Chapter 15: The new millennium: cybercrime (crim)

Comating Cybercrime

The proliferation of cybercrime and its cost to the economy have created the need for new laws and enforcement processes specifically aimed at controlling its emerging formulations. Because technology evolves so rapidly, the enforcement challenges are particularly vexing. Congress has treated computer-related crime as a distinct federal offense since the passage of the Counterfeit Access Device and Computer Fraud and Abuse Act in 1984. The act protected classified U.S. defense and foreign relations information, financial institution and consumer reporting agency files, and access to computers operated for the government. The act was supplemented in 1996 by the National Information Infrastructure Protection Act (NIIPA), which significantly broadens the scope of the law. Therefore new legislation has been drafted to protect the public from the cybercriminal. For example, before October 30, 1998, when the Identity Theft and Assumption Act of 1998 became law, there was no federal statute that made identity theft a crime. Today, federal prosecutors are making substantial use of the statute and are actively prosecuting cases of identity theft. In the wake of the 9/11 attacks, the NIIPA has been amended by sections of the USA Patriot Act to make it easier to enforce laws against crimes by terrorists and other organized enemies against the nation's computer systems. Subsection 1030(a)(5)(A)(i) of the act criminalizes knowingly causing the transmission of a program, code, or command that intentionally causes damage to a protected computer. This section applies regardless of whether the user had authorization to access the protected computer; company insiders and authorized users can be culpable for intentional damage to a protected computer. The act also prohibits intentional access without authorization that results in damage but does not require intent to damage; the attacker can merely be negligent or reckless. computer-related crimes can also be charged under at least 40 different federal statutes. These include the Digital Millennium Copyright Act, the National Stolen Property Act, the mail and wire fraud statutes, the Electronic Communications Privacy Act, the Communications Decency Act of 1996, the Child Online Protection Act, the Child Pornography Prevention Act of 1996, and the Internet False Identification Prevention Act of 2000. Movie pirates who use the Internet to sell illegally copied films have led the federal government to create the Family Entertainment and Copyright Act of 2005. One part of that statute, known as the ART Act (Artists' Rights and Theft Prevention Act of 2005), criminalizes the use of recording equipment to make copies of films while in movie theaters. The statute also makes it illegal to make a copy of a work in production and put it on the Internet so it will be accessible to members of the public when the individual making the copy knew or should have known the work was intended for commercial distribution.

Distributing Dangerous Drugs

, Michael Arnold was sentenced to five years in prison for his role as the organizer and leader of the Pitcairn Internet pharmacy. From 2003 through 2007, Pitcairn sold more than 14 million doses of Schedule III and IV controlled substances, earning over $69 million in its four years of operation on websites such as ezdietpills.net, pillsavings.com, and doctorrefill.net. Arnold laundered Pitcairn's illegal proceeds through accounts in at least eight different countries, including Switzerland, Liechtenstein, the Netherlands, Canada, Panama, the Bahamas, St. Kitts and Nevis, and Curaçao. The Arnold case, in addition to many others, shows how the Internet has become a prime purveyor of prescription drugs, some of which can be quite dangerous when they are used to excess or fall into the hands of minors 365 websites that advertised or sold controlled prescription drugs such as Oxycontin, Valium, Xanax, Vicodin, Ritalin, and Adderall. Only two of the sites were certified by the National Association of Boards of Pharmacy as verified Internet pharmacy practice sites, and 85 percent of the sites did not require a prescription from a doctor. half only required that the original prescription be provided, not a prescription authorizing refills. This allowed buyers to make multiple purchases with a single script. The report also found sites selling online "medical consultations," where doctors see many patients a day to fill or refill prescriptions for controlled drugs without regard for the standards of medical practice. Children are especially at risk, and millions of children are now feared to be abusing an illegally obtained prescription drug. More teens have abused these drugs than many other illegal drugs, including Ecstasy, cocaine, crack, and methamphetamine. With access to a credit card, they can order opioid-based drugs (e.g., codeine, Demerol, Oxycontin, Percocet, and Darvon), depressants (e.g., Xanax, Librium, and Valium), and stimulants (e.g., Adderall, Dexedrine, and Ritalin). "dark web" is made up of websites that do not show up on regular internet searches and is an anonymous, and virtually untraceable global network. Some goods peddled on the web merely avoid national laws governing sales of drugs without a prescription - these websites market pills on sites like doctorrefill.net and sell Canadian drugs at lower prices. Other sites, like The Silk Road, operate an illicit marketplace on a website that has since been shut down but was once known for its trade in illegal drugs. Arrest of Silk Road's owner was pure luck, as his penchant for pirate lore, fake silvery swords and eye patches, gave him away to a very unlikely federal agent of US Customs in Chicago, whose usual investigation of fake imports would have never had him involved in such a major case. The Silk Road inner circle consisted of many, many layers of protection where Ross Ulbricht was monitored by a moderator who was many layers away, but she was trusted because she supplied pirate gear or something that Ross Ulbricht frequently used. The Chicago Customs agent simply took her place, but had to reign himself in posing only as she was used to acting and chatting online. Secondly Ross had fancied himself as an expert in the Austrian Economic theory' and the works of Ludwig von Mises ... as providing the philosophical underpinnings for Silk Road." Everybody had to give in on his philosophy. Another moderator/contributer to Silk Road, originally as a money launderer was the 'dark web drug lords who got away.' That list included the Dread Pirate Roberts 2 (DPR2), the creator of the second Silk Road 2.0site, which launched almost immediately after Silk Road. Last month Dread Pirate Roberts 2 was revealed as Thomas White, a computer buff, who was arrested in UK, in 2015 but that wasn't revealed until recently due to their state secrecy acts. Do you want to know the difference in sentencing for almost the same charges between the US and UK --- Ross received two life sentences plus 40 years, and DPR2 received 5 years 4 months in the UK.

trojan horses

A computer program that looks like a benign application but contains illicit codes that can damage the system operations. Though Trojan horses do not replicate themselves like viruses, they can be just as destructive.

malware

A malicious software program.

logic bomb

A program that is secretly attached to a computer system, monitors the network's work output, and waits for a particular signal such as a date to appear. Also called a slag code, it is a type of delayed-action virus that may be set off when a program user makes certain input that sets it in motion. A logic bomb may cause a variety of problems ranging from displaying or printing a spurious message to deleting or corrupting data.

Common Internet Fraud Schemes

Auto Auction Fraud - Internet auction fraud involving the sale of automobiles. Many of the listings are for vehicles located outside the United States. In most cases the criminal attempts to sell vehicles they do not own. Criminals create attractive deals by advertising vehicles at prices below book value and claim that they must sell the vehicle because they are moving or being relocated for work. Due to the pending move, the criminals often refuse to meet with potential buyers or allow vehicle inspections and ultimately try to rush the sale. In an attempt to make the deal appear legitimate, the criminal often instructs victims to send full or partial payments to third-party agents via wire transfers and to fax their payment receipt to the seller as proof of payment. Once payment is made, the criminal pockets the money and the victim never receives the vehicle. Hitman scam - The victim receives an email from a member of an organization such as the "Ishmael Ghost Islamic Group." The emailer claims to have been sent to assassinate the victim and the victim's family members. The emailer asserts that the reason for the impending assassination resulted from an alleged offense by the victim against a member of the emailer's gang. In a bizarre twist, the emailer reveals that another member of the gang (purporting to know a member of the victim's extended family) pleaded for the victim's pardon.The emailer alleges that an agreement was reached with the pleading gang member to pardon the victim from assassination if the victim takes some action, such as sending $800 to a receiver in the United Kingdom for the migration of Islamic expatriates from the United States. Victims of this email are typically instructed to send the money via Western Union or MoneyGram. The emailer gives the victim 72 hours to send the money or else pay with his/her life. economic Stimulus Scam - unsolicited calls offering "government stimulus money." A recorded voice message describes alleged government funds available for those who apply; in one such scam, the voice reportedly sounded very much like President Obama. Victims are warned that the offer is only available for a limited time and are instructed to visit certain websites to receive their money. These sites require victims to enter personal identifying information after which they are directed to a second page to receive notification of eligibility. Upon completion of an online application and payment of small fees, victims are guaranteed to receive a large sum of stimulus money, but they never do. PET Scams A self-proclaimed breeder posts an online ad (along with a cute picture or even a streaming video) offering to sell a pet. The breeder asks the buyer to send in money, plus a little extra for delivery costs. But the buyer never gets the pet; the scam artist simply takes the money and runs. Secret Shoppers and Funds Transfer Scams Individuals are hired via the Web to rate experiences while shopping or dining. They are paid by check and asked to wire a percentage of the money to a third party. The check they had been sent bounces, and they are out the money they sent to the other party. As part of the scam, the fraudsters often use real logos from legitimate companies. Adoption and Charity Fraud A person is sent an email that tugs on his or her heartstrings, asking for a pressing donation to a charity and often using the subject header "Urgent Assistance Is Needed." The name of a real charity is generally used, but the information provided sends the money to a con artist. One set of scams used the name of a legitimate British adoption agency to ask for money for orphaned or abandoned children. Romance Fraud A person encounters someone in an online dating or social networking site who lives far away or in another country. That person strikes up a relationship with him or her and then wants to meet, but needs money to cover travel expenses. Typically, that's just the beginning—the person may claim to have been taken ill or injured during the journey and asks for money to pay the hospital expenses. Overpayment Fraud Victims who have advertised some item for sale via the Internet are contacted by "buyers" who remit counterfeit checks in excess of the purchase price as payment. The victim is told to cash the check, deduct any expenses, and return or forward the excess funds to the "buyer," but later discovers the check was counterfeit. Victims in this fraud not only lose the value of the property sold, but they are also indebted to their financial institutions for the funds withdrawn on the counterfeit check. Advance-Fee Fraud Schemes A victim is promised a substantial benefit—such as a million-dollar prize, lottery winnings, a substantial inheritance, or some other item of value—but must pay a fee or series of fees before he or she can receive that benefit. While there are almost endless variations on this basic scheme, the following are some of the more frequently used types. Business Opportunity/Work-at-Home Schemes Fraudulent schemes often advertise purported business opportunities that supposedly allow individuals to earn thousands of dollars a month in "work-at-home" ventures. These schemes typically require victims to pay anywhere from tens to hundreds of dollars (or more) to get started. The fraudsters then fail to deliver the materials or information needed to make the work-at-home opportunity a potentially viable business. Credit Card Interest Reduction Schemes Some fraudulent schemes offer to help individuals lower their credit card interest rates, charging fees without effecting any actual reductions in the cardholders' rates. Inheritance Schemes Some fraudulent schemes contact prospective victims by representing that the people contacted are in a position to receive a substantial inheritance from a family member or from an individual who has died without heirs. The person contacted is then subjected to a series of demands for advance payment of various fees before the inheritance can be transferred. Lottery/Prize/Sweepstakes Schemes Operating from a growing number of countries, including Costa Rica, the Dominican Republic, Jamaica, the Netherlands, Nigeria, and Spain, these schemes falsely represent that the person contacted has just won a substantial lottery prize or other sweepstakes or prize contest, but must pay what proves to be a growing number of fees or "taxes" before he or she can receive the prize.

darknet

Computer network that can only be accessed using nonstandard communications protocols and ports, with restricted access that can only be opened with specific software configurations.

Cyberdeviance: The Darker Side of the NEt

Cyberdeviance refers to a range of activities, some considered illegal, others considered amoral, and many considered both. Included within this realm of cybercrime are the distribution of pornography and obscene material, including kiddie porn, online prostitution, and the distribution of dangerous drugs. possible for people who sell these illicit goods and services to connect with one another across the globe. Because there are a myriad of people engaging in similar behaviors, someone who heretofore has lurked in the shadows can now find companions who will reinforce and share behaviors they may have previously considered socially and legally unacceptable. Obsessive and irrational individuals are no longer limited by time, position, or space. They can dwell in a virtual world filled with people just like themselves but who may be living on the far side of the planet. Cyberdeviance has no boundaries. It may not have created a new breed of crime but, rather, serves as an efficient delivery system for some traditional types of deviant behavior.

Cyberespionage

Efforts by intelligence agencies to penetrate computer networks of an enemy nation in order to steal important data. 2014, the Justice Department filed charges against five Chinese military officers, all hackers in an international cyberespionage case. These Chinese hackers worked directly for the government and were trained at universities run by the People's Liberation Army. In addition to hackers who work for the government or military, some are mercenaries who sell their skills to state-owned and private companies.

Etailing fraud

Etailing fraud is illegally buying and/or selling merchandise on the Internet. More than 280,000 people file complaints with the government's Internet Crime Complaint Center each year and these scams create more than one billion dollars in losses.

Distributing Pornography

IT revolution revitalized the porn industry. The Internet is an ideal venue for selling and distributing obscene material; the computer is an ideal device for storage and viewing. It is difficult to estimate the vast number of websites featuring sexual content, including nude photos, videos, live sex acts, and webcam strip sessions among other forms of "adult entertainment." Adult content is so pervasive and easily obtained that it has driven some adult magazines out of business. no conclusive data on the extent of Internet porn sites. Estimates are all over the map. Some estimates calculate that about 5 percent of the top million websites are sex related adult sites get billions of hits each year. Other estimates suggest that by 2017 a quarter of a billion people will be accessing mobile adult content from their phones or tablets, an increase of more than 30 percent from 2013. Mobile adult video chat alone will have a compound annual growth rate of 25 percent. With most porn on the Internet now free and easy to find, the number of adult sites and traffic to them have exploded to an estimated 700 to 800 million individual porn pages. Surveys now show that: Every second, 28,258 users are watching pornography on the Internet. Every second, $3,075.64 is being spent on pornography on the Internet. Every second, 372 people are typing the word adult into search engines. Forty million American people regularly visit porn sites. Thirty-five percent of all Internet downloads are related to pornography. Twenty-five percent of all search engine queries are related to pornography, or about 68 million search queries a day. a Google search on the word "porn" returned more than 98 million results, and "xxx" returned more than 216 million. Porn-nappers buy expired domain names of existing sites and then try to sell adult material to people who stumble upon them while surfing. Typosquat websites are those where a pornographer has deliberately registered names with typos so that people searching online are directed to pornography sites if they misspell a word or put in the wrong keystroke There are a number of different schemes in operation: A large firm sells annual subscriptions in exchange for unlimited access to content. Password services charge an annual fee to deliver access to hundreds of small sites, which share the subscription revenues. Large firms provide free content to smaller affiliate sites. The affiliates post the free content and then try to channel visitors to the large sites, which give the smaller sites a percentage of the fees paid by those who sign up. Webmasters forward traffic to another porn site in return for a small per-consumer fee. In many cases, the consumer is sent to the other sites involuntarily, which is known in the industry as mousetrapping. Web surfers who try to close out a window after visiting an adult site are sent to another web page automatically. This can repeat dozens of times, causing users to panic and shut down their computers in order to escape. Adult sites cater to niche audiences looking for specific kinds of adult content. While some sites deal in legal sexually related material, others cross the legal border by peddling access to obscene material or even kiddie porn. Some people access the darknet in order to trade in kiddie porn and other illegal material. These materials, whether real or contrived will be prosecuted under federal statutes resulting in long prison sentences which may add up to over 100 years.

Cybercrime Enforcement Agencies

International Cyber Crime Coordination Cell (IC4) pools the resources of major cybercrime investigators from the United States, Australia, Germany, and the United Kingdom. In one recent case, IC4 agents coordinated with the Dutch National High Tech Crime Unit, Europol's European Cybercrime Centre (EC3) and Joint Cybercrime Action Taskforce (J-CAT), and private sector partners to take down Beebone, a botnet that installed malicious software on victims' computers without their consent or knowledge. Beebone's software stole banking logins and passwords, as well as fraudulent antivirus software and ransomware. the Internet Crime Complaint Center (IC3) is run by the FBI and the National White Collar Crime Center. Its mission is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness. The IC3 receives more than 280,000 complaints each year, spanning the spectrum of cybercrime, including online fraud, intellectual property rights matters, hacking, economic espionage such as theft of trade secrets, online extortion, international money laundering, and identity theft. It analyzes the complaints to find distinct patterns, develop information on particular cases, and send investigative packages to law enforcement authorities in the jurisdiction that appears likely to have the greatest interest in the matter. U.S. Secret Service maintains electronic crimes task forces (ECTFs), which focus on identifying and locating international cybercriminals connected to cyber intrusions, bank fraud, data breaches, and other computer-related crimes. One of the most successful of these efforts is the New York-New Jersey Electronic Crimes Task Force (NYECTF), a partnership between the Secret Service and a host of other public safety agencies and private corporations. The task force consists of more than 250 individual members representing federal, state, and local law enforcement; the private sector; and computer science specialists from 18 universities. It has trained more than 60,000 law enforcement personnel, prosecutors, and private industry representatives in cybercrime prevention. Its success has prompted similar electronic crime task forces to be set up in Boston, Miami, Charlotte, Chicago, Las Vegas, San Francisco, Los Angeles, and Washington, D.C. in one fiscal year (2013), the Secret Service arrested more than 1,000 individuals for cybercrime violations, who were responsible for more than $235 million in fraud losses and had the potential to cause more than $1 billion in fraud losses.

Cyberterrorism

Internet attacks against an enemy nation's technological infrastructure. aims to undermine the social, economic, and political system of an enemy nation by destroying its electronic infrastructure and disrupting its economy.

computer worms

Programs that attack computer networks (or the Internet) by self-replicating and sending themselves to other users, generally via email, without the aid of the operator.

Cybertheft: Cybercrimes for profit

Russian national Aleksandr Andreevich Panin pleaded guilty to a conspiracy charge associated with his role as the primary developer and distributor of malicious software (malware) designed to facilitate online theft from financial institutions. SpyEye infected more than 1.4 million computers and had the ability to detect and copy information stored on those computers and use it to transfer money out of victims' bank accounts and into accounts controlled by criminals. case unusual was that rather than using SpyEye himself, Panin sold the "product" online in criminal forums. He actually advertised the features of the program, bragging that it could be used to obtain credit card information. His 150 clients paid him up to $8,500 for the program and then used it to infect victims' computers. The program collected large amounts of financial and personal information and sent it back to servers under the control of the criminals. They were then able to hack into bank accounts, withdraw funds, create bogus credit cards, and so on. Things were going well until one of Panin's "clients" turned out to be an FBI agent. It is ironic that technological breakthroughs since the dawn of the Industrial Revolution not only brought with them dramatic improvements for society but also created new opportunities for criminal wrongdoing: criminals use the telephone to place bets or threaten victims; cars can be stolen and sold for big profits. The same pattern is now occurring during the IT revolution. computer and Internet provide opportunities for socially beneficial endeavors—such as education, research, commerce, and entertainment—while at the same time serving as a tool to facilitate illegal activity. Computer-based technology allows criminals to operate in a more efficient and effective manner. Cyberthieves now have the luxury of remaining anonymous, living in any part of the world, conducting their business during the day or in the evening, working alone or in a group, while at the same time reaching a much wider number of potential victims than ever before. No longer is the con artist or criminal entrepreneur limited to fleecing victims in a particular geographic locale; the whole world can be his or her target.

intro 2

Through IT technology, and the era of globalization, the process of creating transnational markets, politics, and legal systems—in other words, creating a global economy, encompasses our every walk of life. The Internet is now the chosen medium, more than ever since COVID-19, to provide a wide range of global services, ranging from entertainment and communication to research and education and let's not forget, travel, marriage and retirement benefits. It's not only money that's at risk with cyber attacks. We truly know the ways crime occurs on the internet. The most likely crime occurrence from terrorists is a cyberattack on security, the electronic grid or banking in this country. We know from catching Mohammed Naeem Noor Khan, who was a suspected Al Qaeda computer engineer, and collected a wealth of electronic material. The USA collected information on Mohammed Khan. E-mail and other information from Khan's computers led to the arrests of 13 suspects in Britain and sent investigators scrambling to unravel electronic links among militants in Pakistan, Europe and the United States, British, U.S., and Pakistani authorities said. The discovery of files on financial institutions in New York and Washington among Khan's trove also played a role in prompting the Bush administration to issue a terrorist warning Mohammed Naeem Noor Khan suspected Al Qaeda computer expert, was arrested July 15, 2004 in Pakistan. Khan reportedly has told his FBI interrogators that the terrorist network has monitored top U.S. political officials so closely that its operatives know where they live and the names of their neighbors. Authorities believe Khan may have been a key link among Al Qaeda cells in Pakistan, Britain and the United States. He was arrested while uploading information to several Al Qaeda-affiliated websites at an Internet cafe in Karachi. Reported in the Los Angeles Times, he was in the process of sending an e-mail death threat to President Bush, claiming that it was from Al Qaeda. Although it has long been known that Al Qaeda used the Internet to conduct reconnaissance on potential U.S. targets, the disks and hard drives taken from Khan disclose much about the resiliency and adaptability of a far-flung network hiding in plain sight, said U.S. and foreign intelligence officials and outside experts interviewed for this report. "The Internet allows the organization to become a virtual self-perpetuating and changing entity in cyberspace that provides technological guidance and moral inspiration to a new generation," writes a University of St. Andrews in Scotland researcher. The spring of 2019, saw the reappearance of the head of ISIS after 5 years in a video streaming website that surfaced. Rather than the computer whizzes often described by government officials and the press, the Al Qaeda operatives are more often people with everyday skills who have harnessed the Internet in a campaign against the United States and its allies. In an effort to gather information on potential recruits and donors, U.S. law enforcement agencies operate websites that are set up to resemble extremist Islamic sites. Visitors to those sites leave an electronic trail when they enter the site. On the other side, Al Qaeda can transmit false information to determine whether its members are being monitored by law enforcement. In this way, they leave a false trail for law enforcement.

Computer Fraud

Tonia Bright pleaded guilty to two counts of obtaining information from a protected computer for a fraudulent purpose. Bright was a civilian employee of the Tampa (Florida) Police Department working as a community service officer. As part of her duties, she took reports from citizens related to incidents not requiring the response of a sworn police officer. In this capacity, she had access to local, state, and federal law enforcement databases, including the National Crime Information Center (NCIC) computerized index. Her use of these databases was restricted to the performance of her authorized duties. Bright accessed the personally identifiable information (PII) of individuals using a variety of sources, including NCIC, despite having no legitimate law enforcement purpose. She then provided the stolen PII to other conspirators, knowing that the information would be used to commit crimes. Others in the conspiracy used the stolen PII to electronically file fraudulent federal income tax returns claiming tax refunds to which they were not entitled. The fraudulently obtained tax refunds were deposited onto reloadable debit cards issued in the conspirators' names and the names of others, including the victims' names. The debit cards were then used at retail establishments and ATMs to withdraw the illegally obtained funds crime falls under the general category of computer fraud—not a unique offense, but rather a common-law crime committed using contemporary technology. Many computer crimes are prosecuted under such traditional criminal statutes as larceny or fraud. However, not all computer crimes fall under common-law statutes because the property stolen may be intangible (electronic and/or magnetic impulse). Examples of Computer Fraud Theft of information. The unauthorized obtaining of information from a computer (hacking), including software that is copied for profit. The "salami" slice. With this type of fraud, the perpetrator carefully skims small sums from the balances of a large number of accounts in order to bypass internal controls and escape detection. Software theft. The comparative ease of making copies of computer software has led to a huge illegal market, depriving authors of very significant revenues. Manipulation of accounts/banking systems. Similar to a "salami" slice but on a much larger and usually more complex scale. Sometimes perpetrated as a "one-off kamikaze" fraud. Corporate espionage. Trade secrets are stolen by a company's competitors, which can be either domestic or foreign. The goal is to increase the rival company's (or nation's) competitive edge in the global marketplace. Such companies as Anthem Health Care, Primera Blue Cross, Staples, and Home Depot have had their computer systems hacked and the names, Social Security numbers, birthdays, addresses, email, employment information, and income data of current and former customers and employees stolen A 2016 global security survey of more than 6,000 industry leaders found that about 25 percent had been affected by computer-based attacks on their business enterprise in the prior year. Attacks are so stealthy that almost 20 percent of the CEOs were not sure if they had been attacked. Losses can be heavy: about 50 organizations had suffered losses over $5 million; of these, nearly a third reported computer crime-related losses in excess of $100 million

illegal copyright infringement

Groups of individuals work together to illegally obtain software and then "crack" or "rip" its copyright protections, before posting it on the Internet for other members of the group to use; this is called warez. Frequently, these new pirated copies reach the Internet days or weeks before the legitimate product is commercially available. The government has actively pursued members of the warez community, and some have been charged and convicted under the Computer Fraud and Abuse Act (CFAA), which criminalizes accessing computer systems without authorization to obtain information, and the Digital Millennium Copyright Act (DMCA), which makes it a crime to circumvent antipiracy measures built into most commercial software and also outlaws the manufacture, sale, or distribution of code-cracking devices used to illegally copy software.

Intro

More than 7,000 U.S. companies have been victimized, with total dollar losses exceeding $740 million. The scammers, believed to be members of organized crime groups from Africa, eastern Europe, and the Middle East, primarily target businesses that work with foreign suppliers or regularly perform wire transfer payments. The scam succeeds by compromising legitimate business email accounts through social engineering (fooling individual people into cooperating) or computer intrusion techniques. Businesses of all sizes are targeted, and the fraud is proliferating. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad. The majority of the fraudulent transfers end up in Chinese banks. Scammers employ sophisticated techniques such as learning to use language specific to the company they are targeting in order to avoid suspicion, along with dollar amounts that lend legitimacy to the fraud. To make matters worse, the criminals often infiltrate company networks, gaining access to legitimate email threads about billing and invoices they can use to ensure the suspicions of an accountant or financial officer aren't raised when a fraudulent wire transfer is requested. Instead of making a payment to a trusted supplier, the scammers direct payment to their own accounts. when a wire transfer happens, the window of time to identify the fraud and recover the funds before they are moved out of reach is extremely short The technological revolution has provided new tools to misappropriate funds, damage property, sell illicit material, or conduct warfare, espionage, and terror. While the United States has always had national security interests, a career in national security and affiliated corporate security or even university security will be a good prospect for your future jobs. Why, we face economic downturns, new kinds of wars and conflicts, emerging disease epidemics like the COVID-19 , climate change, crimes against humanity, drug trafficking, terrorism, cyberattacks, natural and technological disasters; increased immigration levels; and money laundering. I view security studies from an interdisciplinary approach drawing from international relations, security studies, peace studies, comparative criminology, and disaster management. Speaking of disasters, the chapter begins relating an accountant who: "was contacted by the lawyer via email, she noted the appropriate letter of authorization—including her CEO's signature over the company's seal—and followed the instructions to wire $737,000 to a bank in China. The next day, when the CEO, who was known to be out of town, happened to call regarding another matter, the accountant mentioned that she had completed the wire transfer the day before. The CEO said he had never sent the email and knew nothing about the alleged acquisition. The accountant immediately reviewed the email thread and noticed the first email's reply address was missing one letter—instead of ".com," it read ".co.". Whoops. The fraud spammers steal an adjusted dollar loss of more than $1 billion. This is according to the FBI's Internet Crime Complaint Center (IC3) in 2015, the most recent data available, the IC3 received 288,000 complaints. More than 20,000 complaints are now received each month by the IC3. The average loss on the cyber fraud is $8,421 per complaint. Don't confuse the IC3 (p. 548) with the IC4 (p. 570) which is the International Cyber Crime Coordination Cell that pools the resources of major cybercrime investigators from the United States, Australia, Germany and the United Kingdom. So we now, have our perfect segue into globalization.

The Stages of Cybercrime

Christopher Donner and his associates, cybercrime has gone through three stages of development: first generation of cybercrime involved deviant acts characterized by the illegal exploitation of mainframe computers and operating systems. These behaviors involved crimes that were in existence before the creation of computers and the Internet, but technological innovations provided another method of commission. They were designed for financial gain or destruction of restricted information. second generation of cybercrime used computer networks and is considered hybrid crime. It involves criminality that was already in existence but has expanded and adapted through the use of the Internet. Hacking and cracking are common forms of this generation, as they were a product of early "phone phreakers." (Phone phreakers dialed around the telephone network to understand how the phone system worked, then used their knowledge to make free long distance calls, wiretap telephones, or steal telephone company equipment.) These crimes were created prior to the creation of the Internet but could now be performed in a more criminally effective manner. Using the Internet made cybercrime more difficult to detect and rendered cybercriminals more immune from prosecution. third generation of cybercrime is identified by the nature of distribution and was solely developed by the creation of the Internet. These crimes would not exist if not for the Internet. Dissemination of malware, such as viruses or Trojan horses, is an example of this generation of cybercrime

Ransomware: Extortion via the Internet

For more than five years, computers around the nation have been attacked by the Reveton virus used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses. Unlike many other viruses—which activate when users open a file or attachment—Reveton is a drive-by virus that installs itself when users go to a compromised website; once infected, the victim's computer immediately locks. With the original Reveton virus, the infected computer's monitor displayed an official-looking screen (with an FBI logo) stating there had been a violation of federal law: illegal use of downloaded media, underage porn viewing, or computer-use negligence. It listed fines and penalties for each, and directed victims to pay $200 via a MoneyPak order. Victims were told if the demands were not met, criminal charges would be filed and the computer would remain locked on that screen. Newer variants of Reveton can even turn on computer webcams and display the victim's picture on the frozen screen. Unfortunately for victims, the virus is difficult to resolve and may require professional attention. Even if victims are able to unfreeze their computer, the malware may still operate in the background and gather personal information such as usernames, passwords, and credit card numbers through embedded keystroke logging programs.

Cyberattacks

attacks on an enemy's defense industry, compromising their ability to wage war. As a response to such a cyberattack that occurred on November 23, 2010, Iran was forced to shut down its main uranium enrichment plant at Natanz for seven days after it was targeted by the Stuxnet computer worm. Experts believe that Stuxnet was specifically designed to attack systems at the plant that control the speed at which the enrichment centrifuges spin. Cyberwar can also involve attacks designed to compromise an enemy's command and control structure by hacking into computer systems to disrupt missile targeting systems, rendering them ineffective during attacks. Israeli cyberunits have "blinded" Syrian antiaircraft installations guarding a secret nuclear plant that was being constructed for Syria by North Korea. While the exact methodology remains classified, Syrian computers that controlled their missile defenses were reprogrammed so that the attacking Israeli aircraft did not show up on radar screens. Israel was able to penetrate a sophisticated defense system without losing a single aircraft. U.S. cyberwar agents infiltrated the Iraqi "closed-loop" private, secure military network before the start of the second Gulf War. The agents sent email to thousands of Iraqi military officers on the Iraqi Defense Ministry email system telling them they would not be harmed if they left their tanks and weapons parked on the side of the road and went home; many complied. In 2012, Iran launched a major cyberattack on Saudi Arabia's state-owned oil company, Aramco, releasing a virus named AMED that replicated itself across 30,000 computers and took almost two weeks to remove. In March 2015, South Korea formally accused North Korea of cyberattacks on its nuclear reactor operations. The Chinese government has established an online warfare team to beef up the defense capabilities of the People's Liberation Army (PLA). These hackers may have penetrated the U.S. Office of Personnel Management, using a phishing email to first breach a private contractor and then crack the agency's network, exposing the records of more than 21 million people. Though China denies involvement in such attacks, its army has divisions devoted to cyberattacks. The cyberwar competition between the U.S. and China has gotten so fierce that the two countries have reached a limited agreement not to conduct certain types of cyberattacks against each other, such as intrusions that steal foreign corporate information and then pass it along to their own domestic companies. Other nations practicing cyberwar include rivals Pakistan and India, while others such as Estonia and Belarus are racing to build cybershields to counter Russia. Denmark and the Netherlands have begun programs to develop offensive computer weapons, as have Argentina and France.

International Treaties

The Convention on Cybercrime, ratified by the U.S. Senate in August 2006, is the first international treaty that addresses the definition and enforcement of cybercrime. Now signed by 49 nations, it focuses on improving investigative techniques and increasing cooperation among nations. The convention includes a list of crimes that each signatory state must incorporate into its own law, including such cyber offenses as hacking, distribution of child pornography, and protection of intellectual property rights. It also allows law enforcement agencies new powers, including the ability to require that an Internet service provider monitor a person's online viewing and search choices in real time. The convention also requires signatory states to cooperate whenever possible in the investigations and prosecution of cybercriminals. The vision is that a common legal framework will eliminate jurisdictional hurdles to facilitate the law enforcement of borderless cybercrimes. Carrying out this mandate may be difficult to achieve given the legal rights afforded U.S. citizens that may not be realized by residents of other nations. For example, First Amendment protections that restrict the definition of pornography and obscenity in this country may not apply overseas. It is not surprising that watchdog institutions such as the ACLU have condemned the treaty and campaigned against U.S. participation.

cyberdeviance

The sale and distribution of morally tainted material and products over the Net.

Development of Cybercrime

The widespread use of computers and the Internet ushered in the age of information technology (IT) and made it an intricate part of daily life in most industrialized societies.

Cyberbullying

Willful and repeated harm inflicted through the medium of online communications. bullying among children as repeated negative acts committed by one or more children against another. These negative acts may be physical or verbal in nature they may involve indirect actions such as manipulating friendships or purposely excluding other children from activities. It may come as no surprise that lesbian, gay, bisexual, and transgender (LGBT) students are subject to a disproportionate amount of bullying: Eight in ten LGBT students have been verbally harassed at school. Four in ten have been physically harassed at school. Six in ten have felt unsafe at school. One in five has been the victim of a physical assault at school. more than half of LGBT students (61 percent) were more likely than their non-LGBT peers to feel unsafe or uncomfortable as a result of their sexual orientation. The percentage of gay, lesbian, and bisexual students who did not go to school at least one day during the past 30 because of safety concerns ranged from 11 to 30 percent of gay and lesbian students and 12 to 25 percent of bisexual students. short- and long-term consequences for both the perpetrators and the victims of bullying. Students who are chronic victims of bullying experience more physical and psychological problems than their peers who are not harassed by other children, and they tend not to grow out of the role of victim. Young people mistreated by peers may not want to be in school and may thereby miss out on the benefits of school connectedness as well as educational advancement. Longitudinal studies have found that victims of bullying in early grades also reported being bullied several years later. Chronically victimized students may, as adults, be at increased risk for depression, poor self-esteem, and other mental health problems, including schizophrenia. Because of the creation of cyberspace, physical distance is no longer a barrier to the frequency and depth of harm doled out by a bully to his or her victim cyberbullies are malicious aggressors who seek implicit or explicit pleasure or profit through the mistreatment of other individuals. Although power in traditional bullying might be physical (stature) or social (competency or popularity), online power may simply stem from Net proficiency. Cyberbullies are able to navigate the Net and utilize technology in a way that puts them in a position of power relative to their victim. two main formats that bullies employ to harass their victims: (1) a cyberbully can use a computer and send harassing emails or instant messages; post obscene, insulting, and slanderous messages to online bulletin boards or social networking sites; or develop websites to promote and disseminate defamatory content; (2) a cyberbully can use a cell phone to send harassing text messages and other media to the victim. Like their real-world counterparts, cyberbullies are malicious aggressors who seek implicit or explicit pleasure or profit through the mistreatment of other individuals. If law enforcement doesn't find statutes to prosecute, cyberbullies, school can rely on legal responses in the Civil Rights Act of 1974 and Educational Amendments of 1972 (Title IX). These acts and amendments plus the American Disabilities Act of 1990 are the legislation that encourages school administrators to take action if there is behavior that is threatening students' civil rights.

Data breaches

, the online hookup site Ashley Madison was hacked; stolen personal information on 32 million of the site's members, such as email addresses, was posted on the Net. The hackers claimed two motivations: they objected to Ashley Madison's intent of arranging affairs between married individuals, and they objected to its requirement that users pay $19 for the privilege of deleting all their data from the site. The company issued a $500,000 reward for the identity of the hackers. 191 million records were uncovered on the Web containing various pieces of personal information related to American citizens registered to vote; no one knows who was responsible for the data theft. In 2015, there were nine similar data breaches in which more than 10 million records were stolen. In all, 429 million people had personal information illegally accessed by hackers, though this may be a conservative estimate since private companies are loath to reveal the extent of breaches. Internet security company Symantec believes that the real number is more than half a billion.

Warez

A term computer hackers and software pirates use to describe a game, media, or application that is made available for use on the Internet in violation of its copyright protection.

Distributed Denial of Service attack (DDoS)

A type of DoS attack where multiple compromised systems, which are often infected with a virus, are used to target a single system, causing a denial-of-service (DoS) attack. multiple compromised networks infected with a Trojan virus that targets a single system, causing a shutdown. It involves threats or attacks designed to prevent the legitimate operation of the site. In most cases, such as the Rezendes attack, there is no monetary objective and the attack is a type of cybervandalism. Rutgers University interrupted Internet service for students, faculty, and staff; another attack knocked out all of New York City's email accounts. Some of the most vulnerable targets are online gaming sites. Massive attacks have disrupted service on games such as Blizzard's Battle.net, Riot Games' League of Legends, and the Origin service run by Electronic Arts 2015, the BBC's entire network of websites and its iPlayer streaming service were the subject of a cyberattack that resulted in users being met with an error message saying there had been an "internal error"; the disruption continued for around an hour before the service was fully restored. In extortion-driven DDoS attacks, the perpetrators flood an Internet site with millions of bogus messages or orders so that its services will be tied up and unable to perform as promised. Unless the site operator pays extortion money, the attackers threaten to keep up the interference until real consumers become frustrated and abandon the site. Even so-called respectable businesspeople have been accused of launching denial-of-service attacks against rival business interests nline gambling casinos—a multibillion-dollar-a-year industry—have proven particularly vulnerable to this type of attack.

Website defacement

A type of cybervandalism that occurs when a computer hacker intrudes on another person's website by inserting or substituting codes that expose visitors to the site to misleading or provocative information. Defacement can range from installing humorous graffiti to sabotaging or corrupting the site. Defacement can range from installing humorous graffiti to sabotaging or corrupting the site. In some instances, defacement efforts are not easily apparent or noticeable false information may mislead customers and frustrate their efforts to utilize the site or make it difficult for people using search engines to find the site. Almost all defacement attacks are designed to vandalize web pages rather than bring profit or gain to the intruders (though some defacers may eventually extort money from their targets). Some defacers are simply trying to impress the hacking community with their skills. Others may target a corporation when they oppose its business practices and policies (such as oil companies, tobacco companies, or defense contractors). Some defacement has political goals such as disrupting the website of a rival political party or fund-raising group. major threat to online businesses and government agencies. It can harm the credibility and reputation of the organization and demonstrate that its security measures are inadequate. As a result, clients lose trust and may be reluctant to share information such as credit card numbers and personal information.

Common Phishing Scams

Account verification scams. Individuals purchase domain names that are similar to those of legitimate companies, such as Amazon.Accounts.net. The real company is Amazon, but it does not have Accounts in its domain name. These con artists then send out millions of emails asking consumers to verify account information and Social Security numbers. The victim is directed to a bogus website by clicking the legitimate-looking address. Sign-in rosters. There are some companies and governmental agencies (colleges, EDD, state-sponsored programs) that ask you to put your name and SSN on a sign-in roster. Identity thieves may sign up toward the end of a page so that they can copy and collect personal identifying information. "Help move money from my country," aka Nigerian 419 scam. A bogus email is sent from an alleged representative of a foreign government asking the victim to help move money from one account to another. Some forms include requests to help a dying woman or free a political prisoner. Some claim that the victim has been the recipient of a legacy or a winning lottery ticket. Nigerian money offers now account for about 12 percent of the scam offers. Canadian/Netherlands lottery. Originating from the Netherlands and other foreign countries, these scams usually ask for money to hold the prize until the victim can collect in person. "Free credit report." Almost all "free credit report" emails are scams. Either the person is trying to find out the victim's Social Security number or the victim is billed for services later on. "You have won a free gift." The victims receive an email about a free gift or prize. They just have to send their credit card info to take care of shipping and handling. Responding may result in hundreds of spams or telemarketing calls. Email chain letters/pyramid schemes. Victims are sent an official-looking email requesting cooperation by sending a report to five friends or relatives. Those who respond are then contacted for money in order to keep the chain going. "Find out everything on anyone." This email is trying to solicit money by offering a CD or program that victims can use to find out personal information on another person. However, the information is actually in the public domain and can be easily accessed without the program. Job advertisement scams. Phishers spoofing legitimate Internet job websites (for instance spoofing Monster.com) contact a victim promising a high-paying job. They solicit personal information, including Social Security numbers. VISA/MasterCard scam. A VISA or MasterCard "employee" sends an email asking to confirm unusual spending activity and asks the victim for the code on the back of his or her credit card.

information technology (IT)

All forms of technology used to create, store, retrieve, and exchange data in all its various forms, including electronic, voice, and still image. involves computer networking, the Internet, and advanced communications. It is the key to the economic system and will become even more important as major industries continue to shift their manufacturing plants to areas of the world where production is much cheaper.

The Costs of Cybercrime

An accurate accounting of cybercrime will probably never be made because so many offenses go unreported, but there is little doubt that its incidence is growing rapidly. Though thousands of breaches occur each year, most are not reported to local, state, or federal authorities. Some cybercrime goes unreported because it involves low-visibility acts—such as copying computer software in violation of copyright laws—that simply never get detected. Some businesses choose not to report cybercrime because they fear revealing the weaknesses in their network security systems. However, the information that is available indicates that the profit in cybercrime is vast and continually growing. Losses due to phishing and identity theft are now in the billions of dollars and rising with the continuing growth of ecommerce. Symantec Corporation (publisher of Norton AntiVirus) conducts an annual Internet security threat report that makes use of data from more than 24,000 security devices deployed in more than 180 countries. According to the most recent survey, attackers trick companies into infecting themselves with Trojan horse software updates to common programs and patiently wait for their targets to download the malware. Once a victim has downloaded the software update, attackers are given unfettered access to the corporate network. Highly targeted spear-phishing attacks are a favorite tactic for infiltrating networks. Attackers use stolen email accounts from one corporate victim to attack other victims higher up the food chain. They are learning to take advantage of companies' management tools and procedures to move stolen intellectual property around the corporate network before exfiltration. In the most recent survey year, there were more than 430 million new pieces of malware created—nearly a million per day. A sizable portion of all software is now being installed without proper licensing, especially in emerging economies, where unlicensed software use is widespread. Private business enterprise is not the only target that bears the cost of cybercrime. The Internal Revenue Service (IRS) revealed that it has paid refunds to criminals who filed false tax returns, in some cases on behalf of people who had died. By 2017, the IRS is expected to have lost as much as $21 billion in false pay-outs due to identity theft.

Spam

An unsolicited advertisement or promotional material, spam typically comes in the form of an unwanted email message; spammers use electronic communications to send unsolicited messages in bulk. While email is the most common form of spam, it can also be sent via instant messaging, online newsgroup, and texting, among other media. can simply be in the form of an unwanted and unwelcome advertisement. For example, it may advertise sexually explicit websites and get into the hands of minors. A more dangerous and malicious form of spam contains a Trojan horse disguised as an email attachment advertising some commodity such as free software or an electronic game. If the recipient downloads or opens the attachment, a virus may be launched that corrupts the victim's computer. The Trojan horse may also be designed to capture important data from the victim's hard drive and send it back to the hacker's email address. Sending spam can become a crime and even lead to a prison sentence when it causes serious harm to a computer or network.

Theft from ATMs

Automatic teller machines (ATMs) attract the attention of cybercriminals looking for easy profits. Rather than robbing an ATM user at gunpoint, the cybercriminal relies on stealth and technological skill to commit the crime. An ATM fraud is more simplistic than world domination. Take for instance the case of two brothers from Bulgaria who were charged with attempting to defraud two banks of more than $1 million by engaging in ATM skimming: placing an electronic device on an ATM that scoops information from a bank card's magnetic strip whenever a customer uses the machine. Skimmers can then create their own bank cards and steal from customer accounts. ATM skimming now costs U.S. banks hundreds of millions of dollars annually. Recent (2016) surveys show that skimming attacks on ATMs are increasing rapidly in the United States and Europe. While in the past attacks ran against larger corporations, we also see ATM thefts directly from armed robberies and kidnappings of customers. Cyberthieves use a realistic-looking card reader placed over the factory-installed card reader. When customers insert their ATM card into the phony reader, their account info is swiped and stored on a small, attached laptop and sent wirelessly to the criminals waiting nearby. Skimmers can also make use of a hidden camera, installed on or near an ATM, to record customers' entry of their PINs into the ATM's keypad.

Cyberterror attacks

Cyberspace is used by terrorist groups to remain connected and communicate covertly with agents around the world. Networks are a cost-effective tool for planning and striking. They enable terror groups to plan and carry out a variety of Internet-related attacks. Logic bombs are implanted in an enemy's computer. They can go undetected for years until they are instructed through the Internet to overwhelm the computer system. Programs are used to allow terrorists to enter secure systems and disrupt or destroy the network. Using conventional weapons, terrorists overload a network's electrical system, thereby threatening computer security. The computer system of a corporation whose welfare is vital to national security—such as Boeing or Raytheon—is breached and disrupted. Internet-based systems used to manage basic infrastructure needs—such as an oil pipeline's flow or water levels in dams—are attacked and disrupted, posing a danger of loss of life and interruption of services. One attack method is to release a botnet or software robot, also known as a zombie or drone, that allows an unauthorized user to remotely take control of a host computer without the victim's knowledge or permission. Infected computers can be used to launch denial-of-service attacks, send spam and spyware, or commit cyber extortion. In one attack, a global telecommunications company with a business unit in Central America experienced several unusual problems, including multiple network outages—some lasting up to six hours—which disrupted businesses and national connectivity, and took automated teller machines offline for extended periods of time. A botnet-based distributed denial-of-service attack had crippled the country's infrastructure The Center for Strategic and International Studies has uncovered cyberterror attacks on the National Security Agency, the Pentagon, and a nuclear weapons laboratory; operations were disrupted at all of these sites

Cybervandalism: Cybercrime with Malicious Intent

Cybervandalism typically involves a cyberattack to achieve a malicious or vengeful intent (such as a denial-of-service attack launched in retaliation for some slight), to hurt and embarrass someone they are angry at, or simply to hurt people because they enjoy being destructive. Cybervandals usually do not profit from their crimes other than to enjoy the havoc and harm they inflict on others; they are vandals in cyberspace. Cybervandalism ranges from sending destructive viruses and worms to stalking or bullying people using cyberspace as a medium. Cybervandals may want to damage or deface websites pull a virtual fire alarm; they are motivated more by malice than greed: Some cybervandals target computers and networks seeking revenge for some perceived wrong. Some want to exhibit their technical prowess and superiority. Some want to highlight the vulnerability of computer security systems. Some want to spy on other people's private financial or personal information (computer voyeurism). Some are mean-spirited bullies who want to harm others socially rather than physically. Some want to destroy computer security because they believe in a philosophy of open access to all systems and programs.

Internet Securities Fraud

Fifteen-year-old Jonathan Lebed was charged with securities fraud by the SEC after he repeatedly bought low-cost, thinly traded stocks and then spread hundreds of false and misleading messages concerning them—generally baseless price predictions. After their values were artificially inflated, Lebed sold the securities at an inflated price. Though he might not agree, young Lebed's actions are considered Internet fraud because they involve using the Internet to intentionally manipulate the securities marketplace for profit. There are three major types of Internet securities fraud today: Market manipulation. Stock market manipulation occurs when an individual tries to control the price of stock by interfering with the natural forces of supply and demand. There are two principal forms of this crime: the "pump and dump" and the "cybersmear." In a pump and dump scheme, erroneous and deceptive information is posted online to get unsuspecting investors interested in a stock while those spreading the information sell previously purchased stock at an inflated price. The cybersmear is a reverse pump and dump: negative information is spread online about a stock, driving down its price and enabling people to buy it at an artificially low price before rebuttals by the company's officers reinflate the price. Fraudulent offerings of securities. Some cybercriminals create websites specifically designed to fraudulently sell securities. To make the offerings look more attractive than they are, assets may be inflated, expected returns overstated, and risks understated. In these schemes, investors are promised abnormally high profits on their investments. No investment is actually made. Early investors are paid returns with the investment money received from the later investors. The system usually collapses, and the later investors lose their initial investment and do not receive dividends. Illegal touting. This crime occurs when individuals make securities recommendations and fail to disclose that they are being paid to disseminate their favorable opinions. Section 17(b) of the Securities Act of 1933 requires that paid touters disclose the nature, source, and amount of their compensation. If those who tout stocks fail to disclose their relationship with the company, information misleads investors into believing that the speaker is objective and credible rather than bought and paid for. Involves Market manipulation; illegal offering of securities, illegal touting. At 15 years of age, Jonathan Lebed was charged with securities fraud by the SEC after he repeatedly bought low-cost, thinly traded stocks and then spread hundreds of false and misleading messages concerning them—generally baseless price predictions. After their values were artificially inflated, Lebed sold the securities at an inflated price. His smallest one-day gain was $12,000, and one day he made $74,000. Lebed agreed to findings of fraud but later questioned whether he had done anything wrong; made restitution for illegal gains plus interest.

Etailing Fraud

Illegally buying and/or selling merchandise on the Internet. One scam involves purchasing top-of-the-line electronic equipment over the Net and then purchasing a second, similar looking but cheaper model of the same brand. The cheaper item is then returned to the etailer after switching bar codes and boxes with the more expensive unit. Because etail return processing centers don't always check returned goods closely, they may send a refund for the value of the higher priced model. In another tactic, called shoplisting, a person obtains a legitimate receipt from a store either by buying it from a customer or finding it in the trash and then returns to the store and, casually shopping, picks up an identical product. He then takes the product and receipt to the returns department and attempts to return it for cash, store credit, or a gift card. The thief then sells the store credit or gift card on the Internet at a discount for quick cash. more than 280,000 people file complaints with the government's Internet Crime Complaint Center each year and these scams create more than $1 billion in losses

Financial System Attacks

In ever-increasing numbers people are spending and investing their money electronically, using online banking, credit card payment, and online brokerage services. The banking/financial system transacts billions of dollars each day through a complex network of institutions and systems. A cyberattack can disrupt these transactions and interfere with the nation's economic well-being. financial service sector is a prime target and has been victimized by information warfare. In 2013, a massive cyberattack was directed at some of the nation's largest banks, including JPMorgan Chase, Bank of America, and Citigroup, by a hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters. What made this different was that the traffic came from data centers around the world that had been infected with malware designed to evade detection by antivirus solutions. The bank attackers used those infected servers to simultaneously fire traffic at each banking site until it slowed or collapsed. The purpose of the attack: to punish the American financial system in retaliation for a film insulting to Muslims.

Ehooking

Instead of walking the streets or hanging out in a brothel waiting for customers, cyberprostitutes set up personal websites or put listings on web boards, such as Adult FriendFinder, that carry personals. Using the Internet to advertise sexual services and make contact with clients. sites may use loaded phrases such as "looking for generous older man" in their self-descriptions. When contacted, sex workers ask to exchange emails, chat online, or make voice calls with prospective clients. They may exchange pictures. This preliminary contact allows them to select whom they want to be with and avoid clients who may be threatening or dangerous. Some cyberprostitution rings offer customers the opportunity to choose women from their Internet page and then have them flown in from around the country In Germany, where prostitution is legal, an app called Peppr makes it easy to find a sex worker. A potential client types in his or her location and up pops a list of the nearest prostitutes, along with pictures, prices, and physical characteristics; users can arrange a session for a booking fee that averages $10. Peppr is located in Berlin and has plans to expand to more cities. In addition to booking dates, online forums allow prostitutes to share tips about how to stay safe and avoid tangling with the law. Services such as Roomservice 2000 (recently renamed RS-AVS) allow customers to pay for a background check to present to sex workers. Both sides benefit since the client can demonstrate trustworthiness without giving credit card details or phone numbers to the prostitute.

cybervandalism

Malicious attacks aimed at disrupting, defacing, and destroying technology. aim their malicious attacks at disrupting, defacing, and destroying technology that they find offensive.

Ransomware

Malicious software, usually attached to an email, designed to block access to a computer system until a sum of money is paid. (Reveton) this is super crime, because it forces victim to pay for release of their own files or computer capabilities targets organizations and individual networks in an effort to deny the availability of critical data and/or systems. In 2015, the Internet Crime Complaint Center received 2,453 complaints identified as ransomware, with losses of more than $1.6 million Not only have individuals been the victim of ransomware attacks, so have businesses, banks, government agencies, and academic institutions. Once the infection is present, ransomware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the network to which the victim's computer is attached. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. earlier ransomware scams involved having victims pay the ransom with prepaid credit cards, victims are now increasingly asked to pay with Bitcoin, a decentralized virtual currency network that attracts criminals because of the anonymity the system offers. ransomware variant called CryptoWall encrypts files on a computer's hard drive and any external or shared drives to which the computer has access. It directs the user to a personalized victim ransom page that contains the initial ransom amount (anywhere from $500 to $5,000), detailed instructions about how to purchase bitcoins, and typically a countdown clock to notify victims how much time they have before the ransom doubles. Victims are infected with CryptoWall by clicking on links in emails that appear to be from legitimate businesses and through compromised advertisements on popular websites. With the most recent version (CryptoWall 4.0), there is no way to recover the files other than restoring from a backup—or paying the ransom. Ransomware attacks are not only becoming more frequent, they're becoming more sophisticated. Because email systems are now more adept at filtering out spam, some cybercriminals have turned to spear-phishing with emails that target specific individuals. Others forgo emails in favor of seeding legitimate websites with malicious code, taking advantage of the lack of security on many computers. Sadly, paying the ransom doesn't guarantee an individual victim or organization will get its data back; some never get a decryption key after having paid the ransom. And unfortunately, paying a ransom encourages cyberthieves to expand their activities.

Cyberspying by the Government

President George W. Bush in 2007 as part of the massive increase in homeland security that began shortly after the attacks on September 11, 2001, the program—officially called PRISM—was known in government circles as the "president's surveillance program." The NSA's PRISM program extracts information from the servers of nine major American Internet companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. PRISM gives the NSA access to audio, video, photographs, emails, documents, and connection logs for each of these systems. PRISM allows the NSA to track targeted individuals over time, while the online surveillance of search terms gives them insights into their thoughts and intentions. In addition, the government receives records of phone calls they make—across town or across the country—to family members, co-workers, business contacts, and others. The surveillance was undertaken without a warrant, which some legal scholars claim is in violation of the spirit of federal law and the Constitution. The American Civil Liberties Union filed suit, arguing that the program violates the First Amendment rights of free speech and association as well as the right of privacy protected by the Fourth Amendment. The complaint also charged that the dragnet program exceeds the authority that Congress provided through the Patriot Act. In 2015, a federal court dismissed the case. ACLU attorney Patrick Toomey responded: "The decision turns a blind eye to the fact that the government is tapping into the Internet's backbone to spy on millions of Americans. The dismissal of the lawsuit's claims as 'speculative' is at odds with an overwhelming public record of warrantless surveillance."

How common is cyberbullying

Sameer Hinduja and Justin Patchin, finds that about 35 percent of the high school and middle school students they surveyed report having been the target of some form of Internet harassment. Hinduja and Patchin have conducted eight different surveys with nearly 15,000 middle school and high school students in more than 80 schools throughout the United States. On average, about 25 percent of the students said they have been the victim of cyberbullying at some point in their lifetime, and about 16 percent of the students admitted that they have cyberbullied others at least once. Hinduja and Patchin's most important findings include: Adolescent girls are just as likely, if not more likely, than boys to experience cyberbullying (as a victim and/or offender). Cyberbullying is related to low self-esteem, suicidal ideation, anger, frustration, and a variety of other emotional and psychological problems. Cyberbullying is related to other issues in the real world, including school problems, antisocial behavior, and substance use. Traditional bullying is still more common than cyberbullying. Traditional bullying and cyberbullying are closely related: those who are bullied at school are bullied online and those who bully at school bully online. According to the most recent data compiled by the National Center for Education Statistics, about 7 percent of students ages 12 to 18 reported being cyberbullied anywhere during the school year. A higher percentage of female students than of male students reported being victims of cyberbullying overall (9 percent versus 5 percent) those who reported cyberbullying, about 27 percent indicated that they were cyberbullied at least once or twice a month; less than a quarter of the victims (23 percent) told an adult what happened to them.

Smishing and Vishing

Smishing is a variation of phishing that involves the use of texting Vishing is similar to smishing except the victims receive a voice mail message telling them to call a phone number or access a Web site scams use smart phones and landlines to trick people into providing access information for their bank, checking, and other accounts. Some scammers use the information to impersonate the victim and open new accounts. The word "smishing" is derived from SMS (texting) and phishing, and "vishing" comes from voice and phishing. criminals set up an automated dialing system to text or call people in a particular region or area code, sometimes using stolen customer phone numbers from banks or credit unions. The victims receive messages like "There's a problem with your account" or "Your ATM card needs to be reactivated" and are directed to a phone number or website asking for personal information. Armed with that information, criminals can steal from victims' bank accounts, charge purchases on their credit cards, create a phony debit card, and so on. In one case, bank customers received a text saying they needed to reactivate their ATM card. When they called the phone number in the text, they were prompted to provide their ATM card number, PIN, and expiration date. Many victims fell for the ruse and thousands of fraudulent withdrawals followed. If victims log on to one of the tainted websites with a smart phone, they might download malicious software that could give criminals access to anything on the phone.

Money Mules

Someone who collects and transfers money or goods acquired illegally and then transfers them to a third party. divert money electronically from bank accounts in order to buy high-end merchandise such as precious stones and expensive watches from jewelry stores. The phishers contact these jewelry stores, tell them what they'd like to buy, and promise they will wire the money the next day. A money mule goes to the store to pick up the merchandise and either gives the items to the organizers of the scheme or converts them to cash and uses money transfer services to launder the funds. money mules are willing participants in the criminal scheme. But increasingly they are unsuspecting people hired via "work-at-home" advertisements who end up laundering some of the funds stolen from bank accounts. The criminals email prospective candidates claiming to have seen their résumés on job websites and offer them a job. The hired employees are provided long and seemingly legitimate work contracts and actual websites to log on to for instructions. They're instructed to either open a bank account or use their own bank account in order to receive funds via wire transactions from numerous banks and then use money transfer services to send the money overseas.

Phishing

Sometimes called carding or brand spoofing, phishing is a scam where the perpetrator sends out emails appearing to come from legitimate web enterprises such as eBay, Amazon, and PayPal in an effort to get the recipient to reveal personal and financial information. identity thieves create false emails or websites (there are now nearly 300,000 in operation worldwide) that look legitimate but are designed to gain illegal access to a victim's personal information Some phishers send out emails that look like they come from a credit card company or online store telling victims there is a problem with their account credit or balance. asked to provide personal information or financial account information so the problem can be fixed. Some phishing schemes involve job offers. Once the unsuspecting victims fill out the "application," answering personal questions and including their Social Security number, the phisher has them in his or her grasp Once phishers have a victim's personal information, they can do three things. They can gain access to preexisting accounts, banking, credit cards, and buy things using those accounts. Phishers can use the information to open brand new banking accounts and credit cards without the victim's knowledge. Finally, the phishers can implant viruses into their software that forwards the phishing email to other recipients once one person responds to the original email, thereby luring more potential victims into their net. Phishing emails and websites have become even more of a problem now that cybercriminals can easily copy brand names, logos, and corporate personnel insignia directly into the email. The look is so authentic that victims believe the email comes from the advertised company. Most phishers send out spam emails to a large number of recipients knowing that some of those recipients will have accounts with the company they are impersonating.

spear-phishing

Targeting specific victims, sending them emails that contain accurate information about their lives obtained from social networking sites, and asking them to open an email attachment where malware harvests details such as the victims' usernames and passwords, bank account details, credit card numbers, and other personal information. Personal information makes the message seem legitimate and increases the chances the victims will open the email or go to a tainted website by clicking on a link where malware harvests details such as the victims' usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions or steal intellectual property and trade secrets

Recruitment and Fund-raising

Terrorist organizations are now using cyberspace in a number of different operational areas. They use the Internet to recruit new members and disseminate information. For example, radical Islamic militant organizations use the Internet to broadcast anti-Western slogans and information. An organization's charter and political philosophy can be displayed on its website, which can also be used to solicit funds. Terrorist groups use the Internet to raise funds to buy arms and carry out operations. One method of funding is through fraudulent charitable organizations claiming to support a particular cause such as disaster relief or food services. Charitable organizations in the United States raise more than $350 billion per year. Using bogus charities to raise money is particularly attractive to cyberterrorists because they face far less scrutiny from the government than for-profit corporations and individuals. They may also qualify for financial assistance from government-sponsored grant programs. One such bogus group, Holy Land Foundation for Relief and Development (HLFRD), provided more than $12 million to the terrorist group Hamas; in total, HLFRD raised more than $57 million but only reported $36.2 million to the IRS. Bogus companies have also been used by terrorist groups to receive and distribute money. These shell companies may engage in legitimate activities to establish a positive reputation in the business community but produce bills for nonexistent products that are "paid" by another party with profits from illegal activities, such as insurance fraud or identity theft. If a shell company generates revenues, funds can be distributed by altering financial statements to hide profits and then depositing the profits in accounts that are used directly or indirectly to support terrorist activities.

Combating Cyberwar

The military has formed the United States Cyber Command (USCYBERCOM), a division that "plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure U.S./Allied freedom of action in cyberspace and deny the same to our adversaries." USCYBERCOM ties together the cyberwarfare arms of the various service branches: The National Security Agency/Central Security Service (NSA/CSS) encompasses both signals intelligence (SIGINT) and information assurance (IA) programs. The NSA's information assurance mission is to prevent foreign adversaries from gaining access to sensitive or classified national security information. Their signals intelligence mission collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations.

Cybercrime

The use of modern technology for criminal purposes. -can be singular or ongoing, but typically involve the theft and/or destruction of information, resources, or funds utilizing computers, computer networks, and the Internet. The crime rate for England and Wales doubled to more than 11.6 million offenses in 2015 when cybercrime began to be included in the national crime rate. While common-law crimes continued to decline, the overall crime rate jumped with the inclusion of an estimated 5.1 million online fraud incidents and 2.5 million cybercrime offenses. England and Wales have a population of about 56 million people; the U.S. population is about 320 million. If the ratio is the same, then U.S. citizens may be victimized by more than 40 million cybercrime incidents each year. In 2015, the most recent data available, IC3 received 288,000 complaints with an adjusted dollar loss of more than $1 billion. More than 20,000 complaints are now received each month Internet Crime Complaint Center (IC3) In the past five years, the complaint center has received almost 3.5 million complaints of Internet fraud. These data indicate that the crime drop in America may in fact be a function of criminals switching from common-law crime to cybercrime According to Internet security company MacAfee, a conservative estimate of the annual cost to the global economy from cybercrime is more than $400 billion and losses may actually reach $575 billion. This is more than the national income of most countries and governments.

Last notes

This chapter highlights what types of crime face us in an era of internet connectedness. The nations of the world have an interest in control on the internet, but these come at great cost. Some countries, like North Korea, flagrantly violate law and engage in cybercrime or cyberterrorism. The United States operates a number of organizations and agencies to control cybercrime, as do other countries. The U.S. Secret Service has cyber crime or electronic crime task forces (ECTF), focused on identifying international cybercriminals and thwarting cyber intrusions. One successful effort is the New York-New Jersey Electronic Crime Task Force, partnering with the Secret Service and a number of public safety and corporations. To control cybercrime, we, as a society, will always have to remain vigilant to "enemy" state cyberattacks, and as individuals we'll always have to watch our personal accounts for theft or identity fraud. Intelligence agencies have identified the social harm threat from the world's bad actors. There will be many questions, though, about how wide to cast the dragnet to take down cybercriminals while protecting our rights in the 21st century.

Combating Phishing and Identity theft

To meet the increasing threat of phishing and identity theft, Congress passed the Identity Theft and Assumption Deterrence Act of 1998 (Identity Theft Act) to make it a federal crime when anyone: Knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law Violations of the act are investigated by federal investigative agencies such as the U.S. Secret Service, the FBI, and the U.S. Postal Inspection Service. In 2004, the Identity Theft Penalty Enhancement Act was signed into law; the act increases existing penalties for the crime of identity theft, establishes aggravated identity theft as a criminal offense, and establishes mandatory penalties for aggravated identity theft. According to this law, anyone who knowingly "transfers, possesses, or uses, without lawful authority" someone else's identification will be sentenced to an extra prison term of two years with no possibility of probation. Committing identity fraud while engaged in crimes associated with terrorism—such as aircraft destruction, arson, airport violence, or kidnapping top government officials—will receive a mandatory sentence enhancement of five years

cybertheft

Use of computer networks for criminal profits. Illegal copyright infringement, identity theft, and Internet securities fraud are examples of cybertheft. illegal copying of copyrighted material to using technology to commit traditional theft-based offenses such as larceny and fraud. The textbook discusses, the theft of intellectual property. Theft of intellectual property is listed as the main cause for the placement of tariffs on imports from China and that remains a contentious issues between the US and China.

Cyberstalking

Use of the Internet, email, or other electronic communications devices to stalk another person. Some cyberstalkers pursue minors through online chat rooms; others harass their victims electronically. General David Petraeus, head of the Central Intelligence Agency, was forced to resign when word came out that he had a long-term extramarital affair with his biographer, Paula Broadwell. The affair was uncovered when Jill Kelley, a Florida socialite, asked a friend in the FBI to investigate a series of harassing emails she had received from an unknown person. The FBI traced the emails to Broadwell, and found that she was also exchanging intimate messages with an email account belonging to Petraeus. The head of the CIA was brought down because his former girlfriend was cyberstalking a rival! In the Internet age, stalkers can pursue victims through online chat rooms. Pedophiles can use the Internet to establish a relationship with a child, and later make contact for the purpose of engaging in criminal sexual activities. Internet predators are more likely to meet, develop relationships with at-risk adolescents, and beguile underage teenagers, rather than use coercion and violence Not all cyberstalkers are sexual predators. Some send repeated threatening or harassing messages via email and use programs to automatically send messages at regular or random intervals. A cyberstalker may trick other people into harassing or threatening a victim by impersonating the victim on Internet bulletin boards or chat rooms, posting messages that are provocative, such as "I want to have sex." The stalker then posts the victim's name, phone number, or email address hoping that other chat participants will stalk or hassle the victim without the stalker's personal involvement.

ATM skimming

Using an electronic device or camera on an ATM that copies information from a bank card's magnetic strip whenever a customer uses the machine or photographs their key strokes. Skimmers can then create their own bank cards and steal from customer accounts. ATM skimming now costs U.S. banks hundreds of millions of dollars annually. Recent (2016) surveys show that skimming attacks on ATMs are increasing rapidly in the United States and Europe. While in the past attacks were aimed at large banks, recent activity is now highest at non-bank ATMs, such as those in convenience stores. past skimming attacks targeted banks in big cities, they are now spread across the country in small towns and suburban areas. The devices planted on ATMs are usually undetectable because they blend right in with the ATM's physical structure. Some cybercriminals attach a phony keypad on top of the real keypad which records every keystroke as customers punch in their PINs. These skimming devices are installed for short periods of time—usually just a few hours—so they're often attached to an ATM by nothing more than double-sided tape. They are then removed by the criminals, who download the stolen account information and encode it onto blank cards. The cards are used to make withdrawals from victims' accounts at other ATMs. Some cyberthieves use a realistic-looking card reader placed over the factory-installed card reader. Skimmers can also make use of a hidden camera, installed on or near an ATM, to record customers' entry of their PINs into the ATM's keypad.

Cyberwar

Using cyberspace for acts of war, including spying and disrupting an enemy's computer network. actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or distributed denial-of-service attacks (DDoS) The North Korean's Rising Sun or 141 group commits this. One element, cyberterrorism, aims to undermine the social, economic, and political system of an enemy nation by destroying its electronic infrastructure and disrupting its economy. This same group was responsible for attempting to steal one billion dollars from the Government of Bangladesh. They only got away with 89 million dollars. This crime, reported in the New York Times, was only found because a mid-level American bank officer questioned the large amount of money leaving Bangladeshi national accounts. In sum, some cybercriminals are high-tech thieves while others are high-tech vandals; the property they destroy is electronic rather than physical. Some use the Internet to distribute illegal services and material, and some use it to plot and carry out terrorist activities, going as far as to wage cyberwar. The internet allows criminals access to the global economy. Computer-based technology allows criminals to operate in a more efficient and effective manner. Cyberthieves now have the luxury of remaining anonymous, living in any part of the world, conducting their business during the day or in the evening, working alone or in a group, while at the same time reaching a much wider number of potential victims than ever before. No longer is the con artist or criminal entrepreneur limited to fleecing victims in a particular geographic locale; the whole world can be his or her target. The advent of these international cybercrimes necessitates novel approaches to law enforcement. Who do we pursue - kids in Karachi. Or the Bangladeshi fraudsters? Who polices all these events? Moreover, how can we say that cybercrime is a function of social forces, the social environment or social structure, when cyber criminals are highly educated, knowledgeable about the latest technology and commit crimes using the anomalies of cyberspace?

Identity Theft

Using the Internet to steal someone's identity and/or impersonate the victim in order to conduct illicit transactions such as committing fraud using the victim's name and identity. Identity theft can destroy a person's life by manipulating credit records or stealing from their bank accounts. Identity thieves use a variety of techniques to steal information. They may fill out change of address cards at the post office and thus obtain people's credit card bills and bank statements. They may then call the credit card issuer and, pretending to be the victim, ask for a change in address on the account. They can then charge numerous items over the Internet and have the merchandise sent to the new address. It may take months for the victim to realize the fraud because the victim is not getting bills from the credit card company. common goals of identity thieves? Opening new lines of credit remains the most frequently occurring use for a victim's identity, followed by using personal information to make charges on stolen credit cards and debit cards, obtaining utilities, applying for bogus personal loans and business loans, and check fraud (personal information is used to access an existing account via theft or the creation of false checks). Identity theft occurs when a person uses the Internet to steal someone's identity and/or impersonate the victim to open a new credit card account or conduct some other financial transaction. Identity theft can destroy a person's life by manipulating credit records or stealing from their bank accounts. According to the most recent government surveys, almost 18 million persons, or about 7 percent of US residents age 16 or older, are victims of at least one incident of identity theft each year.

viruses and worms

Viruses are a type of malicious software program (also called malware) that disrupts or destroys existing programs and networks, causing them to perform the task for which the virus was designed. The virus is then spread from one computer to another when a user sends out an infected file through email, a network, or a portable drive. Computer worms are similar to viruses but use computer networks or the Internet to self-replicate and send themselves to other users, generally via email, without the aid of the operator.

denial of service attack

a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources David Joseph Rezendes, 27, was sentenced to serve 18 months in federal prison for intentionally damaging a protected computer system. He also had to forfeit equipment he used in the attack, including three desktop computers, three laptops, nine hard drives, two routers, three cable modems, and a magnetic stripe card reader/writer, among other things. What did he do to deserve such a sentence? Rezendes was responsible for a denial-of-service attack he implemented to retaliate against the Larimer County government. During his attack, he saturated the county's computer network with such an overwhelming amount of traffic and communication requests that county employees were unable to access email or county records. In addition, the public's ability to use county services online was diminished, and thousands of people were unable to access needed information. What motivated the attack? Rezendes was angry about a traffic ticket!

Catfishing

a term that refers to the practice of setting up a fictitious online profile, most often for the purpose of luring another into a fraudulent romantic relationship. According to the Urban Dictionary, a catfish is "someone who pretends to be someone they're not, using Facebook or other social media to create false identities, particularly to pursue deceptive online romances." So, to "catfish" someone is to set up a fake social media profile with the goal of duping that person into falling for the false persona. 13-year-old Megan Meier began an online relationship with a boy she knew as Josh Evans. For almost a month, Megan corresponded with this boy exclusively online because he said he didn't have a phone and was homeschooled. One day Megan received a message from Josh on her MySpace profile saying, "I don't know if I want to be friends with you any longer because I hear you're not nice to your friends." This was followed by bulletins being posted through MySpace calling Megan "fat" and a "slut." After seeing the messages, Megan became distraught and ran up into her room. A few minutes later, Megan's mother Tina found her daughter hanging in her bedroom closet. Though Tina rushed her to the hospital, Megan died the next day. Six weeks after their daughter's death, the Meier family learned that the boy with whom Megan had been corresponding never existed. Josh Evans (and his online profile) was created by Lori Drew, a neighbor and the mother of one of Megan's friends. She created the profile as a way to spy on what Megan was saying about her daughter. Drew was charged with violations of the Computer Fraud and Abuse Act (CFAA), though her conviction was later overturned.

How Common is Identity Theft?

almost 18 million persons, or about 7 percent of U.S. residents age 16 or older, are victims of at least one incident of identity theft each year. Today, the most common type of identity theft is the unauthorized misuse or attempted misuse of an existing account—experienced by more than 16 million persons. Victims may have experienced multiple types of identity theft. Almost 9 million victims experienced the fraudulent use of a credit card, 8 million experienced the unauthorized use or attempted use of existing bank accounts (checking, savings, or other), and 1.5 million experienced other types of existing account theft, such as misuse or attempted misuse of a phone, Internet, or insurance account. victims discover the incident when a financial institution contacts them about suspicious activity or when they notice fraudulent charges on an account. The majority of identity theft victims surveyed did not know how the offender obtained their information, and 90 percent of victims did not know anything about the offender. Victims whose personal information was misused or who had a new account opened in their name experienced greater out-of-pocket financial losses than those who had an existing credit card or bank account compromised; 14 percent lost $1,000 or more. fewer than 1 in 10 identity theft victims reported the incident to police. The great majority contacted their credit card company or bank to report misuse or attempted misuse of an account or personal information, while 8 percent contacted a credit bureau

Cyberterrorism p2

an element of cyberwar that involves an effort by covert forces to disrupt the intersection where the virtual electronic reality of computers meets the physical world. Cyberspace is a handy battlefield for the terrorist because an attack can strike directly at a target that bombs won't affect: the economy. Because technological change plays a significant role in the development of critical infrastructures, they are particularly vulnerable to attack. And because of rapid technological change, and the interdependence of systems, it is difficult to defend against efforts to disrupt services. Cyberterrorists have many advantages. There are no borders of legal control, making it difficult for prosecutors to apply laws to some crimes. Criminals can operate from countries where cyber laws barely exist, making them almost untouchable. Cyberterrorists can also use the Internet and hacking tools to gather information on targets. There is no loss of life because there is no need to infiltrate enemy territory. Terrorists can commit crimes from anyplace in the world, and the costs are minimal. Nor do terror organizations lack for skilled labor to mount cyberattacks. There are a growing number of highly skilled computer experts in developing countries who are available at reasonable costs. Cyberterrorism may result in a battered economy in which the government is forced to spend more on the military and cut back on social programs and education. These outcomes can weaken the terrorists' target and undermine its resolve to continue to resist.

How ransomware works

computers around the nation have been attacked by the Reveton virus used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses. Unlike many other viruses—which activate when users open a file or attachment—Reveton is a drive-by virus that installs itself when users go to a compromised website; once infected, the victim's computer immediately locks. With the original Reveton virus, the infected computer's monitor displayed an official-looking screen (with an FBI logo) stating there had been a violation of federal law: illegal use of downloaded media, underage porn viewing, or computer-use negligence. It listed fines and penalties for each, and directed victims to pay with a $200 money order. The newer Reveton threats instruct victims to pay with Bitcoin, a more untraceable cryto-currency. This has investigators going through a number of trap doors in their investigations. In 2015, the IC3 had reports of 2,453 complaints of ransomware malware.

File Sharing

form of illegal copyright infringement involves file-sharing programs that allow Internet users to download music and other copyrighted material without paying the artists and record producers their rightful royalties. Theft through the illegal reproduction and distribution of movies, software, games, and music is estimated to cost U.S. industries more than $20 billion worldwide each year. criminal copyright infringement still represents a significant economic threat to producers, artists, and programmers. The United States Code provides penalties for a first-time offender of five years incarceration and a fine of $250,000. Other provisions provide for the forfeiture and destruction of infringing copies and all equipment used to make the copies. The fact is file share infringes on a number of copyrights, usually on music and the entertainment works which reach the Internet days or weeks before the legitimate product is commercially available. The government has actively pursued members of the warez community, and some have been charged and convicted under the Computer Fraud and Abuse Act (CFAA), which criminalizes accessing computer systems without authorization to obtain information and also violates various copyright laws. Warez is the name of the violators as they try to file share in each community. Penalties for such violations will be substantial. Copyright infringement still represents a significant economic threat to producers, artists, and programmers. The United States Code provides penalties for a first-time offender of five years incarceration and a fine of $250,000 for infringements. Why even commit such a crime, when Spotify allows you free music at all time and allow for downloads?

Cyberwar: Politically Motivated Cybercrime

generally accepted and understood that the developed world is totally dependent upon electronic communication and data storage for its survival. Protecting a nation's critical technological infrastructure has been raised in priority so that it is now considered by many countries alongside the traditional aspects of national defense. It is routine for defense agencies around the world to employ units to conduct cyberattacks on enemy nations. Cyberwar enables the forces of one nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption. Computer systems may be compromised so that vital war material is misdirected or even destroyed. Ground attacks are facilitated by destroying command systems and compromising air defenses. Instead of blowing up air defense radar systems and giving up the element of surprise before hitting targets, in the age of cyberwar the computers controlling air defense are put out of action.

Cyberspying

illegally using the internet to gather information that is considered private and confidential Spyware is a type of software that gathers personal information, including web browser histories, emails, and online purchases. Once information is gathered, it is automatically transmitted to those who installed the software either directly on the computer or when the victim opened an attachment. In some instances, the computer operator gives consent to the spying, which is legal. Parents can legally install spyware on their minor child's computer if they are the owners of the machine. If their child is a legal adult, parents must obtain consent. The FlexiSPY Corporation of Wilmington, Delaware, offers software that can capture every Facebook message, email, text, and photo sent from a phone, as well as record phone calls. They also promote the ability to catch cheating spouses by monitoring their cell phone so that the purchaser "will know for sure what your partner is really feeling, saying and doing when you are not there. FlexiSPY will let you read all their cell phone messages ... and let you know their location at any time, and even let you listen to their cell phone conversations as they happen. It's easy to install and is completely hidden so they will never know." These services are legal only if the person installing the software also owns the device or was given consent by the owner, a warning that the FlexiSPY makes clear on their website. Some are people involved in marital disputes who may want to seize the emails of their estranged spouse. Business rivals might hire disgruntled former employees, consultants, or outside contractors to steal information from their competitors. These commercial cyberspies target upcoming bids, customer lists, product designs, software source code, voicemail messages, and confidential email messages. Some of the commercial spying is conducted by foreign competitors who seek to appropriate trade secrets in order to gain a business advantage.

prosecuting internet pornography

it has been difficult to control Internet pornography. One reason is that offenders are scattered around the world, making identification and arrest challenging. There needs to be significant law enforcement agency cooperation to gather evidence and locate suspects. When there are prosecutions, they are aimed at child pornography, considered a much more serious crime than sale of adult material.

Globalization

the process of creating transnational markets, politics, and legal systems—in other words, creating a global economy. IT is responsible Internet is now the chosen medium to provide a wide range of global services, ranging from entertainment and communication to research and education. The cyber age has also generated an enormous amount of revenue. Though total spending on IT and telecommunications has been slowing down, it is now around $2.5 trillion per year. More than 3 billion people are on the Net, sending 205 billion emails per day, and more than 8 trillion text messages per year. Social media sites like Facebook and Twitter are expanding exponentially; Facebook now has more than 1.5 billion users

Contemporary Cybercrime

vast network of mobile and stationary computer networks has become a target for illegal activities and enterprise. Criminals are becoming more technologically sophisticated, routinely using the Internet to carry out their criminal conspiracies. Some cybercriminals use modern technology to sell illegal goods and services, or conversely, to illegally appropriate legitimate products and services. some cybercriminals are high-tech thieves while others are high-tech vandals; the property they destroy is electronic rather than physical. Some use the Internet to distribute illegal services and material, and some use it to plot and carry out terrorist activities, going as far as to wage cyberwar This array of modern crimes presents a compelling challenge for the justice system and law enforcement community because (a)it is rapidly evolving with new schemes being created daily, (b)it is difficult to detect through traditional law enforcement channels, and (c)its control demands that agents of the justice system develop technical skills that match those of the perpetrators. also present a significant challenge for criminologists because they defy long-held assumptions about the cause of crime. How can we say that crime is a function of social forces, the social environment, or the social structure, when these contemporary criminals are typically highly educated and technologically sophisticated people who commit their crimes in places far removed from their victims? By their very nature, cybercrimes demand a high degree of self-control and planning, something a truly impulsive or mentally unstable person would have difficulty achieving. As cybercrime expert Majid Yar explains, it may be that "considerable theoretical innovation" will be required before criminologists can fully understand this phenomenon.