Denial of service (DoS) and distributed denial of service (DDoS) attacks are some of the most widespread cybercrimes. DoS/DDoS occurs when an attacker deprives people of the services they are entitled to access or provide. DoS/DDoS can occur when an attacker floods the bandwidth of the victim's network. It can also occur when an attacker fills an individual's e-mail box with spam mail. DoS/DDoS attacks have caused some of the largest commercial Web sites, including Yahoo!, eBay, and Amazon, to become inaccessible to customers, partners, and users. Attackers mounted large-scale DoS/DDoS attacks against Estonia in 2007 and Georgia in 2008.

Another common cybercrime is intellectual property theft. Intellectual property theft is theft of trade secrets, material that is copyrighted, or other information to which an individual or a company has a right. Intellectual property theft has resulted in increasing revenue losses worldwide. This theft is especially significant in the United States, which leads the world in the creation and sale of intellectual property products.

One common form of intellectual property theft is theft of trade secrets. Trade secrets are plans, methods, technologies, and other sensitive information that an individual or a company owns. Trade secrets are common in all types of industries, including manufacturing, financial services, and the computer industry. Examples of trade secrets are plans for the latest iPhone, designs for a fuel-efficient electric airplane, the recipe for a soft drink, or the spices in a fast-food chain's fried chicken. Theft of trade secrets damages a business's competitive edge.

Piracy is theft of copyrighted material through illegal copying of genuine programs or counterfeiting of products that are intended to pass as originals. Software, music, videos, and electronic games are commonly pirated. Piracy includes illegal end user copying, illegal hard disk loading, counterfeiting, and illegal downloading from the Internet.

Child exploitation includes crimes such as child pornography, luring, child-sex tourism, and child prostitution. Creating or possessing non-commercial child pornography is also illegal. According to the 2008 Annual Report published by the National Center for Missing & Exploited Children, child pornography is a multi-billion-dollar business.

Identity theft, also known as identity fraud, is a common cybercrime. An identity thief wrongfully obtains and uses another person's personal data in some way that involves fraud or deception. Criminals typically commit identity fraud for economic gain. One common method criminals use to obtain others' identities is phishing.

Phishing involves using e-mail or Web sites to get confidential information by deceptive means. Through phishing, a criminal can obtain a victim's Social Security number, bank account number, credit card number, passwords, and other valuable identifying data.

With enough information about an individual, a criminal can take over that person's identity and conduct many different crimes. For example, a criminal may submit false applications for credit cards, or withdraw funds from bank accounts. A savvy criminal ensures that bills for falsely obtained credit cards or bank statements showing unauthorized withdrawals are sent to an address other than the victim's. The victim may not find out that his or her identity has been stolen until the criminal has substantially damaged the victim's assets, credit, and reputation.

Fraud is a crime that involves intentional deception for personal gain or to cause other damage to an individual or a company. Three criteria must be met to convict someone who has used a computer to commit fraud. The fraud must be intentional, the person's computer access must be unauthorized, and the victim's loss must have a value of more than $5,000. Similar crimes involving computers include bank fraud, embezzlement, credit card fraud, online auction fraud, counterfeiting, telecommunications fraud, and money laundering.

Extortion is an attempt to gain money or something else of value by threatening, coercing, or intimidating a victim. Extortion involving a computer includes threatening to damage a computer or information contained on the computer. Extortion also includes threats to disclose confidential information obtained from a computer. If an extortion attempt is unsuccessful but a computer sustains damage during the attempt, it's still a prosecutable crime.

Cyberstalking refers to using the Internet, e-mail, or other electronic communications devices to repeatedly harass or threaten another person. Many states have laws against stalking. Some require that the perpetrator make a credible threat of violence against the victim. Others include threats against the victim's immediate family. Still others require only that the alleged stalker's course of conduct constitute an implied threat.

People should take online stalking seriously because it may be a prelude to physical stalking and violence. Cyberstalking will likely increase as the number of location-based applications and services offered by vendors and social networking companies increases.

Creating a computer virus is not a crime. However, intentionally transmitting malware that the attacker knows will cause damage is a crime. Malware is malicious software designed to infiltrate a computer system without the system owner's or user's consent. Malware includes computer viruses, worms, Trojan horses, spyware, some types of adware, and other malicious and unwanted software.

Unintentional transmission of malware is also a crime. For example, if someone is not authorized to access a computer and accidentally causes damage to that computer, that person can be charged with a computer crime.

Hacking is illegal intrusion into a computer system without the permission of the computer owner or user. Hacking is a crime in the United States. The Computer Fraud and Abuse Act states that it applies to anyone who "intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage." If a hacker's actions affect interstate or foreign commerce, the hacker can be sentenced to one year in jail. If convicted of this crime more than once, the penalty can increase to as much as 10 years.

Laws in countries outside the United States can be more strict. For example, in 2007 and 2008, new cybercrime laws took effect in Germany and England. Lawmakers intended that these laws ban the distribution, use, and even possession of tools considered to be "hacking tools."

Spam is unsolicited or undesired electronic messages sent in large quantities to many recipients. Attackers use spamming as an inexpensive way to advertise commercial products or sites. Most people receive dozens of spam e-mail messages each day. Spam causes lost productivity, takes up bandwidth, and can cost victims money if they fall for the fraud.

The CAN-SPAM Act made spamming a crime in 2003. This law sets the rules for commercial e-mail, establishes requirements for commercial messages, and gives recipients the right to have a business stop e-mailing them. It spells out tough penalties for violations.

The CAN-SPAM Act covers all commercial messages. It defines spam as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service." This includes e-mail that promotes content on commercial Web sites. Each separate e-mail in violation of the CAN-SPAM Act is subject to penalties of up to $16,000.

Some Web sites sell and ship contraband drugs. These sales are illegal in all cases. In addition, only state-licensed pharmacies located in the United States may sell prescription drugs over the Internet.

Gambling over the Internet is a violation of U.S. law. The Unlawful Internet Gambling Enforcement Act states that no person engaged in the business of betting or wagering may "knowingly accept any money transfers in any way from a person participating in unlawful Internet gambling." This includes credit cards and electronic fund transfers. The law defines "unlawful Internet gambling" as betting, receiving, or transmitting a bet that is illegal under federal, state, or tribal law.

There are many exceptions to the Unlawful Internet Gambling Enforcement Act. The law does not consider free games to be gambling. Fantasy leagues are legal but subject to detailed restrictions. Nevada and other states are allowed to authorize 100 percent intrastate gambling systems. However, Congress requires that state law and regulations block access to minors and persons outside the state.

Nations such as China, Brazil, North Korea, and Russia do not have conventional weapons arsenals that match those of the United States. However, such nation-states have proven their capabilities for conducting cyberattacks. The recently published book Cyberwar: The Next Threat to National Security and What to Do About It by former U.S. Counterterrorism Chief Richard A. Clarke, along with Robert K. Knake, addresses this topic.

Clarke and Knake say that North Korea selects "elite students at the elementary-school level to be groomed as future hackers." Experts suspect that North Korea was behind the July 2009 cyberattacks that took down the Web servers of the U.S. Treasury, Secret Service, Federal Trade Commission (FTC), and Transportation Department. Many also suspect that North Korea has planted code that allows hackers future access to the networks.

"The United States is currently far more vulnerable to cyberwar than Russia or China," say Clarke and Knake. "The U.S. is more at risk from cyberwar than are minor states like North Korea. We may even be at risk some day from nations or nonstate actors lacking cyberwar capabilities, but who can hire teams of highly capable hackers."

More than a decade ago, an article in the Chinese armed forces newspaper The Liberation Army Daily discussed cyberattacks. The article guessed that the first attack objectives would be the networks that connect a country's political, economic, and military installations, as well as its general society.

Terrorists use cyberspace to assist traditional forms of terrorism, such as suicide bombings. Cyberterrorists are attackers who target a country's computers and information, usually through the Internet, to cause physical harm, severely disrupt the country's infrastructure, or create panic. They use Web sites to propagate their messages and to recruit supporters. By crippling a country's economy, cyberterrorists can also potentially weaken the country enough for a military attack to succeed.

In addition to nation-states and cyberterrorists, several other types of threats exist.

The following are some examples:

The motives of those who threaten computers and data are considered later in this chapter.

In criminal justice, means refers to a suspect's ability to commit a crime. A forensic analyst may need to determine whether a suspect had the knowledge and personal expertise to commit a crime. The analyst also needs to figure out whether the suspect had the necessary tools.

The means for attacking computer systems has changed over the years. The earliest cybercriminals were usually disgruntled, dishonest, or both. As technology spread and evolved, hobbyists with criminal inclinations began to intrude on systems and networks. In the 1980s, programmers began writing malware to attack personal computers. With the widespread use of the Internet, cybercriminals gained access to large numbers of systems throughout the world. They began to commit crimes for many reasons—from boredom and anger to political and financial motives.

Intruders have built automated tools to coordinate large-scale attacks that aim hundreds of hosts at Internet sites. These tools are well documented and freely available on the Internet. Hackers share programs and improve on each other's work.

Because so many powerful tools are readily available, attackers don't need to know how to write computer code to break into computer systems. Script kiddies are rather unsophisticated hackers who use this type of point-and-click software rather than program their own software. The upside of script kiddies' low level of computer skills is that they don't always know how to properly use the tools they find. For example, in some break-ins, script kiddies have used sophisticated tools to gain access to an operating system but then typed commands that work only on another operating system.

It's easy for criminals to use the Internet to research and plan crimes. Web sites provide maps and aerial depictions that show details of locations. Criminals can search the Internet and find information of any type. For example, they might look for data on how to "kill with a lead pipe," for pornography, or for tools that will help them carry out attacks. And they may use e-mail accounts to exchange information about planned crimes.

A forensic specialist examines suspect systems to demonstrate and document that a suspect had the means to commit a certain crime. A suspect who searched for "medication overdose" and "murder" or "undetectable bomb," for example, might have left a trail that indicates premeditation. In addition, a suspect's use of certain programs could be used to determine criminal intent. A forensic investigator may find that a suspect's computer files have been encrypted or data is hidden using a steganography program. This could be useful information for investigators and attorneys. A computer that contains recently used password-cracking software could indicate that a suspect had the means to commit a crime that involved access through a hacked account.

Computer crime is not solely a technological issue. It also involves people. A forensic specialist needs to understand motives—that is, the reasons a suspect committed a crime. The specialist can then discover, analyze, and reconstruct events leading to the crime.

The motives of cybercriminals are similar to the motives of any other criminals. The following are some examples:

Furthermore, cyber experts classify certain groups of computer users by skill level and motive. Researcher and educator Marc Rogers wrote a paper called A New Hacker Taxonomy. In it, Rogers proposed a system for classifying computer criminals. He suggested seven distinct but not mutually exclusive types, as shown in Table 2-1.

Like traditional criminals, cybercriminals need the opportunity to commit a crime. That is, they need a chance to attack. Several key factors provide good opportunities for cybercrime. Tom Grubb, an executive at ThreatMetrix, describes five "Big A's," or critical advantages, of cybercrime:

The bottom line is that cybercrime offers a large payout for relatively small risk.

Internet-related crime, like any other crime, should be reported to appropriate law enforcement investigative authorities. The scope of a crime determines whether a victim should report it at the local, state, federal, or international level. The following are general guidelines for the types of cybercrimes that should be reported to the appropriate authorities:

In the case of an incident that falls under the jurisdiction of local or state law enforcement, an organization should call the local police department, county sheriff's office, or state police agency. It shouldn't call 9-1-1. The organization should ask for the agency's high-tech crimes unit or, in smaller agencies, the criminal investigation division.

The primary federal law enforcement agencies that investigate domestic crime on the Internet are the FBI, the U.S. Secret Service, U.S. Immigration and Customs Enforcement (ICE), U.S. Postal Inspection Service, and the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Each of these agencies has offices located in various states to which crimes may be reported. Contact information for these local offices is available in local telephone directories and online. In general, federal crime can be reported by calling the local office of an appropriate federal agency and requesting the "duty complaint agent."

Table 2-2 provides Web addresses for a number of cybercrime reporting and investigating agencies.

Each federal law enforcement agency has a headquarters in Washington, DC, with agents who specialize in particular areas. For example, the FBI and the Secret Service headquarters both employ computer intrusion specialists.

Table 2-3 lists some of the federal investigative law enforcement agencies that may be appropriate for reporting certain kinds of crimes. This information and more is available at the U.S. Department of Justice Web site, at http://www.justice.gov/criminal/cybercrime/reporting.htm.

Many U.S. federal and state laws address cybercrimes and computer intrusions. A few are listed here:

The following sections of federal criminal code specifically relate to computer intrusions:

For more information on laws related to cybercrime, see http://www.justice.gov/criminal/cybercrime/cclaws.html.