Research Paper: Cybercrime
The emergence of information technologies has revolutionized the ways in which human activities are undertaken in the business, social, and education sectors. However, as humans continue to depend on these technologies in almost all aspects of their lives, new challenges emerge- cybercrime. As computers get more sophisticated, the problem of cybercrime tends to evolve. The first recorded accounts of illegal use of computer systems surfaced in the 1960s, during which computers used to be large mainframe systems (De Leeuw & Bergstra, 2008). Unlike the modern information security breaches, these early crimes tended to entail computer sabotage, computer manipulations or the utilization of electronic devices to undertake illegal activities. Since access to mainframe computers was physically restricted and limited, and since the systems were never networked with others, these early forms of crimes used to be undertaken by insiders. However, cybercrime emerged with the surfacing of hacker culture from the 1960s to 1980s. In the 21st Century, governments and private citizens are increasingly raising concerns over the complexity of cybercrime, a phenomenon that poses security and economic danger to society.
Like other forms of crime, cybercrime is comprised of involvement in misconducts that have been outlawed by the society. Cybercrime differs from traditional forms of crime mainly in the manner in which it is committed (De Leeuw & Bergstra, 2008). While real-world criminals utilize guns to commit crimes, cybercriminals use computer technologies to engage in socially and legally outlawed activities. Therefore, cybercrime represents the shifting of real-world crime into the cyberspace (De Leeuw & Bergstra, 2008). To this end, cybercriminals utilize computers to commit fraud, theft, stalking, extortion, and aggression. The utilization of computer systems to commit a crime does not essentially alter the legal definitions of the activities at issue. For instance, fraud is fraud, whether conducted traditionally or through computer devices. Furthermore, not all criminal activities are computer-facilitated (De Leeuw & Bergstra, 2008). Cybercrime also has new forms of criminal activities such as Distributed Denial of Service (DDoS) attacks, which inflict harm on properties by shutting down websites, thus preventing the operators of websites from undertaking commercial or other activities in which they are involved.
Cybercrime is a widespread problem that generates adverse social and economic challenges to its victims. The problem has been compounded by widespread computer use by individuals and organizations, both locally and globally. One of the most common definitions of cybercrime is that it is a collection of unlawful acts in which the computer is a tool, target, or both. The computer may be utilized as a channel through which criminal activities are conducted. This problem is especially common when financial crimes or the sale of illegal products are involved. The computer may also be a target of criminal activities in many cases (Dashora, 2011). For instance, unauthorized access to computer systems, theft of intellectual property, as well as email bombing are forms of cybercrime in which computer systems are targets of unlawful acts. Due to the vulnerability of computers to cyber-attacks, laws and security controls are required to protect them against cybercrime. The vulnerability of computers to attacks stem from their capacity to store data in comparatively smaller space. In addition, computers are easy to access. The challenge associated with protecting computer systems from unauthorized access is that there are possibilities of breaches that do not stem from human error but complex technological frameworks (Dashora, 2011). Therefore, the secret implanting of logic bombs and key loggers has the potential to gain access codes, as well as advanced voice recorders. Furthermore, the sophisticated nature of operating systems that have millions of codes opens ways for possible lapses at any given stage.
Cybercrime is a problem that is increasingly attracting local and international concern. Approximately $400 billion is lost annually from cybercrime (Dahabiyeh, 2015). Therefore, the phenomenon poses global economic and security threats. The modern integrated and interlinked nature of multinational corporations increases their susceptibility to security attacks. Security is an issue that is no longer restricted to organizational boundaries. On the contrary, it transcends these confines to include users who operate within the same network (Dahabiyeh, 2015). For instance, the recent Target security breach and hacking of Sony Pictures Entertainment were not brought by inadequate security controls from retailers, but from deficiencies in some of the security systems provided by vendors.
- To investigate different forms of cybercrime in the society.
- To investigate common vulnerabilities that result in cybercrime.
- To explore security measures that can be used to deter cybercrime.
- What are the different forms of cybercrime?
- What are the common vulnerabilities that encourage cybercrime?
- What security measures and controls can be taken to combat cybercrime?
Significance of the Study
This study focuses on exploring one of the most relevant issues in terms of contemporary criminal justice. Technological progress creates numerous opportunities for commercial activity; however, it also poses severe threats to the well-being of diverse entrepreneurs. Stealing money has never been punishable as in the 21st century. Modern banks and financial services are experiencing a severe threat from numerous hackers and computer-intelligent criminals from the digital domain. Therefore, the topic of cybercrime is a significant and rather painful issue for the contemporary world.
At the same time, this type of crime is relatively new and, although it has attracted much public attention in the last decades, cybercrime can be viewed as a rather under-investigated question. Therefore, the given research presents an attempt to develop an insight into the analyzed topic and its significant properties. The paper aims to synthesize the information from numerous credible sources in order to elaborate an objective approach to the notion of cybercrime. In addition, the research focuses on strategies aimed at the protection from cybercrimes. Such a point makes it rather relevant to anyone who has threatened by the possibility of losing money as a result of the activity of offenders from the digital domain. Even though the present research does not aim to develop an in-depth insight into the observed question, it will present the primary issues related to the analyzed problem. Consequently, it will make the reader familiar with the concept of cybercrime and develop a critical analysis of diverse approaches to the observed concept. Therefore, this paper will be significant due to its general informative value.
Cybercrime is a problem that has attracted a lot of scholarly attention. In this regards, numerous studies have been conducted to explore common cybercrime vulnerabilities and control measures that can be used to combat them. These studies have often generated varying results. For instance, Stanciu and Tinca (2017) assert that the leading cause of cybercrime is the economic motivation of the attackers. Using a quantitative survey of people working in corporate environments, the researchers found that most people mention ransom as one of the most common attacks that they encounter daily. Other major attacks take the form of malware, phishing, SQL injection, as well as the loss of mobile. The formal interview also showed that ransomware attacks have grown phenomenally over the last five years. According to Stanciu and Tinca (2017), key loggers and fake antivirus have also increased by 76 percent. Further, the researchers revealed that there has been an increase in the overall level of attacks.
In an attempt to explore the common factors that result in cyber-attacks, Stanciu and Tinca (2017) found that financial gains, credential theft, as well as denial of service attacks, are the leading causes of crimes committed in the cyberspace. Thus, Stanciu and Tinca (2017) infer that the most commonly mentioned motivation of attack is financial gain, which is positively correlated with ransomware, which is the most frequent attack. Moreover, the next most frequent motivation is theft of credentials, a factor that can potentially result in speedy financial gain for the cybercriminals. Further, denial of service was ranked third in the list of common motivators of cybercrime. As such, the researchers assert that the desire to realize financial gains influence the most common attacks.
While clamor for financial gains has been ranked as one of the leading causes of cybercrime, a group of researchers argues that the desire to victimize others drive many cybercriminals. Bergmann et al. (2018) observe that there has been an upsurge in cases of victimization in the cyberspace. In a bid to explore the debate on which factors influence cyber-dependent crime and how they can differ across three kinds of cyber-dependent offenses, Bergmann et al. (2018) assessed a random sample of 26,665 internet users in Germany aged 16 years and older. Their investigations indicated that personal and household variables, together with internet and deterrence behaviors impacted the risks of cyber-related forms of victimizations and bullying. Moreover, the outcomes of victimization vary across three types of offenses: malware, ransomware infections, and misuse of personal data. Therefore, Bergmann et al. (2018) infer that the risk of being victimized by cyber-dependent crime is not the same for all groups of people. To the contrary, it relies on multiple factors based on the ideas proposed by the Routine Activity Approach.
Researchers have also generated varying views on mechanisms of combating cybercrime. For instance, Kesari, Hofnage, and McCoy (2017) state that policies, procedures, and legislation are some of the most effective mechanisms of deterring cybercrime. In an exploration of how governments, intellectual property custodians, and technology firms respond to cybercrime, Kesari, Hofnage and McCoy (2017) state that laws are utilized to prevent access to intermediaries that are commonly utilized by financially-motivated cybercriminals. Like their licit organizations, illicit companies are dependent upon intermediaries to undertake advertisements, sale, and delivery of products, gathering of payments, and maintenance of a good reputation. When identifying these necessities, law enforcers and policymakers utilize judicial mechanisms, administrative processes, and self-regulatory frameworks to execute deterrence by denial approach. In addition, enforcing actions may have adverse impacts on consumers and others.
Licit organizations are prevented from undertaking illegal activities in the cyberspace through fines, threats, and regulatory activities. However, law enforcers may not utilize traditional deterrence mechanisms against financially-motivated cybercriminals. This challenge stems from insufficient financial and technological resources and other more pressing problems that there are confronting. Moreover, law enforcers are restricted by barriers that arise from frustrations from other jurisdictions that may not allow them to investigate cybercrime within their territories. As a result, law enforcement agencies may not sufficiently investigate and prosecute cybercriminals in areas that are outside their domains. In some situations, law enforcers may explore other tough measures such as deterrence which can counter the possible benefits that cybercriminals may realize. According to Kesari, Hofnage, and McCoy (2017), local law enforcement agents face challenges associated with their endeavors to get hold of the actual cybercriminals by stressing on third parties that are critical to organizational activities. In so doing, they deny the criminals easy access to monetary services.
Further, researchers increasingly recognize the need for international legislation to combat denial of service attacks. As such, Hui, Kim, and Wang (2017) state that the effects of putting in place the Convention on Cybercrime are that it results in dramatic deterrence on distributed denial of service attacks. Using data comprised of samples of real, random spoof-source DDOS attacks in 106 nations, Hui, Kim, and Wang (2017) found that putting in place the Convention on Cybercrime significantly reduces DDOS attacks by approximately 11 percent. However, the same effects of deterrence do not exist in cases where nations that place enforcements make reservations on international cooperation. Furthermore, Hui Kim and Wang (2017) state that there are indications that cyber attackers are often motivated by financial gains to commit fraud online. International and local policies play a critical role in promoting mutual support across participating nations in dealing with traffic and stored computer information systems. These agreements help to trace cybercrime. Moreover, international cooperation often heightens the certainty and celerity of apprehending and convicting international cybercriminals. In so doing, they prevent cybercrime. Nonetheless, Hui, Kim, and Wang (2017) caution international agreements over making vague definitions and measures of combating cybercrime. According to them, a lack of clarity on the right steps to take may encourage cybercrime to continue at international levels.
Finally, efforts to curb cyber-crime have gone beyond policymaking to incorporate other security controls. Moses and Rowe (2016) explore different mechanisms that can be used to boost internet security. They found that physical security forms an essential component of cyber security architecture and defense. In addition, access controls form a key cornerstone in physical security and have been weaker over time. The most commonly utilized access control measures include authentication, encryption, and physical controls. However, Moses and Rowe (2016) caution that cyber security professionals always overlook physical controls. For instance, mechanical locks are increasingly becoming inefficient in safeguarding information systems devices and resources. As such, Moses and Rowe (2016) propose the utilization of multi-factor authentication as a means to protect informational and cyber resources from unauthorized access.
The purpose of the study was to explore the problem of cybercrime and ways to combat it. In order to achieve these objectives, the study first sought to explore the different forms of cybercrime that affect individuals and businesses in contemporary society. Based on the analyses of literary sources, hacking, ransomware, malware, as well as spyware were identified as the leading ways in which cybercrime is manifested. Out of this list, ransomware and spyware were identified as the most common malicious applications that cyber criminals utilize to undertake fraud in the cyberspace. These findings are in line with the concerns raised by Song, Kim, and Lee (2016) that ransomware and spyware are gaining notoriety as the leading applications for committing cybercrime. According to Song, Kim, and Lee (2016), Ransomware is a form of malicious application that utilizes malicious codes to intrude into a computer system before users can notice it. These malicious software systems often encrypt crucial files and require money using encrypted files as a hostage, and gives monetary damages to users. The widespread increase in the mobile market has made mobile device users as the leading targets of hacking meant to gather illegal financial gains through ransomware.
The study also sought to determine the leading factors that motivate cybercrime. In this respect, various views were identified. They included the need for financial gains, as well as sadism and bullying to inflict harm. Other factors included: external aggression and intellectual property crimes. Out of these factors; clamor for financial gains and bullying were ranked as the main drivers of involvement in cybercrime. Like the traditional forms of crime, cybercriminals are individuals who use computer technologies to commit financial fraud online. Furthermore, cybercriminals are opportunistic individuals who may be driven by the desire to inflict mental and physical harm to victims, especially through cyberbullying, hurling insults to victims, and blackmailing.
Finally, the study sought to examine the necessary measures that can be taken to deter or control cybercrime. For analysis, these measures were ranked into three major approaches, including technical controls, administrative controls, and physical controls. The first most common access control mechanism was administrative control, which is mainly executed by developing policies, procedures, laws, and guidelines meant to combat cybercrime. These policies may be developed at both local and international levels. The study also identified ways in which technical controls may be executed to deter cybercrime. Examples include encryption, use of firewalls, installation of antivirus programs, and introduction of authentication and authorization systems. In particular, multi-factor authentication was identified as one of the most effective ways of deterring hacking and the problem of sharing of passwords. Other technical control mechanisms included the use of intrusion detection and prevention systems, as well as network penetration testing. Finally, physical controls included the use of strong lock mechanisms, surveillance camera, and security personnel.
The continued dependence on information technologies has transferred crime to the cyberspace. As a result, cybercrime is increasingly posing security and economic threats to nations and individuals. Individuals who commit cybercrime are primarily motivated by the need for illegal, financial gains. Others might be driven by the desire to inflict mental and emotional harm to their victims and targets. Adolescents and young adults are especially vulnerable to mental and emotional blackmails that take place in the cyberspace, a practice referred to as cyber bullying. However, putting in place proper security controls can help to reduce vulnerabilities to cyber security breaches. The main security controls that are commonly embraced to deter cybercrime include physical controls, technical controls, as well as passage of policies and laws to protect the cyberspace. Therefore, future researchers should focus on improving these security controls.
Bergmann, M. C., Dreißigacker, A., Von Skarczinski, B., & Wollinger, G. R. (2018). Cyber-
dependent crime victimization: the same risk for everyone?. Cyberpsychology, Behavior,
and Social Networking, 21(2), 84-90.
Dahabiyeh, L. (2015). Networks of cybercrime prevention: A process study of the credit card.
Twenty-Third European Conference on Information Systems (ECIS), Münster, Germany, 2015. Retrieved from https://www.researchgate.net/publication/316275759_Networks_of_Cybercrime_Prevention_A_Process_Study_of_the_Credit_Card.
Dashora, K. (2011). Cyber Crime in the society: Problems and
preventions. Journal of Alternative Perspectives in the Social Sciences, 3 (1), 240-259.
De Leeuw, K. M. M., & Bergstra, J. (Eds.). (2008). The history of information security: a
comprehensive handbook. New York: Elsevier.
Kesari, A., Hoofnagle, C., & McCoy, D. (2017). Deterring cybercrime: Focus on
intermediaries. Berkeley Tech. LJ, 32, 1093.
Moses, S., & Rowe, D. C. (2016). Physical security and cybersecurity: reducing risk by
enhancing physical security posture through multi-factor authentication and other
techniques. International Journal for Information Security Research (IJISR), 6(2), 667-
Song, S., Kim, B., & Lee, S. (2016). The effective ransomware prevention technique using
process monitoring on android platform. Mobile Information Systems, 2016, 1-9.
Stanciu, V., & Tinca, A. (2017). Exploring cybercrime–realities and challenges. Accounting and
Management Information Systems, 16(4), 610-632.