As more and more of our lives are lived online, it is only logical that criminals would find their way to cyberspace, too. Over the past two decades, research has been conducted on computer hacking, malicious software distribution, fraud, piracy, stalking and bullying and sexual victimisation online (Leukfeldt, Yar, 2016) in order to try to define, categorise and analyse cybercrime.
What kind of cyber threats are lurking out there? What should I know about the latest trends? And, as all worried netizens wonder, what can we do to protect ourselves online?
The ABC of cybercrime
Cybercrimes are offences that are enabled or enhanced by technology (Wall, 2007). This encompasses a broad range of crimes, some which can be viewed through an economic lens and others motivated by ideology, passion and revenge (Leukfeldt, Lavorgna, Kleemans, 2016).
Some online crimes are simply ‘cyber’ as they are traditional crimes conducted online, such as tax fraud, while others are new crimes that owe their existence to the Internet (Anderson, Barton, Böhme, Clayton, van Eeten, Levi, Moore, and Savage, 2018). Large-scale operations thrive on the offline dimension to cybercrime – cyber criminals tend to prefer to work with people they know and trust in real life, be it people from their neighbourhood or school (Lusthaus, Varese, 2017). There are several types of cyber-attack: one-to-one, one-to-many, many-to-many, many-to-one and multistage hybrid attacks that incorporate several of the above (Johnson, 2013).
So, what do cyber criminals want? To use your personal data, such as your name, bank details, identifying number or credit card number for personal gain (Bhickta, 2019). They exploit two inherent types of weakness: human weakness, as more than 99% of cyberattacks require human interaction to succeed according to Proofpoint, and technical weakness, such as unpatched infrastructure or easily exploited networks and controls (World Economic Forum, 2019). Let’s have a closer look.
Examples of cybercrime
Phishing refers to scammers contacting you out of the blue and trying to lure personal information out of you (Silverbug, 2016) and can refer to several techniques, from fraudulent emails where scammers impersonate official representatives to fake dating profiles. For example, you can receive an email from a sender that looks like an automated Facebook message asking you to log in. It will lead you to a fraudulent site, but the login page looks interchangeable with the original, so you do it. Hackers now have your login details, can take control of your account, post in your name and do monetary harm if you have a credit card connected.
Using botnets – networks of devices infected with malware without the users’ knowledge that will transmit viruses (Europol, 2020) – is another popular one that you might have seen in action on social media. Hijacked profiles of friends or family will usually start sending out malicious links in order to infect more users. These are especially dangerous as they disable antivirus software (Silverbug, 2016) and create ‘back doors’ on compromised devices which allow them to create more botnets (Europol, 2020).
Hacking and the trade of hacking expertise, bulletproof hosting and counter-anti-virus services (Europol, 2020) are commodities available through the Dark Web.
Cybercrimes can support offline organised crime with money laundering (of traditional as well as virtual currencies), online fraud or simply ‘the online hosting of operations that involve the sale of weapons, false passports, counterfeit and cloned credit cards, and drugs’ (Europol, 2020). That’s right – drug sale has moved to crypto currencies and social media apps (Bachhuber, Merchant, 2017).
Besides checking whether your adolescent has a drug dealer in their Snapchat contacts, make sure to educate yourselves on deepfake technology – this AI-based technique places images or videos over another in such a way that the naked eye cannot detect deception and the distorted parts can only be seen when investigating the manipulated content’s metadata (Europol, 2020). As sharing self-generated explicit material online is more and more common with the growing quality of smartphone cameras among minors (Europol, 2019), they should be warned and informed on the dangers associated with doing so, such as sexual extortion (sextortion) alongside other forms of online child sexual exploitation, such as the live-streaming of child sexual abuse (Europol, 2020).
Newest trends in cybercrime
Ransomware (malware that locks the victims’ computer or encrypts data, demanding ransom to regain control) remained the top cybercrime threat in 2019 according to Europol’s Internet Organised Crime Threat Assessment report. Even though the overall volume of ransomware attacks is in decline, cybercrime is becoming more aggressive and confrontational as the attacks are more targeted and profitable and cause more damage (IOCTA, 2019).
DDoS attacks or Distributed Denial of Service (DDoS) attacks use ransomware to deny others access to that organisation’s data or services, with many banks reporting that DDoS attacks result in the interruption of online banking services (Europol, 2019). This creates more confusion than actual economic damage.
As most ransomware attacks in 2019 were against local governments in the United States, smart cities (using technology and the Internet to collect data and manage and improve operations) should be warned to train their employees and look for easy-to-exploit loopholes within their information systems (Europol, 2019). This is especially important to keep in mind on the EU-level, as the cyber security levels of its member states differ vastly: analysing the total number of incoming attacks, cryptocurrency mining, malware and ransomware encounters on machines between January and October 2019, it turned out that the Netherlands has the highest rate at 17.64% of machines, while Ireland had the least at 1.08% (McCarthy, 2020).
The most worrisome trend in cybercrime is how thinly spread the resources of law enforcement are with information overload across all mediums, which is making fighting online child sexual abuse more difficult with the Darknet becoming more fragmented and full of smaller marketplaces and blockchain marketplaces moving to Tor, where one can operate anonymously (Europol, 2019). As it turns out, we are still extremely inefficient at fighting cybercrime: the botnet that was behind one third of the spam sent in 2010 earned its owners around $2.7 million, while worldwide spam prevention probably exceeded a billion dollars (Anderson, et al., 2018).
The good news? Criminals are not the only ones constantly coming up with new methods to do their job.
Citizen participation and cyber-crowdsourcing in order to catch cybercrime is a trend that has moved from the real world (think ‘Neighbourhood Watch’ and other volunteer patrol programmes) to cyberspace (Chang, Zhong, Grabosky, 2018). Counter-hacking, investigating, hacktivism, co-producing with and parallel to legal entities – you name it. White hat hackers or ethical hackers actively use their knowledge for good, working with companies to identify security flaws and make improvement recommendations (Sobers, 2020). The problem is that while a certain degree of citizen involvement can be useful, the potential for overzealous reactions by the citizenry is very real (Chang, Zhong, Grabosky, 2018). Netilantism or internet vigilantism empowers the culprits to achieve the goal of social justice using human flesh search engines (Chang, Poon, 2016).
While the vulnerabilities in content filtering mechanisms make it difficult to protect victims from cybercrime, research shows that it is possible to use text-based deception detection with an approach that combines computational linguistics, psycholinguistics and machine learning (Mbaziira, Jones, 2016). In other words, in the future, when chatting to a dating profile that is actually fake, an automated bot could warn you that your messaging partner is using language associated with cybercrime.
Until then, here are a few practical tips.
Protecting yourself from cybercrime
Oskar Gross, Head of the Cyber Crime Unit at the Estonian Police and Border Guard Board, has five easy ways to protect yourself from cybercrime (Krusten, 2019):
- Use strong, unique passwords and two-factor authentication (which requires a PIN, fingerprint or some other form of authentication on top of a password)
- When offered, always update software
- Use antivirus software
- Make backups regularly
- If something looks too good to be true, it probably is
In addition, to stay safe from online identity theft (Bhickta, 2019):
- Do not respond to unknown emails that request personal information in order to prevent phishing.
- Do not provide remote access to those whom you do not know in order to avoid scams.
- Avoid sharing personal information online on social media.
- Log out of email accounts when not using them so that you don’t leave yourself compromised.
- Make erasing data from hard drives when selling, donating or returning IT assets such as laptops, hard drives, etc. a part of your digital hygiene regimen.
All in all – being vigilant to the point of paranoia usually goes a long way. Better safe and dubbed a conspiracy theorist than scammed and sorry.