How Do Cyber Criminals Operate?

Uploaded on 2020-09-16 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber security incidents have become more numerous and diverse and more damaging, with new types of cyber security attacks frequently emerging. Cyber crime should be a fairly open and shut case - cyber criminals execute a crime and then law enforcement should step in and catch the criminals and so the case should be closed. However, it can be particularly difficult to investigate because the crime often crosses international borders and boundaries some of which governments don’t want foreign police to cross.

Furthermore, the sophisticated tactics these criminals use, it makes it extremely difficult for law enforcement alone to collect evidence, capture the suspect and prosecute them.

To make the process work, law enforcement often has to coordinate with government agencies, international partners, and private corporations and this can take a lot of time, expense and expertise which can’t always be found. Frequently, cyber criminals use secure software to remain anonymous which are proxy servers that hide their location and route their communications through multiple countries in order to evade direct detection, and commit the crimes in other countries where they cannot be prosecuted. 

Traditionally, cyber criminals have been lone wolves until recent years. Now the most popular types of attacks implemented by these gangs are phishing scams, ransomware, botnets and malware, such as Remote Access Trojans (RATs). Their motivation behind these attacks is often monetary and informational gain such as cyberespionage, identity fraud, online extortion, credit card fraud and even international money laundering operations.

In 2013, the Internet Crime Complaint Center (IC3), have reported that the IC3 received 262,813 complaints of Internet crimes. Those crimes totaled $781million in losses. This was a 48% increase in complaints since 2012, and surprisingly, the FBI estimates that the IC3 only receives complaints for about 10% of all crimes on the Internet. 

The IC3 was founded in 2000, and houses the nation’s largest archive of reported Internet crimes worldwide. Despite being a worldwide service, 90% of their complaints come from the United States. The IC3 collects the data from these complaints and then forwards this data to the appropriate law enforcement agency. In addition to the NW3C working with the FBI to form the IC3, they offer a multitude of services to individual law enforcement agencies, including computer forensics, analytical research, and preparing materials and evidence for use in court. 

In addition to lending their investigative support to law enforcement cases, they also train thousands of officers, in computer forensics, cyber and financial crime investigations, and intelligence analysis. In 2013, the NW3C helped law enforcement gain 5.25 million dollars in criminal restitution, 4.81 million dollars in criminal fines and 452 months of sentences ordered. 

In order to bring a case to a successful conclusion, it takes thousands of hours in research and cyber forensic analysis, which includes identifying, preserving, retrieving, analysing and presenting data as a form of evidence. In order for this evidence to be admissible in court, the police need to obtain a warrant to seize the machines that are used in the crimes. 

In addition to all of this research, there are special technical skills that are needed when obtaining and analysing the evidence, such as the ability to decrypt encrypted files, recover deleted files, crack passwords and more. 
For these more technically complicated tasks, specialised cybercrime units are assembled, which are groups of officers trained in these skills. For law enforcement agencies alone, this would be an extremely tall order, even with the specialised task forces assisting, and that is where the efforts of the FBI and NW3C come into play.

If convicted, the sentencing and penalties vary. Hacking is considered a US Federal offense since it is a form of fraud. The penalty can range anywhere from paying a small a fine to serving up to 20 years in prison, depending on the severity of the crime. 

Cyber criminals have no preference in whom their targets are, as long as someone takes the bait. Usually the mainstream media only reports these threats when there are large data attacks involving prominent companies, but these attacks target everyone, including general computer users. 

Stay Safe

Use extreme caution when receiving unsolicited communications from individuals from out of the country, generally emails from another country use poor grammar and spelling, indicating that the sender is not a native English speaker.

  • Be suspicious of emails from unknown senders requesting personal information.
  • Don’t open, respond to, download attachments or click on links from unknown emails. Emails that come in the form of a help desk support ticket, a message from your bank, or from someone soliciting money via a 419 scam are usually phishing scams. 
  • If an opportunity seems too good to be true, such as a monetary windfall, it probably is. 
  • Make sure you’re using secure websites when entering in payment information. You can verify this by making sure the website’s URL begins with “HTTPS.”

Add an extra layer of protection to your computer using a comprehensive security software program and at Cyber Security Intelligence we suggest you Contact Us for advice and recommendations on professional assistance 

Norton:     Crest:     Stay Safe Online:     Safety Detectives

You Might Also Read:

Police First Hack Then Demolish Organised Crime Gangs:

 

« Nation-State Hackers Are Infiltrating The 2020 Election
Cyber Security Training For Employees »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Torch.AI

Torch.AI

Torch.AI’s Nexus™ platform changes the paradigm of data and digital workflows, forever solving core impediments caused by the ever-increasing volume and complexity of information.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.