by John Bandler
Cybercrime is an enormous global illicit economy. We want to protect ourselves, have good cybersecurity, and think about civil and criminal laws.
Identity theft and cybercrime go hand-in-hand, so we cannot talk about one without the other. This is an area of self protection, organization cybersecurity, and government civil and criminal enforcement.
What is cybercrime?
Cybercrime is the merging of two words, "cyber" and "crime".
Crime means conduct that is defined as a crime by a criminal law, a state or federal statute that provides that a person can be arrested, prosecuted, and sentenced (even to jail) for that defined conduct.
Cyber essentially means using cyberspace, using the Internet and a computer.
Thus, cybercrime is using the internet or a computer to commit crime. That's my way of thinking anyway. These crimes can include theft, fraud, money laundering, data breaches, extortion (ransomware), denial of service, identity theft, and more.
You will find all sorts of other definitions out there relating to cybercrime, but sometimes it is in the eye of the beholder, and sometimes additional complexities are not helpful. For example, terms have been defined such as cyber-enabled crime, cyber-native crime, and cyber-dependent crime. To me, these distinctions are not helpful.
The cybercrime and identity theft economy
There is an illegal economy of cybercrime and identity theft responsible for billions of dollars of theft every year. Most cybercrime is fueled by this profit motive.
Much of cybercrime is related to identity theft. In sum, identity theft is when an offender assumes the identity of an individual to fraudulently obtain goods or services or commit another crime. Put another way, the criminal impersonates the victim in order to steal or commit some other type of crime. I cover this more in another article.
Many cybercrimes are also an act of identity theft. Using the identity or credentials of another to gain access. Further, many cybercrimes are fueled by identity theft, because stolen personal information obtained via a data breach has value because it can be resold and then used for identity theft and to steal.
The economy relies upon criminals to pay each other, and to be able to successfully launder their ill-gotten gains. These payments are facilitated with virtual currencies and cryptocurrencies, as well as all forms of traditional value transfer.
Organizations, cybercrime protection and cybersecurity
Organizations need to protect themselves from cybercrime as a matter of good business management, protection, and legal compliance. No organization is immune from cybercrime attack. Cybercrimes can be immensely damaging to an organization, potentially fatal in terms of cost and reputation damage. Good businesses effectively manage their information assets to better accomplish the mission, secure, and comply.
Individuals and cybercrime protection
No individual is immune from cybercrime attack either. Individuals can apply all of the foundational cybersecurity concepts to protect themselves, and better use their information assets, including computing devices and data.
Cybercrime investigation and response
Cybercrime investigation is a necessary requirement for government and the private sector.
Law enforcement is the only sector who can bring cybercrime offenders to effective justice. Without deterrence and appropriate punishment, offenders have free reign to commit crimes.
Regulators investigate and enforce civil cybersecurity laws to try ensure organizations are in compliance. Regulators include state attorneys general and sector specific regulators such as for finance, health, education, utilities, and more.
The private sector also investigates cybercrime, including under a legally required duty to report certain data breaches.
Cybercrime and civil laws
Cybercrime is unique criminal activity that has spawned an enormous amount of civil laws designed to protect against the crime. Laws requiring data breach notification, reasonable cybersecurity, are examples of these laws.
Government plays important roles in many areas, including civil consumer protection and criminal enforcement.
Privacy and consumer protection
Government plays an important role in protecting consumer privacy from the information economy, and ensuring consumers are protected from criminal use of their information.
The cybercrime and identity theft economy is extremely profitable and also difficult to investigate and prosecute. But it can be investigated, and more offenders can be brought to justice. Government needs to do more on this front. The cases are challenging but important, and detectives, investigators, and prosecutors can learn how to do them and develop their investigative skills in the process and bring justice to where it needs to go.
Like no other criminal offense, cybercrime and identity theft is lucrative and repeated day after day over many years by criminals who hone their skills with little fear of apprehension. Government needs to change the risk calculus of these offenders. These offenders need to realize that government is trying, and eventually they will get caught.
District Attorney Robert Morgenthau created one of the first Identity Theft Units in the country, recognizing the importance of fighting this crime. Resulting cases soon demonstrated the connection between identity thieves and cybercriminals, and it was amazing what cases the unit was able to bring (including the Western Express case) even with relatively limited resources. Prosecutors need to put in the work to bring the type of cases needed to fight this crime.
Follow the money
Implicit in the above is following the money and slowing the profits that flow to criminals. Criminals commit these crimes because they are profitable, and the chances of apprehension are low.
The Western Express case
I spent many years investigating identity theft, first as a state trooper, then as an assistant district attorney. I investigated one case of a virtual currency exchanger located in Manhattan named Western Express International, Inc. This exchanger facilitated payments between U.S. based identity thieves and cybercriminals from former Soviet countries. During my many years investigating it and it's customers from around the country and globe, I learned a lot about this space.
Cybercrime is a pernicious and prevalent crime, tied to cybercrime, profitable and with low risk for the offenders. Organizations and individuals can play roles to protect themselves and respond to it. Government plays an important role to protect us, and needs to do better.
This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.
If you are a cybercrime victim, see the resources here, and contact me if you need professional assistance.
If your organization needs help with improving its cybersecurity and identity theft protection, feel free to contact me.
- The Three Priority Cybercrime Threats
- Identity theft
- Cybercrime (This article)
- Five Components for Policy Work
- Policies, Procedures, and Governance of an Organization
- Cybersecurity and Privacy for You and Your Organization
- Cybersecurity Tips from John Bandler
- Bandler's Four Pillars of Security
- Cybersecurity for the Home and Office (book)
- Cybercrime Investigations (book)
- The Western Express Case
- Cybersecurity Laws and Regulations Part 1
- Additional external reading
- Cybercrime Investigations, Chapter 2, What is Cybercrime and Why is it Committed
- Cybersecurity for the Home and Office, Chapter 2, The Black Market for Your Data: The Cybercrime Economy
This article is hosted at https://johnbandler.com/cybercrime, copyright John Bandler, all rights reserved.
This article is also available on Medium.com at https://johnbandler.medium.com/cybercrime-df071d6608f5 (though not kept as up to date).
Originally posted 12/31/2022, updated 1/27/2023.