How Do Cyber Criminals Operate?

Uploaded on 2020-09-16 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber security incidents have become more numerous and diverse and more damaging, with new types of cyber security attacks frequently emerging. Cyber crime should be a fairly open and shut case - cyber criminals execute a crime and then law enforcement should step in and catch the criminals and so the case should be closed. However, it can be particularly difficult to investigate because the crime often crosses international borders and boundaries some of which governments don’t want foreign police to cross.

Furthermore, the sophisticated tactics these criminals use, it makes it extremely difficult for law enforcement alone to collect evidence, capture the suspect and prosecute them.

To make the process work, law enforcement often has to coordinate with government agencies, international partners, and private corporations and this can take a lot of time, expense and expertise which can’t always be found. Frequently, cyber criminals use secure software to remain anonymous which are proxy servers that hide their location and route their communications through multiple countries in order to evade direct detection, and commit the crimes in other countries where they cannot be prosecuted. 

Traditionally, cyber criminals have been lone wolves until recent years. Now the most popular types of attacks implemented by these gangs are phishing scams, ransomware, botnets and malware, such as Remote Access Trojans (RATs). Their motivation behind these attacks is often monetary and informational gain such as cyberespionage, identity fraud, online extortion, credit card fraud and even international money laundering operations.

In 2013, the Internet Crime Complaint Center (IC3), have reported that the IC3 received 262,813 complaints of Internet crimes. Those crimes totaled $781million in losses. This was a 48% increase in complaints since 2012, and surprisingly, the FBI estimates that the IC3 only receives complaints for about 10% of all crimes on the Internet. 

The IC3 was founded in 2000, and houses the nation’s largest archive of reported Internet crimes worldwide. Despite being a worldwide service, 90% of their complaints come from the United States. The IC3 collects the data from these complaints and then forwards this data to the appropriate law enforcement agency. In addition to the NW3C working with the FBI to form the IC3, they offer a multitude of services to individual law enforcement agencies, including computer forensics, analytical research, and preparing materials and evidence for use in court. 

In addition to lending their investigative support to law enforcement cases, they also train thousands of officers, in computer forensics, cyber and financial crime investigations, and intelligence analysis. In 2013, the NW3C helped law enforcement gain 5.25 million dollars in criminal restitution, 4.81 million dollars in criminal fines and 452 months of sentences ordered. 

In order to bring a case to a successful conclusion, it takes thousands of hours in research and cyber forensic analysis, which includes identifying, preserving, retrieving, analysing and presenting data as a form of evidence. In order for this evidence to be admissible in court, the police need to obtain a warrant to seize the machines that are used in the crimes. 

In addition to all of this research, there are special technical skills that are needed when obtaining and analysing the evidence, such as the ability to decrypt encrypted files, recover deleted files, crack passwords and more. 
For these more technically complicated tasks, specialised cybercrime units are assembled, which are groups of officers trained in these skills. For law enforcement agencies alone, this would be an extremely tall order, even with the specialised task forces assisting, and that is where the efforts of the FBI and NW3C come into play.

If convicted, the sentencing and penalties vary. Hacking is considered a US Federal offense since it is a form of fraud. The penalty can range anywhere from paying a small a fine to serving up to 20 years in prison, depending on the severity of the crime. 

Cyber criminals have no preference in whom their targets are, as long as someone takes the bait. Usually the mainstream media only reports these threats when there are large data attacks involving prominent companies, but these attacks target everyone, including general computer users. 

Stay Safe

Use extreme caution when receiving unsolicited communications from individuals from out of the country, generally emails from another country use poor grammar and spelling, indicating that the sender is not a native English speaker.

  • Be suspicious of emails from unknown senders requesting personal information.
  • Don’t open, respond to, download attachments or click on links from unknown emails. Emails that come in the form of a help desk support ticket, a message from your bank, or from someone soliciting money via a 419 scam are usually phishing scams. 
  • If an opportunity seems too good to be true, such as a monetary windfall, it probably is. 
  • Make sure you’re using secure websites when entering in payment information. You can verify this by making sure the website’s URL begins with “HTTPS.”

Add an extra layer of protection to your computer using a comprehensive security software program and at Cyber Security Intelligence we suggest you Contact Us for advice and recommendations on professional assistance 

Norton:     Crest:     Stay Safe Online:     Safety Detectives

You Might Also Read:

Police First Hack Then Demolish Organised Crime Gangs:

 

« Nation-State Hackers Are Infiltrating The 2020 Election
Cyber Security Training For Employees »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Nameshield Group

Nameshield Group

Nameshield is one of most experienced domain name registrars, trademark protection specialists and managers of online reputational risk in the world today.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.