By Richard White, Ph.D.
Many types of crime fall under the banner of “cybercrime,” cut all cybercrimes share one common trait – they involve a computer to commit the offense. In my book “Cybercrime: The Madness Behind the Methods,” I endeavor to take a deep dive into the true nature of cybercrimes and take you, the reader, into the psychology and motivations of the cyber criminal.
I don’t think we can begin to combat hacking unless we understand how perpetrators of cybercrime work and what motivates them. With this in mind, I examine five misconceptions and aim to help us better understand the criminal, the victim and the cybercrime ecosystem.
The bottom line is that cybercrime is not going away and many people beyond the intended victim are affected. Technology alone is neither the sole cause nor the solution.
- Cybercrime does not originate in disadvantaged or “third-world” countries.
Cybercrime is one of the most highly-organized crime syndicates ever to exist. In reality, most the world’s hacks originate in developed countries such as China, Russia, the U.S., Taiwan, Romania and Hungary. Many players fulfill many roles, each for a profit exacted from victims. Tools are sold and methods are discussed on the Internet. Often programmers sell their tools with a money-back guarantee. Money has no conscience and does not care who earns it or how it is earned. No matter the country of origin, cyber criminals will always put their top-earning talents to work.
- Cybercrime is not victimless because it is nonviolent.
Cybercrime may be perceived as victimless because it fits into the category of white-collar crime. White-collar crime is not trivial or victimless, as most white-collar criminals would have you believe. A single cybercrime effort can result in multiple victims. The original victim may have something stolen, data held for ransom or their identity used to fleece other organizations. One event can leave a single person dealing with an issue for years, but that event can also impact a person’s family, friends and co-workers who must deal with the issue and, of course, the taxpayers often take a hit.
- Cybercrime is not committed by highly skilled and computer-savvy people.
People with only basic computer skills commit most cybercrime. These criminals use simple and proven methods, many of which have been around for a long time and seek the easiest way into a computer system. The software and methods used are readily available on the Internet for free or at a minimum cost. Phishing attacks are an example of how easy it is. Too many people, even if they are suspicious of an email, will open it to see what is inside and, worse yet, will click a link to see where it goes.
- Cybercrime does not require a technically complex and sophisticated plan.
As noted earlier, actual cyberattacks are not technically complex and sophisticated. But the organized crime aspects of the criminal network itself are, by their very nature, complex and sophisticated because they are designed to avoid detection and prosecution while exploiting the fruits of the actual cybercrime. Think of cybercrime as akin to a business where the actual thief is just one of many along a seemingly traditional hierarchy. With the sky being the limit and very little risk required to start, many potential hackers experiment at entry-level just to test their moxie and give it a try.
- Victims of cybercrimes are not usually made whole again.
The sad fact is that victims often spend years trying to resolve issues created by cybercrime and rarely see the return of stolen funds. The onus is on the victim to prove that they did not apply for that credit card or transfer funds from their accounts. Imagine discovering one day that your house has a second mortgage loan on it for tens of thousands of dollars that you did not take out? And now the bank is foreclosing on your property because you did not make your loan payments. Cybercrime creates real victims dealing with long-lasting issues. But cybercrime is not always about money. Consider the fear and psychological trauma associated with cyber-stalking and cyber bullying.
“Cybercrime: The Madness Behind the Methods,” published in late 2018, is available on Amazon.
Richard D. White is recognized industry expert in the field of cybersecurity. He is an adjunct professor of cybersecurity information assurance at University of Maryland University College and also serves as managing director of Oxford Solutions, a global managed security services company. In the past he worked for the United States Capitol Police as the Chief Information Security Officer where he coordinated and managed all aspects of advanced malware and threat detection, incident response, and cyber remediation and containment efforts.
He can be reached at (410) 577-5458.