Cybercriminals commit crimes via technology, usually but not always via the Internet. Although some still think so, the Internet is no longer a lawless space. There is plenty of legislation to cover most types of internet crimes.
Cybercrime ranges in severity from relatively ‘minor’ things like faking your identity online to large-scale cyber attacks that can have real-world impacts, such as shutting down power plants or communication networks.
Since cybercrime and criminals are relatively new concepts, a lot of legislation on it is recent, too, and can vary significantly from place to place. Different countries have different legislations that sometimes overlap or even conflict. So it isn’t easy to establish precisely what the legal situation may be at all times. That said, most cases of cybercrime are fairly obviously recognizable as such.
Types of Cybercrime
Cybercriminals can earn that title in a variety of ways. One of the most common types of illegal activity would be the black market trade of illicit things – sometimes, even human trafficking. Less severe but equally common would be crimes like scams, identity theft, credit card fraud, and related financial crimes.
Popular email scams are also a form of cybercrime as they attempt to scam people out of their money. Larger-scale crimes can include significantly more severe things. Cybercriminals have previously taken down government websites, revealed confidential government secrets, and even attacked things like power grids to bring them down and cause harm.
A particularly dangerous example was reported in 2014 when a German steel mill was hacked. The hack caused “massive damage” as a blast furnace was forced to perform an unscheduled shutdown. The situation could easily have been life-threatening with a system dealing with tons of thousand-degree molten steel.
There is an inevitable overlap between hackers and cybercriminals, but they are not synonymous. Not all hackers are cybercriminals, as there are legal types of hacking, too – security or penetration testing – for example.
Conversely, not all cybercriminals are necessarily hackers either. There are types of cybercrime that don’t require any hacking at all. For example, stealing credit card information via a scam doesn’t require hacking. Neither does simply buying that stolen credit card data and using it yourself. Another difference between hackers and cybercriminals is that hackers don’t necessarily have bad intentions – some have even (although not always legally) done good deeds with their skills. The motivations of cybercriminals are overwhelmingly motivated by personal gain or ideology.
Types of Cybercriminals
For more extensive criminal operations, often multiple different types of cybercriminals band together. Programmers, IT experts, hackers, fraudsters, cashiers, mules, tellers, and organizational leaders will work in their distinct roles to accomplish the goal of their organization. In this case, each person tends to bring unique skills that complement the talents of others.
This setup isn’t too different from how, for example, organized crime and other criminal organizations operate. The main difference is that cybercrime occurs via the tool of technology and, often, the Internet. Usually, cybercriminals will be affiliated with existing criminal organizations or funded by them.
How Cybercriminals Choose Their Targets
Most cases of cybercrime aren’t targeted at specific individuals. Someone who buys credit card information to misuse it, for example, won’t care whose he buys. Phishing or scam attacks try to draw in as many victims as possible to scam from. In other cases, victims are selected by opportunity – someone who shows themselves vulnerable to an attack or is in the wrong virtual place at the wrong time. This is the case for things like malvertising, for example.
Cases of individual targets are almost always either about personal issues or affect public persons of interest. A disgruntled IT expert might post nude photos of his girlfriend online, or a hacktivist of some sort might decide to take down the election websites of a candidate he disapproves of – those would be examples of personally motivated cybercrime.
In many cases, cybercriminals can get away with their crimes. This is partly because it can be pretty hard to pin a cybercrime on a particular person reliably. Even if you can tell that an IP address associated with a specific person performed an attack, you have to consider that their device could have been compromised and used as a proxy, with their left as the patsy. Another reason that cybercriminals often go unpunished is that cybercrime can be international. Some considerable international efforts do take down large groups. In many cases, the effort needed for international cooperation and investigation is not worth it.
Note: A perfect example of this is Russian hackers. Russia does have cyber security laws, but it has made it known that it will not prosecute Russian hackers that don’t affect Russian or Russian interests. While this policy has been shown to have limits, it is long-standing. This is so accepted that Russian hackers generally get their malware to check the system language before doing anything harmful and get the malware to delete itself if the system is in Russian. This acceptance makes it impossible to arrest Russian hackers, even with slam-dunk evidence.
Many actual takedowns involve beating cybercriminals at their own game. In a relatively recent example, the FBI created and distributed a free “encrypted messenger app” and specifically advertised it on cybercrime forums. A considerable number of cybercriminals fell for it and used it. This allowed the FBI to see all of their communications instantly. They shared this information with other law enforcement agencies and eventually closed the net when one group indicated they were actively planning imminent murder.
Protecting Yourself from Cybercrime
A currently popular form of cybercrime is ransomware. The best protection against this and other malware forms is to ensure that your software is up to date. Running some form of antivirus software is also an excellent step. It would be best to avoid pirated software, especially pirated antivirus software. While some free cracked copies of software may be legitimate, many pirated software is quietly modified. These modifications generally include some malware. This is essentially always the case with pirated antivirus software. If there’s a single piece of software that you should never pirate, it’s your antivirus. There are legitimate free options if you don’t want to pay.
It’s a good idea to find out what data was breached if your data is involved in a breach. For example, if payment details were compromised, you may want to cancel your affected card. You may also want to change your password on the affected site and elsewhere; you may reuse it if credentials are compromised.
Using an ad-blocker and sticking to trustworthy websites, mainly for downloads, is generally a good idea. If you stick to legitimate download sources, you can’t get ripped off by a cybercriminal selling the equivalent of bootleg CDs full of malware.
As mentioned previously, most cases are not targeted at individuals. If you’re famous in any way, you might draw some attention. Utilizing two-factor authentication, known as 2FA or MFA, can make it much harder for a hacker to access your accounts, even if they do guess your password. If possible, choose a 2FA app rather than an SMS-based 2FA, as SMS systems have been shown to have fundamental flaws breaking 2FA.
A cybercriminal is a criminal that commits crimes primarily using computer systems. A cybercriminal doesn’t necessarily need to have used the Internet, though. For example, selling USB sticks with malware hidden on them could be a form of cybercrime. Most cybercrime aims to catch as many victims as possible, such as breaching a database with payment card details and selling it. Less often, attacks are targeted at specific individuals, though these can be pretty intimidating as the attacker often won’t give up easily.
Financial gain is a common goal, with concepts such as ransomware being very popular. Personal information, especially usernames, passwords, and payment details, are also very easy to sell, making them common targets. In some cases, cybercriminals are ideologically driven and may deface websites or disable systems that they object to. Some traditional criminal enterprises also spread into the cybercrime world.
As their skills don’t necessarily transfer, they often buy in skills in a deliberate move. It’s worth remembering that not all hackers are cybercriminals. There are legitimate hacking jobs; technically, hacking means “making a system do something it wasn’t designed to do,” which covers many maker groups, for example. In many countries, a standard, though far from the complete definition of cybercrime, is simply accessing a computer system without authorization. Don’t forget to leave your comments below.