Cybercrime

Criminals exploited computers shortly after their commercialization in the 1950s. The introduction of the Internet in the 1980s led to a marked increase in cybercrime, but the development of the ubiquitous World Wide Web in the 2000s—with access from home, work, and mobile devices—led to exponential growth of all types of cybercrime.

89138922-59770.jpg

There are many examples of cybercrime—including identity theft, denial-of-service attacks, Internet fraud, online predators, and theft of intellectual property—that have appeared in the media, but none is better known than identity theft. Identity theft is the use of personal identifying information to take actions regarding that person, usually by someone intent on performing an illegal act. While illegally impersonating someone is an old type of crime, the increasing use of the Internet for business and pleasure in the 2000s resulted in the creation of a digital identity, made up of names, Social Security number, credit card numbers and the like, and identity thieves developed many ways of stealing these digital identities. According to the Bureau of Justice Statistics, in 2021, an estimated 23.9 million people in the United States were victims of at least one incident of identity theft within the prior year. This number represents 9 percent of US residents age sixteen or older.

One of the most popular digital identity attacks of the 2000s was phishing with e-mail. In a phishing attack, the thief sends an e-mail to an unsuspecting victim, requesting their digital information under false pretenses, such as pretending to be the victim’s bank and asking for their Social Security and bank account numbers. Once the thief has the banking information, they then empty the victim’s bank account. Thieves also steal identities by placing spyware in a victim’s computer to secretly log their private information. Protection from an identity theft attack is tailored to the attack. For example, training has helped reduce phishing attacks, while Internet security programs that specialize in antispyware are the best protection against a spyware attack.

Accessing and storing child pornography on a computer is another common type of cybercrime that increased as the web became more popular and accessible. Sites exhibiting a wide range of images and videos of child pornography are easily accessible from a web browser unless some type of blocking software has been installed. Many public libraries and home computers installed blocking software over the course of the 2000s. Social medial sites generally tried to control improper content by carefully monitoring their sites. Law enforcement personnel involved in computer forensics spent much of their time searching computers for child pornography and then testifying in court.

One of the most popular uses of the Internet is to download and listen to music. The 2000s saw the creation of hundreds of sites where one can download all types of music in several formats like MP3, and many artists began marketing their music from their own websites. For example, the Apple iTunes site downloaded millions of recordings and albums to iPhones and personal computers. In spite of the large number of legal websites to download and play music, there were even more illegal sites created. These illegal sites have greatly reduced the profitability of the recording industry. The Recording Industry Association of America (RIAA), initially founded in 1952 to administer standards of frequency during recording, focused in the 2000s on helping to fight the illegal downloading of music. The RIAA became a leader in developing ways to secure the music downloading process, using special formats to protect music files and taking legal action at the discovery of illegal downloading sites.

Illegal downloading of motion pictures is another common form of cybercrime. Some popular films are recorded with cell phones and placed on illegal websites within days of their release. The Motion Picture Association of America (MPAA) is a trade group that has increasingly worked to combat this type of theft, using technology and lawsuits. The theft of music and motion pictures on the Internet is just one example of the theft of intellectual property that became pandemic in the twenty-first century. Theft of software, images, and even company secrets also became a major problem for industry. To protect against such attacks, companies have implemented expensive network and computer software, conducted massive training programs, and employed many computer security specialists.

Attacks on Computers

The most common form of attack on a computer is an intrusion attack. These have many forms: viruses, codes that can replicate themselves and damage computers; worms, programs that can replicate themselves and damage computers; bots, programs that help attack other computers; and spyware, programs that collect and forward private information. Trojan horses are one of the most dangerous forms of intrusion attack, as they are often launched from a hacker website, masquerading as a useful site. For example, starting in 2007, the Trojan horse ZeuS was used to steal online banking information after infecting a user through a download from a website—whether a malicious site or an infected legitimate site—or by a link in an e-mail to such a site. Almost all intrusion attacks constitute a crime, although some are simply attempts to irritate the attacked user. Training about how to avoid attacks and protecting software—antivirus, antispyware, and intrusion protection systems—provide reasonable protection from intrusion attacks, but hackers still find vulnerabilities to attack.

Another well-known type of attack on computers is a denial-of-service (DoS) attack, during which a hacker sends a massive volume of messages to a server, usually on the Internet, that interfere with the server’s ability to function properly. Many DoS and distributed denial of service (DDoS, a type of DoS) attacks have occurred. An October 2020 DDoS attack on Google targeted thousands of Google IP addresses over six months, peaking at 2.5 terabits per second (Tbps). DoS attacks are generally cybercrimes, but they can be hard to prosecute. DoS attacks are also sometimes mounted by nations as a part of cyberwarfare, and in these cases are not technically a crime. A variety of defenses are used to combat DoS attacks. One of the most effective is to employ a honeypot, a computer that appears to be the server under attack, and let it draw the attacking traffic to it; intelligent firewalls and routers have also proven to be effective.

Attacks Using Computers

Fraud has always been a major problem for law enforcement, and in the 2000s it largely migrated to the Internet. Digital identities can be hard to recognize and validate on the Internet. For example, customers can log in to what they think is the rewards site for their credit card and give all their credit card information to a thief who proceeds to buy the maximum amount with their card. In another famous example of Internet fraud during the early twenty-first century, a criminal or criminals posed as a Nigerian lawyer who solicited victims via e-mail by promising to transfer an inheritance into their bank accounts upon receipt of their account numbers, and instead took all their money. Consumer education is one of the best defenses against Internet fraud, but has needed to be combined with improved authentication techniques. One example is to give each Internet user or site a digital certificate, thus creating a digital identity for all on the Internet, so that cybercriminals intent on committing Internet fraud can be detected and stopped.

Cyberbullying, the use of communications devices or the Internet to verbally abuse or threaten another individual, was recognized as a major problem in the early twenty-first century. Many laws have been passed to limit cyberbullying, but it has continued to be a difficult type of cybercrime to control, especially on social media sites.

The first two decades of the 2000s saw an increase in an additional form of cyberattack known as pharming, which, like phishing, is a type of digital scam that allows an individual to steal a user's personal information via the Internet. Rather than using e-mail to lure in victims, pharming targets a person's web browser by using a malicious code installed on the computer and browser to redirect the unsuspecting user away from a legitimate website (such as PayPal or eBay) to another, similar but fraudulent site. When the user visits the site and makes financial transactions or exchanges personal information under the impression that they are using a legitimate service, the hacker receives the information instead of the intended company. This form of cyberattack has largely been considered even more dangerous, as users are not required to click on a link or respond to an e-mail but instead are automatically redirected without their knowledge. While software has been created to help detect a fraudulent website, hackers have continued to come up with alternative methods of illegally acquiring digital information.

Impact

The twenty-first century has seen rapid growth in using the Internet to communicate, transact business, access entertainment, and obtain information. Along with this growth has come a proportionate increase in cybercrimes. Initially, most Internet users paid little attention to these cybercrimes. However, publicity about the financial losses incurred by identity theft victims, the harm suffered by cyberbullying victims, and damage done to companies and nations by DoS attacks made people aware of the dangers of cybercrime. As a result, by the 2010s, many Internet users had developed a healthy fear of cybercrime. Industry, educational institutions, and individuals purchased security software and hardware to protect their systems, greatly increasing the cost of using the Internet.

Bibliography

Bradbury, David. “When Borders Collide: Legislating Against Cybercrime.” Computer Fraud and Security, vol. 2, 2012, pp. 11–15.

Cilli, Claudio. “Identity Theft: A New Frontier for Hackers and Cybercrime.” Information Systems Control Journal, vol. 6, 2005, pp. 1–4.

"Denial of Service (DoS) Guidance." National Cyber Security Centre, 25 Mar. 2024, www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection. Accessed 22 May 2024.

Doyle, Charles. Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws. Congressional Research Service, 2010.

Holt, Thomas J., et al. Cybercrime and Digital Forensics: An Introduction. Routledge, 2015.

McLaurin, Joshua. “Making Cyberspace Safe for Democracy: The Challenge Posed by Denial-of-Service Attacks.” Yale Law and Policy Review, vol. 30, no. 1, 2011, p. 11.

Schell, Bernadette H., and Clemens Martin. Cybercrime: A Reference Handbook. ABC-CLIO, 2004.

"Victims of Identity Theft, 2021." Bureau of Justice Statistics, 12 Oct. 2023, bjs.ojp.gov/library/publications/victims-identity-theft-2021. Accessed 22 May 2024.

Singer, P. W., and Allan Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford UP, 2014.

Wall, David. Cybercrimes: The Transformation of Crime in the Information Age. Polity, 2007.

“What Is Pharming and How to Protect Yourself.” Kaspersky Lab, usa.kaspersky.com/internet-security-center/definitions/pharming#.WDXNKLIrJQI. Accessed 22 May 2024.