How Do Cyber Criminals Operate?

Cyber security incidents have become more numerous and diverse and more damaging, with new types of cyber security attacks frequently emerging. Cyber crime should be a fairly open and shut case - cyber criminals execute a crime and then law enforcement should step in and catch the criminals and so the case should be closed. However, it can be particularly difficult to investigate because the crime often crosses international borders and boundaries some of which governments don’t want foreign police to cross.

Furthermore, the sophisticated tactics these criminals use, it makes it extremely difficult for law enforcement alone to collect evidence, capture the suspect and prosecute them.

To make the process work, law enforcement often has to coordinate with government agencies, international partners, and private corporations and this can take a lot of time, expense and expertise which can’t always be found. Frequently, cyber criminals use secure software to remain anonymous which are proxy servers that hide their location and route their communications through multiple countries in order to evade direct detection, and commit the crimes in other countries where they cannot be prosecuted. 

Traditionally, cyber criminals have been lone wolves until recent years. Now the most popular types of attacks implemented by these gangs are phishing scams, ransomware, botnets and malware, such as Remote Access Trojans (RATs). Their motivation behind these attacks is often monetary and informational gain such as cyberespionage, identity fraud, online extortion, credit card fraud and even international money laundering operations.

In 2013, the Internet Crime Complaint Center (IC3), have reported that the IC3 received 262,813 complaints of Internet crimes. Those crimes totaled $781million in losses. This was a 48% increase in complaints since 2012, and surprisingly, the FBI estimates that the IC3 only receives complaints for about 10% of all crimes on the Internet. 

The IC3 was founded in 2000, and houses the nation’s largest archive of reported Internet crimes worldwide. Despite being a worldwide service, 90% of their complaints come from the United States. The IC3 collects the data from these complaints and then forwards this data to the appropriate law enforcement agency. In addition to the NW3C working with the FBI to form the IC3, they offer a multitude of services to individual law enforcement agencies, including computer forensics, analytical research, and preparing materials and evidence for use in court. 

In addition to lending their investigative support to law enforcement cases, they also train thousands of officers, in computer forensics, cyber and financial crime investigations, and intelligence analysis. In 2013, the NW3C helped law enforcement gain 5.25 million dollars in criminal restitution, 4.81 million dollars in criminal fines and 452 months of sentences ordered. 

In order to bring a case to a successful conclusion, it takes thousands of hours in research and cyber forensic analysis, which includes identifying, preserving, retrieving, analysing and presenting data as a form of evidence. In order for this evidence to be admissible in court, the police need to obtain a warrant to seize the machines that are used in the crimes. 

In addition to all of this research, there are special technical skills that are needed when obtaining and analysing the evidence, such as the ability to decrypt encrypted files, recover deleted files, crack passwords and more. 
For these more technically complicated tasks, specialised cybercrime units are assembled, which are groups of officers trained in these skills. For law enforcement agencies alone, this would be an extremely tall order, even with the specialised task forces assisting, and that is where the efforts of the FBI and NW3C come into play.

If convicted, the sentencing and penalties vary. Hacking is considered a US Federal offense since it is a form of fraud. The penalty can range anywhere from paying a small a fine to serving up to 20 years in prison, depending on the severity of the crime. 

Cyber criminals have no preference in whom their targets are, as long as someone takes the bait. Usually the mainstream media only reports these threats when there are large data attacks involving prominent companies, but these attacks target everyone, including general computer users. 

Stay Safe

Use extreme caution when receiving unsolicited communications from individuals from out of the country, generally emails from another country use poor grammar and spelling, indicating that the sender is not a native English speaker.

  • Be suspicious of emails from unknown senders requesting personal information.
  • Don’t open, respond to, download attachments or click on links from unknown emails. Emails that come in the form of a help desk support ticket, a message from your bank, or from someone soliciting money via a 419 scam are usually phishing scams. 
  • If an opportunity seems too good to be true, such as a monetary windfall, it probably is. 
  • Make sure you’re using secure websites when entering in payment information. You can verify this by making sure the website’s URL begins with “HTTPS.”

Add an extra layer of protection to your computer using a comprehensive security software program and at Cyber Security Intelligence we suggest you Contact Us for advice and recommendations on professional assistance 

Norton:     Crest:     Stay Safe Online:     Safety Detectives

You Might Also Read:

Police First Hack Then Demolish Organised Crime Gangs:

 

« Nation-State Hackers Are Infiltrating The 2020 Election
Cyber Security Training For Employees »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.