These were four categories that are distinguished when it comes to cybercrime. Now we want to have a closer look at the roles of computers in cybercrime and the methods how to attack in cyberspace:
Computers play four roles in crimes – they serve as objects, subjects, tools, and symbols. Computers are objects of crime when they are sabotaged or stolen. Computers play the role of subjects when they are the environment in which technologies commit crimes. Computer virus attacks fall into this category. When automated crimes take place, computers will be the subjects of attacks. The third role of computers in crime is as tools, enabling criminals to produce false information or plan and control crimes. Finally, computers are also used as symbols to deceive victims.
The most common is cybercrime serving as a subject. The main methods of using a computer, as a criminal subject, are:
malware
hacking
spam
phishing
Distributed DoS attacks (DDoS)
The main methods to attack
Definition
Malware is a general label for malicious software that spreads between computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system crashes, but may also be used to steal personal data.
There are many forms of malware. Some of them are the following:
Viruses can cause mild computer dysfunction, but can also have more severe effects in terms of damaging or deleting hardware, software or files.
Worms are self-replicating programs, but they can spread autonomously, within and between computers, without requiring a host or any human action. The impact of worms can, therefore, be more severe than viruses, destroying whole networks.
Trojans are a form of malware that appear to be legitimate programs but facilitate illegal access to a computer. They can perform functions, such as stealing data, without the user’s knowledge and may trick users by undertaking a routine task while undertaking hidden, unauthorised actions.
Spyware is software that invades users’ privacy by gathering sensitive or personal information from infected systems and monitoring the websites visited.
Definition
Hacking is a common process which results in the breaching of one’s privacy and confidential information. The weaknesses of a system or loopholes in a network are identified and private details are accessed. Therefore, hacking is also known as an unauthorized intrusion.
However, hacking is not always perceived as theft and used for productive causes. Such type of hacking that involves good intentions is known as ethical hacking. This type of hacking is done to secure the operating system.
Hackers can be classified into different categories such as a white hat, black hat, and grey hat, based on their intent of hacking a system.
White Hat Hackers – Ethical Hackers
They never intended to harm a system, rather they try to find out weaknesses in a computer or a network system as a part of penetration testing and vulnerability assessments. Ethical hacking is not illegal and it is one of the demanding jobs available in the IT industry. Numerous companies hire ethical hackers for penetration testing and vulnerability assessments.
Grey Hat Hackers
They are a blend of both black hat and white hat hackers. They act without malicious intent but for their fun, they exploit a security weakness in a computer system or network without the owner’s permission or knowledge. They intend to bring the weakness to the attention of the owners and getting appreciation or a little bounty from the owners.
Black Hat Hackers – crackers
They hack to gain unauthorized access to a system and harm its operations or steal sensitive information. Black Hat hacking is always illegal because of its bad intent which includes stealing corporate data, violating privacy, damaging the operating system, blocking network communication, etc.
Definition
Spam is unsolicited or junk email typically sent in bulk to countless recipients around the world and is often related to pharmaceutical products or pornography. Spam email is also used to send phishing emails or malware and can help to maximise potential returns for criminals).
Crime moves away from traditional methods such as violence, drugs or burglary and internet-based crime is becoming more prevalent. This goes with the trend resulting from increased online business and communication. The victims of crime may lose anything that has value – safety, peace, money or property.
Excursus
The first study to examine the emotional impact of cybercrime, it shows that victims’ strongest reactions are feeling angry (58 %), annoyed (51 %) and cheated (40 %), and in many cases, they blame themselves for being attacked. Only 3 % don’t think it will happen to them, and nearly 80 % do not expect cybercriminals to be brought to justice— resulting in an ironic reluctance to take action and a sense of helplessness.
Definition
Phishing – A phishing campaign is when spam emails, or other forms of communication, are sent en masse, with the intention of tricking recipients into doing something that undermines their security or the security of the organization they work for. Phishing campaign messages may contain infected attachments or links to malicious sites. Or they may ask the receiver to respond with confidential information
Example
A famous example of a phishing scam from 2018 was one which took place over the World Cup. According to reports by Inc, the World Cup phishing scam involved emails that were sent to football fans. These spam emails tried to entice fans with fake free trips to Moscow, where the World Cup was being hosted. People who opened and clicked on the links contained in these emails had their personal data stolen.
Definition
Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring down a system or network. Sometimes connected IoT (internet of things) devices are used to launch DDoS attacks. A DDoS attack overwhelms a system by using one of the standard communication protocols it uses to spam the system with connection requests.
The most frequently committed cybercrimes include:
Online impersonation
This crime is one of the most commonly committed cybercrimes in existence. For this criminal act it is typical to use another person’s name, domain address, phone number or any other identifying information without consent and to cause harm or commit fraud, which is a crime.
Example
Claire began being harassed by strangers after someone made a post on the Internet offering sexual services in her name. The post included private information, including her phone number and home address.
Cyberstalking
Physical stalking can take forms of following in person, secretly watching, persistent calling and texting to manipulate, and different other means to approach the victim unexpectedly. The difference of cyberstalking is that it is committed on online technology such as email, social networks, instant messaging, personal data available online – everything on the Internet can be used by cyberstalkers to make inappropriate contact with their victims.
Example
After John and his girlfriend broke up, he began stalking her by planting a prepaid GPS-enabled cell phone under her car. John tracked his ex-girlfriend’s movements, and followed her by logging into the cell phone account online. John also called his ex upwards of 200 times a day.
Cyberbullying
We can name this crime when people use social media or the internet to intimidate, harass, threaten or belittle others. In general, if a person uses the internet or any other form of electronic communication to threaten, harass or scare another person, this conduct may be a crime.
Example
While traveling on the road with a junior team, one of the players takes an embarrassing photo of a girl that he met at the rink. He then posts the photo on Facebook and sends the photo to all of the other players on the team. The photo then gets distributed.
Three of Paul’s teammates send texts to him, blaming him for the team’s loss and telling him that he does not know how to play the game. Paul is afraid to tell his coach and parents so tolerates the bullying for the entire hockey season. He does not return to hockey the next season.
What is the difference between cyberbullying and cyberstalking?
Cyberbullying
Cyberstalking
Cyberbullying is constant contact with the person; saying hurtful things to the person or telling others untrue information about the person. For instance, the offender creates the Facebook group entitled “I hate…” and invites all friends to join it.
Cyberstalking is an obsession with finding out as much you can about the person (without actually asking them). For instance, the offender finds out where the person was born, if the person is married, etc.
Identity theft and data theft
Identity theft is the act of stealing personal identification information to commit illegal acts, such as: opening a line of credit, renting a house, purchasing goods or services, auction- and wage-related fraud or extortion.
Data theft is the act of illegal possession of sensitive data, which includes unencrypted credit card information stored in businesses, trade secrets, intellectual property, source code, customers’ information and employee records.
Example
The Marriott was hacked in 2018, where 383 million guest records and over 5 million passport numbers were stolen, data breaches have increased in frequency and severity. Those date could be sold on the dark market and anyone can abuse them and use the another identity.
Financial crimes
This variety includes activities that dishonestly generate wealth for those engaged in the conduct in question. It consists of exploitation of insider information or the acquisition of another person’s property by deceit to secure a material benefit. Financial crime is commonly considered as covering the following: fraud, money laundering, bribery, bribery and corruption and many others.
Example
Some recent high-profile financial crimes include the Enron scandal, where the energy company committed widespread fraud and corruption, and the Bernie Madoff investment scandal, where Madoff pretended to have a successful investment firm, but he was really just stealing money from new clients and giving it to older clients (This is what is called a Ponzi scheme, and Madoff ran the largest one in history). Madoff was convicted of numerous crimes including money laundering and many different types of fraud..
Cybercrime is often committed by someone near you – for example in your company. This type of cybercrime is called internal fraud and refers to a type of fraud that is committed by an individual against an organization. In this type of fraud, a perpetrator of fraud engages in activities that are designed to defraud, misappropriate property, or circumvent the regulations, law, or policies of a company. For instance, internal fraud involves activities such as nonreporting of transactions intentionally, performing unauthorized transactions, and intentional mismarking of positions.
Internal fraud can be classified into two broad categories, embezzling and identity theft. In the case of embezzling, the cash is taken directly from the organizations and in the case of identity theft, a customer’s personal information is misappropriated by the employee to make a profit. Examples of internal fraud include:
The theft of a customer’s money.
Credit Abuse of a customer
Money Laundering
Procurement Fraud
Data Theft
On the other hand, the fraudulent activities of persons external to the company are called external fraud. It involves the theft of money or stock by persons outside the business. Examples of external fraud include:
Identity theft – taking control of a virtual identity of the person
Falsifying invoice details (altering the payee’s account number)
Falsifying order details, so that goods are delivered to the wrong destination
Impersonating a person’s voice or forging their signature
Falsification of emails
There are various purposes of cyber-attacks in cyberspace ranging from the moderate to the merciless ones, the 4 most typical purposes are:
vandalism (common attacks on government web sites)
propaganda (dissemination of political news mainly through the internet)
access denial (attacks against e.g. armed forces which use computers and satellites for communication)
network attacks against infrastructure (attacks on transmission systems of the companies in power engineering, gas industry, heating industry, oil industry and communication infrastructure, which are sensitive to cyber-attacks, etc.)
These were four categories that are distinguished when it comes to cybercrime. Now we want to have a closer look at the roles of computers in cybercrime and the methods how to attack in cyberspace:
Computers play four roles in crimes – they serve as objects, subjects, tools, and symbols. Computers are objects of crime when they are sabotaged or stolen. Computers play the role of subjects when they are the environment in which technologies commit crimes. Computer virus attacks fall into this category. When automated crimes take place, computers will be the subjects of attacks. The third role of computers in crime is as tools, enabling criminals to produce false information or plan and control crimes. Finally, computers are also used as symbols to deceive victims.
The most common is cybercrime serving as a subject. The main methods of using a computer, as a criminal subject, are:
The main methods to attack
Definition
Malware is a general label for malicious software that spreads between computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system crashes, but may also be used to steal personal data.
There are many forms of malware. Some of them are the following:
Definition
Hacking is a common process which results in the breaching of one’s privacy and confidential information. The weaknesses of a system or loopholes in a network are identified and private details are accessed. Therefore, hacking is also known as an unauthorized intrusion.
However, hacking is not always perceived as theft and used for productive causes. Such type of hacking that involves good intentions is known as ethical hacking. This type of hacking is done to secure the operating system.
Hackers can be classified into different categories such as a white hat, black hat, and grey hat, based on their intent of hacking a system.
White Hat Hackers – Ethical Hackers
They never intended to harm a system, rather they try to find out weaknesses in a computer or a network system as a part of penetration testing and vulnerability assessments. Ethical hacking is not illegal and it is one of the demanding jobs available in the IT industry. Numerous companies hire ethical hackers for penetration testing and vulnerability assessments.
Grey Hat Hackers
They are a blend of both black hat and white hat hackers. They act without malicious intent but for their fun, they exploit a security weakness in a computer system or network without the owner’s permission or knowledge. They intend to bring the weakness to the attention of the owners and getting appreciation or a little bounty from the owners.
Black Hat Hackers – crackers
They hack to gain unauthorized access to a system and harm its operations or steal sensitive information. Black Hat hacking is always illegal because of its bad intent which includes stealing corporate data, violating privacy, damaging the operating system, blocking network communication, etc.
Definition
Spam is unsolicited or junk email typically sent in bulk to countless recipients around the world and is often related to pharmaceutical products or pornography. Spam email is also used to send phishing emails or malware and can help to maximise potential returns for criminals).
Crime moves away from traditional methods such as violence, drugs or burglary and internet-based crime is becoming more prevalent. This goes with the trend resulting from increased online business and communication. The victims of crime may lose anything that has value – safety, peace, money or property.
Excursus
The first study to examine the emotional impact of cybercrime, it shows that victims’ strongest reactions are feeling angry (58 %), annoyed (51 %) and cheated (40 %), and in many cases, they blame themselves for being attacked. Only 3 % don’t think it will happen to them, and nearly 80 % do not expect cybercriminals to be brought to justice— resulting in an ironic reluctance to take action and a sense of helplessness.
Definition
Phishing – A phishing campaign is when spam emails, or other forms of communication, are sent en masse, with the intention of tricking recipients into doing something that undermines their security or the security of the organization they work for. Phishing campaign messages may contain infected attachments or links to malicious sites. Or they may ask the receiver to respond with confidential information
Example
A famous example of a phishing scam from 2018 was one which took place over the World Cup. According to reports by Inc, the World Cup phishing scam involved emails that were sent to football fans. These spam emails tried to entice fans with fake free trips to Moscow, where the World Cup was being hosted. People who opened and clicked on the links contained in these emails had their personal data stolen.
Definition
Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring down a system or network. Sometimes connected IoT (internet of things) devices are used to launch DDoS attacks. A DDoS attack overwhelms a system by using one of the standard communication protocols it uses to spam the system with connection requests.
Example
A famous example of this type of attack is the 2017 DDoS attack on the UK National Lottery website. This brought the lottery’s website and mobile app offline, preventing UK citizens from playing.
The most frequently committed cybercrimes include:
Online impersonation
This crime is one of the most commonly committed cybercrimes in existence. For this criminal act it is typical to use another person’s name, domain address, phone number or any other identifying information without consent and to cause harm or commit fraud, which is a crime.
Example
Claire began being harassed by strangers after someone made a post on the Internet offering sexual services in her name. The post included private information, including her phone number and home address.
Cyberstalking
Physical stalking can take forms of following in person, secretly watching, persistent calling and texting to manipulate, and different other means to approach the victim unexpectedly. The difference of cyberstalking is that it is committed on online technology such as email, social networks, instant messaging, personal data available online – everything on the Internet can be used by cyberstalkers to make inappropriate contact with their victims.
Example
After John and his girlfriend broke up, he began stalking her by planting a prepaid GPS-enabled cell phone under her car. John tracked his ex-girlfriend’s movements, and followed her by logging into the cell phone account online. John also called his ex upwards of 200 times a day.
Cyberbullying
We can name this crime when people use social media or the internet to intimidate, harass, threaten or belittle others. In general, if a person uses the internet or any other form of electronic communication to threaten, harass or scare another person, this conduct may be a crime.
Example
While traveling on the road with a junior team, one of the players takes an embarrassing photo of a girl that he met at the rink. He then posts the photo on Facebook and sends the photo to all of the other players on the team. The photo then gets distributed.
Three of Paul’s teammates send texts to him, blaming him for the team’s loss and telling him that he does not know how to play the game. Paul is afraid to tell his coach and parents so tolerates the bullying for the entire hockey season. He does not return to hockey the next season.
What is the difference between cyberbullying and cyberstalking?
Cyberbullying
Cyberstalking
Cyberbullying is constant contact with the person; saying hurtful things to the person or telling others untrue information about the person. For instance, the offender creates the Facebook group entitled “I hate…” and invites all friends to join it.
Cyberstalking is an obsession with finding out as much you can about the person (without actually asking them). For instance, the offender finds out where the person was born, if the person is married, etc.
Identity theft and data theft
Identity theft is the act of stealing personal identification information to commit illegal acts, such as: opening a line of credit, renting a house, purchasing goods or services, auction- and wage-related fraud or extortion.
Data theft is the act of illegal possession of sensitive data, which includes unencrypted credit card information stored in businesses, trade secrets, intellectual property, source code, customers’ information and employee records.
Example
The Marriott was hacked in 2018, where 383 million guest records and over 5 million passport numbers were stolen, data breaches have increased in frequency and severity. Those date could be sold on the dark market and anyone can abuse them and use the another identity.
Financial crimes
This variety includes activities that dishonestly generate wealth for those engaged in the conduct in question. It consists of exploitation of insider information or the acquisition of another person’s property by deceit to secure a material benefit. Financial crime is commonly considered as covering the following: fraud, money laundering, bribery, bribery and corruption and many others.
Example
Some recent high-profile financial crimes include the Enron scandal, where the energy company committed widespread fraud and corruption, and the Bernie Madoff investment scandal, where Madoff pretended to have a successful investment firm, but he was really just stealing money from new clients and giving it to older clients (This is what is called a Ponzi scheme, and Madoff ran the largest one in history). Madoff was convicted of numerous crimes including money laundering and many different types of fraud..
Cybercrime is often committed by someone near you – for example in your company. This type of cybercrime is called internal fraud and refers to a type of fraud that is committed by an individual against an organization. In this type of fraud, a perpetrator of fraud engages in activities that are designed to defraud, misappropriate property, or circumvent the regulations, law, or policies of a company. For instance, internal fraud involves activities such as nonreporting of transactions intentionally, performing unauthorized transactions, and intentional mismarking of positions.
Internal fraud can be classified into two broad categories, embezzling and identity theft. In the case of embezzling, the cash is taken directly from the organizations and in the case of identity theft, a customer’s personal information is misappropriated by the employee to make a profit. Examples of internal fraud include:
On the other hand, the fraudulent activities of persons external to the company are called external fraud. It involves the theft of money or stock by persons outside the business. Examples of external fraud include:
There are various purposes of cyber-attacks in cyberspace ranging from the moderate to the merciless ones, the 4 most typical purposes are: