Cybercrime is one of the most harmful types in terms its economic costs to individuals and businesses.
This reason alone suggests that students of A-level sociology studying the crime and deviance module should pay special attention to to this type of crime.
What are the economic costs of cybercrime?
A recent McAFee report estimated the global cost of Cybercrime in 2019 to be over $1 Trillion.
Accenture does an annual survey on the costs of Cybercrime to business and that revealed that the average cost of malicious attacks is just over $1 million to a company, with several days of downtime as a result.
The overall size of the global economy in 2020 was around $84 trillion, meaning global cybercrime accounts for 1% of global economic output.
Tax dodging by mainly corporations but also wealthy individuals costs the global economy just over $400 billion annually. (Source: The Conversation)
In 2015/ 16 the UK government estimated the total cost of ALL crime to be around £50 billion – besides cybercrime, fraud and theft were very high cost crimes, both made much easier with the growth of online networks.
The projected costs of Cybercrime are much greater. according to Cyber Security Ventures the global cost of Cybercrime is set to reach $10.5 trillion dollars by 2025
Analysis/ Evaluation – what to make of these figures?
These statistics suggest that the costs of Cybercrime are growing rapidly, and if you believe the projections, then Cybercrime is by far the most damaging type of crime in terms of financial cost.
However, you need to question the validity of data published by Cybersecurity companies – it is in their interests to exaggerate the extent of cybercrime so they can sell more security software!
Having said that, official statistics themselves show a HUGE increase in the amount of cybercrime in the last five years, and so it’s likely that the costs of cybercrime would have increased too.
I haven’t here distinguished between cyber dependent crime and cyber-enabled crime – I think a lot of the increasing costs are due to old types of crime (fraud and especially theft) becoming more common online (as opposed to face to face) – I guess the internent just makes it easier to attempt to commit these types of crime, en masse (as through phishing) rather than the slower and more risky physical thefts.
The depressing thing is that I find none of this surprising – we live in more networked world, and one unfortunate consequence is that it’s now easier to attempt to commit fraud and theft against faraway victims online – it’s simple rational choice theory – computer networks make it more convenient to attempt crimes such as phishing and identity theft with less risk.
And while I’m sceptical about Cyber Security companies exaggerating the extent of online crime, I’m inclined to agree with them that this is on an uptrend as that’s what official statistics from all around the world suggest, not to mention the increasing amount of anecdotal evidence from people who have been scammed, and TBH I only need compare the amount of phishing emails in my inbox today compared to five years ago to realise the increase in attempted crimes against me, and presumably millions of other people receiving such mail in their Spam folders every day!
It seems it’s more important than ever to take your online security and safety very very seriously.
Cybercrime refers to illegal activities carried out with a computer over a network such as the internet.
Some of the most common types of cybercrime include:
Identity and data theft
internet fraud (online scams)
hacking (unauthorised access to networks)
Infecting devices with viruses
Denial of Service attacks (DOS attacks)
file sharing in breach of copyright
3D Printing of illegal products
The key characteristics of cybercrime include:
The use of digital technologies – either a desktop or laptop computer, but also mobile phones and games consoles.
Cyber crime takes place over networked devices. (NB this means one of the main strategies for protecting yourself is to DISCONNECT OR SWITCH OFF your devices whenever you can!)
Most cyber crime is informational – it involves an attempt to access and steal personal or corporate/ government information or an attack on online identities.Cyber crime is non-local in nature – it takes place in ‘cyberspace’, not in a real physical location.
Having said that, there are physical locations where ‘attacks’ originate from, and these are often in different countries to the victims, making cyber crime very global in nature.
There is a considerable ‘data gap’ when it comes to what we know about cyber criminals – more than 80% of victims of online fraud can say NOTHING about the person that committed a crime against them for example.
Cyber dependent and cyber enabled crime
This is a common distinction in criminology (and a very useful analysis tool for A-level sociology students!).
Cyber-dependent crime refers to crimes which can only take place over computer networks – such as Hacking, virus and Denial of Service attacks. These are relatively new crimes, as they have only been possible since the emergence of the internent.
Cyber-enabled crime refers to pretty much ALL cyber crime and includes OLD types of crime that have been made easier with internet – this is MOST cyber-crime and includes identify theft, fraud, file sharing, counterfeiting and child pornography.
There maybe some types of Fraud which you think aren’t possible in the offline world, such as attempting to steal money from people through catfish type romance scams, but technically this would have been possible before the internet through newspaper dating ads and sending photos via letters, but as you can imagine, this would have been A LOT more difficult back in the day before the internet!
Contemporary Examples of Cybercrime
Below I provide some examples of famous historical cybercrimes and more recent cybercrimes to illustrate the nature and extent of some of the different types listed above.
(I’ve omitted the last type in the bullet point list, it’s a bit sensitive).
Identity and data theft
Only around 5% of the internet is visible (searchable by Google), 95% is the Deep Web (which includes the Dark Web) which is where people’s and corporations’ private data is stored, invisible to Google and encrypted, so that most people can’t gain access to it.
HOWEVER, data breaches are VERY common – where a company’s private records are either hacked or security weaknesses are exploited by other means.
This infographic shows you the extent of data breaches, and there are some BIG companies that have had been victims – Microsoft, Facebook, Twitter, Experian and many, many others.
Wikipedia shows you the same data in a list format , citing research estimating that the annual cost of data breaches to companies currently stands at over $2 trillion annually.
If people’s personal data is breached it can make its way onto the internet so other people can access it. Sometimes this data might be made available for free (just for lolz), other times it might be up for sale on the Dark Web – the later being more likely if the data has financial value, like people’s financial information.
Depending on the type of stolen data made available this can be used against people in the following ways:
email lists can be used in personalised phishing attempts (so if a criminal has a list of Barclay’s customers’ emails and other details, he can put together a more authentic looking Barclays phishing scam email).
Some personal data may be used to set up bank accounts and apply for credit cards which can then lead to financial crime being committed in other people’s names, this is essentially IDENTITY THEFT.
some data might be damaging to people’s reputations – like the Adult Friend Finder data breach – many people on that site were married.
If passwords are hacked they can be used to take over people’s social media and other accounts and then used against them – ever received an email from a friend you haven’t heard from in years directing you to click on a link? They were probably a victim of a data breach!
If you want to find out whether your email has been in a data breach, or ‘pawnd’ – the click here (NB not a scam!) – HaveIBeenPawnd.com.
Pawnd shows us that data in over 11 billion private accounts have been ‘breached’ and it further reports that the details of over 200 million of these accounts have been ‘pasted’ online – or made available so other people can access them.
NB – data breaches are not always the result of the obvious criminal organisations or lone individuals – the recent Pegasus SpyWare scandal is an example of a corporate enabled state crime in which people’s data was accessed illegally by various governments around the world.
Internet fraud (online scams)
The number of internet frauds, or internet scams out there are, unfortunately, many and varied. They include, but are by no means limited to…..
Covid-19 scams – A VERY unfortunate response to pandemic has been the emergence of lots of fake websites and emails (a form of phishing) offering people everything from ‘quality’ (in reality crap) Facemasks to rapid tests for travel to fake vaccines.
Get rich quick investment scams – there must be thousands of fake profiles on Instagram and other sites where users claim to be making LOTS of money trading stocks, crypto, currencies, property, and if you invest with them, you get a cut of their profits – you invest a little, get some returns, then you invest more, then your buddy stops contacting you and runs off with your money.
Instagram influencer scams – Influencers can get scammed too – especially the up and coming ones – with bogus offers to ‘come to this amazing location or event sponsored by Cosmo and take photos, but oh you’ve got to pay some money upfront for the hotels/ drivers/ flights and so on – they arrive to find the first night paid for, and then nothing else, and no sponsors of course!
Phishing scams – ”You’ve won a prize’ – please click here and enter ALL your personal and bank details so we can transfer it into your account.
False shopping scams – bargain web sites with ‘too good to be true’ prices – you pay for some goods at a crazy 70% discount and then, err, never receive them!
The ‘Nigerian Romance’ (419) scam – this is THE classic scam, 419 refers to the penal code in Nigeria which outlaws it – basically someone sets up a fake profile on a dating site, worms their way into the confidence of the unsuspecting victim they message, this could take months, and eventually they require a substantial sum of money to help with their sister’s or mother’s (or whoever’s) medical expenses following an accident. In the USA alone in 2019 there were 146 00 victims who reported losing an average of $6000 each in these scams. (Further evidence that Americans are VERY stupid, maybe?)
Scareware – ‘Your computer is infected please call this number to get it sorted’, which may mean you end up being a victim of the following….
The ‘Microsoft Windows has been infected’ (‘Indian Call Centre’) scam – in which either someone from India (probably claiming to be in America or the UK if you push them) calls you (or you may have well called them following their Scareware attack) and helps you get rid of the virus infecting your Microsoft Windows software – accept in the process you give them access to your PC and they download all your data stored on that PC which may include bank details and passwords which they can use to get your money or set up fake accounts in your name, and get money that way, linking to Fraud above.
A recent example of one of these get rich quick scams is outlined in this BBC article – the victim explains how someone he followed on Instagram claimed he was making a lot of money trading currencies and that if people invested with him, he would carry on trading in the same way and deposit their share of the earnings back into their accounts.
The victim said he started off with a small amount of money – £1000, started see returns and gradually invested more and more, until the returns stopped and he’d lost a total of £17 000 to what was a scammer who’d set up a fake account on Instagram.
NB – watch out for instagram: according to one estimate almost HALF of accounts are fake.
Hacking (unauthorised access to networks)
Kevin Poulson is one of the world’s most famous hackers – in 1983 at the age of 17 he hacked into ARPANET, The Pentagon’s computer system. He was quickly caught but not prosecuted as he was a minor at that time.
He ignored the warning he received and carried on hacking, he gained some fame by hacking into Radio station’s servers when they ran competitions guaranteeing the 100th caller would win a prize – he made sure he was that caller and won and Porsche and $20 000.
He’s served five years in jail for his crimes but is now reformed and is a ‘white hat’ hacker who works for Wired magazine. You can read more about his story here. NB this is a great example of a biography providing us insight into criminal behaviour!
Another interesting type of hacking is ‘hactivism’ – most commonly associated with the group Anonymous (‘We are Legion’) – they were most active a decade ago around 2010, when they famously took issue with Scientology, hacking their systems and making them less visible on Google.
According to this article Hactivism has had something of a resurge with Covid-19. If you’re interested in finding out what Anonymous are up to, there’s a collection of articles from Wired here.
3D Printing of illegal products
3D printers bring an interesting twist to cybercrime – a good example of cyber enabled crime – it is now possible to print very robust, very powerful guns using a 3D printer, and (I imagine) you can pick up the specifications somewhere from the Dark Web.
It’s not just guns – printers can also be used to print access cards (swipe cards), and even drugs depending on the type of printer you have.
This is where a nation state engages in attacking government or Corporate systems in an attempt to bring down those systems. Russia has been accused of doing this recently by the U.S President Joe Biden.
NB – it may be difficult to pin the blame on the Russian State as they allegedly get criminal organisations to do this on their behalf and then make no effort to prosecute them.