By Richard White, Ph.D.
Many types of crime fall under the banner of “cybercrime,” cut all cybercrimes share one common trait – they involve a computer to commit the offense. In my book “Cybercrime: The Madness Behind the Methods,” I endeavor to take a deep dive into the true nature of cybercrimes and take you, the reader, into the psychology and motivations of the cyber criminal.
I don’t think we can begin to combat hacking unless we understand how perpetrators of cybercrime work and what motivates them. With this in mind, I examine five misconceptions and aim to help us better understand the criminal, the victim and the cybercrime ecosystem.
The bottom line is that cybercrime is not going away and many people beyond the intended victim are affected. Technology alone is neither the sole cause nor the solution.
- Cybercrime does not originate in disadvantaged or “third-world” countries.
Cybercrime is one of the most highly-organized crime syndicates ever to exist. In reality, most the world’s hacks originate in developed countries such as China, Russia, the U.S., Taiwan, Romania and Hungary. Many players fulfill many roles, each for a profit exacted from victims. Tools are sold and methods are discussed on the Internet. Often programmers sell their tools with a money-back guarantee. Money has no conscience and does not care who earns it or how it is earned. No matter the country of origin, cyber criminals will always put their top-earning talents to work.
- Cybercrime is not victimless because it is nonviolent.
Cybercrime may be perceived as victimless because it fits into the category of white-collar crime. White-collar crime is not trivial or victimless, as most white-collar criminals would have you believe. A single cybercrime effort can result in multiple victims. The original victim may have something stolen, data held for ransom or their identity used to fleece other organizations. One event can leave a single person dealing with an issue for years, but that event can also impact a person’s family, friends and co-workers who must deal with the issue and, of course, the taxpayers often take a hit.
- Cybercrime is not committed by highly skilled and computer-savvy people.
People with only basic computer skills commit most cybercrime. These criminals use simple and proven methods, many of which have been around for a long time and seek the easiest way into a computer system. The software and methods used are readily available on the Internet for free or at a minimum cost. Phishing attacks are an example of how easy it is. Too many people, even if they are suspicious of an email, will open it to see what is inside and, worse yet, will click a link to see where it goes.
- Cybercrime does not require a technically complex and sophisticated plan.
As noted earlier, actual cyberattacks are not technically complex and sophisticated. But the organized crime aspects of the criminal network itself are, by their very nature, complex and sophisticated because they are designed to avoid detection and prosecution while exploiting the fruits of the actual cybercrime. Think of cybercrime as akin to a business where the actual thief is just one of many along a seemingly traditional hierarchy. With the sky being the limit and very little risk required to start, many potential hackers experiment at entry-level just to test their moxie and give it a try.
- Victims of cybercrimes are not usually made whole again.
The sad fact is that victims often spend years trying to resolve issues created by cybercrime and rarely see the return of stolen funds. The onus is on the victim to prove that they did not apply for that credit card or transfer funds from their accounts. Imagine discovering one day that your house has a second mortgage loan on it for tens of thousands of dollars that you did not take out? And now the bank is foreclosing on your property because you did not make your loan payments. Cybercrime creates real victims dealing with long-lasting issues. But cybercrime is not always about money. Consider the fear and psychological trauma associated with cyber-stalking and cyber bullying.
“Cybercrime: The Madness Behind the Methods,” published in late 2018, is available on Amazon.
Richard D. White is recognized industry expert in the field of cybersecurity. He is an adjunct professor of cybersecurity information assurance at University of Maryland University College and also serves as managing director of Oxford Solutions, a global managed security services company. In the past he worked for the United States Capitol Police as the Chief Information Security Officer where he coordinated and managed all aspects of advanced malware and threat detection, incident response, and cyber remediation and containment efforts.
He can be reached at (410) 577-5458.
9 Comments
B.E. Clark
Great article that definitely eliminates any false pretenses that may be misunderstood as to cybercrime, its origins and repercussions to society.
DJ Norris
Interesting article, and great overview of cyber crime. State-sponsored attacks are a problem, but the bigger problem are script kiddies that think they can buy someone else’s code and get away with whatever they want. Unfortunately, the people that suffer are the ones with a web presence who don’t have the means (whether financial or skill) to harden their site enough to prevent script kiddies from bringing the site down.
C.N. Ling
The fact that successful cybercrime is so often perpetrated by who would appear to be relative novices (“script kiddies”) is a telltale sign that 1) education and awareness are paramount in organizational culture and 2) preventative emphasis on security controls is worth the training and investment regardless of the immediately visible effects.
K. Imran
Fantastic article. Really raises awareness on the misconceptions of where cybercrimes originate. Being a victim of a cybercrime can be detrimental, as stated in the article. These crimes are not isolated only to the IoT, but have harmful repercussions in people’s lives outside of the internet. I find it interesting that most attackers are not computer-savvy individuals, but the tools they utilize are complex in avoiding detection. Therefore, making the incident hard to identify and mitigate. It’s imperative that organizations stress the importance of awareness and training to provide their teams with best practices as to how to identify potential risks and vulnerabilities, so that incidents such as, phishing attacks do not occur, thus leaving the individual as a potential victim of identity theft. Great read.
ns_UMUC
Great article giving a broad overview of why cybercriminals do what they do. It’s difficult to categorize an attacker’s motives or intent for crimes that are “moving targets”. This article does a fine job at analyzing where the attacks are coming from to open more dialogue about how to defend cybercrime in a new era of defense where we must consider that we won’t ever know where the attack is coming.
R. Heflin
I agree that cybercrime doesn’t need a sophisticated attack method, or be commited by someone exceptionally skilled. Phishing is still effective. Sending an email posing as someone’s bank with a link to a malicious site still works. Methods that worked years ago still work because people ignore advice on how to protect themselves or don’t update software. If an attacker is only successful 1% of the time, and nets $100 per success, 1,000,000 phishing emails can net $10,000,000. Not a bad haul.
Will Shaw
Interesting article. I don’t think many people realize all of these facts or at least they forget them. Looks like a pretty interesting book.
IB
Thanks for providing some real world eye-opening info on cybercrime that isn’t necessarily common knowledge. Impressive CV, will seriously consider adding the book to my kindle collection.
Gregoire Z
I do agree that cybercrime does not originate in third world countries. The true is that in third world countries, most people do not have access to technology nor the internet as compare in developed countries where the use of computers and the internet is an essential part of people’s daily life. Hackers hack in a system either for a political reason, monetary gain or for a revenge and developed countries are always the target. I definitely buy this book to expand my understanding on cybercrime.