Fighting the Good Fight The Battle against Cybercrime

Summary

The proliferation of computer-based technologies over the past half century has changed the world in fundamental ways. In sharp contrast to just a few decades ago, computer-based technologies have transformed the ways in which people live, work, recreate, shop and receive an education and current signs indicate that this digital transformation continues apace. These same trends, though, have also introduced countless new opportunities that can be exploited for illegal purposes by cyber criminals. The purpose of this paper is to examine the rising threat of cybercrimes and the increased use of technology in modern society to show how these types of crimes will continue to increase in frequency, scope and severity in the future unless appropriate, integrated security precautions are taken today. The research will show that although the precise costs of cybercrimes remain unclear, some estimates place these costs as high as $1 trillion annually, and these estimates may not be including all of the costs that are associated with cybercrimes at present. Finally, following the review of the relevant literature, a summary of the research and key findings concerning the foregoing issues are presented in the paper’s conclusion.

Cybercrimes and the Increased Use of Technology in Society

Today, some of the most serious crimes were not even illegal a few years ago because they involve computer-based technologies that did not exist. The situation at present, however, is characterized by the proliferation of a bewildering array of computer-based technologies in virtually every aspect of modern human life. Moreover, current trends indicate that this ubiquity will continue to increase well into the foreseeable future. Against this backdrop, it is not surprising that nefarious actors are also exploiting these trends by engaging in various cybercriminal activities that defy easy detection and prevention. The purpose of this paper is to provide a review of the relevant literature concerning cybercrimes and the increased use of technology in modern society to demonstrate that these types of crimes will continue to increase in frequency, scope and severity unless and until substantive actions are taken at the international level to combat cybercrimes. Following this review, a summary of the research and important findings concerning the current state of knowledge about cybercrimes and the increased use of technology in society are presented in the conclusion.

Review and Discussion

The world has become an increasingly interconnected place where computers facilitate global communications in ways that were unimaginable just a few years ago (Sarre, Lau & Chang, 2018). Indeed, the emergence of the so-called “Internet of Things” has made it possible for cybercriminals to gain access to consumers’ homes and even their kitchen appliances. In this regard, Stalans and Finn (2018) report that, “The permeating presence of information technology and cyberspace in the connection of things such as cars, phones, home security, and home temperature controls and its role as critical infrastructure for societal institutions highlights the potential serious harmful effects of cybercrime” (p. 501).

Further, a veritable cornucopia of Internet-enabled digital devices has transformed the manner in which people socialize, recreate, shop, keep informed about important events in their lives, earn a living and receive an education (Bossler & Berenblum, 2019). In addition, governments and business of all sizes and types have applied computer-based applications to many aspects of their operations to the point where they are absolutely mission critical. In sum, the world has become a highly interconnected place where digital technologies make modern civilization possible.

While these innovations in computer-based technologies have fundamentally changed the world for the better, there is a corresponding downside to these trends in the form of increased opportunities for cybercriminal activities. In this regard, Bossler and Berenblum (2019) emphasize that, “These technological advancements have created myriad opportunities for offenders to commit various forms of crime [which] are often referred to as cybercrime and occur because the perpetrator uses special knowledge of cyberspace” (p. 495). Likewise, Sarre et al. (2018) cite the increasing ubiquity of Internet-enabled computer-assisted devices of all types to make the point that:

The world has well and truly entered the digital age where technology is ever-present and all pervasive. The development of technological innovations facilitates our everyday lives. But they also make significant contributions to criminality. Cybercrime has become a serious problem globally. The research needed to match the reality is struggling to keep up. (p. 515)

Consequently, an unfortunate concomitant of the proliferation of computer-based technologies has been a corresponding increase in cybercriminal activities, and the scope, type and frequency of these attacks has increased in severity in recent years. For instance, Harkin, Whelan and Chang (2018) report that, “Cybercrime is an escalating priority for national and international police and security agencies” (p. 519). This escalation is due in large part to the harsh reality that cybercrimes are not only becoming more commonplace, they are becoming more damaging as well to both the public and private sectors (Harkin et al., 2018).

Indeed, although precise figures are impossible to calculate since many cybercrimes are never reported to authorities and the scope of others remains unclear, the estimates about the current costs of cybercrimes are staggering. For instance, according to Harkin et al. (2018),”Some of the higher estimates of the costs of cybercrime tend to approach $1000 billion” (p. 520). A trillion dollars in costs that are directly attributable to cybercrime should give any national policymaker serious pause, but the actual figures that are involved may be even far greater still given the nebulous nature of cybercriminality, suggesting that far more needs to be done in order to mitigate the enormous economic and human toll that is being exacted by cybercriminals today.

One of the constraints to improving and expanding the scholarship concerning cybercrime to identify best practices and lessons learned is a lack of definitional clarity concerning what types of activities fall under this umbrella term. For instance, according to Sarre and his associates (2018), “There is still no precise and clear definition of cybercrime in academic parlance. It is sometimes called ‘electronic crime,’ ‘computer crime,’ ‘computer-related crime,’ ‘hi-tech crime,’ ‘technology-enabled crime,’ ‘e-crime,’ or ‘cyberspace crime’” (p. 516). In addition, cybercrime researchers have also confronted a number of different typologies that have been used to categorize cybercrimes.

One such approach cited by Sarre et al. (2018) identified three basic types of cybercrimes based on common law principles and precedential legislation: 1) crimes where the computer is used as the instrument of crime; 2) crimes where the computer is incidental to the offense, and 3) crimes where the computer is the target of crime (p. 516). Similarly, based on their analysis of actual cybercrime case data, Wu, Xiang, Gao and Wu (2018) also identified and described eight of the important characteristics of cybercrimes as follows: 1) the diversification of criminal phenomena, 2) concealment of criminal processes, 3) modernization of criminal methods, 4) the intelligence of criminal organizations, 5) the rejuvenation of criminal subjects, 6) the unbounded criminal groups and regions, 7) the serious consequences of crimes, and 8) the difficulty in investigation and evidence collection.

Taken together, these eight distinguishing characteristics of cybercrime make it clear that they differ in substantive ways from many traditional criminal cases with respect to 1) finding clues, 2) filing for investigation, 3) identifying and protecting the crime sites, 4) collecting and fixing the chain of evidence, 5) analyzing evidence and judicial identification, and 6) the adjudication of the criminal case. These distinguishing characteristics underscore many of the main differences between traditional and cybercrimes, but there are some other differences involved as well that policymakers and security specialists must taken into account (Wu et al., 2018).

For example, the term cybercrime is also applied to new types of criminal activities that are only possible using computer-based technologies such as gaining unauthorized access to a computer network (Bossler & Berenblum, 2019). In other words, modern cybercrimes run the entire gamut of conventional criminality as well as encompassing some novel unlawful acts that would not be possible without computer-based technologies otherwise (Bossler & Berenblum, 2019). In sum, while traditional criminal activities and cybercrimes both involve breaking laws, there are some important differences between the two types that must be taken into account when formulating security strategies.

In addition, an important point that is made by Bossler and Berenblum (2019) concerns the fact that, like other types of crimes, cybercrimes do not necessarily involve the theft of something of value for the unjust enrichment of others. For example, Bossler and Berenblum (2019) generally define cybercrime as “a large umbrella term that encompasses computer-assisted crime in which computers and technology are used in a supporting role, such as the use of a computer to send harassing messages” (p. 496). As discussed further below, cybercrimes differ in some respects from traditional crimes but the net adverse impact on victims is frequently indistinguishable.

Notwithstanding the numerous similarities between traditional criminal activities and cybercrimes, there is one overarching major difference that sets the latter apart from the former in terms of the violence that is frequently involved. While it is possible to instill a great deal of fear in others through cyberstalking or cyberbullying tactics, there is typically little or no opportunity for perpetrators to actually physically attack their victims. In sharp contrast, traditional crimes can and do include violence as a matter of course. For example, according to Kranenbarg et al. (2017), “Cybercrimes tend to be committed in a different context than traditional crimes. The relationship between traditional offending and victimization is the strongest for violent crimes, which as per definition requires physical interaction between victims and offenders” (p. 42).

This is not to say, of course, that cyber criminals do not cause serious harm to their victims, only that the type of harm is qualitatively different since it generally does not include actual physical violence. Indeed, many types of cybercrimes involve innocent people of all ages that find themselves victims of some exotic permutation of an online scheme that seeks to defraud or otherwise harm them using online resources in some form. Furthermore, there are numerous reports of cybercriminals using online chat rooms to entice young victims to participate in sexual encounters in real-world settings, so cybercrimes can subsume both traditional and cyber-type crimes that include physical violence.

This alarming growth in cybercriminal activities is attributable in large part to the jaw-dropping growth in the number of potential targets globally. According to a study by Stalaris and Finn (2016), nearly half of the world’s population, or more than 3 billion people, used the Internet in 2016 and a majority (>80%) of the households in most Western nations (i.e., the U.S., UK, Canada, France and Germany) have home access to the Internet. Likewise, a majority (>50%) of consumers in Latin America and the Middle East, 40% of the Asian population and approximately 25% of consumers in Africa used the Internet on at least one occasion in November 2015 (Stalaris & Finn, 2016).

It is reasonable to posit that these figures have increased significantly in the intervening years, and a majority of the world’s population likely has ready access to the Internet in some capacity at present. As noted throughout, the downside to this unprecedented growth has been a corresponding increase in organized cybercrime activities. In this regard, Stalaris and Finn (2016) point out that, “The accessibility and efficiency of the Internet and information technologies in supporting the infrastructure of societal institutions also fosters the development of cybercrime and deviant subcultures” (p. 502).

The growth in Internet-enabled devices has also created millions of new nodes where transmitted digital data can be manipulated and subverted in countless ways, and this growth has not gone unnoticed by Internet-savvy criminals that try to exploit every potential chink in computer security armor. In fact, according to Leukfeldt and Yar (2016):

Over the past two decades, there has emerged a substantial body of scholarship that addresses a wide range of on-line offenses, including computer ‘hacking,’ the distribution of malicious software, software and media ‘piracy,’ fraud, stalking, bullying, the distribution of obscene and hateful representations, and sexual victimization of both adults and children. (p. 264)

The fact that cybercrimes can involve outright theft, unauthorized access or other conventional criminal acts also means that these crimes can be differentiated with respect to their basic type. For example, Bossler and Berenblum (2019) point out that cybercrimes tend to fall into one of the following categories: 1) cyber-trespass such as unauthorized system access; 2) cyber-deception/theft such as identity theft, online fraud, or digital piracy; 3) cyber-pornography/obscenities such as child sexual exploitation materials; and, 4) cyber-violence such as cyberstalking and cyber terrorism. Like insider trading, the types of activities were not against any laws just a few years ago, but the rapid evolution and deployment of Internet-enabled computer-assisted devices require a new mindset concerning the types of threats that are arrayed against businesses and governments as well as what steps can be legitimately taken at present to address these growing threats.

Besides a lack of definitional clarity concerning what activities constitute cybercrimes, there is also the fact that activities that are illegal in some jurisdictions may not be illegal in others, or are simply not covered by existing national and local laws (Stalans & Finn, 2016). The current status of cybercrime legislation differs widely around the world, but the number of computer users as well as businesses and governmental entities that rely heavily on these online resources continues to increase. In sum, the cyber world of today resembles Old West of yesteryear where people try to get away with whatever they can, and many succeed because of a lack of applicable law enforcement resources.

More importantly still, the nebulous nature of the global status of cybercrime legislation has facilitated the perpetration of activities in one jurisdiction that would be outlawed in another, making detection and prosecution exceedingly difficult. In this regard, Stalans and Finn (2016) add that:

The Internet facilitates deviance and crime through providing visibility and accessibility to alternative justifications and normative viewpoints on forms of cybercrime. The fragmented and layered nature of the Internet further stimulates deviant and criminal activity as there is no centralized government body to establish the norms for appropriate conduct and to enforce criminal laws in specific countries. (p. 503)

This means that in many ways, cybercrimes are geography-dependent, and nations that have lax or even no laws against these types of criminal activities or that lack the enforcement capacity and resources that are required to stop them if they are against the law will inevitably attract criminal elements that are intent on taking advantage of these legal loopholes. As Stalans and Finn (2016) note, “Unlawful behavior in some countries is tolerated and legal behavior in other countries, allowing offenders to choose jurisdictions for their websites that have the least harsh legal consequences” (p. 504). The potential for abuse of any existing laws against cybercrimes is further accentuated in countries where the rule of law is low or nonexistent and the level of corruption is high, but this potential can reasonably be said to exist virtually anywhere.

Even in those jurisdictions with timely, stringent and comprehensive laws against cybercrime may be thwarted in their efforts to interdict sophisticated cyber criminals that have access to some of the most advanced hacking applications that are available through the so-called “Dark Web” or “Deep Web.” Moreover, hackers and other cyber criminals can also use any number of tools to avoid detection while remaining anonymous in online settings, thereby making detection and prosecution of these types of offense difficult, time consuming and inordinately expensive for jurisdiction that are already cash-strapped for law enforcement resources. In this regard, Stalans and Finn (2016) report that:

Maintaining anonymity or bogus identities during the commission of crimes is easier in virtual spaces than in real physical space. Apps, avatars, disposable devices, and the deep web—where search engines cannot detect websites due to an added layer of security—facilitate a concealment of criminal transactions, socialization into subcultures, and networking of those involved in illicit or nonconventional behavior. (p. 505)

Even non-state actors now have the ability to collaborate with other cyber criminals in online chat rooms and other computer-mediated fora to create black markets for illicit goods and services, including drugs and sex trafficking (Stalans & Finn, 2016). In fact, the ubiquity of computer-based networks essentially guarantees that any security-related vulnerabilities in these systems will be exploited by cybercriminals and these have been the actual experiences to date. For example, the results of a study by Kranenbarg, Holt and van Gelder (2017) confirm that, “Recent research demonstrates that there has been a significant rise in the rate of crimes that utilize information technology systems over the last two decades, though the rate of traditional crimes has decreased” (p. 40).

Although the results of the Kranenbarg et al. (2017) study as well as anecdotal accounts from the field and empirical observations from computer security practitioners all indicate that the prevalence of these cybercrimes is on the rise just as other types of crimes are on the decline, there remains a paucity of timely and relevant official statistics concerning these crimes to determine this increase with any degree of specificity. Despite this lack of timely and accurate data, it is apparent that cybercriminal activities are on the rise and that current security protocols are struggling to keep pace.

What is known for certain at the present time is that cybercrimes in general have become far more harmful than in the past with the potential for even far greater disruptions in the future. For instance, according to Cavelty and Wenger (2020), “In the last decade, cyber incidents have become more expensive, more disruptive, and in many cases more political, with a new body of theoretically informed research emerging in parallel” (p. 5). Unfortunately, the emerging body of research concerning cybercrimes has frequently failed to maintain pace with innovations in cybercriminal technologies.

Although disgruntled voters in some countries may actually welcome what they regard as a mere short-term disruption of their nation’s political process, these types of cyber threats extend far beyond the body politic in causing just minor inconveniences for the electorate. Indeed, there has been a distinct trend towards using cybercrimes that include severe and disabling attacks on basic national infrastructures as well. In this regard, Cavelty and Wenger (2020) emphasize that, “In the past decade, cyber incidents such as Stuxnet, WannaCry, and NotPetya or the interference in the American elections have given the impression that cyber attacks are becoming more targeted, more expensive, more disruptive, and more political and strategic” (p. 6).

Irrespective of the motivations behind cybercrimes, however, the threat of more intensified cyber attacks on targeted elements has had a chilling effect on counterintelligence operations that are struggling to stay ahead of the criminal element by developing effective defenses. Because cyber attacks are also becoming highly focused and strategic in nature, defending against these types of attacks has become even more problematic. For instance, Cavelty and Wenger (2020) add that, “Cyber incidents, understood as disruptions of the routine operations of digital technologies, have come to hold a prominent position in national and international security policy, with state actors trying to find adequate answers to counter the new threat” (p. 6).

Even as counterintelligence authorities try to build their digital security walls higher and their moats deeper, though, new cyber threats are emerging in unexpected and unforeseen ways. As Cavelty and Wenger (2020) conclude, “Due to interlinked changes occurring in the fields of technology, politics, and science, research that applies international relations or security studies theory to different facets of the phenomenon is no longer as rare” (p. 7). Nonetheless, there is still a glaring need for increased scholarship into the junctures between different disciplines to identify ways that perpetrators can defeat existing security protocols through lapses or vulnerabilities in the security network (Cavelty & Wenger, 2020).

In addition, Harkin et al. (2018) also call for focused research concerning the current roles that are served by local police agencies that are frequently the first responders on the scene of a cybercrime. In this regard, Harkin and his colleagues (2018) note that, “There is a clear empirical need for research exploring local law enforcement awareness, perceptions, and preparation for dealing with cybercrimes from the vantage point of the officers who are being asked to be the first responders to cybercrime” (p. 521). This call to action is more readily understandable – and justifiable -- when the threat of even more damaging cybercrimes looms even larger on the national and international horizons.

Some industry analysts argue that the resources that area available to combat cybercrime are being allocated to organizations that are important to the fight, but this process tends to overlook the role that local law enforcement authorities can play in promoting cybersecurity in the public and private sectors. For example, according to Harkin et al. (2018), “Despite the growing social and economic costs of cyber-crime, it seems evident that the main beneficiaries of increased public-sector funding to promote cyber security have been security and intelligence agencies rather than local police organizations” (p. 521). In other words, mounting a viable defense against cybercrime requires a holistic strategy that includes all available crime-fighting resources, including local police departments (Harkin et al., 2018).

The current situation with respect to cybercrimes is increasingly perilous for a number of reasons, including most especially the greater sophistication of cyber attacks and their use against national infrastructures and political targets. This expanded threat has contributed to a changing mindset on the part of security experts that more international cooperation is required as well as a far more comprehensive protective strategy -- and time is of the essence. In this regard, Kalkman and Wieskamp (2019) note that, “Cyber security increasingly demands inter-organizational cooperation due to the rise of new, diverse, and transnational cyber threats. Cyber-terrorism can be used to create fear of violence for political purposes and as a means to gather support for violent groups, while cyber-attacks can be launched with state support to sabotage or spy on other entities” (p. 4).

While it is impossible to quantify the economic costs of these types of cybercrimes, it is possible to predict the outcome of current trends if they are allowed to proceed without interdiction by law enforcement authorities. For instance, Kalkman and Wieskamp (2019) advise that, “Criminals and activists may hack into computer systems of companies and governments to disrupt their functioning or steal valuable assets” (p. 5). In addition, there is also an equally threatening but far less visible risk that is associated with social engineering as well as stemming from disgruntled employees. As Kalkman and Wieskamp (2019) point out, “There is a risk of insider threat, emanating from dissatisfied staff members sabotaging or protesting against their own organization in this manner. Staff members’ unawareness or negligence may further exacerbate these threats” (p. 5).