Cybersecurity and Crime

Authors:
Anonymous
Published:
Tuesday, October 28, 2014
Columns:
Cybersecurity and Privacy
min read

This week of National Cyber Security Awareness Month centers on law enforcement and looks at the criminal issues surrounding cybersecurity. What follows are three parts aimed at giving you a strategic and tactical understanding of crime committed across the world using networks. Questions to enrich your understanding appear at the end of the blog.

Strategic Overview

In recent years, cybercrime has emerged at the forefront of cybersecurity issues. Cybercrime is becoming increasingly impossible to avoid, but how important is it and where does the cyber threat fit exactly in the grand scheme of things? You have probably heard of hacks on corporations or data theft from a company, but those events do not often provide a view on how to prioritize the threat. A great way to characterize the threat is to examine the leaders in government. The Federal Bureau of Investigation, one of the foremost leaders in investigation, often uses a list of 10 to announce the most substantial security threats facing the United States. Examining this list reveals strategic insights on where the cyber threat lies.

Top 10 Priorities of the FBI

  • Counterterrorism
  • Counterintelligence
  • High-Technology Crimes
  • Public Corruption
  • Civil Rights
  • Organized Crimes
  • Combat Major White-Collar Crimes
  • Combat Significant Violent Crimes
  • Support Partners
  • Upgrade Technology

The cyber issue comes in at number three, but many of the other priorities have a cyber-component. For example, corrupt politicians may send email that enlists the services of a hacker to intrude on an opponent’s campaign during an election. A spy may use encrypted media to extract data from a university, business, or government entity. A criminal enterprise may enlist the services of turncoats to launder money from one bank to another. The examples are endless.

Homing in on Higher Education

The topic of cybercrime seems nebulous to many students, however, and rarely comes to mind. Training and awareness of cybersecurity can seem blasé. Security is often an afterthought as students focus on their studies, grades, and careers. That does not mean they are immune. Faculty, students, and staff can be affected by cybercrime in multiple ways:

  • Intellectual Property: Using a phishing email to gain unauthorized privileges into a system to then access directories of classified information
  • Social Engineering: By scam, posing as a legitimate business and recruiting for a job where they then launder money back to hackers using a bank
  • Financial Theft: Creating fake credit cards following a breach of a major bank to then impersonate a bank's customers
  • Identity Theft: Leaving healthcare data on patients unencrypted and accessible for unauthorized personnel to steal
  • Harassment: Stalking a person's social media profile account and threatening them online
  • Offensive Content: Using spyware to intrude on unauthorized systems and create obscene material from it

Real-Life Cases

Now that you have a basic strategic and tactical understanding of the cyber threat, let's examine some real-life cases.

Case I: Cyberstalking

In 2012, Adam Savader hacked into personal accounts of numerous women and acquired compromising photos of them with which he then blackmailed them. He threatened to release the photos if they did not send him more photos. Eventually law enforcement traced his cell phone to his residence and then charged him with extortion and stalking. This year he was sentenced to 30 months in jail.1

Case II: A Case of Bad Grades

In 2013, Roy Chaoran Sun and Sunjay Sharma were charged with computer tampering, conspiracy to commit burglary, and conspiracy to commit computer trespass. Both had very good grades in hard classes in the fields of engineering, but they were not good enough for these two students. They used credentials from professors to change grades from a A– to an A or sometimes from an F to an A. Eventually data did not match up; an audit trail revealed that the grades had been changed. Forensic analysis followed the trail and came back to both students, who have now been charged.2

Case III: Misuse of Peer-to-Peer File Sharing

An IP address was identified as trading obscene material using a peer-to-peer file sharing program. The IP eventually led to a Spring Valley college student. The perpetrator, identified as Anthony Michael Gonzales, had a laptop with 170 videos and 22,300 images of obscene material. Some content had children under two years old. On June 11, 2014, he was sentenced in federal court to 10 years in prison.3

Summary

Fighting cybercrime is tremendously difficult. Understanding the threat at a policy level is difficult enough, but having to understand the tactics is difficult as well. It does not help when the crimes become very technical, given the various ways criminals can infect a system. In addition, the crimes become more complex as they interact with other criminal issues.

To review what's been covered:

  1. Question: Has the cyber threat changed for the FBI in the past 10 years in terms of priorities?
  2. Question: Can cyberbullying violate federal law at a level where the FBI would investigate?
  3. Question: You may have noticed that many cyber cases involve interaction with other criminal paradigms. How often do you think this is the case?
  4. Question: One of the cases involved changing grades. How were they caught?
  5. Question: Out of the three cases, which had the harshest penalty?
  6. Question: Are cyberbullying and cyberstalking the same?

Answers to the questions in this post:

  1. Answer: No, there are limits to cyber issues, especially when it comes to terrorism, but it is still a top issue.
  2. Answer: Yes. While not commonplace, it can happen. Cyberbullying can become extraordinarily dangerous.
  3. Answer: Too often. Just because a crime is committed online does not mean that it does not exhibit the same tendencies as those committed by "regular" criminals.
  4. Answer: Through an audit. Like other crimes, cybercrimes often leave plenty of evidence even if the criminals believe they have hidden themselves sufficiently.
  5. Answer: Case III. These types of crimes carry severe penalties.
  6. Answer: Not necessarily; there can be differences in the severity of the crime.

Notes

  1. Anthony O'Reilly, "Savader gets 30 month jail sentence," The Island Now, May 1, 2014.
  2. Sophia Journal, "3 charged with hacking professors' grade books," USA Today, June 14, 2013.
  3. "San Diego college student sentenced to 10 years on child pornography charges," U.S. Immigration and Customs Enforcement website, press releases, June 11, 2014.