How Do Cyber Criminals Operate?

Cyber security incidents have become more numerous and diverse and more damaging, with new types of cyber security attacks frequently emerging. Cyber crime should be a fairly open and shut case - cyber criminals execute a crime and then law enforcement should step in and catch the criminals and so the case should be closed. However, it can be particularly difficult to investigate because the crime often crosses international borders and boundaries some of which governments don’t want foreign police to cross.

Furthermore, the sophisticated tactics these criminals use, it makes it extremely difficult for law enforcement alone to collect evidence, capture the suspect and prosecute them.

To make the process work, law enforcement often has to coordinate with government agencies, international partners, and private corporations and this can take a lot of time, expense and expertise which can’t always be found. Frequently, cyber criminals use secure software to remain anonymous which are proxy servers that hide their location and route their communications through multiple countries in order to evade direct detection, and commit the crimes in other countries where they cannot be prosecuted. 

Traditionally, cyber criminals have been lone wolves until recent years. Now the most popular types of attacks implemented by these gangs are phishing scams, ransomware, botnets and malware, such as Remote Access Trojans (RATs). Their motivation behind these attacks is often monetary and informational gain such as cyberespionage, identity fraud, online extortion, credit card fraud and even international money laundering operations.

In 2013, the Internet Crime Complaint Center (IC3), have reported that the IC3 received 262,813 complaints of Internet crimes. Those crimes totaled $781million in losses. This was a 48% increase in complaints since 2012, and surprisingly, the FBI estimates that the IC3 only receives complaints for about 10% of all crimes on the Internet. 

The IC3 was founded in 2000, and houses the nation’s largest archive of reported Internet crimes worldwide. Despite being a worldwide service, 90% of their complaints come from the United States. The IC3 collects the data from these complaints and then forwards this data to the appropriate law enforcement agency. In addition to the NW3C working with the FBI to form the IC3, they offer a multitude of services to individual law enforcement agencies, including computer forensics, analytical research, and preparing materials and evidence for use in court. 

In addition to lending their investigative support to law enforcement cases, they also train thousands of officers, in computer forensics, cyber and financial crime investigations, and intelligence analysis. In 2013, the NW3C helped law enforcement gain 5.25 million dollars in criminal restitution, 4.81 million dollars in criminal fines and 452 months of sentences ordered. 

In order to bring a case to a successful conclusion, it takes thousands of hours in research and cyber forensic analysis, which includes identifying, preserving, retrieving, analysing and presenting data as a form of evidence. In order for this evidence to be admissible in court, the police need to obtain a warrant to seize the machines that are used in the crimes. 

In addition to all of this research, there are special technical skills that are needed when obtaining and analysing the evidence, such as the ability to decrypt encrypted files, recover deleted files, crack passwords and more. 
For these more technically complicated tasks, specialised cybercrime units are assembled, which are groups of officers trained in these skills. For law enforcement agencies alone, this would be an extremely tall order, even with the specialised task forces assisting, and that is where the efforts of the FBI and NW3C come into play.

If convicted, the sentencing and penalties vary. Hacking is considered a US Federal offense since it is a form of fraud. The penalty can range anywhere from paying a small a fine to serving up to 20 years in prison, depending on the severity of the crime. 

Cyber criminals have no preference in whom their targets are, as long as someone takes the bait. Usually the mainstream media only reports these threats when there are large data attacks involving prominent companies, but these attacks target everyone, including general computer users. 

Stay Safe

Use extreme caution when receiving unsolicited communications from individuals from out of the country, generally emails from another country use poor grammar and spelling, indicating that the sender is not a native English speaker.

  • Be suspicious of emails from unknown senders requesting personal information.
  • Don’t open, respond to, download attachments or click on links from unknown emails. Emails that come in the form of a help desk support ticket, a message from your bank, or from someone soliciting money via a 419 scam are usually phishing scams. 
  • If an opportunity seems too good to be true, such as a monetary windfall, it probably is. 
  • Make sure you’re using secure websites when entering in payment information. You can verify this by making sure the website’s URL begins with “HTTPS.”

Add an extra layer of protection to your computer using a comprehensive security software program and at Cyber Security Intelligence we suggest you Contact Us for advice and recommendations on professional assistance 

Norton:     Crest:     Stay Safe Online:     Safety Detectives

You Might Also Read:

Police First Hack Then Demolish Organised Crime Gangs:

 

« Nation-State Hackers Are Infiltrating The 2020 Election
Cyber Security Training For Employees »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

Clari5

Clari5

Clari5 redefines real-time, cross channel banking Enterprise Fraud Management using a central nervous system approach to fight financial crime.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.

TraitWare

TraitWare

The TraitWare mission is to increase user and company security while simplifying access to digital and physical resources through the elimination of the need for usernames and passwords.

Intraframe US

Intraframe US

Intraframe US is a cybersecurity company in Memphis, specializing in Digital Forensics Incident Response and Managed IT services. We provide SMBs with a 24/7 SOC for proactive Cyber Threat Management.