Guide To All Things Criminal On The Web

Uploaded on 2018-10-22 in TECHNOLOGY--Hackers, NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

The idea of using the Internet to commit crimes isn’t new, but the problem continues to grow as people become more reliant on the Internet for making purchases and storing personal information. In this guide to cybercrime, we’ll explore the most potent threats on the Internet today.

We’re going to give you an overview of the common kinds of cybercrime, provide real-world examples and suggest tools you can use to protect yourself.

Unfortunately, you can’t justify assuming that common sense will get you past these hurdles. Just as you’d take steps to defend yourself from crime in a major city, you should do so while using the internet. Sometimes, avoiding a questionable area isn’t enough.

What Is Cybercrime?

Cybercrime is a criminal activity that involves a computer, or other networking devices. While some cybercrimes are meant to hurt the victim, most are used for financial gain.

Even though the goal is financial gain, individuals and businesses are both targets. Usually, individuals are one part of a larger attack in which the hacker intends to spread malware across machines to turn a profit. Business attacks, on the other hand, are generally a single shot.

Businesses are much more likely to be the target of hacktivist protests, too, which, in their own way, are a form of cybercrime.

There’s a long list of cybercrimes. The internet enables crimes such as fraud, money laundering, the sale of drugs and distribution of child pornography. We’re going to talk briefly about those, but this guide will focus on crimes that are sneakier and more relevant to you.

The US Department of Justice groups cybercrime into three areas: a computer is the target of an attack, is used as a weapon for an attack or is an accessory to an attack. As we go through the types of cybercrime, we’ll let you know in which area they are usually grouped.

Before getting into the types of cybercrime and what you can do to protect yourself, we’re going to look at some major examples and how they impacted normal users online.

Examples of Cybercrime

Yahoo was the target of one of the largest attacks in cybercrime history. It’s confusing how it happened, though. The company announced in September 2016 that it had been the target of an attack in 2014 in which 500 million accounts, including names, email addresses, dates of birth and phone numbers, were compromised.

A few months later, it announced that another attack, carried out in 2013 by a different group of hackers, accessed nearly a billion accounts, which included passwords and security question answers. The statement was then revised, revealing that just over 3 billion accounts were compromised.

At the time of the announcements, Yahoo was in negotiations with Verizon for sale. After the news broke, an estimated $350 million was taken off the sale price. It’s scary to think about, considering it was one of the largest data breaches in history and Yahoo waited three years to say anything about it.

Around the same time, and a bit before, the Blackshades RAT was a popular tool for extortion. An RAT, or Remote Access Tool, allows a remote computer to control yours without a physical connection. Most RATs are used legitimately, such as when a computer manufacturer provides support.

Blackshades, a hacker group, modified a commercially available RAT and used it for extortion. One of the most famous examples was Miss Teen USA Cassidy Wolf in 2014. Her webcam was hijacked and monitored for a year by Jared Abrahams, a classmate who had also cyber attacked 100-150 other women.

Photos of her dressing and undressing were used for sextortion. Abrahams demanded she make sexual videos or he would release the webcam images online. Nineteen other countries were affected by the Blackshades RAT, which was a prime example in our guide on how to secure your webcam.

The most potent threat today, though, is ransomware. The WannaCry ransomware 
attack was carried out in May 2017, infecting over 300,000 computers in 150 countries. In each case, it demanded payment of $300-$600 to unlock data it had encrypted.

Windows, which was the operating system targeted by the attack, released an emergency patch a few days later, but WannaCry had a transport protocol built in that allowed it to spread like a virus. By the time the security patch was released, the damage had been done.

The US, UK and Australia asserted that North Korea was behind the WannaCry attack. In September 2018, the U.S. Department of Justice brought formal charges against Park Jin-hyok for the 2014 Sony Pictures attack, claiming that he was part of the North Korea’s Reconnaissance General Bureau, to whom they also attributed the WannaCry attacks.

Types of Cybercrime

Let’s take a look at the different kinds of cybercrime out there.

Botnets

Botnets are networks of computers that have been infected with a bot. A bot is a form of malware that allows a remote machine to use the resources on your computer to carry out actions. Distributed denial-of-service attacks (you may know them as DDoS attacks) are the most recognizable use of botnets. For those, your computer is used as a weapon.

That said, a botnet can be used for many purposes. Any action that requires a lot of computing resources is ripe for a botnet. In some cases, they are used to carry out ad fraud, which is when fake traffic is sent to an advertisement, and crypto-mining, which uses a small amount of your system resources to solve hashes which in turn earns the crime in question bitcoin.

Botnets are scary because they’re intended to live on your machine undetected. Often, you won’t notice performance degradation. You can learn more about them and how to protect yourself in our what is a botnet guide, or read about Hola VPN, a service that slaves your comp into one.

Ransomware

Ransomware, which we provided an example of in the section above, is one of the most dangerous online threats. It’s a form of malware that searches your data and encrypts it, holding it hostage until you pay a ransom. In its case, your computer is the target.

Most ransomware cases ask for around $300 to be paid in crypto-currency over Tor. WannaCry’s demands, for example, ranged from $300-$600. Even after paying the ransom, though, your data may still be at risk.

In late June 2018, many users received an email from the alleged developers of WannaCry, demanding $650 in payment or their data would be destroyed. It was just a phishing scam, though, which we’ll talk about next.

There are different kinds of ransomware and learning them is a key part of keeping yourself protected. You can read more in our what is ransomware guide, or check out how to protect against ransomware.

Ransomware, which we provided an example of in the section above, is one of the most dangerous online threats. It’s a form of malware that searches your data and encrypts it, holding it hostage until you pay a ransom. In its case, your computer is the target.

Most ransomware cases ask for around $300 to be paid in crypto-currency over Tor. WannaCry’s demands, for example, ranged from $300-$600. Even after paying the ransom, though, your data may still be at risk.

In late June 2018, many users received an email from the alleged developers of WannaCry, demanding $650 in payment or their data would be destroyed. It was just a phishing scam, though, which we’ll talk about next.

There are different kinds of ransomware and learning them is a key part of keeping yourself protected. You can read more in our what is ransomware guide, or check out how to protect against ransomware.

Phishing

Phishing is meant to entice unsuspecting internet users into downloading unwanted applications or providing personal details. It isn’t just online, either. Phishing can take place over email, phone, text and more.

Phishing scheme can get you in many ways, too. The most common method is to send a malicious link to a user and have them download malware. That could be anything from ransomware to adware, both of which are covered in our best antivirus software guide.

There are forms of phishing that don’t require you to click a malicious link, though, and those are far scarier. You can learn about them in our what is phishing guide.

Browser Hijacking

Browser hijacking is a cybercrime that is typically used for ad fraud. Malware hijacks your browser settings, often changing the homepage, default search engine and more. The new destinations display advertisements that the hacker uses to generate revenue.

While your computer is the target of browser hijacking, ad fraud falls into the category of using your computer as an accessory.

Browser hijacking is common, mainly because many people don’t know they are a victim. Hijackers are usually bundled with free applications and masquerade as a more secure way to use the internet. That isn’t true, of course, and the attacker uses the misinformation to install malware on your machine.

Some browser hijackers redirect the websites you’re trying to go to, as well, which is a technique that can be used to download more malware on your machine. You can learn about that and ways to protect yourself in our what is browser hijacking guide.

Fraud and Identity Theft

Most cybercrime boils down to fraud and identity theft. Botnets are a form of fraud, for example, and phishing is often used for identity theft. Ransomware, botnets, phishing and browser hijackers are the most common tools used for those crimes, but there are others.

That’s why it’s important to be cautious with your information online. Even reputable companies, such as Yahoo, can be the target of massive data breaches, exposing billions of people to identity theft. If possible, it’s not a bad idea to provide inaccurate information on your accounts and use a burner email address.

The Cybercrime Economy

Cybercrime has its own economy that takes place on the dark web, which is different from the deep web. Criminals buy and sell malware, botnets, data lists and more to commit fraud and identity theft. That said, there’s a more sinister side to the dark web.

The dark web is used for sex trafficking, distribution of child pornography, hitmen and much more. There’s a corner of the internet, hidden by multiple redirects and encrypted pages, that opens up those horrible crimes. We’re calling it the “cybercrime economy.”

Because of the long paper trail left behind by using the internet, anonymity is the primary concern for criminals taking part in those activities. A combination of Tor and a secure virtual private network, along with the trust of others who run in those circles, usually allows people to access relevant areas of the dark web.

Your information, especially if it has been part of a data breach, is likely on the dark web and available for purchase. Experian, a company that provides identity theft protection, says your social security number could sell for as little as $1 on the dark web. Credit card numbers are sold for as little as $5.

In most cases, your identity used to make false purchases. On the internet, everyone can use a different name and face, though, so it’s sometimes used to carry out additional crimes. Protecting your personal data is paramount, not only for the number in your bank account, but also for your freedom.

How to Protect Yourself from Cybercrime

All the above is pretty terrifying, we know, but the upside to cybercrime is that it’s fairly easy to protect against, provided you’re willing to spend a few bucks. Let’s take a look at some simple steps.

Install an Antivirus

An antivirus is built for the purpose of protecting users against cybercrime. Modern applications scan the data on your machine for anything malicious and provide real-time protection against threats such as phishing.
Bitdefender, our top pick in our antivirus reviews, comes with ransomware protection, too. You can choose which files should be protected and it will monitor them for activity. In some cases, the ransomware protection will even block legitimate requests, such as saving a Word document. You can add exceptions, though.

Bitdefender got near-perfect scores from the three independent labs we consulted during our Bitdefender review. It also has an excellent feature set and a decent price, to boot.

There are many great antiviruses on the market, though. Bitdefender is just one of the choices at the top. You can read our guide to the most secure antivirus to learn about options such as Kaspersky (read our Kaspersky Anti-Virus review).

An antivirus should be your first line of defense against cybercrime. Many tools use behavior monitoring to pin down new malware that hasn’t been logged in the database yet. As long as you have one protecting you, it’s highly unlikely you’ll fall victim to cybercrime.

Use a Password Manager

Unfortunately, an antivirus can’t protect you from data breaches. Using one our picks for best password manager can, though. A password manager stores your account details in an encrypted vault, allowing you to use a unique password on every website.

Most websites keep your password on file in an encrypted form. Encryption is made to be cracked, though, and a weak password leaves you vulnerable. A single word password, such as “password,” can be cracked in a few seconds with a dictionary attack.

Each additional character you use to randomize your password increases your security exponentially. If you’re using a password of, say, 15 characters including numbers, lowercase letters, uppercase letters and special characters, it’ll take millions of years to crack (read more on this in our guide on creating a strong password).

A password manager enables you to do that, as well as use a strong, unique password for each of your accounts. Remembering “2bo*rn$8P47UjjQ4N” isn’t exactly possible, especially when using different passwords for different accounts, so a password manager handles it for you to increase your security.

We like Dashlane a great deal for its exceptional security and long list of features. The most recent version came with extra goodies, such as a VPN, but at a higher cost. It’s still an excellent choice for a password manager, though, as you can read in our Dashlane review.

We also like 1Password, especially given Dashlane’s price increase. It has fantastic security, though it’s not as good as Dashlane’s, and a large feature set. Our favorite feature is Travel Mode, which lets you wipe all personal data from your mobile device and store it in your vault while traveling. After arriving at your destination, you can restore it with a single tap.

You can learn more in our 1Password review or see how the two compare in our Dashlane vs. 1Password article.

1Password is cheap, too, but it’s not for everyone. If you need to shop around, make sure to read through our password manager reviews.

Use a VPN

Your browser sends an awful lot of information when you connect to a website. Even with a secure SSL/TLS connection, that data can be intercepted or redirected to expose your identity. That’s ignoring the possibility of an untrustworthy internet service provider, too.

A virtual private network will keep your privacy online. You connect to the VPN provider through a secure tunnel, meaning no one knows what websites you’re visiting. It’s a major tool for privacy which, in turn, provides you security from identity theft.

If you’re using a VPN, a cybercriminal won’t be able to trace you, so they won’t be able to target you, either. It has upsides in bypassing geoblocks and circumventing censorship, too. You can read our best VPN guide or skim through our VPN reviews to find a provider that suits your needs.

We’ll spoil it and let you know that ExpressVPN is our first choice, though. While the price is high, it has excellent speeds, security and features. The interface is easy to get around, too. You can learn more about it in our ExpressVPN review.

Backup Your Data

Backing up your data should be a normal process, but if the upsides of having a safety net aren’t enough for you, maybe your online security will be. The best cloud backup services allow you to offload sensitive documents to the cloud so that access to your key files becomes a nonfactor.

Ransomware looks silly if you can just restore the data that’s been encrypted. If you contract malware, no matter how dangerous, you can wipe your machine clean and restore your files. That’s if they’re backed up, of course: the best online backup with ransomware protection will help you on your way in this regard.

Our first choice is IDrive because it comes with a lot of storage for a low price and is quick to backup. It has an excellent list of features, including mobile backup, private encryption and advanced scheduling, too. You can learn more in our IDrive review.

Final Thoughts

Cybercrime is going to continue to be a problem. With the world being as connected as it’s ever been, a new breed of criminal needs to be dealt with. Thankfully, there are tools to handle online threats and they’ve gotten better over the years.

Protect yourself by using an antivirus, password manager, VPN and cloud backup service. 

Cloudwards:

You Might Also Read:

Europol Warning: 15 Ways To Become A Cybercrime Victim

« Mobile Security Threats Put Businesses At Risk
It's Time To Embrace Blockchain Technology »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Blancco Technology Group

Blancco Technology Group

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions.

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

Cybersecurity Manufacturing Innovation Institute (CyManII)

Cybersecurity Manufacturing Innovation Institute (CyManII)

CyManII was established to create economically viable, pervasive, and inconspicuous cybersecurity in American manufacturing to secure the digital supply chain and energy automation.

GuardSight

GuardSight

GuardSight is a provider of specialized cybersecurity services to safeguard businesses, government, and remote workers against sophisticated cyber threats.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.