Cyber crime is the catchall term used for crime which makes use of the internet. Interpol acknowledges that most law enforcement have two distinct categories: advanced cyber crime, in which sophisticated individuals or groups target computer hardware or software (“cracking” or “hacking”), and cyber-enabled crime, traditional crimes where the computer and internet are employed advantageously to help the criminal (fraud, child exploitation, stalking). Often crimes like the 2014 leaked celebrity nudes are the result of a basic phishing scam and not an advanced hack.
Advanced cyber crime is often portrayed by mass media as acts carried out by lone individuals in their parents’ basement. This view is skewed as cyber criminals often belong in a gang with a formal structure. These groups breach large organisations like banks, large corporations, or universities which often go unnoticed. Security expert Nicholas Percoco notes that the median time it takes for a company to detect a breach varies between 146 and 210 days.
The easiest way to breach a company is by hacking the person. Dubbed social engineering, the premise is to build a fantasy scenario that is believable to the victim. A presentation by Dave Kennedy at DEFCON 23 highlighted how easy it was for first timers to find out information from Fortune 500 companies. Sadly the stereotypes work. Act like a naive young female caller, and most male egos will feel satisfied by lending assistance. One participant was able to find out the type of operating system in use, their antivirus programs, and other seemingly trivial but potentially relevant data. From there, an attack strategy is decided.
The methods to breach the computer system can range from the very basic like phishing (malicious email links), and candy dropping (leaving tainted USB drives lying about to be plugged in), to the more advanced, like using zero-day exploits (flaws in a computer programmes source code). The payoffs can be huge. The Economist reported that $81 million was transferred out of Bangladesh’s central bank in February 2016. While the details are scary (for obvious reasons), the overall reason was blamed on the banks outdated and inadequate security.
While advanced cyber crime is limited to those chosen few who have an advanced skill set, computer assisted crime is basic in comparison. 99.85 percent of people with access to an internet connection have on some level been involved in at least one cyber crime, cyber stalking. Yes, going on Facebook to check out your ex’s cuddle buddy is still stalking, even if you are just trying to see what they have that you don’t. Sites like Facebook are a brilliant means for those who wish to do harm. Given the amount of information people willingly post, with enough time and a keen mind, the bunny boiler/creep can find out any and all information about you. Even if you monitor what you post and upload, you cannot control the actions of others.
Television shows like CSI: Cyber are great at highlighting the dangers of the online world. Strip away the drama, the plot lines, and the (deliberately?) erroneous content, you are still left with situations that are highly plausible or have happened such as webcams being breached, car computers getting cracked, revenge porn, and ransomware. Ransomware is code designed to lock the user out from their device until a sum of money has been paid. Often displayed with an official law enforcement icon, past targets have included hospitals, private citizens, and companies. This attack is brilliant in its simplicity. Based on the principle of hacking the person, few victims are going to front up to law enforcement requesting help if their device contains questionable material.
There are some ways to limit the chances of being a victim of cyber crime occurring against you, like being careful who you share your passwords with, and watching which links you click. Cyber crime though, like crime in general, can happen despite the victim having done all they could to mitigate the likelihood. If people want to do you harm they will.