Cybercrime vs. Traditional Street Crime: The Differences
Now that we have reviewed the main categories of cybercrime, and how they parallel crimes in the physical world, let us look at the differences between street and cybercrime. There are a number of factors that make cybercrime different, and greatly affect how it should be investigated. Some of these factors are:
- • Technology, the Internet, and networks
- • Distance: the national and international nexus
- • Investigation rate and solve rate
- • Connection to a broad criminal ecosystem
- • Potential nation-state involvement.
Technology, Internet and Networks
A cybercrime, by definition, involves technology. An offense is considered a cybercrime because it is committed using the Internet, computers, networks, and other forms of technology. As a result, cybercrime investigations always involve the gathering of digital evidence from devices, service providers, and other sources. This dependence on assembling digital evidence means that a simple cybercrime case can involve more complex investigative steps than a comparable street crime.
The presence of technology is ever-growing in the field of investigation. From the recording and management of police body-camera video to advanced case management and analytical software, investigators are using more and more technology in every facet of their work. Cybercrime investigations, by their nature, are focused on Internet and computing technology, but the facts and evidence of these crimes typically are within the working knowledge of most investigators.
Certain investigative steps in cyber cases require input from professionals with experience and knowledge about specific technology, as well as equipment and resources not necessarily available to the average investigator. For example, recovering evidence from a computer device (including cellphones) should be performed by individuals with specialized skills and training in the field of digital forensics. That said, although technical expertise is important at particular stages, it takes all types of backgrounds and experience to conduct cybercrime investigations. Victims, witnesses, and suspects need to be interviewed, logical connections and deductions need to be made from the evidence (digital or otherwise), and facts need to be articulated. When digital evidence is recovered, it needs to be analyzed for clues by those who know the case best.
Distance: The National and International Nexus
The second major difference between cyber and street crime is that cybercrime can be committed from a distance. This criminal reach represents a monumental change and creates steep challenges for law enforcement and governments, as well as private sector interests that are victimized from afar.
Traditional crime requires the criminal to get physically close to the victim, to enter the bank or dwelling, to get near victims or their possessions in order to steal them. Before the Internet, individuals did not fear being harmed by countless criminals all over the world. Street crimes have a narrow list of suspects, since the perpetrator has to be nearby, or to have gotten away on foot or by vehicle. As a result, apprehension is much more likely. Conveniently for law enforcement and the legal system, the victim and suspect in a street crime usually are in the same jurisdiction.
Cybercrime changes that dynamic. Cybercriminals victimize from a distance with anonymity, often from another state or another country. They do not leave physical clues behind. The pool of suspects cannot be narrowed by proximity, and investigation and apprehension are made difficult due to distance and geographic boundaries.
From the cybercriminal’s perspective, the pool of victims is larger. They do not need to focus on one potential victim; they can target thousands, or millions, of potential victims. Though they might choose to target a specific individual or company, they also can play the odds, netting occasional successes among thousands of failed attempts.
Investigation Rate and Solve Rate
Another important difference is that law enforcement’s solve rate for traditional street crime is much higher than for cybercrime. Consider burglary - one of the harder street crimes to solve. Burglars break into homes or stores, steal things, and leave. If they are not caught in the act, or if they don’t leave a physical clue behind (like a fingerprint or DNA), law enforcement may have a difficult time determining the burglar’s identity and arresting him. For these reasons, less than 15% of reported burglaries are solved.'' But the fact that police are out there investigating each case, some burglars do get caught, and we are reasonably safe in our offices and homes, suggests this solve rate is high enough to keep the crime in check.
With cybercrime, the solve rate has been so low that criminals can keep trying and improving until they are successful at stealing money or data. A cybercriminal can send millions of spam emails to victimize recipients, can attempt hundreds of network intrusions, and can experiment for years until his technique is successful and profitable, with limited fear of apprehension. In other words, unlike street criminals, cybercriminals operate under the reasonable assumption that they will never be caught.
The main reason we wrote this book is to change this dynamic by encouraging a far more aggressive investigative response to cybercrime. A crime that is not investigated cannot be solved. When cybercrimes are consistently investigated, investigators will get better at it, and more cybercriminals will be apprehended and prosecuted.
Connection to a Broad Criminal Ecosystem
Most street crimes are singular events that automatically become the primary focus of an investigation. If a victim is robbed or stabbed, or if a suspect drives drunk or sells drugs, each crime is a distinct situation that investigators can quickly assess and begin to investigate.
Cybercrimes, on the other hand, often are not discrete criminal events that are well-suited for investigation in isolation. A victim might report a cyber incident that, standing alone, appears to be small, or nearly impossible to solve, given the individual facts pertaining to that single victim. But frequently that small cybercrime is one of many - hundreds, thousands, or even millions - being perpetrated by a particular criminal or group. Together, these crimes may be part of an ongoing criminal effort reaping significant profits. If that is the case, the reported crime is related to the larger cybercrime economy, and has been aided and enabled by the criminal tools and resources shared among criminals who operate online. Individual cybercrimes, in other words, should be evaluated in the context of the broader picture. Generally, only a small portion of street crimes have this interconnected aspect - like those that are part of organized crime rings such as the Mafia or narcotics traffickers.
5 FBI: Uniform Crime Reporting - 2018 Crime in the United States: Offenses Cleared, https://ucr.fbi.gov/crime-in- the-u.s/2018/crime-in-thc-u.s.-20l8/topic-pages/clearances.