1. The nature of cybercrime

It is difficult to provide a comprehensive definition of cybercrime. Some texts distinguish between cybercrime and computer crimes. This distinction is properly discussed in the ITU publication Understanding cybercrime: Phenomena, challenges and legal response. The United States National Institute on Standards and Technology (NSIT) defines cybercrime as criminal offences committed on the internet or aided by the use of computer technology. For our purpose, we can describe cybercrime as a crime, or an unlawful act committed using information and communication technologies (ICT). Such an act must be prohibited by law and punishment prescribed. Sometimes, the ICT is used as a tool while, in other cases, it is the target of an illegal activity. 

The United Kingdom Crown Prosecution Service, in its definition of cybercrime, places cybercrimes into two categories. The first category is cyber-dependent crimes. Those are cybercrimes that can be committed only through the use of the ICT devices, where the devices are both the tool for committing the crime, and the target of the crime. For example, developing and propagating malware for financial gain, hacking to steal, damage, distort or destroy data and/or network or activity. The second category is cyber-enabled crimes. These are traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of the ICT, such as cyber-enabled fraud and data theft.

The uniqueness of cybercrime is that the internet enabled traditional crimes to evolve. Copying someone’s signature to withdraw funds from a bank account has been replaced with stealing credit card numbers with the use of online tools on a massive scale. Server hacking, malware infection, web defacement, and distributed denial of service (DDoS) attacks all fall into the category of new crimes that have emerged with the existence of the internet.

Cyberspace offers an abundance of tools to conduct or facilitate these crimes, new or old, such as botnets (which enable mass distribution of spam), malware infection, DDoS attacks, and many others. Any technological development offers criminals new opportunities to target a multitude of potential victims. 

Emerging technologies are also changing society and, thus, the environment in which crimes occur. Developments in 3D printing have made it possible to produce fully operational printed guns, as well as bogus point-of-sale (POS) devices and ATM skimming devices to steal credit card details. Illegal markets in the so-called dark web are flourishing. Some of them (Silk Road 1 and 2, Evolution, Agora, and Darkode) have already been successfully taken down. Digital currencies (also known as cryptocurrencies) like BitCoin, and related anonymising applications like Dark Wallet, which make it almost impossible to track the flow of digital money, make it easier for illegal markets to evade law enforcement agencies. (https://www.youtube.com/watch?v=2NKvkmGHevc)

While everything is getting ‘smart’ and connecting to the internet – from cars to light bulbs, from fridges to smart cities within the Internet of Things (IoT) – smart devices might be pretty dumb when it comes to security. Insecure devices allow criminals to perform various actions: from using them as part of botnets, requesting ransom if the device is important (a car, or a camera, for instance), to penetrating further through the network to which the device is connected.

Cybercriminals are also deploying artificial intelligence (AI), to bypass security measures (such as CAPTCHA), to improve the accuracy of phishing attacks, and to develop highly invasive malware. AI is a threat itself, because autonomous devices, which process a huge amount of data and decide on their own, might be more vulnerable to hacking, theft of personal data, interception, monitoring, and other crimes. Trend Micro Research, in collaboration with United Nations Interregional Crime and Justice Research Institute (UNICRI) and Europol’s European Cybercrime Centre (EC3) have provided a report on Malicious Uses and Abuses of Artificial Intelligence. The report presents the state of artificial intelligence and predicts the possible ways that criminals will exploit these technologies in the future.