You are here: Resources > FIDIS Deliverables > Forensic Implications > D5.3: A Multidisciplinary Article on Identity-related Crime > 
A legal categorisation of identity-related crime  Title:
 Conclusion: addressing identity-related crime


Mapping the three categorisations

The relationship between attacks on identification systems, types of identity-related crime, and legal provisions is complex. This becomes immediately apparent when trying to map the conceptual, technical, and legal categorisations on each other. A many-dimensional structure is required to adequately represent the complex relationships, which is not possible on two-dimensional paper. We will confine ourselves to illustrating the interrelations in a far-from-exhaustive table, mapping the attacks on identification to types of identity-related crime and legal provisions. For the latter category, it should be realised that actual punishability depends on the national context and the actual specifics of the case. Further note that the modus operandi mentioned does not necessarily fulfil all the requirements of the crime category; often, it concerns the preparation of identity ‘theft’ by collecting data, not necessarily leading to identity ‘theft’ itself, which, in our definition, involves the use of such data.

Type of attack 

Example of modus operandi

Type of identity-related crime 

Legal provisions 



Social engineering 

- (preparation of identity ‘theft’) 

preparation of fraud; privacy infringement; imposture; identity theft (US) 

Using a plausible case and role context, authentication data is taken from members in organisations 



- (preparation of identity ‘theft’) 

preparation of fraud; intellectual-property infringement; preparation of identity theft (US) 

Use of fake email messages, sms, etc., to make users enter identification data on faked websites 


Generation of an alibi for an identical twin 

unlawful identity exchange 

obstructing a criminal investigation; perjury; criminal identity theft (US) 



Destroying a passport 

identity deletion 

damage to official documents 



Dumpster diving 

- (preparation of identity ‘theft’) 

Usually not unlawful as such 


Generation of credit-card information for non-existing credit cards 

unlawful identity creation 

preparation of fraud 

Online-payment was possible, though no corresponding bank account existed, before the current additional validation number was introduced and used 


Generation of faked serial numbers of ID documents 

unlawful identity creation 

preparation of forgery 

This is used for example to prove one’s age in the context of Internet transactions 


Usurpation of office, false assumption of authority 

unlawful identity creation 

imposture; fraud; identity theft (US) 



Viruses installing a key logger 

- (preparation of identity ‘theft’) 

data interference; hacking; illegal interception of communications 

Logged authentication data are used to perform identity theft 


Readout of authentication data 

- (preparation of identity ‘theft’) 

fraud; imposture; identity theft (US) 




- (preparation of identity ‘theft’) 

hacking; data interference; preparation of fraud; intellectual-property infringement; preparation of identity theft (US) 

Altering domain-name information to attract victims to fake websites. 


installing a root kit 

- (preparation of identity ‘theft’) 

hacking; data interference; preparation of fraud; preparation of identity theft (US) 

Root kits can be used to report certain kinds of data to their master. 


Installing a hardware key-logger 

- (preparation of identity ‘theft’) 

trespassing; hacking; illegal interception 



Stealing a USB stick 

- (preparation of identity ‘theft’) 




Using someone’s home WiFi network to send hate speech under that person’s name 

identity ‘theft’ 

hate speech; illegal access; imposture; slander; criminal identity theft (US) 



Spoofing DNS system to redirect to phishing site 

- (preparation of identity ‘theft’) 

hacking; data interference 



Spoofing of biometric sensor without co-operation of the original identity bearer 

identity ‘theft’ 

fraud; forgery; imposture; identity theft (US) 



Man-in-the-middle attack

identity ‘theft’ or preparation thereof 

imposture; data interference; illegal interception; hacking 



Denial-of-service attack on bank’s website 

identity obstruction 

computer sabotage 



Wrong death notice in a public paper 

unlawful identity deletion 




Manipulation of reference data in identity management systems 

- (preparation of identity ‘theft’) 

forgery; preparation of fraud; data interference 



Installing key logger at webshop to intercept credit-card numbers 

- (preparation of identity ‘theft’) 

hacking; data interference; illegal interception; preparation of fraud 



Passing along of authentication data by members of organisations to outsiders 

unlawful identity delegation 

aiding and abetting fraud; identity theft (US) 



Use of personal data of dead persons 

unlawful identity restoration; identity ‘theft’ 



Table 1: Types of attack and corresponding concepts and legal provisions 


It is equally relevant to draft similar tables that map the concepts to attacks and legal provisions, and that map legal provisions to the concepts and attacks, but that exceeds the scope of this article.  

The relevance of this exercise is that it shows the multi-facetedness of identity-related crime, which is a key insight in the fight against this form of crime. The table shows that many attacks exist in stage 1 (see beginning of section 5), the preparatory stage in which identity data are collected or created, which can subsequently be used in a stage 2 attack on an identification system in order to attain some unlawful goal. In combating identity-related crime, focusing on stage 1 activities is therefore equally important as, if not more important than, focusing on the unlawful use of identities. This brings us to the final question of our article: how can the three categorisations help in devising strategies for combating identity-related crime?  


A legal categorisation of identity-related crime  fidis-wp5-del5.3-identity_related_crime_def_01.sxw  Conclusion: addressing identity-related crime
10 / 12