Cybercrime is defined as the act of utilizing internet technologies to commit a crime. These crimes, include, but may not be limited to, hacking, malware distribution, cyberterrorism, cyberextortion, cybervandalism, or cyberprostitution. They may also include computer and network intrusions or distributing malware (e.g., stalkerware, ransomware) to obtain confidential information without authorization. Now, there is a difference between hacking and cracking. In general, hacking happens when the culprit gains unauthorized access to a computer system. However, cracking happens when the culprit gains unauthorized access to a computer system to commit another criminal act – e.g., steal trade secrets.
Network DisruptionsThe culprits use various tools or techniques to accomplish their objectives. They can use Denial of Service (“DoS”) attacks to prevent the users from using the service by sending multiple authentication requests. A Distributed-Denial-of-Service (“DDoS”) is another way the culprit takes control over computers and uses them to attack other targets. In essence, in these types of attacks, the culprits take advantage of the TCP handshake by repeatedly sending requests to network servers until they crash and deny legitimate access by users. The statute that prohibits these activities is referred to the Computer Fraud and Abuse Act which is codified under 18 U.S.C. § 1030.
Malicious SoftwareThe culprits may engage in a systematic course of actions in order to obtain private information without proper authorization. These actions may include the usage of malicious software (a/k/a “malware”) in order to extract private information. Malware can be transferred by electronic messages to random or specific recipients who may open and download the attachment. The attachment that yields the malware will execute and take control over the electronic device. For example, in a ransomware attack, the victim will receive an email and open the attachment that seems legitimate (e.g., invoice) which contains a program that infects the computer with malicious software.
Moreover, a malware referred to as stalkerware may monitor the electronic device’s traffic in order to obtain personal information. The culprits may use keyloggers to monitor user activities and trace usernames and passwords. Once, they obtain access to usernames and passwords, then they will use that information to login and search for valuable information. Phishing and spoofing happen when the culprits utilize fake emails or text messages to steal a person’s identity or private information – e.g., credit card numbers, bank account numbers, account passwords.
Auction fraudThere are state and federal laws that prohibit auction fraud. A person is guilty of auction fraud if he or she devises or intends to devise a scheme or artifice to defraud another person for obtaining money or property by using false or fraudulent pretenses via the internet in interstate or foreign commerce. So, for example, the online purchaser is informed that he or she has won the bid and should transfer the funds. However, the purchaser does not receive the item even after transferring the funds.
Website DefacementWebsite defacement is a form of online vandalism that happens when someone changes or replaces another person’s website content without authorization. The objective is to prevent the general public from accessing the website. The website defacers replace the original content with their own social or political message. In most circumstances, activists take the initiative to deface websites for political reasons. This type of behavior is also called “hacktivism.” In some cases, the hacktivists have been known to gain access to government websites and alter their contents.
Online Sales FraudOnline sales fraud happens when someone sales counterfeit products on the web. It’s a kind of internet fraud that is prevalent on e-commerce websites that provide the option to buy and sell products. So, in essence, the consumer pays for a counterfeit product instead of an authentic one without prior knowledge. In other instances, the culprit may create a fake but similar website that purports to sell a product or service by misleading the consumers. So, once the consumer pays the fee for the product or service, the culprit never delivers it.
Investment FraudThere are different types of investment fraud. Today, the culprits can use the internet to reach many more individuals and deceive or defraud them by controlling the price of securities. The bad actors can falsely advertise stocks and mislead investors into buying them by making false or deceptive statements. They may even use spam emails (i.e., unsolicited commercial emails sent towards third parties) to distribute false or deceptive information to the victims.
There have been cases where investors have been lured into buying bad stocks through online forums and lost significant funds. The Securities Act of 1933 and Securities Exchange Act of 1934 are designed to prevent securities fraud. The Code of Federal Regulations is also applicable to securities fraud. In other cases, individuals have engaged in smear campaigns against well-known public entities by creating an online forum and spreading lies about their financial status.
Credit Card FraudCredit card fraud happens when the culprit gets unauthorized access to the victim’s credit card information. There are both state and federal laws and prohibit credit card fraud. For example, 18 U.S.C. § 1029 and California’s Penal Code § 484 et seq. strictly prohibit credit card fraud. There may be other applicable statutes or case law that prevent the use, sale, or purchase of another person’s credit card information.
Identity TheftIdentity theft has become a prominent source of income for the culprits. It happens when the culprit takes over another individual’s identity by gaining access to his/her confidential information – e.g., date of birth, social security number, credit card number, bank account number. The culprits knowingly transfer the confidential information with the intent to commit an unlawful act that may constitute a violation of the state or federal laws. For example, Penal Code § 530.5 et. seq. makes identity theft illegal in the State of California. In some cases, identity theft is used to commit other crimes such as credit card fraud, computer fraud, mail fraud, wire fraud, and bank fraud.
Economic EspionageEconomic espionage takes place when the culprit steals a trade secret in order to be used for the benefit of a foreign government, foreign instrumentality, or foreign agent. There are various laws that prohibit economic espionage. For example, the Economic Espionage Act which is codified under 18 U.S.C. § 1831 states that:
Whoever, intending or knowing that the offense will benefit any foreign government, foreign instrumentality, or foreign agent, knowingly: (1) steals, or without authorization appropriates, takes, carries away, or conceals, or by fraud, artifice, or deception obtains a trade secret; (2) without authorization copies, duplicates, sketches, draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails, communicates, or conveys a trade secret; (3) receives, buys, or possesses a trade secret, knowing the same to have been stolen or appropriated, obtained, or converted without authorization; (4) attempts to commit any offense described in any of paragraphs (1) through (3); or (5) conspires with one or more other persons to commit any offense described in any of paragraphs (1) through (3), and one or more of such persons do any act to effect the object of the conspiracy, shall, except as provided in subsection (b), be fined not more than $5,000,000 or imprisoned not more than 15 years, or both.
Furthermore, there have been cases when foreign agents have stolen trade secrets from U.S.-based companies to enhance or promote their own industries. There have been instances of cyberespionage operations that were conducted by foreign hackers. Thereafter, the foreign hackers take the trade secrets which usually yields intellectual properties and use them without authorization.