Cybercrime

Cybercrime is the use of electronic communication for criminal activities.^[1] The concept of cybercrime depends upon the purpose of the term. Cybercrime almost always encompasses acts against the confidentiality, integrity, and availability of computer data or systems. More broadly, the term refers to computer/content-related acts for personal or financial gain or harm.^[2]

History

Proto-cybercrime: Phone Phreaking
In the 1970s, crimes were committed via telephone lines much like they are today via the Internet. The perpetrators, called "Phreakers," figured out that the U.S. telephone system functioned on the basis of tones. Notoriously, John Thomas Draper, Steve Jobs, and Steve Wozniak reverse-engineered and imitated the tones needed to route long-distance calls. The computerization of telecommunications led to the end of the phreaking era, and the culture shape-shifted into computer hacking.^[3] Hacking Becomes a Criminal Act
In 1982, Ian Murphy, aka Captain Zap, became the first person to be found guilty of a cybercrime, after hacking AT&T and manipulating its internal clock to enable free calls during peak hours.^[4] First Governmental Response to DNS Misuse
On Nov. 2, 1988, Robert Tappan Morris released a worm that halted one-tenth of the Internet and led to the founding of the first Computer Emergency Response Team (CERT).^[5]

2021 Cybercrime Reports

Current trends in cybercrime revolve around how the COVID-19 pandemic has shaped everyday work/home life and highlighted the importance of cyber networks in maintaining critical infrastructure.

INTERPOL’s ASEAN Desk identified the top cyber threats as:^[6]

Business Email Compromise, as a high-return investment with low cost and risk;
Phishing, using COVID-19 jargon and misinformation to deceive unsuspecting victims;
Ransomware, to target medical centers and public institutions, expecting a better success rate due to the pandemic;
E-commerce Data Interception, undermining trust in online payment systems.
Malware-as-a-Service, are reaching non-technical threat actors and requiring minimal investment;
Cyberscams, because of the pandemic, more people are conducting transactions and working from home online; and
Cryptojacking, as the value of cryptocurrencies increases.

Mandiant's M-Trends 2021 Report^[7]

59% of the security incidents investigated by Mandiant last year were initially detected internally by the organizations themselves (12% better than in 2019).
Ransomware has evolved and now employs various extortion tactics.
FIN11, a financially motivated threat group, was responsible for widespread phishing campaigns and extortion operations.
The median dwell time dropped as threat actors capitalized on pandemic-related shifts in work/home life.
UNC2452, an uncategorized state-sponsored group, engaged in a broad espionage campaign after injecting a backdoor dynamic-link library (DLL) into the SolarWinds Orion process.
63% of attackers used techniques outlined in the MITRE ATT&CK framework, and 5% of intrusions used over 1/3 of MAF techniques.
Threat actors exploited vulnerabilities in the infrastructure supporting work at home.

Organizations

FBI	Focus Areas
	Advance Fee Schemes
	Business Email Compromise
	Business Fraud
	Charity and Disaster Fraud
	Counterfeit Prescription Drugs
	Credit Card Fraud
	Elder Fraud
	Election Crimes and Security
	Fraudulent Cosmetics and “Anti-Aging” Products
	Funeral and Cemetery Fraud
	Health Care Fraud
	Identity Theft
	Illegal Sports Betting
	Internet Auction Fraud
	Internet Fraud
	Investment Fraud
	Letter of Credit Fraud
	Market Manipulation (“Pump and Dump”) Fraud
	Money Mules
	Nigerian Letter or “419” Fraud
	Online Vehicle Sale Fraud
	Ponzi Schemes
	Prime Bank Note Fraud
	Pyramid Schemes
	Ransomware
	Redemption/Strawman/Bond Fraud
	Reverse Mortgage Scams
	Romance Scams
	Sextortion

The following IGOs, NGOs, and U.S. government agencies are key opponents of global cybercrime.^[8]^[9]

Organization	Focus Areas
EC Action Against Cybercrime	capacity buidling for compliance with Budapest Convention
INTERPOL	transnational information sharing
ITU	harmonization of technical standards
UNODC	thematic reports on transnational crimes;
	database of trans/national legislation and case law on cybercrime
APWG	industry association combats phishing and Email Spoofing;
	data standards and model response systems and protocols
Spamhaus	provides real time, actionable threat intelligence to
	network operators, corporations, and Cybersecurity vendors
eNASCO	child safety online
INHOPE	combating child pornography
IWF	combating child sexual abuse
The Rand Corporation	credible research
CCIPS	prosecuting computer and IP crimes
ECTF	investigating identify theft, network intrusions;
	Business Email Compromise (BEC), and ransomware
C3	technical support for cross-border crime
IC3	cybercrime complaints

References

↑ Loader, Brian D., and Douglas Thomas, eds. Cybercrime: Security and surveillance in the information age. Routledge, 2013.
↑ Comprehensive Study on Cybercrime, UNODC, 2013
↑ The Origin of Cybercrime, GooseVPN
↑ [1]
↑ The Greatest Hacks, Wired
↑ INTERPOL ASEAN Desk
↑ Executive Summary, 2021 M-Trends Report
↑ International and Foreign Cyberspace Law Research Guide
↑ Common Online Scams, FBI

[1] Loader, Brian D., and Douglas Thomas, eds. Cybercrime: Security and surveillance in the information age. Routledge, 2013.

[2] Comprehensive Study on Cybercrime, UNODC, 2013

[3] The Origin of Cybercrime, GooseVPN

[4] [1]

[5] The Greatest Hacks, Wired

[6] INTERPOL ASEAN Desk

[7] Executive Summary, 2021 M-Trends Report

[8] International and Foreign Cyberspace Law Research Guide

[9] Common Online Scams, FBI

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]