Nonviolent Cybercrime Categories

Apr 10

Most cybercrimes are nonviolent offenses, due to the fact that a defining characteristic of the online world is the ability to interact without any physical contact. The perceived anonymity and “unreality” of virtual experiences are the elements that make cyberspace such an attractive “place” to commit crimes.

Nonviolent cybercrimes can be further divided into several subcategories:

Cybertrespass
Cybertheft
Cyberfraud
Destructive cybercrimes
Other cybercrimes

A number of more specific criminal acts can fit into each of these categories.

1. Cybertrespass

In cybertrespass offenses, the criminal accesses a computer’s or network’s resources without authorization but does not misuse or damage the data there.A common example is the teenage hacker who breaks into networks just “because he (or she) can”—to hone hacking skills, to prove him- or herself to peers, or because it’s a personal challenge.

Cybertrespassers enjoy “snooping,” reading your personal e-mail and documents and noting what programs you have on the system, what Web sites you’ve visited, and so forth, but they don’t do anything with the information they find. Nonetheless, cybertrespass is a crime in most jurisdictions, usually going under the name of “unauthorized access,”“breach of network security” or something similar.

Law enforcement professionals need to be aware of the laws in their jurisdictions and avoid automatically dismissing a complaint of network intrusion simply because the victim can’t show loss or damage. Network administrators need to be aware of this crime because under criminal statutes, a company can prosecute intruders simply for accessing the network or its computers without permission. In this regard, it might be easier to build a criminal case than a civil lawsuit, since the latter often requires proof of damages in order to recover.

2. Cybertheft

There are many different types of cybertheft, or ways of using a computer and network to steal information, money, or other valuables. Because profit is an almost universal motivator and because the ability to steal from a distance reduces the thief ’s risk of detection or capture, theft is one of the most popular cybercrimes. Cybertheft offenses include:

- Embezzlement, which involves misappropriating money or property for your own use that has been entrusted to you by someone else (for example, an employee who uses his or her legitimate access to the company’s computerized payroll system to change the data so that he is paid extra, or who moves funds out of company bank accounts into his own personal account).

- Unlawful appropriation, which differs from embezzlement in that the criminal was never entrusted with the valuables but gains access from outside the organization and transfers funds, modifies documents giving him title to property he doesn’t own, or the like.

- Corporate/industrial espionage, in which persons inside or outside a company use the network to steal trade secrets (such as the recipe for a competitor’s soft drink), financial data, confidential client lists, marketing strategies, or other information that can be used to sabotage the business or gain a competitive advantage.

- Plagiarism, which is the theft of someone else’s original writing with the intent of passing it off as one’s own.

- Piracy, which is the unauthorized copying of copyrighted software, music, movies, art, books, and so on, resulting in loss of revenue to the legitimate owner of the copyright.

- Identity theft, in which the Internet is used to obtain a victim’s personal information, such as Social Security and driver’s license numbers, in order to assume that person’s identity to commit criminal acts or to obtain money or property or use credit cards or bank accounts belonging to the victim.

- DNS cache poisoning, a form of unauthorized interception in which intruders manipulate the contents of a computer’s DNS cache to redirect network transmissions to their own servers.

Network administrators should be aware that in many cases, network intrusion is much more than simply an annoyance; cybertheft costs companies millions of dollars every year. Law enforcement officers need to understand that theft does not always necessarily involve money; a company’s data can also be stolen, and in most jurisdictions, there are laws (including, in some cases, federal laws) that can be used to prosecute those who “only” steal information.

Cybertheft is closely related to cyberfraud, and in some cases the two overlap. This overlap becomes apparent when you encounter cases of cyberfraud that involve misappropriation of money or other property.

3. Cyberfraud

Generally, cyberfraud involves promoting falsehoods in order to obtain something of value or benefit. Although it can be said to be a form of theft, fraud differs from theft in that in many cases, the victim knowingly and voluntarily gives the money or property to the criminal—but would not have done so if the criminal hadn’t made a misrepresentation of some kind.

Cyberfraud includes the same types of con games and schemes that were around long before computers and networks. For example, the con artist sends an e-mail asking you to send money to help a poor child whose parents were killed in an auto accident, or promising that if you “invest” a small amount of money (by sending it to the con artist) and forward the same message to 10 friends, you’ll be sent thousands of times your “investment” within 30 days. Other frauds involve misrepresenting credentials to obtain business (and often not providing the service or product promised).The Internet simply makes it easier and quicker for these con artists to operate and gives them a greatly expanded number of potential victims to target.

Fraudulent schemes, cyber-based or not, often play on victims’ greed or good will. Law enforcement professionals find that these crimes can often be prosecuted under laws that have nothing to do with computer crime, such as general fraud statutes in the penal code or business code. Fraud is often aimed at individuals, but network administrators should be aware that con artists also sometimes target companies, sending their pleas for charity and “get rich quick” schemes to people in the workplace, where they can find a large audience. Such “spam” should be reported to the corporate IT department, where steps can be taken to report the abuse to the authorities and/or block mail from the con artist’s address if it is a continuing problem.

Cyberfraud can take other forms; any modification of network data to obtain a benefit can constitute fraud (although some states have more specific computer crimes statutes that apply). For example, a student who hacks into a school system’s computer network to change grades or a person who accesses a police database to remove his arrest record or delete speeding tickets from his driving record is committing a form of fraud.

4. Destructive Cybercrimes

Destructive cybercrimes include those in which network services are disrupted or data is damaged or destroyed, rather than stolen or misused.These crimes include:

Hacking into a network and deleting data or program files.
Hacking into a Web server and “vandalizing”Web pages.
Introducing viruses, worms, and other malicious code into a network or computer.
Mounting a DoS attack that brings down the server or prevents legitimate users from accessing network resources.

Each of these in some way deprives the owners and authorized users of the data and/or network of their use.

Cybervandalism can be a random act done “just for fun” by bored hackers with a malicious streak, or it might be a form of computer sabotage for profit (erasing all the files of a business competitor, for example). In some cases, cybervandalism might be performed to make a personal or political statement (as in cybergraffiti). CNN.com reported on January 8, 2002, that the number of “defaced” Web sites increased more than fivefold between 2000 and 2001. Immediately following the crash landing of a U.S. spy plane in China in 2001, numerous incidents of Chinese and U.S. hackers defacing each other’s Web sites were reported in a socalled “cyberwar.”

The increase in cybervandalism points up the necessity of not only setting up general intrusion detection systems (IDSs) but also ensuring that known vulnerabilities in Web servers be addressed by staying up to date on the latest attack types and faithfully applying the updates and “fixes” released by vendors to patch such security holes. IT professionals need to be aware that older operating systems and applications were not designed with high security in mind, simply because the risk was not as great and security was not as well understood at the time they were released. On the other hand, new operating systems and applications could have security vulnerabilities that haven’t yet been discovered. Most software vendors are quick to address security problems once they become known, but that often doesn’t happen until a hacker discovers and exploits the problem.

Law enforcement officials, in many cases, need legislation that specifically addresses network intrusion in order to prosecute cybervandals because it might be difficult to fit these activities into the elements of existing vandalism laws. Viruses and other malicious code comprise a huge problem to all Internetconnected computers.There is some confusion, even within the tech world, about the terminology used to describe malicious code.A computer virus is a program that causes an unwanted—and often destructive—result when it is run.

A worm is a virus that replicates itself.A Trojan (or Trojan horse) is an apparently harmless or legitimate program inside which malicious code is hidden; it is a way to get a virus or worm into the network or computer.

Malicious code does millions of dollars’ worth of damage to computer systems, and virus writers are very active, continually turning out new viruses and worms and modifying old ones so they won’t be detected by antivirus (AV) software. The advent of modern e-mail programs that support Hypertext Markup Language (HTML) mail and attachments has made spreading viruses easier than ever. It’s no longer necessary to break into the network to introduce malicious code—now you can simply e-mail it to one technically unsophisticated user, and it will quickly spread throughout the local area network (LAN) and beyond.

AV software such as that marketed by Symantec and McAfee is an essential part of every network’s security plan. Whichever AV package is used, it is essential that its virus definition files, used to identify and red-flag known malicious code, be updated frequently.

5. Other Nonviolent Cybercrimes

There are many more nonviolent varieties of cybercrime. Again, many of these only incidentally use the Internet to accomplish criminal acts that have been around forever (including the world’s oldest profession). Some examples include:

Advertising/soliciting prostitution services over the Internet
Internet gambling
Internet drug sales (both illegal drugs and prescription drugs)
Cyberlaundering, or using electronic transfers of funds to launder illegally obtained money
Cybercontraband, or transferring illegal items, such as encryption technology that is banned in some jurisdictions, over the Internet.

China, computer, cybercrimes, cyberfraud, Cybertheft, Cybertrespass, Destructive cybercrimes, fraud, law enforcement professionals, network, network intrusion, teenage hacker, U.S., virtual experiences

Constant effect

Nonviolent Cybercrime Categories

Comments

Leave a Reply

Recent Post