IT and Society Lecture 5: Cybercrime Security

Questions and Answers

What are the three facets of cybercrime?

Traditional forms of crime over electronic networks, publication of illegal content, crimes unique to electronic networks.

What does the term 'total cost of cybercrime' refer to?

Only direct losses

Sum of direct losses, indirect losses, and defense costs (correct)

Only indirect losses

Criminal revenue

Criminal revenue from cybercrime is typically higher than total losses.

False

The definition of cybercrime includes publication of illegal content over __________ media.

electronic Signup and view all the answers

What is an example of direct losses from cybercrime?

Money stolen from victim accounts. Signup and view all the answers

What challenge does law enforcement face in dealing with cybercrime?

Perpetrators and victims often being in different jurisdictions. Signup and view all the answers

Which of the following is a form of online fraud?

All of the above Signup and view all the answers

What effect has the use of cryptocurrencies had on ransomware?

Increased revenues for ransomware authors. Signup and view all the answers

Business email compromise scams often involve fraudulent __________ messages.

email Signup and view all the answers

Spam is considered a serious cross-border crime.

False Signup and view all the answers

What is the focus of the U.S. National Crime Victimization Study with respect to cybercrime?

Identity theft, credit card and bank account fraud. Signup and view all the answers

Study Notes

Overview of Cybercrime

Cybercrime intertwines traditional crime forms (e.g., fraud, forgery) with new methods leveraging electronic networks.
Authority on cybercrime defined by the European Commission includes illegal content distribution and unique cyber offenses (e.g., hacking, denial of service).

Impact of Cybercrime

An analysis framework for assessing cybercrime impact includes criminal revenue, direct losses, indirect losses, and defense costs.
Criminal revenue consists of earnings minus inputs related to cybercrime activities, e.g., phishing revenues versus botnet costs.

Direct and Indirect Losses

Direct Losses: Financial losses encountered directly by victims, such as theft from accounts, or recovery costs from hacking incidents.
Indirect Losses: Societal costs difficult to attribute to specific individuals or acts, e.g., loss of trust in online services impacting revenues or reduced electronic service adoption.

Defense Costs and Total Cost of Cybercrime

Spending on preventive measures includes security products, incident response services, and law enforcement efforts.
The total cost of cybercrime is significantly higher than criminal revenue; for instance, a botnet yielding 3millionyearlycontrastedagainsta3 million yearly contrasted against a 3millionyearlycontrastedagainsta1 billion industry loss from spam.

Law Enforcement Challenges

Cybercrime often transcends borders, complicating jurisdictional law enforcement and mutual legal assistance.
Technical skills are essential for effective cybercrime investigations, requiring specialized units within law enforcement agencies.

Categories of Cybercrime

Online Card Fraud: Doubling in absolute value since 2012, posing management challenges for financial institutions.
Online Banking Fraud: Increased significantly with cases of "authorized push payment" scams costing UK users over £236 million.
Ransomware: Evolved over 20 years, particularly profiting from adaptation to cryptocurrencies.

Specific Scams and Frauds

Fake Antivirus and Tech Support Scams: Deceptive solicitation methods aimed at selling false software or services.
Business Email Compromise: Scams exploiting CEO impersonation to authorize illegitimate wire transfers.
Advance Fee Fraud: Victims pay minor upfront amounts expecting substantial financial returns.

Victimization Studies

U.S. National Crime Victimization Study indicated 10% of residents experienced identity theft, with only a quarter knowing the compromise origins.
The UK’s inclusive approach to cybercrime in victimization studies has shown a spike in reported offenses, indicating pre-existing unnoticed crime levels.

Questions for Consideration

Strategies needed to effectively manage diverse cybercrime types, including investment in protection versus risk-transfer through insurance.
Effectiveness of law enforcement in dealing with niche cybercrimes particularly when jurisdictional issues arise.

Description

Explore the intricate relationship between IT and society in this detailed lecture on Cybercrime and security. Discussing GDPR and the role of privacy activism, this session highlights the complexities of law development in data protection. Join us to understand the societal impact of cyber threats and legal responses.