CYBER CRIME

Cybercrime, or computer-oriented crime, is the crime that involves a computer and a network.[1]The computer may have been used in the commission of a crime, or it may be the target.[2]Cybercrimes can be defined as: “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)”.[3] Cybercrime may threaten a person or a nation’s security and financial health.[4] Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child pornography, and child grooming.[3] There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined ‘cybercrime against women’ as “Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones”.[3] Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Cybercrimes crossing international borders and involving the actions of at least one nation state is sometimes referred to as cyberwarfare.

A report (sponsored by McAfee), published in 2014, estimated that the annual damage to the global economy was $445 billion.[5] Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US.[6] In 2018, a study by Center for Strategic and International Studies (CSIS), in partnership with McAfee, concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year.[7]

Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them, while others use computers or networks to spread malware, illegal information, images or other materials. Some cybercrimes do both — i.e., target computers to infect them with viruses, which are then spread to other machines and, sometimes, entire networks.A primary impact from cybercrime is financial, and cybercrime can include many different types of profit-driven criminal activity, including ransomware attacks, email and internet fraud and identity fraud, as well as attempts to steal financial account, credit card or other payment card information. Cybercriminals may target private personal information, as well as corporate data for theft and resale.

Defining cybercrime

The U.S. Department of Justice divides cybercrime into three categories: crimes in which the computing device is the target, for example, to gain network access; crimes in which the computer is used as a weapon, for example, to launch a denial-of-service (DoS) attack; and crimes in which the computer is used as an accessory to a crime, for example, using a computer to store illegally obtained data.

The Council of Europe Convention on Cybercrime, to which the United States is a signatory, defines cybercrime as a wide range of malicious activities, including the illegal interception of data, system interferences that compromise network integrity and availability, and copyright infringements. Other forms of cybercrime include illegal gambling, the sale of illegal items, like weapons, drugs or counterfeit goods, as well as the solicitation, production, possession or distribution of child pornography.

The ubiquity of internet connectivity has enabled an increase in the volume and pace of cybercrime activities because the criminal no longer needs to be physically present when committing a crime. The internet’s speed, convenience, anonymity and lack of borders make computer-based variations of financial crimes, such as ransomware, fraud and money laundering, as well as hate crimes, such as stalking and bullying, easier to carry out.

Cybercriminal activity may be carried out by individuals or small groups with relatively little technical skill or by highly organized global criminal groups that may include skilled developers and others with relevant expertise. To further reduce the chances of detection and prosecution, cybercriminals often choose to operate in countries with weak or nonexistent cybercrime laws.

How cybercrime works

Cybercriminals use a number of attack vectors to carry out their cyberattacks and are constantly seeking new methods and techniques for achieving their goals, while avoiding detection and arrest. Here are common types of attacks cybercriminals have been known to use:

  • Distributed DoS attacks (DDoS) are often used to shut down systems and networks. This type of attack uses a network’s own communications protocol against it by overwhelming its ability to respond to connection requests. DoS attacks are sometimes carried out simply for malicious reasons or as part of a cyberextortion scheme, but they may also be used to distract the victim organization from some other attack or exploit carried out at the same time.
  • Infecting systems and networks with malware is used to damage the system or harm users by, for example, damaging the system, software or data stored on the system. Ransomware attacks are similar, but the malware acts by encrypting or shutting down victim systems until a ransom is paid.
  • Phishing campaigns are used to infiltrate corporate networks by sending fraudulent email to users in an organization, enticing them to download attachments or click on links that then spread viruses or malware to their systems and through their systems to their company’s networks.
  • Credentials attacks, where the cybercriminal aims to steal or guess user IDs and passwords for the victim’s systems or personal accounts, can be carried out through the use of brute force attacks by installing key sniffer software or by exploiting vulnerabilities in software or hardware that can expose the victim’s credentials.
  • Cybercriminals may also attempt to hijack a website to change or delete content or to access or modify databases without authorization. For example, an attacker may use an SQL injection exploit to insert malicious code into a website, which can then be used to exploit vulnerabilities in the website’s database, enabling a hacker to access and tamper with records or gain unauthorized access to data, such as customer passwords, credit card numbers, personally identifiable information (PII), trade secrets, intellectual property and other sensitive information.

Cybercriminals often carry out their activities using malware and other types of software, but social engineering is often an important component for executing most types of cybercrime. Phishing email is an important component to many types of cybercrime, but especially so for targeted attacks, like business email compromise (BEC), in which the attacker attempts to impersonate, via email, a business owner in order to convince employees to pay out bogus invoices.

Types of cybercrime

There are many different types of cybercrime; most cybercrimes are carried out with the expectation of financial gain by the attackers, though the ways cybercriminals aim to get paid can vary. For example:

  • Cyberextortion is crime involving an attack or threat of attack coupled with a demand for money to stop the attack. One form of cyberextortion is the ransomware attack, in which the attacker gains access to an organization’s systems and encrypts its documents, files — anything of potential value — making the data inaccessible until a ransom is paid, usually in some form of cryptocurrency, such as bitcoin.
  • Cryptojacking attacks use scripts to mine cryptocurrencies within browsers without the user’s consent. Such attacks may involve loading cryptocurrency mining software to the victim’s system. However, many attacks depend on JavaScript code that does in-browser mining as long as the user’s browser has a tab or window open on the malicious site; no malware needs to be installed as loading the affected page executes the in-browser mining code.
  • Identity theft occurs when an attacker accesses a computer to glean a user’s personal information that they can then use to steal that person’s identity or access bank or other accounts. Cybercriminals buy and sell identity information on darknet markets, offering financial accounts, as well as other types of accounts, like video streaming services, webmail, video and audio streaming, online auctions and more. Personal health information is another frequent target of identity thieves.
  • Credit card fraud occurs when hackers infiltrate retailers’ systems to get the credit card and/or banking information of their customers. Stolen payment cards can be bought and sold in bulk on darknet markets, where hackers who have stolen mass quantities of credit cards profit by selling to lower-level cybercriminals who profit through credit card fraud against individual accounts.
  • Ransomware is a form of cyberextortion in which the victim device is infected with malware that prevents the owner from using the device or the data stored on it. To regain access to the device or data, the victim has to pay the hacker a ransom. Ransomware can be inadvertently downloaded by opening an infected email attachment, visiting a compromised website or clicking on a pop-up ad.
  • Cyberespionage occurs when a cybercriminal hacks into systems or networks to gain access to confidential information held by a government or other organization. Attacks may be motivated by profit or by ideology, and cyberespionage activities can include every type of cyberattack to gather, modify or destroy data, as well as using network-connected devices, like webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual or groups and monitoring communications, including email, text messages and instant messages.

Impact of cybercrime on businesses

The true cost of cybercrime is difficult to accurately assess. In 2018, McAfee released a report on the economic impact of cybercrime that estimated the likely annual cost to the global economy was nearly $600 billion, up from $45 billion in 2014.

While the financial losses due to cybercrime can be significant, businesses can also suffer other disastrous consequences as a result of criminal cyberattacks, including:

  • Damage to investor perception after a security breach can cause a drop in the value of a company. In addition to potential share price drops, businesses may also face increased costs for borrowing and greater difficulty in raising more capital as a result of a cyberattack.
  • Loss of sensitive customer data can result in fines and penalties for companies that have failed to protect their customers’ data. Businesses may also be sued over the data breach.
  • Damaged brand identity and loss of reputation after a cyberattack undermine customers’ trust in a company and that company’s ability to keep their financial data safe. Following a cyberattack, firms not only lose current customers, they also lose the ability to gain new customers.

Businesses may also incur direct costs from a criminal cyberattack, including the cost of hiring cybersecurity companies to do incident response and remediation, as well as public relations and other services related to an attack and increased insurance premium costs.

Impact of cybercrime on national defense

Cybercrimes may have public health and national security implications, making computer crime one of the Department of Justice’s top priorities. In the United States, at the federal level, the FBI’s Cyber Division is the agency within the Department of Justice that is charged with combating cybercrime. The Department of Homeland Security (DHS) sees strengthening the security and resilience of cyberspace as an important homeland security mission, and agencies such as the U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE) have special divisions dedicated to combating cybercrime.

The Secret Service’s Electronic Crimes Task Force (ECTF) investigates cases that involve electronic crimes, particularly attacks on the nation’s financial and critical infrastructures. The Secret Service also runs the National Computer Forensics Institute (NCFI), which provides state and local law enforcement, judges and prosecutors with training in computer forensics. The Internet Crime Complaint Center (IC3), a partnership between the FBI, the National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance (BJA), accepts online complaints from victims of internet crimes or interested third parties.

How to prevent cybercrime

While it may not be possible to completely eradicate cybercrime, businesses can reduce their exposure to it by maintaining an effective cybersecurity strategy using a defense in depth approach to securing systems, networks and data.

What cybercrime means
  • creating cybersecurity incident response management plans to support these policies and procedures;
  • training new, as well as existing, employees on cybersecurity policies and procedures and what to do in the event of security breaches;
  • keeping websites, endpoint devices and systems current with all software release updates or patches; and
  • backing up data and information regularly to reduce the damage in case of a ransomware attack or data breach.

Disclaimer:

The information contains in this web-site is prepared for educational purpose. This site may be used by the students, faculties, independent learners and the learned advocates of all over the world. Researchers all over the world have the access to upload their writes up in this site. In consideration of the people’s participation in the Web Page, the individual, group, organization, business, spectator, or other, does hereby release and forever discharge the Lawyers & Jurists, and its officers, board, and employees, jointly and severally from any and all actions, causes of actions, claims and demands for, upon or by reason of any damage, loss or injury, which hereafter may be sustained by participating their work in the Web Page. This release extends and applies to, and also covers and includes, all unknown, unforeseen, unanticipated and unsuspected injuries, damages, loss and liability and the consequences thereof, as well as those now disclosed and known to exist.  The provisions of any state’s law providing substance that releases shall not extend to claims, demands, injuries, or damages which are known or unsuspected to exist at this time, to the person executing such release, are hereby expressly waived. However the Lawyers & Jurists makes no warranty expressed or implied or assumes any legal liability or responsibility for the accuracy, completeness or usefulness of any information, apparatus, product or process disclosed or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product process or service by trade name, trade mark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favouring by the Lawyers & Jurists. The views and opinions of the authors expressed in the Web site do not necessarily state or reflect those of the Lawyers & Jurists. Above all, if there is any complaint drop by any independent user to the admin for any contents of this site, the Lawyers & Jurists would remove this immediately from its site.