General Types of Cybercrime

Module 2 covers general categories of cybercrime, with particular attention given to “new” offences against the confidentiality, integrity and availability of computer data and systems, computer-facilitated offense, and content-related offenses, and other types of cybercrimes included within these categories.

Learning Objectives

After completing this module, you should be able to:

  • define general types of cybercrime.
  • distinguish between categories of traditional crimes committed in non-traditional ways and “new” crimes.
  • differentiate between different forms of cybercrime.
  • explore the nature and extent of cyber incidents.
  • summarize ways in which certain cybercrimes are perpetrated.

Summary

Cybercrime encompasses a wide range of illicit activities conducted through digital means, posing significant threats to individuals, organizations, and societies. This chapter aims to provide an understanding of the general categories of cybercrime, emphasizing new offenses against the confidentiality, integrity, and availability of computer data and systems, computer-facilitated offenses, content-related offenses, and other emerging threats within a few of the most notable domains; that is, offenses against confidentiality, integrity, and availability; computer facilitated offenses; content-related offenses; and emerging threats and evolving trends.

As technology continues to advance, the landscape of cybercrime evolves, presenting new challenges for private and public entities. It is not hyperbole to say that all people are in some way technologically reliant. Therefore, we must remain vigilant, stay informed about emerging threats, and adopt cybersecurity best practices to mitigate the risks associated with the digital world. Understanding the various categories of cybercrime is crucial for developing effective prevention and response strategies in the face of an ever-changing threat landscape.

KEY TERMS/CONCEPTS

Business email Compromise (BEC)
Categories of Cybercrime
Cyber-enabled crime
Malicious data files
Ransomware
Trojan Horse
US-CERT / Cybersecurity & Infrastructure Security Agency (CISA)
Virus
Worms

 

Modern Example

While artificial intelligence (AI) has the potential to bring about numerous positive advancements in various fields, it also raises concerns about its potential misuse for criminal activities. For example, AI can be employed to develop sophisticated automated tools for cyber-attacks, making it easier to breach security systems, exploit vulnerabilities, and compromise sensitive information.

AI algorithms can be used to generate adversarial inputs that trick other AI systems, leading to misclassification or malfunction.AI-generated deepfake technology can be used to create realistic fake videos or audio recordings, leading to identity theft or impersonation for fraudulent activities. In addition, deepfakes can be utilized to spread false information or manipulate public opinion, influencing elections or causing social unrest.

Because AI can analyze large datasets to create targeted and convincing phishing emails or messages, making it more challenging for individuals to identify malicious attempts, it becomes easier than ever for would-be fraudsters to conduct automated social engineering attacks. From vehicle hacking to a list of financial crimes, facial recognition abuse, surveillance and stalking, the list goes on, it is crucial for society to address these potential risks and work towards developing ethical guidelines, regulations, and security measures to mitigate the misuse of AI technologies for criminal activities. Ethical considerations, responsible development, and robust cybersecurity practices are essential to harness the benefits of AI while minimizing potential harm.

Read, Review, Watch, and Listen

  1. Read 15 Biggest Cybersecurity Attacks in 2021 (Privacy Affairs, Nov. 2021)
  2. Review the Center for Strategic & International Studies’ Significant Cyber Incidents list: CSIS
  3. Review Carnegie Mellon University’s MySecureCyberspace overview of Cyber Crimes and Criminals
  4. Review Four cyber concerns looming in the new year (The Washington Post, January 2023)
  5. Review and watch PC Magazine’s Cybercrime could cost $10.5 trillion dollars by 2025 (Steven Morgan, November 2020)
  6. Watch FBI Director Christopher Wray delivered remarks for the 2020 Cybersecurity and Infrastructure Security Agency (CISA) National Cybersecurity Summit on September 16, 2020
  7. Listen to MORE Alarming Cybersecurity Stats. For 2021
  8. Listen to Ransomware and Other Cyberattacks on K-12 Schools 
  9. Watch Types of Cybercrime (projectfive) [last accessed 01/24 and embedded below]
  10. Watch – Caleb Barlow’s Where is cybercrime really coming from? (Barlow, 2016) [last accessed and embedded below]

Cybercrimes can generally be divided into two categories:

Crimes that target networks or devices Crimes using devices to participate in criminal activities
Viruses Phishing Emails
Malware Cyberstalking
DoS Attacks Identity Theft

 

DDoS Attacks

These are used to make an online service unavailable and take the network down by overwhelming the site with traffic from a variety of sources. Large networks of infected devices known as Botnets are created by depositing malware on users’ computers. The hacker then hacks into the system once the network is down.

Botnets

Botnets are networks from compromised computers that are controlled externally by remote hackers. The remote hackers then send spam or attack other computers through these botnets. Botnets can also be used to act as malware and perform malicious tasks.

Identity Theft

This cybercrime occurs when a criminal gains access to a user’s personal information to steal funds, access confidential information, or participate in tax or health insurance fraud. They can also open a phone/internet account in your name, use your name to plan a criminal activity and claim government benefits in your name. They may do this by finding out user’s passwords through hacking, retrieving personal information from social media, or sending phishing emails.

Cyberstalking

This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails. Typically cyberstalkers use social media, websites and search engines to intimidate a user and instill fear. Usually, the cyberstalker knows their victim and makes the person feel afraid or concerned for their safety.

Social Engineering

Social engineering involves criminals making direct contact with you usually by phone or email. They want to gain your confidence and usually pose as a customer service agent so you’ll give the necessary information needed. This is typically a password, the company you work for, or bank information. Cybercriminals will find out what they can about you on the internet and then attempt to add you as a friend on social accounts. Once they gain access to an account, they can sell your information or secure accounts in your name.

PUPs

PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes, but are a type of malware. They uninstall necessary software in your system including search engines and pre-downloaded apps. They can include spyware or adware, so it’s a good idea to install an antivirus software to avoid the malicious download.

Phishing

This type of attack involves hackers sending malicious email attachments or URLs to users to gain access to their accounts or computer. Cybercriminals are becoming more established and many of these emails are not flagged as spam. Users are tricked into emails claiming they need to change their password or update their billing information, giving criminals access.

Prohibited/Illegal Content

This cybercrime involves criminals sharing and distributing inappropriate content that can be considered highly distressing and offensive. Offensive content can include, but is not limited to, sexual activity between adults, videos with intense violent and videos of criminal activity. Illegal content includes materials advocating terrorism-related acts and child exploitation material. This type of content exists both on the everyday internet and on the dark web, an anonymous network.

Online Scams

These are usually in the form of ads or spam emails that include promises of rewards or offers of unrealistic amounts of money. Online scams include enticing offers that are “too good to be true” and when clicked on can cause malware to interfere and compromise information.

Exploit Kits

Exploit kits need a vulnerability (bug in the code of a software) in order to gain control of a user’s computer. They are readymade tools criminals can buy online and use against anyone with a computer. The exploit kits are upgraded regularly similar to normal software and are available on dark web hacking forums.

 

 

Module 2 Activity – Ransomware Variants

Note: This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page for posted due date information and instructions for submitting your work.

PURPOSE

The purpose of this activity is to introduce students to the U.S. Computer Emergency Readiness Team and strengthen their understanding of ransomware and related attacks.

INSTRUCTIONS

  1. Watch New Ransomware Variants – Daily Security Byte EP (https://youtu.be/2fYHQ6EUqe8) [also located below this list]
  2. Review the Cybersecurity & Infrastructure Security Agency’s Alert (TA13-309A) on CryptoLocker Ransomware Infections (https://us-cert.cisa.gov/ncas/alerts/TA13-309A)
  3. Read about the top ransomware threats of 2020 (https://cybriant.com/top-ransomware-threats-of-2020/)
  4. Review Purplesec’s 2020 Ransomware Statistics, Data, & Trends
  5. Using a search engine of your choice, look for “ransomware variants” and share your findings with the class.

Answer the following questions:

  • Thinking about the ransomware variant that you found and reviewed, describe the financial cost associated with that attack. Provide the estimated cost.
  • What makes ransomware particularly threatening to small and large business? Explain.
  • Why do you believe the prevalence of ransomware continues to grow? Explain.
  • Describe strategies, i.e., best practices that prevent becoming a victim of ransomware.

Key Terms/Concepts

Malicious data files are non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.

Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.

Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer.

US-CERT / Cybersecurity & Infrastructure Security Agency (CISA) provides secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities.

Virus and malicious code are unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses (CISA, 2021). Viruses can damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages.

Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all your computer’s resources, which can cause your computer to stop responding.

Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.

Supplemental Resources

 

Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.

Click HERE to report any needed updates, e.g., broken links.

definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Computers and Criminal Justice Copyright © 2021 by Eric R. Ramirez-Thompson, PhD is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book