General Types of Cybercrime
Module 2 provides a comprehensive overview of the complex landscape of cybercrime, equipping students with the foundational knowledge necessary to navigate this evolving field. By the end of the module, students will be able to define the general types of cybercrime, offering a clear understanding of the various malicious activities that occur in the digital realm. The module also distinguishes between traditional crimes committed through new technological means and entirely new forms of cybercrime, helping students to recognize the subtle differences and overlaps in these categories. Further, the module delves into the differentiation between various forms of cybercrime, allowing students to identify and classify specific cyber offenses such as hacking, phishing, and cyberstalking. Understanding these distinctions is crucial for developing effective strategies to combat these crimes. Students will also explore the nature and extent of cyber incidents, gaining insights into the frequency, impact, and trends associated with cyber threats. Finally, the module summarizes methods used to perpetrate certain cybercrimes, providing students with a deeper understanding of how these crimes are carried out, which is essential for developing preventive measures and responding effectively to cyber threats.
Learning Objectives
After completing this module, you should be able to:
- define general types of cybercrime.
- distinguish between categories of traditional crimes committed in non-traditional ways and “new” crimes.
- differentiate between different forms of cybercrime.
- explore the nature and extent of cyber incidents.
- summarize ways in which certain cybercrimes are perpetrated.
Summary
Cybercrime encompasses a wide range of illicit activities conducted through digital means, posing significant threats to individuals, organizations, and societies. This chapter aims to provide an understanding of the general categories of cybercrime, emphasizing new offenses against the confidentiality, integrity, and availability of computer data and systems, computer-facilitated offenses, content-related offenses, and other emerging threats within a few of the most notable domains; that is, offenses against confidentiality, integrity, and availability; computer facilitated offenses; content-related offenses; and emerging threats and evolving trends.
As technology continues to advance, the landscape of cybercrime evolves, presenting new challenges for private and public entities. It is not hyperbole to say that all people are in some way technologically reliant. Therefore, we must remain vigilant, stay informed about emerging threats, and adopt cybersecurity best practices to mitigate the risks associated with the digital world. Understanding the various categories of cybercrime is crucial for developing effective prevention and response strategies in the face of an ever-changing threat landscape.
KEY TERMS/CONCEPTS
Business email Compromise (BEC)
Categories of Cybercrime
Cyber-enabled crime
Malicious data files
Ransomware
Trojan Horse
US-CERT / Cybersecurity & Infrastructure Security Agency (CISA)
Virus
Worms
Modern Example
While artificial intelligence (AI) has the potential to bring about numerous positive advancements in various fields, it also raises concerns about its potential misuse for criminal activities. For example, AI can be employed to develop sophisticated automated tools for cyber-attacks, making it easier to breach security systems, exploit vulnerabilities, and compromise sensitive information.
AI algorithms can be used to generate adversarial inputs that trick other AI systems, leading to misclassification or malfunction.AI-generated deepfake technology can be used to create realistic fake videos or audio recordings, leading to identity theft or impersonation for fraudulent activities. In addition, deepfakes can be utilized to spread false information or manipulate public opinion, influencing elections or causing social unrest.
Because AI can analyze large datasets to create targeted and convincing phishing emails or messages, making it more challenging for individuals to identify malicious attempts, it becomes easier than ever for would-be fraudsters to conduct automated social engineering attacks. From vehicle hacking to a list of financial crimes, facial recognition abuse, surveillance and stalking, the list goes on, it is crucial for society to address these potential risks and work towards developing ethical guidelines, regulations, and security measures to mitigate the misuse of AI technologies for criminal activities. Ethical considerations, responsible development, and robust cybersecurity practices are essential to harness the benefits of AI while minimizing potential harm.
Consider a review of these resources
- AI-enabled future crime (Caldwell, M., Andrews, J.T.A., Tanay, T. et al. AI-enabled future crime. Crime Sci 9, 14 (2020). https://doi.org/10.1186/s40163-020-00123-8).
- Navigating the Future of Policing Artificial Intelligence (AI) Use, Pitfalls, and Considerations for Executives (Brandon Epstein, Detective, Middlesex County Prosecutors Office, New Jersey, and James Emerson, Vice President, National White Collar Crime Center) [last accessed, August 2024]
Read, Review, Watch, and Listen
- Read 15 Biggest Cybersecurity Attacks in 2021 (Privacy Affairs, Nov. 2021)
- Review the Center for Strategic & International Studies’ Significant Cyber Incidents list: CSIS
- Review Carnegie Mellon University’s MySecureCyberspace overview of Cyber Crimes and Criminals
- Review Four cyber concerns looming in the new year (The Washington Post, January 2023)
- Review and watch PC Magazine’s Cybercrime could cost $10.5 trillion dollars by 2025 (Steven Morgan, November 2020)
- Watch FBI Director Christopher Wray delivered remarks for the 2020 Cybersecurity and Infrastructure Security Agency (CISA) National Cybersecurity Summit on September 16, 2020
- Listen to MORE Alarming Cybersecurity Stats. For 2021
- Listen to Ransomware and Other Cyberattacks on K-12 Schools
- Watch Types of Cybercrime (projectfive) [last accessed August 2024 and embedded below]
- Watch – Caleb Barlow’s Where is cybercrime really coming from? (Barlow, 2016) [last accessed August 2024 and embedded below]
Cybercrimes can generally be divided into two categories:
Crimes that target networks or devices | Crimes using devices to participate in criminal activities |
Viruses | Phishing Emails |
Malware | Cyberstalking |
DoS Attacks | Identity Theft |
DDoS Attacks
These are used to make an online service unavailable and take the network down by overwhelming the site with traffic from a variety of sources. Large networks of infected devices known as Botnets are created by depositing malware on users’ computers. The hacker then hacks into the system once the network is down.
Botnets
Botnets are networks from compromised computers that are controlled externally by remote hackers. The remote hackers then send spam or attack other computers through these botnets. Botnets can also be used to act as malware and perform malicious tasks.
Identity Theft
This cybercrime occurs when a criminal gains access to a user’s personal information to steal funds, access confidential information, or participate in tax or health insurance fraud. They can also open a phone/internet account in your name, use your name to plan a criminal activity and claim government benefits in your name. They may do this by finding out user’s passwords through hacking, retrieving personal information from social media, or sending phishing emails.
Cyberstalking
This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails. Typically cyberstalkers use social media, websites and search engines to intimidate a user and instill fear. Usually, the cyberstalker knows their victim and makes the person feel afraid or concerned for their safety.
Social Engineering
Social engineering involves criminals making direct contact with you usually by phone or email. They want to gain your confidence and usually pose as a customer service agent so you’ll give the necessary information needed. This is typically a password, the company you work for, or bank information. Cybercriminals will find out what they can about you on the internet and then attempt to add you as a friend on social accounts. Once they gain access to an account, they can sell your information or secure accounts in your name.
PUPs
PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes, but are a type of malware. They uninstall necessary software in your system including search engines and pre-downloaded apps. They can include spyware or adware, so it’s a good idea to install an antivirus software to avoid the malicious download.
Phishing
This type of attack involves hackers sending malicious email attachments or URLs to users to gain access to their accounts or computer. Cybercriminals are becoming more established and many of these emails are not flagged as spam. Users are tricked into emails claiming they need to change their password or update their billing information, giving criminals access.
Prohibited/Illegal Content
This cybercrime involves criminals sharing and distributing inappropriate content that can be considered highly distressing and offensive. Offensive content can include, but is not limited to, sexual activity between adults, videos with intense violent and videos of criminal activity. Illegal content includes materials advocating terrorism-related acts and child exploitation material. This type of content exists both on the everyday internet and on the dark web, an anonymous network.
Online Scams
These are usually in the form of ads or spam emails that include promises of rewards or offers of unrealistic amounts of money. Online scams include enticing offers that are “too good to be true” and when clicked on can cause malware to interfere and compromise information.
Exploit Kits
Exploit kits need a vulnerability (bug in the code of a software) in order to gain control of a user’s computer. They are readymade tools criminals can buy online and use against anyone with a computer. The exploit kits are upgraded regularly similar to normal software and are available on dark web hacking forums.
Activity – Ransomware Variants
Note: This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page for posted due date information and instructions for submitting your work.
PURPOSE
The purpose of this activity is to introduce students to the U.S. Computer Emergency Readiness Team and strengthen their understanding of ransomware and related attacks.
INSTRUCTIONS
- Watch New Ransomware Variants – Daily Security Byte EP (https://youtu.be/2fYHQ6EUqe8) [also located below this list]
- Review the Cybersecurity & Infrastructure Security Agency’s Alert (TA13-309A) on CryptoLocker Ransomware Infections (https://us-cert.cisa.gov/ncas/alerts/TA13-309A)
- Read about the top ransomware threats of 2020 (https://cybriant.com/top-ransomware-threats-of-2020/)
- Review Purplesec’s 2020 Ransomware Statistics, Data, & Trends
- Using a search engine of your choice, look for “ransomware variants” and share your findings with the class.
Answer the following questions:
- Thinking about the ransomware variant that you found and reviewed, describe the financial cost associated with that attack. Provide the estimated cost.
- What makes ransomware particularly threatening to small and large business? Explain.
- Why do you believe the prevalence of ransomware continues to grow? Explain.
- Describe strategies, i.e., best practices that prevent becoming a victim of ransomware.
Key Terms/Concepts
Malicious data files are non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.
Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.
Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer.
US-CERT / Cybersecurity & Infrastructure Security Agency (CISA) provides secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities.
Virus and malicious code are unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses (CISA, 2021). Viruses can damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages.
Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all your computer’s resources, which can cause your computer to stop responding.
Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.
Supplemental Resources
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
A sophisticated scam targeting both businesses and individuals performing transfers of funds, topped the list, measuring dollar loss with investment fraud and tech support scams rounding out the top three in Illinois.
There are three major categories that cybercrime falls into: individual, property and government. The types of methods used and difficulty levels vary depending on the category.
Property: This is similar to a real-life instance of a criminal illegally possessing an individual’s bank or credit card details. The hacker steals a person’s bank details to gain access to funds, make purchases online or run phishing scams to get people to give away their information. They could also use a malicious software to gain access to a web page with confidential information.
Individual: This category of cybercrime involves one individual distributing malicious or illegal information online. This can include cyberstalking, distributing pornography and trafficking.
Government: This is the least common cybercrime, but is the most serious offense. A crime against the government is also known as cyber terrorism. Government cybercrime includes hacking government websites, military websites or distributing propaganda. These criminals are usually terrorists or enemy governments of other nations.
Cyber-enabled crime refers to criminal activities that are facilitated or enhanced using digital technology, computer networks, or the internet. These crimes can take various forms and may include cybercrime, financial crimes, online harassment and cyberbullying, child exploitation, intellectual property theft, data breaches, online scams and phishing, etc.
Non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.
A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid.
In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious. Unexpected changes to computer settings and unusual activity, even when the computer should be idle, are strong indications that a Trojan is residing on a computer.
A United States federal agency that provides secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities.
Unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses (CISA, 2021).
A type of virus that self-propagates from computer to computer. Its functionality is to use all your computer’s resources, which can cause your computer to stop responding.