Internet has become a necessity in our lives today, as a lot of people spend hours of their daily time on internet using their computers and mobile phones. It literally is an essential part of our work and hobbies. By using internet in 2020, we shop online, read different news stories, play games, watch movies and series, listen to music, engage in social media, and all sorts of other entertainments and business related matters. In other words, nowadays our lives simply depend on internet. According to Statista, one of the most reliable global business data platforms, just in October 2020 almost 4.66 billion people were active internet users; which is around %59 of the global population. Mobile has now become the most important channel for internet access around the world as %91 of all the internet users use their smartphones. In another research done by PewReseach in 2019, a year in which COVID-19 had not forced everyone to use internet every day, it was revealed that around %81 of United States’ adults go online on a daily basis.
It is clear that in the modern age, most people use internet every day and engage in different websites and platforms for a considerable amount of time. While internet provides us a fast and easy access to all sorts of different activities and hobbies and fulfills a lot of our needs, it also exposes us to a vast variety of dangerous online crimes such as financial data theft, information leaks, or much worse. What if a virus makes its way to our smartphones or laptops? What if our personal data gets leaked online? What if we end up being the victim of a cybercrime?
A cybercrime, also known as a computer-oriented crime, is a criminal activity that either uses or targets a computer and a network. These crimes are mostly committed by cybercriminals or hackers who may either be part of an organization or work individually. Unsurprisingly, each one of these people have different methods and tactics as well. Hacking, which is pretty well-known among people, for example, is only one of the ways of committing a cybercrime. It is also important to note that like every other types of criminals, the abilities of each cybercriminal varies; some of them are just novice hackers whereas there are also numbers of organized cybercriminals who use advanced techniques and are highly skilled. Either way, they are a threat to our privacy, financial wealth and properties, and also our mental health.
But what are their goals? Well, in the modern era, there are a vast variety of cybercrimes occurring for different reasons and purposes. Money is usually the main goal as most cybercrimes are committed seeking profit through different means. Some of the methods they use are more direct, such as hacking someone’s online accounts and stealing their money, while the rest are a little bit more complex. For instance, a cybercriminal might break into someone’s computer and gain access to some sensitive information, and then blackmail a company or an individual for money. Despite everything said, financial reasons are not always the case as sometimes cybercrimes are committed for political or personal reasons. And sometimes their activities are just illegal by law, like trafficking in child pornography and intellectual property, stealing identities, or violating privacy.
There are tons of different types of cybercrimes committed with different methods and tactics. The true nature of almost every type of cybercrimes have always existed in the real physical world for ages. Criminal activities such as bullying, stealing identities, or financial thefts, for example, have always been here throughout the history. The only difference is that, cybercrimes occur on computers and networks; they happen outside of the physical world and hence, they do not truly endanger our physical health. Nevertheless, they are considered crimes as they threaten our properties or bring us major inconvenience and annoyance. Worst case scenario, they can even lead to financial ruin and potentially threaten our reputation and personal safety.
Cyber Theft & Fraud: Cyber Theft consists of crimes in which a computer is used for thieving valuable things. Stealing money, personal information, financial data, intellectual properties, or even fraud and embezzlement in the cyber universe, are all considered cybercrimes. It is interesting to know that based on researches, around 60% of fraud comes from mobile devices; of that figure, 80% comes from smartphone apps.
Identity fraud, where personal information is stolen and used elsewhere, is also a cyber-theft since misusing personal information is illegal. Sometimes identity thieves target organizations that store people’s personal information, like schools or credit card companies. However, most cybercriminals usually target personal computers since it is easier, compared to breaking into a big corporation’s network.
Cyberbullying: Cyberbullying includes any threat to people’s safety, endangering others’ lives, coercion and displays of hate or bias against certain protected populations. All of which are obviously illegal and committing any of them on the internet is considered an act of cybercrime.
CyberExtortion: Cyber Extortion is a sort of online blackmailing. In these cases, cybercriminals attack or threaten to attack the victim and then demand money or some other types of response for stop doing so.
RansomWare is a type of cyber extortion in which a malware is used. This malware threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
CryptoJacking: When hackers use other people’s computing power to mine CryptoCurrencies (forms of online money) without consent, they are cryptojacking. This method is quite different than using typical malware since cryptojacking does not necessarily go after victims’ data; it just target their processing power. As the result, hackers gain access to other people’s processing powers and then use them to mine cryptocurrencies such as Bitcoin or Ethereum.
CyberEspionage: Espionage, in definition, is the practice of spying or using spies to obtain information about the plans and activities of a foreign government or a competing company. And similar to that, when hackers attack networks belonging to a government or a company to steal classified data, sensitive information, or intellectual properties, they commit cyberespionage. They might use the stolen data for blackmailing the company or simply sell them to the competitors of that organization.
Illegal Activities: There are also some other sorts of cybercrimes that might not threaten people’s properties in any way; yet, they are considered illegal activities according to the law. Child grooming, distributing child pornography, spreading hate, or inciting terrorism are some of the most significant examples of these types of cybercrimes. Spreading illegal information and images is crime, even when it happens in the cyber world. Infringing copyright, illegal gambling, or selling illegal items online are also cybercrimes.
Hacking, in definition, refers to the practice of modifying a product or procedure to alter its original function, or to fix a problem. In some situations, hacking can be quite harmless. For instance, a hacker may rewrite some parts of an existing software in order to allow access to hidden features. Even though this is technically a violation of the Terms of Service agreement since the original designer did not intend to provide access to those features, it is not exactly a prosecutable offense. However, hacking in its more common definition, which refers to any unauthorized access of a computer system, is considered a cybercrime. When a hacker break into the computers and networks of any company or individual without permission, they can gain access to sensitive business information or personal and private data without authorizations; thus, it is a cybercrime and considered illegal.
Nonetheless, not all hackers are criminals. Some hackers, who are often called “white hat” hackers, are hired by software companies to find flaws and holes in their security systems. These hackers attempt to hack their way into a company’s network and then present a report to the company about the existing holes in their systems and also provide them the ways to fix those flaws. They are experts in testing security systems and get paid for challenging companies’ networks. This way, they can put their skills into a good cause and help stop cybercriminals.
And sometimes, cybercriminals or “black hat” hackers might want to go clean and turn away from crime. In these cases, working as a security consultant for the companies they used to torment is one of the best options. These hackers are called “Grey Hat” hackers and have more knowledge and experience about infiltration of networks than most computer security professionals.
Cybercriminals use a variant range of different methods and tactics for fraud and stealing people’s money and information. In most cases, they just use lies in order to manipulate their victims into handing valuable data over to them! Their methods and means are part of a psychological manipulation system called Social Engineering.
Social engineering includes a set of tactics used by cybercriminals for tricking people into revealing their personal information. They usually involve very convincing fake stories to lure victims into their trap. Phishing is one of the most common ones in which they use fake email messages to get personal information from internet users. According to Data Connectors researches, around 30% of phishing emails in the U.S. are opened, unfortunately! But how do people fall for them? Well, let’s take a look at some of the most typical tactics of Social Engineering and see how convincing they are:
Sharing a link to a fake website. Cybercriminals send an email message to their victims claiming that there is a problem with their account, and also share a link to a fake website. Then the victims visit the website and tries to sign in using his personal information and private username and password. Afterwards, the fake websites send the gathered data straight to the cybercriminals.
Attaching a malware to an email message. Sometimes they send their victims a very appealing email message and trick them into downloading the malware that they had attached to the message. They might say that the attached file is an enjoyable game or a useful software. However, when the victims download the attachment, they let the cybercriminals into their devices.
“Congratulations! You have won a prize!” One of the most common tactics is sending an email message to people and claiming that they have won a big prize. Who hates receiving prizes without accomplishing anything, right? The trick is, these cybercriminals ask for their victims credit card information at the end of their message and claim that it is necessary for transferring the prize. And sometimes they just promise the victim they will receive millions of dollars if they share their bank account information to the sender.
And sometimes these cybercriminals take a long trip to conning their victims. For example, they might start get to know their victims and pretend to be romantically or sexually interested in the victim to persuade them to yield sensitive information or even money.
Long story short, Social Engineering is all about lying, manipulation, and tricking people with persuasive fake stories and then stealing money or valuable information from them.
Viruses, Worms, and Malware
Well, the interesting fact about Viruses, Worms, and Malware is that they need to actually be downloaded onto a hard drive somehow. So the only way for someone to get infected by them is to actually let them in! Cybercriminals usually use innocent-looking email messages in order to trick their victims into receiving the virus. The message, which contains a link to click on or a file to download, might look like it was sent from a trusted individual like their CEO, or the IT manager, or even a coworker. In other cases, websites may contain links to downloading worms or viruses that may be either part of their pages or disguised as banner ads. Either way, you just let them in when you click on those links.
Denial-of-Service (DOS) Attacks
These types of cyber-attacks flood systems with so much information and superfluous requests that would result into overloading the systems and then crashing the servers on which cyber businesses depend. Naturally, this would lead to financial losses for the respective organizations and corporations; not to mention the costs of fixing the servers.
In DOS attacks, cybercriminals usually sends a flood of fake traffic to a website and cause overloads on the server. The website thereupon face temporarily malfunctions or in some cases, crash completely. These Denial-of-Service attacks can also be committed for the purpose of interfering with a specific event that can cause a financial catastrophe. Imagine that the tickets to a special event go on sale online. A DOS attack can crash the website and prevent anyone from buying tickets. In a case like this, the DOS does not just cause a massive financial loss by downing a network and the servers, but also it damages the event holders financially.
Distributed Denial-of-Service (DOS) Attacks
A Distributed DOS (DDOS) Attack is another type of targeting attack for bringing down a system or network. In DDOS attacks, cybercriminals use one of the standard communication protocols of a system and then spam the system with connection requests in order to overwhelm it. The difference between a DOS attack and a Distributed DOS attack is that in the former, one computer is used to flood a server with fake traffics while the in latter, multiple systems target a single system with DOS attacks. As the result of a DDOS attack, a computer is just bombarded with packets from multiple locations.
A DDOS attack can be used in different situations for various purposes. For example it might be used as a distraction tactic while other cybercrimes are taking place; or sometimes, cybercriminals who are carrying out cyberextortion might use the threat of a DDOS attack for demanding money.
Leaving No Trace…
Professional cybercriminals also use a set of tactics for removing any traces leading back to them in order to avoid getting caught. For instance, they usually use a DNS technique called Fast Flux for moving data quickly among different computers to make it difficult to trace the source of malware or phishing websites. Also, they often use Zombie Computers. These computers, which belong to other people, are hacked into and would be used to launch malicious attacks. Cybercriminals might also infect computers with some type of malware that would damage devices or stop them working.
Cybercrime is on the rise due to a number of fundamental reasons and factors. The most important of which probably is the difficulty of prosecuting these crimes. We need laws in order to fight cybercrimes, and that leads us to two obstacles. First, it takes a lot of time, discussions and debates to pass laws. Second, laws, by nature, need to be very clearly defined in order to prove that they were violated. Meanwhile, technology is developing with a very high speed and along with it, cybercrimes are also evolving and changing their forms and shapes constantly. Technology and cybercriminals’ tactics can change faster than law enforcement can adapt to them. Therefore, law is always lagging far behind the developments of technology; and while a law is being discussed to be passed, tons of new cybercrimes with their unique methods come to existence. As the result of this fast-paced advances of technology, it becomes difficult to define the crime or the means of perpetrating the crime itself; which makes creating laws to protect people and businesses against them even more challenging.
Even when laws are created, governing agencies need to be assigned to enforce these rules; and this is where things get tricky. Almost anyone, anywhere around the globe can commit a cybercrime against anyone, anywhere in the world. Apart from the fact that this makes it difficult to track down the guilty cybercriminals, the variety of laws in different nations makes prosecuting the crime even harder. In other words, even when the cybercriminal is caught, it would not be clear that which country is responsible for instituting the legal proceedings and with whose laws the criminal should be prosecuted. Obviously, laws in each country are different. For example, while a type of fraud is considered illegal in United States, there might be no law against it in another country in which the cybercriminal is caught. So things can get really complicated when cybercriminals attack businesses and individuals of other countries.
As you can now see, there are tons of dangers in the cyber society threatening people’s safety, reputation and properties. About some of which you may have already heard, while the rest might be shocking and surprising. Nevertheless, not all hopes are in veins, as where there is thievery, there are ways for protection.
It is clear that the range of different cybercrimes is vast and complex, and on the other hand, they are evolving every; making it really complicated and challenging to catch cybercriminals. Consequently, it is only wise to guard up and become prepared with full protections rather than ending up the victim of these crimes; after all, prevention is much easier and cheaper than cure. With proper procedures and suitable security software, everyone can keep their computers, smartphones and any other devices safe and secure. But how? What should we do to protect our devices? Well, the answer shall wait for now; until we introduce Cyber Security and cover all the necessary steps of securing computers systems and networks in our second part of the article.