In a recent interview Manhattan District Attorney Cyrus Vance Jr stated that a third of the crimes his office investigates are now related to cyber crime and identity theft. Cyrus referred to it as a ‘Tsunami’ and it has forced significant changes in the way his department works.
Cybercrime in all its forms is accounting for 200 – 300 complaints per month and is rising fast. Cyber is one of the few areas of crime that is actually rising. Most other types of crime are decreasing and this pattern continues into the UK.
So why is cyber crime on the increase, what sorts of crime are occurring, who are the criminals and how do they operate?
Why do criminals carry out cybercrime?
Ease – The ability to carry out cybercrime is getting easier. There are plenty of tools available, some of the crimes are the simplest such as the scamming emails which purport to be from your bank or someone who has lost their wallet abroad do not need any special equipment. There is still a perception from some consumers that emails with the correct logos are official and should be taken seriously. More complex frauds using targeted malware and tools are more difficult to commit but are becoming widespread as the value of theft can be far greater. The ‘cost of entry’ to the Cyber market is getting lower and the tools becoming more prevalent.
Lower sentencing – Traditional crime, especially where violence or threat of violence is concerned is usually severely punished. Cybercrime generally comes under the banner of ‘white collar’ crime and the price criminals have to pay for this can be far lower in the form of lighter/suspended sentences or even just fines. This attracts criminals to the lower risk/reward ratio. Punishment of cybercrime may change as it matures but for the moment it is an easy option.
Higher Risk/Rewards – The average ‘take’ for a bank robbery in the U.S. is $1,200, the sentence for a violent crime can be life. Conversely the average loss for a cyber crime is $4,600 and the likelihood of any custodial sentence is low. In addition the chance of being caught is very low compared to a bank robbery.
Comfort – Traditional crime is weather dependent, burglary rates go down when it is cold and raining (partially due to the lack of open windows but also because burglars dislike going out in bad weather as much as the rest of us). A significant amount of cybercrime can be carried out from anywhere including the comfort of a criminal’s house.
What cybercrimes are popular? How are they carried out?
Hacking: This is a type of crime wherein a computer is broken into so that sensitive, confidential or personal information can be accessed by an unauthorised party. In hacking, the criminal uses a variety of software to enter a person’s computer and the person may not be aware that his computer is being accessed from a remote location.
Theft: This crime occurs when a third party steals credentials to access and reuse or sell unauthorised data. This can include reproducing copyrighted material such as music, movies, games and software. There are many peer sharing websites which encourage software piracy, these get shutdown on a regular basis but spring up again very quickly.
Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. Typically, these stalkers fall into two groups. Ones who know their victims and instead of resorting to offline stalking, they use the Internet to stalk and the other where there is no previous connection to the victim except that they are in the public eye for some reason.
Identity Theft: This has become a major problem with people using the Internet for cash transactions and banking services. In this cybercrime, a criminal accesses data about a person’s bank account, credit or debit cards and other sensitive information to siphon money or to buy things online in the victim’s name. It can result in major financial losses for the victim and is an increasing overhead for financial services companies.
Malicious Software: These are Internet-based software or programs that are used to disrupt a network. The software is used to gain access to a system to steal sensitive information or data or causing damage to software present in the system. DDOS – denial of service and malicious encryption tools are often used for extortion purposes.
Child soliciting and Abuse: This is also a type of cyber crime wherein criminals solicit under age children through a variety of mechanisms for the purpose of child pornography. Government agencies are spending a lot of time targeting these types of crime and monitor chat rooms frequented by children to prevent this sort of child abuse.
Who are the cyber criminals?
Professor Marcus Rogers, Director of the Cyber Forensics & Security Program and Purdue University has produced a taxonomy of offenders;
Script kiddies: who are motivated by “immaturity, ego boosting, and thrill seeking.” Rogers says they tend to be “individuals with limited technical knowledge and abilities who run precompiled software to create mischief, without truly understanding what the software is accomplishing ‘under the hood.’ ”
Cyber-punks: who “have a clear disrespect for authority and its symbols and a disregard for societal norms.” According to Rogers, “they are driven by the need for recognition or notoriety from their peers and society,” and are “characterized by an underdeveloped sense of morality.”
Hacktivists: who, in Rogers’ estimation, might just be “petty criminals” trying to “justify their destructive behaviour, including defacing websites, by labelling [it] civil disobedience and ascribing political and moral correctness to it.”
Thieves: who are “primarily motivated by money and greed” and are “attracted to credit card numbers and bank accounts that can be used for immediate personal gain.”
Virus writers: who tend to be drawn to “the mental challenge and the academic exercise involved in the creation of the viruses.”
Professionals: who are often ex-intelligence operatives “involved in sophisticated swindles or corporate espionage.”
Cyber-terrorists: who are essentially warriors, often members of “the military or paramilitary of a nation state and are viewed as soldiers or freedom fighters in the new cyberspace battlefield.”
To conclude, cybercrime is a fast growing, multi-faceted problem with new participants entering the arena every day. It will be interesting to see how technology and other commercial organisations approach the problem and how society and government organisations attack the cyber hordes. We will be following this article with our thoughts on how it can be approached in the coming months.