Digital Forensic Insider: Cybercrime in Perspective

[straycat19]

One of the first movies to predict the impact computers would have upon the world was “Sneakers.” The film was released in 1992 by MCA/Universal Pictures and revolves around a team of renegade hackers who test security systems. One of the characters, Cosmo (played by Ben Kingsley), prophetically said:

“The world isn’t run by weapons anymore, or energy, or money. It’s run by ones and zeros—little bits of data—it’s all electrons.... There’s a war out there, a world war. It’s not about who has the most bullets. It’s about who controls the information—what we see and hear, how we work, what we think. It’s all about information.” 

 

He was certainly correct when he said “It’s all about who controls the information.” Since the movie’s release, the pervasiveness of computers has expanded primarily from government, academia and business entities to universal usage by virtually everyone on earth. Along with their exponential growth has been their nefarious use to create a new methodology of crime. Any criminal activity dealing with a computer and a network is defined as a cybercrime. 

 

With virtually everyone having a computer and internet access, each day more individuals, businesses and government entities potential leave themselves vulnerable to cybercrime. Unless a computer and its network utilize very sophisticated security software, they could become a target within a few minutes of connecting to the internet. Even so-called secure networks (those not connected to the internet) are vulnerable via negligent or slipshod internal policies/procedures to prevent unauthorized use of USB devices or the sharing of passwords. Once online, an individual user’s identity can be stolen within a matter of seconds. Not surprisingly, the prevalence of cybercrime has surpassed drug trafficking in terms of the amount of money generated. So, why use a computer to commit a crime? Contrast the ease of committing a cybercrime vs. the risks involved in trying to sell drugs on a street corner or robbing a bank:  

1. It offers the criminal privacy and easy concealment of any evidence that can be easily deleted.
2. It can be done quietly at a keyboard while online at home or connected to public WiFi. 
3. It provides the criminal with anonymity when using a text-only interface.
4. Information or data can be stored anywhere in the world via the cloud.

 

Computer Crime Categories

 

Generally speaking, cybercrimes can be grouped into four broad categories:

1) Crimes in which the computer is the target

Since computers store data or information, they often become targets for hackers (who can be individuals, groups of individuals or state-sponsored entities). Some examples of the types of cybercrimes being committed include: 

• Theft of intellectual property (original research, patent information, etc.)
• Marketing information theft (customer lists, preferences, etc.)
• Blackmail (theft of personal histories, emails, medical information, etc.)
• Sabotage (of programs, operating systems, and the stored data itself)
• Techno-trespass (accessing a computer and/or network just to explore files.) Although this appears benign, there is no such thing as “ethical hacking,” which some believe is beneficial and useful. Unauthorized access to someone’s computer and/or network is illegal.
• Techno-vandalism (access that can result in damage to files, programs or servers. This includes many of the cybercrimes that seem to make daily headlines:
  • Hacking itself, including the use of ransomware, which is a type of malware that infects a computer and restricts access to the users’ files and/or threatens the permanent destruction of those files unless a ransom is paid.
  • Network intrusions: accessing criminal justice, government, and corporate databases and records
  • Virus distribution
  • E-mail bombing
  • Denial of Service attacks involving spam, which can cause servers to crash
  • Hijacking and/or defacing of legitimate websites and web pages 
  • Cyberstalking and cyberterrorism

 

2) The computer is the instrument of the crime

Generally speaking, instrument refers to the diversion of a lawfully possessed item to facilitate the commission of a crime. Thus, the processes of the computer, not the contents of the files themselves, facilitate the cybercrime.  This can occur when a hacker introduces new programming instructions to manipulate the computer’s analytical processes, thereby facilitating a cybercrime. Some examples include:

• Fraudulent use of ATM accounts and credit cards
• Identity theft
• Theft of money from accrual, conversion, or transfer accounts
• Fraud from computer transactions (stock sales, transfers or billings)

 

3) The computer is incidental to other crimes

A computer is not essential for these crimes to occur, however its use is related to the criminal act. These crimes can occur without the use of computers, but the computer allows the crime to occur faster, thereby making the crime much more difficult to identify, trace and prosecute. Some examples:

• Money laundering
• Unlawful banking transactions
• Drug trafficking
• Counterfeiting
• Child pornography

 

4) Crimes associated with the prevalence of computers

Although these are not specifically cybercrimes, the use and presence of computers has led to a new group of crimes that are strictly related to computer usage. Some examples include: 

• Software piracy and software counterfeiting
• Black marketing of computer equipment and software programs
• Theft of technological equipment and software
• Copyright violations of computer programs

 

Can Cybercrime be Prevented?

 

According to the FBI’s 2015 Internet Crime Report, its Internet Crime Complaint Center (IC3) received 288,012 complaints pertaining to internet-related cybercrimes. The top five complaints concerned business email compromise, confidence fraud, non-payment/non-delivery, investment fraud and identity theft.  These statistics do not include state and local law enforcement agencies, who also receive hundreds of thousands of complaints.

 

Law enforcement is overwhelmed and faced with a daunting task trying to investigate any type of cybercrime. Due to lack of resources—personnel and financial—virtually all agencies set a monetary threshold before they accept a case to investigate. Often that value is extremely high, $100,000 in loss or more. 

 

It is not much better in the private sector. A review of several private companies (via their websites) indicates their monetary threshold begins at a $50,000 loss before they will accept a case. (There are probably others that will accept a case with a lower threshold.)  

 

Short of never connecting to the internet, which is not realistic nor practical, there are a number of practices that everyone can implement to reduce the risk of becoming a victim of cybercrime. Some of these practices will be discussed in a future column. 

 

Source