Cybercrime has many definitions but most experts agree it is the wave of the future, and it’s here to stay. With over one trillion dollars moved electronically every week, the Internet is where the money is. The rates of cybercrime are skyrocketing. The annual “take” by theft-oriented cybercriminals is estimated more than $100 billion, and 97% of offenses go undetected.
Additionally, there are those who just abuse the Internet and computer systems — hackers or hooligans, but cybercriminals nonetheless. Their shenanigans often cost an additional $100,000+ per incident in damage, labour, and lost productivity. Add to that, corporate espionage which some experts say is the real problem, with annual losses of proprietary information in the $40-60 million range. Toss in organized crime, terrorism, info war, embezzlement, extortion, and a variety of other ways to offend or harm with computers, and it’s anybody’s guess what the real cost is.
The underground or “shadow” economy refers to a growing cyber-economy of criminals who are making money at online crime. The concept implies an evolution from hacking and virus writing for fun to creating malicious code for profit. For instance, when malware services are sold online using the same kinds of development methods and guarantees given by legitimate software vendors, one has a black economy. In fact, currently there are plenty of Trojan creation sites out of Russia, Germany and the Eastern bloc where one can purchase kits and support for creating malware
There are places where one can pay others to infect your enemies with spyware and Trojans (dirty deeds for a small fee of $100). Additionally, there is the emerging industry of digital espionage services, the growing cyber-extortion field, and the stolen credit-card and bank account markets. It’s a wonder why anyone still bothers committing traditional crime when today, cybercrime is so much easier.
A moment should be taken to note that the danger of tempting “Internet Addictions” is very real. It is also known as being an “onlineaholic,” but it is, unfortunately, not an insurable diagnosis for insurance purposes. In a world of news feeds, instant messaging, email, and games, Blackberry devices might as well be called “Crackberry” devices because of their addictive potential. It is as destructive as any obsessive disorder, although the forensic or clinical outlines are not well known.
Specialists estimate that 6-10% of Internet users develop some kind of dependency Substantial evidence points to the fact that Internet addiction exacts a toll on health and family life, aggravates pre-existing disorders, can lead to further addictions such as gambling or pornography, and it can lead to cybercrime. The “hook” involves the ever-present hope of escape that the Internet offers to people who are longing for something.
THE DEFINITION OF CYBER
First of all, anytime you use the prefix cyber-, you’re talking about something somebody is doing online. In other words, there has to be action and some networking involved. Motion characterizes the behaviour. Anything related to the Internet falls under the cyber category by definition.
Cybercrime is substantially different from the use of computers for traditional activities where the purpose is to “stash” or “store” something. It’s like the difference between people who use computers like a typewriter and filing cabinet versus those who use computers for all they can be (and want more). The motivations, actions, and goals are different. Our criminal law simply hasn’t got enough concepts to grasp the element of mens rea when it comes to cybercrime. There are different kinds of glee, elation, and glory involved in cyberspace that don’t exist in the real world. Cover-ups occur by excess information, not through less information. Further, concepts from the field of white-collar crime are of little use, because you’re dealing with something more revolutionary than just trying to make money — you’re dealing with cyberspace and techno-culture, two concepts that are essential to any definition of cyber.
THE NATURE AND VARIETY OF CYBERCRIME
Not everything computer-related is cybercrime, and not everything computer-related is computer crime. A person who embezzles P200 from the ATM of a company they work for still commits embezzlement, not cybercrime. The use of computers as incidental to another offense is not cybercrime. There are plenty of laws on the books already to classify many types of cybercrime. One way to do this involves thinking along the lines of asset forfeiture, or whether computers make up the fruits or instrumentalities of crime. This is a classification of cybercrime with the computer as target and computer as tool.
Computer as Target: This kind of activity is the wrongful taking of information or the causing of damage to information. Targeting a computer just to obtain unauthorized access is the hallmark of hacking, and the most serious criminal offense here is theft of information, followed by maliciousness, mischief, and wayward adventuring. Bypassing a password protected website to avoid payment would be theft of services, and foreign intelligence break-ins would be espionage. A list of specific offenses in this category might include:
ÔÇó Arson (targeting a computer centre for damage by fire)
ÔÇó Extortion (threatening to damage a computer to obtain money)
ÔÇó Burglary (break-ins to steal computer parts)
ÔÇó Conspiracy (people agreeing to commit an illegal act on computer)
ÔÇó Espionage/Sabotage (stealing secrets or destroying competitors records)
ÔÇó Forgery (issuing false documents or information via computer)
ÔÇó Larceny/Theft (theft of computer parts)
ÔÇó Malicious destruction of property (destroying computer hardware or software)
ÔÇó Murder (tampering with computerized life-sustaining equipment)
ÔÇó Receiving stolen property (accepting known stolen good or services via computer)
Computer as Tool: This kind of activity involves modification of a traditional crime by using the Internet in some way. The traditional analogue here is fraud. It can something as simple as the online illegal sale of prescription drugs or something as sophisticated as cyber stalking. Paedophiles also use the Internet to exchange child pornography, pose as a child, and lure victims into real life kidnappings. Laws need to be consistently developed as modus operandi evolve internationally around the following offences:
ÔÇó Internet fraud (false advertising, credit card fraud, wire fraud, money laundering)
ÔÇó Online child pornography; child luring (sexual exploitation; transportation for sexual activity)
ÔÇó Internet sale of prescription drugs & controlled substances (smuggling; drug control laws)
ÔÇó Internet sale of firearms (firearms control laws)
ÔÇó Internet gambling (lottery laws; illegal gambling businesses)
ÔÇó Internet sale of alcohol (liquor trafficking)
ÔÇó Online securities fraud (securities act violations)
ÔÇó Software piracy & Intellectual Property theft (copyright infringement; trade secrets)
ÔÇó Counterfeiting (use of computer to make duplicates or phonies)
ÔÇó Cyber bullying (posting rumours or someone’s altered private messages/photos online)
INSIDERS AND OUTSIDERS
Another way of classifying cybercrime is to use a location-based approach that distinguishes between insiders and outsiders.
Insider Threats: The disgruntled insider is the principle source of computer crime. They are often motivated by a perception of unfair treatment by management or snubs by co-workers. As much as 75% of computer crimes are done by employees . This makes cybercrime against business the number one type of cybercrime, and it’s growing, with the estimated loss to business running about $500 million per year, in the form of crimes like theft of proprietary information, theft of customer databases, and theft of product databases.
The average age of an insider offender is 29, and they generally hold managerial or professional positions. Older offenders generally do more damage. Another fraction of incidents are caused by blunders, errors, or omissions. Insiders here are often regarded as incompetent, inquisitive, or unintentional. The difference appears to be in the intent to disrupt.
Employees often waste a lot of company time using their network access to surf, shop, or engage in other instances of lost productivity. It makes sense to profile the typical computer abuser. Every organization has them, and here are some of the signs:
ÔÇó missing computer supplies when the employee is around
ÔÇó missing software when the employee is around
ÔÇó numerous logon sessions, some attempts under different name
ÔÇó sloppy password management
ÔÇó unusual interest in computer system printout
ÔÇó mixes personal equipment with company equipment
Insider profiling (Nykodym et al. 2005) aims to help organizations understand the types of people that are likely to commit net abuse and/or cybercrime. Some common characteristics of such people include: not showing fear from having managers around; inclination to break the rules; and perhaps a keen sports fan (in the case of net abuse by online gambling at work). Such persons are usually fairly secretive, hard to communicate with, and quiet at work. Workplace cybercrime committed by managers at work tends to adhere to the same profile, yet the amount of money “take” at work is higher. Mid-or low-level employees, who commit the majority of cybercrimes at work, tend to have more restricted access and subsequently a lower “take.” However, alliances between a manager and employee at work can be a difficult case to investigate (detect and stop) because they are working on different levels of a hierarchy and have more ways to hide the crime.
Insider cybercrime is generally divided into four (4) main categories (Nykodym et al. 2005): (1) espionage; (2) theft; (3) sabotage; and (4) personal abuse of the organizational network. The espionage-oriented offender is similar to the outsider and generally is after confidential or sensitive information, and usually is part of the management team, sometimes the higher management (very senior) team. Depending upon the race structure of the organization, the cybercriminal would be white or black, but they are usually secretive individuals who do not want to look different, and always try to blend in among others. Theft-oriented cybercriminals are motivated by their own gain (despite what they might say about hate or revenge) with their only goal the selling or using of valuable information for money. Such criminals are usually very comfortable with their position in the organization, and they tend to be young (either male or female) and still, relatively low in the organization’s hierarchy. The sabotage-oriented cybercriminal is like the espionage-oriented type (in being influenced by a competitor), but saboteurs are not necessarily employed by the organization, but consist usually of subcontractors, part-timers, and the like, who also usually have one things in common — they have personal motives, like revenge for some mistreatment they perceive, like a layoff or missed promotional opportunity. Age, race, and sex variation is quite diverse with this type.
Outsider Threats: Hackers are the most common group in this category. Their typical age is between 14 and 19, and they are generally part of the cyberpunk subculture. Hacking for illicit financial gain has been increasing, and less-skilled “script kiddies” (using point-and-click software instead of programming) are increasing in number. Distributed Denial of Service Attacks are also increasing, The FBI uses the following typology to classify outsider threats:
ÔÇó industrial espionage – theft of proprietary information or trade secrets
ÔÇó terrorism – attempts to influence or disrupt policy
ÔÇó national intelligence – attempts by foreign governments to steal economic, political, or military secrets
ÔÇó info warfare – cyber attacks by anyone on the nation’s infrastructure to disrupt economic or military operations
Industrial espionage is a very high-stakes game which the most countries are involved today. plays along with everyone else. The crime originates with an employee who is in a position to sell trade secrets, and other times, the employee is tempted by an outsider.
Terrorists are known to use information technology to formulate plans, raise funds, spread propaganda, and to communicate securely. In fact, it is advantageous to a terrorist group to keep the Internet working, as a means of communication and outlet for propaganda. The main tools of terrorism remain guns and bombs, not computers. There are a few instances of cyber terrorism. We have yet to see a significant instance of “cyber terrorism” with respect to widespread disruption of critical infrastructures. However, law enforcement agencies worldwide, are concerned about the growth of something called hactivism, which is a word that combines hacking and activism. These are politically motivated attacks, but they may also be a form of electronic civil disobedience.
Foreign intelligence services have adapted to using cyber tools as part of their information gathering and espionage tradecraft.
Info warfare usually involves foreign military forces against another foreign military force. We know that several nations are already developing information warfare doctrine, programs, and capabilities for use against each other and the United States. China and Taiwan have been at infowar for years.
CYBEREXTORTION
Cyberextortion is an outsider threat designed to obtain money, products, or favourable considerations from an organization or an organization’s individual employees using illegal means of persuasion related to a computer intrusion or threatened computer intrusion that would make it impossible or difficult for that organization to do business. The method of attack is most typically a Denial of Service (DoS) although theft of data or public ridicule (web defacement) are also common. The crime takes advantage of the tendency for most businesses to NOT want their infrastructure vulnerability made public. The target is typically a company that is involved heavily in e-commerce, and there is some tendency for targets to be companies that outsource their help desk function to places like India and Pakistan.
Banking organizations are a particular target. The Bank victim is threatened with having all or most of their customer’s PIN numbers placed on the Internet somewhere, and a surprising number of victims “pay up” rather than report the problem to law enforcement. Cyberextortion, in its organized crime variety, also represents an interesting division of labour among criminals since the hackers do specialized, technical work and their “handlers” do specialized, nontechnical work.
A TYPOLOGY OF HACKERS
At the heart of cybercrime are the hackers. These people are the ones with the skills to commit the crimes, and an interesting way to look at them is to focus upon the lifestyles and personalities of hackers. Maxfield identified the following typology of hackers
ÔÇó Pioneers — those who are fascinated by evolving technology and explore it without knowing exactly what they are going to find
ÔÇó Scamps — hackers with a sense of fun who intend no overt harm
ÔÇó Explorers — hackers motivated by a delight in breaking into computer systems. The more geographically distant, or more secure the target it, the greater the delight
ÔÇó Game players — those who enjoy defeating software or system protection, with hacking seen as a sort of game itself
ÔÇó Vandals — those who cause damage for no apparent gain
ÔÇó Addicts — nerds who are literally addicted to hacking and computer technology
With all cybercrime on the increase worldwide, the threat to businesses in Botswana will not remain immune for long. Make sure to take appropriate steps to protect your companies systems and data.
Thank you to Dr. Tom O’Connor for providing the information used in this article. I am available to assist in any criminal matters. Expert Profiling is contactable on Tel: 390 9957 email – [email protected] or [email protected] or on Twitter @LauriePieters.