This article examines how computer crime has changed over time with the emergence of Internet crimes (also referred to as cyber crimes). The types of internet criminal activity (identity theft, credit and debit card number theft, and money-laundering schemes) are examined. Child exploitation using the Internet is also discussed. International organizations and law enforcement agencies that are involved in the fight against Internet crime are profiled. The weaknesses in computer security as well as the easily exploited naiveté of Internet users are examined. In addition, the social backlash against new behaviors that are Internet specific and efforts to pass laws against banning those behaviors are also examined.
Keywords Child Exploitation; Cyber Crime; Computer Crime; Identity Theft; Internet Crime; Online Auction Fraud; Phishing; Spyware
Historically, computer crime was limited to computer systems and networks including hacking, data destruction, data theft, and system disruption. Many of those crimes were directed towards businesses, government agencies, or universities. In the 1990s, as the Internet came into widespread commercial use, the nature of computer crimes began to shift (Provos, Rajab & Mavrommatis, 2009). There are still crimes against computers in the traditional sense, but the vast majority of modern day computer crimes are those in which computers and the Internet are used to commit a wide variety of other types of crimes, against businesses as well as individuals (Fox, 2009)(Stansky, 2009).
An Increasing Threat
Internet crime is flourishing. In 2013, the Wall Street Journal reported that Internet crimes cost the United States up to $100 billion, accounting for 1 percent of the gross domestic product (GDP). Losses were measured in such terms as intellectual property loss direct loss, reputational loss, and the loss of sensitive information. Internet scams via e-mail have increased to the point that some users receive dozens of scam emails in the workplace and at home every week (Fox, 2009); the use of email blocks and filters can, however, minimize occurrences. Internet criminals can be found pretty much everywhere, including in social networking websites such as Facebook and Twitter. In addition, banks suffer huge losses every year involving e-mail scams and other identity theft methods which compromise account numbers, social security numbers, and passwords of bank customers (Silver-Greenberg, 2009). In the event that banking information of a small company is disclosed, it could cause several weeks of disruption to company operations.
There have been many big cases of Internet crime during the last decade and credit card and debit card number theft have been amongst the most dramatic and most costly. One case involved eleven perpetrators who allegedly hacked nine major retailers in the United States and stole over 40 million credit and debit card numbers. It was an international conspiracy with perpetrators from the United States, Estonia, Ukraine, the People's Republic of China, and Belarus. Much of the theft was accomplished by intruding into the wireless networks of retail outlets. The retailers included TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, and DSW. Some of the credit card and debit card numbers were sold in the United States and Eastern Europe (Brannen, 2008)("Department of Justice brings," 2008). As a result of these types of crimes, business have had to spend large sums of money to upgrade their network security. In another example, in January of 2012 the shoe retail company Zappos.com was attacked and customer billing/shipping information and credit card data were exposed.
Organized crime has certainly found a new home and expanded opportunity on the Internet (Choo, 2008)(Spafford, 2008). Organized criminal activity on the Internet includes identity theft, the movement of illegal drugs, and the movements of counterfeit pharmaceutical drugs and other counterfeit merchandise around the world. Many of these crimes are financial crimes — with credit card fraud, money-laundering schemes, and identity theft leading the list of thriving criminal enterprises. Many of these organized crime groups operate in multiple countries including the United States, Canada, Pakistan, Portugal, Romania, and dozens of others. Financial institutions that have been targeted in these schemes include Citibank, Capital One, JPMorgan Chase, Comerica Bank, Wells Fargo, eBay, and PayPal (Foltz, 2008).
Child exploitation is not an invention of the Internet age by any means. However, the Internet has become the new playground for consumers of child pornography and a market place for those who purvey it. Pedophiles have formed Internet communities and exchange materials. Another aspect of child exploitation on the Internet is when adults attempt to pick up minors; that is, engage minors in chats or discussions online and then attempt to meet them in person to expand their relationship (Baker, 1999). There have been several dramatic cases of adults facing arrest for this behavior (Preston, 2008)(Sheldon & Howitt, 2008). Many corporations have installed web browser filters to block employees from specifically surfing to websites that provide this illegal content.
Identity theft on and off the Internet is also a growing criminal enterprise. These scams usually involve misuse of existing credit card or bank accounts, opening new accounts using stolen identities, fraudulently obtaining government benefits or services, obtaining new documents to support the use of the stolen identity, and even health care fraud ("Scoping paper," 2008). Although many people consider identity theft as an Internet crime, it has become a cross over crime with stolen identities as well as stolen corporate credit cards being used online as well as off line.
Stalking, harassment, and bullying have also found their way to the Internet. Although these types of activities may not be as dramatic as other Internet crimes, they are still a personally frightening and often terrifying event for those who are targeted (Gillespie, 2006). Cyber stalking can include unsolicited emails of a threatening or intimidating nature or be repeated confrontation in chat rooms or on networking sites by a threatening person (Hewitt, Dodd, Ingrassia, Truesdell, York & O'Connor (2005). Cyber harassment can include repeated antagonistic, hostile, or false postings on blogs or other social sites.
Commonly termed cyberbullying, this kind of harassment can include sending angry or threatening emails designed to intimidate a person from participating in activities. There have been several high-profile cases of cyberbullying in the United States in the 2000s, many unfortunately affecting children and teenagers, with some tragically ending in suicide. The common use of social networks and the relative ease of online anonymity make this an increasingly serious issue for youth; the general consensus is that this form of bullying affects more than half of teens. Legal protections against cyberbullying and cyberstalking are in place in most US states. In some cases, perpetrators have been prosecuted for such crimes as criminal harassment, violation of civil rights, stalking, and electronic harassment; new and proposed cyberbullying legislation also takes into account the actions and policies of schools.
Intellectual Property Piracy
One of the biggest dollar-volume businesses on the Internet is piracy of intellectual property. This includes the illegal copying, distribution, and sales of copyrighted works including books, music, software, and videos (Einhorn, 2009). The FBI has pursed thousands of investigations and indictments of copyright infringement crimes and a large portion of these cases have been international in scope and resulted in thousands of arrest and the seizure of hundreds of millions of dollars in pirated works. Piracy has also cost businesses billions of dollars in lost revenue.
In the early 1990s most people were ecstatic about the potential of the Internet and most still are. However, the types of Internet crimes that have emerged have outraged many people and there are ongoing efforts to pass new laws to protect Internet users and to prosecute Internet criminals. Many people and organizations blame the Internet as the ubiquitous cause of these new crime waves. In reality, the Internet has just become the latest means of committing crimes.
What this Means to the World of Business
Corporations are on the frontline in the fight against Internet crime. In addition to spending more on computer and network security, corporations have also found it necessary to better train employees to identify potential scams as well as determine if corporate assets have been compromised. It has also become necessary to monitor and control employee Internet use to prevent intentional misuse as well as unintentional actions that may cause network security problems.
Corporations have been fighting spam since the mid 1990s. Spam email has clogged corporate email servers and bogged down communications within the company as well as between the company and its suppliers and customers. Businesses receive hundreds of billions of spam e-mails every year and spend billions of dollars per year getting rid of spam and spyware (Garcia, 2006)(Sun, 2008).
Many large and small companies alike have also installed various Types of filters and blocking software that prevents employees from accessing websites, social networks, or communication systems on the Internet. The process of blocking websites can improve security on the corporate network in two ways. First, it can prevent misuse of company computers and networks by disallowing certain types of Internet activity. Second, when employees are limited in their web use, they can be kept from accessing websites that may be spyware traps or that spread other types of malicious code (Taylor, 2008). Other companies have an ongoing effort to monitor Internet use of their employees and can warn employees about misuse or even terminate them (Fortier, 2007).
Internet crime has created several other perils for corporate information security including making the company laptops and tablets (and even smart phones) prime targets for theft. Many laptops and tablets have corporate information, user names, and passwords stored on them. If one is stolen and falls into the wrong hands, Internet criminals could too easily start gaining access to company computer systems and networks (Britt, 2009).
There have also been several cases where data stored on laptops and tablets included employee names, addresses, and even social security numbers. When these devices are stolen or lost, the potential for crimes like identity theft are high. If this type of data is on a company computer, it is essential that it be secured (Foster, 2008). Corporations as well as nonprofit organizations are facing a growing number of laws and regulations regarding the safety of employee and customer personal data. This is especially true for financial data and health care related data. Companies can be fined by the government but they also face the potential of class action suits by groups whose data have been compromised (Levenson, 2008).
The Fight Against Internet Crime
Just as the Internet has spawned new industries and new ways to make money for individuals as well as large companies, it has also giving rise to new products, new services, and new law enforcement efforts to fight Internet crime. The computer security products business has grown to over $80 billion annually and is expected to keep growing at a rapid rate.
Most countries have passed some law or regulation to address Internet crime. The Council of Europe's Convention on Cybercrime and relevant European Union legislation, for the most part, has been the primary reference model for many regulations. In addition, most countries have established some sort of central agency or agencies to fight Internet crime ("The promotion of," 2005). It is not known how well developed these agencies are or to what extent they are successful.
Regulation within the United States
In the United States, law enforcement agencies and government regulators have started several new initiatives to combat Internet crime. The FBI has hired more agents with computer skills and is training agents in computer forensics. The FBI has also established several computer forensics centers across the United States to help the bureau in Internet crime fighting and to assist local law enforcement organizations in their efforts (Mercer, 2004). The FBI works in conjunction with the United States Secret Service, the United States Immigration and Customs Enforcement (ICE), the United States Postal Inspection Service, and the Bureau of Alcohol, Tobacco and Firearms (ATF)("Reporting computer hacking," 2009).
The Federal Bureau of Investigation
The FBI has worked to establish InfraGard, which is a joint effort between the FBI and private businesses, academic institutions, state and local law enforcement agencies, and other interested parties. The goal of InfraGard is facilitate "dialogue and communication between members and the FBI" that is helpful in countering cyber crime as well as other threats against the infrastructure of the United States ("About InfraGard," 2009). InfraGard is an important mechanism for the private businesses that are involved. It allows them to interact with the Internet crime fighting community and share information, and provides them assistance in their efforts to stop Internet criminals.
The Federal Trade Commission
The United States Federal Trade Commission (FTC) focuses on fighting identity theft, spyware, and Internet scams. The FTC provides information to consumers about identity theft and has an online compliancy reporting system. Spyware, software that is installed on your computer without your consent, can monitor and even control your computer use. The FTC has an initiative to fight spyware through law enforcement and consumer education. Internet fraud is also on the FTC's Internet crime fighting agenda ("Computers & the internet," 2009).
Internet Enforcement Program
The United States Securities and Exchange Commission has established the Internet Enforcement Program and Office (OIE). The OIE coordinates the investigation of enforcement-related cases generated from investor tips received in the SEC Complaint Center. The OIE also performs surveillance for potential Internet securities-related fraud and provides strategic and legal guidance to law enforcement agencies nationwide. The SEC is responsible for investigating...
Cyber criminals take full advantage of the anonymity, secrecy, and interconnectedness provided by the Internet, therefore attacking the very foundations of our modern information society. Cyber crime can involve botnets, computer viruses, cyber bullying, cyberstalking, cyberterrorism, cyberpornography, Denial of Service attacks, hacktivism, identity theft, malware, and spam. Law enforcement officials have struggled to keep pace with cyber criminals, who cost the global economy billions annually. Police are attempting to use the same tools cyber criminals use to perpetrate crimes in an effort to prevent those crimes and bring the guilty parties to justice. This essay begins by defining cyber crime and then moves to a discussion of its economic and social impacts. It continues with detailed excursions into cyberbullying and cyberpornography, two especially representative examples of cyber crime, and concludes with a discussion of ways to curtail the spread of cyber crime.
Keywords Botnet; Computer Virus; Cyber Crime; Cyberbullying; Cyberstalking; Cyberterrorism; Cyberpornography; Denial of Service Attack; Hacktivism; Identity Theft; Information Society; Internet; Malware; Spam
Social Impacts of Cyber Crime
Computer-related crime dates to the origins of computing, though the greater connectivity between computers through the Internet has brought the concept of cyber crime into the public consciousness of our information society.
In 1995, when the World Wide Web was in its early stages of development, futurist Dr. Gene Stephens wrote about the present and future reality of cyber crime and made several predictions: "Billions of dollars in losses have already been discovered. Billions more have gone undetected. Trillions will be stolen, most without detection, by the emerging master criminal of the twenty-first century—the cyberspace offender" (Stephens, 1995, p. 24).
Reflecting on his predictions in a 2008 article, Stephens noted that he and others foresaw much of the cyber crime to come:
I correctly forecast an explosion of cellular phone time theft and phone fraud; increased cyberattacks and fraud against government and business; massive credit card theft and fraud; internal theft of clients' identities by financially struggling and/or greedy financial service employees; more cyberporn, cyberstalking, cyberharassment, and cybervengeance; and the use of biometrics and encryption as methods of protecting data in cyberspace (Stephens, 2008, p. 33).
Defining Cyber Crime
Cyber crime, as distinguished from computer crime, is an umbrella term for the various crimes committed using the World Wide Web, such as:
• The theft of one's personal identity (identity theft) or financial resources;
• The spread of malicious software code such as computer viruses;
• The use of others' computers to send spam email messages (botnets);
• Denial of Service (DoS) attacks on computer networks or websites by the hacker;
• Hacktivism, or attacking the computer servers of those organizations felt by the hacker to be unsavory or ethically dubious;
• Cyberstalking, by which sexual predators use Internet chat rooms, social networking sites, and other online venues to find and harass their victims;
• Cyberbullying, where individuals are harassed by others, causing severe mental anguish;
• Cyberpornography, the use of the Internet to spread child and adult pornography;
• Internet gambling and software piracy; and
• Cyberterrorism, the use of the Internet to stage intentional, wide-spread attacks that disrupt computer networks; using the Internet to spread violent messages, recruit terrorists, and plan attacks.
Cyber crime can be divided into four sub-categories:
• Cyber-trespass (hacktivism, viruses, Denial of Service attacks)
• Cyber-deceptions (identity theft, fraud, piracy)
• Cyber-violence (cyberbullying, cyberstalking)
(based on Wall, 2001, p. 3-7, cited in Yar, 2006, p. 10).
Several of these activities have a long history that predates the Internet, and they also have technological antecedents. "Some of the nineteenth-century wire frauds perpetrated by tapping into the early electric telegraph systems, for example, bear an uncanny resemblance to modern day hacks" (Wall, 2007, p. 2).
Media reports since the 1990s have documented the many methods by which criminals have used the Internet to commit crimes. Cyberthieves have become skilled at using the anonymity and secrecy of the Internet to defraud their victims of their money, their peace of mind, and indeed even their lives. When victims let their guard down by muting a healthy skepticism and caution, cyber crime takes place. As one FBI spokeswoman noted, "The scammer tries to prey on victims who are kind of in tune with what's going on in the world. The scam changes, but ultimately they're preying on the good will of people" (quoted in Simmons, 2008).
The Scope of Cyber Crime
Law enforcement officials have struggled to identify, arrest, and prosecute these tech-savvy offenders, even as sociologists have sought to get to the root of cyber crime. The Federal Bureau of Investigation (FBI) created a special cyber division in 2002 to “address cyber crime in a coordinated and cohesive manner (Federal Bureau of Investigation, 2013) with cyber squads in each of its fifty-six field offices, “cyber action teams” that travel worldwide to address cyber attacks, and nationwide computer task forces. The field of cyber crime has spawned the field of cyber criminology, defined as "the study of causation of crimes that occur in the cyberspace and its impact in the physical space" (Jaishankar, 2007, p. 1).
The scope of cyber crime remains staggering, and it continues to grow. In 2012, for instance, the US economy lost $525.5 million to cyber crime (Federal Bureau of Investigation, 2013), up over 40 million from 2011 with the most common complaints in 2012 being impersonation email scams, intimidation crimes, and scams that attempted to extort money from computer users. In 2012, cyber crime cost British businesses €21 billion (Morris, 2012), and over one million computer users in the European Union were affected every day by cyber crime (EruActive, 2012).
As more and more people have used the Internet to do their shopping, communicating, banking, and bill paying, they have become targets for cyber criminals. There are common-sense steps that can prevent or reduce having one's financial information stolen online, as well as to avoid other scams and threats, but cyber crime in these areas persists largely due to a lack of consumer education.
Some varieties of cyber crime, such as hacktivism, are ostensibly motivated by noble intentions, such as protest against perceived abuses by governments and corporations. Often these attacks involve posting comments on official government websites and are not motivated by a desire for monetary gain. However, other forms of cyber crime have a much more violent intent. These include cyberstalking, cyberbullying, and cyberterrorism.
While the economic impact of cyber crime is beyond dispute, rather less attention has been given to the social implications of cyber crime. Psychologists and psychiatrists can help victims cope with the fallout from identity theft, sexual abuse, or financial ruin, whereas sociologists are well-positioned to look at the broader social impacts and explanations of cyber crime.
Cyber crime attacks the very foundations of modern, technological societies, bound up as they are with the rapid flow of computer data facilitated by the Internet. At the most basic level, cyber criminals often take advantage of technologically unsophisticated individuals who nonetheless find themselves in a world where the Internet plays an increasingly central role in both community and private life. Cyber crime depends, at this level, on the ability of those who are more technologically sophisticated to use that knowledge to trick others into surrendering vital information, such as their bank account information or Social Security number. While it is possible in some situations for the victim of cyber crime to restore stolen money or even their personal online identity, the event often leaves the victim traumatized and deeply suspicious of the Internet and other trappings of modern life. In this way the cyber criminal deprives his or her victim of many of the...