Collaboration between Law Enforcement Agencies in Combating Cybercrime: Implications of a Taiwanese Case Study about ATM Hacking
| DOI | 10.1177/0306624X20952391 |
| Published date | 01 March 2021 |
| Date | 01 March 2021 |
| Subject Matter | Articles |
research-article2020
Article
International Journal of
Offender Therapy and
Collaboration between Law
Comparative Criminology
2021, Vol. 65(4) 390 –408
Enforcement Agencies in
© The Author(s) 2020
Article reuse guidelines:
sagepub.com/journals-permissions
Combating Cybercrime:
https://doi.org/10.1177/0306624X20952391
DOI: 10.1177/0306624X20952391
journals.sagepub.com/home/ijo
Implications of a Taiwanese
Case Study about ATM
Hacking
Shun-Yung Kevin Wang1 , Ming-Li Hsieh2,
Charles Kuang-Ming Chang3, Pin-Syuan Jiang3,
and Douglas J. Dallier4
Abstract
An increasing number of cybercrimes has presented new global challenges to law
enforcement agencies that traditionally operate within designated geographical
jurisdictions and patrol territories. The borderless nature of cyberspace has brought
substantial opportunities—both legal and illegal—to its users, and many local law
enforcement agencies have encountered motivated offenders taking advantage of the
globally connected Internet and causing damage locally and transnationally. This study
examines a high-profile case of European criminals who hacked into a Taiwanese
financial institution—First Commercial Bank (FCB)—and programmed its ATMs to
“spit out” cash netting the thieves $2.6 million US dollars in 2016 summer. Before the
incident of FCB, this European criminal group committed more than a hundred similar
ATMs hackings, victimizing dozens of financial institutions across several European
countries, and profiting over one billion Euros. FCB is the only case revealing specific
details about the modus operandi of ATM hacking thus far, in addition to disclosing
reactions from law enforcement. By analyzing qualitative data collected from different
branches of law enforcement involved in the investigations, this unique case study
underscores the importance of national-local law enforcement collaboration in
1University of South Florida, St. Petersburg, FL, USA
2University of Wisconsin-Eau Claire, Eau Claire, WI, USA
3Central Police University, Taoyuan City, R.O.C.
4Winona State University, Winona, MN, USA
Corresponding Author:
Shun-Yung Kevin Wang, University of South Florida, 140 7th Ave S, DAV#282, St. Petersburg,
FL 33701, USA.
Email: ShunYungWang@usf.edu
Wang et al.
391
fighting transnational cybercrime. Empirical implications are particularly valuable in
the law enforcement context of “turf jealousies” when defending homeland security.
Keywords
law enforcement collaboration, ATM, hacking, cybercrime, Taiwan, policing, jackpotting,
organized crime, qualitative method
Introduction
Fighting borderless cybercrime means not only facing the natural constraints of the
Internet (e.g., invisibility, anonymity, availability of guardianship) (Jaishankar, 2008)
but also organizing collaborations across jurisdictions and garnering sufficient support
from the various authorities impacted (Britz, 2013; Dambazau, 2010; Taylor et al.,
2011). As a consequence, the clearance rate for cybercrime is relatively low compared
with traditional street crimes. In order to bring cyber criminals to justice, effective law
enforcement investigation requires sophisticated digital forensic skills and a clear
understanding of how cybercrimes occur. However, the capacity to investigate, or
even detect specific cybercrimes like hacking, varies widely across jurisdictions,
which underscores the importance of collaboration among law enforcement agencies
and between national and local authorities (James & Warren, 2010).
The inevitability of partnerships between law enforcement is particularly important
in solving sophisticated, high-tech crime like information system hacking. Through
the Internet, cyber criminals can victimize targets in physically distant locations. Since
the inception of the U.S. Department of Defence’s Defence Advanced Research
Projects Agency (DARPA) project in 1970s, Internet technology developed to enable
military-grade long-distance communication. What made the Internet relevant to the
public is its “privatization,” in conjunction with the development of commercially
available browsers and websites in the decades of 1990s. Today, the technology behind
the Internet is essentially a “network of networks” (Castells, 2002), which offers a
diverse “ecosystem” of services such as information distribution, communication,
entertainment, education, and business transaction. The convenience and user friendly
characteristics of the Internet have continued to integrate more and more personal
devices as well as the essential infrastructure (e.g., power plants, dams, communica-
tions, health care and public health, emergency services, transportation systems, water,
and wastewater systems) to connect to the information superhighway. The Internet of
Things (IoT) characterizes this converging trend that reflects a significant growth in
the number of inter-connected networks and devices (Singer & Friedman, 2014). The
Internet offers global access to everyone who can afford it, and three-quarters of users
report that they use the Internet daily for a wide range of purposes that transcend inter-
national borders (Poushter et al., 2018). In the U.S., Internet usage rates, on average,
jumped from 52 percent in 2000 to 90 percent in 2019, and nearly every young and
middle-aged Americans use the Internet (Pew Research Center, 2019). The attractive-
ness of almost complete dissociative anonymity in the virtual space paradoxically
392
International Journal of Offender Therapy and Comparative Criminology 65(4)
contributes to an increasing risk of compromised security (Jaishankar, 2008), which
flourishes in the gap between the fast growth of Internet technology usage and the
languid response of social/legal system (Huang & Wang, 2009). It is unsurprising to
see the rise of different forms of cybercrime (e.g., phishing, identity theft, fraud) in this
“Wild Web West” (Singer & Friedman, 2014; van Wilsem, 2013; Wang & Huang,
2011). Among reported economic crime against institutions worldwide, cyberattacks
cost an average of over one million dollars per incident (PWC, 2016). Further, the
economic harm caused by cybercrime is significant (Levi, 2017); Cybersecurity
Ventures (2019) estimated that, between 2015 and 2021, the upward trending costs of
cybercrime will double to reach 6 trillion dollars annually.
Nevertheless, little is known about the role national and local law enforcement
might play in investigating cybercrimes like information system hacking and software
cracking. To address this gap in the research, the current study examines a high profile
case of an ATM hacking spree in Taiwan in 2016. We specifically address the role of
law enforcement agencies and their collaborative efforts investigating the ATM hack-
ing case in the context of democratic Taiwan. Prior to this case, the criminal group has
victimized dozens of financial institutions, largely in Europe, and profited more than
one billion dollars, but no suspect was arrested or convicted. By analyzing qualitative
data collected from interviews of involved law enforcement agencies, this study offers
insight of investigative utility for national-local authorities collaborating in the fight
against transnational cybercrime. This case culminated in the arrest of a hacker in
Spain in 2018 (Devereux, 2018), and the present study offers practical implications for
investigation and prevention of future cybercrimes.
National-Local Law Enforcement Collaboration
in the U.S
Collaboration across law enforcement agencies benefits police at many different lev-
els, while local authorities are usually held accountable for crime control and order
maintenance (Geller & Morris, 1992; James & Warren, 2010). In the United States, the
federalization isolates law enforcement into fragmented segments—federal and non-
federal levels (i.e., state, county, city)—to realize the political design of “checks and
balances” and distributes power amongst different public entities under the Constitution
(Stewart, 2011). Although no centralized authority is in charge of overall coordination,
there is a long history of national-local collaboration among law enforcement agen-
cies. As early as the 1930s, with institutional support from the International Association
of Chiefs of Police (IACP), the FBI began the first national effort to develop a data
bank that collects crime records from local law enforcement agencies (Zolbe, 1980).
Admittedly, inconsistencies in legal definitions of crime across jurisdictions, varia-
tions in agency operational policies, political influence, and variability of available
resources has collectively resulted in differing standards of data quality and inefficien-
cies in data reporting (Mosher et al., 2010). Despite its shortcomings, the Uniform
Crime Report (UCR) has consistently been recognized as a useful product of crime
data collection across agencies. Although less politically framed, the collection of
Wang et al.
393
cybercrime data based on citizens’ complaints to the police is also an arena where
collaboration is essential. This includes, but is not limited to, data breaches, phishing,
identity theft, harassment, fraud, varied malware, extortion, and advanced fee frauds
(Federal Bureau of Investigation, 2018).
Under most models of law enforcement today, federal authorities shoulder the
responsibility of building...
To continue reading
Request your trial