I took a quick look at some Computer Misuse Act 1990 cases just trying to find some common denominators.
Here’s what I noticed
- High victim volume cases against the perpetrators left little solace or compensation for individual victims
- Perpetrators had an emotional link to the crime, highly motivated by revenge, response to personal disaster or trauma.
- Insider threat – abuse of trust cases were high i.e. Police officers doing unauthorised searches, teachers broadcasting false info.
Questions to ponder
What kind of internal controls failed?
Did the perpetrator leave too many digital breadcrumbs and careless whispers because of emotion?
What defences did the perpetrators have? I.e. IDS, logs, VPNs, Encryption
What was the real goal of the crime?
Who were the technical accomplices?
Did they know it was wrong? i.e. linked to Malicious Communications Act 1988