presentation on how cybercriminals use technology

How AI Is Shaping the Future of Cybercrime How AI Is Shaping the Future of Cybercrime

Cybercriminals are increasingly using AI tools to launch successful attacks, but defenders are battling back.

December 21, 2023

The letters "AI" on a digital background

As cybersecurity experts predicted a year ago , artificial intelligence (AI) has been a central player on the 2023 cybercrime landscape, driving an increase of attacks while also contributing to improvements in the defense against future attacks. Now, heading into 2024, experts across the industry expect AI to exert even more influence in cybersecurity.

The Google Cloud Cybersecurity Forecast 2024 sees generative AI and large language models contributing to an increase in various forms of cyberattacks. More than 90% of Canadian CEOs in a KPMG poll think generative AI will make them more vulnerable to breaches. And a UK government report says AI poses a threat to the country's next election .

While AI-related threats are still in their early stages, the volume and sophistication of AI-driven attacks are increasing every day. Organizations need to prepare themselves for what's ahead.

4 Ways Cybercriminals Are Leveraging AI

There are four main ways adversaries are using commonly available AI tools like ChatGPT, Dall-E, and Midjourney: automated phishing attacks, impersonation attacks, social engineering attacks, and fake customer support chatbots.

Spear-phishing attacks are getting a major boost from AI. In the past, it was easier to identify phishing attempts solely because many were riddled with poor grammar and spelling errors. Discerning readers could spot such odd, unsolicited communication, assuming it likely was generated from a country where English isn't the primary language.

ChatGPT pretty much eliminated the tip-off. With the help of ChatGPT, a cybercriminal can write an email with perfect grammar and English usage, styled in the language of a legitimate source. Cybercriminals can send out automated communications mimicking, for example, an authority at a bank requesting that users log in and provide information about their 401(k) accounts. When a user clicks a link to start furnishing information, the hacker takes control of the account.

How popular is this trick? The SlashNext State of Phishing Report 2023 attributed a 1,265% rise in malicious phishing emails since the fourth quarter of 2022 largely to targeted business email compromises using AI tools.

Impersonation attacks are also on the rise. Using ChatGPT and other tools, scammers are impersonating real individuals and organizations, carrying out identity thefts and fraud. Just like with phishing attacks, they use chatbots to send voice messages pretending to be a trusted friend, colleague, or family member in an attempt to get information or access to an account.

An example took place in Saskatchewan, Canada, in early 2023. An elderly couple received a call from someone impersonating their grandson claiming that he had been in a car accident and was being held in jail. The caller relayed a story that he had been hurt, had lost his wallet, and needed $9,400 in cash to settle with the owner of the other car to avoid facing charges. The grandparents went to their bank to withdraw the money but avoided being scammed when a bank official convinced them the request wasn't legitimate.

While industry experts believed this sophisticated use of AI voice-cloning technology would develop in a few years, few expected it to become this effective this quickly.

Cybercriminals are using ChatGPT and other AI chatbots to carry out social engineering attacks that foment chaos. They use a combination of voice cloning and deepfake technology to make it look like someone is saying something incendiary.

This happened the night before Chicago's mayoral election back in February. A hacker created a deepfake video and posted it to X, formerly known as Twitter, showing candidate Paul Vallas supposedly making false incendiary comments and spouting controversial policy standpoints. The video generated thousands of views before it was removed from the platform.

The last tactic, fake chatbots for customer service, do exist, but they're probably a year or two away from gaining wide popularity. A fraudulent bank site could be created using a customer service chatbot that appears human. The chatbot can be used to manipulate unsuspecting victims into handing over sensitive personal and account information.

How Cybersecurity Is Fighting Back

The good news is that AI is also being used as a security tool to combat AI-driven scams. Here are three ways the cybersecurity industry is fighting back.

Developing Their Own Adversarial AI

Essentially, this is creating "good AI" and training it to combat "bad AI." Developing their own generative adversarial networks (GANs), cyber firms can learn what to expect in the event of an attack. GANs consist of two neural networks: a generator that creates new data samples and a discriminator, which distinguishes the generated samples from the original samples.

Using these technologies, GANs can generate new attack patterns that resemble previously seen attack patterns. By training a model on these patterns, systems can make predictions about the kind of attacks we can expect to see and the ways cybercriminals are exploiting those threats.

Anomaly Detection

This is understanding the baseline of what normal behavior is and then identifying when someone deviates from that behavior. When someone logs into an account from a different location than usual or if the accounting department is mysteriously using a PowerShell system normally used by software developers, that could be an indicator of an attack. While cybersecurity systems have long used this model, the added technological horsepower AI models possess can more effectively flag messages that are potentially suspicious.

Detection Response

Using AI systems, cybersecurity tools and services like managed detection and response (MDR) can better detect threats and communicate information about them to security teams. AI helps security teams more rapidly identify and address legitimate threats by receiving information that is succinct and relevant. Less time spent on chasing false positives and attempting to decipher security logs helps teams launch more effective responses.

AI tools are opening society's eyes to new possibilities in virtually every field of work. As hackers take fuller advantage of large language model technologies, the industry will need to keep pace to keep the AI threat under control.

About the Author(s)

Richard De La Torre

Technical Manager, Bitdefender

Richard De La Torre is a Technical Manager at Bitdefender. He has worked in cybersecurity for nearly a decade and has been helping solve technical challenges in customer environments since 2008. Richard is a regular speaker at key industry events and security webinars presenting on topics including artificial intelligence, ransomware, and APT attack techniques.

Editor's Choice

presentation on how cybercriminals use technology

2024 InformationWeek US IT Salary Report

Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022

2023 Global Threat Report

EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity

2021 Digital Transformation Report

OT Threat Intelligence Report: Fuxnet ICS Malware

Threat Hunting in the Cloud: Adapting to the New Landscape

Data Protection Essentials: Proactive PII Leak Prevention and Data Mapping for GDPR

A Year in Review of Zero-Days Exploited In-the-Wild in 2023

Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights

Cisco Talos Blog

The rise of ai-powered criminals: identifying threats and opportunities.

AI’s influence is growing across the security space, bringing with it major implications for cybercriminals and defenders.
The recent adoption of AI has raised significant concerns for cybersecurity due to the many ways that criminals can use AI for disruption and profit.
Defenders and law enforcement can use AI to strengthen cybersecurity and counteract illicit activities.

The past decade has seen a massive adoption in machine learning and artificial intelligence. An increasing number of organizations have been leveraging such technologies to automate their operations and make their products and services better.

Despite the extensive use of machine learning (ML) and artificial intelligence (AI) by organizations for some time now, many users have first interacted with such technologies over the past few months in the form of generative AI helping users to generate text, code, images and other digital assets with the provision of limited input. The likes of ChatGPT have brought AI to the top of the public’s mind, fueling an intensive race for AI development.

As with any innovation, the use of AI is expected to have positive and negative effects on global culture as we know it, but I suspect that cybercrime will be one of the areas most affected. On the negative side, AI can help streamline criminals' operations, making them more efficient, sophisticated, and scalable while allowing them to evade detection and attribution. Concerning the positive impact of AI on cybersecurity, defenders, and law enforcement, can use AI to counteract advancements in illicit activity by developing new tools, tactics and strategies to automate data analysis, perform predictive detection of illicit activity and perform more effective attribution of criminal activity.

It is important to acknowledge that the AI use cases discussed in this blog encompass a range of varying complexities to achieve for both criminals and defenders. Certain use cases can be accomplished using readily available AI-enabled tools, while others demand advanced technical skills, costly infrastructure, and considerable time investments.

Empowering cybercrime

Cybercriminals are expected to benefit in many ways from advancements in machine learning and artificial intelligence.

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations, such as software development, scamming, extortions, etc., which in turn will decrease the need to recruit new members and lower operational costs due to the reduced need for headcount. While crime-related "job" postings typically find their way onto dark web forums and other anonymous channels, striving to ensure author anonymity, this practice carries significant risks as it could potentially unveil the identities and operations of criminals to whistleblowers and undercover law enforcement agents.

AI presents another avenue for cybercriminals to exploit by utilizing it to analyze enormous amounts of information, including leaked data. This analysis empowers them to identify vulnerabilities or high-value targets, enabling more precise and effective attacks that could potentially yield greater financial gains. Big data analytics is a complex undertaking necessitating significant processing power and thereby limiting its application to potentially large criminal organizations and state-sponsored actors capable of harvesting such power.

Another area of criminal activity that can thrive with AI is the development of more sophisticated phishing and social engineering attacks. This includes the creation of remarkably realistic deepfakes, deceitful websites, disinformation campaigns, fraudulent social media profiles and AI-powered scam bots. To illustrate the impact, consider an incident from 2020 wherein an AI-powered voice cloning attack successfully impersonated a CEO, resulting in the theft of more than $240,000 from a UK-based energy company. Similarly, in India criminals employed a machine learning model to analyze and mimic the writing style of a victim's email contacts to create highly personalized and persuasive phishing emails.

The utilization of AI is anticipated to also be prevalent among state-sponsored actors and prominent criminal organizations, to propagate disinformation and manipulate the public. Such tactics involve the creation and dissemination of deceptive content, including deep fakes, voice cloning, and the deployment of bots. Evidence of such practices already exists by a cybercriminal group employing AI for social media manipulation and spreading disinformation about the COVID-19 pandemic . This campaign relied on machine learning to identify emerging trends and generate highly convincing fake news articles.

The advancement of malware can also be impacted by allowing authors to streamline the process with the help of AI, enabling the creation of sophisticated and more adaptable malware. Allowing AI-powered malware to employ advanced techniques to evade detection by security solutions, utilizing "self-metamorphic" mechanisms rendering them capable of changing their operations based on the environment they operate in. Furthermore, criminals can potentially harness AI technology in the development of AI-powered malware development kits. These kits employ AI agents that learn from the latest tools, tactics, and procedures (TTPs) employed by malware authors, as well as stay updated with the latest advancements in security. An example of AI-powered malware is demonstrated by the researchers behind DeepLocker . Showcased how AI can be used to enhance targeted attacks, ensuring exploitation only when the intended target is present and to evade detection by concealing itself within benign applications.

Counteracting cybercrime

On the other side, cybersecurity professionals, defenders, and law enforcement agencies can harness the power of AI to counteract the advancements made in cybercrime. They can utilize AI to develop innovative tools, tactics, and strategies in their fight against malicious activities.

Areas such as threat detection and prevention will be at the forefront of AI security research. Many existing security tools, heavily rely solely on malicious signatures and user input, which render them ineffective for detecting advanced attacks. Consequently, an increasing number of vendors are turning to machine learning (ML) and AI technologies to achieve more precise and effective threat detection. Prominent examples include Cisco Secure Endpoint and Cisco Umbrella utilizing advanced machine learning to detect and mitigate suspicious behavior in an automated manner on end hosts and networks respectively. The inclusion of these technologies is likely to counter the malware being generated by AI discussed above.

Analysis of large amounts of data for the identification of indicators of compromise can be a tedious undertaking, consuming considerable time and money. As such, one area that can benefit from AI is Incident response and forensics for the automated analysis of large volumes of logs, system images, network traffic and user behavior for the identification of indicators of compromise (IOCs) and adversarial activity. AI can help speed up the investigation process, identify patterns that may be difficult to detect manually, and provide insights into the techniques and tools used by adversaries. Allowing more companies globally to have incident response and forensic capabilities.

Another potential use for AI by defenders and law enforcement alike is to enhance the attribution of criminal activity to adversaries through the analysis of multiple data points, including attack signatures, malware characteristics, and historical attack patterns, tools, tactics, and procedures. By examining these data sets, AI can identify patterns and trends that aid cybersecurity experts in narrowing down the potential origin of an attack. This attribution is valuable as it provides insights into the motives and capabilities of the attackers, allowing for a better understanding of their tactics and potential future threats. In addition, it allows defenders to more accurately identify adversaries that are leveraging tactics to evade identification by misleading attribution (e.g., use techniques, methodologies and tools another hacking group is using), which is an existing occurrence that defenders must consider when performing attribution. Such capabilities are primarily expected to be witnessed in the arsenal of state-affiliated cyber agencies as well as on a corporate level from threat intelligence providers.

ML algorithms and AI are set to expand their utilization for automated analysis and the identification of threats. Through the automated analysis of security-related data from multiple sources like threat intelligence feeds, dark web monitoring, and open-source intelligence, emerging threats can be identified and mitigated effectively. Cisco Talos has been leveraging AI for several years to automate threat intelligence operations such as the classification of similarly rendered web pages, identify spoofing attempts through logo analysis, phishing email classification based on text analytics and binary similarities analysis. Although existing work around emerging threats has proven to be highly effective, AI will further the area by allowing for more automate data collection, analysis, and correlation on a larger scale, facilitating the identification of patterns and trends that may signify new attack techniques or threat actors. This empowers cybersecurity professionals to proactively respond to emerging cyber threats by leveraging AI's ability to process and interpret vast amounts of data swiftly and accurately.

AI can also serve as a valuable tool for predictive analytics, enabling the anticipation of potential cyber threats and vulnerabilities based on historical data and patterns. By analyzing data from past attacks and adversaries, AI systems can identify common trends, patterns, or groups that may indicate or trigger future attacks. This capability empowers cybersecurity experts to take a more proactive stance to security, such as promptly patching vulnerabilities or implementing supplementary security controls, to mitigate potential risks before they are exploited by adversaries. Additionally, AI-driven predictive analytics allows for closer monitoring of adversaries' activities, enabling experts to anticipate and prepare for new attacks. By leveraging AI in this manner, cybersecurity professionals can enhance their defenses and stay one step ahead of evolving threats. A sizable number of cybercrime predictive research exists, highlighting how to practically use AI to support cybercrime research, as well as how to perform predictive analysis based on social and economic factors using the Bayesian and Markov Theories.

The rise of AI presents new challenges and great opportunities as its user base and applications continue to expand. The effective and targeted utilization of AI-related technologies will play a pivotal role for cybersecurity experts and law enforcement agencies in detecting, defending against, and attributing digital criminal behavior. By harnessing the power of AI, these entities can enhance their capabilities in combating evolving threats and ensuring the security of digital ecosystems. As the landscape of cybercrime evolves, embracing AI will be instrumental in staying ahead of adversaries.

Share this post

Related content, impact of data breaches is fueling scam campaigns.

Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time.

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments.

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs

Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.

MIT Technology Review

Newsletters

Preparing for AI-enabled cyberattacks

Artificial intelligence in the hands of cybercriminals poses an existential threat to organizations—IT security teams need “defensive AI” to fight back.

MIT Technology Review Insights archive page

In association with Darktrace

Cyberattacks continue to grow in prevalence and sophistication. With the ability to disrupt business operations, wipe out critical data, and cause reputational damage, they pose an existential threat to businesses, critical services, and infrastructure. Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate artificial intelligence (AI). What’s known as “offensive AI” will enable cybercriminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.

Some of the world’s largest and most trusted organizations have already fallen victim to damaging cyberattacks, undermining their ability to safeguard critical data. With offensive AI on the horizon, organizations need to adopt new defenses to fight back: the battle of algorithms has begun.

Download the full report

MIT Technology Review Insights, in association with AI cybersecurity company Darktrace, surveyed more than 300 C-level executives, directors, and managers worldwide to understand how they’re addressing the cyberthreats they’re up against—and how to use AI to help fight against them.

As it is, 60% of respondents report that human-driven responses to cyberattacks are failing to keep up with automated attacks, and as organizations gear up for a greater challenge, more sophisticated technologies are critical. In fact, an overwhelming majority of respondents—96%—report they’ve already begun to guard against AI-powered attacks, with some enabling AI defenses.

Offensive AI cyberattacks are daunting, and the technology is fast and smart. Consider deepfakes, one type of weaponized AI tool, which are fabricated images or videos depicting scenes or people that were never present, or even existed.

In January 2020, the FBI warned that deepfake technology had already reached the point where artificial personas could be created that could pass biometric tests. At the rate that AI neural networks are evolving, an FBI official said at the time, national security could be undermined by high-definition, fake videos created to mimic public figures so that they appear to be saying whatever words the video creators put in their manipulated mouths.

This is just one example of the technology being used for nefarious purposes. AI could, at some point, conduct cyberattacks autonomously, disguising their operations and blending in with regular activity. The technology is out there for anyone to use, including threat actors.

Offensive AI risks and developments in the cyberthreat landscape are redefining enterprise security, as humans already struggle to keep pace with advanced attacks. In particular, survey respondents reported that email and phishing attacks cause them the most angst, with nearly three quarters reporting that email threats are the most worrisome. That breaks down to 40% of respondents who report finding email and phishing attacks “very concerning,” while 34% call them “somewhat concerning.” It’s not surprising, as 94% of detected malware is still delivered by email. The traditional methods of stopping email-delivered threats rely on historical indicators—namely, previously seen attacks—as well as the ability of the recipient to spot the signs, both of which can be bypassed by sophisticated phishing incursions.

When offensive AI is thrown into the mix, “fake email” will be almost indistinguishable from genuine communications from trusted contacts.

How attackers exploit the headlines

The coronavirus pandemic presented a lucrative opportunity for cybercriminals. Email attackers in particular followed a long-established pattern: take advantage of the headlines of the day—along with the fear, uncertainty, greed, and curiosity they incite—to lure victims in what has become known as “fearware” attacks. With employees working remotely, without the security protocols of the office in place, organizations saw successful phishing attempts skyrocket. Max Heinemeyer, director of threat hunting for Darktrace, notes that when the pandemic hit, his team saw an immediate evolution of phishing emails. “We saw a lot of emails saying things like, ‘Click here to see which people in your area are infected,’” he says. When offices and universities started reopening last year, new scams emerged in lockstep, with emails offering “cheap or free covid-19 cleaning programs and tests,” says Heinemeyer.

There has also been an increase in ransomware, which has coincided with the surge in remote and hybrid work environments. “The bad guys know that now that everybody relies on remote work. If you get hit now, and you can’t provide remote access to your employee anymore, it’s game over,” he says. “Whereas maybe a year ago, people could still come into work, could work offline more, but it hurts much more now. And we see that the criminals have started to exploit that.”

What’s the common theme? Change, rapid change, and—in the case of the global shift to working from home—complexity. And that illustrates the problem with traditional cybersecurity, which relies on traditional, signature-based approaches: static defenses aren’t very good at adapting to change. Those approaches extrapolate from yesterday’s attacks to determine what tomorrow’s will look like. “How could you anticipate tomorrow’s phishing wave? It just doesn’t work,” Heinemeyer says.

Download the full report .

Keep Reading

Most popular, this grim but revolutionary dna technology is changing how we respond to mass disasters.

After hundreds went missing in Maui’s deadly fires, rapid DNA analysis helped identify victims within just a few hours and bring families some closure more quickly than ever before. But it also previews a dark future marked by increasingly frequent catastrophic events.

Erika Hayasaki archive page

What are AI agents?

The next big thing is AI tools that can do more complex tasks. Here’s how they will work.

Melissa Heikkilä archive page

What’s next for bird flu vaccines

If we want our vaccine production process to be more robust and faster, we’ll have to stop relying on chicken eggs.

Cassandra Willyard archive page

What is AI?

Everyone thinks they know but no one can agree. And that’s a problem.

Will Douglas Heaven archive page

Stay connected

Get the latest updates from mit technology review.

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at [email protected] with a list of newsletters you’d like to receive.

Games & Quizzes
History & Society
Science & Tech
Biographies
Animals & Nature
Geography & Travel
Arts & Culture
On This Day
One Good Fact
New Articles
Lifestyles & Social Issues
Philosophy & Religion
Politics, Law & Government
World History
Health & Medicine
Browse Biographies
Birds, Reptiles & Other Vertebrates
Bugs, Mollusks & Other Invertebrates
Environment
Fossils & Geologic Time
Entertainment & Pop Culture
Sports & Recreation
Visual Arts
Demystified
Image Galleries
Infographics
Top Questions
Britannica Kids
Saving Earth
Space Next 50
Student Center
Introduction

Defining cybercrime

Identity theft and invasion of privacy
Internet fraud
File sharing and piracy
Counterfeiting and forgery
Child pornography
Computer viruses
Denial of service attacks
Spam, steganography, and e-mail hacking

Our editors will review what you’ve submitted and determine whether to revise the article.

College of DuPage Digital Press - Computers and Criminal Justice - Introduction to Cybercrime
Academia - Cyber Crimes: An Overview
Table Of Contents

cybercrime , the use of a computer as an instrument to further illegal ends, such as committing fraud , trafficking in child pornography and intellectual property, stealing identities , or violating privacy. Cybercrime, especially through the Internet , has grown in importance as the computer has become central to commerce, entertainment, and government.

Because of the early and widespread adoption of computers and the Internet in the United States , most of the earliest victims and villains of cybercrime were Americans. By the 21st century, though, hardly a hamlet remained anywhere in the world that had not been touched by cybercrime of one sort or another.

New technologies create new criminal opportunities but few new types of crime. What distinguishes cybercrime from traditional criminal activity? Obviously, one difference is the use of the digital computer , but technology alone is insufficient for any distinction that might exist between different realms of criminal activity. Criminals do not need a computer to commit fraud, traffic in child pornography and intellectual property, steal an identity, or violate someone’s privacy. All those activities existed before the “cyber” prefix became ubiquitous . Cybercrime, especially involving the Internet, represents an extension of existing criminal behaviour alongside some novel illegal activities.

Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the Internet. In other words, in the digital age our virtual identities are essential elements of everyday life: we are a bundle of numbers and identifiers in multiple computer databases owned by governments and corporations. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity.

An important aspect of cybercrime is its nonlocal character: actions can occur in jurisdictions separated by vast distances. This poses severe problems for law enforcement since previously local or even national crimes now require international cooperation. For example, if a person accesses child pornography located on a computer in a country that does not ban child pornography, is that individual committing a crime in a nation where such materials are illegal? Where exactly does cybercrime take place? Cyberspace is simply a richer version of the space where a telephone conversation takes place, somewhere between the two people having the conversation. As a planet-spanning network, the Internet offers criminals multiple hiding places in the real world as well as in the network itself. However, just as individuals walking on the ground leave marks that a skilled tracker can follow, cybercriminals leave clues as to their identity and location, despite their best efforts to cover their tracks. In order to follow such clues across national boundaries, though, international cybercrime treaties must be ratified.

In 1996 the Council of Europe , together with government representatives from the United States, Canada, and Japan, drafted a preliminary international treaty covering computer crime. Around the world, civil libertarian groups immediately protested provisions in the treaty requiring Internet service providers (ISPs) to store information on their customers’ transactions and to turn this information over on demand. Work on the treaty proceeded nevertheless, and on November 23, 2001, the Council of Europe Convention on Cybercrime was signed by 30 states. The convention came into effect in 2004. Additional protocols , covering terrorist activities and racist and xenophobic cybercrimes, were proposed in 2002 and came into effect in 2006. In addition, various national laws, such as the USA PATRIOT Act of 2001, have expanded law enforcement’s power to monitor and protect computer networks .

Types of cybercrime

Cybercrime ranges across a spectrum of activities. At one end are crimes that involve fundamental breaches of personal or corporate privacy, such as assaults on the integrity of information held in digital depositories and the use of illegally obtained digital information to harass, harm, or blackmail a firm or individual. These new cybercapabilities have caused intense debate. Pegasus spyware, for instance, according to its creator, the Israeli cyber-intelligence firm NSO Group, is sold exclusively to government security and law enforcement agencies and only for the purpose of aiding rescue operations and battling criminals, such as money launderers , sex- and drug-traffickers, and terrorists. Yet, the smartphone-attached spyware, which can steal private data without leaving an obvious trace of its activities, has been widely used covertly by governments to track politicians, government leaders, human rights activists, dissidents , and journalists. It was even used to track Saudi journalist and U.S. resident Jamal Khashoggi months before his murder and dismemberment by Saudi agents in October 2018. Also at this end of the spectrum is the growing crime of identity theft .

Midway along the spectrum lie transaction-based crimes such as fraud , trafficking in child pornography , digital piracy , money laundering , and counterfeiting . These are specific crimes with specific victims, but the criminal hides in the relative anonymity provided by the Internet . Another part of this type of crime involves individuals within corporations or government bureaucracies deliberately altering data for either profit or political objectives. At the other end of the spectrum are those crimes that involve attempts to disrupt the actual workings of the Internet. These range from spam , hacking, and denial of service attacks against specific sites to acts of cyberterrorism—that is, the use of the Internet to cause public disturbances and even death. Cyberterrorism focuses upon the use of the Internet by nonstate actors to affect a nation’s economic and technological infrastructure . Since the September 11 attacks of 2001, public awareness of the threat of cyberterrorism has grown dramatically.

How AI will extend the scale and sophistication of cybercrime

Cybercriminals are already using AI to make their attacks more effective and far-reaching. It will only grow more widespread.

By Ryan Morrison

Artificial intelligence has been described as a ‘general purpose technology’. This means that, like electricity, computers and the internet before it, AI is expected to have applications in every corner of society. Unfortunately for organisations seeking to keep their IT secure, this includes cybercrime .

In 2020, a study by European police agency Europol and security provider Trend Micro, identified how cybercriminals are already using AI to make their attacks more effective, and the many ways AI will power cybercrime in future.

“Cybercriminals have always been early adopters of the latest technology and AI is no different,” said Martin Roesler, head of forward-looking threat research at Trend Micro, when the report was published. “It is already being used for password guessing, CAPTCHA-breaking and voice cloning, and there are many more malicious innovations in the works.”

Just as tech leaders need to understand how AI can help their organisations achieve their own aims, it is crucial to understand how AI will bolster the sophistication and scale of criminal cyberattacks, so they can begin to prepare against them.

How AI is used for cybercrime today

AI is already being used by cybercriminals to improve the effectiveness of traditional cyberattacks. Many applications focus on bypassing the automated defences that secure IT systems.

One example, identified in the Europol report, is the use of AI to craft malicious emails that can bypass spam filters. In 2015, researchers discovered a system that used ‘generative grammar’ to create a large dataset of email texts. “These texts are then used to fuzz the antispam system and adapt to different filters in order to identify content that would no longer be detected by spam filters,” the report warns.

Researchers have also demonstrated malware that uses a similar approach to antivirus software, employing an AI agent to find weak spots in the software’s malware detection algorithm.

AI can be used to support other hacking techniques, such as guessing passwords. Some tools use AI to analyse a large dataset of passwords recovered from public leaks and hacks on major websites and services. This reveals how people modify their passwords over time – such as adding numbers on the end or replacing ‘a’ with ‘@’.

Work is also underway to use machine learning to break CAPTCHAs found on most websites to ensure the user is human, with Europol discovering evidence of active development on criminal forums in 2020. It is not clear how far advanced this development is but, given enough computing power, AI will eventually be able to break CAPTCHAs, Europol predicts.

AI and social engineering

Other uses of AI for cybercrime focus on social engineering, deceiving human users into clicking malicious links or sharing sensitive information.

First, cybercriminals are using AI to gather information on their targets. This includes identifying all the social media profiles of a given person, including by matching their user photos across platforms.

Once they have identified a target, cybercriminals are using AI to trick them more effectively. This includes creating fake images, audio and even video to make their targets think they are interacting with someone they trust.

One tool, identified by Europol, performs real-time voice cloning. With a five second voice recording, hackers can clone anyone’s voice and use it to gain access to services or deceive other people. In 2019, the chief executive of a UK-based energy company was tricked into paying £200,000 by scammers using an audio deep fake .

Even more brazen, cybercriminals are using video deep fakes – which make another person’s face appear over their own – in remote IT job interviews in order to get access to sensitive IT systems, the FBI warned last month.

In addition to these individual methods, cybercriminals are using AI to help automate and optimise their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware , ransomware-as-a-service delivered from the cloud, and AI-powered targeting.

These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

The future of AI-powered cybercrime

The use of AI by cybercriminals is expected to increase as the technology becomes more widely available. Experts predict that this will allow them to launch cyberattacks at far greater scale than is currently possible. For example, criminals will be able to use AI to analyse more information to identify targets and vulnerabilities, and attack more victims at once, Europol predicts.

They will also be able to generate more content with which to deceive people. Large language models , such as OpenAI’s GPT-3, which can be used to generate realistic text and other outputs, may have a number of cybercriminal applications. These could include mimicking an individual’s writing style or creating chatbots that victims confuse for real people.

AI-powered software development , which businesses are beginning to use, could also be employed by hackers. Europol warns that AI-based ‘no code’ tools, which convert natural language into code, could lead to a new generation of ‘script kiddies’ with low technical knowledge but the ideas and motivation for cybercrime.

Malware itself will become more intelligent as AI is embedded within it, Europol warns. Future malware could search documents on a machine and look for specific pieces of information, such as employee data or protected intellectual property.

Ransomware attacks, too, are predicted to be enhanced with AI. Not only will AI help ransomware groups find new vulnerabilities and victims, but will also help them avoid detection for longer, by ‘listening’ for the measures companies use to detect intrusions to their IT systems.

As the ability of AI to mimic human behaviour evolves, so too will its ability to break certain biometric security systems, such as those which identify a user based on the way they type. It could also spoof realistic user behaviour – such as being active during specific hours – so that stolen accounts aren’t flagged by behavioural security systems.

Lastly, AI will enable cybercriminals to make better use of compromised IoT devices, predicts Todd Wade, an interim CISO and author of BCS’ book on cybercrime. Already employed to power botnets, these devices will be all the more dangerous when coordinated by AI.

How to prepare for AI cybercrime

Protecting against AI-powered cybercrime will require responses at the individual, organisational and society-wide levels.

Employees will need to be trained to identify new threats such as deep fakes, says Wade. “People are used to attacks coming in a certain way,” he says, “They are not used to the one-off, maybe something that randomly appears on a Zoom call or WhatsApp message and so are not prepared when it happens.”

In addition to the usual cybersecurity best practices, organisations will need to employ AI tools themselves to match the scale and sophistication of future threats. “You are going to need AI tools just to keep up with the attacks and if you don’t use these tools to combat this there is no way you’ll keep up,” says Wade.

But the way in which AI is developed and commercialised will also need to be managed to ensure it cannot be hijacked by cybercriminals. In its report, Europol called on governments to ensure that AI systems adhere to ‘security-by-design’ principles, and develop specific data protection frameworks for AI.

Today, many of the AI capabilities discussed above are too expensive or technically complex for the typical cybercriminal. But that will change as the technology develops. The time to prepare for widespread AI-powered cybercrime is now.

Ryan Morrison

Architect Founder

The Journal of the NPS Center for Homeland Defense and Security

21st Century Crime: How Malicious Artificial Intelligence Will Impact Homeland Security

By Kevin Peters

Kevin Peters' thesis

– Executive Summary –

Artificial intelligence (AI) has the potential to dramatically transform how society interacts with information technology, particularly how personal information will interconnect with the hardware and software systems people use on a daily basis. The combination of developing AI systems and a digitally connected society could transform our culture in a manner not seen since the Industrial Revolution. Experts in the field of AI disagree on the pace at which the technology will develop; however, cognitive computing and machine learning are likely to affect homeland security in the coming years. Criminals, motivated by profit, are likely to adapt future AI software systems to their operations, further complicating present-day cybercrime investigations. If the homeland security enterprise is going to be prepared for the potential malicious usage of AI technology, it must begin to examine how criminal elements may use the technology and what should be done today to ensure it is ready for tomorrow’s threat.

This thesis examines how transnational criminal organizations and cybercriminals may leverage developing AI technology to conduct more sophisticated criminal activities and what steps the homeland security enterprise should take to prepare. A byproduct of ongoing research is that criminals may create malevolent AI. Cybercriminals, motivated by profit, may attempt to develop proxy AI systems that mask their involvement, avoid risk, and direct attribution and responsibility. The malicious use of AI could threaten digital security, and machines could become as proficient at hacking and social engineering as human cybercriminals. The ability to detect cybersecurity attacks from malicious AI is predicated on an examination of these technologies and their application to existing criminal patterns and activities. Criminals have long demonstrated that they are early adopters of new technologies, and they will almost certainly incorporate AI into their criminal enterprises.

This thesis applied a red-teaming approach—using a future scenario methodology—to project how cybercriminals may use AI systems and what should be done now to protect the United States from the malicious use of AI. The analysis first considered current fields of AI research, likely timelines for technological developments, and AI’s perceived impact on daily life in the United States over the next ten years. Next, the analysis examined how present-day cybercrime threats—such as remote-controlled aerial systems, the ability to create fake video files, spear phishing attacks, and social media profiling—could be enhanced by future AI systems. The final step in the analysis was to examine these scenarios and build countermeasures that homeland security officials in the United States could employ to mitigate the potential risks of malicious AI. The criminal use of AI will likely affect multiple echelons of government, and a strategic review analyzes the policy framework required to confront the threats identified in the AI scenarios. Best practices from foreign partners were examined to find strategies and methodologies that could be applied within the United States. A tactical review analyzed how law enforcement agencies could respond to the attacks in the AI scenarios and what existing law enforcement operations could be adapted to prepare for malicious AI.

The progression of AI is uncertain, and the scenarios highlight the ways that cybercriminals could leverage even relatively minor technological developments. Education and awareness of emerging technologies should form the basis of how cybercrime is examined. The thesis recommends that the homeland security enterprise expand outreach programs and partner with private industry and academia that are developing AI systems in order to understand the dual-use implications of emerging AI technology. Public security officials also have much to offer the AI research community; perspectives from law enforcement, emergency response, policymakers, and intelligence officials will be vital to assisting in the development of safe and ethical AI systems. Federal agencies with cybercrime enforcement authority should develop strategies that align with existing national cyber and AI strategies and can form the framework for confronting the potential challenge of future AI-enabled cybercrime.

This research concludes that the potential threats posed by cybercriminals’ use of AI are not a challenge that can be mitigated by any one agency. Rather, a coalition of willing partners across multiple echelons of government, private industry, and academia will need to work together to combat future cybercrime. International partnerships with law enforcement agencies and associations that support anti-crime operations will also be critical in tracking, investigating, and prosecuting future cybercrime. This thesis begins the discussion of how to confront the challenge of future AI-enabled cybercrime and seeks to expand awareness of how to combat dual-use emerging technologies.

Find all CHDS Theses

Homeland Security Digital Library's Thesis Repository

How you doin’ government comparison of social media policy in crisis, eric not enrique: political and social factors affecting aid for immigrants in the united states, till fraud do us part: an analysis of marriage fraud investigations, dhs real estate, funding mission possible, leave a comment cancel reply.

Your email address will not be published. Required fields are marked *

My presentations

Auth with social network:

Download presentation

We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!

Presentation is loading. Please wait.

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Cyber Crime and Technology

Published by Trinity Pearson Modified over 10 years ago

Presentation on theme: "Cyber Crime and Technology"— Presentation transcript:

Electronic Crimes on the E-Information Highway. Violent Crimes.

Introduction and Overview of Digital Crime and Digital Terrorism

Computer Crimes and Security Professor Matt Thatcher.

Crime and Security in the Networked Economy Part 4.

Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Chapter 9 Information Systems Ethics, Computer Crime, and Security

Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

Chapter 14 Crime and Justice in the New Millennium

Information Warfare Theory of Information Warfare

Security, Privacy, and Ethics Online Computer Crimes.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

1 Lesson 17 Technology, the Workplace, and Society Computer Concepts BASICS 4 th Edition Wells.

Cyber-Warfare: The Future is Now!

About project

Threats and vulnerabilities
Michael Cobb

What is cybercrime?

Cybercrime is any criminal activity that involves a computer, network or networked device.

While most cybercriminals use cybercrimes to generate a profit, some cybercrimes are carried out against computers or devices to directly damage or disable them. Others use computers or networks to spread malware , illegal information, images or other materials. Some cybercrimes do both -- i.e., target computers to infect them with a computer virus, which is then spread to other machines and, sometimes, entire networks.

A primary effect of cybercrime is financial. Cybercrime can include many different types of profit-driven criminal activity, including ransomware attacks, email and internet fraud, and identity fraud, as well as attempts to steal financial account, credit card or other payment card information.

As cybercriminals might target an individual's private information or corporate data for theft and resale, it's especially important to protect backup data .

The U.S. Department of Justice (DOJ) divides cybercrime into the following three categories:

Crimes in which the computing device is the target -- for example, to gain network access.
Crimes in which the computer is used as a weapon -- for example, to launch a denial-of-service ( DoS ) attack.
Crimes in which the computer is used as an accessory to a crime -- for example, using a computer to store illegally obtained data.

The Council of Europe Convention on Cybercrime, to which the U.S. is a signatory, defines cybercrime as a wide range of malicious activities, including the illegal interception of data, system interferences that compromise network integrity, and availability and copyright infringements.

The necessity of internet connectivity has enabled an increase in the volume and pace of cybercrime activities because criminals no longer need to be physically present when committing a crime. The internet's speed, convenience, anonymity and lack of borders make computer-based variations of financial crimes -- such as ransomware, fraud and money laundering, as well as crimes such as stalking and bullying -- easier to carry out.

Cybercriminal activity can be carried out by individuals or groups with relatively little technical skill or by highly organized global criminal groups that could include skilled developers and others with relevant expertise. To further reduce the chances of detection and prosecution, cybercriminals often choose to operate in countries with weak or nonexistent cybercrime laws.

How cybercrime works

Cybercrime attacks can begin wherever there is digital data, opportunity and motive. Cybercriminals include everyone from the lone user engaged in cyberbullying to state-sponsored actors, such as China's intelligence services.

Cybercrimes generally do not occur in a vacuum; they are, in many ways, distributed in nature. That is, cybercriminals typically rely on other actors to complete the crime. This is whether it's the creator of malware using the dark web to sell code, the distributor of illegal pharmaceuticals using cryptocurrency brokers to hold virtual money in escrow or state threat actors relying on technology subcontractors to steal intellectual property.

Cybercriminals use various attack vectors to carry out cyberattacks and are constantly seeking new methods and techniques to achieve their goals, while avoiding detection and arrest.

Cybercriminals often conduct activities using malware and other types of software, but social engineering is usually an important component of executing most types of cybercrime. Phishing emails are another important component to many types of cybercrime but especially for targeted attacks, such as business email compromise , in which an attacker attempts to impersonate, via email, a business owner to convince employees to pay out bogus invoices.

Types of cybercrime

Cybercriminals have a plethora of cybercrime types to conduct malicious attacks. Most attackers carry out cybercrimes with the expectation of financial gain, though the ways cybercriminals get paid can vary. Specific types of cybercrimes include the following:

Cyberextortion . This crime involves an attack or threat of an attack coupled with a demand for money to stop the attack. One form of cyberextortion is a ransomware attack. Here, the attacker gains access to an organization's systems and encrypts its documents and files -- anything of potential value -- making the data inaccessible until a ransom is paid. Usually, payment is in some form of cryptocurrency, such as bitcoin.
Cryptojacking . This attack uses scripts to mine cryptocurrencies within browsers without the user's consent. Cryptojacking attacks can involve loading cryptocurrency mining software to the victim's system. Many attacks depend on JavaScript code that does in-browser mining if the user's browser has a tab or window open on the malicious site. No malware needs to be installed as loading the affected page executes the in-browser mining code.
Identity theft . This type of attack occurs when an individual accesses a computer to steal a user's personal information, which is then used to steal that person's identity or access their valuable accounts, such as banking and credit cards. Cybercriminals buy and sell identity information on darknet markets, offering financial accounts and other types of accounts, such as video streaming services, webmail, video and audio streaming, online auctions and more. Personal health information is another frequent target for identity thieves.
Credit card fraud. This is an attack that occurs when malicious hackers infiltrate retailers' systems to get their customers' credit card or banking information. Stolen payment cards can be bought and sold in bulk on darknet markets, where hacking groups that have stolen mass quantities of credit cards profit by selling to lower-level cybercriminals who profit through credit card fraud against individual accounts.
Cyberespionage . This crime involves cybercriminals hacking into systems or networks to gain access to confidential information held by a government or other organization. Attacks are motivated by profit or ideology. Cyberespionage activities include cyberattacks that gather, modify or destroy data, as well as using network-connected devices, such as webcams or closed-circuit TV cameras, to spy on a targeted individual or groups and monitoring communications, including emails, text messages and instant messages.
Software piracy . This attack involves the unlawful copying, distribution and use of software programs with the intention of commercial or personal use. Trademark violations, copyright infringements and patent violations are often associated with software piracy.
Exit scam. The dark web has given rise to the digital version of an old crime known as the exit scam . In today's form, dark web administrators divert virtual currency held in marketplace escrow accounts to their own accounts -- essentially, criminals stealing from other criminals.

Common examples of cybercrime

Commonly seen cybercrime attacks include distributed DoS ( DDoS ) attacks, which use a network's own communications protocol against it by overwhelming its ability to respond to connection requests. DDoS attacks are sometimes carried out for malicious reasons or as part of a cyberextortion scheme , but they can also be used to distract the victim organization from some other attack or exploit carried out at the same time.

Malware is another common cybercrime that can damage systems, software or data stored on a system. Ransomware attacks are a type of malware that encrypts or shuts down victim systems until a ransom is paid.

Phishing campaigns help attackers infiltrate corporate networks. Phishing includes sending fraudulent emails to users in an organization, enticing them to download malicious attachments or click on malicious links that then spread the malware across the network.

In credential attacks, a cybercriminal aims to steal or guess victims' usernames and passwords. These attacks can use of brute-force -- for example, by installing keylogger software -- or by exploiting software or hardware vulnerabilities that expose the victim's credentials.

Cybercriminals can also hijack websites to change or delete content or to access or modify databases without authorization. For example, attackers use Structured Query Language injection exploits to insert malicious code into a website, which can then be used to exploit vulnerabilities in the website's database, enabling a malicious hacker to access and tamper with records or gain unauthorized access to sensitive information and data, such as customer passwords, credit card numbers, personally identifiable information, trade secrets and intellectual property.

Other common examples of cybercrime include illegal gambling, the sale of illegal items -- such as weapons, drugs or counterfeit goods -- and the solicitation, production, possession or distribution of child pornography.

Effects of cybercrime on businesses

The true cost of cybercrime is difficult to assess accurately. Cybersecurity Ventures reported that global cybercrime grows by 15% annually, with it expected to reach $10.5 trillion by 2025.

While the financial losses due to cybercrime can be significant, businesses can also suffer other disastrous consequences as a result of criminal cyberattacks, including the following:

Damage to investor perception after a security breach can cause a drop in the value of a company.
Businesses could face increased costs for borrowing and greater difficulty in raising more capital as a result of a cyberattack.
Loss of sensitive customer data can result in fines and penalties for companies that have failed to protect their customers' data. Businesses might also be sued over the data breach.
Damaged brand identity and loss of reputation after a cyberattack undermine customers' trust in a company and that company's ability to keep their financial data safe. Following a cyberattack, firms could lose current customers and lose the ability to gain new customers.
Businesses might incur direct costs from a criminal cyberattack, including increased insurance premium costs and the cost of hiring cybersecurity companies for incident response and remediation, as well as public relations and other services related to an attack.

Effects of cybercrime on national defense

Cybercrimes can have public health and national security implications, making computer crime one of DOJ's top priorities. In the U.S., at the federal level, the Federal Bureau of Investigation's (FBI) Cyber Division is the agency within DOJ charged with combating cybercrime. The Department of Homeland Security (DHS) sees strengthening the security and resilience of cyberspace as an important homeland security mission. Cybersecurity and Infrastructure Security Agency ( CISA ), a division of DHS, aims to improve the resilience and security of cyber and physical infrastructure. Other agencies, such as the U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE), have special divisions dedicated to combating cybercrime.

USSS' Electronic Crimes Task Force, for example, investigates cases that involve electronic crimes, particularly attacks on the nation's financial and critical infrastructures. USSS also runs the National Computer Forensics Institute, which provides state and local law enforcement, judges and prosecutors with computer forensics training.

The Internet Crime Complaint Center, a partnership among the FBI, National White Collar Crime Center and Bureau of Justice Assistance, accepts online complaints from victims of internet crimes or interested third parties.

How to prevent cybercrime

While it isn't possible to completely eradicate cybercrime and ensure complete internet security, businesses can reduce their exposure to it by maintaining an effective cybersecurity strategy using a defense-in-depth approach to securing systems, networks and data.

Organizations can reduce cybercrime risks with the following:

Develop clear policies and procedures for the business and employees.
Create cybersecurity incident response plans to support these policies and procedures.
Outline the security measures in place about how to protect systems and corporate data.
Use multifactor authentication ( MFA ) apps or physical security keys.
Activate MFA on every online account when possible.
Verbally verify the authenticity of requests to send money by talking to a financial manager.
Create intrusion detection system rules that flag emails with extensions similar to company emails.
Scrutinize all email requests for transfer of funds to determine if the requests are out of the ordinary.
Train employees on cybersecurity policies and procedures and what to do in the event of a security breach.
Keep websites, endpoint devices and systems current with all software release updates or patches .
Back up data and information regularly to reduce the damage in case of a ransomware attack or data breach.

Information security and resistance to cybercrime attacks can also be built by encrypting local hard disks and email platforms, using a virtual private network and using a private, secure domain name system server.

Cybercrime legislation and agencies

Various U.S. government agencies have been established to deal specifically with the monitoring and management of cybercrime attacks. The FBI's Cyber Division is the lead federal agency for dealing with attacks by cybercriminals, terrorists or overseas adversaries. Within DHS, CISA coordinates between private sector and government organizations to protect critical infrastructure.

The Cyber Crimes Center (C3) within ICE provides computer-based technical services that support domestic and international investigations included in the Homeland Security Investigations (HSI) portfolio of immigration and customs authorities. C3 focuses on cybercrimes that involve transborder illegal activities. It is responsible for finding and targeting all cybercrimes within HSI jurisdiction. C3 includes the Cyber Crimes Unit, Child Exploitation Investigations Unit and Computer Forensics Unit.

Various laws and legislation have also been enacted. In 2015, the United Nations Office on Drugs and Crime released a cybercrime repository, a central database that includes legislation, previous findings and case law on cybercrime and electronic evidence. The intention of the cybercrime repository is to assist countries and governments in their attempts to prosecute and stop cybercriminals.

Cybercrime legislation dealing can be applicable to the general public or sector-specific, extending only to certain types of companies. For example, the Gramm-Leach-Bliley Act focuses on financial institutions and regulates the implementation of written policies and procedures to improve the security and confidentiality of customer records, while also protecting private information from threats and unauthorized access and use.

Other legislation has been established to deal with specific cybercrimes, such as cyberbullying and online harassment. A little over half of U.S. states have implemented laws dealing directly with these crimes. For example, Massachusetts law cites that cyber-stalking is a crime punishable with a fine of up to $1,000, a maximum of five years in jail or both. In Tennessee, online harassment and stalking is considered a Class A misdemeanor, and a convicted cybercriminal can face a jail sentence of, at most, 11 months and 29 days, a fine of up to $2,500 or both.

The definition was written by Kate Brush and Michael Cobb in 2021. TechTarget editors revised it in 2024 to improve the reader experience.

Continue Reading About cybercrime

Standardized data collection methods can help fight cybercrime
Cyber Crime -- FBI
Common types of cyberattacks and how to prevent them
Types of insider threats and how to prevent them
Benefits of sustainable cybersecurity in the enterprise

Related Terms

Dig deeper on threats and vulnerabilities.

What role does an initial access broker play in the RaaS model?

35 cybersecurity statistics to lose sleep over in 2024

A who's who of cybercrime investigators

Microsoft, Fortra get court order to disrupt Cobalt Strike

Non-standalone 5G uses a combination of existing 4G LTE architecture with a 5G RAN. Standalone 5G, on the other hand, uses a 5G ...

This guide teaches networking newbies how to set up a home network, from understanding hardware components to managing network ...

Networks are always evolving, and network automation is the next step forward. From soft skills to AI, these skills are essential...

Vice President Kamala Harris' friendliness toward the tech sector could affect Biden's regulatory efforts should she replace him ...

Efficiency, resiliency, productivity and ROI are among the most critical digital transformation benefits for businesses fighting ...

The European Commission found both Meta and Apple to be in violation of the Digital Markets Act.

Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Containers and VMs have their own use cases, but one takes the lead in efficiency. Compare the two options, and see how Docker ...

Amazon Athena can provide an efficient, cost-effective method of data analysis. But did you properly optimize Athena performance ...

Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure ...

Global industry body dedicated to improving Wi-Fi standards and services releases results of its phase two trials of real-world ...

Trøndelag county-based utility broadband provider looks to transform residential connectivity services with increased network ...

Health secretary Wes Streeting wants the UK to be an international powerhouse for life sciences and medtech, and plans to turn ...

Profiling the Cybercriminal

This is a summary of a presentation given by Dr Maria Bada , former research fellow at the Global Cyber Security Capacity Centre, and Dr Jason R. C. Nurse , former researcher at Cyber Security Oxford , during the International Crime and Intelligence Analysis Conference in February 2016 . The purpose of the presentation was to reflect on the current research and practice in the field of cybercrime, to present different methods of profiling cybercriminals and case scenarios, and to outline a future research agenda.

The Challenge

The challenge for research on cybercrime (or crime perpetrated using online technological means) is that it, at one hand, comprises any crime that involves a computer and a network . On the other hand, it relates to any crime committed on the Internet using the computer either as a tool or as target . The difference of those perspectives is that in the first case, the crime does not require a high level of technical expertise and aims to attack an individual in the real world in a subtle manner and /or on the psychological level. When using the computer as a target, crimes are often committed by groups of collaborating individuals. This requires a high level technical knowledge and skills, as well as coordination of those individuals, which makes this kind of crime often very sophisticated.

The Research

Current research focuses on the impact of an attack and its economic (and financial) harm, less on the cybercriminal itself . The existing stereotype of the uncertain, geeky hacker, is no longer accurate and attackers now are often cautious and stealthy. Practitioners cope with the situation in different ways: Governments attempt to respond with laws, corporations with policies and procedures, suppliers with terms and conditions, users with peer pressure, and technologists with code. The challenge for them as well for researchers is to factor in an understanding of criminal behaviour that has been amplified and facilitated by technology (Europol, 2011).

The Cybercriminal Profile

The key step in profiling a cybercriminal is identifying specific common characteristics that need to be investigated: Personal traits and characteristics comprise innate aspects such as openness, conscientiousness, extroversion, agreeableness, and neuroticism. Also, personal traits and characteristics are shaped by life experiences and events thus leading to machiavellianism, narcissism, psychopathy, sensation seeking maturity, aggressiveness, social-skill problems, superficiality, (lack of) self-esteem and personal integrity. The motivating factors for cybercriminals reach from hacktivism, monetary gain, espionage/ sabotage, and political/ religious belief, to curiosity/boredom, emotion/ sexual impulses, intolerance, thrill-seeking, enhancing self-worth, and the intent to control/manipulate others. Besides that, Rogers Mitchell (2006) has identified types of cybercriminals distinguished by their skill levels and motivations, such as novice, cyber-punks, internals (insider threat), coders, information warriors/cyber-terrorists, old guard hackers, and professional cybercriminals.

In practice, forensic psychologists use inductive or deductive profiling to make an educated guess of the characteristics of criminals. Inductive criminal profiles are developed by studying statistical data involving known behavioural patterns and demographic characteristics shared by criminals. Deductive profiling uses a range of data, e.g. including forensic evidence, crime scene evidence, victimology, and offender characteristics. A model example for a deductive cybercriminal profile (Nykodym et al., 2005) take information regarding the victim, the motive, the offender, and any forensic evidence.

Another way for profiling cybercriminals is the framework for understanding insider threat (Nurse et al., 2014) by the University of Oxford. It takes precipitating event (e.g. demotion) to look at a variety of actor characteristics and how those shape the character and the aim of an attack (see fig. 1)

The Case Scenarios

Using the existing literature and information available online presentation focused on analysing the profiles of cybercriminals based on two case scenarios:

Traits / Social characteristics:

M. Mitchell worked with DuPont for ~24 years , and was DuPont engineer and Kevlar marketing executive
Mitchell had been a model citizen with no criminal record
Became disgruntled and eventually fired for poor performance

Technical skills:

During his tenure, he copied numerous DuPont computer files containing sensitive and proprietary information to his home computer
Mitchell entered into lucrative consulting agreement s with Kolon Industries, a DuPont competitor, and supplied them with the data (via email), resulting in millions of dollars in losses to DuPont

Using Mitchell and others to template the insider cybercriminal that targets Intellectual Property (IP) Theft

So, how can law enforcement benefit from these approaches?

By understanding the cybercriminal profile law enforcement can develop strategies to combat criminal behaviour manifested online and inform investigative methods. For future research this means to work further on the development and modelling of cybercriminal profiles and gathering more case and cybercriminal data to link types of cybercriminal profiles to types of cyber attacks (i.e. identify the patterns).

Presentation.

Literature:

Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R. and Whitty, M., 2014. Understanding insider threat: A framework for characterising attacks. In Security and Privacy Workshops (SPW), 2014 IEEE (pp. 214-228). IEEE. https://www.cpni.gov.uk/documents/publications/2014/2014-04-16-understanding_insider_threat_framework.pdf

Nykodym, N., Taylor, R. and Vilela, J. (2005) 'Criminal profiling and insider cyber crime', Computer Law & Security Report, 21 (5), pp. 408-414.

Rogers, M. K. (2006) 'A two-dimensional circumplex approach to the development of a hacker taxonomy', Digital Investigation, 3 (2), pp. 97-102.

www.tradesecretsnoncompetelaw.com/2010/03/articles/trade-secrets-and-confidential-information/former-dupont-employee-sentenced-to-18-months-for-trade-secret-misappropriation

www.richmond.com/news/article_27284dfe-d106-58b4-91f7-1812756b15cb.html

Cybercrimes and Cybercriminals

Mar 24, 2012

490 likes | 684 Views

Cybercrimes and Cybercriminals. There have been many stories in the media about computer crime. Sometimes hackers have been portrayed as “heroes” Perceptions about hacking and computer crime are changing because of increased dependency on the Internet for our infrastructure.

Share Presentation

loyal employees
explosive device
many people
stereotypical computer hackers
a typical computer criminal

Presentation Transcript

Cybercrimes and Cybercriminals • There have been many stories in the media about computer crime. • Sometimes hackers have been portrayed as “heroes” • Perceptions about hacking and computer crime are changing because of increased dependency on the Internet for our infrastructure.

A "Typical" Cybercriminal • Parker (1998) believes that typical computer hackers tend to exhibit three common traits: • Precociousness; • Curiosity; • persistence. • Many people conceive of the typical computer hacker as someone who is a very bright, technically sophisticated, young white male – as portrayed in the popular movie War Games.

A Typical Computer Criminal (continued) • Parker suggests that we carefully distinguish between hackers, as nonprofessional or "am- ateur" criminals, and professional criminals. • He points out that stereotypical computer hackers, unlike most professional criminals, are not generally motivated by greed. • He also notes that hackers seem to enjoy the "sport of joyriding," another characteristic that allegedly distinguishes stereotypical hackers from professional criminals.

A Typical Computer Criminal (continued) • Many computer criminals have been company employees, who were formerly loyal and trustworthy and who did not necessarily possess great computer expertise. • Some employees have been tempted by flaws in computer systems. • So in this case, opportunity more than anything else seems to have been the root cause of many individuals who have been involved in computer crimes.

A Typical Computer Criminal (continued) • If Forester and Morrison (1994) are correct, at least three categories for typical computer criminals are needed: • 1. (amateur) teenage hackers; • 2. professional criminals; • 3. (once) loyal employees who are unable to resist a criminal opportunity presented by cyber-technology.

Some Notorious Cybercriminals • Kevin Metnick: “Public Cyber-enemy No. 1”; • Robert Morris and the "Internet Worm"; • Onel de Guzman and the ILOVEYOU Virus; • "Mafia Boy" and the Cyber-Attacks on E-commerce Sites; • "Dimitri" and Microsoft Corporation; • "Curador" and Identity Theft; • Notorious Hacker Cults; • Chaos" ; • The Legion of Doom“; • The Cult of the Dead Cow."

Hacking vs. Cracking • Can any Relevant Legal Distinctions Be Drawn? • Computer criminals are often referred to as hackers. • The term "hacker" has taken on a pejorative connotation.

Hacking vs. Cracking (continued) • Himanen (2001) notes that the term "hacker" originally applied to anyone who "programmed enthusiastically" and who believed that "information sharing is a powerful positive good." • A hacker as an "expert or enthusiast of any kind." • Note that a hacker need not be a computer enthusiast. • e.g., someone can be an astronomy hacker.

Hacking vs. Cracking (continued) • The Hacker Jargon File defines a "cracker" is one "who breaks security on a system." • Crackers often engage in acts of theft and vandalism, once they have gained access. • Some use the expressions white hat and black hat to distinguish between the two types of hacking behavior. • “White hat hackers" refers to "innocent" or non-malicious forms of hacking, while "black hat hackers" refers roughly to what we described above as "cracking."

Hackers and the Law • Courts and juries understand very well distinctions in crimes involving breaking and entering into property in physical space. • A person who picks the lock of a door handle, or who turns an unlocked door handle but does not enter someone's house, would not likely receive the same punishment as someone who also turns enters that person's house. • A person who illegally enters someone's house only to snoop would probably not receive the same punishment as someone who also steals items or vandalize property, or both.

Defining Cybercrime • When is a crime a computer crime? • The problem of criteria. • Are all crimes involving the use or presence of a computer necessarily computer crimes? • Gotterbarn asks is a murder committed with a surgeon’s scalpel is an issue for medical ethics or just an ordinary crime.

Defining Cybercrime (continued) • If Gotterbarn is correct, we can ask whether having a separate category of cybercrime is necessary or even useful. • Some crimes have involved technologies other than computers, but we do not have separate categories of crime for them? • For example, people steal televisions; but we don't have a category of television crime. • People also steal automobiles but we don't have a category of automobile crime.

Determining the Criteria • Consider three hypothetical scenarios: • Scenario 1: Lee steals a computer device (e.g., a printer) from a computer lab; • Scenario 2: Lee breaks into a computer lab and then snoops around; • Scenario 3: Lee enters a computer lab that he is authorized to use and then places an explosive device, which is set to detonate a short time later, on a computer system in the lab.

Determining the Criteria (continued) • Each of the acts described in these three scenarios is criminal in nature. • But should they necessarily be viewed as a computer crime or cybercrime? • Arguably, it would not have been possible to commit any of these specific crimes if computer technology had never existed. • But the three criminal acts can easily be prosecuted as ordinary crimes involving theft, breaking and entering, and vandalism.

Preliminary Definition of a Computer Crime • Forester and Morrison (1994) defined a computer crime as: • a criminal act in which a computer is used as the principal tool. [Italics added] • This definition rules out a computer crimes the crimes committed in the three scenarios. • Forester and Morrison's definition of computer crime might seem plausible. • But is it adequate?

Preliminary Definition of Computer Crime (continued) • Consider the following scenario: • Scenario 4: Lee uses a computer to file a fraudulent income-tax return. • Arguably, a computer is the principal tool used by Lee to carry out the criminal act. • Has Lee has committed a computer crime? • But Lee could have committed the same crime by manually filling out a standard (hardcopy) version of the income-tax forms by using a pencil or pen.

Towards A Coherent Definition of Computer Crime • Girasa (2002) defines "cybercrime" as a generic term covering a multiplicity of crimes found in penal code or in legislation having the "use of computer technology as its central component." • What is meant by "central component?" • Was a computer a central component in Lee's cheating in filing out the income tax return? • Is Girasa's definition of cybercrime an improvement over Forester and Morrison’s?

Towards a Coherent Definition of Cybercrime (continued) • We can define a (genuine) cybercrime as a crime in which: • the criminal act can be carried out onlythrough the use of cyber-technology and can take place only in the cyber realm. (Tavani, 2000) • Like Forester and Morrison's definition, this one rules out the three scenarios involving the computer lab as genuine cybercrimes. • It also rules out the income tax scenario.

Genuine Cybercrimes • If we accept the working definition of cybercrime proposed by Tavani (2000), then we can sort out and identify specific cybercrimes. • We can also place those crimes into appropriate categories.

Three Categories of Cybercrime 1. Cyberpiracy - using cyber-technology in unauthorized ways to: a. reproduce copies of proprietary software and proprietary information, or b. distribute proprietary information (in digital form) across a computer network. 2. Cybertrespass - using cyber-technology to gain or to exceed unauthorized access to: a. an individual's or an organization's computer system, or b. a password-protected Web site. 3. Cybervandalism - using cyber-technology to unleash one or more programs that: a. disrupt the transmission of electronic information across one or more computer networks, including the Internet, or b. destroy data resident in a computer or damage a computer system's resources, or both.

Examples of the Three Categories of Cybercrime • Consider three actual cases: • 1. Distributing proprietary MP3 files on the Internet via peer-to peer (P2P) technology; • 2. unleashing the ILOVEYOU computer virus; • 3. Launching the denial-of-service attacks on commercial Web sites. • We can use our model of cybercrime to see where each crime falls.

Categorizing specific Cybercrimes • Crimes involving the distribution of proprietary MP3 files would come under the category of cyberpiracy (category i). • The crime involving the ILOVEYOU or "love bug" virus clearly falls under cybervandalism (category iii). • The denial-of-service attacks on Web sites falls under the heading of cybertrespass (category ii), as well asunder category (iii); it spans more than one cybercrime category.

Distinguishing Cybercrimes from Cyber-related Crimes • Many crimes that involve the use of cyber-technology are not genuine cybercrimes. • Crimes involving pedophilia, stalking, and pornography can each be carried with or without the use of cybertechnology. • Hence, there is nothing about these kinds of crimes that is unique to cybertechnology. • These and similar crimes are better understood as instances of cyber-related crimes.

Cyber-related Crimes • Cyber-related crimes could be further divided into two sub-categories: • cyber-exacerbated crimes; • cyber-assisted crimes. • Thus, crimes involving cybertechnology could be classified in one of three ways: • Cyber-specific crimes (genuine cybercrimes); • Cyber-exacerbated crimes; • Cyber-assisted crimes.

Cyber-exacerbated vs. Cyber-assisted crimes • Further differentiating cyber-related crimes into two sub-categories enables us to distinguish between a crime in which one: • (a) uses a personal computer to file a fraudulent income-tax return, from • (b) crimes such as Internet pedophilia and cyberstalking. • In (a), a computer assists the criminal in a way that is trivial and possibly irrelevant. • In (b), cyber-technology plays a much more significant (exacerbating) role.

Figure 7-1: Cybercrimes and Cyberrelated Crimes Cybercrimes Cyberrelated Crimes Cyberexacerbated Cyberassisted Cyberspecific Income-tax cheating (with a computer) Physical assault with a computer Property damage using a computer hardware device (e.g., throwing a hardware device through a window) Cyberpiracy Cybertrespass Cybervandalism Cyberstalking Internet Pedophilia Internet Pornography

Organized Crime on the Internet • Career criminals, including those involved in organized crime, are now using cyberspace to conduct many of their criminal activities. • Gambling and drug trafficking have moved to an Internet venue. • Scams involving Internet adoption and Internet auctions have increased. • These kinds of crimes tend to receive far less attention in the popular media than those perpetrated by teenage hackers.

Organized Crime on the Internet (continued) • Racketeering-related crimes, regardless of where and how they are committed, are often considered "old-style" crimes. • New forms of hacking-related crimes, on the other hand, tend to “grab the headlines.” • Some cyber-related crimes carried out by professionals may be undetected because professional criminals do not typically make the same kinds of mistakes as hackers, who often tend to be amateurs.

Organized Crime on the Internet (continued) • By focusing on the activities of amateur hackers our attention is often diverted away from crimes committed in cyberspace by professional criminals. • Power (2000) believes that youthful hacker stereotypes have provided a convenient foil for professional criminals. • Unlike hackers, professional criminals do not seek technological adventure; they are less likely to get caught since their skill are better.

Law Enforcement Techniques to Catch Cybercriminals • Law-enforcement agencies, in addition to placing wiretaps on phones, have used electronic devices to detect and track down professional criminals. • Federal law enforcement agents use a controversial technology known as keystroke monitoring software. • Keystroke monitoring records every key struck by a user and every character of the response that the system returns to the user.

Law Enforcement Techniques (continued) • Keystroke-monitoring software can trace the text included in electronic messages back to the original sequence of keys and characters entered at a user's computer keyboard. • This technology is especially useful in tracking the activities of criminals who use encryption tools to encode their messages.

Law Enforcement : Some Controversial Practices • Echelon is the federal government's once super secret system for monitoring voice and data communication worldwide. • Carnivore is a controversial "packet sniffing" program that monitors the data traveling between networked computers. • The USA Patriot Act gives the federal government broader powers to "snoop" on individuals suspected of engaging in criminal or terrorist activities.

Entrapment on the ‘Net • Detective James McLaughlin of Keene, NH posed as a young boy in boy-love chat rooms. • Under this alias, McLaughlin searched for adults using the Internet to seek sex with underage boys. • Gathering evidence from conversations recorded in Internet chat rooms, McLaughlin was able to trap and arrest an adult on charges of child molestation. • Philip Rankin, living in Norway, communicated with McLaughlin under the assumption that the police officer was a young boy. • Rankin agreed to travel to Keene, NH to meet in person at a McDonald's restaurant. • When Rankin arrived at restaurant, McLaughlin arested him.

Industrial Espionage • On October 2, 1996, Congress passed the Economic Espionage Act of 1996, making it a federal crime to profit from the misappropriation of someone else's trade secret. • The Espionage Act specifically includes language about "downloads," "uploads," "e-mails," etc. • Some economists worry that economic espionage in the high-tech industry, threatens US competition in a global market.

National and International Efforts to Fight Cybercrime • Problems of jurisdiction arise at both the national and international levels. • Girasa (2002) points out that jurisdiction is based on the concept of boundaries, and laws are based on "territorial sovereignty." • Cyberspace has no physical boundaries.

Jurisdictional Problems in Cyberspace • Hypothetical Scenario: Virtual Casino. • Suppose it is legal to gamble on-line in Nevada but not in Texas. • A Texas resident “visits” a gambling Web site, whose server is in Nevada. • If the Texas resident “breaks the law,” in which state did the crime take place?

Jurisdictional Problems in Cyberspace (continued) • Hypothetical Scenario: International Law Suits Involving Microsoft Corporation. • Suppose that Microsoft Corporation develops and releases, globally, a software product that is defective. • The defect causes computer systems using it to crash under certain conditions. • These system crashes, in turn, result both in severe disruption and damage to system resources.

Jurisdictional Problems in Cyberspace (continued) • What recourse should consumers and organizations who purchase this product have in their complaint against Microsoft? • In the U.S. there are strict liability laws. • But certain disclaimers and caveats are often issued by manufacturers to protect themselves against litigation.

Microsoft Scenario (Continued) • Suppose that several countries in which Microsoft has sold its new product also have strict liability laws. • Should Microsoft Corporation be held legally liable in each country in which its defective product has been sold? • Should that corporation then be forced to stand trial in each of these countries?

Microsoft Scenario (Continued) • In the case involving the ILOVEYOU Virus, several nations wanted Onel Guzman extradited to stand trial in their countries. • Using the same rationale, perhaps it would follow that Microsoft should stand trial in each country where its defective product caused some damage. • If Microsoft were forced to stand trial in each of these countries, and if the corporation were to be found guilty in these nations' courts, the economic results for Microsoft could be catastrophic.

Legislative Efforts to Com-bat Cybercrime in the U.S. • The USA Patriot Act authorizes unannounced "sneak and peek" attacks by the government on individuals and organizations that it suspected of criminal activities. • The FBI intended to plant a "Trojan horse," code named "Magic Lantern," on the computers of citizens it suspected of crimes. • With this program, the government could use "keystroke logging" to obtain encryption keys for the computers of alleged criminals.

International Treaties • The Council of Europe (COE) is currently considering some ways for implementing an international legal code that would apply to members of the European Union. • On April 27, 2000 the Council released a first draft of an international convention of "Crime in Cyberspace." • In May 2000, the G8 (Group of Eight) Countries met to discuss an international treaty involving cybercrime.

International Treaties (continued) • The Council of Europe released its first draft of the COE Convention on Cybercrime. • A recent draft of that treaty addresses four types of criminal activity in cyberspace: • Offenses against the confidentiality, availability; and integrity of data and computer systems; • Computer-related offenses (such as fraud); • Content-related offenses (such as child pornography); • Copyright-related offenses.

Some Tools/Technologies for Combating Cybercrime • Some encryption and biometrics technologies have been controversial. • One controversial form of encryption technology was the Clipper Chip. • The Clipper Chip was criticized by both the ACLU and Rush Limbaugh. • Several nations threatened not to purchase American-manufactured electronics goods that contained the Clipper Chip.

Biometric Technologies • Biometrics is the biological identification of a person, which includes eyes, voice, hand prints, finger prints, retina patterns, and handwritten signatures (Power, 2002). • van der Ploeg (2001) notes that using biometrics, one's "iris can be read" in the same way that one's voice can be printed.“ • One's fingerprints can be "read" by a com- puter that is "touch sensitive" and "endowed with hearing and seeing capacities.”

Biometric Technologies (continued) • In February 2002 an iris-scanning device, which is a type of biometric identification scheme, was first tested at London's Heathrow Airport. • The scanning device captures a digital image of one's iris, which is then stored in a database. • That image can then be matched against images of individuals, such as those entering and leaving public places such as airports.

Facial Recognition Programs • At Super Bowl XXXV in January 2001, face-recognition technology was used by law-enforcement agencies to scan the faces of persons entering the football stadium. • The scanned images were then instantly matched against electronic images (faces) of suspected criminals and terrorists, contained in a central computer database. • Initially, this was controversial; after September 11, 2001, it was supported.

The EURODAC Project • Proposals to use of biometric identifiers in Europe have also generated controversy. • The Eurodac Project is a European Union proposal to use biometrics in controlling illegal immigration and border crossing in European countries by asylum seekers. • The proposal was first considered by the European Council on November 24, 1997. • The decision to go forward with Eurodac was made in 2002.

More by User

Information Security and Cybercrimes

Information Security and Cybercrimes. By Clemente Andre Inocente M.A. & B.S.A (SDSU Alumni) College of Sciences at SDSU Operating Systems Analyst & Information Technology Consultant. What Is The Moral of This Scene?. Supplement Topics To Our Textbook. John the Ripper (Mac, Unix, PC)

218 views • 10 slides

ARTS. 4C(4) and 4 C(1) OF THE CYBERCRIMES PREVENTION ACT OF 2012 ARE UNCONSTITUTIONAL

ARTS. 4C(4) and 4 C(1) OF THE CYBERCRIMES PREVENTION ACT OF 2012 ARE UNCONSTITUTIONAL. PROF. H. HARRY L. ROQUE COUNSEL FOR PETITIONER Adonis et. al. v . Executive Secretary et. al GR NO. 203378. Frank La Rue: What is at stake here?.

540 views • 42 slides

maggie and milly and molly and may

maggie and milly and molly and may. Jess and Anna. To identify key literary features within the poem To understand the significance of the capitalization in the poem To analyse the meaning and importance of the literary features and capitalization. maggie and milly and molly and may

649 views • 9 slides

Adult and on and on and on and on and on

Adult and on and on and on and on and on. Adult Nutrition. variety grains, veggies, fruits low in saturated fat and cholesterol moderate in sugars moderate in salt moderate in alcohol moderation in smoked and cured meat balance diet with physical activity. Adulthood.

505 views • 18 slides

maggie and milly and molly and may. maggie and milly and molly and may. Open up your Poetry Daily Work file and at the top add “ maggie and milly and molly and may”. maggie and milly and molly and may. Open your textbook to page 599 Read the poem quietly to yourself

603 views • 7 slides

Cheating and Cybercrimes @ Gambling Sites.Com

Cheating and Cybercrimes @ Gambling Sites.Com. John McMullan, PhD Saint Mary’s University Aunshul Rege, PhD Student Rutgers University. Internet Gambling. Proliferation of cybercrimes @ gambling sites; yet little research done

444 views • 24 slides

“ maggie and milly and molly and may”

“ maggie and milly and molly and may”. Day 2 . Free write!. In a moment, you are going to see a picture. Your job is to write (type) for the ENTIRE time until the timer goes off.

534 views • 5 slides

Web Exploits and the Rise of Cybercriminals

Web Exploits and the Rise of Cybercriminals. Roger Thompson AVG Chief Research Officer. WWW stands for. World War Web. Topics. How we got here Best solution Future. Ages of Malicious Code. Age 1 - 1987 – 1995 – Dos viruses Age 2 - 1995 – 2000 – Macro viruses

309 views • 18 slides

Consolidated Analysis of Draft Cybercrimes Law

Consolidated Analysis of Draft Cybercrimes Law. Andy Boname, East-West Management Institute, Program on Rights and Justice in Cambodia.

247 views • 15 slides

Cybercrimes and Violence Against Women

Cybercrimes and Violence Against Women. Jehan Ara, President, Pakistan Software Houses Association for IT & ITES. The Issue. The Internet is not creating new forms of crimes against women and children BUT it is creating new ways and means for crimes to be perpetrated. The Flip Side.

886 views • 30 slides

Cybercrimes and scams except cyber squatting and piracy

Cybercrimes and scams except cyber squatting and piracy. Bacarro, Caballes, Dela Paz, Inciong, Lasco, Tan. Good Sides of Internet.

385 views • 22 slides

Latin (and Greek and English and . . . )

Semper ubi sub ubi. Latin (and Greek and English and . . . ). Basis of scientific terminology Terms made up of “word parts”. Prefix. Root. Suffix. chromo. som(e). al. color. body. about. eu. melan. in. true. stuff. black. pre. syn. apt. ic. before. together. join. about.

335 views • 1 slides

Quick Tips to keep your CMS secure from cybercriminals

Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top some tips to help keep your site safe online.

31 views • 2 slides

Why Cybercriminals are targeting Small Businesses

In today’s scenario, cyber crimes are the biggest thread all over the world. From top level software companies to small level business everyone is facing this problem. Programmers try to develop many security or firewalls but still many websites get hacked every year. Although cyber criminals target on every level, their focus is small level business nowadays. There is a news which comes in the newspaper recently that professional web development company facing major problem with their websites.so we have lots of examples where many companies facing the same problem and not able to find any solution for this.

106 views • 9 slides

MOST LETHAL CYBERCRIMES AND HOW TO STAY SAFE

WHICH ARE THE MOST DANGEROUS CYBERCRIMES THAT CAN HAVE AN IMPACT ON MY PERSONAL INFORMATION? Our highly skilled experts at the AVG Support have been providing the best assistance to users for keeping their online information safe. They have come up with a list of the most dangerous cybercrimes that can leave a lasting impact on the victims. Read on to find what these cybercrimes are capable of doing to your device and information security. 1. Android Malware Since the invention of the smartphones, cybercriminals have been deploying every trick in the book to access user data without permission. Android, being the most dormant mobile operating system in the present-day scenario has been the favorite target of every cyberattack. Hackers and cybercriminals have been using Trojan, malware, adware and even spyware to control a personâ€™s access to information. The experts at the AVG Technical Support recommend that you install a reliable data protection and online security solution. 2. Mac Malware The reason why Apple has been most successful in smartphone and personal computer industry is security. This has been primarily due to its partnership with IBM and Cisco. However, recently cybercriminals have been deploying what is known as the Mac Malware to reveal loopholes in the security functions of the Appleâ€™s famous Mac and iOS. Mac users might have to face some Malvertising and online scam campaigns. You can connect with the AVG Support experts to ensure total protection of both the Mac and iOS devices. 3. Linux Malware One of the operating systems deemed to be safe from any cybercrime was Linux. However, cybercriminals managed to hack into these as well owing to the relax attitude of the device manufacturers. Another reason is that most devices with this OS come with minimal to no security systems without any OTA (Over-the-air) updates. We at the AVG Customer Support suggest that you connect with our experts to get the best protection for your Linux device. HOW CAN I CONNECT WITH THE AVG ANTIVIRUS SUPPORT? Visit http://www.antivirustechsquad.com/au/avg-support/ for more details.

108 views • 8 slides

Ask Semalt Why Cybercriminals Use Bots

Semalt, semalt SEO, Semalt SEO Tips, Semalt Agency, Semalt SEO Agency, Semalt SEO services, web design, web development, site promotion, analytics, SMM, Digital marketing

36 views • 2 slides

Take These Safety Tips to Avoid Getting Riffed off by Cybercriminals When Purchasing Smart Gadgets Online

With online retail showing no sign of slowing, cybercriminals are also getting more active and are always on the lookout for new preys. Take these safety tips with you whenever you want to shop online to avoid getting riffed off by the hairy hands out there.

135 views • 13 slides

Norton protection Against Cybercriminals

Norton is the best security software to protect against cybercriminals with the help of its amazing features. Learn more to stay protected from cybercriminals. Read For More Info: http://www.nortonukhelp.co.uk/How-Norton-Protect-you-from-cybercriminals.php

34 views • 3 slides

BREACHING YOUR BUSINESSES HAS BECOME EASY FOR CYBERCRIMINALS, AS THEY HAVE THE WEAPON – COVID-19. HERE IS HOW YOU CAN ST

While the world is suffering but, cybercriminals are using COVID-19 as a weapon to breach your business smoothly. Here's how you can stop them. Visit: https://www.cybertrust-it.com/

93 views • 9 slides

Cybercriminals Are Targeting Your Company And Your Workers Are In Cahoots With Them

32 views • 2 slides

Social Distancing from Cybercriminals, Scams and Covid-19 Robocalls

In this document sharing post, you will read how you can maintain social distance from cybercriminals, scams and also from robocalls. You can install this great antivirus software through www.webroot.com/safe. https://bit.ly/2AseZza https://bit.ly/2RghtVy

51 views • 4 slides

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

We're Hiring!
Help Center

presentation on cyber crimes-slides

Related Papers

Faruk Ahmmed

Nadia Khadam

Ramandeep Kaur

IRJET Journal

Amnah Rashid

Prasad Pednekar

Bhartiya Shodh

Crime, in whatever forms it is, directly or indirectly, always affects the society. In today’s world, there is immense increase in the use of Internet in every field of the society and due to this increase in usage of Internet, a number of new crimes have evolved. Such crimes where use of computers coupled with the use of Internet is involved are broadly termed as Cyber Crimes.

Pauline Reich

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

More From Forbes

How BCG Is Revolutionizing Consulting With AI: A Case Study

Share to Facebook
Share to Twitter
Share to Linkedin

In a world where AI is transforming every sector, companies are constantly seeking ways to gain a competitive edge. Boston Consulting Group (BCG) is leading the charge by embracing artificial intelligence (AI), particularly generative AI, to revolutionize its internal operations and consulting services. Let’s delve into how BCG is leveraging AI to transform its business processes and the consulting industry as a whole.

The Strategic Importance Of AI At BCG

AI is not just a buzzword at BCG; it is a fundamental element of their strategy. Vlad Lukic, Managing Director and Senior Partner at BCG, emphasizes the significance of AI, stating, "It gets into the crux of our business, right? And it's going to be fundamental to the toolkit and skills that we need to have." AI serves as an assistant, enabling BCG consultants to operate at unprecedented speeds, thus allowing them to generate insights faster and drive impactful results for their clients.

Real-World Applications Of AI At BCG

1. Interview Processing and Analysis:

Lukic recalls his summer internship, where he had to interview 30 engineers about materials science over three days, transcribe the conversations, distill the insights, and create slides. This labor-intensive process took two weeks. In contrast, a recent consultant used BCG's enterprise GPT to perform a similar task. "On the third day, he had slides and insights ready to go," Lukic marvels. The AI tool transcribed interviews, highlighted key themes, and generated draft presentations in minutes, reducing a two-week process to two or three days.

Best High-Yield Savings Accounts Of 2024

Best 5% interest savings accounts of 2024.

2. Gene: BCG's Innovative Conversational AI:

Another striking example of AI's impact at BCG is the development of Gene, a conversational AI designed to engage with humans and create audio experiences. Originally conceived as a co-host for BCG's "Imagine This" podcast about the future, Gene has evolved into a versatile tool for client engagement and content creation.

Paul Michelman, editor-in-chief at BCG, explains, "Gene was born for a specific job, really one job, and its original training was to be a co-host of a podcast." However, the potential of Gene quickly became apparent, and its applications have expanded. Gene now appears at live events with clients and other audiences, engaging in conversations about the future of AI and thought leadership.

Enterprise GPT: A Game Changer

BCG's enterprise GPT is a cornerstone of their AI strategy. Rolled out to every employee, this tool ensures all data remains within BCG's control. Consultants can also build their own GPTs for specific engagements, fostering innovation and efficiency. Over 3,000 GPTs have been created, addressing tasks from document summarization to administrative functions. Lukic highlights its impact on productivity, noting, "It's really helping us move to a different level of speed."

Evolving Roles And Skills In The AI Era

With AI taking over routine tasks, the role of consultants is evolving. Lukic underscores the need for purposeful toil and sanity checks to ensure junior consultants develop essential skills. He explains, "We are forcing some of those conversations with our team members, so that we can build their skills along the way." This includes teaching consultants how to engage with AI tools effectively, ensuring they can provide accurate and reliable insights.

The development of Gene has also prompted new considerations in AI deployment. Bill Moore from BCG Design Studios, who created Gene, explains the challenges in balancing autonomy and control: "We adjust, we work with the temperature to keep that sort of fine-tuned and we'll drop it down to zero if we need really accurate responses."

Measuring The Impact Of AI

BCG conducted a scientific experiment involving 750 employees to measure the impact of generative AI on performance and efficiency. The results were compelling. For straightforward tasks, productivity increased by 30-40% for new hires and 20-30% for experienced consultants. However, for complex tasks, productivity sometimes decreased due to the challenges of debugging AI-generated outputs. This experiment highlighted the importance of understanding where AI can be most effective and implementing proper guardrails to ensure accuracy.

Insights From BCG's GenAI Experiment

BCG's broader research into generative AI reveals significant insights into its value and potential pitfalls. The study found that around 90% of participants improved their performance when using GenAI for creative ideation. However, when applied to business problem-solving—a task outside the tool's current competence—many participants trusted misleading outputs, resulting in a 23% decline in performance compared to those who didn't use the tool. This underscores the necessity of proper training and understanding the limitations of AI tools.

Ensuring Accuracy And Mitigating Risks

To mitigate risks associated with AI, BCG has implemented several guardrails. Human experts review AI-generated insights, and workflows are designed to ensure continuous oversight. Additionally, BCG fine-tunes their models based on usage and feedback, reducing the likelihood of errors.

In the case of Gene, transparency and ethical considerations are paramount. Paul Michelman emphasizes, "We think it's very important... to be fully clear when we're using technology. And two, to really avoid anthropomorphizing." This approach extends to Gene's voice, which is intentionally androgynous and slightly robotic to clearly differentiate it from a human.

Governance And Strategic Implementation Of AI

BCG employs a dual approach to AI implementation. While top-down initiatives identify key workflows that can benefit from AI, grassroots innovation is also encouraged. A senior task force focuses on internal support functions and consulting cohorts, identifying where AI can eliminate bottlenecks and enhance productivity.

The Future Of Consulting In The AI Era

Looking ahead, AI is poised to reshape the consulting industry. Lukic predicts that within a decade, 50% of current tasks will be automated through AI, allowing consultants to focus more on change management and driving adoption within client organizations.

Bill Moore envisions a future where conversational interfaces like Gene become a new layer of interaction with technology, potentially revolutionizing accessibility and user experience.

Strategies For Successful AI Adoption

For CEOs considering AI adoption, Lukic offers two key pieces of advice. First, don't wait. Start addressing frictions and building the necessary governance structures now. Second, engage the organization. Avoid outsourcing AI implementation entirely and instead, focus on building internal capabilities.

Transforming Consulting With AI

BCG's strategic application of AI, particularly generative AI and conversational AI like Gene, showcases how embracing technology can revolutionize internal processes and enhance client service. By leveraging AI tools like enterprise GPT and Gene, BCG is boosting productivity, fostering innovation, and preparing its workforce for the future. As AI continues to evolve, BCG's proactive approach provides a valuable blueprint for other organizations aiming to harness the power of AI in their own operations.

Editorial Standards
Reprints & Permissions

Join The Conversation

One Community. Many Voices. Create a free account to share your thoughts.

Forbes Community Guidelines

Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.

In order to do so, please follow the posting rules in our site's Terms of Service. We've summarized some of those key rules below. Simply put, keep it civil.

Your post will be rejected if we notice that it seems to contain:

False or intentionally out-of-context or misleading information
Insults, profanity, incoherent, obscene or inflammatory language or threats of any kind
Attacks on the identity of other commenters or the article's author
Content that otherwise violates our site's terms.

User accounts will be blocked if we notice or believe that users are engaged in:

Continuous attempts to re-post comments that have been previously moderated/rejected
Racist, sexist, homophobic or other discriminatory comments
Attempts or tactics that put the site security at risk
Actions that otherwise violate our site's terms.

So, how can you be a power user?

Stay on topic and share your insights
Feel free to be clear and thoughtful to get your point across
‘Like’ or ‘Dislike’ to show your point of view.
Protect your community.
Use the report tool to alert us when someone breaks the rules.

Thanks for reading our community guidelines. Please read the full list of posting rules found in our site's Terms of Service.

IMAGES

Impact Of Cybercrime On Information Technology Security
technology and cybercriminals by v tm
PPT
How Cybercriminals Use Technology
PPT
PPT

VIDEO

Clones Attack
Hacking the Human: How to Protect Yourself from Today’s Cyber Scams
What Are The 7 Stages of a Cyberattack? Understand The Cyber Kill Chain
Can You Spot the Scam Pup? Play Click-or-Treat (But Don't Click)! #cybersecurity #funfacts #shorts
How to avoid cyber crime part-1 (sort video)
മെഡിക്കൽ റെക്കോർഡ് ഹാക്കിങ്ങിലെ അപകടങ്ങൾ എന്തെല്ലാം .. RCC Medical Record Hacking

COMMENTS

Cyber crime and security ppt
Cyber crime and security ppt. This document provides an overview of cyber crime and security. It defines cyber crime as illegal activity committed on the internet, such as stealing data or importing malware. The document then covers the history and evolution of cyber threats. It categorizes cyber crimes as those using the computer as a target ...
How AI Is Shaping the Future of Cybercrime
4 Ways Cybercriminals Are Leveraging AI. There are four main ways adversaries are using commonly available AI tools like ChatGPT, Dall-E, and Midjourney: automated phishing attacks, impersonation ...
How Criminals Use Artificial Intelligence To Fuel Cyber Attacks
Cybercriminals can also employ AI to assist with the scale and effectiveness of their social engineering attacks. AI can learn to spot patterns in behavior, understanding how to convince people ...
The rise of AI-powered criminals: Identifying threats and opportunities
The rise of AI-powered criminals: Identifying threats and opportunities. AI's influence is growing across the security space, bringing with it major implications for cybercriminals and defenders. The recent adoption of AI has raised significant concerns for cybersecurity due to the many ways that criminals can use AI for disruption and profit ...
Preparing for AI-enabled cyberattacks
Artificial intelligence in the hands of cybercriminals poses an existential threat to organizations—IT security teams need "defensive AI" to fight back.
Cybercrime
cybercrime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and ...
Introduction: new directions in cybercrime research
The Internet, computers, cell phones, and other forms of technology have revolutionized every aspect of human life over the last several decades, including how we communicate, bank, shop, obtain the news, and entertain ourselves (Holt and Bossler Citation 2016).These technological advancements have also created myriad opportunities for offenders to commit various forms of crime.
How AI will extend the scale and sophistication of cybercrime
The future of AI-powered cybercrime. The use of AI by cybercriminals is expected to increase as the technology becomes more widely available. Experts predict that this will allow them to launch cyberattacks at far greater scale than is currently possible. For example, criminals will be able to use AI to analyse more information to identify ...
Understanding cybercrime from a criminal's perspective: Why and how
1. Introduction. The development of information and communication technology (ICT) makes modern life more convenient [1, 2].However, increases in cybercrimes exploiting such technology have emerged as a severe social issue [1, 3].Since the onset of the COVID-19 pandemic, more internet users worldwide have become dependent on the internet in all areas, including education, financial ...
21st Century Crime: How Malicious Artificial Intelligence Will Impact
Cybercriminals, motivated by profit, may attempt to develop proxy AI systems that mask their involvement, avoid risk, and direct attribution and responsibility. The malicious use of AI could threaten digital security, and machines could become as proficient at hacking and social engineering as human cybercriminals.
Cyber Crime and Technology
Chapter Fifteen Cyber Crime and Technology. 2 Cyber Crime Innovation has created new opportunities to commit crime. Technological revolution has provided new tools to misappropriate funds, damage property, and sell illicit material Ultimately created cyber crime which is a new breed of offenses that can be singular or ongoing Usually involves ...
Cyber crime in the digital age
Cyber crime in the digital age. Sep 24, 2016 •. 4 likes • 4,876 views. AI-enhanced description. Saman Sara. Cyber crime is on the rise globally as criminals shift targets from financial theft to espionage and government information. Governments must collaborate to combat cyber crime through strategies like reporting systems, prevention ...
Cyber-crime PPT
Cyber-crime PPT. This document discusses cybercrime and how to prevent becoming a victim. It begins by explaining why we should be aware of cybercrime given our increasing online activities. The objectives are then outlined as providing awareness of cybercrime, recognizing methods, understanding cyber laws, and learning to avoid victimization.
What is cybercrime? Definition from SearchSecurity
Cybercrime, also called computer crime, is any illegal activity that involves a computer or network-connected device, such as a mobile phone. The Department of Justice divides cybercrime into three categories: crimes in which the computing device is the target, for example, to gain network access; crimes in which the computer is used as a ...
How to use technology in the fight against cybercrime
The use of machine learning and artificial intelligence (AI) can help address this problem, and at the same time mitigate the skills gap. These technologies can gather and analyze data, trace threats, search for vulnerabilities, respond to breaches, and thus reduce the IT team's workload. At Panda Security, we make this technology a reality ...
Profiling the Cybercriminal
This is a summary of a presentation given by Dr Maria Bada, former research fellow at the Global Cyber Security Capacity Centre, and Dr Jason R. C. Nurse, former researcher at Cyber Security Oxford, during the International Crime and Intelligence Analysis Conference in February 2016.The purpose of the presentation was to reflect on the current research and practice in the field of cybercrime ...
Beyond the Hype: Research on How Cybercriminals Are Really Using GenAI
Posted on May 08, 2024 in Presentations. There is a lot of speculation around how cybercriminals will use generative artificial intelligence. Hear recent findings from the research on the cybercriminal underground to determine where the real threats are. This session will delve into discussions in criminal forums, the state of AI malicious ...
PPT
Presentation Transcript. Cybercrimes and Cybercriminals • There have been many stories in the media about computer crime. • Sometimes hackers have been portrayed as "heroes" • Perceptions about hacking and computer crime are changing because of increased dependency on the Internet for our infrastructure. A "Typical" Cybercriminal ...
(PPT) presentation on cyber crimes-slides
In today's world, there is immense increase in the use of Internet in every field of the society and due to this increase in usage of Internet, a number of new crimes have evolved. Such crimes where use of computers coupled with the use of Internet is involved are broadly termed as Cyber Crimes. Download Free PDF. View PDF. Cybercrime & Security.
Cybercrime.ppt
Cybercrime.ppt. Cyber crime involves unlawful activities using computers and the internet. The document categorizes cyber crimes as those using computers to attack other computers or as tools to enable real-world crimes. It provides examples of various cyber crimes like hacking, child pornography, viruses, and cyber terrorism.
How BCG Is Revolutionizing Consulting With AI: A Case Study
Learn about the innovative applications, including their conversational AI 'Gene', and their significant impact on productivity and client engagement.
Cyber Crime and Security Presentation
The presentation aims to educate students about technology, internet, and cyber crimes as well as preventative measures. Cyber crime refers to criminal acts using computers and the internet. Motivations for cyber crimes include money, curiosity, revenge, and praise.
Cyber crimes and their prevention
This document summarizes a student presentation on cyber crimes and their prevention. The presentation includes sections on cyberbullying, cyber stalking, financial cyber crimes, cyber terrorism, selling illegal articles online, and software piracy. It is presented by 5 students and addresses topics like how these crimes are committed, examples ...

Related Topics

How AI Is Shaping the Future of Cybercrime How AI Is Shaping the Future of Cybercrime

4 Ways Cybercriminals Are Leveraging AI

How Cybersecurity Is Fighting Back

Developing Their Own Adversarial AI

Anomaly Detection

Detection Response

About the Author(s)

Editor's Choice

Cisco Talos Blog

Empowering cybercrime

Counteracting cybercrime

Share this post

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs

MIT Technology Review

Preparing for AI-enabled cyberattacks

Download the full report

How attackers exploit the headlines

Keep Reading

What are AI agents?

What’s next for bird flu vaccines

What is AI?

Stay connected

Defining cybercrime

Types of cybercrime

How AI will extend the scale and sophistication of cybercrime

How AI is used for cybercrime today

AI and social engineering

The future of AI-powered cybercrime

How to prepare for AI cybercrime

Read more: This is how GPT-4 will be regulated

Ryan Morrison

– Executive Summary –

More Articles

Auth with social network:

Cyber Crime and Technology

Presentation on theme: "Cyber Crime and Technology"— Presentation transcript:

About project

What is cybercrime?

How cybercrime works

Types of cybercrime

Common examples of cybercrime

Effects of cybercrime on businesses

Effects of cybercrime on national defense

How to prevent cybercrime

Cybercrime legislation and agencies

Continue Reading About cybercrime

Related Terms

What role does an initial access broker play in the RaaS model?

35 cybersecurity statistics to lose sleep over in 2024

A who's who of cybercrime investigators

Microsoft, Fortra get court order to disrupt Cobalt Strike

Profiling the Cybercriminal

The Challenge

The Research

The Cybercriminal Profile

The Case Scenarios

So, how can law enforcement benefit from these approaches?

Literature:

Cybercrimes and Cybercriminals

Share Presentation

Presentation Transcript

Information Security and Cybercrimes

ARTS. 4C(4) and 4 C(1) OF THE CYBERCRIMES PREVENTION ACT OF 2012 ARE UNCONSTITUTIONAL

maggie and milly and molly and may

Adult and on and on and on and on and on

Cheating and Cybercrimes @ Gambling Sites.Com

“ maggie and milly and molly and may”

Web Exploits and the Rise of Cybercriminals

Consolidated Analysis of Draft Cybercrimes Law

Cybercrimes and Violence Against Women

Cybercrimes and scams except cyber squatting and piracy

Latin (and Greek and English and . . . )

Quick Tips to keep your CMS secure from cybercriminals

Why Cybercriminals are targeting Small Businesses

MOST LETHAL CYBERCRIMES AND HOW TO STAY SAFE

Ask Semalt Why Cybercriminals Use Bots

Take These Safety Tips to Avoid Getting Riffed off by Cybercriminals When Purchasing Smart Gadgets Online

Norton protection Against Cybercriminals