Anderson 1

Jackson Anderson
English 1201
Mr. Leptak-Moreau
10/31/2021

Why is Cybercrime Such a Challenge to Overcome?

Why is cybercrime such a challenge to overcome? Cybercrime caused $1 trillion dollars

in damages in 2020, and was projected to do $6 trillion in damages this year, cybercrimes caused

Americans to lose $4.2 billion in 2020 (Statista Graph). Many laws that are used to convict the

people that cause this damage were made in 1986, 35 years ago. Cybercrime is everchanging,

and new bypasses and exploits are found every day, which makes it very difficult for lawmakers

to keep up. Having the government make laws could also be unconstitutional, even if it is

beneficial.

(Statista 2021)
 Anderson 2

When talking about cybercrime there are many different definitions and confusing terms,

some are self-explanatory, and some are not. One definition heard quite often is exploit, which

simply means a flaw or bug in something. One term that is used is encryption, which is a

complicated topic but put simply encryption is a math problem a computer does that scrambles

text you put in and makes it into a mess that humans can’t read without unencrypting it first.

Hackers will often form groups, one famous group named Anonymous that is discussed in this

paper will notice a company or organization that is doing something wrong and will breach their

database and leak their files so they will receive punishment. Once inside of a database they will

leak important files to the public so something can be done about the problem. Phishing is

another term used quite a lot in this paper, and can be a few things but is usually a scam phone

call or a fake website and aims to get personal information to sell to other scammers.

Hackers used to be called ‘phreakers’ and hacking was called ‘phreaking’ and they did

what they did because they were able to get free calls anywhere in the world, not very impressive

by today’s standards but it was back then. Getting free calls anywhere in the world isn’t very

attention grabbing for lawmakers so they didn’t care, but something they did care about was the

fact that hackers would block 911 calls “phreakers replaces the official message with one

instructing callers that the police were too busy eating donuts and drinking coffee to respond to

their calls”. With no caller ID and no futuristic tracking technology there wasn’t anything that

911 dispatchers could realistically do about these blocked calls. That was during the 70’s, and in

the 90’s cybercrime really stepped it up, hackers were able to commit credit card theft and

started to cause major damage. In 2000 the first big cybercrime event occurred, the ILOVEYOU

worm spread throughout the web and infected over ten million windows computers and
 Anderson 3

destroyed all file types on the computer and caused billions in damage. Today, hackers can and

do cause trillions of damage, and it is very easy to do and not very easy to get caught, and if you

do get caught it is a slap on the wrist for the amount of damage you could cause.

How many different types of cybercrime are there? There are an endless amount of

different techniques, tools, and exploits that are commonly used but there are a few popular ones.

One that everyone knows is tech scammers, also known as phishers or a phishing attack, that can

be a fake website or phone call, the aim of this attack is to gain personal information that can be

sold to someone who puts information into a database. This is why if you answer a scammer you

might get called by a lot of scammers, they all pull information from large, shared databases.

Another popular exploit is called ransomware which when it infects a computer it immediately

locks all of the files and tells the owner of the computer that they need to pay a fee (usually in

bitcoin) and if the fee isn’t paid within a certain time all files on the computer will be deleted.

Ransomware is the hack that causes the most damage each year and if it gets into a company’s

servers and onto their computers there is nothing that anyone can do.

There are many smaller exploits that people do quite often, such as IP grabbing. Your IP

address is like your virtual address, and with an IP grabber a person with malicious intent can see

this address and this can grant quite a lot of power. One thing that can be done is a Distributed

Denial of Service (DDOS) or Denial of Service (DOS) attack, where multiple computers will

send data to someone else’s IP and it will take their internet down. One popular exploit is

password cracking, passwords are not stored in plain text anymore and are run through

encryption algorithms. This makes it much harder for hackers to get to your password. Many

people also use the same password for multiple things, which is a terrible idea, so once hackers

get one password, they can get in to more than one thing just by logging in.
 Anderson 4

What are the current laws that can convict hackers who commit cybercrimes? The law

that convicts the most hackers is the Computer Fraud and Abuse Act 18 U.S.C. § 1030 and was

enacted in 1986. This law covers a lot of ground, but only really focuses on protected computers.

A protected computer is a computer that is “exclusively for the use of a financial institution or

the U.S. Government… which is used in or affecting interstate or foreign commerce or

communication, including a computer located outside the United States” (18 U.S. Code § 1030 -

Fraud and Related Activity in Connection with Computers) protected computers also are any

computers used in voting systems and Federal elections. A normal home desktop or your

computer at work isn’t covered by this law, but a state may decide to enact their own laws that

can cover these computers. This law covers the unauthorized spreading of malicious files, which

is something that is very common today.

Ohio has laws that protect all computers from unauthorized use of property. This law

states that “No person, in any manner and by any means, including but not limited to, computer

hacking, shall knowingly gain access to, attempt to gain access to, or cause access to be gained to

any computer” (Section 2913.04: Unauthorized Use of Property – Computer, Cable, or

Telecommunication Property). This law is great to convict hackers that are trying to gain access

to a network or a computer system, but doesn’t cover cases where someone spreads a virus or

other malicious file onto an unprotected computer. A case that this does cover is the intent to

extort money from any person or any thing of value, which covers phishing and ransomware, the

2 most popular and damaging exploits. The punishment for committing these crimes can be up to

a fifth-degree felony. If the theft of property or the loss of value is over $150,000 then it is a

third-degree felony which can be between 2 and 10 years in jail, but this is a very wide range and

will change in the future.

 Anderson 5

What can lawmakers do about cybercrime and why is making new laws so challenging?

Laws take a very long time to become enacted, and need to go through a series of checks and

balances before they can become a law. If lawmakers were to try and make a law for every new

exploit that came out then they would already be behind by the time the law was enacted. The

only solution is to be very broad and vague in the terms and statements they make. The problem

with being vague is that lawyers can skirt around the law for a client. Having a lawyer for

hackers sounds ridiculous but the hacker group anonymous has a lawyer that fights for them in

their cases, Jay Leiderman is their lawyer and says that the Computer Fraud and Abuse Act

(CFAA) “it’s a bad law, it’s a broken law, it’s not something that fits with today’s technology.”

Instead of making the states make their own laws for cybercrime it would be much better

for lawmakers at the federal level to expand on the current laws. Using Ohio’s take on

cybercrime laws would be a good approach, don’t only convict hackers that gain unauthorized

access into a protected computer, all computers should be protected. The punishments on these

laws should also be increased, stealing $150,000 and getting 10 years maximum is not enough.

Bringing all computers into the federal laws instead of just protected computers would be a good

start but as of now there isn’t much else lawmakers can do.

One extremely important step that needs to be taken sooner rather than later is informing

the public. If the public could recognize a scam call and would know how to make a good

password, then hackers would have so much more trouble. A simple campaign could save the

government trouble, the public money, and would make a hacker’s job much more difficult. It

would also be beneficial for the government to pay more attention to cybercrime, which has been

happening in the past few years but still could be improved on. The U.S. has actually taken a lot

of action regarding cybercrime, even though it seems like they haven’t done much for a long
 Anderson 6

time. In other countries the government doesn’t pay as much attention, usually because they are

not a target to hackers or scammers but they still need to pay attention to this large issue.

Cybercrime can actually be beneficial; it may not seem like it but it is. A pen tester or

penetration tester is a person who is paid by a company or organization to break in to their

system and find flaws. The company can then fix those flaws and it becomes much harder for

hackers to cause damage. There is also a grey area of cybercrime, where a bad thing is done for a

good reason. The hacking group anonymous is a good example of this, very recently they

breached an online database of Epik, a web hosting service that catered towards extremist

groups, and leaked their important files to the public. This act was in no way legal, but was

beneficial in the removal of Epik from the web. Cybercrime can be beneficial to other countries

or to the hackers committing these crimes, they can make a lot of money which boosts the

economy and creates jobs for desperate workers.

In the U.S. there have been attempts to create laws to protect children on the internet, but

this law was ultimately deemed unconstitutional. The Child Online Protection Act or COPA was

a law enacted in 1998 with the purpose of protecting minors from “exposure to sexually explicit

materials on the Internet” (Ashcroft 1). The Supreme Court deemed this act unconstitutional

because “the statute was likely to burden some speech that is protected for adults” (Ashcroft 10).

The act was for a good cause but violated the first amendment and therefore could no longer be a

law. This is a big issue when making laws for cybercrime, just limiting one’s access to the

internet is unconstitutional so a more complex solution must be made.

What is a possible solution for cybercrime? A solution that would be feasible is to start

by expanding on the laws we have now, allow for protection of unprotected computers, or

computers that citizens use rather than just protected computers. Informing the public is a
 Anderson 7

massive step that needs to be taken. These simple changes would save the public from having to

lose so much money to scams and hacks. These changes would also save billions of dollars that

the government spends on cybercrime each year. These funds could be spent to something much

more effective and useful instead of a problem that should have been solved a long time ago.

What does a phishing attack look like? Most of the time it is a pop-up ad on a fake

website telling you to call a number that brings you to the call center. This is where all of the

scammers reside, and they will have a script they follow. In this script they will usually try and

fix a fake problem on your computer, then charge you for this service. If a call center is

discovered to be scamming people, they are able to just make a new name and continue on, and

the U.S. doesn’t do much about this. There is another popular style of phishing attack, an email

is sent to the victim asking them for money and the scammer says that they will send the victim

much more money in return, and never sends that money.

There aren’t many people that think cybercrime is good, except for the people

committing them. In a lot of third world countries committing cybercrimes, typically phishing

scams, and is a very well-paying job for those areas. These people target the U.S. and the U.K.

primarily so if cybercrime laws were put in place it would cause a lot of economic damage in

third world countries. New laws would also cause some damage in the U.S. and U.K. because

there are people who help those that have been scammed, new laws would greatly decrease the

amount of people coming to them.

These third world countries are not trying to stop these criminals from committing

cybercrimes. In India when a cybercrime ring is discovered there is no punishment other than the

organization has to be recreated under a new name. Which considering the amount of damage

they cause world wide is not enough punishment. The workers are also in horrible conditions,
 Anderson 8

often locked in the building until they meet a quota or until the day is done, they are also not paid

nearly enough for what they are doing. One owner of a scam call center says he “made a fortune

by defrauding innocent victims at the other end of a phone” (Confessions of a call-centre

scammer). Workers for these call centers are paid very little for the work they do, but it’s still

more than what other jobs in a third world country will pay, which makes these jobs very

attractive to workers.

In conclusion, cybercrime is a challenge to overcome because it evolves very rapidly and

creating new laws is hard. New laws must not infringe on the first amendment while not being

vague or too broad. If new laws are not able to be made then changes need to be made to existing

laws, the punishments for committing high end cybercrimes need to be increased. The public

should also be informed, which would make a hacker’s job much more difficult, would save the

government and the public money each year. Including unprotected computers into federal laws

would make a huge difference, increasing punishments, and increasing public awareness are the

best tools as of now.

 Anderson 9

Works Cited

“18 U.S. Code § 1030 - Fraud and Related Activity in Connection with Computers.” Legal

Information Institute, Cornell Law School, www.law.cornell.edu/uscode/text/18/1030

“Ashcroft, Attorney General v. American Civil Liberties Union” Supreme Court of the United
States, 2 Mar. 2004, www.supremecourt.gov/opinions/03pdf/03-218.pdf.

“Meet the Lawyer Who Defends Anonymous.” YouTube, Great Big Story, 18 Aug. 2016,
https://www.youtube.com/watch?v=t73n4SEz1Zo&ab_channel=GreatBigStory

Richter, Felix. “Infographic: Americans Are Losing Billions Due to Internet Crime.” Statista
Infographics, 19 Mar. 2021, https://www.statista.com/chart/20845/financial-losses-
suffered-by-victims-of-internet-crimes/.

“Section 2913.04: Unauthorized Use of Property - Computer, Cable, or Telecommunication

Property.” Section 2913.04 - Ohio Revised Code | Ohio Laws, 23 Mar. 2018,
codes.ohio.gov/ohio-revised-code/section-2913.04.

Vaidyanathan, Rajini. “Confessions of a Call-Centre Scammer.” BBC News, BBC, 8 Mar. 2020,
www.bbc.com/news/stories-51753362.