This is the last week for National Cyber Security Awareness Month (NCSAM). The focus for this week is cybercrime and law enforcement, and how each of us can become more aware of cybercrime prevention in our communities.
Bank Robbers vs Cyber Criminals
In the movie Ocean’s Eleven a team of skilled thieves plan and execute a lucrative heist on a casino. They experienced a few hiccups, but they ultimately make it out of the casino with millions of dollars, and leaving no evidence behind. In real-life the risks are higher and the payout, in most cases, much less. In 2010, bank robbers were successful in robbing 5,628 banks, making off with $43 million dollars. That might seem like a lot, but consider that on average each robbery only made $7,643. Take into consideration the risk of long-term jail time these robbers face, the fact that the money was recovered in 22% of those robberies, and it is apparent that robbing a bank is not as lucrative as it seems in the movies. The risks begin to outweigh the reward.
Cyber criminals, on the other hand, seem to experience the ease of getting away with crimes as in Ocean’s Eleven. According to an FBI report, there were 300,000 victims of cybercrime and criminals made off with a total of $1.1 billion. Although the average cybercrime came to only $3,666 per victim (as compared to $7,643 per robbery), criminals are able to commit upwards of hundreds of thousands of crimes with little to no risk of being caught.
Why Is it So Easy?
A big part of the reason that cyber criminals get away with their crimes so easily is that catching cyber criminals and enforcing computer crime laws is difficult. The majority of that difficulty lies in four major areas: jurisdiction, location, anonymity, and evidence.
Jurisdiction is which agency has the authority to investigate and prosecute different types of crimes. There are several factors that determine who has jurisdiction over a case, like:
- Which branch of the law. Cases can fall into a few different branches of the law, including criminal, civil, and regulatory law.
- Type of case. The type of case is a determining factor. Each system employs different agencies responsible for different types of cases.
- Severity of crime. The severity of the crime committed also plays a role. Different agencies and courts deal with different levels of severity.
- Level of government. The last determining factor in jurisdiction has to do with which level of government the crime falls into, and some crimes fit into different laws at different levels of the government.
Related to jurisdiction is the geographical location. A cyber criminal may be operating outside a law enforcement agencies jurisdiction, like in another state or even another country.
“Who done it?” is another factor making it difficult to enforce computer crime law. Finding out the identity of the criminal and where they are located can be very difficult. This is compounded by the fact that there are services available to mask IP address.
In any crime scene investigation in the movies, a detective can carefully pluck evidence off a couch with a pair of tweezers, drop it into a bag, and examine it later. Physical evidence is easier to find and preserve than digital evidence. Digital evidence is fragile, and it can be hard to track down. A cyber criminal may commit theft through the servers of innocent users. Following the chain of evidence to the original server is difficult.
Law enforcement agencies at the local and federal levels are aggressively attacking the issue of cybercrime with specialized computer crime units. As time goes on, law enforcement will only improve their methods of catching cyber criminals.
However, it’s also important to make sure that you are actively preventing cybercrime by protecting your own information. Being aware of common cybercrimes as well as following security best practices can go a long way to making sure you’re not the next victim of cybercrime.