Cyber Crime (Essay Sample)

Name:
Unit:
Lecturer:
Date Due:
Cyber Crime
Introduction
The new threat landscape has become more sophisticated than ever. Few years ago, cyber threats were opportunistic characterized by defacing of websites as well as loud and obnoxious virus attacks. The present cybercrimes are characteristically organized, disciplined, sophisticated, well funded and aggressive. As noted by Armerding (par. 1), cyber crimes have evolved from noticeable notoriety to stealth attacks such as Advanced Persistent Threat (APT) and Advanced Volatile Threats (AVT). Symantec (1) recognizes that cybercrimes on business entities have grown progressively more serious, extensive and sophisticated than it was in mid-2000s. Cyber crime is a broad-spectrum term that refers to criminal acts committed using computers or a network of computerized devices. Norton (par 1) defines cybercrime as any crime with computer or cyber aspects attached to it. According to Schell and Martin (82), cyber crime encompasses activities such as credit card fraud; child pornography; software piracy; identity theft; unauthorized access to computer infrastructures; online defamation; cyber bullying; cyber stalking; ignoring software licensing, trademark protection and intellectual property rights; and cyber terrorism. Those who conduct such acts are referred to as cybercriminals.
As people, businesses and governments continue to migrate to the cyberspace and rely on the Internet in their day-to-day activities, the nature of crimes and criminals in the physical world also evolve to fit in the digital space. The perpetrators and crimes in the digital space also vary from individual cyber crimes to organized crimes to state sponsored cyber attacks. In the recent past, news headlines and Cyber Security debates have been characterized by the controversial accusations between China and USA about state-sponsored attacks such as attack on financial systems; industrial espionage; and cyber attacks on defense and public infrastructures including energy and communication grids CITATION Inf13 \p "par 4" \m Man13 \p 2 \l 1033 (InfoSec Institute par 4; Mandiant 2). The implication of cyber attacks and, and the sensitive information targeted by cybercriminals, continues to grow on a daily basis.
Statistically, cybercrime has surpassed illegal drug trafficking in terms of making illegal. Norton (par. 2) notes that identity theft crimes are committed every 3 seconds. The alarming deduction from research is that unprotected computers are at the risk of infections or intrusions within four minutes of accessing the internet CITATION Nor14 \p "par. 2" \l 1033 (Norton par. 2). Symantec (1) highlights that APTs are the most momentous elements in the cyber threat landscape in the sense that they are sabotage campaigns and long-term cross boarder cyber espionages by covert state-sponsored actors. As of this writing, APTs can no longer be considered as the most lethal threats because the techniques and hardware behind such attacks have certainly continued to evolve, and motivated by the financial gains accrued from them. AVTs seem to be gaining popularity alongside other sophisticated attacks such as Zero-Day malware and Android malware CITATION Aco13 \p "par. 2" \l 1033 (Acohido par. 2). Symantec (2) defines Zero-day vulnerabilities as computer-based security loopholes unknown to software and hardware developers, therefore, may be exploited by cybercriminals before the developers provide fixes or patches. Consequentially, the target entity has zero days to create defensive mechanism. The target entity is caught off-guard. For example, the Stuxnet attack exploited several vulnerabilities simultaneously CITATION Sym11 \p 2 \l 1033 (Symantec 2). Unlike APTs which run on physical memory (installed programs on hard disk); AVTs are stealthier because they are deployed and run on the random access memory CITATION Aco13 \p "par. 1" \l 1033 (Acohido par. 1). Similarly to APTs, AVTs are state sponsored and directed at political and business targets CITATION Phi14 \p 7 \l 1033 (Ferraro 7). Furthermore, AVTs require extreme level of stealthiness over a long duration for the attack to be successful. There severity is attributed to the fact that they run when the target device is on power and clears there track when the target devices are off the grid. It follows that protecting individuals and entities against these cyber threats is getting more complex. Norton (par.1) acknowledges that cybercrime has become a complex issue than before subject to the boundless number of connected users and devices.
In the documentary titled Hacked: When Cyber Spies Attack, ABC Australia explores the ever increasing cases of cyber attacks in both private and public sectors CITATION Dav13 \l 1033 (Everett). The documentary highlights an incident in which an Australian Company, Codan Ltd sustained losses due data theft. Codan is a multinational company with offices in the United States, UK and Asia. The company lost data on one of its metal detection products. Following the industrial espionage, its business took a dive. From the film, most of the attacks were traced back to China. However, the Chinese government denied the allegations and even pointed out that its companies are victims of the same attack CITATION Dav13 \l 1033 (Everett). For instance, Blue Scope Steel, a Chinese company, was lost some of it processing data. Besides the Codan several government agencies and departments were hit, including the Department of Foreign Affairs and the Defense Department. The amount of data siphoned by hackers from both private and public entities is immense. Codan is just one of the companies that have faced aggressive cyber attacks due to its sensitive nature. Other companies that have faced similar threats include EBay, Google and Apple Inc. These incidents are consistent with the 2013 Mandiant Intelligence Center Report titled APT1: Exposing One of China's Cyber Espionage Units. In this report, Mandiant (2) suggest that APT1 is likely to be government-sponsored cyber activities from China. From its analysis, Advanced Persistent Attacks are believed to be deployed by the People’s Liberation Army (PLA) Unit 61398. In consistent with this presumption, InfoSec Institute (par. 7) notes that an intelligence source within PLA confirmed that there were hackers in the Chinese army trained to carry out cyber offensive operations. Ferraro (3) notes that cybercrimes, particularly Intellectual Property theft costs the United States approximately $300 billion annually. From Ferraro’s perspective, APTs are the biggest threat facing the United States CITATION Phi14 \p 5 \l 1033 (Ferraro 5). It turns out that estimating the cost of cyber crime is complex because it has to cover aspects such as IP theft, opportunity cost, reputational damage (brand and stock) and security cost. The data is either sparse or distorted.
The advancement of information technologies in business service delivery, together with the ubiquitous social media platforms and growth in data connectivity has changed the consumer and business landscape. To a great extent, these advancements have brought consumers and businesses nearer. For example, the geographical gap between businesses and consumers has been narrowed through e-commerce in aspects such online purchases and offshore shipping. In the same contexts, the cybercriminals have closed on businesses, government and consumers. In line with PricewaterhouseCoopers (PwC) report on the global cyber crime trend in 2014, access and connectivity have a dim side CITATION PwC14 \p "par. 2" \l 1033 (PwC par. 2). The resultant dark side empowers sophisticated and motivated cybercriminals who operates underground. Given that cybercriminals continue to operate off the radar, and their techniques become stealthier than ever (AVTs in particular), government agencies, businesses and individual computer users may never realize that they are prime targets until damage surfaces. As in the case of Codan Ltd, the company realized long after harm had been done CITATION Dav13 \l 1033 (Everett). Their customers complained of faulty detection devices not knowing that the Codan Ltd had lost its design data to cybercriminals, who allegedly sold the blueprints to Chinese firms. Startlingly, the counterfeits were much similar to the original products that consumers could not differentiate them at first sight. This incident alone illustrates that APTs, AVTs and cyber espionage are some of the most threatening variants of economic crimes over the cyberspace. PwC (par. 2) asserts that many entities have no clear insight of whether their IT infrastructures and data or information have been breached. Further, it may take time before they quantify or value what has been lost.
Cybercrimes continues to be strategic problem across the board. The 2014 Global Economic Survey on cybercrime by PwC confirmed that there is a significant growth in the impact of cyber espionage on businesses CITATION PwC14 \p "par. 3" \l 1033 (PwC par. 3). One of the four respondents documented that they had experienced cybercrimes. Shockingly, 11% of them suffered a financial loss of over US$1 million. In the same survey, it was found that the perception of cybercrime risk rose from 39% in 2011 to 48% in 2014 CITATION PwC14 \p "par. 4" \l 1033 (PwC par. 4). This is an indication that both private and public entities continue to take cyber attacks as serious threats to their business operation and brands. Central to current cyber security concerns is lack of data security. Besides the human factor, inadequate data security could be one of the reasons Codan Ltd fell prey to cybercriminals. Even when entities are aware of various types of cyber threats facing their networks, most of them undermine or totally do not understand the sophistication and capability of cybercriminals. The vulnerability of bu...