Atlantic International University,

Honolulu, Hawaii 96813

HACKING AND CYBERCRIME

By MBANZABUGABO Jean Baptiste, ID# UD30956SCO39530

School: Science and Engineering
Program: Doctorate
Major: Computer Science

Kigali - RWANDA

TABLE OF CONTENTS
ABSTRACT........................................................................................................................1
1. INTRODUCTION........................................................................................................2
2. DISCUSSION OF CURRENT SCENARIOS.................................................................2
2.1 Target Cybercrime......................................................................................................2
2.2 Cybercrime statistics..................................................................................................5
2.3 Ethical Hacking..........................................................................................................6
Who is A Hacker Actually.............................................................................................8
2.4 The philosophy behind the scene.............................................................................13
2.4.1 Cybercrime in UK case study.........................................................................13
2.4.2 Cybercrime in RWANDA case study Govt intensifies cybercrime fight....14
2.5 Cybercrime as Service..............................................................................................15
2.6 Trends and Forecast..................................................................................................16
CONCLUSION..................................................................................................................19
END NOTES.....................................................................................................................19
REFERENCES..................................................................................................................20

ABSTRACT

Cybercrime is a kind of crime that happens in "cyberspace", that is, happens in the world
of computer and the Internet based Network. Although many people have a limited
knowledge of "cybercrime", this kind of crime has the serious potential for severe impact
on our lives and society, because our society is becoming an information society, full of
information exchange happening in "cyberspace". While there are several textbooks
talking about cybercrime and hacking, this paper, will introduce the definition, origins
and evolution of cybercrime in respect to hacking paradigm. Second, the categories of
cybercrime, which are target cybercrime, Hacking tool and cybercrime tool, computer
incidental, are presented in each section respectively, where some hacking cases will be
studied. Finally, the summary will be given.
Keywords: Hacker, Hacking, Cyber, Crime, Cybercrime, Computer crime, Ethical
Hacking, Threats, Malware and Social Engineering.

1. INTRODUCTION
Throughout the world increasing numbers of governments and public authorities are
relying on IT infrastructures to perform a wide range of duties. Almost everything is
interconnected nowadays, and people in all positions are accustomed at shuttling
information where it is needed.
The truth is that data are not safe whether the users sit in their office, in a false feeling of
security, or in a hotel room, airport lounge or the office of a foreign partner. Specific
security requirements apply everywhere, both in the apparently friendly office space and
in the open world. A deliberate criminal action can target information wherever it sits
Even though the level of awareness of cyber threats has increased, and law enforcement
acts globally to combat them, illegal profits have reached amazing figures. The impact to
society has become unsustainable, considering the global economic crisis.
The risk of business collapse is concrete, due to the high cost for enterprises in mitigating
counter measures, and the damage caused by countless attacks.
This assay paper quantifies the economic impact of cybercrime in 2013, by highlighting
the main trends in the criminal ecosystem that concerns the security community.
2. DISCUSSION OF CURRENT SCENARIOS
Principal security firms which observe and analyze the incidents occurred to their clients
has provided estimates of the annual loss suffered by enterprises. If we extend the effects
of cybercrime to government circles, public industry and the entire population, its easy
to assume that the amount of damage reaches several hundred billion dollars.
In many cases, that estimate can be misleading. Thats because there were still too many
companies that fail to quantify the losses related to cybercrime. In some cases, they
totally ignore that theyre victims of attacks. The majority of estimates relied on a
investigation, and loss estimates are based on raw assumptions about the magnitude and
effect of cyber-attacks to provide an economic evaluation.
2.1 Target Cybercrime

When a computer is the target of offense, the perpetrator attacks the computer by
breaking into it or attacking it from outside. This kind of cybercrime may be the most
"professional" in the cybercrime categories, because the criminal does programming and
makes use of some exploits on computer, who always has pretty strong professional
background of computer science.
Cyber-criminal activities are increasing by incidence in a scenario made worse by the
economic crisis. We also face tightened spending by the private sector, and reduced
financial liquidity.
Nearly 80% of cybercrime acts are estimated to originate in some form of organized
activity. The diffusion of the model of fraud-as-service and the diversification of the
offerings of the underground market is also attracting new actors with modest skills.
Cybercrime is becoming a business opportunity open to everybody driven by profit and
personal gain.
According to experts at RSA security, cybercrime continues to improve its techniques and
the way it organizes and targets victims. The RSA Anti-Fraud Command Center (AFCC)
has developed the following list of the top cybercrime trends it expects to see evolve:

As the world goes mobile, cybercrime will follow

The privatization of banking, trojans and other malware

Hacktivism and the ever-targeted enterprise

Account takeover and increased use of manually-assisted cyber attacks

Cybercriminals will leverage Big Data principles to increase the

effectiveness of attacks

Cybercrime activities are globally diffused, financially-driven acts. Such computerrelated fraud is prevalent, and makes up around one third of acts around the world.
Another conspicuous portion of cybercrime acts are represented by computer
content, including child pornography, content related to terrorism offenses, and piracy.
Another significant portion of crime relates to acts against confidentiality, integrity and
accessibility of computer systems. That includes illegal access to a computer system,
which accounts for another one third of all acts.

Most common cybercrime acts encountered by national police in Europe, Asia and
Oceania, Americas, Africa are the following:
Illegal data interference or system damage
Illegal access to a computer system
Illegal access, Interception or acquisition of computer data
Computer related copyright and trademark offences
Sending or controlling sending of SPAM
Computer related fraud and forgery
Computer related acts involving racism and xenophobia
Computer related acts in support of terrorism offences and anti-politics parties
Breach of privacy or data protection measures
Computer related identify offences
Computer related solicitation or grooming of children
Computer related acts causing personal harms
Computer related production distribution or possession of child pornography

When assessing the effect of cybercrime, its necessary to evaluate a series of factors:

The loss of intellectual property and sensitive data.

Opportunity costs, including service and employment disruptions.

Damage to the brand image and company reputation.

Penalties and compensatory payments to customers (for inconvenience or

consequential loss), or contractual compensation (for delays, etc.)

Cost of countermeasures and insurance.

Cost of mitigation strategies and recovery from cyber-attacks.

The loss of trade and competitiveness.

Distortion of trade.

Job loss.

Figure Estimated cost of cybercrime (TrendMicro)

2.2 Cybercrime statistics

To better understand the effect of cybercrime on a global scale, I decided to introduce the
results announced by the study, titled The 2013 Cost of Cyber Crime Study, provides an
estimation of the economic impact of cybercrime. Its sponsored by HP for the fourth
consecutive year. It reveals that the cost of cybercrime in 2013 escalated 78 percent,
while the time necessary to resolve problems has increased by nearly 20 percent in four
years. Meanwhile, the average cost to resolve a single attack totaled more than $1
million.
Information is a powerful weapon in an organizations cyber security arsenal. Based on
real-world experiences and in-depth views many security professionals around the globe,
the Cost of Cyber Crime research provide valuable insights into the causes and costs of
cyber-attacks. The research is designed to help organizations make the most costeffective decisions possible in minimizing the greatest risks to their companies, said Dr.
Larry Ponemon, chairman and founder of the Ponemon Institute.

The frequency and cost of the cyber-attacks increased in the last 12 months. The average
annualized cost of cybercrime incurred by a benchmark sample of US organizations was
$11.56 million. Thats nearly 78% more than the cost estimated in the first analysis
conducted four years ago.
In spite of improvements in defense mechanisms and the increased level of awareness of
cyber threats the cyber-crime ecosystem is able to adopt even more sophisticated cyberattack techniques. The cybercrime industry has shown Great Spirit, and the adaptive
capacity to respond quickly to countermeasures has been taken by the police.
The study also remarked the necessity to adopt defense mechanisms and to build security
culture. The security researchers involved in the study found that the organization that
deployed systems, such as security information and event management (SIEM), and big
data analytics, could help to mitigate the effect of cyber-attacks, reducing the cost
suffered by enterprises.
Organizations using security intelligence technologies were more efficient in detecting
and containing cyber-attacks, experiencing an average cost savings of nearly $4 million
per year, and a 21 percent return on investment (ROI) over other technology categories.
In the last report issued by ENISA, titled Threat Landscape Mid-year 2014, the
organization confirmed the results of the Ponemon Institute. The McAfee security firm
estimated that cybercrime and cyber espionage are costing the US economy $100 billion
per year, and the global impact is nearly $300 billion annually. Considering that the
World Bank estimated that global GDP was about $70,000 billion in 2011, the overall
impact of cybercrime is 0.04 percent of global income, an amazing figure!
The security firm sponsored a report titled Estimating the Cost of Cybercrime and Cyber
Espionage, The Center for Strategic and International Studies (CSIS) collaborated.
2.3 Ethical Hacking
Another concerning side effect of cybercrime activity is the loss of 508,000 jobs in the
US alone. Thats mainly caused by theft of intellectual property, which wiped out the
technological gap of U.S. Companies against Asian competitors.
In a simpler perception, hacking is similar to trespassing.
Hacking is the practice of modifying the features of a system, in order to accomplish a
goal outside of the creator's original purpose. The person who is consistently engaging in

hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice,
is called a hacker.
Hacking can further be defined in many ways. The most suitable meaning of hacking is
having an unauthorized access with which he/she can have access to private or personal
data .Hacking can be done on all devices which are having access to internet and having
some advanced features such as advanced operating system. Hacking is not only
practiced on computers but also on servers ,data bases which stores information in then
and gives access to users who have right to use. Generally hacking will be only when
there is any fault or vulnerability in the system. WITHOUT ANY TYPE OF
VULNERABILITY NO BODY CAN HACK ANY DEVICE OR ANY SYSTEM

Figure- Types of Hacking

Computer hacking is the most popular form of hacking nowadays, especially in the field
of computer security, but hacking exists in many other forms, such as phone hacking,
brain hacking, etc. and it's not limited to either of them.
It begs several important questions about the full benefit to the acquirers and the
damage to the victims from the cumulative effect of continuous losses in cyberspace

The cost of malicious cyber activity is mainly related to the theft of intellectual property
and the loss of financial assets.
Who is A Hacker Actually
Hackers are those who are very intelligent persons(Experts) who spends lots of time in
researching and exploring computer resources, networks, databases, servers to find
security issues and also protecting information of organizations or companies who hire
them.
Hackers are mostly the persons who are very curious in computers, Internet and web
maniacs.
The 'ethical professional'
Trustwave, a data security vendor is responsible for assisting small and medium-sized
businesses on how to manage compliance and secure network infrastructure, data
communications and critical information assets. Within Trustwave, a security team called
Spider Labs focuses on application security, incident response, and penetration testing
and treats intelligence.
Ten types of cyber hacker can be identified
The basic definition for a hacker is someone who breaks into computer networks or
personal computer systems either for a challenge or to gain profit.
1. White-hat A 'white-hat' hacker, also referred to as an ethical hacker, is someone
who has non-malicious intent whenever breaking into security systems. The majority of
white-hat hackers is security experts, and will often work with a company to legally
detect and improve security weaknesses.
2. Black-hat A 'black-hat' hacker, also known as a 'cracker', is someone who hacks
with malicious intent and without authorization. Typically the hacker wants to prove his
or her hacking abilities and will commit a range of cybercrimes, such as identity theft,
credit card fraud and piracy.
3. Grey-hat Like the color suggests a 'grey-hat' hacker is somewhere between whitehat and black-hat hackers, as he or she exhibits traits from both. For instance, a grey-hat
hacker will roam the Internet in search of vulnerable systems; like the white-hat hacker,

the targeted company will be informed of any weaknesses and will repair it, but like the
black-hat hacker the grey-hat hacker is hacking without permission.
4. Blue Hat External computer security consulting firms are employed to bug-test a
system prior to its launch, looking for weak links which can then be closed. Blue Hat is
also associated with an annual security conference held by Microsoft where Microsoft
engineers and hackers can openly communicate.
5. Elite hacker These types of hackers have a reputation for being the 'best in the
business' and are considered as the innovators and experts. Elite hackers used an
invented language called 'Leetspeak' to conceal their sites from search engines. The
language meant some letters in a word were replaced by a numerical likeness or other
letters that sounded similar.
6. Hacktivist Someone who hacks into a computer network, for a politically or
socially motivated purpose. The controversial word can be constructed as cyber
terrorism as this type of hacking can lead to non-violent to violent activities. The word
was first coined in 1996 by the Cult of the Dead Cow organisation.
7. Script kiddies Amateur hacker who follows directions and uses scripts and shell
codes from other hackers and uses them without fully understanding each step
performed.
8. Spy hackers Corporations hire hackers to infiltrate the competition and steal trade
secrets. They may hack in from the outside or gain employment in order to act as a
mole. Spy hackers may use similar tactics as hacktivists, but their only agenda is to
serve their client's goals and get paid.
9. Cyber terrorists These hackers, generally motivated by religious or political
beliefs, attempt to create fear and chaos by disrupting critical infrastructures. Cyber
terrorists are by far the most dangerous, with a wide range of skills and goals. Cyber
Terrorists' ultimate motivation is to spread fear, terror and commit murder.
10. Mobile hackers These days individuals store everything on their mobile phones,
from personal information such as contact numbers and addresses to credit card details.
For these reasons mobile phones are increasingly becoming attractive to hackers-on-thehoof, either by hacking faulty mobile chips or point-to-point wireless networks, such as
Bluetooth.

Sources: E&T, McAfee/ Robert Siciliano, Wikipedia

With the rise of cyber-crime, ethical hacking has become a powerful strategy in the fight
against online threats. In general terms, ethical hackers are authorized to break into
supposedly 'secure' computer systems without malicious intent, but with the aim of
discovering vulnerabilities in order to bring about improved protection.
Sometimes the local IT managers or security officers in an organisation will be informed
that such an attack usually called a 'penetration test' is to take place, and may even be
looking over the hacker's shoulder

It is worth of a hack which describes its price if done .This can be easily understood when
refer to the movie TRANSFORMERS the girl asks a security geek to break the code of
data in flash disk, to which he replies what i get if i really crack this. Then she replies
they will hunt you to tip of the mountain to find person who tampered with this
data.
This is called Hack value.

Cyber criminals are improving ways to be non-traceable and to be more resistant in their
malicious structures to take down operations by law enforcement. Hackers are improving

their infrastructure, for example adopting peer-to-peer protocols, or hiding command and
control infrastructures in anonymizing environments, such as the Tor Network.
The Symantec security firm has just released the 2013 Norton Report, the annual research
study which examines the consumers online behaviors, the dangers and financial cost of
cybercrime.
Also, their data confirms the concerning results of other analysis. Cybercriminal activities
and related profit are in constant growth, the cost per cybercrime victim is up 50 percent,
and the global price tag of consumer cybercrime is $113 billion annually. Thats a result
of the concerns security analysts consider. It also affects the actual global economic
scenario and the difficulties faced by enterprises.
This data was reported in the Norton Report, a document considered one of the
worlds largest consumer cybercrime studies, based on self-reported experiences of
more than 13,000 adults across 24 countries, aimed at understanding how cybercrime
affects consumers, and how the adoption and evolution of new technologies impacts
consumers security.
The Norton Report also states that the number of online adults who have experienced
cybercrime has decreased, while the average cost per victim has risen.
Symantec experts have also analyzed the incidence of cybercrime in different countries
around the world. As expected, it concludes that cybercrime has no boundaries, its action
is globally distributed, although substantial differences are related to the local law
framework and to the real effort of the authorities. The difference in the impact of
cybercrime is also influenced by many other factors, including the penetration level of
technology, perceived corruption, and the adoption of defense mechanisms. The study
revealed that the annual number of victims has been estimated at 378 Million. The
countries where the greatest percent of the population are victims are Russia (85%),
China (77%), and South Africa (73%). The greatest cost of consumer cybercrime are
reported in the USA ($38 billion), Europe ($13 billion) and China ($37 billion.)

Technologies that are affecting the IT sector the most are related to mobile and the social
media. Both areas are growing at an impressive rate, attracting a growing number of

users. Cyber criminals are looking at platforms as vectors for online frauds with increased
interest. The number of crimes based on mobile devices and social media is exploding.
The 2014 Norton Report states that the lack of efficient authentication mechanisms and
defense mechanisms is the primary cause of incidents for mobile users. Almost half dont
use basic precautions and a third were victims of illegal activities last year. Whats very
concerning is that, given the awareness level of users regarding cyber threats, only a
small portion of mobile users (26%) have installed security software and 57% arent
aware of existence of security solutions for mobile environments. These numbers explain
why mobile technology is so attractive for cybercrime. In the majority of cases, the
systems are totally exposed to cyber threats due to bad habits and risky behavior.
The greatest challenge for the mobile sector is the promiscuous usage of users. 49% use
personal mobile devices in the workforce, with serious repercussions on the overall
security of businesses and enterprises. Consider that 36% revealed that say their company
has no policy to regulate that matter.
If this was a test, mobile consumers would be failing. While consumers are protecting
their computers, there is a general lack of awareness to safeguard their smartphones and
tablets. Its as if they have alarm systems for their homes, but theyre leaving their cars
unlocked with the windows wide open. said Marian Merritt, Internet Safety Advocate,
and Symantec.
Cybercrime activity affects the principal trends of IT. New business opportunities, mobile
platforms, clouds and social media are considered privileged vectors to reach a wide
audience unaware of cyber threats. The 2013 Norton report highlights the incidence of
cybercrime on social media. Users risky behavior is responsible for many incidents. 12%
of users revealed that someone has hacked their account in the last year. In 39% of cases,
users dont log out after each session and 25% share social media credentials. One in
three accepts request forms from unknown parties.
These risky practices are very dangerous and are a considerable cause of the increase of
cyber-attacks. On the other side, cyber criminals are adopting hacking techniques that are
even more sophisticated. Specifically designed malware and phishing campaigns are the
most common techniques of attacks observed in recent months.

Todays cyber criminals are using more sophisticated attacks, such as ransomware an
spear-phishing, which yield them more money per attack than ever before, said Stephen
Trilling, Chief Technology Officer, Symantec.
Great interest is dedicated to cloud computing, and in particular to cloud storage solutions
that make it easy to archive and share files. 24% of users use the same cloud storage
account for personal and work activities. 18% share their collection of documents with
their friends. Once again, bad habits facilitate cybercrime. Cloud services bundle a
multitude of data services in one place, so theyre attractive targets for hackers.

Figure Cybercrime and cloud storage habits (Symantec)

2.4 The philosophy behind the scene
2.4.1 Cybercrime in UK case study
To contextualize the effect of cybercrime, its interesting to consider the data available for
a country like the United Kingdom. Its one of the nations with the highest technological
penetration levels. The data published in a recent study conducted by cyber security
experts at the University of Kent is more shocking. Over 9 million adults in Britain have
had online accounts hacked, and 8% of the UK citizens are revealed to have been victims
of cybercrime in the past year. 2.3% of the population reported losing more than 10,000
to online fraudsters.

The main crime suffered by UK online users is the hacking of their web services
accounts. Those include online banking, email, and social media. In nearly 33% of the
cases, the offense was repeated.
In 2013, the UK government documented in an official report that the overall cost of
cybercrime economy was 27 billion a year. Identity theft was most common crime,
accounting for 1.7 billion. That was followed by online scams, with 1.4 billion.
Cybercrime in the UK was most insidious for organizations, private businesses and
government offices, suffering high levels of cyber espionage and intellectual property
theft.
Social media is a primary target for emerging cybercrime in the UK. Malicious code is
used by criminal gangs to exploit social networks for banking fraud or for phishing
campaigns. A new trend has emerged in recent months. The same malicious code is used
by criminals to hack victims accounts, for the creation of bogus social network likes
that could be used to generate buzz for a company or individual.
Fake likes were sold by lots of 1,000 per unit, underground. RSA estimated that 1,000
Instagram followers could be bought for $15 (9.50), and 1,000 Instagram likes cost
$30 (19). These are more profitable for sales. Consider, when selling credit card
numbers, theyre sold for $6 (3.80) for a lot of 1,000 numbers.
It seems online crime has a clear impact on the lives of average UK citizens, with their
accounts and credentials being compromised significantly and in some cases multiple
times. Cybercrime may not yet have hit a large proportion of the British public, but
successful attacks do tend to lead to substantive financial damage, said Dr Julio
Hernandez-Castro and Dr Eerke Boiten, from the University of Kents Interdisciplinary
Centre for Cyber Security Research.
2.4.2 Cybercrime in RWANDA case study Govt intensifies
cybercrime fight
The government of Rwanda has launched a countrywide campaign to sensitize Rwandans
about cybercrimes, cyber security and how to detect and report them.

The campaign, dubbed Stay Safe Online, is meant to address the growing concerns on
cybercrime as more Rwandans continue to embrace information and communication
technology (ICT).
According to Rwanda Utilities Regulatory Agency (RURA), internet penetration rate has
risen

from

0.01%

in

2003

to

7.04%

by

June

2012.

However, amidst this achievement, enters cybercrime, the unwanted escort of all this
advancement and innovations in ICT use, the lost in figure was not dramatically
announced but of cause it is. Cyber-attacks to specific sectors such as mobile money
transfer can be disastrous to the national economy. In 2014, the sector had more than 104
million transactions worth over Rwf 691 billion.
Among the sectors most targeted by cyber-attacks is the banking sector and
telecommunication companies whereby the Rwanda National Police also has a financial
Intelligence Unit attached to National Bank of Rwanda, that investigates financial and
cybercrimes in banks.
Rwanda National Police (RNP) wing is trying its best to contain these IT conmen and as
a matter of fact they held an anti-cybercrime training this year with the help of Interpol to
equip officers with skills to detect and investigate cybercrime, understand cyber
terrorism, principles of evidence collection for cybercrime, electronic money transfer
technology, and basic IT tools in analyzing cybercrime evidence.
In Rwanda, the penal code in its article 312, any person who, fraudulently and in any
way, accesses and remains in another persons automated data processing system or
similar systems with intent to find out electronically stored or transmitted data, regardless
of the location, is liable to a term of imprisonment of one (1) year to three (3) years and a
fine of one million (1,000,000) to three million (3,000,000) Rwandan francs.
2.5 Cybercrime as Service
The terms Attack-as-a-Service, Malware-as-a-Service, and Fraud-as-a-Service are
used to qualify models of sale in which cybercriminals sell or rent their colleagues
hacking service and malicious code, to conduct illegal activities. The concept is
revolutionary, the black market offers entire infrastructures to service malware (e.g.
bullet-proof hosting or rent compromised machines belonging to huge botnets), and

outsourcing and partnerships services, including software development, hacking services,

and, of course, customer support.
The majority of these services are presented in the underground economy, based on a
subscription or flat-rate fee model, making them convenient and attractive. The principal
cost of arranging criminal activities is shared between all customers. This way, service
providers could increase their earnings, and clients benefit from a sensible reduction of
their expenditure, with the knowledge needed to manage illegal businesses.
These services are characterized by their ease of use and a strong customer orientation.
They typically have a user-friendly administration console and dashboard for the control
of profit.
The diffusion of the cloud computing paradigm has brought numerous advantages to IT
industry, but also new opportunities for cyber criminals. The term Attack-as-a-Service
is referred to as the capability of criminal organizations to offer hacking services. The
majority of cases exploit cloud based architectures.
Cyber criminals offer entire botnet and control infrastructures, hosted on cloud
architectures for lease or sale. Compromised machines could be used to steal information
from the victims (e.g. banking credentials, sensitive information) or to launch massive
DdoS attacks against specific targets.
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is
an attempt to make a machine or network resource unavailable to its intended users. A
DoS attack generally consists of efforts to temporarily or indefinitely interrupt or
suspend services of a host connected to the Internet.
The prices for attacks on commission are widely variable. Some services are totally free,
such as a subscription for IMDDOS. Meanwhile, it costs between $150 and $400 to crack
e-mail passwords in less than 48 hours.
2.6 Trends and Forecast

Technologies such as mobile and social networking are increasingly threatened by cyber
criminals. Theyre adapting consolidated attack methods to those platforms, and are
defining new offensive strategies.
The proliferation of mobile devices will lead to an amplification of abuse based on
knowledge/attack vectors targeting to social media.
According to security experts and security firms, black market offers support the growth
of cyber threats within the cybercrime ecosystem.
As reported in ENISA Threat Landscape, Mid-Year 2013, the following top threats are
candidates to dominate the criminal landscape in the medium term:

Drive-by-exploits: Browser-based attacks still remain the most reported

threats, and Java remains the most exploited software for this kind of threat.

Worms/Trojans: Sophisticated malware is used by cyber criminals and

governments for various purposes, such as offensive attacks, cyber espionage,
and sophisticated cyber scams.
Cybercrime makes extensive use of malware, especially for banking fraud.
The mobile platform and social network situation is very concerning. Those
platforms are exploited to spread large-scale malicious agents.

Code Injection: Attacks are notably popular against web Content

Management Systems (CMSs). Due to their wide use, popular CMSes
constitute a considerable attack surface that has drawn the attention of cybercriminals. Cloud service providing networks are increasingly used to host
tools for automated attacks.

Botnets, Denial of Services, rogueware/scareware, targeted attacks, identity theft and

search engine poisoning will continue to represent a serious menace to the IT
community.
My eyes to predict the ambiguous and constraints in the next coming 4 years
Base on the evolution of technology where new and massive technology emerge, I took
time to ask myself the following question:
What will the cybercrime landscape look like in 2020? Its difficult to predict the
evolution of such a complex ecosystem. Technologies evolve at impressive speed, and
with them, opportunities for cybercrime.

The assumption can be underlined in the three different perspectives, from an individual,
company and government point of view.
The worst-case are the following:

Increased abuse for cloud infrastructures. Cyber criminals will increase the
use of cloud technology to launch DDOS attacks, or host botnets.
Underground market offerings will mature to support cyber gangs in the
organization of sophisticated cyber-attacks.

It will be very difficult to distinguish between legal and illegal activity.

Data protection is already a challenge in relation to the internet.

Increased need for identity protection due the enlargement of individuals

online experiences.

Regarding privacy; as governments establish more privacy laws, the risk of

incompatibility between countries increases, creating more roadblocks for
responding to cyber-crime.

The heterogeneous legal framework will allow criminals to choose optimal

target countries for illegal activities, and the best sources to engage attacks.

A lack of unity in internet governance means a lack of unity in cyber security.

Regardless of the precise number there will need to be broad consensus on
standards, to ensure interoperability of emerging internet mediated
technologies, including augmented reality and the Internet of Things.

A consolidation of user encryption management to avoid surveillance

activities operated by governments could give cyber criminals an advantage.

Conventional thinking of protected and absolute control of intellectual

property may lead to conditional control, as some governments may become
dovish in responding to the increasingly prevalent (legal and illegal) access to
IP.

Data protection tools and laws will have to meet the increasing accessibility
and proliferation of data.

The principal threats related to cybercrime activities could be grouped into the following
categories:

Intrusion for monetary or other benefits

Interception for espionage

Manipulation of information or networks

Data destruction

Misuse of processing power

Counterfeit items

Evasion tools and techniques

It is necessary that cyber strategies of governments include a series of mitigation

countermeasures for principal cyber threats. Critical infrastructure and defense systems
will represent privileged targets for cyber criminals and state sponsored hackers.
CONCLUSION
The data provided by security firms on the global impact of cybercrime are just a raw
estimation in my opinion. They could give a reader just a basic idea of the overall damage
caused by illegal activities. Analyzing the cybercrime ecosystem is a very complex task,
due to the multitude of entities involved, and their different means and methods. For
example, consider a group of cyber criminals who conduct state-sponsored attacks
against strategic targets, such as the team of cyber mercenaries discovered by researchers
at the Kaspersky Lab, Icefog.
The only certainly emerged from this analysis is that, with an exponential growth of
cybercriminal activity and related costs, its a challenging fight that could be won by law
enforcement and governments. That can be done with the development of proper
mitigation strategies, and a common legal framework globally recognized and applied
through sharing information obtained from investigations conducted by various bureaus.
END NOTES
In this assay paper, the three main categories of cybercrime were introduced:
(1) Target cybercrime: crimes in which a computer is the target of the offense. In this
category, three main target cybercrimes are presented, including hacking, malware and
DDoS attack.

(2) Tool cybercrime: crime in which a computer is used as a tool in committing the
offense. In this category, crime against property, including theft, fraud and extortion, and
crime against persons, including physical harm and psychological harm are examined.
(3) Computer incidental: crimes in which a computer plays a minor role in committing
the offense. In this category, the challenges for collecting the evidence are presented,
which include evidentiary challenge and digital privacy.

REFERENCES
Susan W. Brenner, "Cybercrime: Criminal Threats from Cyberspace," Praeger, 2010,
ISBN-13: 978-0313365461.
Jonathan Clough, "Principles of Cybercrime," Cambridge, 2010, ISBN-13: 9780521899253.
Black Hat: System links your face to your Social Security number and other private
things";

http://www.networkworld.com/news/2011/080111-blackhat-facial-

recognition.html [A news talking about one hacking method to get people's private data].
Whitaker & Newman, Penetration Testing and Network Defense, Cisco Press,
Indianapolis, IN. 2006.

ISBN: 1-58705-208-3.

http://resources.infosecinstitute.com/cybercrime-and-the-underground-market/
http://securityaffairs.co/wordpress/18206/cyber-crime/f-secure-threat-report-h32013.html
http://securityaffairs.co/wordpress/18517/cyber-crime/ponemon-2013-cost-of-cybercrime.html
http://securityaffairs.co/wordpress/18475/cyber-crime/2013-norton-report.html
http://www.cybersec.kent.ac.uk/Survey1.pdf
http://www.emc.com/collateral/fraud-report/current-state-cybercrime-2013.pdf
https://www.icspa.org/uploads/media/ICSPA_Project_2020_
%E2%80%93_Scenarios_for_the_Future_of_Cybercrime.pdf

http://www.theguardian.com/technology/2013/aug/23/cybercrime-hits-nine-million-ukweb-users
http://www.unodc.org/documents/organizedcrime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf
http://www8.hp.com/us/en/hp-news/press-release.html?id=1501128#.Ullf0VC-0uv
http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf