IT Employment

Profiling and categorizing cybercriminals

Deb Shinder begins a series of columns on the subject of cybercrime and law enforcement with this post on profiling the criminals and figuring out the types of crimes they are likely to commit.
INTRO: This is the first of what I hope will be many monthly columns on the subject of cybercrime. As a former police officer and criminal justice instructor  and a current IT professional, I love writing about this subject because it allows me to combine the knowledge from both fields and attempt to help law enforcement officers and IT pros work together to curb this growing problem. This column is aimed primarily at the IT side, and so I'll be focusing less on technical issues that you already know about and more on law enforcement procedures and how the justice system works (and sometimes doesn't) when it comes to this particular type of crime, as well as what you can do to help.

------------------------------------------------------------------------------------

Those "in the know" in law enforcement will tell you that criminal profiling is both an art and a science. It's all about generalizations, but knowing what types of people generally commit specific types of criminal offenses can be very helpful in catching and prosecuting the perpetrator of a specific crime. That information can also be useful in protecting your digital assets from cybercriminals.

As I noted in my book, Scene of the Cybercrime, a criminal profile is a psychological assessment made without knowing the identity of the criminal. It includes personality characteristics and can even include physical characteristics. "Fitting the profile" doesn't mean a person committed the crime, but profiling helps narrow the field of suspects and may help exclude some persons from suspicion. Profilers use both statistical data (inductive profiling) and "common sense" testing of hypotheses (deductive profiling) to formulate profiles. Profiling is only one of many tools that can be used in an investigation.

The typical cybercriminal

What does profiling tell us about the "typical" cybercriminal - the person who uses computers and networks to commit crimes? There are always exceptions, but most cybercriminals display some or most of the following characteristics:

  • Some measure of technical knowledge (ranging from "script kiddies" who use others' malicious code to very talented hackers).
  • Disregard for the law or rationalizations about why particular laws are invalid or should not apply to them.
  • High tolerance for risk or need for "thrill factor."
  • "Control freak" nature, enjoyment in manipulating or "outsmarting" others.
  • A motive for committing the crime - monetary gain, strong emotions, political or religious beliefs, sexual impulses, or even just boredom or the desire for "a little fun."

That still leaves us with a very broad description, but we can use that last characteristic to narrow it down further. This is especially important since motive is generally considered to be an important element in building a criminal case (along with means and opportunity).

Motives for cybercrime

Let's look at some common motivating factors:

  • Money: This includes anyone who makes a financial profit from the crime, whether it's a bank employee who uses his computer access to divert funds from someone else's account to his own, an outsider who hacks into a company database to steal identities that he can sell to other criminals, or a professional "hacker for hire" who's paid by one company to steal the trade secrets of another. Almost anyone can be motivated by money - the young, old, male, female, those from all socio-economic classes - so in order to have meaningful data, we have to break this category down further. The white collar criminal tends to be very different from the seasoned scam artist or the professional "digital hit man."
  • Emotion: The most destructive cybercriminals often act out of emotion, whether anger/rage, revenge, "love" or despair. This category includes spurned lovers or spouses/ex-spouses (cyber-stalking, terroristic threats, email harassment, unauthorized access), disgruntled or fired employees (defacement of company web sites, denial of service attacks, stealing or destroying company data, exposure of confidential company information), dissatisfied customers, feuding neighbors, students angry about a bad grade, and so forth. This can even be someone who gets mad over a heated discussion on a web board or in a social networking group.
  • Sexual impulses: Although related to emotion, this category is slightly different and includes some of the most violent of cybercriminals: serial rapists, sexual sadists (even serial killers) and pedophiles. Child pornographers can fit into this category or they may be merely exploiting the sexual impulses of others for profit, in which case they belong in the "money" category.
  • Politics/religion: Closely related to the "emotions" category because people get very emotional about their political and religious beliefs and are willing to commit heinous crimes in the name of those beliefs. This is the most commonly motivator for cyberterrorists, but also motivates many lesser crimes, as well.
  • "Just for fun": This motivation applies to teenagers (or even younger) and others who may hack into networks, share copyrighted music/movies, deface web sites and so forth - not out of malicious intent or any financial benefit, but simply "because they can." They may do it to prove their skills to their peers or to themselves, they may simply be curious, or they may see it as a game. Although they don't intentionally do harm, their actions can cost companies money, cause individuals grief and tie up valuable law enforcement resources.

How cybercriminals use the network

Cybercriminals can use computers and networks as a tool of the crime or incidentally to the crime. Many of the crimes committed by cybercriminals could be committed without using computers and networks. For example, terroristic threats could be made over the telephone or via snail mail; embezzlers could steal company money out of the safe; con artists can come to the door and talk elderly individuals out of their savings in person.

Even those crimes that seem unique to the computer age usually have counterparts in the pre-Internet era. Unauthorized access to a computer is technically different but not so different in mindset, motives and intent from unauthorized access to a vehicle, home or business office (a.k.a. burglary) and defacing a company's web site is very similar in many ways to painting graffiti on that company's front door.

Computer networks have done for criminals the same thing they've done for legitimate computers users: they've made the job easier and more convenient.

Some cybercriminals use the Internet to find their victims. This includes scam artists, serial killers and everything in between. Police can often thwart these types of crimes and trap the criminals by setting up sting operations in which they masquerade as the type of victim that appeals to the criminal. We think of this in relation to crimes such as child pornography and pedophilia, but it's the same basic premise as setting up a honeypot on a network to attract the bad guys.

In other cases, criminals use the networks for keeping records related to their crimes (such a drug dealer's or prostitute's list of clients) or they use the technology to communicate with potential customers or their own colleagues-in-crime.

Amazingly, a significant number of criminals use their own corporate laptops or email accounts to do this. This is a situation whereby IT professionals may stumble across evidence of a crime inadvertently - including crimes that are not, themselves, related to computers and networks.

The cybercriminal mindset: white collar crime

All cybercriminals are most definitely not created equal. They can range from the pre-adolescent who downloads illegal songs without really realizing it's a crime to the desperate white collar worker in dire financial straits who downloads company secrets to sell to a competitor to pay her family's medical bills, knowing full well that what she's doing is wrong, to the cold hearted sociopath who uses the network to get whatever he wants, whenever he wants it and believes there's no such thing as right or wrong.

White collar crime is such a large category that some police agencies have entire investigative divisions devoted exclusively to it. White collar criminals often use computers to commit offenses because it's easy to manipulate electronic databases to misappropriate money or other things of value. Some white collar criminals are highly organized and meticulous about details, stealing only limited amounts from any one source and may go on for years or decades without being caught. Others do it on impulse; for instance, they may be angry about a bad evaluation or being passed over for promotion and "strike" back at the company by taking money they believe they deserve.

Signs of a possible white collar criminal include:

  • Refusal to take time off from work or let anyone else help with his/her job, lest they uncover what's been going on.
  • Attempts to avoid formal audits.
  • A lifestyle far above what would be expected on the person's salary with no good explanation for the extra income.
  • Large cash transactions.
  • Multiple bank accounts in different banks, especially banks in different cities or counties.

There may be other reasons for any of these "symptoms."  Some older workers (and in today's unstable banking climate, some younger ones, too) don't trust banks, may be afraid of the collapse of the economic system and thus deal in cash as much as possible. Many folks with legitimate large incomes are afraid to invest in the stock market or other non-insured investments and split their money among different banks to keep it covered by FDIC.

This article outlines some common patterns seen in white collar crime.

A dilemma for IT personnel is that white collar criminals are often in upper management positions in the company. If you discover evidence that the boss is stealing from the company, blowing the whistle could put your own job in jeopardy.

In a future installment of this column, we'll discuss what you can do if you uncover indications of criminal activity during the course of doing your IT job, who to report it to and how, how to preserve the evidence, and what to expect in the aftermath.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

62 comments
BlueCollarCritic
BlueCollarCritic

There is no consistent formula that will always correctly identify someone as a cyber-criminal because of the 'Robin-Hood' factor where when something is done that is otherwise illegal, becomes justifiable because the action itself was justifiably done to right some wrong. The BP Oil spill incident is a perfect possible example. For example, if some young hacker got into BP?s system and found documentation proving that BP knowingly engaged in high risk and illegal drilling practices (such as not using the minimum required safety equipment and measures) that could lead to a disastrous oil spill then they would at that point technically be a cyber criminal because they did illegal access a restricted system. If at this point they used that knowledge & documentation to try and blackmail BP then they would become a cyber-criminal in every person?s eyes. If though they used that info they gained to inform the public and the government then any authorities trying to seek legal action against them would face a very unhappy general public who would see the person as a hero even if BP sees them as the anti-hero. By definition (of the laws at that time) the actions the founding fathers took in creating and signing the Declaration Of Independence and the US Constitution were illegal and therefore criminal. At that time you would have a very hard time finding more than a few percent of the population in the US at that time that would agree with the use of ?criminal? to describe the founding fathers actions. You would however have just the opposite results if you asked the same thing of British citizens. The problem with the use of cyber-criminal to describe someone is that it?s not always black and white in its meaning and use.

AnsuGisalas
AnsuGisalas

Vandalism, just-for-fun... I'm not sure I buy this perspective. Compare to a bunch of teens hanging out at a playground... things get a bit out of hand and by the time they leave half the place's fixtures are broken. Is this "not intending to do harm"? They are somehow trying to validate their existence, and their being in that place for small kids, so they decide to refurbish it, to make it less enticing to the intended users. I'm not sure that "not intending harm" OR "just for fun" apply to this. They're being serious, and they're intending to harm the ability of others to use the place. They might claim to "not realize what they were doing", when caught and put to task for it, but they did have a specific motive. And so do cybervandals. It's just not a "clever" or "purposeful" motive, rather a halfassed teen punk motive. Many other dumbass motives out there... not all exclusive to teens. Mid-life crisis is another big dumb-assed-move spawner.

tom_housden2k8
tom_housden2k8

I have been lured in a few times by scammers who pretend they are well-known models just to get money. I lost quite a bit of money that way 2 years ago.

dknichol
dknichol

My email account has a folder named "FRAUD." Since May 1st, this year there are 53: Dearest, Beloved, Help!. etc. parked in that folder. Law enforcement is certainly starting to address these issues - but at times they certainly hurt themselves by not overtly involving the public layman in their quest to help solve this type of crime. If profiling is their direction in all this, that is a proper step - but it is just one step in the process. I suggest that the authorities step to the side once in awhile to evaluate the whole picture so that they might progress in the correct direction. When I first went to the Canadian Authorities about these kind of emails in 2008, and suggested that it would be an "idea" to set up a process where the general public could forward "computer fraud" attempts to a database, I was politely endured and sent on my way like a good little boy. If I just delete these attempts from my account, there is no record. These 53 attempts are good profiles of 6 types of fraudsters, and I am getting accustomed to recognizing them each. One poor fellow? is trying to use all six on me - but he /she is silly enough to keep using the same return email. If I as a simple layman can start this form of tracking/profiling; why are the authorities having so much trouble getting off the ground on this form of "cyber-criminlity," and where do we as the general public fit in as a productive asset? Addressing any issue involves studying it in the: Macro Middle, and Micro values. Your Simple Layman - remains as Darren Nicholson

santeewelding
santeewelding

Your effort is transparent. You enlist us to make your job easier. I don't work for you. Increasingly, you don't work for me, either; the way I'm old enough to know it once was. Professionalized, you cast yourself and your ilk as keeper and -- worse -- professional arbiter of the peace. The peace is civil, not the way you put it, extant long before your advent. You are a latter-day add-on, taken with yourself.

seanferd
seanferd

I look forward to the future installments. I notice that this article seems to focus on individual criminals, which makes sense regarding individual personalities and motivations. I'd be interested to see what types of profiles are used against organizations and networks of criminals, including the business models and methods of the people who sell or rent crimeware, botnets, and network/server capacity.

Nimmo
Nimmo

And the types of hackers: Phreakers, script kiddies, disgruntled employees, whackers, software crackers, cyber criminals, and system crackers.

dawgit
dawgit

Comparing this article with this one: "Security hyenas and the abuse of the word 'terrorist' " from Sterling "Chip" Camden. http://blogs.techrepublic.com.com/security/?p=4052&tag=content;leftCol Similar subject matter with different perspective. What to do, what to do. Either way, 'Profiling' is tricky at best, and often can be misleading. But a good article though.

dawgit
dawgit

That would totally depend on who a person was working for now wouldn't it? A person, whom had cracked a sensitive site of a particular country, and might be as a cybercriminal there, actually be a Hero in their own country. If someone had cracked BP's engineering sites, before the oil disaster, disclosed the errors, and prevented the disaster, would they still be a Cybercriminal?

dawgit
dawgit

Might be 'theft' but it does not make them 'Cybercriminals'. It just makes them kids.

Jaqui
Jaqui

Another instance of misinformation. They aren't Hackers committing the crimes, they are Crackers. [ as in Safe Cracking. ] The locksmith that you pay to repair the safe is the Hacker.

JosiahB
JosiahB

is black and white though, a cyber-criminal is (in the loosest definition) anyone who uses a computer to commit a crime. Saying its all based on perspective is where any conversation on the subject of the law starts to fall apart. As a for instance, many people think it is entirely acceptable to ignore speed restrictions on Britains roads. Just because a proportion of people believe this behaviour to be acceptable does not exempt them from the law (as they find out on a regular basis when they go belting past a speed camera). Public perception of whether a particular act is criminal is regularly ridiculous, in your example, many would continue to view said cracker as a hero even if he did attempt to blackmail BP with the information. The 'greater' crime committed by BP would eclipse (and in some eyes justify) the crime of the cracker in question.

Ocie3
Ocie3

What, did they promise to send you pictures of their private parts if you sent them some "sugar" ($$$)?? "Fool me once, shame on you. Fool me twice, shame on me."

SecurityMoose
SecurityMoose

I would be interested in seeing them all - had you thought of putting together a site and asking people who receive them to send them on to you? If nothing else, it will be a source of constant amusement, and at best it will help people who think they may be scammed.

AnsuGisalas
AnsuGisalas

Did you know that Cyberdefense training is only made available for free to cybercrime first responders and key infrastructure people? Nobody says you have to use it to help authorities, it's equally useful against the punk who changed all instances of "the" on your company webpage to "teh". Also against spammers, which should pique your interest. ?kooluoyekamidid

BlueCollarCritic
BlueCollarCritic

If you are a small business or just idealistic and therefore don't have or simply refuse to give the government it?s part of the take then you are a criminal and they will nail you for it and if you think that?s BS then check out the below example in California. http://www.sacbee.com/2010/03/13/2604016/irs-suits-pay-visit-to-car-wash.html A California car wash owner had the gal to try and cheat the IRS out of its dutifully owed monies and so the IRS came to visit with armed agents in tow, to take back the 4 cents they were criminally cheated out of by the car wash owner. Now I know what you?re thinking, how can they determine this guy owns them 4 cents when they can't even find the billions tax dollars that they claim keep disappearing in the Government General Ledger. Well It?s a mystery to me too and all I can say is that if you will pay the government its share then what would have been defined as criminal is magically transformed to inappropriate and followed with a fine (verses a jail sentence) so that the government can get paid their take and so they can show the masses that the business was punished thru harsh words and a fine. Just check out the most recent antics from Goldman-Sachs that confessed to selling to their clients the same crap they bet against themselves. This is known as fraud and yet Goldman-Sachs walks away with a few harsh words a payoff to the Feds in the form of a fine. Now if an individual like you or I were fraudulent in our dealings with customers we?d be going to Jail for committing a crime.

Ocie3
Ocie3

seems beyond the bounds of ordinary law enforcement and its methods of investigation. Nonetheless, the FBI has a lot of experience, and has spent a lot of time and money, investigating and arresting the Sicilian Mafia (AKA "The Mob"). US DOJ prosecutors have been quite successful at sending those criminals to serve long prison terms, too. The Russian Mafia (or "underground"), which organized in the Soviet Union, is reportedly in control of the Ukraine. The government of the Ukraine is just a front for their control of the country, which is governed "Soviet style". To become a member of the Russian Mafia, you must murder someone that they choose while at least three of their current members watch you do it. They are all heartless killers who typically kill every non-member who is a witness to any crime that they commit.

Jaqui
Jaqui

and the sofware cracker teams that break digital restrictions on commercial software, like windows. how to profile them since they are not a single person but are a group.

AnsuGisalas
AnsuGisalas

All sorts. I'm a language hacker, what kind of hacker are you?

JosiahB
JosiahB

Your comparing telling somone they left their front door unlocked and wondering in through said front door and carrying the TV away. Ormandy discovers security vulnerabilities and alerts the software vendor (and in this case the wider public) in order to allow said vendor to deal with the problem in question, cybercriminals find and exploit vulnerabilities for their own purposes and certainly don't make any attempt at any kind of disclosure. On one point your are correct, profiling itself is tricky and can be misleading but it does also potentially provide a meaningful starting point for a deeper investigation.

JosiahB
JosiahB

"If someone had cracked BP's engineering sites, before the oil disaster, disclosed the errors, and prevented the disaster, would they still be a Cybercriminal?" Yes. Next question. The ends do not justify the means, now if a BP employee who was aware or became aware of the errors and disclosed them thereby avertinng disaster thats a different matter. The intention of any Cybercriminal who gains access to BP's engineering sites is unlikely to be for the purpose of preventing an ecological disaster.

Ocie3
Ocie3

[i]"Another instance of misinformation."[/i] says you. When I began programming mainframes in the early 1970's, a hacker was someone who gained [b]unauthorized access[/b] to a system, ordinarily [i]via[/i] a network. Sometimes they would "hack" a password used by an employee of the targeted organization, in order to gain access, and usually do so while physically present to use a terminal or workstation on that network. It was called "hacking" because the endeavor was mostly trial-and-error attempts to find a weakness or to discover a password, analogous to someone using an axe to chop a hole in a door, or repeatedly pounding on a wall with a sledgehammer. For whatever reason, "hacking" typically involved compromising a network, not other means of compromising security, such as searching trash bins for printouts ([i]e.g.,[/i] logs) that disclosed system information or business data. When microcomputers became financially feasible for many techies and IBM christened the "paradigm shift" with the PC, it seemed that every wannabe geek under the age of thirty not only "discovered(!)" computing, but thought that they and they alone knew anything about computer systems and programming. Curiously, the epithet "hacker" became a term of admiration for someone who knew how to "defeat the enemy" of [i]centralized control[/i] which the mainframe and its crew represented (to their eyes, of course). It also came to represent small cliques of programmers and solitary entrepreneurs who were "hacking the source code" for software that would run on a microcomputer. Trial-and-error is the way that some people [i]prefer[/i] to learn many things (rather than by watching, by listening, and/or by reading). Eventually, of course, as these youth gained experience with age, and sought to make careers out of managing distributed networks of microcomputers, they became aware of the original meaning of "hacker", which seemed in apparent conflict with their own adoption of the term. Instead of admitting that they had deliberately adopted a term to describe themselves which meant someone who used [i]illegal[/i] means to gain [b]unauthorized access[/b] to a system -- doing that was not considered [i]criminal[/i] by many of them before they were hired to operate them -- they decided that [i]their[/i] connotations were acceptable, preferable and must prevail. So they began a campaign to call the criminals who now plague us "crackers", along the lines of "safecracker" perhaps, but it just doesn't scan. Regardless, Deb Shinder is justified in using the term "hacker" and "hacking" to refer to criminals and criminal activities, which is simply the original use. But I agree that using "cyber" as a prefix for "computer" is someone's really bad meme. ....

dawgit
dawgit

Hacker = Good Bad guy = Cracker Test afterwards, ;)

BlueCollarCritic
BlueCollarCritic

You make a good argument but in it you actrually make the case for why what apeers to be a cyber crime is not always so and that is because of the definition of a crime. If the law were actually applied equally that would be one thing but its not and this has been the case for a long time. Take the example of the recent fraudelant acts of Goldman Sachts who knowingly sold their clients crap that Goldmand bet against themseleves. This was undeniably fraud and yet they got away with it and no paying a fine that pales in comparison to teh moeny you amde is not a penalty but more like pay the governement tehir share of the take. There is also the issue of intent for ones intent can change whether an act was a crime or not.

seanferd
seanferd

look up "scam baiting" for scam references, and good laughs.

AnsuGisalas
AnsuGisalas

cue the "love and marriage" tune. Sometimes taxes on pain of death. Sometimes death to pain of taxes. I think Jesus had it right: "Give unto the Emperor..." See, the money was never yours to begin with, it was just a loan from the mint. And money is evil anyway, ties you to Rex Mundi, and you're better off without it. And that's how and why the meek are blessed... they don't wonder long about spilled milk and paid taxes.

Nimmo
Nimmo

The reason I got into IT was my interest in Network Security, so that's what I do and what I still study (One thing about IT is it's a continuing learning experience). Never played with a model railroad though LOL.

Scott-DiamondTech
Scott-DiamondTech

So if ends don't justify means, then how is the employee disclosing BP safety concerns 'a different matter'?

seanferd
seanferd

Still not criminals anyway. Copyright infringement is a civil offense.

Mark
Mark

If kids downloading music illegally in the US are cybercriminals, then so are journalists in China using a VPN to criticize the ruling party. The definition of "cyber-criminal" varies by jurisdiction. Is it not up to the justice system to determine who is a criminal?

santeewelding
santeewelding

For lending a degree of historical balance. I've been around that long, too.

seanferd
seanferd

cybercriminals? I know that some of us jump on this same wagon every time. But I agree about the hacker/cracker argument as presented above. I also seem to have this problem with the "cyber" prefix. Cybernetics have absolutely no intrinsic relationship to digital technology, computers, etc., so it is sort of wrong off the mark. But I don't see any value in prefixing anything with cyber, despite popular usage, as it adds nothing to the description.\ Which criminals are the cybercriminals? Is there a division of labor which follows the nomenclature? Are the cybercriminals just the guys who act as the development and IT departments for criminal activities? Or is anyone remotely connected to a crime involving computers or networks a cyberwhatnot? OK. Picky, quasi-pedantic time is now over for me. So sorry for interrupting. ;)

JCitizen
JCitizen

The one time I tried to build a rocket from scratch, I was wise enough to put the launch pad in a crater. That way if something when wrong, the shrapnel might miss me! :O I was right! It turned out to be one of the most powerful bombs I ever built as a kid!! HA! I could hear my Mom yelling, from the farm house, to see if I was all right. I don't see how she put up with me!

santeewelding
santeewelding

After having spent days building the airframe of balsa from scratch -- center of mass, appropriate spin, aerilons, etc -- I strapped the store-bought rocket engine to my creation and lit the fuse. Spectacular! Only, my creation never left the pad. Never did find the engine, either. Went over the horizon.

JCitizen
JCitizen

but got tired of worrying about extraneous radio signals setting them off at an inopportune time. I switched to tube/percussion ignition, or plain old fuse for quickie design tests.

Ocie3
Ocie3

Object not found The object /cm/cs/who/dmrchist.html does not exist on this server. errstr: '/usr/web/cm/cs/who/dmrchist.html' does not exist uri host: header host: cm.bell-labs.com actual host: plan9.bell-labs.com

Jaqui
Jaqui

had found JD's [ I think it was JD ] link to a unix history site and followed a couple of links from it, you would have seen reference to it before. history of C programming language and history of Unix are closely tied together. and the people responsible for both are MIT grads. :D edit to add: ahh, here: http://cm.bell-labs.com/cm/cs/who/dmrchist.html I love this page, and all the links. In case the history of C and Unix (and stuff) holds anyone's interest. http://cm.bell-labs.com/who/dmr/ You can even get to Plan 9 from there, somehow. Posted: 07/05/2010 @ 11:29 PM (PDT) seanferd I was wrong about it being JD.

santeewelding
santeewelding

I progressed to using the transformer/rheostat as a way to remotely detonate explosives of my own making.

JCitizen
JCitizen

come to think of it - I had to learn everything I knew(as a kid) about electronic systems; trying to figure out what was wrong with my brother's Lionel set!! Now that was a challenge for a 10 year old! Very interesting Jaqui and Ansu!!

Jaqui
Jaqui

group of "Hackers" that developed a lot of our core technology were the Model Railroad club at MIT. that's where the reference comes from.

Ocie3
Ocie3

is it a crime to violate a Nondisclosure Agreement (NDA)?? IANAL, but a NDA is just a contract, which is enforceable in a civil court unless the court decides that its terms are not enforceable for some reason. For example, a NDA will not be enforced if the person who violated it disclosed the commission of a crime by the other party [i]per se[/i], or an employee or agent of the other party.

BlueCollarCritic
BlueCollarCritic

@JCitizen You are correct in your Whistleblower Act comment and thank God (or whatever higher power you believe in) that such an act exists since non-small bossiness entities seem to be able to grasp any level of ethics these days in their dealings.

JCitizen
JCitizen

wasn't their a whistle blower protection act passed not long ago? If you blow the whistle on criminal/negligent behavior, I don't think that constitutes a crime; quite the opposite. Before the law, yes - non-disclosure agreements would be in force for all reasons. Not anymore.

Ed Woychowsky
Ed Woychowsky

If there is a nondisclosure agreement then it isn't a different matter.

Ocie3
Ocie3

is, AFAIK, a criminal offense if you sell the copies which you did not have the right to make. Then it is called "piracy". Or at least that seems to have become the case with the DMCA. The court systems have their own dictionary and definitions for almost everything.

seanferd
seanferd

Cyberdissidents. They're all cool with us. China itself may take a different view. :D

santeewelding
santeewelding

You are carried away by your facility with language. I am almost suspect, if not convinced, that you have indeed returned to your ways with rum in secret.

AnsuGisalas
AnsuGisalas

Finding a better way to do this - and all... Lazy correlates also, to some extent, to crime (what with other people's money). So smartcrime, while having an undesirable connotation, does have an epiphany value. :p Smartcrime I think, would include inventing things like Facebook, too :p Dumbcrime would then be anything that takes a lot of work, is risky, feels like work, etc. ]:)

Ocie3
Ocie3

a crime that involves telephones? I guess it depends upon whether they were "smartphones". If so, maybe they should call it [i]smartcrime.[/i] All things considered, the person(s) who designed and implemented the ZeuS Banking Trojan were, evidently, smart.

seanferd
seanferd

and widely accepted, and I don't really expect them to change. Personally, I don't see any need at all for a specific term to cover crime if it happens that some part of the crime involves computers and networks. The larger problem, as I see it, is that such terms are used and abused to cause moral panic and produce security theatre.

AnsuGisalas
AnsuGisalas

I didn't mean cybernetic crime, nor cybernetic criminals. "Cyber-" just means "machine-", so word-formation doesn't need to go via cybernetic. But yes, the term isn't very hot. Logogenesis, engines start! What'd be a better word? Webthugs? Netscum? Protocol Bandits? Webinals? iDelinquents? And for the crime? Crime2.0? Netcrime? Webcrime? myCrime? Let's hear it!

seanferd
seanferd

It is neither inherently digital nor so narrowly defined. Plus, I haven't seen ant Six Million Dollar Men accused of crime. I don't really buy into the popular or craptastic sci-fi definitions and neologisms as being particularly valid. But that is just me. Ugh. That is all a bit terse. No offense intended.

AnsuGisalas
AnsuGisalas

It's not about the criminal, but about the crime. Cyborg is a cybernetic organism; a machine-enhanced organism. Following losely from this, cyber-crime would be machine-focused crime; and a cybercriminal would be anyone carrying out such.

Editor's Picks