CYBERCRIME

Cybercrime is a growing, global problem. Whether you are a small business, a fortune
500 company, buying your first smartphone or becoming a cyber-security expert, you need to be
aware of cybercrime. The Internet affords education and economic opportunities beyond
anything the world has ever seen. This same tool, however, also allows for unprecedented
opportunities to cause harm. By abusing technology, cybercriminals ruin businesses and even
lives. Many countries and organizations around the world are fighting to stop cybercriminals and
help to make systems more secure.
Furthermore, there is no universally accepted definition of cybercrime. However,
the following definition includes elements common to existing cybercrime definitions.
Cybercrime is an act that violates the law, which is perpetrated using information and
communication technology (ICT) to either target networks, systems, data, websites
and/or technology or facilitate a crime (e.g., Goodman, and Brenner, 2002; Wall, 2007;
Wilson, 2008; ITU, 2012; Maras, 2014; Maras, 2016). Cybercrime differs from traditional
crime in that it "knows no physical or geographic boundaries" and can be conducted
with less effort, greater ease, and at greater speed than traditional crime (although this
depends on the type of cybercrime and type of crime it is being compared to) (Maras,
2014; for information about different types of cybercrime.

Europol (2018) differentiates cybercrime into cyber-dependent crimes (i.e., "any

crime that can only be committed using computers, computer networks or other forms of
information communication technology;" McGuire and Dowling, 2013, p. 4; Europol,
2018, p. 15) and cyber-enabled crimes (i.e., traditional crimes facilitated by the Internet
and digital technologies). The key distinction between these categories of cybercrime is
the role of ICT in the offence - whether it is the target of the offence or part of
the modus operandi (or M.O.; i.e., method of operation) of the offender. When ICT is the
target of the offence, this cybercrime negatively affects
the confidentiality, integrity and/or availability of computer data or systems.
Confidentiality, integrity and availability make up what is known as the "CIA Triad"
(Rouse, 2014): put simply, private information should stay private, it should not be
changed without permission from the owner, and data, services, and systems should be
accessible to the owner at all times. When the ICT is part of the M.O., the cybercrime
involves a traditional crime (e.g., fraud and theft) facilitated in some way by the Internet
and digital technologies.
Cybercrime can be perpetrated by individuals, groups, businesses, and nation-states.
While these actors may use similar tactics (e.g., using malicious software) and attack
similar targets (e.g., a computer system), they have different motives and intent for
committing cybercrimes (Wall, 2007). Various studies of cybercrime have been
conducted (see, for example, studies published by Deviant Behavior and the
International Journal of Cyber Criminology). These studies have examined cybercrime
through the lens of psychology, sociology, and criminology, as well as other academic
disciplines (Jaishankar, 2011; Chapter 11, Holt, Bossler, and Seigfried-Spellar, 2018).

Some literature explains criminals' actions as an outcome of rational and free

choice, while other literature considers criminality as a product of internal and/or
external forces (see, for example, key and classical works on criminology included in
Mclaughlin and Muncie, 2013). Other works have examined the role of "space" in
cybercrime, particularly the role of online spaces and online communities in the cultural
transmission of criminal and/or delinquent values (Evans, 2001; see also Chapter 6,
Maras, 2016). These scientific studies on cybercrime seek to shed light on the impact of
cybercrime, "the nature and extent of cybercrime, assess reactions to cybercrime and
the implications of these reactions, and evaluate the efficacy of existing methods used
in the control, mitigation, and prevention of cybercrime" (Maras, 2016, p. 13).

Cybercriminals often use both technical and social approaches to commit crime.
Some types of cybercrime are difficult to prevent, however, technology users can take
certain actions to protect themselves (to an extent) from cybercrime.
Europol (2018) provides numerous public awareness and prevention guides on website.

However, even small actions can make a big difference. Below are some tips to
consider when accessing the Internet.
 Keep your operating system and installed software up-to-date
 Regularly uninstall software that you no longer use
  Use an anti-virus program from a reputable company
 Do not download software, movies or music from sharing sites - these very often
have malware
 Do not download attachments or click on links from senders you do not recognize
 Do not enter personal information in unknown websites
 Confirm the correct website when entering financial information

Particular crimes are categorized as cybercrime such as hacktivism,

Cyberespionage, Cyberterrorism, Cyberwarfare, and

Information warfare,

Information and communication technology have been used in campaigns for

social or political change (i.e., online activism). These types of campaigns have involved
the signing of online petitions, hashtag campaigns, creating a campaign website,
recruiting volunteers, obtaining funds from members and supporters, and organizing
and planning offline protests (Denning, 2001; Maras, 2016). There are, however,
individuals and groups that have considered these methods to be insufficient to drawing
attention to their cause and have instead resorted to strategies that directly affect the
functioning or accessibility of websites and online services as a means of political
protest (i.e., hacktivists) (Maras, 2016).
While there is no universally agreed upon definition of hacktivism, it has been described
as the intentional access to systems, websites, and/or data without authorization or
having exceeded authorized access, and/or the intentional interference with the
functioning and/or accessibility of systems, websites, and data without authorization or
having exceeded authorized access, in order to effect social or political change (Maras,
2016). Views on the legitimacy of hacktivism as a form of legitimate political protest vary
(Morozov, 2011; Sauter, 2014; Himma, 2005; Hampson, 2012).
 Numerous hacktivist groups exist with various social and political agendas. The
cybercrimes hacktivists have committed include website defacements, website
redirects, denial-of-service (DoS) attacks or distributed denial of service (DDoS) attacks,
malware distribution, data theft and disclosure, and sabotage (Li, 2013; Maras, 2016).
All of these tactics involve unauthorized access to targets' systems, websites and/or
data. For example, when the credit card companies Visa and Mastercard and others
(e.g., Amazon and PayPal) pulled their services from and/or blocked donations to
WikiLeaks after the organization's release of U. diplomatic cables, Anonymous (a well-
known, global hacktivist collective) launched DDoS attacks against these companies'
websites ( Operation Payback ) (Halliday and Arthur, 2013; Ngak, 2013).
Cyberespionage involves the use of information and communication technology
(ICT) by individuals, groups, or businesses for some economic benefit or personal gain
(Maras, 2016). Cyberespionage may also be perpetrated by government actors, state-
sponsored or state-directed groups, or others acting on behalf of a government, seeking
to gain unauthorized access to systems and data in an effort to collect intelligence on
their targets in order to enhance their own country's national security, economic
competitiveness, and/or military strength (Maras, 2016). While espionage is not a new
phenomenon, ICT have enabled illicit intelligence collection efforts directed and/or
orchestrated by other countries at an unprecedented speed, frequency, intensity, and
scale (Fidler, 2012), as well as a reduction of risks associated with committing
espionage (i.e., being caught by the country that is being targeted by the collection
efforts) (Ziolkowski, 2013).

Several cyberespionage campaigns have been attributed to advanced persistent

threats (or APTs), which refer to "group[s] with both the capability and intent to
persistently and effectively target a specific entity" (Maras, 2016, p. 383; see also
Lemay et al., 2018). However, APTs do not limit their acts to cyberespionage; they have
also engaged in destruction of systems and/or data ( sabotage), and disruption of
operations. The primary tactics used by perpetrators of cyberespionage have been
identified. These include (but are not limited to) malware distribution, social
engineering , spear phishing , and watering hole attacks . For example, a piece
of malware known as Flame targeted government computer systems and collected
information from its targets, including remotely turning on webcams and microphones of
infected systems; taking screen shots of the infected systems' screens; and
transferring/receiving data and commands via Bluetooth among others (Bencsáth,
2012). Another form of malware that was similar to Flame, called Gauss, targeted a
government for similar purposes (Zetter, 2012). Gauss was designed to harvest data
about network connections, drives, and system processes and folders, infect drives with
spyware to harvest information from other systems, and relay this information back to a
server under the control of those who deployed the malware (Bencsáth, 2012).

Another tool that is predominately used in cyberespionage is social engineering,

whereby a perpetrator tricks the target into divulging information or performing another
action. A social engineering tactic that has been used in several cyberespionage
incidents is spear phishing, whichinvolves the sending of emails with infected
attachments or links that are designed to dupe the receiver into clicking on the
attachments or links. Perpetrators of a suspected state-directed cyberespionage
campaign known as Night Dragon used a combination of social engineering tactics and
malware to gain unauthorized access to the systems of global energy companies in
multiple countries, and obtain information about their operations (Kirk, 2011). Private
companies might be contracted to assist in social engineering attacks. It has now been
widely reported that a spyware developer has provided various state actors, from
several countries, tools and capabilities necessary to hack into smartphones using
tailored text and WhatsApp messages (Brewster, 2018). This trade in intrusion software,
which has been used in the past to abuse human rights as well as target journalists and
activists, is subject to certain export control regimes but those are criticized as both
insufficient and problematic (see e.g. Lin & Trachtman, 2018).

A further tactic used to gain unauthorized access to the target is a watering hole
attack, which is "an attack whereby a cybercriminal monitors and determines the
websites most frequented by members of particular organization or group and infects
those sites with malware in an attempt to gain access to its networks" (Maras, 2016, p.
382). For instance, the modification of the "Thought of the Day" widget on the Forbes
website, a US financial information and news magazine, made a watering hole attack
targeting common users of the site, particularly individuals in finance and defence,
possible (Peterson, 2012; Rashid, 2012).  
Furthermore, insiders, those who are already part of the organization, company, or
agency the perpetrators want to gain access to, are also utilized to conduct or facilitate
cyberespionage. These individuals can intentionally or unintentionally disclose
confidential or sensitive information to countries or others linked in some way to foreign
countries as part of their intelligence collection efforts (CERT Insider Threat Center,
2016).

Cyberespionage has been made possible by the numerous hacking tools that are
widely available online. These tools include exploits (e.g., zero day - that is, previously
unknown vulnerabilities exploited once identified - or those that can penetrate systems
and bypass firewalls) and implants (e.g. backdoor, secret portal used to gain
unauthorized access to systems, or a remote access tool or RAT).  

Information and communication technology (ICT) can be used to facilitate the

commission of terrorist-related offences (a form of cyber-enabled terrorism) or can be
the target of terrorists (a form of cyber-dependent terrorism). Specifically, ICT can be
used to promote, support, facilitate, and/or engage in acts of terrorism. Particularly, the
Internet can be used for terrorist purposes such as the spreading of "propaganda
(including recruitment, radicalization and incitement to terrorism); [terrorist] financing;
[terrorist] training; planning [of terrorist attacks]. The term cyberterrorism has been
applied by some to describe the use of the Internet for terrorist purposes (Jarvis,
Macdonald, and Nouri, 2014).

Just as there is no consensus on a definition of cybercrime nor of cyberterrorism.

Conceptions of cyberterrorism have ranged from "more expansive conceptions…
[including] any form of online terrorist activity…[and] narrower understandings of this
concept" (Jarvis, Macdonald, and Nouri, 2014, p. 69). The narrow understanding of
cyberterrorism has been described as "pure cyberterrorism" by some (e.g., Conway,
2002; Gordon, 2003; Neumann, 2009; Jarvis and Macdonald, 2014; Jarvis, Macdonald,
and Nouri, 2014). This narrow definition considers cyberterrorism as a cyber-dependent
crime perpetrated for political objectives to provoke fear, intimidate and/or coerce a
target government or population, and cause or threaten to cause harm (e.g., sabotage)
(Denning, 2001; Jarvis, Macdonald, and Nouri, 2014; Jarvis and Macdonald, 2015.).
Examples of this narrow conception of cyberterrorism include "attacks that lead to death
or bodily injury, explosions, plane crashes, water contamination, or severe economic
loss.... Serious attacks against critical infrastructures could be acts of cyberterrorism,
depending on their impact.

The media, politicians, academics, and practitioners have labeled numerous

incidents of cybercrime as a form of "cyberwar" or "cyberwarfare" (Maras, 2014; Maras,
2016). Like other topics discussed in this Module, there is no single, universal definition
of cyberwarfare. For the purpose of this Module, cyberwarfare is used to describe cyber
acts that compromise and disrupt critical infrastructure systems, which amount to an
armed attack (Maras, 2016). An armed attack intentionally causes destructive effects
(i.e., death and/or physical injury to living beings and/or destruction of property) (Maras,
2016). Only governments, organs of the state, or state-directed or state-sponsored
individuals or groups can engage in cyberwarfare.
 

Information warfare  is a term used to describe the collection, distribution, modification,

disruption, interference with, corruption, and degradation of information in order to gain
some advantage over an adversary (Marlatt, 2008; Prier, 2017). The purpose of this
information is to utilize and communicate it in a way that alters the target's perception of
an issue or event in order to achieve some desired outcome (Wagnsson and Hellman,
2018). Two tactics used in information warfare are disinformation  (i.e., the deliberate
spreading of false information) and fake news  (i.e., propaganda and disinformation
masquerading as real news). It is important to note that the latter term is not well
defined and can be misused.
 Declining levels of trust have contributed to the rapid spread and consumption
of fake news  by the public (Morgan, 2018, p. 39). Disinformation and fake news are
spread on social media platforms, and mainstream and non-mainstream media (Prier,
2017, p. 52). Social media platforms enable disinformation to spread faster and to a
larger audience than other online platforms; depending on the platform, this can occur in
real-time (e.g., Twitter). Automated bot accounts assist in this endeavour by spreading
information at a faster and more frequent rate than individual users can. For example,
ISIS had developed an app (the Dawn of Glad Tidings) that members and supporters
would download to their mobile device; the app, among other things, was designed to
access the users' Twitter account and tweet on the behalf of users (Berger, 2014).
Supporters of disinformation and bots also amplify disinformation and fake news online
(Prier, 2017, p. 52). Selective, repetitive, and frequent exposure to disinformation and
fake news helps shape, reinforce, and confirm what is being communicated as valid.
Disinformation and fake news are believed to have influenced voter behaviour and
ultimately, the outcome of ellectoral fraud "can be defined as any purposeful action
taken to tamper with electoral activities and election-related materials in order to affect
the results of an election, which may interfere with or thwart the will of the voters"
(López-Pintor, 2010, p. 9). An example of electoral fraud involves gaining unauthorized
access to voting machines and altering voting results. It is important to note that:
There is no widely accepted definition of election fraud because the applied
understanding of fraud depends on the context: what is perceived as fraudulent
manipulation of the electoral process differs over time and from country to country.

Some countries have laws that criminalize the distribution of false information
that could influence voter behaviour and election results, and other forms of electoral
fraud (e.g., France, the United Kingdom, and various states in the United States)
(Daniels, 2010; Alouane, 2018). Other countries that have laws that criminalize false
information and fake news have used these laws to prosecute journalists and other
individuals who criticize or otherwise challenge the government (Reuters, 2018;
Gathright, 2018; Priday, 2018). Despite these regulations, many political groups and
actors continue to push the envelope in attempts to manipulate public opinions, often
taking advantage of loopholes or omissions in the legislation. Moreover, politically
motivated groups have developed mechanisms to influence public opinion by exploiting
the features of various websites, such as the "like," "heart," or "upvote" functions of
social media services, with the intent of popularizing certain ideologically-loaded news
items. These actions, often referred to as "astroturfing" (Zhang, Carpenter, and Ko,
2013, p. 3), do not necessarily entail publishing misleading or libelous information but
rather focus on manipulating the newsfeed of users (Popham, 2018).
ections.
Based on the inoculation theory, a solution to misinformation (i.e., false or
inaccurate information) and disinformation (i.e., purposely false or inaccurate
information) has been proposed. This solution seeks to inoculate individuals against
misinformation and disinformation by providing them with the means to build resistance
to messaging and propaganda, reducing their susceptibility to misinformation and
disinformation, and leading them to question the veracity of the information being
presented to them as well as the legitimacy of the source presenting the information.
Misinformation and disinformation can thus be countered with education, not just in
regards to the topics being communicated, but also education about the tactics and
methods used to create and spread misinformation and disinformation.
Other ways of countering misinformation, disinformation, and fake news: (1) fact
checking by independent parties and (2) limiting the propagation of fake news,
disinformation, and misinformation based on an online platform's community rules.