|Part of a series on|
|Related security categories|
|Subfields and other major theories|
Cybercrime is a type of crime involving a computer or a computer network. The computer may have been used in committing the crime, or it may be the target. Cybercrime may harm someone's security or finances.
Internationally, both state and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Cybercrimes crossing international borders and involving the actions of at least one nation-state are sometimes referred to as cyberwarfare. Warren Buffett describes cybercrime as the "number one problem with mankind" and said that it "poses real risks to humanity".
A 2014 report sponsored by McAfee estimated that cybercrime had resulted in $445 billion USD in annual damage to the global economy. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2018, a study by the Center for Strategic and International Studies (CSIS), in partnership with McAfee, concluded that nearly 1 percent of global gross domestic product (GDP), close to $600 billion, is lost to cybercrime each year. The World Economic Forum 2020 Global Risk Report confirmed that organized cybercrime groups are joining forces to commit criminal activities online, while estimating the likelihood of their detection and prosecution to be less than 1 percent in the US. There are also many privacy concerns surrounding cybercrime when confidential information is intercepted or disclosed, legally or otherwise.
Computer crime encompasses a broad range of activities, including computer fraud, financial crimes, scams, cybersex trafficking, and ad fraud.
Main article: Computer fraud
Computer fraud is the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system. If computer fraud involves the use of the internet, it can be considered Internet fraud. The legal definition of computer fraud varies by jurisdiction, but typically involves accessing a computer without permission or authorization.
Forms of computer fraud include hacking into computers to alter information, distributing malicious code such as computer worms or viruses, installing malware or spyware to steal data, phishing, and advance-fee scams.
Other forms of fraud may be committed using computer systems, including bank fraud, carding, identity theft, extortion, and theft of classified information. These types of crimes often result in the loss of personal or financial information.
Main article: Cyberterrorism
Cyberterrorism are acts of terrorism committed through the use of cyberspace or computer resources. Acts of disruption of computer networks and personal computers through viruses, worms, phishing, malicious software, hardware, or programming scripts can all be forms of cyberterrorism.
Government officials and information technology (IT) security specialists have documented a significant increase in network problems and server scams since early 2001. Within the United States, there is an increasing concern from agencies such as the Federal Bureau of Investigation (FBI) and the Central Intelligence Agency (CIA). Such incidents are part of an organized effort by cyberterrorist foreign intelligence services or other groups to map potential security flaws in critical systems.
Cyberextortion occurs when a website, e-mail server, or computer system is subjected to or threatened with attacks by malicious hackers, such as denial-of-service attacks. Cyberextortionists demand money in return for promising to stop the attacks and to offer "protection". According to the FBI, cyberextortionists are increasingly attacking corporate websites and networks, crippling their ability to operate, and demanding payments to restore their service. More than 20 cases are reported each month to the FBI, and many go unreported in order to keep the victim's name out of the public domain. Perpetrators use a distributed denial-of-service attack. However, other cyberextortion techniques exist, such as doxing, extortion, and bug poaching. An example of cyberextortion was the Sony Hack of 2014.
Main article: Ransomware
Ransomware is a type of malware used in cyberextortion to restrict access to files, sometimes threatening permanent data erasure unless a ransom is paid. The threat of ransomware is a global issue, with more than 300 million attacks worldwide in 2021. According to the 2022 Unit 42 Ransomware Threat Report, the average ransom demand in cases handled by Norton climbed 144 percent to $2.2 million. This report included an 85 percent increase in the number of victims who had their personal information shown on dark web information dumps. A loss of nearly $400 million in 2021 and 2022 is just one of the statistics showing the impact of ransomware attacks on everyday people.
Main article: Cybersex trafficking
Cybersex trafficking is the transportation of victims and then the live streaming of coerced sexual acts or rape on webcam. Victims are abducted, threatened, or deceived and transferred to "cybersex dens". The dens can be in any location where the cybersex traffickers have a computer, tablet, or phone with an internet connection. Perpetrators use social media networks, video conferences, dating pages, online chat rooms, apps, dark web sites, and other platforms. They use online payment systems and cryptocurrencies to hide their identities. Millions of reports of its occurrence are sent to authorities annually. New legislation and police procedures are needed to combat this type of cybercrime.
There are an estimated 6.3 million victims of cybersex trafficking, according to a recent report by the International Labour Organization and IOM. This number includes about 1.7 million child victims. An example of cybersex trafficking is the 2018–2020 Nth room case in South Korea.
Main article: Cyberwarfare
The U.S. Department of Defense notes that cyberspace has emerged as a national-level concern through several recent events of geostrategic importance, including the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. In August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become normalized in future warfare among nation-states, the military commanders intend to adapt the concept of cyberspace operations impact in the future.
When the individual is the main target of cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise. Human weaknesses are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult. These are the crimes which have existed for centuries in the offline world. Scams, theft, and the like existed before the development of computers and the internet. The same criminal has simply been given a tool which increases their potential pool of victims and makes them all the harder to trace and apprehend.
Crimes that use computer networks or devices to advance other ends include:
The unsolicited sending of bulk email for commercial purposes (spam) is unlawful in some jurisdictions.
Phishing is mostly propagated via email. Phishing emails may contain links to other websites that are affected by malware. Or they may contain links to fake online banking or other websites used to steal private account information.
The content of websites and other electronic communications may be distasteful, obscene, or offensive for a variety of reasons. In some instances, these communications may be illegal.
The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with strong beliefs.
One area of internet pornography that has been the target of the strongest efforts at curtailment is child pornography, which is illegal in most jurisdictions in the world.
Ad-frauds are particularly popular among cybercriminals, as such frauds are lucrative and less likely to be prosecuted. Jean-Loup Richet, a professor at the Sorbonne Business School, classified the large variety of ad-fraud committed by cybercriminals into three categories: identity fraud, attribution fraud, and ad-fraud services.
Identity fraud aims to impersonate real users and inflate audience numbers. Several ad-fraud techniques relate to this category and include traffic from bots (coming from a hosting company or a data center, or from compromised devices); cookie stuffing; falsifying user characteristics, such as location and browser type; fake social traffic (misleading users on social networks into visiting the advertised website); and the creation of fake social media accounts to make the bot appear legitimate.
Attribution fraud impersonates the activities of real users, such as clicks and conversations. Multiple ad-fraud techniques belong to this category: hijacked devices and the use of infected users (through malware) as part of a botnet to participate in ad fraud campaigns; click farms (companies where low-wage employees are paid to click or engage in conversations and affiliates' offers); incentivized browsing; video placement abuse (delivered in display banner slots); hidden ads (which will never be viewed by real users); domain spoofing (ads served on a website other than the advertised real-time bidding website); and clickjacking, in which the user is forced to click on an ad.
Ad fraud services are related to all online infrastructure and hosting services that might be needed to undertake identity or attribution fraud. Services can involve the creation of spam websites (fake networks of websites created to provide artificial backlinks); link building services; hosting services; creation of fake and scam pages impersonating a famous brand and used as part of an ad fraud campaign.
Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing, for example, on gender, race, religion, nationality, or sexual orientation.
There are instances when committing a crime using a computer can lead to an enhanced sentence. For example, in the case of United States v. Neil Scott Kramer, the defendant was given an enhanced sentence according to the U.S. Sentencing Guidelines Manual §2G1.3(b)(3) for his use of a cell phone to "persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage in prohibited sexual conduct." Kramer appealed the sentence on the grounds that there was insufficient evidence to convict him under this statute because his charge included persuading through a computer device and his cellular phone technically is not a computer. Although Kramer tried to argue this point, the U.S. Sentencing Guidelines Manual states that the term "computer" means "an electronic, magnetic, optical, electrochemical, or other high-speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device."
In the United States, over 41 states have passed laws and regulations that regard extreme online harassment as a criminal act. These acts can be punished on a federal scale, such as US Code 18 Section 2261A, which states that using computers to threaten or harass can lead to a sentence of up to 20 years, depending on the action taken.
Several countries outside the United States have also created laws to combat online harassment. In China, a country that supports over 20 percent of the world's internet users, the Legislative Affairs Office of the State Council passed a strict law against the bullying of young people through a bill in response to the Human Flesh Search Engine. The United Kingdom passed the Malicious Communications Act, among other acts from 1997 to 2013, which stated that sending messages or letters electronically that the government deemed "indecent or grossly offensive" and/or language intended to cause "distress and anxiety" can lead to a prison sentence of six months and a potentially large fine. Australia, while not directly addressing the issue of harassment, has grouped the majority of online harassment under the Criminal Code Act of 1995. Using telecommunication to send threats or harass and cause offense was a direct violation of this act.
Although freedom of speech is protected by law in most democratic societies (in the US this is done by the First Amendment), it does not include all types of speech. In fact, spoken or written "true threat" speech or text is criminalized because of "intent to harm or intimidate". That also applies to online or network-related threats in written text or speech.
Cyberbullying has increased drastically with the growing popularity of online social networking. As of January 2020, 44 percent of adult internet users in the United States have "personally experienced online harassment". Children who experience online harassment deal with negative and sometimes life-threatening side effects. In 2021, reports displayed 41 percent of children developing social anxiety, 37 percent of children developing depression, and 26 percent of children having suicidal thoughts.
The United Arab Emirates was named in a spying scandal where the Gulf nation along with other repressive governments purchased NSO Group's mobile spyware Pegasus for mass surveillance. Prominent activists and journalists were targeted as part of the campaign, including Ahmed Mansoor, Princess Latifa, Princess Haya, and more. Ghada Oueiss was one of the many high-profile female journalists and activists who became the target of online harassment. Oueiss filed a lawsuit against UAE ruler Mohamed bin Zayed Al Nahyan along with other defendants, accusing them of sharing her photos online. The defendants, including the UAE ruler, filed motions to dismiss the case of the hack-and-leak attack.
Darknet markets are used to buy and sell recreational drugs online. Some drug traffickers use encrypted messaging tools to communicate with drug mules or potential customers. The dark web site Silk Road was the first major online marketplace for drugs, starting operation in 2011. It was permanently shut down in 2014 by the FBI and Europol. After Silk Road 2.0 went down, Silk Road 3 Reloaded emerged. However, it was just an older marketplace named Diabolus Market, that used the name for more exposure from the brand's previous success.
Darknet markets have had a rise in traffic in recent years for many reasons, one of the biggest contributors being the anonymity offered in purchases, and often a seller-review system. There are many ways in which darknet markets can financially drain individuals. Vendors and customers alike go to great lengths to keep their identities a secret while online. Commonly used tools are virtual private networks (VPN), Tails, and the Tor Browser to help hide their online presence. Darknet markets entice customers by making them feel comfortable. People can easily gain access to a Tor browser with DuckDuckGo browser that allows a user to explore much deeper than other browsers such as Google Chrome. However, actually gaining access to an illicit market is not as simple as typing it in on a search engine like one would with Google. Darknet markets have special links that change frequently, ending in .onion as opposed to the typical .com, .net, and .org domain extensions. To add to privacy, the most prevalent currency on these markets is Bitcoin. Bitcoin allows transactions to be anonymous, with the only information available to the public being the record that a transaction occurred between two parties.
An issue marketplace users face is when vendors or the market itself are exit scamming. This is when a vendor with a high rating will act as if they are selling on the market and have users pay for products they will not receive. The vendor will then close off their account after receiving money from multiple buyers and never send what was purchased. The vendors all being involved in illegal activities have a low chance of not exiting scamming when they no longer want to be a vendor. In 2019, an entire market known as Wall Street Market had allegedly exit scammed, stealing $30 million dollars from the vendors' and buyers' wallets in bitcoin.
FBI has cracked down on these markets. In July 2017, FBI seized one of the biggest markets, commonly called Alphabay, which later re-opened in August 2021 under the control of DeSnake, one of the original administrators. Investigators will pose as a buyer and order products from darknet vendors in the hopes that vendors leave a trail the investigators can follow. One investigation had an investigator pose as a firearms seller and for six months people purchased from them and provided home addresses. The FBI was able to make over a dozen arrests during this six-month investigation. Another one of law enforcement's crackdowns was on vendors selling fentanyl and opiates. With thousands of people dying each year due to drug overdose, investigators have made it a priority. Many vendors do not realize the extra criminal charges that go along with selling drugs online. Commonly they get charged with money laundering and charges for when the drugs are shipped in the mail on top of being a drug distributor. In 2019, a vendor was sentenced to 10 years in prison after selling cocaine and methamphetamine under the name JetSetLife. Although investigators spend large amounts of time tracking down people, in 2018, only 65 suspects who bought and sold illegal goods on some of the biggest markets were identified. This is compared to the thousands of transactions taking place daily on these markets.
It is difficult to find and combat cybercrime perpetrators due to their use of the internet in support of cross-border attacks. Not only does the internet allow people to be targeted from various locations, but the scale of the harm done can be magnified. Cybercriminals can target more than one person at a time. The availability of virtual spaces to public and private sectors has allowed cybercrime to become an everyday occurrence. In 2018, The Internet Crime Complaint Center received 351,937 complaints of cybercrime, which lead to $2.7 billion lost.
In a criminal investigation, a computer can be a source of evidence (see digital forensics). Even where a computer is not directly used for criminal purposes, it may contain records of value to criminal investigators in the form of a logfile. In most countries, Internet Service Providers are required, by law, to keep their logfiles for a predetermined amount of time. For example, the EU-wide Data Retention Directive (previously applicable to all EU member states) stated that all e-mail traffic should be retained for a minimum of 12 months.
There are many ways for cybercrime to take place, and investigations tend to start with an IP Address trace; however, that is not necessarily a factual basis upon which detectives can solve a case. Different types of high-tech crime may also include elements of low-tech crime, and vice versa, making cybercrime investigators an indispensable part of modern law enforcement. Methods of cybercrime detective work are dynamic and constantly improving, whether in closed police units or in international cooperation framework.
In the United States, the FBI and the Department of Homeland Security (DHS) are government agencies that combat cybercrime. The FBI has trained agents and analysts in cybercrime placed in their field offices and headquarters. Under the DHS, the Secret Service has a Cyber Intelligence Section that works to target financial cybercrimes. They use their intelligence to protect against international cybercrime. Their efforts work to protect institutions, such as banks, from intrusions and information breaches. Based in Alabama, the Secret Service and the Alabama Office of Prosecution Services work together to train professionals in law enforcement through the creation of The National Computer Forensic Institute. This institute works to provide "state and local members of the law enforcement community with training in cyber incident response, investigation, and forensic examination in cyber incident response, investigation, and forensic examination."
Due to the common use of encryption and other techniques to hide their identity and location by cybercriminals, it can be difficult to trace a perpetrator after the crime is committed, so prevention measures are crucial.
The Department of Homeland Security also instituted the Continuous Diagnostics and Mitigation (CDM) Program. The CDM Program monitors and secures government networks by tracking and prioritizing network risks, and informing system personnel so that they can take action. In an attempt to catch intrusions before the damage is done, the DHS created the Enhanced Cybersecurity Services (ECS) to protect public and private sectors in the United States. The Cyber Security and Infrastructure Security Agency approves private partners that provide intrusion detection and prevention services through the ECS. An example of one of these services offered is DNS sinkholing.
Many cybersecurity products and technologies are used by organizations, but cybersecurity professionals have been skeptical of prevention-focused strategies. The mode of use of cybersecurity products has also been called into question. Google click fraud czar Shuman Ghosemajumder has argued that companies using a combination of individual products for security is not a scalable approach and advocated for the use of cybersecurity technology primarily in the form of services.
Due to easily exploitable laws, cybercriminals use developing countries in order to evade detection and prosecution from law enforcement. In developing countries such as the Philippines, laws against cybercrime are weak or sometimes nonexistent. These weak laws allow cybercriminals to strike from international borders and remain undetected. Even when identified, these criminals avoid being punished or extradited to a country, such as the United States, that has developed laws that allow for prosecution. While this proves difficult in some cases, agencies, such as the FBI, have used deception and subterfuge to catch criminals. For example, two Russian hackers had been evading the FBI for some time. The FBI set up a fake computing company based in Seattle, Washington. They proceeded to lure the two Russian men into the United States by offering them work with this company. Upon completion of the interview, the suspects were arrested outside the building. Clever tricks like this are sometimes a necessary part of catching cybercriminals when weak legislation makes it impossible otherwise.
Then-President Barack Obama released an executive order in April 2015 to combat cybercrime. The executive order allows the United States to freeze the assets of convicted cybercriminals and block their economic activity within the United States. This is some of the first solid legislation that combats cybercrime in this way.
The European Union adopted directive 2013/40/EU. All offences of the directive, and other definitions and procedural institutions are also in the Council of Europe's Convention on Cybercrime.
It is not only the US and the European Union that are introducing new measures against cybercrime. On 31 May 2017, China announced that its new cybersecurity law takes effect on this date.
In Australia, common legislation in Commonwealth jurisdiction which is applied to combat cybercrime by means of criminal offence provisions and information gathering and enforcement powers includes the Criminal Code Act 1995 (Cth), the Telecommunications Act 1997 (Cth), and the Enhancing Online Safety Act 2015 (Cth).
In Roads and Traffic Authority of New South Wales v Care Park Pty Limited  NSWCA 35, it was found that the use of a discovery order made upon a third party for the purposes of determining the identity or whereabouts of a person may be exercised merely on the prerequisite that such information requested will aid the litigation process.
In Dallas Buyers Club LLC v iiNet Limited  FCA 317, guidance is provided on the interpretation of rule 7.22 of the Federal Court Rules 2011 (Cth) with respect to the issue of to what extent a discovery order must identify a person for it to be a valid request for information to determine the identity or whereabouts of a person in the circumstance of an end-user of an internet service being a different person to the account holder. Justice Perram stated: "... it is difficult to identify any good reason why a rule designed to aid a party in identifying wrongdoers should be so narrow as only to permit the identification of the actual wrongdoer rather than the witnesses of that wrongdoing."
Penalties for computer-related crimes in New York State can range from a fine and a short period of jail time for a Class A misdemeanor such as unauthorized use of a computer up to computer tampering in the first degree which is a Class C felony and can carry 3 to 15 years in prison.
However, some hackers have been hired as information security experts by private companies due to their inside knowledge of computer crime, a phenomenon which theoretically could create perverse incentives. A possible counter to this is for courts to ban convicted hackers from using the internet or computers, even after they have been released from prison – though as computers and the Internet become more and more central to everyday life, this type of punishment may be viewed as more and more harsh and draconian. However, nuanced approaches have been developed that manage cyber offenders' behavior without resorting to total computer or internet bans. These approaches involve restricting individuals to specific devices which are subject to computer monitoring or computer searches by probation or parole officers.
As technology advances and more people rely on the internet to store sensitive information such as banking or credit card information, criminals increasingly attempt to steal that information. Cybercrime is becoming more of a threat to people across the world. Raising awareness about how information is being protected and the tactics criminals use to steal that information continues to grow in importance. According to the FBI's Internet Crime Complaint Center in 2014, there were 269,422 complaints filed. With all the claims combined there was a reported total loss of $800,492,073. But cybercrime does not yet seem to be on the average person's radar. There are 1.5 million cyber-attacks annually, which means that there are over 4,000 attacks a day, 170 attacks every hour, or nearly three attacks every minute, with studies showing that only 16 percent of victims had asked the people who were carrying out the attacks to stop. Anybody who uses the internet for any reason can be a victim, which is why it is important to be aware of how one is being protected while online.
As cybercrime has proliferated, a professional ecosystem has evolved to support individuals and groups seeking to profit from cybercriminal activities. The ecosystem has become quite specialized, including malware developers, botnet operators, professional cybercrime groups, groups specializing in the sale of stolen content, and so forth. A few of the leading cybersecurity companies have the skills, resources and visibility to follow the activities of these individuals and groups. A wide variety of information is available from these sources which can be used for defensive purposes, including technical indicators such as hashes of infected files or malicious IPs/URLs, as well as strategic information profiling the goals, techniques and campaigns of the profiled groups. Some of it is freely published, but consistent, ongoing access typically requires subscribing to an adversary intelligence subscription service. At the level of an individual threat actor, threat intelligence is often referred to as that actor's "TTP" or "tactics, techniques, and procedures", as the infrastructure, tools, and other technical indicators are often trivial for attackers to change. Corporate sectors are considering crucial role of artificial intelligence cybersecurity.
INTERPOL Cyber Fusion Center has begun a collaboration with cybersecurity key players to distribute information on the latest online scams, cyber threats and risks to internet users. Reports cutting across social engineered frauds, ransomware, phishing, and other has since 2017 been distributed to security agencies in over 150 countries.
The broad diffusion of cybercriminal activities is an issue in computer crime detection and prosecution.
Hacking has become less complex as hacking communities have greatly diffused their knowledge through the internet. Blogs and communities have contributed substantially to information sharing as beginners can benefit from older hackers' knowledge and advice.
Furthermore, hacking is cheaper than ever: before the cloud computing era, in order to spam or scam, one needed a variety of resources, such as a dedicated server, skills in server management, network configuration, and maintenance, and knowledge of internet service provider standards. By comparison, a mail software-as-a-service is a scalable, inexpensive, bulk, and transactional e-mail-sending service for marketing purposes and could be easily set up for spam. Cloud computing could be helpful for a cybercriminal as a way to leverage his or her attack, in terms of brute-forcing a password, improving the reach of a botnet, or facilitating a spamming campaign.
((cite journal)): Cite journal requires
((cite web)): CS1 maint: archived copy as title (link)