Cybercrime is a broad term that encompasses a range of criminal activities conducted through digital technologies. However, not all cybercrimes are created equal.
Some crimes rely on technology as a mere tool, while others are entirely dependent on the use of electronic devices and networks. These latter types of crimes are what we refer to as cyber dependent crimes; they cannot be committed without the aid of technology.
Understanding the distinction between cyber dependent crimes and other forms of cybercrimes is important for law enforcement officials, policymakers, and individuals wishing to protect themselves and their organisations from cyber threats.
In this blog post, we will take a closer look at the definition of cyber dependent crimes with it's types and some of the most recent examples.
Cyber dependent crime is a type of criminal activity that is conducted by digital technologies like computers, networks, and internet, to commit illegal activities such as hacking, malware attacks, identity theft, and online fraud.
Unlike traditional crimes, cyber dependent crimes can be carried out remotely and anonymously, making them difficult to detect and prosecute. The rise of these crimes has amplified the need for cybersecurity measures to protect individuals, businesses, and governments from cyber threats.
To better understand how to prevent and combat cybercrime, it is essential to have a comprehensive understanding of what cyber dependent crime is, and the methods used to carry out such illegal activities.
Cyber-dependent crimes, also known as 'pure' cyber-crimes, are offenses that exclusively involve the use of computers, computer networks, or other forms of information communications technology (ICT).
Types of cyber dependent crime can be broadly classified as:
The term "illicit intrusions" refers to the unauthorised access or intrusion of confidential information through electronic means.
Cyber-dependent crime is on the rise and encompasses various types of criminal activities committed using computers or the internet.
This type of crime includes online identity theft, hacking, malware distribution, and cyberstalking. It is essential to be aware of these different forms of criminal activity to protect yourself from becoming a victim.
Being informed and educated about cyber dependent crime can help us safeguard our personal and financial information and prevent any unwanted intrusions.
Understanding the types of cyber dependent crime is the first step towards ensuring our safety online.
One of the major threats we face is the disruption or downgrading of computer functionality due to cyber dependent crime.
This refers to the intentional use of technology to commit crimes such as hacking, distributed denial-of-service attacks (DDoS), and malware distribution.
These attacks can have devastating consequences, such as stealing personal information or corrupting important data.
As technology continues to advance, so too do the methods used to carry out cyber dependent crime. Hackers and cybercriminals have become increasingly sophisticated in their techniques, relying on a variety of tactics to gain unauthorised access to sensitive information.
From phishing scams to malware attacks, cyber dependent crime can come in many different forms.
Common types of cyber dependent crime include:
Social engineering is a term that describes the tactics used by cyber criminals to manipulate individuals into giving up sensitive information.
This type of cyber-dependent crime has become increasingly prevalent in our digital world as hackers find new ways to exploit human behaviour.
From phishing scams to pretexting, attackers will use a variety of methods to lure their victims into providing confidential data, such as passwords or financial information.
Being aware of these tactics and knowing how to protect yourself can go a long way in safeguarding against social engineering attacks.
It's important to stay informed and vigilant, and to always verify the legitimacy of any requests for sensitive information before giving it out.
SQL injections are a type of cyber dependent crime that pose a serious threat to businesses and organisations of all sizes.
This type of attack involves manipulating a website's input fields to gain access to sensitive information stored in a database.
By exploiting vulnerabilities in a website's code, attackers can inject malicious code into the database, allowing them to steal data, modify existing records, or even take full control of the system.
These attacks can have serious financial and reputational consequences for businesses, and it's important to be aware of the risks and take steps to protect against them.
Educating employees on safe web browsing practices and implementing strict security measures can help to prevent SQL injections and other cyber attacks.
Distributed Denial of Service (DDoS) attacks have become one of the most popular type of cyber dependent crime in recent years.
These attacks work by overwhelming a website's server with a flood of Internet traffic, causing the website to become unavailable to its users.
The attackers do this by using hundreds or even thousands of compromised devices, such as computers or Internet of Things (IoT) devices, to deliver the traffic.
Unfortunately, DDoS attacks are a growing threat due to the increase in cyber-dependent crime. As a result, it's essential that businesses have a plan in place to mitigate the impact of these attacks.
Understanding the nature of these attacks and how they operate can help businesses better assess their risk and develop strategies to defend against them.
Ransomware attacks have become increasingly common in recent years, with organisations and individuals alike becoming targets for malicious actors.
In a ransomware attack, attackers will typically gain access to a victim’s computer system and encrypt all of the data stored on it.
The attackers will then demand a ransom payment in exchange for the decryption key to unlock the data.
Phishing scams are another type of cyber dependent crime that has become more prevalent in recent years.
In a phishing scam, attackers will typically send out emails or text messages that appear to be from legitimate sources such as banks or government agencies.
These messages will often contain malicious links or attachments that can be used to gain access to victims’ computers or steal sensitive information.
Identity theft is another form of cybercrime that has been on the rise in recent years.
This type of crime involves stealing someone’s personal information such as their name, address, social security number, credit card numbers, etc, and using it for fraudulent purposes such as opening new credit cards or applying for loans in their name.
Cryptojacking is a relatively new form of cybercrime that has become increasingly popular among criminals in recent years.
This type of attack involves hackers using malware to secretly install cryptocurrency mining software on victims’ computers without their knowledge or consent.
The attackers then use the computing power of these machines to mine cryptocurrencies such as Bitcoin and Monero at no cost to themselves, while victims are left with slower systems and higher electricity bills due to the increased power usage caused by the mining process.
The reason for this troubling trend can be attributed to several factors. One of the main reasons is the increasing reliance on technology in our day-to-day lives.
With more people using the internet and digital devices, cyber criminals have been quick to take advantage of the vulnerabilities of these systems.
Additionally, the rise of sophisticated hacking groups and the increased accessibility of hacking tools has made it easier for cyber criminals to carry out their attacks.
As these crimes continue to proliferate, it's important for society to become more aware of cyber risk and take necessary precautions to protect themselves.
|SL. No.||Parameters||Cyber Enabled Crime||Cyber Dependent Crime|
|1.||Definition||A type of criminal activity that involves the use of computer technology to commit or facilitate a crime.||A type of criminal activity that requires the use of computer technology for its execution.|
|2.||Examples||Include activities such as identity theft, credit card fraud, online scams, and cyberbullying.||Include hacking into systems to steal data or money, launching distributed denial-of-service (DDoS) attacks, and creating malicious software (malware).|
|3.||Impact of victims||Victims of cyber-enabled crimes may experience financial losses due to identity theft or credit card fraud||Victims of cyber-dependent crimes may suffer from data breaches or loss of intellectual property|
|4.||Impact on society||Economic losses due to stolen funds or intellectual property||Lead to an increase in public fear and mistrust in online services|
|5.||Prevention Strategies||Use of strong passwords and two-factor authentication, keeping software up to date with the latest security patches, using firewalls and antivirus software.||Monitoring for suspicious activity on networks, educating employees about cybersecurity best practices, and reporting any suspicious activity immediately.|
Cyber-enabled crime is a type of criminal activity that involves the use of computer technology to commit or facilitate a crime.
This type of crime can include activities such as identity theft, credit card fraud, online scams, and cyberbullying.
Cyber-enabled crimes are often committed by individuals who have no technical knowledge or expertise in computers and rely on readily available tools to carry out their activities.
Cyber-dependent crime is a type of criminal activity that requires the use of computer technology for its execution.
This type of crime typically involves more complex techniques than those used in cyber-enabled crimes and often requires some level of technical expertise in computers and networks.
Cyber dependent crime examples include hacking into systems to steal data or money, launching distributed denial-of-service (DDoS) attacks, and creating malicious software (malware).
The impact on victims of cybercrime can vary depending on the type of crime committed.
Victims of cyber-enabled crimes may experience financial losses due to identity theft or credit card fraud.
While victims of cyber-dependent crimes may suffer from data breaches or loss of intellectual property.
In both cases, victims may also experience emotional distress because of the attack.
Cybercrime has been linked to economic losses due to stolen funds or intellectual property, disruption in critical services such as banking or healthcare services, and reputational damage due to attacks on organisations’ websites or social media accounts.
Additionally, cybercrime can lead to an increase in public fear and mistrust in online services due to concerns about security and privacy.
Organisations and individuals can take steps to help prevent both types of cybercrime by implementing preventive measures such as:
From identity theft to online extortion, these crimes are posing new challenges for law enforcement agencies.
To tackle this issue, many agencies are adopting innovative approaches that leverage the power of technology to prevent and investigate cybercrimes.
One such method is the use of sophisticated software and tools to track down hackers and identify their sources.
Additionally, many agencies offer specialised training to their officers to ensure that they are equipped with the necessary skills to respond to and solve cyber dependent crimes.
Despite these challenges, law enforcement agencies remain committed to combating this form of crime, striving to protect individuals and organisations from the devastating consequences of cyber attacks.
Here are the three recent examples of cyber dependent crime:
In November 2018, Marriott hotels group experienced a significant data breach, affecting over 500 million customers.
This breach compromised the guest reservation database, allowing an unidentified party to access sensitive information such as payment details, mailing addresses, passport numbers, and phone numbers of customers.
Responding swiftly, Marriott Group launched a thorough investigation in collaboration with a team of security experts. To assist affected customers, they promptly established a dedicated website and call centre.
Additionally, Marriott Group proactively reached out to impacted individuals via email, offering complimentary access to monitoring tools that continuously scan the internet for any signs of personal information being shared.
This cyber dependent crime example serves as a stark reminder of the critical importance of data protection for businesses and individuals alike.
Marriott Group's comprehensive response to the breach demonstrates their commitment to addressing potential security threats and safeguarding customer information.
The REvil hacking group, believed to be Russian or Russian-speaking, operates as a ransomware-as-a-service organisation. In July 2021, the Kaseya incident unfolded.
During this event, one of Kaseya's products deployed the infamous SODINOKIBI REvil ransomware, affecting over 1000 customers worldwide.
Within hours, REvil claimed responsibility for the attack on their Happy Blog website located on the dark web.
They demanded a staggering $70 million ransom in exchange for a public decryptor capable of unlocking all affected devices.
The impact of this attack was so significant that the United States government offered $10 million bounties to anyone with information leading to the arrest of REvil members.
Yaroslav Vasinskyi, a 22-year-old from Ukraine, has been charged with orchestrating a cyber attack and deploying ransomware against Kaseya and several other companies.
This cyber dependent example of criminal act highlights the increasing threat posed by cybercrime.
File Manager and Camscanner are two popular apps that have raised concerns due to security issues. With over 1 billion downloads and an impressive 4-star rating on the Google Play Store, these apps seemed reliable at first glance.
However, recent analysis conducted by the Trend Micro research team has uncovered alarming findings.
The Camscanner app, for instance, was discovered to contain a malware module capable of compromising user data by creating a backdoor on Android devices.
This malicious module is triggered when users click on deceptive advertisements, ultimately leading to the download and execution of additional harmful payloads.
Similarly, the File Manager app harbours a similar malware module that specifically targets sensitive user data, transferring it to a remote server.
Perhaps even more concerning, this app provides an avenue for hackers to stealthily install other malicious apps on users' devices, all without their knowledge or consent.
Now, let's delve into the potential consequences of such spyware. User information, including contact lists, SMS messages, call logs, and more, becomes susceptible to theft by unscrupulous individuals.
The presence of these cyber dependent examples underscores the importance of maintaining a vigilant approach to app selection and usage.
It's crucial to prioritise the security and privacy of our personal data, ensuring the apps we rely on are trusted and free from any potential threats.
The Computer Misuse Act 1990 (CMA) is the primary legislation in the UK that deals with offenses and attacks against computer systems, including hacking and denial of service.
It intentionally does not provide a specific definition of a 'computer' to accommodate technological advancements.
In the case of DPP v McKeown and DPP v Jones  2 Cr App R 155 HL, Lord Hoffman defined a computer as 'a device for storing, processing, and retrieving information.'
This broad definition means that not only traditional desktop computers or PCs, but also mobile smartphones and personal tablet devices can be considered as computers.
It is important to note that there is jurisdiction to prosecute all CMA offenses if there is "at least one significant link with the domestic jurisdiction" (England and Wales) in the circumstances of the case.
The Computer Misuse Act 1990 (CMA) is the main legislation in the UK that addresses offenses against computer systems. It covers various activities such as hacking and denial of service attacks.
One interesting aspect of the CMA is that it does not provide a rigid definition of what constitutes a 'computer,' which allows for flexibility as technology evolves.
In a notable case, Lord Hoffman defined a computer as a device used for storing, processing, and retrieving information. This means that even smartphones and tablet devices can fall under the definition of a computer.
It is also worth mentioning that the CMA has jurisdiction to prosecute offenses that have a significant connection to the domestic jurisdiction (England and Wales).
Section 1: Causing Unauthorised Access to Computer Functionality:
This offence involves accessing computer functionality without the right to do so, often as a precursor to more serious illegal activities.
To be considered an offence, the offender must have knowledge that the access is unauthorised and intend to access a program or data stored on the computer. Note that the offence is committed regardless of whether access is obtained.
Section 2: Unauthorised Access with Intent to Commit or Facilitate Further Offences
Section 3: Unauthorised Acts with Intent to Impair Computer Operations:
This offence is committed when a person behaves recklessly regarding whether their actions will impair, prevent access to, or hinder the operations of a computer.
Section 3 is particularly relevant in cases involving Distributed Denial of Service (DDoS) attacks.
Section 3ZA: Unauthorised Acts Causing or Creating Risk of Serious Damage:
Section 3ZA specifically targets individuals who seek to attack critical national infrastructure, which includes the potential for causing serious damage to human welfare, the environment, economy, or national security.
Section 3A: Making, Supplying, or Obtaining Articles for Use in Offences Contrary to Sections 1, 3 or 3ZA:
Section 3A deals with individuals involved in the creation or supply of malware intended for use in offences covered by sections 1, 3, or 3ZA of the CMA.
The Computer Misuse Act 1990 ("CMA") provides jurisdiction to prosecute CMA offences when there is at least one significant link with the domestic jurisdiction of England and Wales in the circumstances of the case.
For more detailed guidance on the CMA, please refer to the Computer Misuse Act 1990.
Under the Investigatory Powers Act 2016 (IPA), which became effective on 27 June 2018, intentionally intercepting a communication in the UK (without lawful authority) during its transmission is an offence.
This applies to both public and private telecommunication systems or public postal services. Any prosecution under Section 3(1) of the IPA requires consent from the Director of Public Prosecutions.
Section 1 of the Regulation of Investigatory Powers Act 2000 (RIPA) previously covered a similar offence. However, this offence has been omitted under Schedule 10, paragraph 45 of the IPA. It still applies to offences committed before 27 June 2018.
In addition to cyber-dependent crimes, offences under Sections 170 to 173 of the Data Protection Act 2018 (DPA) can be committed.
These include knowingly or recklessly obtaining or disclosing personal data without consent, procuring the disclosure of personal data without consent, and selling personal data disclosed or retained without consent.
For more detailed guidance on the DPA, please refer to the legal guidance.
By following the guidelines provided, you will gain a better understanding of the legal framework surrounding these offences and how they are prosecuted in England and Wales.
One of the most important steps you can take to protect yourself against cyber attacks is to use strong passwords.
A strong password should be at least 8 characters long and contain a combination of upper and lowercase letters, numbers, and symbols.
It's also important to avoid using the same password for multiple accounts, as this makes it easier for hackers to gain access to all your accounts if one is compromised.
Two-factor authentication (also known as two-step verification) is an extra layer of security that requires you to enter an additional code after entering your username and password.
This code is typically sent via text message or email, and it helps ensure that only you are able to access your account even if someone else knows your password.
Installing security software such as anti-virus and anti-malware programs can help protect against malicious software that could be used by hackers to gain access to your computer or personal information.
Be sure to keep these programs updated with the latest versions so they can provide the best protection possible.
Another way to protect yourself against cyber attacks is to be careful what you click on when browsing online.
Avoid clicking on links or downloading files from unknown sources, as these could contain malicious software or lead you to fraudulent websites designed to steal your personal information.
Finally, monitoring your credit report regularly is a good way to detect any suspicious activity that may indicate that you have been a victim of identity theft or other types of cyber crime.
You are entitled by law in most countries to one free credit report per year from each of the three major credit reporting agencies, so make sure you take advantage of this opportunity.
We can work with you to create a bespoke disaster recovery plan that suits your business, giving you peace of mind that your data is secure in the cloud.
Our services are tailored to suit your business needs, so whether that’s training your staff on the importance of cyber security or relocating your workforce to a temporary work space if your site location goes down, we can help you safeguard your business.
Get in touch or call us on 01908 571 510 to speak with one of our specialists to find out more.