You hear a lot about cybercrime, but what exactly is it? The simple answer is, "It's complicated!"Like traditional crime, cybercrime can take many shapes and can occur nearly anytime or anyplace. Criminals committing cybercrime use a number of methods, depending on their skill-set and their goal. This should not be surprising: cybercrime is, after all, simply 'crime' with some sort of 'computer' or 'cyber' aspect.
- Cybercrime has surpassed illegal drug trafficking as a criminal moneymaker.*
- Every 3 seconds an identity is stolen.**
- Without security, your unprotected PC can become infected within four minutes of connecting to the internet.***
The Council of Europe's Cybercrime Treaty uses the term 'cybercrime' to refer to offenses ranging from criminal activity against data to content and copyright infringement [Krone, 2005]. However, others [Zeviar-Geese, 1997-98] suggest that the definition is broader, including activities such as fraud, unauthorized access, child pornography, and cyberstalking. The United Nations Manual on the Prevention and Control of Computer Related Crime includes fraud, forgery, and unauthorized access [United Nations, 1995] in its cybercrime definition.
As you can see from these definitions, cybercrime can cover a very wide range of attacks. Understanding this wide variation in types of cybercrime is important as different types of cybercrime require different approaches to improving your computer safety.
Symantec draws from the many definitions of cybercrime and defines it concisely as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. The broad range of cybercrime can be better understood by dividing it into two overall categories, defined for the purpose of this research as Type I and Type II cybercrime.
Type I cybercrime has the following characteristics:
- It is generally a single event from the perspective of the victim. For example, the victim unknowingly downloads a Trojan horse which installs a keystroke logger on his or her machine. Alternatively, the victim might receive an e-mail containing what claims to be a link to known entity, but in reality is a link to a hostile website.
- It is often facilitated by crimeware programs such as keystroke loggers, viruses, rootkits or Trojan horses.
- Software flaws or vulnerabilities often provide the foothold for the attacker. For example, criminals controlling a website may take advantage of a vulnerability in a Web browser to place a Trojan horse on the victim's computer.
Examples of this type of cybercrime include but are not limited to phishing, theft or manipulation of data or services via hacking or viruses, identity theft, and bank or e-commerce fraud.
Type II cybercrime, at the other end of the spectrum, includes, but is not limited to activities such as cyberstalking and harassment, child predation, extortion, blackmail, stock market manipulation, complex corporate espionage, and planning or carrying out terrorist activities. The characteristics of Type II cybercrime are:
- It is generally an on-going series of events, involving repeated interactions with the target. For example, the target is contacted in a chat room by someone who, over time, attempts to establish a relationship. Eventually, the criminal exploits the relationship to commit a crime. Or, members of a terrorist cell or criminal organization may use hidden messages to communicate in a public forum to plan activities or discuss money laundering locations, for example.
- It is generally facilitated by programs that do not fit into under the classification crimeware. For example, conversations may take place using IM (instant messaging) clients or files may be transferred using FTP.
*"Cybercrime More Profitable Than Drugs", NineMSN, More Info.
**Identity Theft Statistics, Identity Protection Online, More Info.
***"Eliminating Mobile Security Blindfolds", Tech News World, More Info.
Krone, T., 2005. High Tech Crime Brief. Australian Institute of Criminology. Canberra, Australia. ISSN 1832-3413. 2005.
Zeviar-Geese, G. 1997-98. The State of the Law on Cyberjurisdiction and Cybercrime on the Internet. California Pacific School of Law. Gonzaga Journal of International Law. Volume 1. 1997-1998.