REILLY SHOOK

CYBER-CRIME

SLCC
Summer 2016

CJ-1010 / ELLIS

While Computer crime has been around for years, cyber-crime is a relatively new concept and
one that has taken over the worlds attention. Since the introduction of the World Wide Web in
the 1980s we have moved at light speed on the information highway. The internet allows people
from all over the world to connect, communicate with loved ones, share and collect information
at lightning speeds (Marcum, 2010). Along the way we have collected a few people who have
discovered how to manipulate and profit from crimes perpetuated over the internet. After 9-11
the focus for the world and the police was terrorists but now, thanks to the advancement of
technology, they have to police the internet as well. Terrorists now use the internet to plan
attacks, steal information and make money for their activities. Gangs, white collar criminals and
young kids in their basements are using this medium for their criminal activities as well. Cybercrime is any crime committed via the internet or a computer network according to Websters
dictionary. Crime isnt always just criminals either, it could be a country spying on another
country or a business spying on their competitors. Cyber-crime is a huge and unpredictable beast
with unlimited potential for growth. Cyber-crime touches all Americans in some way at some
point in their lives. Cyber-crime doesnt just harm individuals it can cripple a country and
destroy lives. Cyber-crime has been coined the Fifth Dimension of War by the former Director
of National Intelligence and he states that Cyber-crime is the biggest threat to American security
and hackers outnumber terrorists in alarming numbers (Wilhelm, 2012). Cyber-crime will be the

number one priority in some capacity for all law enforcement agencies for now and in the near
future.
The FBI is the lead agency in charge of investigating cyber-attacks by criminals, foreigners
and terrorists (FBI). The FBIs Internet Crime Complaint Center is responsible for providing US
citizens with a reliable and convenient reporting method for all Cyber Crime (FBI). According
to the textbook (Criminal Justice in Action) in 2010 over 300,000 complaints about cyber-crime
were filed with the FBI. These were just the reports from people who realized that they had an
issue, the majority of cyber-crime goes unreported. A large number of cyber-crime goes
undetected as well due to the high tech nature of the attacks (Marcum,2010). In some cases of
business cyber-attacks, businesses wont report an attack for fear of shareholder response or
embarrassment in the market and the financial losses that may follow (Wilhelm,2012). Some
crime has been reported to go on for 6-12 months without notice resulting in massive losses of
data or money (Wilhelm, 2012). In response to this new world the FBI has created new divisions
within their organizations. The Cyber Division is charged with addressing cyber-crime in a
coordinated and cohesive manner (FBI). The FBI New Cyber Action Teams travel the world
without notice to assist and gather vital information in computer intrusion cases (FBI). The FBI
also has 93 Computer Crimes task forces operating nationwide in conjunction with local
authorities (FBI). These teams all work closely together to attempt to stay on top of a growing
and quickly escalating issue. The textbook states that the US has gained the distinction of being
the leader in criminal cyber activity. The US originates 19% of all attacks and is the receiver in
nearly 25% of all illegal internet activity (Gaines). The scariest part of this is the US depends on
cyber space more than any other country for transportation, finance, power-grids, government
services, manufacturing telecommunications, health care and communication (Wilhelm, 2012).

A major attack on any of these services could and would cripple our nation. The costs for this
crime was estimated by the annual Ponemon Institute in 2015 to be annually at over $15 million
in the United States alone, which is 14% higher than in 2014 (Kerner, 2015). According to the
same survey the global cost is around $7.7 million. The US numbers are based on 638 cyberattacks against 58 companies (Kerner, 2015).

However, in 2012, Symantec estimated the

annual cost of cyber-crime to be at or about 388 billion dollars, a 100 billion more than the
combined trade of drugs like cocaine, heroin and marijuana. The actual costs may be impossible
to say due to the fact that so much crime goes unreported due to the reasons mentioned.
Those perpetuating these types of crimes run the gamut of boy next door to terrorists in
foreign countries. Hackers, as these cyber criminals have been labeled, are typically either
black hats or white hats. Black hat hackers can wake up one day from their programming
jobs and decide to develop something malicious and send it out in to the world. White hat
hackers or hacktivists want to play Robin Hood according to Richard Wilhelm of Booz Allen
Hamilton. These hackers steal data, steal money from the rich, shut down websites of companies
they disagree with or just want to best and even release classified data that they have gained from
their activities (Wilhelm, 2012). While many hackers come from the US, both Nigeria and
Romania produces many hackers who create many scams against unsuspecting individuals
(Bartos, 2016). China and Russia use hackers to gain intelligence they find imperative to their
survival and growth. The Russian Director of Russian Foreign Intelligence Service has publicly
commented that intelligence gathering is critical in advancing Russias interests (Wilhelm, 2012).
The Chinese government employs over 100,000 full time cyber warriors to gather information
and hackers to get what they cant get legally (Wilhelm, 2012). A magic weapon is how JongUn, the leader of North Korea, describes cyber warfare (Bartos, 2016). Gangs have also gotten

in on the business of cybercrime. Gangs have been known to use the internet to target girls from
vulnerable backgrounds for prostitution rings (Hanser, 2011). Besides the normal criminal
activity that gangs can do on the internet, they also use the internet to recruit new members. This
is known as Net Banging and it is used to spread the idea of the thug lifestyle to children who
otherwise not be exposed to this element of society (Hanser, 2011). Children comprise the
remainder of the best cyber criminals. Some like Michael Calce, a 15-year-old, are responsible
for denial of service attacks across sites such as eBay, Amazon and Yahoo. He did this for
bragging rights alone, nothing monetary was gained. The sheer gamut of hackers and the
backgrounds they represent makes tracking them or predicting their behavior nearly impossible
for law enforcement.
The types of attacks these individuals do is varied and complex. Digital piracy, identity theft,
financial theft, computer hacking, embezzlement, child pornography, spamming, denial of
service and espionage are just a few of the types of criminal activity covered by the term cybercrime (Marcum, 2011). In response to the increasing numbers of identity theft cases in the US,
Congress passed the Identity Theft and Assumption Deterrence Act. This act made it a federal
crime to steal a persons identity (FBI). In 2004 they added the Identity Theft Penalty
Enhancement Act with added penalties for aggravated identity theft for situations such as a stolen
identity used to commit a felony (FBI). Recently the favorite of cyber criminals has been
ransomware attacks. In a ransomware attack the criminal convinces the victim to click on a link,
that looks legitimate, which then downloads a program or directs them to a site that installs a
malicious code that locks and infects the victims computer (FBI). To get this code out of their
system the victim must pay a ransom to the unknown criminal for a decryption key. When this
happens to a business the cost may be astronomical but necessary to continue with their

operations. Many of these crimes go unreported because they cant be tracked and are very
sophisticated in their nature. While businesses for the most part do what they can to protect
against these attacks a recent report by the Office of Management and Budgets with the Federal
government reported that the overall cybersecurity assessment score for their reporting agencies
was just 68% and that the federal government is less secure now than they were in 2015
(Information Management, 2016). The State Department scored at 34% - the agency that
represents our interests globally. In the US it is estimated to take 46 days at $43,327 per day for
an organization to fix a cyber-attack and 68 days to take care of malicious code (Wilhelm, 2012).
Google reports that their subscriber accounts are hit at a rate of 3000 per day or 1,000,000
compromised accounts a year (Wilhelm, 2012). NATO reports that some type of attack against
critical American systems happens every two seconds (Mahon, 2015).
In order for a cyber-attack to be effective it must hit one of three basic elements of cyber
security: confidentiality, integrity or availability (Bartos, 2016). While cyber-attacks are not
simple they are cheap and easy to hide. They rely on computer knowledge and time not financial
backing. One of the most aggressive forms of attack is an attack against the integrity of a
computer system. One such attack was a worm called Stuxnet that was able to change the spin
rate of the centrifuges for the enrichment of uranium for Irans nuclear program (Bartos, 2016).
This attack destroyed all the equipment necessary for Iran to make weapons grade uranium.
These attacks are hard to pull off as so many elements must stay the same the whole way through
the planning phase. The process of a cyber-attack takes time to plan and execute. Lots of time is
spent watching the system and trying to get in to the system. Many attacks never come to
fruition as they are intercepted by well-placed security protocols (Bartos, 2016). In addition,
cyber weapons have to deal with perishability and obsolescence (Bartos, 2016). Perishbility

means that after it is used its no longer any good and obsolescence happens when the
vulnerability in the system is discovered before the attack occurs. The issue with this for
attackers is they dont know the vulnerability has been repaired usually until it is too late and
time has been wasted (Bartos, 2016). NATO believes a good defense is the best way to deal with
cyber warfare. Implement a good strategy of defense and be ever aware of what is going on.
NATO is tasked with cyber defense for its member nations. NATOs cyber policy however,
requires that all individual nations be responsible for being proactive in protecting their own
physical and digital systems (Mahon, 2015). The problem with this is that not all nations have
the ability to do this or the structure to make it happen. Cyber warfare is a global problem and it
affects even the smallest of nations.
(Bartos) (Kerner, 2015) (Budget, 2016) (Marcum, Higgins , Friburger , & Ricketts , 2010)
(Hanser, 2011) (Mahon, 2015) (What we Investigate, 2016) (Wilhelm, 2012)Cyber-crime is
growing and expanding at lightning speed. In order to keep up our law enforcement community
must be armed with the best information, equipment and funding. Time is of the essence and
drastic legal changes must take place to keep us safe and law enforcement effective. No longer
can anyone ignore the threat that cyber-crime brings. This must be a war we win and win big.
The types of criminals that do these attacks and the types of attacks are ever changing. Like
NATO says, the best offense is a good defense. Cyber defense must become the priority of all
law enforcement, citizens and businesses.

Bibliography
Bartos, C. A. (n.d.). Cyber Weapons Are Not Created Equal. 30-33.
Budget, O. o. (2016). U.S. Agencies Less Cyber-Secure in 2016. Information
Management, 17.
Gaines, L. K., & Miller, R. L. (n.d.). Criminal Justice in Action (Page 583). Cengage
Textbook.
Hanser, R. D. (2011). Gang-related cyber and computer crimes: Legal aspects and
partical points of consideration in investigations. 47-55.
Kerner, S. M. (2015). Average Cast of Cyber-crime in the U.S. Rises to $15 Million.
Mahon, T. (2015). Cyber - the 21st Century Threat.
Marcum, C. D., Higgins , G. E., Friburger , T. L., & Ricketts , M. L. (2010). Policing
possession of child pornography online: investigating the training and
resources dedicated to the investigation of cyber crime. 516-522.
What we Investigate. (2016, August 2). Retrieved from Cyber Crime:
https://www.fbi.gov/investigate/cyber
Wilhelm, R. (2012, February 12). Cyber Warfare... The New Reality. 145-149.