A report (sponsored by McAfee), published in 2014, estimated that the annual damage to the global economy was $445 billion. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2018, a study by Center for Strategic and International Studies (CSIS), in partnership with McAfee, concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year.
Classifications
Computer crime encompasses a broad range of activities.
Financial fraud crimes
Computer fraud
is any dishonest misrepresentation of fact intended to let another to
do or refrain from doing something which causes loss. In this context,
the fraud will result in obtaining a benefit by:
- Altering in an unauthorized way. This requires little technical expertise and is common form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
- Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. This is difficult to detect;
- Altering or deleting stored data.
Other forms of fraud may be facilitated using computer systems, including bank fraud, carding, identity theft, extortion, and theft of classified information.
Cyberterrorism
Government officials and information technology
security specialists have documented a significant increase in Internet
problems and server scans since early 2001. But there is a growing
concern among government agencies such as the Federal Bureau of Investigations (FBI) and the Central Intelligence Agency (CIA) that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems.
A cyberterrorist is someone who intimidates or coerces a government or
an organization to advance his or her political or social objectives by
launching a computer-based attack against computers, networks, or the
information stored on them.
Cyberterrorism in general can be defined as an act of terrorism
committed through the use of cyberspace or computer resources (Parker
1983). As such, a simple propaganda piece in the Internet that there
will be bomb attacks during the holidays can be considered
cyberterrorism. There are also hacking activities directed towards
individuals, families, organized by groups within networks, tending to
cause fear among people, demonstrate power, collecting information
relevant for ruining peoples' lives, robberies, blackmailing etc.
Cyberextortion
Cyberextortion occurs when a website, e-mail server, or computer
system is subjected to or threatened with repeated denial of service or
other attacks by malicious hackers. These hackers demand money in return
for promising to stop the attacks and to offer "protection". According
to the Federal Bureau of Investigation,
cybercrime extortionists are increasingly attacking corporate websites
and networks, crippling their ability to operate and demanding payments
to restore their service. More than 20 cases are reported each month to
the FBI and many go unreported in order to keep the victim's name out of
the public domain. Perpetrators typically use a distributed denial-of-service attack. However, other cyberextortion techniques exist such as doxing extortion and bug poaching.
An example of cyberextortion was the attack on Sony Pictures of 2014.
Cyberwarfare
Sailors analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks
The U.S. Department of Defense
(DoD) notes that the cyberspace has emerged as a national-level concern
through several recent events of geostrategic significance. Among those
are included, the attack on Estonia's
infrastructure in 2007, allegedly by Russian hackers. "In August 2008,
Russia again allegedly conducted cyberattacks, this time in a
coordinated and synchronized kinetic and non-kinetic campaign against
the country of Georgia. The December 2015 Ukraine power grid cyberattack has also been attributed to Russia and is considered the first successful cyberattack on a power grid.
Fearing that such attacks may become the norm in future warfare among
nation-states, the concept of cyberspace operations impacts and will be
adapted by military commanders in the future.
Computer as a target
These
crimes are committed by a selected group of criminals. Unlike crimes
using the computer as a tool, these crimes require the technical
knowledge of the perpetrators. As such, as technology evolves, so too
does the nature of the crime. These crimes are relatively new, having
been in existence for only as long as computers have—which explains how
unprepared society and the world in general is towards combating these
crimes. There are numerous crimes of this nature committed daily on the
internet.
Crimes that primarily target computer networks or devices include:
- Computer viruses
- Denial-of-service attacks
- Malware (malicious code)
Computer as a tool
When the individual is the main target of cybercrime, the computer
can be considered as the tool rather than the target. These crimes
generally involve less technical expertise. Human weaknesses are
generally exploited. The damage dealt is largely psychological
and intangible, making legal action against the variants more
difficult. These are the crimes which have existed for centuries in the
offline world. Scams,
theft, and the likes have existed even before the development in
high-tech equipment. The same criminal has simply been given a tool
which increases their potential pool of victims and makes them all the
harder to trace and apprehend.
Crimes that use computer networks or devices to advance other ends include:
- Fraud and identity theft (although this increasingly uses malware, hacking or phishing, making it an example of both "computer as target" and "computer as tool" crime)
- Information warfare
- Phishing scams
- Spam
- Propagation of illegal obscene or offensive content, including harassment and threats
The unsolicited sending of bulk email for commercial purposes (spam) is unlawful in some jurisdictions.
Phishing is mostly propagated via email. Phishing emails may contain links to other websites that are affected by malware. Or, they may contain links to fake online banking or other websites used to steal private account information.
Obscene or offensive content
The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be illegal.
The extent to which these communications are unlawful varies
greatly between countries, and even within nations. It is a sensitive
area in which the courts can become involved in arbitrating between
groups with strong beliefs.
One area of Internet pornography that has been the target of the strongest efforts at curtailment is child pornography, which is illegal in most jurisdictions in the world.
Online harassment
Whereas content may be offensive in a non-specific way, harassment
directs obscenities and derogatory comments at specific individuals
focusing for example on gender, race, religion, nationality, sexual
orientation. This often occurs in chat rooms, through newsgroups, and by
sending hate e-mail to interested parties. Harassment on the internet
also includes revenge porn.
There are instances where committing a crime using a computer can lead to an enhanced sentence. For example, in the case of United States v. Neil Scott Kramer, Kramer was served an enhanced sentence according to the U.S. Sentencing Guidelines Manual §2G1.3(b)(3) for his use of a cell phone
to "persuade, induce, entice, coerce, or facilitate the travel of, the
minor to engage in prohibited sexual conduct." Kramer argued that this
claim was insufficient because his charge included persuading through a
computer device and his cellular phone technically is not a computer.
Although Kramer tried to argue this point, U.S. Sentencing Guidelines
Manual states that the term computer "means an electronic, magnetic,
optical, electrochemically,
or other high-speed data processing device performing logical,
arithmetic, or storage functions, and includes any data storage facility
or communications facility directly related to or operating in
conjunction with such device."
Connecticut was the U.S. state to pass a statute making it a criminal offense to harass someone by computer. Michigan, Arizona, and Virginia and South Carolina have also passed laws banning harassment by electronic means.
Harassment as defined in the U.S. computer statutes is typically
distinct from cyberbullying, in that the former usually relates to a
person's "use a computer or computer network to communicate obscene,
vulgar, profane, lewd, lascivious, or indecent language, or make any
suggestion or proposal of an obscene nature, or threaten any illegal or
immoral act," while the latter need not involve anything of a sexual
nature.
Although freedom of speech is protected by law in most democratic societies (in the US this is done by the First Amendment),
it does not include all types of speech. In fact spoken or written
"true threat" speech/text is criminalized because of "intent to harm or
intimidate", that also applies for online or any type of network related
threats in written text or speech. The US Supreme Court
definition of "true threat" is "statements where the speaker means to
communicate a serious expression of an intent to commit an act of
unlawful violence to a particular individual or group".
Drug trafficking
Darknet markets are used to buy and sell recreational drugs online. Some drug traffickers use encrypted messaging tools to communicate with drug mules. The dark web site Silk Road
was a major online marketplace for drugs before it was shut down by law
enforcement (then reopened under new management, and then shut down by
law enforcement again). After Silk Road 2.0 went down, Silk Road 3 Reloaded emerged. However, it was just an older marketplace named Diabolus Market, that used the name for more exposure from the brand's previous success.
Documented cases
- One of the highest profiled banking computer crime occurred during a course of three years beginning in 1970. The chief teller at the Park Avenue branch of New York's Union Dime Savings Bank embezzled over $1.5 million from hundreds of accounts.
- A hacking group called MOD (Masters of Deception), allegedly stole passwords and technical data from Pacific Bell, Nynex, and other telephone companies as well as several big credit agencies and two major universities. The damage caused was extensive, one company, Southwestern Bell suffered losses of $370,000 alone.
- In 1983, a 19-year-old UCLA student used his PC to break into a Defense Department International Communications system.
- Between 1995 and 1998 the Newscorp satellite pay to view encrypted SKY-TV service was hacked several times during an ongoing technological arms race between a pan-European hacking group and Newscorp. The original motivation of the hackers was to watch Star Trek reruns in Germany; which was something which Newscorp did not have the copyright to allow.
- On 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and a copy of the virus spread via e-mail to other people.
- In February 2000, an individual going by the alias of MafiaBoy began a series denial-of-service attacks against high-profile websites, including Yahoo!, Dell, Inc., E*TRADE, eBay, and CNN. About 50 computers at Stanford University, and also computers at the University of California at Santa Barbara, were among the zombie computers sending pings in DDoS attacks. On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks.
- The Stuxnet worm corrupted SCADA microprocessors, particularly of the types used in Siemens centrifuge controllers.
- The Russian Business Network (RBN) was registered as an internet site in 2006. Initially, much of its activity was legitimate. But apparently, the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with individual activities earning up to $150 million in one year. It specialized in and in some cases monopolized personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.
- On 2 March 2010, Spanish investigators arrested 3 in infection of over 13 million computers around the world. The "botnet" of infected computers included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks, according to investigators.
- In August 2010 the international investigation Operation Delego, operating under the aegis of the Department of Homeland Security, shut down the international pedophile ring Dreamboard. The website had approximately 600 members and may have distributed up to 123 terabytes of child pornography (roughly equivalent to 16,000 DVDs). To date this is the single largest U.S. prosecution of an international child pornography ring; 52 arrests were made worldwide.
- In January 2012 Zappos.com experienced a security breach after as many as 24 million customers' credit card numbers, personal information, billing and shipping addresses had been compromised.
- In June 2012 LinkedIn and eHarmony were attacked, compromising 65 million password hashes. 30,000 passwords were cracked and 1.5 million EHarmony passwords were posted online.
- December 2012 Wells Fargo website experienced a denial of service attack. Potentially compromising 70 million customers and 8.5 million active viewers. Other banks thought to be compromised: Bank of America, J. P. Morgan U.S. Bank, and PNC Financial Services.
- April 23, 2013 saw the Associated Press' Twitter account's hacked - the hacker posted a hoax tweet about fictitious attacks in the White House that they claimed left President Obama injured. This hoax tweet resulted in a brief plunge of 130 points from the Dow Jones Industrial Average, removal of $136 billion from S&P 500 index, and the temporary suspension of AP's Twitter account. The Dow Jones later restored its session gains.
- In May 2017, 74 countries logged a ransomware cybercrime, called "WannaCry"
- Illicit access to camera sensors, microphone sensors, phonebook contacts, all internet-enabled apps, and metadata of mobile telephones running Android and IOS were reportedly made accessible by Israeli spyware, found to be being in operation in at least 46 nation-states around the world. Journalists, Royalty and government officials were amongst the targets. Previous accusations of cases of Israeli-weapons companies meddling in international telephony and smartphones have been eclipsed in the 2018 reported case.
Combating computer crime
Diffusion of cybercrime
The
broad diffusion of cybercriminal activities is an issue in computer
crimes detection and prosecution.
According to Jean-Loup Richet (Research Fellow at ESSEC ISIS), technical
expertise and accessibility no longer act as barriers to entry into
cybercrime.
Indeed, hacking is much less complex than it was a few years ago, as
hacking communities have greatly diffused their knowledge through the
Internet. Blogs and communities have hugely contributed to information
sharing: beginners could benefit from older hackers' knowledge and
advice. Furthermore, hacking is cheaper than ever: before the cloud computing
era, in order to spam or scam one needed a dedicated server, skills in
server management, network configuration, and maintenance, knowledge of
Internet service provider standards, etc. By comparison, a mail software-as-a-service
is a scalable, inexpensive, bulk, and transactional e-mail-sending
service for marketing purposes and could be easily set up for spam.
Jean-Loup Richet explains that cloud computing could be helpful for a
cybercriminal as a way to leverage his attack – brute-forcing a
password, improve the reach of a botnet, or facilitating a spamming campaign.
Investigation
A computer can be a source of evidence.
Even where a computer is not directly used for criminal purposes, it
may contain records of value to criminal investigators in the form of a logfile. In most countries Internet Service Providers are required, by law, to keep their logfiles for a predetermined amount of time. For example; a European wide Data Retention Directive (applicable to all EU member states) states that all e-mail traffic should be retained for a minimum of 12 months.
Methodology of cybercrime investigation
There are many ways for cybercrime to take place, and investigations tend to start with an IP Address
trace, however that is not necessarily a factual basis upon which
detectives can solve a case. Different types of high-tech crime may also
include elements of low-tech crime, and vice versa, making cybercrime
investigators an indispensable part of modern law-enforcement. Methodology
of cybercrime detective work is dynamic and is constantly improving,
whether in closed police units, or in international cooperation
framework.
Legislation
Due
to easily exploitable laws, cybercriminals use developing countries in
order to evade detection and prosecution from law enforcement. In
developing countries, such as the Philippines,
laws against cybercrime are weak or sometimes nonexistent. These weak
laws allow cybercriminals to strike from international borders and
remain undetected. Even when identified, these criminals avoid being
punished or extradited to a country, such as the United States, that has developed laws that allow for prosecution. While this proves difficult in some cases, agencies, such as the FBI,
have used deception and subterfuge to catch criminals. For example, two
Russian hackers had been evading the FBI for some time. The FBI set up a
fake computing company based in Seattle, Washington. They proceeded to
lure the two Russian men into the United States by offering them work
with this company. Upon completion of the interview, the suspects were
arrested outside of the building. Clever tricks like this are sometimes a
necessary part of catching cybercriminals when weak legislation makes
it impossible otherwise.
President Barack Obama
released in an executive order in April 2015 to combat cybercrime. The
executive order allows the United States to freeze assets of convicted
cybercriminals and block their economic activity within the United
States. This is some of the first solid legislation that combats
cybercrime in this way.
The European Union adopted directive 2013/40/EU. All offenses of
the directive, and other definitions and procedural institutions are
also in the Council of Europe's Convention on Cybercrime.
It is not only the USA and the European Union who are introducing
new measures against cybercrime. ON 31 May 2017 China announced that
its new cybersecurity law takes effect on this date.
Penalties
Penalties for computer-related crimes in New York
State can range from a fine and a short period of jail time for a Class
A misdemeanor such as unauthorized use of a computer up to computer
tampering in the first degree which is a Class C felony and can carry 3
to 15 years in prison.
However, some hackers have been hired as information security experts by private companies due to their inside knowledge of computer crime, a phenomenon which theoretically could create perverse incentives.
A possible counter to this is for courts to ban convicted hackers from
using the Internet or computers, even after they have been released from
prison – though as computers and the Internet become more and more
central to everyday life, this type of punishment may be viewed as more
and more harsh and draconian. However, nuanced approaches have been
developed that manage cyber offenders' behavior without resorting to
total computer or Internet bans.
These approaches involve restricting individuals to specific devices
which are subject to computer monitoring or computer searches by
probation or parole officers.
Awareness
As
technology advances and more people rely on the internet to store
sensitive information such as banking or credit card information,
criminals increasingly attempt to steal that information. Cybercrime is
becoming more of a threat to people across the world. Raising awareness
about how information is being protected and the tactics criminals use
to steal that information continues to grow in importance. According to
the FBI's Internet Crime Complaint Center in 2014, there were 269,422
complaints filed. With all the claims combined there was a reported
total loss of $800,492,073.
But cybercrime does yet seem to be on the average person's radar. There
are 1.5 million cyber-attacks annually, that means that there are over
4,000 attacks a day, 170 attacks every hour, or nearly three attacks
every minute, with studies showing us that only 16% of victims had asked
the people who were carrying out the attacks to stop.
Anybody who uses the internet for any reason can be a victim, which is
why it is important to be aware of how one is being protected while
online.
Intelligence
As
cybercrime has proliferated, a professional ecosystem has evolved to
support individuals and groups seeking to profit from cybercriminal
activities. The ecosystem has become quite specialized, including
malware developers, botnet operators, professional cybercrime groups,
groups specializing in the sale of stolen content, and so forth. A few
of the leading cybersecurity companies have the skills, resources and
visibility to follow the activities of these individuals and group.
A wide variety of information is available from these sources which
can be used for defensive purposes, including technical indicators such
as hashes of infected files or malicious IPs/URLs,
as well as strategic information profiling the goals, techniques and
campaigns of the profiled groups. Some of it is freely published, but
consistent, on-going access typically requires subscribing to an
adversary intelligence subscription service. At the level of an
individual threat actor, threat intelligence is often referred to that
actor's "TTP", or "tactics, techniques, and procedures," as the
infrastructure, tools, and other technical indicators are often trivial
for attackers to change. Corporate sectors are considering crucial role
of artificial intelligence cyber security.
Agencies
- ASEAN
- Australian High Tech Crime Centre
- Cyber Crime Investigation Cell, a wing of Mumbai Police, India
- Cyber Crime Unit (Hellenic Police), formed in Greece in 1995
- National White Collar Crime Center, in the United States
- National Cyber Crime Unit, in the United Kingdom
