How to create a safer internet space - Investigation of cybercrime
Updated: May 30
Cybercrime continues to grow in scale and complexity, affecting basic services, businesses, and individuals alike. The damage done by Cybercrime amounts to billions of euros/pounds depending on the country, causing indescribable damage and endangering national security.
We have seen significant growth in cyber criminality in the form of high-profile ransomware campaigns over the last year. Breaches leaked personal data on a massive scale leaving victims vulnerable to fraud, while lives were put at risk and services damaged by the Winery ransomware campaign that affected many other organizations worldwide. Tactics are currently shifting as businesses are targeted over individuals and although phishing attacks on individuals are increasing, fewer are falling victim as people have become more alert.
Because the distinction between nation-states and criminal groups is increasingly blurred, cybercrime attribution is sometimes difficult. Although young criminals are often driven by peer kudos rather than financial rewards, organized cybercrime groups are motivated by profit.
Cybercriminals seek to exploit human or security vulnerabilities in order to steal passwords, data, or money directly. The most common cyber threats include:
• Hacking - including social media and email passwords
• Phishing - bogus emails asking for security information and personal details
• Malicious software – including ransomware through which criminals hijack files and hold them to ransom
• Distributed denial of service (DDOS) attacks against websites – often accompanied by extortion
For most any crime that takes place in the physical world, a digital version of that crime exists in the cyber world. For example, a kidnapper may hold a hostage until their financial requests are met. In the digital realm, a type of cybercrime known as computer hacking (including ransomware) involves a hacker breaking into a computer system and holding an organization’s data hostage until a ransom is paid. The scale and complexity of cyber attacks are wide-ranging. 'Off the shelf' tools mean that less technically proficient criminals are now able to commit cybercrime, and do so as awareness of the potential profits becomes more widespread. The evolving technical capabilities of malware mean evolving harm as well as facilitating new crimes, such as the crypto mining malware which attacks digital currencies like Bitcoin.
Cyber attacks are financially devastating and disrupting and upsetting to people and businesses. We know that there is significant under-reporting, although the new General Data Protection Regulation is likely to prompt a better picture of scale. Currently, the level of sentencing at court is not commensurate with the seriousness of attacks, and this is an area that is ripe for consideration.
Digital technology such as computers, mobile devices, and networks are the primary tools used to commit cybercrime (you can read in our previous blogs)
• Cybercrime is not physical and involves targeting information about individuals, corporations, or governments with malicious intent.
• Cybercrime has no geographical limitations - cybercriminals can stay thousands of miles away from their intended targets.
Generally, Cybercrime is a global threat. Criminals and the technical infrastructure they use are often based overseas, making international collaboration essential. We offer cybercrime investigation services both on the domestic market in Switzerland and internationally. We focus on critical cyber incidents as well as longer-term activity against the criminals and the services on which they depend. As well as disrupting the current generation of cybercriminals we also want to prevent young people from slipping into cybercrime. We encouraged parents of young people with cyber skills to talk to them about their ambitions and the opportunities to use their skills positively.
As mentioned above, crimes typically associated with the physical world, such as committing fraud or stealing intellectual property, have online versions as well. That transition is enabled by computers and digital tools and technologies. Below are examples of different types of cybercrime:
• Computer Hacking - The term “computer hacking” is often used as a catchall phrase to describe cybercrime. By definition, computer hacking means the modification of computer software and hardware to gain access to data such as passwords or introduce malware to computer systems and networks. Ransomware, a type of cyber extortion, is a type of computer hack. So is phishing. In a phishing attempt, an email looks like it comes from a person or organization the user knows, but it’s really an “e-scam.” The email message may look genuine and tricks the user into clicking on a link or downloading an attachment that compromises the computer with malware, such as a virus.
• Copyright Infringement - Copyright infringement is a type of cybercrime that involves the theft of intellectual property, which can range from technology, movies, and music to inventions, ideas, and creative expressions such as art. The proliferation of digital technologies that facilitate file sharing through internet networks has made this type of cybercrime a growing threat to individuals and businesses. The consequences of copyright infringement are typically monetary. For example, a startup technology company can lose its advantage if a competitor steals its code. In conducting cybercrime investigations in this area, we collaborate with copyright and trademark owners, as well as online marketplaces and payment service providers that may inadvertently facilitate this type of cybercrime.
• Cyber Stalking - With the rise of social media, people can easily share life experiences, interests, restaurants they’ve visited, and even vacation pictures. However, this sharing may gain the attention of cyberstalkers. NordVPN reports that more than 40% of adults have experienced some type of online harassment or cyberstalking, with women being the most targeted. It is important to distinguish cyberstalking from researching a person’s background on the internet. For example, an employer may want to learn a little more about a newly hired employee, so they may take a glance at the individual’s Instagram account. This is not cyberstalking, as it is not intended to result in a nefarious act. On the other hand, cyberstalkers survey their victims to harass, embarrass, or threaten them.
• DDoS Attacks - Picture for a moment thousands of vehicles headed on the same highway in one direction — a traffic jam seemingly going nowhere. That’s how a DDoS (distributed denial-of-service) attack works, except that instead of cars and trucks, data is bottlenecked. Another difference is that a DDoS attack is a malicious attempt to disrupt normal data traffic in the digital world. A DDoS attack works by implementing malware that allows a hacker to target a network server and overwhelm it with an overflow of internet traffic. It affects the surrounding infrastructure of a server as well, causing systems and machines to crash. In a cybercrime investigation, a sudden surge of data patterns or suspicious amounts of traffic coming from a single IP address — a unique numerical identifier for a device on a computer network — can help point to the origin of a DDoS attack.
• Extortion - Extortion comes in various forms. One way a cybercriminal extorts online is through ransomware. Another form of extortion that has made the headlines is “cryptojacking.” Organizations and individuals who fall victim to a successful crypto jack attack are placed in an unfavorable position and then forced to pay a hacker large sums of money using cryptocurrency such as bitcoins. Cryptojackers take advantage of the decentralized nature of cryptocurrency to operate anonymously and in the shadows.
• Fraud - Fraud is described as a deceptive practice to gain an unfair advantage or for personal enrichment. For example, a company may include fictitious payments, invoices, or revenues to present a false picture of its financial state to acquire investment or tax advantages. In the digital world, credit and debit card fraud is a growing problem. Fraud can take place in the physical world and be extended into the digital realm. For example, a fraudster can use a skimming device to steal information from individuals who are using their credit or debit card at a credit card processing device or ATM. A hacker can also use malware to acquire customer credit card information from card processing software. The information obtained about a consumer can then be sold online or used to make purchases.
• Identity Theft - Identity theft is an invasive online crime that can have long-term damaging effects on a person’s finances, reputation, and more. For example, using your personal information, an identity thief can open new credit card accounts in your name without your knowledge. According to the Federal Trade Commission, signs of having been the victim of identity theft include inexplicable checking account withdrawals, getting refused by merchants, receiving debt collection calls for debts that are not yours, and seeing charges on your credit report that you never authorized.
• Online Predators - Online predators find targets, typically young children and adolescents, on popular social media sites. They often pretend to be the same or similar age as their target and, using fake profiles, earn the trust of the most vulnerable. Through this act of grooming, they may pressure a child to send explicit images of themselves or share information about themselves, which can lead to kidnapping, violent attacks, and sexual exploitation. Our statistics show that every year there are thousands of cases related to crimes against children, and that includes online predators. According to the National Center for Missing and Exploited Children, its council received over 21.7 million reports of exploited children in 2020.
• Personal Data Breach - A personal data breach describes when a hacker breaks into a computer system to steal records and data about individuals, such as user passwords, credit card information, and even health records. This type of cybercrime is most common in the business world. The biggest data breaches in history have affected the accounts of millions, and even billions, of users. An example includes the attack on Yahoo over three years which resulted in 3 billion accounts being breached. According to Norton, a data breach can occur in four ways: through system vulnerabilities, such as out-of-date software; weak passwords; drive-by downloads, which occur when a user visits a compromised website; and targeted malware attacks.
• Prohibited/Illegal Content - This type of cybercrime often coincides with online predator activity, which may involve individuals preying on children online to try to obtain sexually explicit images. But prohibited/illegal content on the internet also includes footage of criminal activity and real or simulated violence. Content that promotes illegal activity, such as making weapons or bombs and extreme political or hateful views that can radicalize vulnerable people to perform criminal acts, is also considered illegal content. In business, prohibited content can include content on streaming services that was accessed without authorization and IP addresses that were acquired to commit fraudulent activities.
How you can help
Most cyber-attacks could be prevented by taking these basic security steps:
• Choose strong passwords and don’t reuse them for multiple logins
• Install security software such as anti-virus and two-factor authentication. This kind of software is often available for free.
• Keep all security software and operating systems updated (this can be set to update automatically)
If you are a victim of cybercrime, contact us by filling out the online contact form on our website or by calling the number +41 44 586 60 33
Blockchain Investigation Agency
Tel. +41 44 586 60 33