Shortcuts:.
Back to Cyber Crimes and Criminals
Crime Lab
Officer Ward's blog archives.
How Cyber Criminals Operate | Catching Cyber Criminals | Cyberspace's Most Wanted
Before the Internet, criminals had to dig through people's trash or intercept their mail to steal their personal information. Now that all of this information is available online, criminals also use the Internet to steal people's identities, hack into their accounts, trick them into revealing the information, or infect their devices with malware.
Who Are They?
Most cyber crimes are committed by individuals or small groups. However, large organized crime groups also take advantage of the Internet. These "professional" criminals find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities.
Criminal communities share strategies and tools and can combine forces to launch coordinated attacks. They even have an underground marketplace where cyber criminals can buy and sell stolen information and identities.
It's very difficult to crack down on cyber criminals because the Internet makes it easier for people to do things anonymously and from any location on the globe. Many computers used in cyber attacks have actually been hacked and are being controlled by someone far away. Crime laws are different in every country too, which can make things really complicated when a criminal launches an attack in another country.
Attack Techniques
Here are a few types of attacks cyber criminals use to commit crimes. You may recognize a few of them:
- Botnet - a network of software robots, or bots, that automatically spread malware
- Fast Flux - moving data quickly among the computers in a botnet to make it difficult to trace the source of malware or phishing websites
- Zombie Computer - a computer that has been hacked into and is used to launch malicious attacks or to become part of a botnet
- Social Engineering - using lies and manipulation to trick people into revealing their personal information. Phishing is a form of social engineering
- Denial-of-Service attacks - flooding a network or server with traffic in order to make it unavailable to its users
- Skimmers - Devices that steal credit card information when the card is swiped through them. This can happen in stores or restaurants when the card is out of the owner's view, and frequently the credit card information is then sold online through a criminal community.
Some identity thieves target organizations that store people's personal information, like schools or credit card companies. But most cyber criminals will target home computers rather than trying to break into a big institution's network because it's much easier.
By taking measures to secure your own computer and protect your personal information, you are not only preventing cyber criminals from stealing your identity, but also protecting others by preventing your computer from becoming part of a botnet.
Social Engineering
Social engineering is a tactic used by cyber criminals that uses lies and manipulation to trick people into revealing their personal information. Social engineering attacks frequently involve very convincing fake stories to lure victims into their trap. Common social engineering attacks include:
- Sending victims an email that claims there's a problem with their account and has a link to a fake website. Entering their account information into the site sends it straight to the cyber criminal (phishing)
- Trying to convince victims to open email attachments that contain malware by claiming it is something they might enjoy (like a game) or need (like anti-malware software)
- Pretending to be a network or account administrator and asking for the victim's password to perform maintenance
- Claiming that the victim has won a prize but must give their credit card information in order to receive it
- Asking for a victim's password for an Internet service and then using the same password to access other accounts and services since many people re-use the same password
- Promising the victim they will receive millions of dollars, if they will help out the sender by giving them money or their bank account information
Like other hacking techniques, social engineering is illegal in the United States and other countries. To protect yourself from social engineering, don't trust any emails or messages you receive that request any sort of personal information. Most companies will never ask you for personal information through email. Let a trusted adult know when you receive an email or message that might be a social engineering attack, and don't believe everything you read.
Reformed Criminals: Grey Hat Hackers
For a hacker who wants to come clean and turn away from crime, one option is to work for the people they used to torment, by becoming a security consultant. These hackers-turned-good-guys are called Grey Hat Hackers.
In the past, they were Black Hat Hackers, who used their computer expertise to break into systems and steal information illegally, but now they are acting as White Hat Hackers, who specialize in testing the security of their clients' information systems. For a fee, they will attempt to hack into a company's network and then present the company with a report detailing the existing security holes and how those holes can be fixed.
The advantage of this is that they can use their skills for a good cause and help stop other cyber criminals. Keeping up with security and cyber criminals is a full-time job, and many companies can't afford to have someone completely dedicated to it. Grey Hat Hackers have real-world hacking experience and know more methods of infiltrating networks than most computer security professionals. However, since they used to be criminals there's always going to be a question of trust.
How Cyber Criminals Operate | Catching Cyber Criminals | Cyberspace's Most Wanted