Threats of Cybercrime to Society
Criminology is the scientific study of nature, causes, extents, control, consequences, and prevention of criminal activities committed to either an individual or the society. Cybercrime is one of the illegal activities that have emerged in the technological era, with its effect being massive and destructive. Cybercrime is defining as the utilization of computer systems and networks to commit offenses to individuals, organizations, society, or a country with a criminal motive to cause loss, humiliation, lower reputation, or physically harm the target. Cybercrimes are as well termed as computer-oriented attacks. Cybercrime attacks are broadly classified as cyberterrorism, financial fraud crimes, cyber extortion, and cyberwarfare. In these criminal attacks, a computer is used as the tool to execute attacks or as the target of the offense, or it can be used both as the tool of attack and the destination. The cybercrime to the individuals, society, and the world is estimated to account for the loss of approximately half a trillion dollars globally, among other effects on society. To better understand these topics, questions arise, such as what exactly are those crimes? What is the extent of the actions of cybercrimes? What notable attacks ever existed? What can precautionary measures be undertaken to curb cybercrime? The article’s purpose is to elucidate the above concerns.
Cyberterrorism Attacks
Cyberterrorism gained popularity in the 1990s when American was undergoing technological advancement and dependence. The information security raised the alarm and seemed an impending danger due to highly interconnection of the computer network to significant facilities. Constant attacks were widespread now and then with institutions revealing instances of aggression or imminent attacks. Attacks that can be undertaken by computers are equated or thought to supersede the pearl harbor attacks or other trauma of worst offenses in the united states. Cyberterrorism, in a formal definition, is the convergence of terrorism and cyberspace to execute unlawful threats and attacks to intimidate the government and its citizens, or for political gains and social objectives. Instances of cyberterrorism would be like attacks on networks that lead to bodily harm, destruction of properties, impact fear or lead to disruption of critical infrastructures such as banking and finance, transportation, energy and power grid system, public health, and emergency preparedness and response. Cyberterrorism can be executed in three phases, with a rise in complexity in every aspect.
Category one cyberterrorism exploits a vulnerability on network connection through unauthorized access. They dispense encrypted codes in the websites which upon reaching the target computer, give the terrorist access to unlawful practices, such as illegal financial transactions and money laundering.
Category two is a type of cyberterrorism that aims to cripple systems dedicated to the provision of critical service. To execute this, the attacker releases massive denial of services (DDoS) to dangerous services portals. These attacks aim to humiliate governments and global information infrastructures during a critical moment. These attacks on cyberspaces entail blowing of computer servers, cutting off communication lines either physically of cybernetically.
Category three cyberterrorism is an attack that compromises critical services systems such as transport and other supervisory control systems resulting in widespread losses and disruption of services. For example, air control traffic interference, traffic lights, shipping routes, and attacks on chemical production processes are major attacks of this nature. Russia executed notable cyberterrorism on the power grid system in Ukraine.
The massive destruction can arise from these attacks, and that explains the extreme protection measures instilled against cyberterrorism across the world, especially those with extensive technology use. In the united states, there has been the formation of special units under the FBI and CIA tasked with curtailing attacks arising from cyberterrorism. The dominant defense against cyberterrorism can either be active defense or passive defense. Passive defense mechanisms are techniques to guard target server computers through means such as the installation of cryptographies, firewalls, and detectors of intrusions and procedures of recovery and outside dial-in. The active defense technique seeks to escalate the seriousness against the attackers of a particular vital control system. They identify and expose the attackers or, as extreme precautionary, launch a counter-attack on the attackers.
Cyberextortion
Cyber extortion is a hacking process where attackers gain unauthorized access to target computers, denying them services with the demand of ramsons to restore access to such services. The attackers exploit computer systems, emails, and websites to carry out cyber extortions such as doxing extortion, cyberbullying, ransomware attacks, and bug poaching. This type of cybercrime is the most extensive spread across the wide where everyone can be a target, be it individual or large institutions. A large amount of information, confidentiality, and lump sums are lost during moments negotiations to meet the attackers‘ demand. For instance, Netflix lost billions of monies when they failed to conform to the needs of cyber extortionists who shared the unreleased version of Orange Is the New Black series episode. The famous Game of Thrones cost HBO 5.5 million dollars to an extortionist who threatened to share the unaired version. Many organizations had been victims of this attack and had been forced to pay cryptocurrencies such as bitcoins. Instances of cyber extortions are numerous, and the discussion below highlights how these attacks are threats to current society.
The attackers use sponsored ads, infected websites, or emails to send ransomware, which decrypts while in target’s computer, giving them control over the system or access to vital information. Denial of services, DDoS, is the first attack they execute to earn bargaining power over money they can demand. Otherwise, they would suspend all operations of the organization and use the acquired information to blackmail it.
Database ransom attacks gave the hacker full authority over unprotected databases of the target computer. Databases such as Elasticsearch, MySQL, Hadoop, and MongoDB usually don’t have a patch to abide by their passwords with that of the administrator. For instance, in 2015, hacktivists called the Impact Team attacked the Avid Life Media database and compromised it. They claimed to have accessed 37 million identifiable personal information. They demanded that the organization terminate its business operation on two dating websites as a chastisement to defraud its customers. Malware technique resulted in infection computer files and disks, rendering them inaccessible. The victims only had access to a ransom note demanding a certain amount of money to restore the original form.
This is a real danger and threat to society. The reports of McAfee indicate that the annual rate of cyberextortion increases stands at 350%, where a total of 325 million dollars were lost in 2017 compared to 11.5 billion in 2019 alone. Organizations across the world losses sensitive corporate data and suffers terrible reputations, which could take longer to mend. The precautionary measure should be taken to counter these attacks. Companies and individuals should retort to more robust cybersecurity data recovery techniques in case compromised control over their computers. This ensures quick rebooting from the cyberattack. The measure of strategic backing up and encryptions should be a routine as a preparedness measure of any impending ransomware. It is advocated that up-to-date antivirus software be installed to the servers or any machines to seal vulnerable loopholes that attackers exploits. Vigilance over suspicious activities acts as the basis for earlier collective measures.
Financial Fraud Attacks
The attacks are essentially computer fraud. It is the most executed cybercrime in the world. It is estimated that in 2016 alone, 1.5 billion dollars were lost through carding, a financial fraud scheme. Financial fraud attacks are misleading representations and input of data and facts to cause financial harm to others. These attacks are carried in ways such as altering and erasure of stored financial data, actions like destroying, altering, stealing outputs that are geared toward concealing the instances of malicious transactions. The experts and employees of financial institutions alter the data before inputting it, enters malicious instructions, and unauthorized process to help them navigate and execute financial frauds. The attack may manifest itself through identity theft, carding, bank frauds, and theft of classified information.
Carding is the most significant financial fraud that is common and widespread across the world. Successful carding arises from stealing card credentials and later using the and details to carry out malicious transactions. Multiple websites and dark sites sell card details to fraudsters. Fraudsters then carding systems establish the validity of card details and later use the features for malicious financial activities such as donations, and e-commerce website where multiple transactions are initialized. This remains a nightmare to shoppers and merchant stores. Carding was estimated to cost US 1.5 billion dollars of the total 500 billion loss to cybercrime activities. The effects of carding accounted for a 46% decrease in profits for Target merchants in 2014—these results to chargebacks, loss of reputation of merchants, and loss of products. Fake cheques issuance is among many bank frauds that are being exploited in financial cybercrime activities.
The financial frauds may be curbed through various measures. The use of CAPTCHA activity helps discourage robotic activities as human input is required, thus lowering carding activity. Address verification system, AVS prevents the carding fraud through comparison of billing address and the address of checkouts. The method, however, is not universal across the world and is only prevalent in the United Kingdom, Canada, and the United States. Comparison of Bank Identification Number frequency may be used to check the frequency of usage of a particular bank and identify probable carding, IP geolocation checks ensures that the transaction being undertaken are consistent with the proxy address recorded during registration. All these procedural precautions are essential in guarding against financial frauds. Thorough policies and laws should be enacted to regulate the operations of merchant stores. For the past researches, the statistics showed massive theft of card details in these stores. The business of sale of confidential information has been in the boom in the society like bingo.com. Proper laws will restore the confidentiality of data.
Cyberwarfare Attacks
This is the fourth major category of cybercrimes that threatens the existence of society. This type of attack is directed toward nations with specific geostrategic significance. It may be defined as the use of digital help and manipulations to attack countries resulting in unimaginable harms superseding the effects of actual warfare. Others tend to refer to cyber warfare as the combat to gain control over information and how the communication flows with intentions of merits over the other nation. The definition, however, takes into account non-states parties such as extremist groups, hacktivists, companies, or political groups. The evolution of technology has to lead to the acknowledgment of cyberspace infrastructures as the fourth component of military assets. Cyberwarfare is the first step nations utilizing to execute bloodless attacks to their opponents. The attacks are directed to interfere with technological production processes, critical information, and threatens society. The raids form cyberwarfare will soon be massive and dangerous than actual terror attacks.
Cyberwarfare is conducted through the following method; firstly, vandalism is attacks that are directed toward government website. Attacks of vandalism are swifts, and the intensity of the bombings is minor. Propaganda is the significant attack that is directed toward the government with intentions of crippling its political position in the world. Disseminated propaganda is always bound to spread fast under the internet. Network attacks against critical transmission infrastructures such as gas supply networks, power grid systems, oil industries, or communication facilities are cyberwarfare with adverse effects on both the government and citizens. Russia executed notable cyberwarfare attacks on the Ukrainian power grid system leading to blackout in the whole world. Denial of access technique intercepts and alters the nature of instructions dispensed, resulting in dangerous effects. Mid-February, 2020, in the United, states homeland security acknowledged a successful attack on the gas supply network, a report by S.C Media (Olenick, 2020).
To avoid these catastrophic attacks, government and large organizations have massively invested in protection measures against these attacks. The discussion below highlights some of the measures enacted;
Defensive cyber warfare is a vital response in relation to cyber warfare attacks. They give a guideline on how to intercept and stop an attack before it happens or outlines the procedural process of recovering from the attack. The initial stage is to ensure that such installations of cyber defensive are done at strategic location, unique and sophisticated software capable of withstanding most attacks, and highly trained personnel with appropriate knowledge. The first recommendation upon a successful attack is for such staff to stabilize or restore the system to the initial status before the attack. The second stage involves through detection and study of the motive behind the attack, followed with a concise analysis of the attack. Based on the findings of the investigations, appropriate measures are enforced to both the software system or hardware network to guard against future attacks.
Cybercrimes are not being accorded the seriousness it deserves. First world and developing countries employ massive technology in different dimensions of services and infrastructures. The hackers utilize the existing loophole to exploit the victims resulting in catastrophic outcomes that leave the society exposed to threats of such nature. The article has clearly illustrated those scenarios. It commences by introducing what criminology and entire focus on cybercrime are. Discussion of four major cyber crimes such as cyber warfare, cyber extortions, cyberterrorism, and financial frauds are exclusively tackled. The computer has been discussed in the perspective of being a target or weapon of cybercrimes or both. Each of the four cybercrimes has been defined, how it is executed, a different form of such attacks, notable attack of that particular nature to the society or concerned victims, and the probable remedies to curtail such attacks in the future. Indeed, cybercrimes is a broad concern, and it calls for further advocacy on the matter.
References
https://www.nap.edu/read/11848/chapter/6
https://www.usip.org/sites/default/files/sr119.pdf
https://searchsecurity.techtarget.com/definition/cyberextortion
Olenick, D. (2020). CISA warns critical infrastructure sectors after a successful ransomware attack on pipeline operator | S.C. Media. S.C. Media. Retrieved 15 March 2020, from https://www.scmagazine.com/home/security-news/ransomware/cisa-issues-warns-critical-infrastructure-sectors-after-successful-ransomware-attack-on-pipeline-operator/.