According to the National Crimes Agency (2017), cybercrime refers to an attack on corporate or individual networks and computer systems in order to steal information or compromise the available data. The Interpol (2017) notes that cybercrime has no strict definition but it can be grouped into two main categories: advanced cybercrime also known as high-tech crime, and cyber-enabled crime. Advanced cybercrime refers to sophisticated and complex attacks on computer hardware and software (Interpol, 2017). On the other hand, cyber-enabled crime refers to the conversion of traditional crimes into forms that can be done through computers due to their increased access and the presence of fast and reliable internet. Thus, cyber-enabled crimes include crimes such as financial crimes, terrorism, and crimes against children.
Scope of the Problem
Today, cybercrime has evolved into a complex and more challenging crime to deal with. Unlike in the past where it was committed by a few individuals or small groups, it is currently done by highly complex cyber criminal networks of individuals across the globe (Interpol, 2017). Although the crimes that are committed through cybercrime are not now, they are more extreme and complex to follow due to the use of fast and reliable internet, firewalls, and complex cybercriminal networks.
Currently, the common cybercrimes that occur to consumers are phishing, webcam manager, file hijacking, keylogging, screenshot manager, and ad clicker. Among businesses, the common cybercrimes are hacking and Distributed Denial of Service (DDOS) attacks (NCA, 2017). Due to the dynamic nature of activities done through the computer, it is always difficult to identify what constitutes cybercrime. As a result, there is always a challenge in distinguishing between cybercrime and malicious acts. Due to the lack of clearly identifying the criminal’s intent or motivation, it is difficult to identify if certain acts are criminal. Accordingly, certain terms such as cyber-attack, cyber espionage, and cyberwar are interchangeably used depending on the motivation of the actors (Finklea & Theohary, 2015). Accordingly, identifying the criminal attribution is an important factor in distinguishing between cybercrime and cyber threats.
Statistics on Cybercrime
Cybercrime is overwhelmingly expensive to its victims. In fact, its cost ranges in hundreds of billions. According to the World Bank, the cost of cybercrime was $400 billion in 2013 (Center for Strategic and International Studies, 2014). Noteworthy, this cost does not include the potential benefit of cybercrime. To elaborate, although cybercrime results in losses and unnecessary expenses on its victim, there is a spillover benefit, such as where theft of technological information results in the production of a similar or improved version by a competitor. According to the International Maritime Bureau, piracy costs about 0.02% of the global economy. Transportation crime costs 1.2%, counterfeiting piracy costs 0.89%, pilferage costs 1.5% in US, car crashes cost 1.0% in US, narcotics cost 0.9% globally, and cybercrime costs 0.8% globally (Center for Strategic and International Studies, 2014). It is important to note that the valuation of the cost of cybercrime varies since it is usually an estimate.
When it comes to analysis of the severity of cybercrime, the financial sector gives a better view of the seriousness of the problem. For example, as of 2013, banks in Mexico had an annual cost of $93 million due to online fraud. Japanese banks had a loss of $110 million, and a cyberattack on US retailer Target resulted in $200 million cost on banks. In the UK, the cost of cybercrime was $850 million in 2013 while in Australia it was $100 million (Center for Strategic and International Studies, 2014).
Current Situation in Saudi Arabia
According to Elnaim and Abdulaziz (2013), there has been a fast and rapid increase in the access of internet in Saudi Arabia. As of 2013, the kingdom had an internet penetration of 54.1%, which is far more than the 5% penetration rate that was in 2001. With this increase in the use of internet and computers, more and more people are becoming victims of cyber-attacks. This problem is coupled with the shortage of skillful information technology experts in the country. Rasooldeen (2017) notes that the cost of cybercrime in Saudi Arabia was about SR 2.6 billion in 2016. Rasooldeen notes that 3.6 million were victims of cybercrime and they had an average loss of $195 in 2016. Further, 40 % of the country’s users of social media became victims of cybercrime.
Characteristics of the Problem
The conceptualization of cybercrime involves identifying a number of important issues such as the location of the criminals in both the real and digital world, the motivation for their malicious acts, and the person involved in carrying out these activities (Finklea & Theohary, 2015).
In terms of location, cybercrime involves both the physical and digital domains. In cyberspace, location is nebulous and geographical locations that exist in the real/physical world are not found in the cyber world. However, it is still linked with the physical world since hard wares used in some of the cybercrimes, such as theft of credit card details through ATMs entails the physical attachment of gadgets on these machines. Finklea and Theohary (2015) opine that cybercrimes that require more technological expertise such as phishing, identity theft, and distributed denial of services (DDoS) are more firmly rooted in the virtual world.
Largely, cybercrime is conducted as a digitalized version of traditional offenses. These crimes include offenses such as identity theft and pornography. In the real world, for example, a criminal can physical steal a person’s wallet or physically credit and debit cards from mailboxes. In cybercrime, the same offense can be replicated by a hacker who stills the same personal information electronically. Currently, the US does not have laws that are specifically written for cybercrime. Therefore, law offenders are prosecuted using laws that are designed for cybercrime. In the Racketeer Influenced Corrupt Organizations (RICO) Act, the computer fraud law in the USA (18 U.S.C. §1030) is not considered in the determination of racketeering offenses. Nonetheless, the nature of cybercrime has continued to change in a manner that it now occurs in more organized forms such as the cases of wire, bank, and access device fraud (Finklea & Theohary, 2015).
Borders and Space
Unlike the physical world, the cyber world has no real borders. Accordingly, criminals can exploit opportunities presented by anonymity on the internet to make various malicious attacks. In addition, this environment broadens their potential targets. Nonetheless, both the victims of the cybercrime and the perpetrators exist in a physical world, in similar or different cities in the world. Moreover, the internet servers, computers, and other digital devices used to commit these offenses exist in physical location and may or may not coincide with the location of the criminal.
Cases of Cyber-attacks in the USA
The following are some of the major cybercrimes in the US.
- In 2013, two Romanian nationals were sentenced for being part of a ring of hackers that participated in a multi-million dollar scheme to remotely hack and steal payment card data from US merchant computers. These individuals stole information from about 100,000 individuals which they sold for a profit (US Department of Justice, 2011).
- In 2014, the GameOver Zeus botnet was ordered to stop the link between infected computers and criminal servers. The Zeus Botnet stole online banking information and transferred the money to mules. These mules than deducted their share and transferred the balance to hackers (US Department of Justice, 2014).
- In 2009, Google was attacked by a Chinese hacking corporation, Elder wood Gang. These attackers used a complex code to access Google’s source code repositories. During their attack, they were able to extract a lot of sensitive data that belonged to the company.
- In May 2006, a group of anonymous servers hacked TJX Corporation and stole a lot of sensitive information of the credit and debit card details of 94 million customers (Almuqrin & Kustron, 2015).
Cases of Cyber-Attacks in Saudi Arabia
- In August 2012, Aramco Company, a Saudi-owned oil company was attacked by hackers. In this incident, 30, 000 computers owned by the company were infected with a virus that deleted and destroyed data that was on the company’s hard drives (Elnaim & Abdulaziz, 2013).
- In 2012, the King Saud University was attacked by hackers who exposed its database, which had information about 812 students. The disclosed information was on addresses and passwords (Elnaim & Abdulaziz, 2013).
- In 2013, Saudi Arabia’s government website was attacked by hundreds of websites that disabled their functions (Elnaim & Abdulaziz, 2013). Generally, the virus, which is known as Shamoon wipes all data in the hard disk and disrupts the operations of the organization. (Reuters, 2017)
Influences on Victims
The motivation to engage in crime is the main distinction among cyber-based malicious acts, cybercrime, and state-sponsored espionage. Due to their close similarities, the invisibility of actors in cyber-attacks, coupled with high internet speeds, it is always difficult to differentiate these three groups According to the Federal Bureau of Investigations, organized criminals mainly target financial sector, state-sponsored attacks are mainly interested in data such as those on intellectual property, defense, government agencies, and major manufacturers. Finally, cyber-based-based malicious actors such as terrorists are usually interested in identifying critical infrastructure that they can distract.
Accordingly, the FBI opines that cybercrime is mainly done by organized groups that are mainly interested in financial gains. Clearly, the motivation for each group differs. Generally, criminal groups are motivated by profits, terrorists are motivated by ideologies, and government sponsored cyber threats have many non-specific reasons as aforementioned. Actually, in some cases such as collection of information on major industries looks like they are motivated by profits while in instances where they are interested in information on defense, the reasons appear to be more on strategy.
Impact of Cybercrime on Victims
A single incident of cyber-attack can have far-reaching effects on victims. To begin with, cyberattack can result in the loss of finance, data, intellectual property, and consumer confidence. When a person is a victim of identity theft, they may become victims of long-lasting effects on their life such as phishing, or loss of their private information (Rahaman, 2016). In addition, cybercrime is costly on individuals and organizations. According to EWeek, large companies spend as much as $8.9 million yearly on cyber security (Rahaman, 2016). Generally, these organizations incur more expenses in acquiring software and firewalls to prevent cyber-attacks. In addition, cyber-crime results in piracy and has major effects on the environment, music, gaming, and software industries. On the overall, piracy leads to financial losses in these businesses and reduces the incentive to innovate and develop better products.
Cybercrime also has negative social impacts such as increasing the level of cyber bullying and cyber pornography. These crimes involve the use of viruses, botnets, and denial of service attacks. Due to these negative effects of cybercrime, most of its victim usually have some levels of emotional strain and stress. In particular, most of them feel angry or cheated, and usually blame themselves for the attacks (Rahaman, 2016).
Response of NGOs on the Issue
NGOs play a major role in addressing cybercrime and preventing its occurrence. To begin with, NGOs are usually at the forefront in proposing various legislations that can be used to arrest cybercriminals. In addition, NGOs can be used to monitor and report incidents of cybercrimes. In New Zealand, for example, the private-public partnership enables NGOs, civil society and the private sector to participate in the prevention of cybercrime by offering advice (NewZealand.govt.nz, 2015).
Center for Strategic and International Studies. (2014). Net losses: Estimating the global cost of cybercrime. Economic impact of cybercrime II. Intel Security. Retrieved from https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/attachments/140609_rp_economic_impact_cybercrime_report.pdf
Finklea, K. &b Theohary, C. (2015) Cybercrime: Conceptual issues for Congress and U.S. law enforcement. Congressional Research Service Report, 7-5700, 1-31. Retrieved from https://fas.org/sgp/crs/misc/R42547.pdf
Interpol. (2017). Cybercrime. https://www.interpol.int/Crime-areas/Cybercrime/Cybercrime
National Crime Agency [NCA]. (2017). Cybercrime. Retrieved: http://www.nationalcrimeagency.gov.uk/crime-threats/cyber-crime
NewZealand.govt.nz. (2015). National plan to address cybercrime. Retrieved from http://www.dpmc.govt.nz/sites/all/files/publications/nz-cyber-security-cybercrime-plan-december-2015.pdf
Rahaman, M. (2017). Cybercrime affects society in different ways. Financial Express. Retrieved from http://www.thefinancialexpress-bd.com/2016/07/04/36968/Cyber-crime-affects-society-in-different-ways
Rasooldeen, D. (2017). Saudi Arabia: Cybercrime costs Saudi Arabia SR 2.6 bn a year. Arab News. Retrieved from http://www.arabnews.com/saudi-arabia/cybercrime-costs-saudi-arabia-sr-26-bn-year
Reuters (2017). Saudi Arabia warns on cyber defense as Shamoon resurfaces. Retrieved from http://www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR
U.S. Department of Justice. (2011) Two Wellington Men Sentenced in Mail and Aggravated Identity Theft Ring. Press release, April 26, 2011; Wayne K. Roustan, “Two Plead Guilty to ID Theft That Cost Victims $786,000: They Admit Stealing Credit and Debit Cards from Mailboxes,”
U.S. Department of Justice. (2014). U.S. Leads Multi-National Action Against Game Over Zeus Botnet and Cryptolocker Ransomware, Charges Botnet Administrator. Press release, June 2, 2014.