1

Letter from the Executive Board

Welcome to UNODC.

To the veterans of MUN, we promise you an enriching debate, and to the newcomers, we are excited to
be a part of your maiden voyage.

What we desire from the delegates is different from how experienced or articulate they are. Rather, we
want to see how she/he can respect disparities and differences of opinion, and work around these,
while extending their foreign policy so that it encompasses more of the others without compromising
their stand, thereby reaching a unanimously acceptable practical solution. The following pages will
guide you through the nuances of the agenda and the Committee.

The Guide chronologically touches upon all the relevant aspects and will lead to fruitful debate in the
Committee. It will provide you with a bird's eye view of the gist of the issue. However, it must be
noted that the background guide only contains certain basic information that may form the basis for
the debate and your research. You are the representative of your allotted country, and we hope you put
in wholehearted efforts to research and comprehensively grasp all important facets of the diverse
agenda. All the delegates should be prepared well to make the committee's direction and debate
productive.

Only then will you truly be able to represent your country in the best possible way.

We encourage you to go beyond this background guide and delve into the extremities of the agenda to
further enhance your knowledge of the issue at hand.
We look forward to seeing you at the LLAMUN 2024 and wish you the best in your preparations.

Warm regards,
The Executive Board.

Dyuti Abhay Kulkarni - Chairperson

Niranjana Mahesh - Vice Chairperson
Nagappan Arun - Moderator
 3

INDEX

1) RULES OF PROCEDURE ------------------------------------------------ 4

2) INTRODUCTION TO THE AGENDA --------------------------------- 11

3) CASE STUDIES ------------------------------------------------------------ 13

4) CONCLUSION AND QARMA ------------------------------------------ 23

 4

General Considerations

During committee sessions, Delegates are expected to exercise diplomatic

courtesy when addressing members of the committee and the dais.

1. All remarks to the committee must be made to the Executive Board.

2. Delegates will rise to address the committee.

3. All delegates must be recognized by the Executive Board before speaking.

4. All remarks must remain relevant to the topic discussed.

5. All delegates will use diplomatic and respectful language when

addressing the committee.

6. Any Delegate wishing to make a motion must raise their placard

and wait until being recognized by the chair before speaking.

Attendance

Attendance shall be conducted by a Roll Call at the beginning of every

committee session.
A motion to begin a roll call vote must be moved by
a delegate at the beginning of the session.
Delegates shall establish their presence in the committee in either
of the two following manners:
1. Present and Voting
a. A Delegate that is declared Present and Voting must vote in favor or against all
substantive matters. The delegate cannot abstain from voting after having declared
Present and Voting.
2. Present
a. A Delegate that is declared "Present" shall vote in favor, against
or may abstain on any substantive matter.
 5

Agenda

The Agenda reflects the order in which topics will be addressed by the
committee. This is the primary order of business to be considered by
the committee in the first session.

Speakers List

A Speaker’s list is opened following a Motion from a Delegate and the

subsequent approval of the Chair. The Speakers List identifies the
Delegates will have the floor of the house for 90 seconds to state
their country's stand on the given agenda.
Delegates may be added to the speakers' list by
a) Motioning the chair
b) Sending a note to the chair, requesting to be added

Delegations may only be on the speakers’ list twice at any given time,
and may not be listed back to back.
Example: Motion to open Speakers List setting time at one minute per
speaker.
At the end of a speech made on the Speakers list a Delegate may
yield to either Questions or Comments or both.
1. To Questions
a. Delegates wishing to ask questions shall raise their placards and wait to be
recognized by the Chair. The Speaker can choose to answer or not to answer the
question posed to him or her.
2. To Comments
a. The Speaker can yield to comments from other Delegates. The Speaker cannot
respond to these comments.
3. To the Chair
 6

a. If the Speaker does not wish to yield to either questions or comments, they can
yield their time to the Chair.

Caucusing

There are two types of Caucus’ – Moderated and Unmoderated.

Moderated Caucus
a. A moderated caucus is a form of debate where the Speakers list is set aside and
speakers will be called upon by the Chair.
b. The moderated caucus proposed must be an issue which has
relevance to the agenda being discussed.
c. Any delegate may make a motion for a moderated caucus, and a motion must
include a time limit for the caucus, a per speaker’s time for the caucus, and the
purpose of the caucus.
d. The vote of a simple majority of the committee enters a moderated caucus.

Example: The delegate of XYZ would like to raise a motion to begin a

moderated caucus on the topic of Global Warming in developing
nations in Asia, total time - 20 minutes and per speaker time - 1
Minute.

Un-moderated Caucus
e. An un-moderated caucus is a suspension of the rules allowing Delegates to
converse freely.
f. Just as in a moderated caucus, a motion must include a time limit and purpose
for caucusing.
g. The caucus requires a simple majority to pass.
h. All caucuses are at the discretion of the chair and may be ruled out of order.
i. This time period can be used to draft resolutions.

Example: The delegate of XYZ would like to raise a motion to begin

an unmoderated caucus for fifteen minutes.
 7

Points

1. Point of Personal Privilege

A Delegate may raise a Point of Personal Privilege if a matter impairs him/her from
participating fully in committee activities. The Dais shall try to address the source of
impairment effectively. This point may interrupt a Speaker.

For example: If the Delegate cannot hear or understand the

Speaker or needs to be excused from the House.

2. Point of Order
There are 2 types of points of order:

Factual Inaccuracy – If the speaker makes a statement that is

factually incorrect.

For example: “The sun rises in the west.”

Logical Fallacy – If the speaker makes a logically fallacious statement.

For example: “Snowbell is a cat. Snowbell has blue eyes. Therefore, all
cats have blue eyes.

3. Point of Information
A Delegate may rise to a point of information to supply the house with
factual information, to contradict facts, or to provide further information
that will prove useful for the debate. This point may interrupt a
Speaker.
4. Right to Reply
A Delegate who feels that his/her country or person has been insulted
 8

or its sovereignty by another Delegate may raise a Right to Reply.

Disagreement with the content of a Delegate's speech is not grounds
for a Right of Reply.
The Chair will recognize the Right of Reply at his/her discretion. Should the Chair rule
the Right of Reply out of order, his/her decision cannot be appealed. The Chair may
also request that the Delegate submit his/her Right of Reply in writing for further
consideration before granting it. The Chair might choose to set a time limit for a Right
to Reply. No delegate may call for a Right to Reply on a Right to Reply.

Majority

Unless otherwise specified, no motions are debatable and all require

a simple majority vote to pass.

Working Paper

A working paper is a carefully drafted single sentence asking the assembly to express an
opinion, affirm a policy, or take an action. It is a formal proposal made to the assembly by a
delegate or group of delegates. It consists of both preambulatory and operative clauses. A
submitter of the Working Paper must be prepared to explain and defend the views expressed
and the action requested in the Working Paper.

There is no set format for a Working Paper.

Resolutions

The passing of resolutions is the main point of a MUN session. All

debates are geared towards the final resolution which is a document
showing the consensus reached through debate. All resolutions
require a simple majority to be passed in the House.
1. Drafting a resolution
A resolution consists of two parts: the Preambulatory Clauses
 9

and the Operative Clauses. A list of phrases to be used when writing

Preambulatory and Operative Clauses have also been enclosed.

https://munog.de/template-working-paper
(The clause words remain the same for a draft resolution as well)

Format of a Resolution

HEADING

Committee: i.e. the committee or organ in which the

resolution is introduced
Topic: the topic of the resolution
Sponsors: list of sponsoring countries
Signatories: list of countries that have signed the draft

PREAMBLE

The purpose of the preamble is to show that there is a problem that needs
to be solved. However, the preamble of a resolution does not propose
action or make any substantive statement on the topic at hand. The
the preamble begins with the name of one of the three major organs (e.g. "The
Commission on Human Rights,"). The preambulatory clauses can include:
References to the U.N. Charter; Citations of past U.N. resolutions or
treaties that have been ratified under the topic of discussion; Statements
made by the Secretary-General or a relevant U.N. body or agency;
Recognition of the work or efforts of regional organizations in dealing with
the issue; and General statements on the topic, its significance, and its
Effects.
 10

OPERATIVE CLAUSES

Operative clauses are set out to achieve the committee's main policy goals
on the topic. Each operative clause begins with a number and ends with a
semicolon. The final clause ends with a period. Operative clauses should
be organized in a logical progression, and each clause should contain a
single idea or policy proposal. Keep in mind that all resolutions except
those passed by the Security Council are non-binding.

SPONSORS

Sponsors are recognized as the writers of the Draft Resolution. The

The required number of Sponsors for each resolution will be set by the Chair
according to the size of the committee. Sponsors must agree to support a
Resolution unless major changes have been introduced through the
amendment process.

SIGNATORIES

Signatories are recognized as the supporters of the Draft Resolution. The

required number of Signatories will be set by the Chair according to the
size of the committee. Amendments to the Draft Resolution are not
required to be approved by Signatories. Signatories are not required to
support the Draft Resolution during the voting procedure; they only agree to
put their names as those who are interested in the resolution and are
willing to debate it.

Please find enclosed the guide for the same.

https://bestdelegate.com/model-un-made-easy-how-to-write-a-resolution/
(If there are conflicting instructions and/or suggestions refer to the given link)
 11

Introduction to the agenda

Combating the misuse of IT and communications technology with special

emphasis on cybercrime and telecommunications.

As of 2024, there are nearly 5.3 billion people on the internet. That number is only said to increase
exponentially. The cyber realm poses an alternate reality to life as we know it. Drawing parallels
between the two, we should only assume that crime can be committed on the internet. The challenge,
however, is that the damages accrued usually through such crimes are intangible.

Legislation is caught off guard by the ever-evolving nature of the internet and the type of crimes being
committed. Quoting Supreme Court advocate Dr. Pavan Duggal, “There is legal protection against the
Centre and states violating the privacy of an individual, but there is nothing to stop another private
individual from doing so." This couldn't be more true. Nations across the world struggle to redress
grievances raised by their citizens when faced with the nature of crimes committed. The true problem,
however, is that if the crime can be committed in person, the same crime if not for more advanced
forms of internet-specific crimes can be committed in some form over the internet.
Before we list the same, Kaspersky describes a cyber crime as criminal activity that either targets or uses
a computer, a computer network, or a networked device. The committee will adhere to this definition.

These crimes mostly include

1. Identity fraud (where personal information is stolen and used).
2. Email and internet fraud.
3. Theft of financial or card payment data.
4. Theft and sale of corporate data.
5. Cyber Extortion (demanding money to prevent a threatened attack).
6. Ransomware attacks (a type of cyber extortion).
7. Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
8. Cyber Espionage (where hackers access government or company data).
9. Interfering with systems in a way that compromises a network.
 12

10. Infringing copyright.

11. Illegal gambling.
12. Selling illegal items online.
13. Soliciting, producing, or possessing child pornography.

Defining the same is left up to the committee's discretion.

Telecom fraud has also caused upwards of billions of dollars in losses for individuals and industries
alike. Very rarely do we see instances of such crimes affecting such a broad spectrum of consumers apart
from cyber crime of course. Even if telecom crimes are more tangible in terms of the damages accrued,
in many developing nations this has taken center stage along with cybercrime. Such problems are more
intense in regions of historical poverty or income/class inequalities as they are usually motivated by
money and only in specific situations by contempt or hatred for an organization/ religious group/
conglomerate/ country etc.
According to Europol a telecommunications fraud. Refers to the abuse of telecommunications
products (mainly telephones and cell phones) or services to illegally acquire money from a
communication service provider or its customers. The committee shall adhere to this definition.

Telecommunications crime however includes fraud and is not limited in ambit solely to fraud.
Common fraudulent practices include:

1. International revenue sharing fraud

2. Wangiri fraud
3. Vishing calls

To better understand the scope and impact of such crimes please refer to the case studies provided
below.
 13

CASE STUDIES

NotPetya

In June 2017, a new type of ransomware that resembled Petya in many respects infected organizations
around the world. Because of its similarities to Petya, with a few crucial differences, security vendor
Kaspersky dubbed it "NotPetya." NotPetya had impacted at least 2,000 organizations by June 28, 2017.
The vast majority of victimized organizations were in Ukraine.

Like Petya, the NotPetya ransomware impacted the victim's whole hard disk. However, NotPetya
encrypted the entire hard disk itself instead of the MFT. It spread suddenly and rapidly, and it quickly
infected entire networks using various vulnerability exploits and credential theft methods.

Notably, NotPetya was observed using the same EternalBlue vulnerability (CVE-2017-0144) that the
worldwide WannaCry attack had used earlier in 2017. This enabled it to spread rapidly across networks
without any intervention from users — unlike Petya, which needed users to open a malicious email
attachment for the infection to begin. Microsoft issued a patch for the EternalBlue vulnerability in
March 2017, but many organizations had not installed the patch.

Unlike most ransomware, which temporarily damages or restricts access to files in exchange for a
ransom, NotPetya seemed to be purely destructive. There was no way to reverse the damage it caused;
essentially, it wiped files out completely with no hope of recovery.

Although it still displayed a ransom message, this tactic may only have been used to disguise the
attackers' intentions. And even if NotPetya victims had wanted to pay the ransom, the message
displayed a fake, randomly generated Bitcoin address. There was no way for the attackers to collect the
ransom, further suggesting that the goal of NotPetya was destruction, not financial gain.
 14

Real ransomware is not designed to completely wipe out files and data at first. Although some
ransomware attackers may do this later if the ransom is not paid, wiping files and data right away does
not motivate victims to pay, because there is no hope of getting their files back. The motivation for
most ransomware attackers is money, not lasting damage to the victim's systems.

And while the attackers behind the 2016 Petya attacks seemed to be typical ransomware cyber
criminals, in 2018 several nations announced that the Russian government was directly behind the
NotPetya attacks. This suggests that the NotPetya attacks may have had political motivations.

Source: Cloudflare
Please read: petya- https://www.cisa.gov/news-events/alerts/2017/07/01/petya-ransomware, wannacry-
https://www.kaspersky.com/resource-center/threats/ransomware-wannacry, zero day exploit
https://www.crowdstrike.com/cybersecurity-101/zero-day-exploit/

Stuxnet

Stuxnet has become synonymous with cyberattacks and cyberwarfare. To this day, questions continue
about who created Stuxnet, how Stuxnet works, and why Stuxnet is significant to cybersecurity.
Stuxnet is a highly sophisticated computer worm that became widely known in 2010. It exploited
previously-unknown Windows zero-day vulnerabilities to infect target systems and spread to other
systems. Stuxnet was mainly targeted at the centrifuges of Iran’s uranium enrichment facilities, with
the intention of covertly derailing Iran’s then-emerging nuclear program. However, Stuxnet was
modified over time to enable it to target other infrastructure such as gas pipes, power plants, and water
treatment plants.

Whilst Stuxnet made global headlines in 2010, it’s believed that development on it began in 2005. It is
considered the world’s first cyber weapon and for that reason, generated significant media attention.
 15

Reportedly, the worm destroyed almost one-fifth of Iran’s nuclear centrifuges, infected over 200,000
computers, and caused 1,000 machines to physically degrade.

Stuxnet is highly complex malware, which was carefully designed to affect specific targets only and to
cause minimum damage to other devices.

In the early 2000s, Iran was widely thought to be developing nuclear weapons at its uranium
enrichment facility at Natanz. Iran’s nuclear facilities were air-gapped – which means they deliberately
weren’t connected to other networks or the internet. (The term ‘air gap’ refers to the physical space
between an organization’s physical assets and the outside world.) It’s thought that Stuxnet was
transmitted via USB sticks carried inside these nuclear facilities by agents.

Stuxnet searched each infected PC for signs of Siemens Step 7 software, which industrial computers
serving as programmable logic controllers (PLCs) use to automate and monitor electromagnetic
equipment. Once Stuxnet found this software, it began updating its code to send destructive
instructions to the electromagnetic equipment controlled by the PC. At the same time, Stuxnet sent
false feedback to the main controller – which meant anyone monitoring the equipment would not
realize anything was amiss until the equipment started to self-destruct.

In essence: Stuxnet manipulated the valves that pumped uranium gas into centrifuges in the reactors at
Natanz. It sped up the gas volume and overloaded the spinning centrifuges, causing them to overheat
and self-destruct. But to the Iranian scientists watching the computer screens, everything appeared
normal.

Stuxnet was highly sophisticated – it used four separate zero-day attacks to infiltrate systems and was
designed only to inflict damage on Siemens industrial control systems. Stuxnet comprised three parts:

1. A worm that conducted most of the work

2. A link file that automated the execution of propagated worm copies
3. A rootkit which hid files from detection
 16

Stuxnet came to light in 2010 after inspectors at Iran’s nuclear facilities expressed surprise at the rate at
which centrifuges were failing. Further investigation by security experts revealed that powerful
malicious software was the cause. (One of the security experts was Sergey Ulasen, who subsequently
went on to work for Kaspersky.) Stuxnet was difficult to detect because it was a completely new
malware with no known signatures, which exploited multiple zero-day vulnerabilities.

Stuxnet was not intended to spread beyond Iran’s nuclear facilities. However, the malware did end up
on internet-connected computers and began to spread because of its extremely sophisticated and
aggressive nature. However, it did little damage to outside computers it infected – because Stuxnet was
designed specifically to damage only certain targets. The impact of Stuxnet was mostly felt in Iran.

​ It was the world’s first digital weapon. Rather than just hijacking targeted computers or
stealing information from them, Stuxnet escaped the digital realm to wreak physical
destruction on equipment the computers controlled. It set a precedent that attacking another
country’s infrastructure through malware was possible.
​ It was created at nation state level, and while Stuxnet was not the first cyberwar attack in
history, it was considered the most sophisticated at the time.
​ It was highly effective: Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges.
Targeting industrial control systems, the worm infected over 200,000 computers and caused
1,000 machines to physically degrade.
​ It used four different zero-day vulnerabilities to spread, which was very unusual in 2010 and is
still uncommon today. Among those exploits was one so dangerous that it simply required
having an icon visible on the screen – no interaction was necessary.
​ Stuxnet highlighted the fact that air-gapped networks can be breached – in this case, via
infected USB drives. Once Stuxnet was on a system, it spread rapidly, searching out computers
with control over Siemens software and PLCs.

Source: Kaspersky
 17

Lazarus Group: The Bangladesh Bank Heist

Lazarus Group has been tied to the North Korean government’s Reconnaissance General Bureau (RGB). One

of the attacks that they are best known for was the retaliatory attack on Sony in 2014 for producing a movie that

painted their leader, Kim Jong-un, in an unflattering manner. The group and its members were sanctioned by

the US for their activity.

​ Origin: North Korea

​ Established: 2009

​ Primary Targets: South Korea, United States,

​ Weapon of Choice: Ransomware (WannaCry, MimiKatz)

The Bangladesh Bank incident was a straightforward robbery where cybercriminals dared to steal
almost a billion dollars from a central bank’s reserve. There are interesting speculations on the
adversary’s motivation. Among several alleged crime-for-profit activities of the North Korean state, the
superdollar (counterfeited U.S. currency) alone was estimated to have generated a profit of at least $15
million per year (Perl & Nanto, 2007). After earnest efforts by the U.S. including the 2013 redesign of
dollar notes, the circulation of counterfeit currencies was greatly reduced (Buchanan, 2020). To
continue its high defense spending including the development of nuclear weapons and ICBMs, the
central command economy had to do better. The malware used in the Bangladesh Bank attack seems to
be part of a wider attack toolkit. The MACKTRUCK malware which was used to have backdoor
access to the bank’s workstations, communicated with C&C servers using a protocol disguised as TLS
traffic (Kasza & Yates, 2017). The malware used popular domain names to create fake TLS handshake
sessions with the C&C server. This made the network traffic look legitimate. The underlying data
exchange with the C&C used the HTTP REST standard. The DRIDEX-based malware that was used
 18

to control the SWIFT Alliance Access software had an encrypted config file (BAE Systems, 2016b).
The malware behavior was highly configurable such that it can be easily reused for similar attacks in the
future. The malware monitored SWIFT events and periodically communicated them to the C&C
using HTTP REST messages. In response to the 2016 Bangladesh Bank heist, policy changes occurred
at the organizational and industry level. However, there were little to no public policy changes at the
national and transnational levels where it could be more effective.

Source: varonis/researchgate

Please read: swift- https://en.wikipedia.org/wiki/SWIFT (relevant to sanctions against Russia as well due to the
ongoing war).
c&c server - https://www.varonis.com/blog/what-is-c2 (also read about botnet/DDos/DDS)
Pak jin hyok- https://www.fbi.gov/wanted/cyber/park-jin-hyok

PLEASE READ ABOUT EQUATION GROUP:

https://www.kaspersky.com/about/press-releases/2015_equation-group-the-crown-creator-of-cyber-es
pionage

NSO: Pegasus

“Developing technology to prevent and investigate terror and crime”

“Accountability: We take a pioneering approach to applying rigorous, ethical standards to everything we
do. Our vetting methodology includes both a strict licensing process from the relevant export-control
authority, as well as a structured in-depth, internal review under our Human Rights Policy, reviewing
and providing recommendations and decisions for each marketing opportunity. Our process sets a
benchmark for the industry.”
Source: www.nsogroup.com
 19

The NSO Group is an Israeli company that claims to provide cyber weapons and/or tools to curb
crime on the internet. However, the usage of pegasus, an NSO product, has been attributed to
atrocities committed against journalists/lawyers/politicians/ activists, who have the courage to express
dissent against their government. The assassination of JAMAL KHASHOGGI has direct links to the
pegasus as it was used to survey and collect intelligence on his location and activity. It was found on his
wife's phone as well. Furthermore, pegasus has been used in various countries around the world with
very strict standards of government control like the UAE, Mexico, India, USA, France, Germany,
Israel, Saudi Arabia, Estonia, and morocco.

Pegasus (spyware), spyware developed by Israeli cyber-intelligence firm NSO Group (founded in 2010)
for eavesdropping on mobile phones and harvesting their data. The spyware has been highly
controversial, used to track politicians, government leaders, human rights activists, dissidents, and
journalists. NSO Group claims its product is sold exclusively to government security and law
enforcement agencies and only for the purpose of aiding rescue operations and battling criminals, such
as money launderers, sex- and drug-traffickers, and terrorists.
The spyware works on most Android, iOS (Apple), BlackBerry, Windows Phone, and Symbian
operating systems, and it can be installed covertly without any action by the device owner. Once
installed on a phone, the spyware leaves no obvious trace of its existence. The spyware can monitor
calls, capture text messages, track a user’s location, and collect passwords, photos, and other data.
Authoritarian and democratic governments have deployed Pegasus, harvesting information through
their target’s camera, microphone, and various apps.
Pegasus is not only controversial but very expensive. According to The New York Times, in 2016 the
cost was upwards of $650,000, plus a $500,000 set-up fee, to install Pegasus on 10 phones.

How Pegasus spyware works

Pegasus uses “zero-click” methods to commandeer devices, meaning no action is required by the phone
owner for Pegasus to infiltrate its system. Unlike social engineering techniques that require the owner
 20

to click a link or visit a website that secretly installs the malware, Pegasus can infect a device via a
message or a call through WhatsApp or another service. Even if a user deletes the message and misses or
ignores the call, the spyware can self-install.
Once inside a device, Pegasus gains full access to SMS messages, emails, photos, contacts, calendar, GPS
data, logs, and any apps and data the phone contains. In fact, the spyware can even gain access to
encrypted data and messages by intercepting them prior to the encryption process. Pegasus uses a
“jailbreaking” process on iPhones and a technique called “rooting” on Android phones to hack the
devices. This allows the entity installing it to further modify the phone. Built-in security controls on
the phone are essentially disabled.
As a result, the attacker can track a person’s location, monitor communications, and gain access to
sensitive and private data and information. If Pegasus cannot gain zero-click access, it uses deceptive
social engineering techniques to bait users into granting access.

Source: britannica, amnesty international

Please read: yahya assiri- https://www.cfr.org/cyber-operations/targeting-yahya-assiri
(contd. below)

Jailbreaking-
https://www.kaspersky.com/resource-center/definitions/what-is-jailbreaking#:~:text=Jailbreaking%20is%20the
%20process%20of,and%20access%20all%20the%20features.
Rooting- https://www.kaspersky.co.in/blog/rooting-and-jailbreaking/1979/
Social engineering- https://usa.kaspersky.com/resource-center/definitions/what-is-social-engineering
Jamal khashoggi- https://www.bbc.com/news/world-europe-45812399
Mexico- https://www.nytimes.com/2023/04/18/world/americas/pegasus-spyware-mexico.html

ShadowCrew

ShadowCrew was a cybercrime forum that operated under the domain name ShadowCrew.com
between August 2002 and November 2004.
 21

The concept of the ShadowCrew was developed in early 2002 during a series of chat sessions between
Brett Johnson (GOllumfun), Seth Sanders (Kidd), and Kim Marvin Taylor (MacGayver). The
ShadowCrew website also contained a number of sub-forums on the latest information on hacking
tricks, social engineering, credit card fraud, virus development, scams, and phishing.

ShadowCrew was the forerunner of today's cybercrime forums and marketplaces. The structure,
marketplace, review system, and other innovations began when Shadowcrew laid the basis of today's
underground forums and marketplaces. Likewise, many of today's current scams and computer crimes
began with Counterfeitlibrary (counterfeitlibrary.com) and Shadowcrew. The site flourished from the
time it opened in 2002 until its demise in late October 2004. Even though the site was booming with
criminal activity and all seemed well, the members did not know what was going on behind the scenes.
Federal agents received their "big break" when they found CumbaJohnny aka Albert Gonzalez. Upon
Cumba's arrest, he immediately turned and started working with federal agents. From April 2003 to
October 2004, Cumba assisted in gathering information and monitoring the site and those who
utilized it. He started by taking out many of the Russians who were hacking databases and selling
counterfeit credit cards. CumbaJohnny was a long term police informant who was responsible for
teaching the US Secret Service how to monitor, trap and arrest the ShadowCrew.

The Federal indictment says, "Shadowcrew was an international organization of approximately 4,000
members…" The last available page before October 27, 2004 on archive.org shows 2,709 registered
members. To people familiar with the ShadowCrew forum, it is well known that many members had
multiple user names. Members who were banned from the forum would frequently register with
another user name as well. Lastly, the forum was around for over 2 years so there were possibly many
inactive accounts. However, there was also a need by members to develop a name that could be trusted;
so it is possible that the idea that most of the registered users were duplicates isn't accurate.

$4 million in losses is the believed amount dealt with through this forum. This figure was arrived at by
multiplying the number of credit cards transferred by $500 each (as per federal law when no monetary
figure in a fraud case can be determined). This figure assumes that every single card was valid and had
 22

been used. The dollar figure quoted only pertains to the evidence gathered by the VPN employed and
the members. The actual dollar figure is potentially much higher due to the fact that the $500 per card
federal law wasn't in existence until after federal agents took down the site.

ShadowCrew admin Brett Johnson managed to avoid being arrested following the 2004 raids, but was
picked up in 2005 on separate charges, in which he then turned informant for the Secret Service.
Continuing to commit tax fraud as an informant, 'Operation Anglerphish' embedded him, then
dubbed by Secret Service agents as "The Original Internet Godfather", as admins on both
ScandinavianCarding and CardersMarket. When his continued carding activities were exposed as a
part of a separate investigation in 2006, he briefly went on the run and made the United States Most
Wanted List before being caught in August of that year.

In 2011, former Bulgarian ShadowCrew member Aleksi Kolarov a.k.a. APK was finally arrested and
held in Paraguay before being extradited to the United States in 2013 to face charges.
 23

Conclusion
This background guide serves to provide you with a better understanding of the agenda and certain
concepts related to the same. The links provided are to be held in equal importance to the actual
content present in the guide.Hope this is easy to follow and please do forgive any shortcomings on the
executive boards part in the creation of this guide. Below are the questions a resolution must answer.

Questions A Resolution Must Answer

1. A general framework for protecting privacy on the internet.

2. Framework for protecting a country's critical infrastructure.
3. A permissible threshold for the usage of technology
4. Institutionalized proceedings framework to prosecute cyber criminals.

5. Grievance redressal for affected parties

delegates of russia/china/dprk etc are permitted to quote their national news agencies <3
 24

Resources

https://www.unodc.org/e4j/zh/cybercrime/module-13/key-issues/criminal-groups-engaging-in-cyber-organized
-crime.html

https://www.ojp.gov/ncjrs/virtual-library/abstracts/telecommunications-and-crime-dimensions-and-dilemmas

https://thecommonwealth.org/publications/commonwealth-cybercrime-journal-volume-1-issue-1/funding-cri
me-online-cybercrime-and-its-links-organised-crime-caribbean

https://www.ncsc.gov.uk/files/Cyber%20crime%20-%20understabnding%20the%20online%20business%20mo
del.pdf

https://www.trendmicro.com/en_us/ciso/23/e/cyber-crime-group-types.html

https://jamcyber.com/blog/cyber-insights/cyber-crimes-gangs/

https://www.mcafee.com/blogs/internet-security/organized-cybercrime-the-big-business-behind-hacks-and-atta
cks/

https://www.sciencedirect.com/science/article/abs/pii/S1353485808700382

https://www.interpol.int/en/Crimes/Cybercrime/Cybercrime-operations/AFJOC-African-Joint-Operation-ag
ainst-Cybercrime#:~:text=Leveraging%20the%20increased%20reliance%20on,email%20compromise%20(BEC)
%20schemes.

https://www.interpol.int/en/Crimes/Cybercrime/Cybercrime-operations/ASEAN-Cybercrime-Operations-De
sk#:~:text=Through%20the%20ASEAN%20Desk%2C%20we,provide%20valuable%20data%20or%20support.

https://gdpr-info.eu

https://cyberbrics.info/

https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf

https://www.amnesty.org/en/latest/news/2017/01/eu-orwellian-counter-terrorism-laws-stripping-rights-under-
guise-of-defending-them-2/
 25

https://www.kcl.ac.uk/events/democracy-and-the-role-of-wiretapping-in-modern-europe

https://em360tech.com/top-10/top-10-most-notorious-cyber-attacks-history

https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/

https://www.amnesty.org/en/search/pegasus/

https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/

https://www.britannica.com/technology/electronic-eavesdropping

https://www.merriam-webster.com/dictionary/cyber#:~:text=cy%C2%B7%E2%80%8Bber%20%CB%88s%C4%
AB%2Db%C9%99r,cyber%2D

https://www.britannica.com/topic/crime-law

https://www.kaspersky.com/resource-center/definitions/what-is-hacking

https://www.smithsonianmag.com/science-nature/top-ten-most-destructive-computer-viruses-159542266/
26