NetworkTigers on how to define cybercrime.
Picture a cybercriminal. What do you see? Is it someone in a hooded sweatshirt hunched over a laptop, coding malicious software bugs into existence? Maybe a cybercriminal is an international hacker stirring up trouble in a militarized zone, or a disgruntled employee at the local water treatment facility, shutting off critical safety features.
The truth is cybercrime has many faces and wears many different hats. A failure to uniformly define cybercrime is one of the most significant issues facing prosecution and enforcement measures today. As the internet evolves, so do ways to take advantage of its opportunities. Without a clear definition of cybercrime, ensuring that anywhere is truly safe from its reach can be difficult.
Taking the threat of cybercrime seriously
In 2020 alone, the FBI estimates that approximately $4 billion was lost from the United States economy due to cybercrime. Because of its massive potential for loss, the United States government takes cybercrime seriously, never more so than with the passage of the Biden-Harris National Cybersecurity Strategy. Officials are finally heeding calls from cybersecurity experts to take the ever-evolving threat as seriously as possible, diverting time, energy, and resources into addressing the risk of cybercrime.
The passage of the 2022 Better Cybercrime Metrics Act has helped create more explicit boundaries for what is and isn’t considered a cybercrime. The bipartisan bill is geared to help the FBI better track, measure, investigate, and analyze cybercrime trends and prosecute cybercriminals. The bill’s sponsor, Rep. Abigail Spanberger (D-VA.), is a former CIA case officer and former federal agent. She called cybercrime “now the most common crime in America” in a press release. She said the legislation will “allow US law enforcement agencies to better identify cyberthreats, prevent attacks, and take on the challenge of cybercrime.”
FBI definition of cybercrime
The FBI defines cybercrime as “internet-enabled crimes,” meaning that all kinds of existing offenses, such as money laundering, identity theft, abuse, threats to national security, and more, can be penalized as cybercrime involving internet technology. The agency goes on to identify some of the most common cybercrimes that they investigate as:
- Business email compromise: Business email compromise, or BEC, usually preys on the amount of financial information exchanged over email. Despite the name, BEC crimes can take advantage of individuals and corporations.
- Identity theft: When personal information such as credit card numbers or Social Security numbers is stolen over the internet, it is a form of cybercriminal identity theft.
- Ransomware: Ransomware often enters through a virus or bug and holds valuable digital files or network access hostage in exchange for a ransom.
- Spoofing or phishing: Phishing, also known as spoofing, often involves impersonating a trusted party to gain personal or financial information.
- Online predators: Young adults and children are particularly at risk from this kind of cybercrime, although other vulnerable parties may also be targeted for cyber or real-life violence.
Four categories of cybercrime
According to the FBI Law Enforcement Bulletin, the most common and uncommon criminal attempts fall under four main categories of cybercrime. They are:
- Crimes in which the computer or computer files themselves are the target include intellectual property theft, ransomware, and blackmail.
- Crimes in which computer processing is used as an instrument of crime include credit card fraud or theft using automated teller machines.
- Crimes in which the computer is not necessary to the crime but used in the act include money laundering, drug trafficking, and false record keeping.
- Crimes involving the physical proliferation of computer technology include black market sales, software piracy, and electronics theft.
Concerns about a unified cybercrime definition
The United Nations estimates that identity thieves alone steal $1 billion annually. Cybercrime is, in many ways, unique when it comes to prosecution because many victims have no way of identifying their attackers, who may reside in any part of the world. Because of this, international collaboration is crucial in cybercrime enforcement action.
The United Nations continues to push for a unified definition of cybercrime across global borders, but cooperation can be difficult. One of the main hurdles to qualifying cybercrime is that different countries consider different internet uses illegal. For instance, freedom of speech is defined differently by many nations and is not considered a human right or legal use of the internet in some areas. For another, acts of terrorism using internet channels are of great concern for most nations, but what is considered terrorism has yet to find a global set of agreed-upon standards. Creating too broad a standard for cybercrime could stifle freedom of the press, freedom of investigation, and free speech. However, not going far enough may allow cybercriminals leeway across international borders.
Fighting and understanding cybercrime at home and abroad
The Budapest Convention on Cybercrime is one of the greatest tools for international collaboration for finding and prosecuting cybercriminals, allowing different nations to cooperate on a series of mutually agreed-upon crimes. The United States is a signatory of the Budapest Convention, meaning that this international document helps inform how the FBI and other government agencies define and prosecute cybercrime.
To fight something, you have first to be aware of its existence. As the United States grapples with what constitutes cybercrime at home and abroad, enforcement measures will change and evolve. Knowing what to call cybercrime and what forms it can take is the first step towards a safer internet for everyone.