Tackling The Out Of Control Threat From Cybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks.
Portions courtesy of THE HILL
When you turn on the TV or read the newspaper, it’s hard to ignore the headlines: “Colonial Pipeline a Victim of Massive Ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction. Attack.” “50 Million People Affected by T-Mobile Data Breach Whenever private information is seen by someone who should not have access, this is known as data exposure. It may also sometimes be referred to as a data leak or data breach. It might happen by accident or be caused by hackers who do it to cause harm to the individual or organization involved. It can be especially damaging to companies that store the credit card details and personal information of their customers..” “Hackers Exploit SolarWinds to Spy on U.S. Government Agencies.”
These major attacks represent a serious threat to our economy and our national security. After the Colonial Pipeline attack impacted thousands of our neighbors in Central Virginia, I was adamant about how our government must vastly improve its efforts to undercut the activity of hackers, protect critical infrastructure, and strengthen our cybercrime prevention efforts.
But the story of cybercrime in 2021 goes far beyond these news-making cyberattacks — it extends into our communities, our neighborhoods, and our homes.
If you are a family banking online, a business managing your employees’ payroll information, or a senior accessing federal benefits on the internet, you are no stranger to thinking about how a cyber breach or attack could affect you. Even worse, you might already be one of the millions of Americans whose personal data has been compromised, money or identity stolen, or safety put at risk.
In 2018, Gallup found that nearly one in four U.S. households has been a victim of cybercrime — making it the most common crime in America. To confront cybercriminals and their enablers, we need to have a better understanding of these incidents. However, many of these cases — a vast majority of these crimes — are not properly reported or tracked by law enforcement. Often, they are not measured at all.
By some estimates, the Federal Bureau of Investigation (FBI FBI - Federal Bureau of Investigation
The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI is also a member of the U.S. Intelligence Community and reports to both the Attorney General and the Director of National Intelligence. A leading U.S. counter-terrorism, counterintelligence, and criminal investigative organization, the FBI has jurisdiction over violations of more than 200 categories of federal crimes, including financial fraud.) may only collect about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database. The lack of information about cyber and cyber-enabled crime A Cyber-enabled crime is one where technology facilitates a criminal to commit a crime against an individual or a business. These are where there is a one to one relationship between the criminal and the victim. Romance scams, email fraud, and many other types of scams are considered cyber-enabled crimes. The technology used can be the Internet, a computer, a phone, or other devices. is divorced from what Americans are actually facing on a day-to-day basis — an increased risk of cybercrime. What’s more, these crimes are rising at an alarming rate.
Compounding this challenge is the fact that federal, state, and local governments do not have a comprehensive, effective system to measure cybercrime. In 2021 — decades after the dawn of the internet age — we remain woefully unprepared to prevent or respond to the next generation of cyberattacks.
Accountability for these crimes — and protection against them — can’t fully take shape until we have a clear picture of the current state of play. For this reason, we need to take real steps to improve how we track, measure, analyze, and prosecute cybercrime.
Earlier this month, I introduced the bipartisan Better Cybercrime Metrics Act, which would allow our federal government and law enforcement to better track and identify cybercrime, prevent attacks, and go after perpetrators. This bill would strengthen our understanding and our defenses against the phishing attempts, extortion, ransomware, and identity theft Identity theft is when someone uses another person's personal identifying information, without their permission, to commit fraud or other crimes. In both the U.K. and the United States it is the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources. that are plaguing everyday Americans.
As a former federal law enforcement agent, I understand that local and state police and sheriff’s departments are often strained for resources and time. And as a former CIA case officer, I recognize the importance of gathering as much information as possible about potential threats — so that we can prevent attacks on American citizens and American businesses.
If signed into law, the Better Cybercrime Metrics Act would improve our cybercrime metrics, anticipate future trends, and make sure law enforcement has the tools and resources they need.
Our bill would require federal reporting on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data.
Additionally, it would require the National Crime Victimization Victimization (or victimization) is the process of being victimized or becoming a victim. The field that studies the process, rates, incidence, effects, and prevalence of victimization is called victimology. Survey to ask questions related to cybercrime in its surveys — and it would make sure that the FBI’s National Incident-Based Reporting System include cybercrime reports from federal, state, and local officials.
Notably, our bill would also require the U.S. Department of Justice to contract with the National Academy of Sciences to develop a standard taxonomy for cybercrime. These metrics could be used by law enforcement across the board.
I was proud to introduce this legislation alongside my colleagues U.S. Reps. Blake Moore (R-Utah), Andrew Garbarino (R-N.Y.), and Sheila Jackson Lee (D-Texas). Clearly, there is consensus for these reforms and protections across the political spectrum.
In the Senate, a companion bill is being led by Sen. Brian Schatz (D-Hawaii). Joining him are Thom Tillis (R-N.C.), John Cornyn (R-Texas), and Richard Blumenthal (D-Conn.). I am proud to have their partnership on this important, bicameral effort.
The Better Cybercrime Metrics Act
Spanberger, Moore, Jackson Lee, & Garbarino to Introduce Bipartisan, Bicameral Legislation to Stand Up to Cyber Criminals, Improve Federal Tracking of Cybercrime
A 2018 Gallup Study Found that Nearly 25 Percent of All U.S. Households Have Been Victims of Cybercrime
WASHINGTON, D.C. — U.S. Representative Abigail Spanberger today announced that she is leading the introduction of a bipartisan, bicameral bill to improve the federal government’s understanding, measurement, and tracking of cybercrime.
The federal government currently lacks an effective system to measure cybercrime. In 2018, a nonpartisan study from Gallup found that nearly one in four U.S. households were a victim of cybercrime — making it the most common crime in America. However, the large majority of these crimes are not properly reported or tracked — and in many cases, these incidents are not measured at all. By some estimates, the Federal Bureau of Investigation (FBI) only collects about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database.
The bipartisan Better Cybercrime Metrics Act would improve how the federal government tracks, measures, analyzes, and prosecutes cybercrime. By starting the process of building an effective system to delineate and track cybercrime incidents, this legislation would allow U.S. law enforcement agencies to better identify cyberthreats, prevent attacks, and prosecute perpetrators.
Companion legislation is led in the U.S. Senate by U.S. Senator Brian Schatz (D-HI). Additional U.S. Senate cosponsors on the legislation are Thom Tillis (R-NC), John Cornyn (R-TX), and Richard Blumenthal (D-CT).
“Cybercrime is increasingly putting American families, businesses, and government agencies at serious risk. But for too long, our government has been woefully unprepared for the next generation of cyberattacks. Complacency with respect to our cybercrime classification system could jeopardize public safety, our ability to compete in the global economy, and even our national security,” said Spanberger, a former CIA case officer and former federal agent. “Our nation’s crime classification system is out-of-date — and the Better Cybercrime Metrics Act takes commonsense steps to improve our cybercrime metrics, anticipate future trends, and make sure law enforcement agencies have the tools and resources they need. I am proud to lead the introduction of this bipartisan, bicameral legislation — because this bill would help prevent more Americans from becoming targets and victims online.”
Spanberger is introducing the bill alongside U.S. Representatives Blake Moore (R-UT-01), Andrew Garbarino (R-NY-02), and Sheila Jackson Lee (D-TX-18).
“Acts of identity theft, fraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements.
A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim., espionage, and other types of victimization perpetrated online cause extensive harm to individuals, businesses, and government agencies. In order to do more to counter cyber threats, we need better data concerning the incidence of these types of crimes,” said Jackson Lee, Chairwoman of the U.S. House Judiciary Committee’s Subcommittee on Crime, Terrorism, and Homeland Security. “That is why I am pleased to join my colleagues in introducing the Better Cybercrime Metrics Act, a bill to require the reporting of information to assist us in preventing further victimization, which is an important focus of my Subcommittee on Crime, Terrorism, and Homeland Security.”
“This Better Cybercrime Metrics Act is a critical first step in helping both government and private industry better understand and address the growing challenge of cybercrime and attacks to our cybersecurity. Aggression we see from cyber criminals and adversaries requires a new era of reporting and collaboration between private and public industry,” said Moore. “I am proud to join my friends, Rep. Abigail Spanberger (D-VA), Rep. Sheila Jackson Lee (D-TX), and Rep. Andrew Garbarino (R-NY), in pursuing commonsense cybersecurity policy that equips our law enforcement and cyber warriors to better understand the scope of the cybercrime challenge. America’s public safety and cyber superiority is on the line, and now is the time to act.”
“Cybercrime is rampant, but despite the rising number of attacks affecting Americans, we do not have a clear picture of the full scope of the problem,” said Garbarino. “I am proud to join Congresswoman Spanberger in introducing this bipartisan legislation to help improve tracking and reporting as it relates to cybercrime. We need to utilize every tool at our disposal, especially those offered by CISA The Cybersecurity and Infrastructure Security Agency (CISA) is a standalone United States federal agency, an operational component under Department of Homeland Security (DHS) oversight. Its activities are a continuation of the National Protection and Programs Directorate (NPPD). CISA was established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. and the rest of the Federal government, to fight back against what is one of the greatest threats of our time.”
“Increased and improved cybercrime data collection is a necessity,” said Robert Burda, Interim CEO & Chief Strategy Officer, Cybercrime Support Network (CSN). “By better understanding the size and scope of cybercrime in the United States, our law enforcement officers, policy makers, and CSN will be able to more effectively serve individuals and small businesses impacted by cybercrime.”
“It is critical that cybercrime is counted in a systematic and complete manner. Victims of cybercrime, particularly vulnerable victims such as minors, stalking victims, and the elderly, deserve to have those crimes counted and the public deserves to know the nature and extent of cybercrime in our society,” said Eileen M. Decker, Lecturer, USC Gould Law School; former U.S. Attorney; Police Commissioner. “Comprehensive cybercrime data will help ensure robust training and increased resources to law enforcement to investigate cybercrimes Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks., and improved public awareness about the pervasiveness of the cybercrime problem. This bill is an important step to achieving these goals.”
“Cybercrime is pervasive and pernicious, having a negative impact on individuals and communities throughout the United States. The first step in combating the hard problem of cybercrime, like all hard problem, is having a clear, concise, and consistent understanding of cybercrime among all those impacted and those who will face the problem,” said Glen Gainer, President, National White Collar Crime Center (NW3C). “NW3C appreciates the efforts of Congresswoman Spanberger in introducing this bill.”
“Proliferation of technology and data in many aspects of daily life means that most crime has expanded to include a cyber component. Technology is not only the target, it is the tool, the location for critical evidence, as well as source of contraband. This reality begs for uniform national reporting of any crime with a technology nexus,” said Jim Emerson, Vice President, NW3C; and Chairman, International Association of Chiefs of Police Computer Crime and Digital Evidence Committee. “I appreciate the work of Congresswoman Spanberger to bring this bill forward.”
“As a retired state-level cybercrime investigator and current instructor of those who currently investigate and prosecute these offenses, I have an appreciation for the breadth and depth of the complex challenges these criminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues. justice practitioners face daily. It is not possible to combat cybercrime until it is fully and consistently understood,” said Chuck Cohen, Vice President, NW3C; retired police captain; & professor of criminal justice. “I appreciate that Congresswoman Spanberger understands the challenge and is bringing this bill forward.”
Specifically, the Better Cybercrime Metrics Act would improve federal cybercrime metrics by:
Requiring the Government Accountability Office to report on the effectiveness of current cybercrime mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data,
Requiring that the National Crime Victimization Survey incorporate questions related to cybercrime in its survey instrument,
Requiring the U.S. Department of Justice to contract with the National Academy of Sciences to develop a taxonomy for cybercrime that can be used by law enforcement, and
Ensuring that the National Incident Based Reporting System — or any successor system — include cybercrime reports from federal, state, and local officials.
The Uniform Crime Reporting Act of 1988 requires all federal law enforcement agencies to report crime data through the FBI. However, federal agencies like the FBI and Secret Service — which often have jurisdiction over crimes within the broader definition of cybercrime — are not consistently reporting these numbers into the federal systems. State and local law enforcement reporting on cybercrime is also limited and inconsistently reported to federal agencies.
This lack of detailed, consistent systems for collecting and categorizing data on cybercrime is an impediment to understanding the scope of the problem — thus impairing law enforcement’s ability to protect against cybercrime.
SCARS Supports This Legislation
SCARS also believes that there needs to be significantly more reporting of cybercrimes and that the reports that are made must be better utilized.
We use our U.S. readers to contact their local Congressperson or Senator to urge them to pass this important legislation.