Module Name: Contemporary Issues in Crime, Safety and Security.

Words Count: 2500.

ESSAY 2:

Title:

EVALUATION OF CYBERCRIMES: THE NEW CRIMES OF THE INTERNET ERA

 Introduction

The link between technology and crime did not begin with the development of

computers. With the emergence of the telegraph during the nineteenth century,

communications were intercepted to transmit false information for economic purposes. As

for computers, the main concern was given by the handling of information from the storage

and processing of personal data products of works of fiction, such as Orwell's 1984 (Herhalt,

2011).

Technology provides potent tools, but like with any instrument, they can be

hazardous if not handled with proper safety precautions. The difficulty of combating

cybercrime is multifaceted. Human factors and human-computer interaction are crucial to

cybersecurity because technology cannot prevent cybercrime on its own. (Sawyer, B. D., &

Hancock, P.A., 2018).

The first misconduct or illicit behavior related to computers began to be reflected

during the 70s from some resonant cases portrayed by the newspapers. The first computer

crimes were economic, among which computer espionage, software "piracy," sabotage of

digitized databases, and extortion stood out. Espionage was carried out by extracting hard

drives from computers (Schell, B.,2020), stealing diskettes or directly copying information

from devices, and absorbing electromagnetic emissions that radiate every computer to data

collection. About software piracy, the characteristic modality was the unauthorized copying

of computer programs for commercialization within the framework of industrial espionage

(Grabosky, P., Smith, R. G., Smith, R. G., & Dempsey, G., 2001).  Finally, cases of sabotage

and computer extortion were the crimes that most concerned organizations due to the high

concentration of data stored in digital format.

 As for financial fraud, at the end of that decade and the beginning of the 80s, there

were cases of alteration of files of the databases of the companies and the balance sheets of

the banks for the manipulation of invoices of salary payments. Typical cases were carried

out by installing reading devices in the entrance doors of ATMs and false keyboards in them

to copy debit card data through the violation of magnetic stripes. This motivated, on the

part of the issuing companies, the adoption of chips, in plastics, as a security measure. "It

was precise during this time that the regulatory protection of European countries for

intangible goods such as electronic money began, a process initiated by the United States in

1978. The legal coverage of the databases of banking institutions and companies was

indispensable for business conduct, mainly against the theft of commercial information.

Criminology of Cybercrime

From a criminological point of view, there are two approaches to this new type of

criminal phenomenon; the first is that computer crimes are nothing more than conventional

crimes that take on new life from the use of computer devices and services and applications

on the Internet. The second perspective states that information and communication

technologies provide new tools for committing non-existent crimes, such as the distribution

of viruses or malicious programs through the network, attacks on websites, and software

piracy (Moore, R., 2014).  The truth is that both approaches are valid. There are traditional

crimes that take on new forms from the intermediation of automated devices as well as new

criminal forms that would not be possible to commit if there were no software program or

digital files present, such as, for example, in the elaboration of malicious programs to harm

a web server to affect the operation of the page, or those to extract information from a
device -for example, spyware or spyware-, or alter or damage the operation of a device

through viruses, worms, and Trojans. (Carvajal, R. G. L., & Inlago, M., 2021)

Beyond the existing definitions of this type of behavior, the truth is that cybercrime

does not represent a specific type of crime; it is not part of complete or organized crime, nor

can they be considered crimes of white neck, according to the definition given by Edwin

Sutherland in 1929. In general, when we talk about computer crimes, we refer to those

indeterminable and illegal behaviors where a computer device intervenes to commit a crime

or as an end or object of it. In this sense, computer crimes are understood regarding the

place that technology occupies for the commission of the crime rather than the naturalized

criminal of the act itself. The computer conducts the wrongdoing, the crime of threatening

being the wrongdoing itself, when someone uses email to intimidate or attempt to blackmail

another person. In the second scenario, the computer dispositive serves as either the

instrument of the crime or the intended victim of the crime. This occurs when a person

intentionally sends a virus to another person's computer to disable or otherwise

compromise the computer's functionality. In the second scenario, the offender might be

portrayed as committing a crime against property, as the computer itself is a material

object, and the data it contains is immovable. (Brewer et al., 2019).

Criminal Investigation

The criminal investigation of illicit activities involving computer devices presents a

series of difficulties (Martini, B., & Choo, K. K. R.,2012). First, it should be noted that a

characteristic of computer crimes is the low rate of judicial complaints at a global level,

which consumes a sizeable hidden number of this type of conduct. Several factors explain

why, in this type of criminality, practically, the governments have no intervention:

 • The ignorance of people who are being victims of a computer crime, while many

users are victims of these behaviors without taking cognizance of this situation,

as, for example, happens in the presence of a spy film or spyware installed in a

hidden way on a device.

• On the other hand, users also have a path to an effective resolution in judicial

terms of certain crimes.

• The non-reporting of computer incidents is produced within the framework of an

internal network of a private organization due to the fear of private companies

before the possibility of being affected their image and reputation and avoid

fines or criminal or administrative sanctions.

• Finally, the technical and administrative resolutions of a large number of crimes,

when, for example, a virus enters a computer and is detected by an antivirus

program is deleted or when a mailbox is "hacked" and used the resolution

mechanisms provided by the internet service provider companies allow the

account to be recovered from its legitimate user.

Another factor that makes the criminal investigation of crimes complex in which a

computer device intervenes is the fragility of the computer test; in these types of crimes,

the place of the event where the potential evidentiary elements are located is in a virtual

environment. That it is virtual does not imply that it has no actual existence. Still, digital

environments pretend to be representations of physical objects, for which the crime scene,

in addition to physical, is logical (Delaney et al., 2012). On the other hand, digital evidence is

flexible, as digital files can be deleted or altered very quickly (Freiling, F. C., & Schwittay, B.,

2007); it is volatile because the existence of certain digital information depends on electrical
energy and can be automatically lost when turning off or unplugging a device (Huang, A. Q.,

et al, 2010), it is easily concealable since it can be saved in external storage devices -such as

CDs, DVDs, pen drives, external hard drives, etc. (Ahlberg, M., 2005) folders are hidden,

foreign servers, and can be encoded, stored in special formats, inside other files or stored

with false names, among others. Finally, the computer test can be anonymous, while digital

files do not print the unique features of their users. On this last point, the absence of

indications of identity in internet communications makes it difficult to identify those

responsible for the events. On the commercial Internet, the use of the most popular

services and applications of the network – Facebook, YouTube, WhatsApp, Twitter, and

Google – is free since the primary source of your income is advertising. In this sense, the

objective of the providers is not to identify the person behind the screen but to their tastes

and preferences (O'Connell, 2003). In this way, the Internet favors the construction of

fictitious identities without exact identity accreditation mechanisms by service providers.

Computer Security and its technicality

Computer security is understood as any action that prevents unauthorized

operations on a computer system or computer network. In general, it includes the set of

preventive, detection, and correction measures aimed at protecting the computer resources

of an organization.

There is a figure by which the scope of this field is usually explained, the one that is

usually known as the CIA triad, in allusion to the initials of the English words Confidentiality,

Integrity, and Availability (Davies et al., 2017). Confidentiality, authenticity, and integrity are

three properties that possess the data and information stored, transmitted, or received on

computer devices. Confidentiality represents the guarantee that each message transmitted
by the networks can be read by its legitimate recipient, the authenticity to the legitimacy of

the identity of the message's creator.

Threats of Cybersecurity

A cyber-attack can block some internal systems, interrupt the work of hundreds and

even thousands of professionals; leak confidential data and information; paralyze industry

production lines; interrupt power in cities or expose personal customer information and

intellectual property secrets. (Singer, P. W., & Friedman, A., 2014)

The company victim of digital attacks has financial and credibility losses, which

causes damage to the image and leads to a possible fall in investments.

• Threat 1: Expansion of the perimeter to employee homes

With the emergence of the telework culture in 2020, corporate perimeters now

extend to employees' homes. This makes it more difficult for security professionals to survey

the internal network through traditional access controls and perimeter monitoring, such as

firewalls and intrusion detection systems (Sundström, F., Ekfors Elvin, A., & von Heland, W.,

2021). Additionally, 84% of IT leaders predict that telecommuting will be more widely and

permanently adopted post-pandemic, making this challenge continue into 2021 and

beyond. (Travis, M. A., 2021)

IT teams will need effective endpoint management solutions such as mobile device

management (MDM) and secure access service edge (SASE) tools to combat these risks.

These solutions allow for better visibility and control of data, including in third-party

applications such as Zoom, Slack, and Office 365 (Attaran, M., & Woods, J., 2018). This
approach will also extend to traditional security instruments by ensuring that tools such as

anti-malware are in place, patches are up-to-date, and secure configurations are in place.

• Threat 2: Third-party attacks gain the attention of criminals

With the successful breach of SolarWinds and later its 300+ customer base and many

other third-party breaches in the past, more companies are paying attention to their third-

party risk management programs. This indicates an increase in threat actors' sophistication,

complexity, and persistence. (Hiller, J. S., Kisska-Schulze, K., & Shackelford, S., 2022)

Corporate mergers and acquisitions (M&A) and license management functions need

to be more aligned with governance, risk, and compliance teams to prevent a similar breach

from affecting their networks. A crucial step is to conduct a thorough security audit of all

third-party vendors (Tanriverdi, H., Roumani, Y., & Nwankpa, J., 2019). This intra-

organizational collaboration will also better prepare organizations for the amplified

compliance rules of the future, which will provide a baseline for third-party risk

management programs to be more comprehensive and robust (Power, D., 2005).

• Threat 3: Rise in ransomware attacks

According to the FBI, ransomware attacks grew in 2020, with a 300% increase by

April and a sevenfold increase by mid-year. Such attacks are likely to remain one of the top

threats in 2021.

One reason is that more companies are purchasing ransomware insurance. This fact

has not gone unnoticed by cybercriminals. Since companies have insurance, they will be

willing to pay the ransom for quick data decryption instead of fighting the threat. As a result,

criminals gain a quick victory.

 Prevention against ransomware attacks is done with a baseline approach that

strengthens security hygiene. This includes tactics such as timely patching, enforcing least-

privilege access policies, and regular backups with secure storage.

• Threat 4: New Email Phishing Scams

In 2020, the volume and complexity of email phishing attacks followed an increasing

trend. Cybercriminals use phishing to distribute malware, steal credentials and extract

money from users. Studies have found that users were three times more likely to click on a

phishing link and give their credentials at the start of the pandemic. In addition, in a survey

conducted in mid-2020, 38% of respondents said that a co-worker had been the victim of a

phishing attack last year.

While 2020 hasn't introduced any fundamental changes to phishing, threat actors

have adjusted tactics to leverage other words throughout the year, keeping pace with

people's interest in new topics. For example, keywords like "pandemic" and "Covid" were on

the rise in the first few months of the year, and as "vaccinations" and "emergency aid"

appeared as relief options, attackers added these emotionally charged words to the

phishing vocabulary.

There is no one-size-fits-all solution to preventing malicious emails from arriving, but

combining the right tools and adequately educated personnel will reduce your chances of

falling victim to phishing emails:

• Implement technical security controls built into your email platforms.

• Add an "external" banner to emails coming from outside your organization.

 • Apply analytics tools to detect emails from untrusted sources or newly created

"disposable" accounts and domains.

• Establish a robust security awareness program for employees to serve as the last line

of defense against phishing attacks.

• Consider running mock phishing tests in your organization so employees know what

to do when they receive something that appears to be bait.

Combating with Identification by Radio Frequency, Cybercrime, And

Protection Of Data

RFID stands for Radio Frequency Identification, which is usually called "Radio

Frequency Identification" in Spanish. This technology is based on using a small chip attached

to a product, which allows its tracking and location. Although this technology suggests

postmodern origins, the reality denotes that it is not so novel. For example, since the forties,

the US military has used this system during World War II for the remote reconnaissance of

their aircraft (Landaluce et al., 2021).

However, at present, this technology has gained the interest of the industry, which

relies on it as a means to optimize the traceability of all goods throughout the distribution

chain because of the advances in miniaturization and the reduction of the costs of the

manufacture of chips open up great possibilities today, from its use in the recycling process -

to facilitate the task of selection and separation of materials- to the control of the

temperature of food and even as a means of payment (Davies et al., 2017).

As RFID is seen as a revolutionary technology over others on the market, a group of

organizations, companies, and companies have begun to use the technology through
different Applications. Although the pioneers have been the companies of transport of

goods, there is a whole range in terms of computer applications.

Conclusions

Despite the necessity of criminalizing civil or commercial misconduct, unlawful and

illegal acts, international cooperation in this regard, and the reform of procedural codes for

the admissibility of electronic evidence in the context of a court case, the criminal solution is

insufficient for the design of a public policy for the network. Therefore, forming a

government agency within the central administration responsible for developing

comprehensive cybercrime plans and policies is vital. The rules produced due to these

studies and the collection of statistical data on new sorts of criminal behavior must be

founded on accurate diagnoses. In addition to making suggestions and strategic

recommendations for future courses of action, it must also provide legislative proposals for

the sector's regulation, offer assistance and guidance to organizations that request it, and

provide legislative proposals for the sector's regulation.

 References

Ahlberg, M. (2005). Beware the dangers of removable media. Communications

Engineer, 3(3), 25-27.

Attaran, M., & Woods, J. (2018). Cloud Computing Technology: A Viable Option for Small

and Medium-Sized Businesses. Journal of Strategic Innovation & Sustainability, 13(2).

Brewer, R., de Vel-Palumbo, M., Hutchings, A., Holt, T., Goldsmith, A., & Maimon, D. (2019).

Cybercrime prevention: Theory and applications. Springer Nature.Mcguire,M &

Dowling, S. (2013) Cyber crime: A review of the evidence Research Report 75

Summary of key findings and implications: Accessed on 12 May, 2022 from:

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/

246749/horr75-summary.pdf

Carvajal, R. G. L., & Inlago, M. (2021). The Spyware: Preparación de

contribuciones. INNOVATION & DEVELOPMENT IN ENGINEERING AND APPLIED

SCIENCES, 3(2).

Davies, K., and Patel, P.P. (2017). Cybercrime in the society: problems and preventions.

Journal of Alternative Perspectives in the Social Sciences, 3(1), 240-259.

Delaney, P.M. (2012). How the smartphone, constant connectivity with the Internet, and

social networks act as catalysts for juror misconduct. St. Thomas Law Review, 24(3),

473-480.

Freiling, F. C., & Schwittay, B. (2007). A common process model for incident response and

computer forensics. IMF 2007: IT-Incident Management & IT-Forensics.

Grabosky, P., Smith, R. G., Smith, R. G., & Dempsey, G. (2001). Electronic theft: Unlawful

acquisition in cyberspace. Cambridge University Press.

Herhalt, J. (2011). Cyber-crime-A growing challenge for governments, KPMG Issues Monitor,

8: 1-24, [Online} available at:

https://www.kpmg.com/Global/en/IssuesAndInsights/ArticlesPublications/

Documents/cyber-crime.pdf, (May 11, 2022).

Hiller, J. S., Kisska-Schulze, K., & Shackelford, S. (2022). Strategies for Boosting

Cybersecurity. Available at SSRN 4132506.

Huang, A. Q., Crow, M. L., Heydt, G. T., Zheng, J. P., & Dale, S. J. (2010). The future

renewable electric energy delivery and management (FREEDM) system: the energy

internet. Proceedings of the IEEE, 99(1), 133-148.

Landaluce, H., Arjona, L., Perallos, A., Falcone, F., Angulo, I., & Muralter, F. (2020). A review

of IoT sensing applications and challenges using RFID and wireless sensor networks.

Sensors, 20(9), 2495.

Martini, B., & Choo, K. K. R. (2012). An integrated conceptual digital forensic framework for

cloud computing. Digital investigation, 9(2), 71-80.

Moore, R. (2014). Cybercrime: Investigating high-technology computer crime. Routledge.

O’Connell, R. (2003). A typology of cyber sexploitation and online grooming practices.

Preston, England: University of Central Lancashire.

Power, D. (2005). Supply chain management integration and implementation: a literature

review. Supply chain management: an International journal.

Sawyer, B. D., & Hancock, P. A. (2018). Hacking the human: The prevalence paradox in

cybersecurity. Human factors, 60(5), 597-609.

Schell, B. (2020). Internet addiction and cybercrime. The Palgrave handbook of international

cybercrime and cyberdeviance, 679-703.

Singer, P. W., & Friedman, A. (2014). Cybersecurity: What everyone needs to know. oup usa.

Sundström, F., Ekfors Elvin, A., & von Heland, W. (2021). Understanding the Effects of Cyber

Security Risks and Threats on Forced Teleworking Organizations.

Travis, M. A. (2021). A post-pandemic antidiscrimination approach to workplace

flexibility. Wash. UJL & Pol'y, 64, 203.