu/content/publication/iocta-threat-assessment-internet-facilitated-organised-crime-1455 consulté le 15 octobre 2015
European Police Office (Europol), 2015, Internet Facilitated Organised Crime Threat Assessment (iOCTA), https://www.europol.europa.eu/content/internet-organised-crime-threat-assessment-iocta-2015 consulté le 15 octobre 2015
Gendarmerie Royale du Canada (GRC) 2014, Cybercriminalité : survol des incidents et des enjeux au Canada, disponible en ligne : http://www.rcmp-grc.gc.ca/pubs/cc-report-rapport-cc-fra.htm consulté le 5 novembre 2015
McAfee (2014). Net Losses: Estimating the Global Cost of Cybercrime, Economic impact of cybercrime II Center for Strategic and International Studies, June 2014 http://www.mcafee.com/jp/resources/reports/rp-economic-impact-cybercrime2.pdf consulté le 24 novembre 2015
Octopus conference (2015). Presentations, http://www.coe.int/fr/web/cybercrime/presentations2015, consulté le 2 décembre 2015
Ortiz, J.C., Pradillo, O. (2011). Fighting against Cybercrime in Europe: The Admissibility of Remote Searches in Spain,European Journal of Crime, Criminal Law and Criminal Justice 19 (2011) 363–395
Puech, R. et Borgeaud, S. (2015). La ruine à portée de clic, Reportage de l’émission Envoyé spécial du jeudi 3 septembre 2015 sur France 2, http://www.francetvinfo.fr/replay-magazine/france-2/envoye-special/envoye-special-du-jeudi-3-septembre-2015_1073719.html, consulté le 15 octobre 2015
Statistique Canada (2012). Les cybercrimes déclarés par la police au Canada en 2012, http://www.statcan.gc.ca/pub/85-002-x/2014001/article/14093-fra.htm#r16 consulté le 23 novembre 2015
Statisqiques Canada, Tableau 252-0095. Cybercrimes déclarés par la police, selon l’infraction reliée à la cybercriminalité, Canada, http://www5.statcan.gc.ca/cansim/a26?lang=fra&retrLang=fra&id=2520095&tabMode=dataTable&p1=1&p2=-1&srchLan=-1&pattern=cybercrimes Consulté le 22 mai 2018
Statistique Canada (2012) (b). Utilisation d’Internet et du commerce électronique par les particuliers, 2012, http://www.statcan.gc.ca/daily-quotidien/131028/dq131028a-fra.htm consulté le 23 novembre 2015
Trend Micro (2014) Annual Security Roundup, http://www.trendmicro.com/us/security-intelligence/research-and-analysis/threat-reports/index.html consulté le 2 décembre 2015
Van der Meulen, N., Jo, E., Soesanto, S. (2015). Cybersecurity in the European Union and Beyond, Exploring the Threats and Policy Responses, Rand Corporation research report completed in September 2015 for the European Parliament, http://www.rand.org/content/dam/rand/pubs/research_reports/RR1300/RR1354/RAND_RR1354.pdf consulté le 23 novembre 2015
Warusfel, B. (2010). La protection des réseaux numériques en tant qu’infrastructures vitales, Sécurité et stratégie 2010/2 (4), p. 31-39.
Weigend. T. (2013). Section I — Droit pénal général. Société de l’information et droit pénal. Rapport général, Revue internationale de droit pénal 2013/1 (Vol. 84), p. 19-47.