An ‘Iceberg’ of Unseen Crimes: Many Cyber Offenses Go Unreported

One problem making suspected cyber crimes hard to report is that many companies make it very difficult to contact them - for any reason. I recently wanted to report an email received supposedly from Bank of America. Very difficult to tell it wasn't real, except with close inspection. All the requisite warnings etc. The big giveaway for me was I don't have a Bank of America account. Nonetheless, I thought they might want to know of this email scam. However, I was unable to contact them by phone or email = turns out if I don't have an account number I can't get through on the phone. My email address was not recognized either, so that didn't work. Perhaps if companies want to be alerted to scams using their logos etc, they might want to make it easier for the public to report these things.

If ISPs are going to select, choose, discriminate and charge based on content, then they will need to take responsibility for the data generated by criminals too. They can't claim criminal data to be neutral and selectively charge more for other types of data. If data is not neutral on the Internet, then ISPs have to take responsibility of the data traveling on their networks. Many users are smart recognizing e-mail scams. Anti-Virus programs should add a button, next to JUNK, perhaps labeled SCAM or CRIMINAL that they can select when they recognize an e-mail as such. The AV software would collect the Metadata (originating IP, etc.) that would update other users should a threshold of flagged SCAM e-mail's be reached. It is already happening using honeypots but those are automated and may not be able to distinguish between a SCAM and legitimate e-mails as a crowd sourced intelligence can.

Better pay for cyber expertise would probably go a long way to helping solve these crimes. Why would a recent grad who could get a plum job in tech take a job in law enforcement?

>“Suspects take advantage, knowing that ‘Hey, I’m basically committing crimes blindly,’ without the fear of prosecution" . . . . This happens, in my experience, primarily not because police "don't have data," but because they don't have the humanpower (and/or the diligence?/ inclination) to investigate most crimes to begin with. So too violations running roughshod over impt NY laws/rights because the NY Atty General's Office has no one enforcing these.

But they have 2 Billion or so photos of us and our vehicles...

Of course police departments are having difficulty with cybercrimes. Your high school- educated officer isn’t much use to you in cyber cases because brawn and force aren’t necessary. Many officers will also fail to see the glory in fighting cybercrime because you can’t drive 80 miles per hour on a city street chasing a cybercriminals. Nor do you need military gear or an assault rifle, which make officers feel tough and powerful. Who wants to go back to the old neighborhood and tell people you’re a desk jockey fighting computer crimes, when you can show pictures of yourself in all-black tactical gear and tell everyone you’re fighting the drug war or keep the city safe from terrorists? And municipalities aren’t going to pay overtime for cybercrime cases, so you can’t pad your paycheck or your pension.

This article is exhibit 10,000 for why Silicon Valley is an evil amongst us, every bit as destructive as the crooks on Wall Street. They have unleashed products and apps with astonishing naivety as to their toxic potential, and just shrug their shoulders or promise some vague algorithmic corrective. Google, Apple, Facebook, Twitter, Microsoft, Cisco and Intel are de facto enablers of thieves, fraudsters, propagandists and other bad actors, and even on a good day are intent on crude social engineering and promoting addiction and confusion. Like Walmart before them, their disruption has remade the hinterland in a bad way, driving millions out of well paid gainful employment and depressing wealth of the many to enrich a tiny few.

Here‘s another common scheme: on craigslist criminals advertise „apartments for sublease“. If you contact them they‘ll tell you for example that they are currently out of town for work and will be away for a couple months – hence their apartment is available for sublease. Since they are away and the owner of the building „lives out of state“ they unfortunately are not able to show the place. But they are „happy to send you pictures“ of the apartment. They then explain that the apartment is available immediately and ask for a deposit and first month of rent to be sent to their bank account. The keys will then be sent to you, right after payment... apparently some people are falling for that otherwise craigslist wouldnt be flodded with such ad‘s.

Public perception of law emforcement is not high, and this now includes the FBI Maybe it’s the racial profiling, maybe the politicization, or maybe just an abundance of self serving PR. Maybe it’s law enforcement leadership who allocates ever abundant resources to low hanging fruit like hassling the homeless or speeding tickets.

Also consider the fact "Equifax" was hacked and breached the personal data of nearly 3/4 of the United States .. I would imagine cyber crime and identity theft will also continue to climb.

Timely article. There does have to be a national or regional resources to deal with cybercrime, and it seems as if this is a logical role for the FBI. And the laws have to somehow reflect that this doesn't happen at a particular geographical location, but in cyberspace - so a different approach to prosecution is needed. A note about reporting, just for New Yorkers - The State Attorney General's office does take reports and record about cyber crime and online scams -- and also has a particular unit that looks at fraud directed at the elderly.

First of all ,watch your accounts constantly. Normally the bank will repay the fraud under conditions.The police may review store film ect. when alerted by the bank or you may file.Counterfit Cards are printed or stamped out by the millions ,they are used in every state.your CC # may be recorded 10 different ways so always watch it . Allowing waiters ect. to leave the table with your card is no longer a service without liability.I had a card used with my cc # a thousand miles away at the same time my only card was in my pocket.These syndicates have their own operators in stores to get numbers and to process counterfit cards when they,re used and often get paid with the cards themselves.

The NYT statement "...data collection is still haphazard as policing agencies that protect just 31 percent of the country’s population volunteer to abide by the deeper reporting standards..." would be more effective if it provided the number of agencies and types - i.e. police department, sheriff's office, or state police, than "the country's population. Reporting compliance should be linked to agencies receiving federal grants, federal equipment transfers and asset sharing - no data or incomplete data means no federal goodies. Excuses for not submitting data range from not having resources to tabulate and transmit the data to agency heads that do not recognize the authorities of federal government. In my experience, I have seen more incomplete than complete national criminal history reports. There are four critical areas for significant data loss: -Misdemeanor violations that are not captured because criminal citations or summons are routinely issued without collection of fingerprints, photographs and final dispositions. These crimes include assault, theft (larceny), trespassing, hunting, firearms violations and many more. -Summons for felonies. Some of the same reasons above for misdemeanors apply, but for more serious offenses. -Criminal citations and summons are likely to increase as a result of increased focus on jail populations across the USA. These programs are needed, but the changes need to close the loop on the data. -Inadequate agency management controls.

So we have a crime reporting issue. In my mind, these stats are only half the story. Let me know when they start collecting statistics on the average law enforcement time spent actually trying to solve crimes like robbery, and how successful those efforts are. This is now a pet peeve of mine, after suffering a major theft (over $6000, major to me) last summer. The fine members of local law enforcement opened my eyes to the fact that, at least in a large city with a low median income, the only thing they will do to solve a case is pick up a phone. The thieves were known, but according to the detective, there was little he could do since they either blocked him on their phones, or refuse to answer. He made no effort to locate them through their employer or physically track them down. I had to wait almost 2 weeks for him to even get on the case - the cop who took the statement said all he would do was give it to the detectives. All claimed their hands were tied because of the law. I'm a 57 year old white woman, and I've pretty much had it with law enforcement in this country, it's a joke.

If a hacker can freeze the information on your personal computer until you pay him a ransom in a crypto-currency, such as bitcoin, perhaps the world’s leading economies should ban the use cryto-currencies.

I've found local police departments either are ill-equipped or simply don't care about electronic crimes. Twice in the last three years my wife and I reported credit card fraud to the local police department as you're advised to in these cases. In both cases, the credit card companies had good enough measures in place to catch the fraud in process and they were able to limit the losses. We each got new cards within days and weren't charged for any of the losses. The card companies do ask, however, that one file a police report to help with the idea of possibly catching the thieves. In both cases, the credit card firm assumed skimmers were used so this information would have been very helpful to the department. Even more noteworthy, one of the two cases involved a card my wife had just obtained and it had only been used once. Well in that case, it was obvious the fraud was carried out by an employee of that establishment! We gave the police that information, the receipts, advised the restaurant had the means to provide evidence, etc. How did our local police department -- Spring Township, Berks County, PA -- react? The literally did nothing. When we asked why -- when presented with a gift wrapped opportunity to bust a fraud case -- they didn't care to investigate? They mumbled back to us (my wife specifically), "these cases are hard to prove." Lessons learned. Don't bother the police. And if I'm ever desperate for cash? Credit card skimming fraud is the low risk way to go!

Wow, what a horrifying story. Sociopaths using any means necessary to deceive and cheat for evil people - they should all be in prison. I’m fairly certain that marketing and PR did not start this way. Trying to rationalize and twist their horrific dishonesty into “we see the good in people.” Sure, they do. They are profiteers with no integrity who don’t care who gets hurt. This is the kind of story that makes people feel like no one tells the truth.

Violent crime is clearly increasing in the sunbelt and midwest, but, by only counting crimes in large cities, NYT can claim that violent crime is down.

It is unlikely that law enforcement can really go after petty internet malfeasance involving mere financial matters, because all of our resources have to be devoted to combating the scourge of criminal cyber "satire" that victimizes well-connected members of the community. See the editorial of Arthur Hayes of Fordham University at: https://forward.com/opinion/385050/raphael-golb-is-facing-jail-time-for-...

The most serious crimes in the United States are being committed by The President of the United States, his Cabinet, and Republicans in the House of Representatives.

When you buy something online and that company is out of your state, good luck getting any compensation from them for any reason. Near to impossible. Another good reason to shop locally.

How many millions of people had their personal data released by Equifax? I've had to pay to freeze my credit because of Equifax and what did congress and the Republican administration do after this major crime against millions of Americans? NOTHING.

Two issues here: 1) The government and companies do not want to spend money to prevent internet crime. People who work in IT security get paid relatively little money for their responsibilities, and they're often working with outdated firewalls and software. 2) A lot of the unseen crimes are committed by white males who wear expensive suits and work on Wall Street and in Washington, D.C. Don't forget to count those, too.

I had been led to believe we live in a surveillance society. Any institutions that provide or conduct Internet-based services and beyond that, heavily automated bank and credit card companies through which most illicit gains flow, all contain the raw data needed to identify and track theft facilitated by digital communications/transacting systems. In concert, it would seem a huge amount of electronically-dependent theft and illegal behaviors (like non-pattern use of stolen identity) are trackable. Although I'm closer to caveman than techie, I realize massive and multiple data streams are enormously difficult to mine in concert to result in precise crime-tracking statistics and possible criminal-suspect identification. Difficult but not impossible. Computer or electronically-dependent theft of all kinds, even without counting unrelated corruption and other elite piracy, likely represents costs to society, over time, that exceed the costs of developing and implementing systems to pinpoint it significantly. It may be that the cummulative losses are externalized as to appear invisible. For example, I assume we all pay x% more for products (5-10-20%?) as vendors raise their prices to account for theft.

I think this article misses the point. "Crime" and especially "crime in the streets," while an entirely justified concern, was always part of an ideological and social narrative inextricably connected to race. The "cheating husband" scam is entirely irrelevant to this narrative; so are most internet crimes. The opioid crisis isn't part of that story either; it is part of an ultimately the most significant development of the past decades--the continuing decline in the quality of life for many, and perhaps soon, most, Americans.

Definitely cyber crimes against America and Americans needs to be beefed up as far as a separate and fully staffed agency within our own U.S. intelligence community with highly qualified experts, who work on Internet crimes only. Then it needs to go international and work with every other official law enforcement agencies throughout the world. No one country can handle this on their own and it has to a cooperative effort of global law enforcement which identifies what a cyber crime is aka national security attacks through social media outlets, or upon defense systems, financial crimes, identity theft, hacking into other country's, power grids, financial institutions and so on. I just read the other NYT article on cyber hacking videos. It is a whole new world of cyber warfare out there and identity theft should include cyber hacking of videos as far as creating lies and political propaganda on candidates or criminalizing them or demonizing them as in malice of intent. Putin is still in our cyber space and probably learning about the latest technology on corrupting actual videos for criminal or political purposes. Just like TV ads have political candidates stating that they approve their ads they are going to have to do the same thing online. . Money on our defense budget needs to include cyber security as that is where the battle field is and it can change election outcomes as we just witnessed, and it can make criminals out of innocent people who will come under attack.

We have George W Bush to thank for diverting FBI resources from domestic crime to terrorism, instead of adding to the FBI capacity. That led to an explosion of white collar crime like identity theft because state and local law enforcement cannot pursue these criminals across state borders. It has also left the FBI technologically starved in data management and analysis, something it only began to address after the gaps became publicly known in the wake of the Boston Marathon bombing and several glaring clues were missed. The Russians tried to warn the FBI about the Tsarnaev brothers, one of which was already implicated in a triple murder drug deal. Trump certainly is creating yet more problems with his attacks on the FBI, which needs more funding and capacity and less obstructive tweeting.

I'd my bank account almost entirely cleaned out. I felt so robbed yet had no body to report this to, except my bank. It was very stressful, especially since I was away on vacation when it happened. I tell everyone I know to worry, it just hasn't happened to them yet. You've been technically robbed and nobody seems to really care except you. When you tell others it's surprising to hear of so many other's similar stories. My doctor's thieves sent her roses FTD on her stolen account.

The crooks are transparent these days; Their internet heists do amaze. But cops and their stats Keep it under their hats -- They’d rather have nothing but praise.

U.S. law enforcement can refuse anyone reporting a crime. I know many who have approached both local and federal law enforcement authorities with legitimate allegations of serious crimes, and were told to go away. That is America in a nutshell.

Dealing with identity theft requires, as step one, filing a report with your local police department. Not much of a law enforcement effort to curb 5.7 billion dollars of fraudulent charges per year. Your stolen identity data can be sold and resold and criminals use the basic information for newer scams. Now that "chip and PIN" are widely used in the US, "payday loans" are the latest scam, and as we see here, cyber-blackmail.

I think it’s extremely important to keep cybercrime in perspective. Annual thefts totalling $1 billion a year is only about one 7000-th of US GDP (if memory serves). Even if it’s under reported by a factor of 10, that’s one 700-th. So roughly $71 per person per year on average. Crimes against one’s person, such as rape, murder, and assault are far more severe and harmful to a society. They have been steadily declining for quite some time and are near historic lows. I am only, of course, talking about dollar values. Not about drug trafficking (Fentanyl), for example.

Since our law enforcement is undermanned, disjointed (legacy systems) and under funded to address cyber crime as we know it, deputizing vigilantes may be the solution. Just like the old West! Vigilantes or bounty hunters can cross the cyberspace landscape and be compensated on a lucrative percentage of recovery or the bounty of a cyber person or gang. To combat identity theft President George Bush brought forth HSPD-12 to protect Federal employees and contractors. Congressman Tom Davis thereafter set up a monitor grading system. The success of its implementation for a very small user market according to Tom Davis grading system was a D+. Lack of urgency and attention led up to the compromise of personnel data from Office of Personal Management under President Obama. Within the commercial world the lost of data is simply the cost of business. After a cyber attack, retailers (TJ) and/or credit bureaus (Equifax) quickly shifted the financial loss or legal liability to the insurance company, and burden to rectify on the consumer. Then again, there is the issue of the software providers who have been known to provide COTS (custom off the shelf software) to run your PC, mobile devices or back end servers. A little chewing gum, and rubber bands plus choice personal comments within the software language would have made MacGyver proud!

There is an over exposure on local tv news of petty theft and convenience store robberies. You rarely if ever hear about violent rapes and domestic violence. These two have not decreased. They have actually greatly increased. We must take sexual abuse and rape more seriously in our society. As well as DV. Crimes against women and children are under reported.

This is an old story in the evolutionary landscape: as soon as life radiates into a new ecology, the parasites and predators quickly follow. There is a fascinating narrative here about how our conception of reality doesn't fit the facts. But the real story is how defenses are created once the threat emerges. We've had at least two decades of Nigerian bankers, social engineering of hapless customer service agents and the like, and it's obvious that the gatekeepers, such as Equifax, are still oblivious or negligent to the challenges they face. The first important piece is legislation to criminalize a failure to take due care: if the customer is gutted by identity theft, the agency that allowed that to happen should be gutted by legal penalties for not implementing the proper defenses. Suddenly, Equifax will take notice. The second important piece is the recognition that cyber crimes are neither state nor federal problems, but international problems, and it is really the international institutions, aka "the banks", that need to be surveilled, legislated and punished for lack of due care. Apart from bullying, doxxing and stalking, cyber crime is really financial crime, and financial institutions are a major reason the crimes exist at all.

A few years ago, my aged mother, already suffering the first signs of dementia, received a telephone call purportedly from her bank. An obvious scam involving something wrong with her account, but this person could fix it--with my mother's assistance. Fortunately, I called as my mother was preparing to call back the person who had called her and give the caller confidential information that would give the caller access to my mother's account. I called the local sheriff's office with the phone number and the details of the scam. I may as well have been reporting a parking infraction. There was not the slightest interest in this attempted fraud. There was no awareness of the fact that this was a crime as injurious to the victim as any other nonviolent crime. I hope things have changed.

Just the crimes of this "administration," alone, have driven up the white collar crime rate.

This type of crime is follwed by Homeland Security ie. North Korea vs. Sony. The FBI is part of this, no? So is Trump protecting his cybercrime friends as well as committing treason. Keep following the money.

"...yet because so many occur online and have no geographic borders...", for which, really, there is nothing that offers much of a practical solution. Local police departments have neither the personnel, resources, nor real world jurisdiction to address many of these crimes. Yes, they can arrest the local "apple picker" or the person who actually fraudulently uses a stolen credit card, but they have no ability to arrest some gang structure in Nigeria or Pakistan, for example. Simply saying, as I expect some to do, having even more power given to the federal authorities for local crimes with an international nexus will only create a far greater federal bureaucracy and machine that will consume vast resources with little in return. Even if we learn that a band of crooks is operating out of some remote locale in a foreign state the FBI is practically powerless to actually deal with it - our laws and police powers do not apply on foreign soil. Treaties are messy and complex things often best geared for major matters of international import, not the theft of $20 of gasoline at your local Chevron. We do need better awareness by citizens (stop using your phone by the subway door, a prime NYC "picking" spot) and greater coordination by institutions like banks to immediately cease transactions. But the more willing we are to do things digitally the more exposed we will willingly make ourselves. We do have those choices!

This has been happening in Europe already for quite some time. Some crimes are reported, some are not, depending. In France, attacks on Jews and Chinese immigrants have been under reported for years due to the possible inflammatory conclusions. This is not just a technology problem, but it does include technology. In Los Angeles, it was discovered several months ago that the LAPD has under reported violent crime for years, not only to a national data base, but also to the news media and to its own inter-departmental information collection.

Let’s say I get ripped off on a marketplace website or skimmed at the gas station or whatever. My card gets traded around Pakistan for a few days before the bank sorts itself out. I get my money back, new card, very sorry etc. Am I to expect Cincinnati District 4 Police to don some cyber suits and jump into the internet like TRON to battle the cyber thief’s? I am highly skeptical that this nearly jurisdictionless crime should be on the local police’s plate. Maybe they can investigate the rigged gas pump but when it comes to finding out why my card was only used in Islamabad, I’m not putting much faith in an already busy local police department.

Add domestic violence and stalking to this list. When my ex-husband began hacking into my computers, phones, and confidential correspondence with my attorneys, I was advised against pursuing it because the court would find it nearly impossible to establish guilt, even though I had piles of evidence that it was happening. At one point my attacker was sending pornography with my head photoshopped on to my current husband while he was on business trips. These same photos were sent to my family photo sharing files, where my children could see them. Police would not take a report because they said it was not their jurisdiction. Now I keep my privacy settings as high as I can, but I know that I am probably being watched at all times. Any day now he could “break in” and steal everything and I would have no recourse.

It has seemed obvious to me for a long time that criminal enterprises have simply moved their operations into cyber-crime. Cheaper, less physically dangerous and very little chance of getting caught.

Politicians have long used the FBI Uniform Crime Reporting (UCR) statistics to tell us that crime has decreased. They know, however, that the statistics, especially on property crime, are simply useless as a portrayal of actual crime. Our leadership tells us crime is decreasing, when they know it is not, and then pretend to be puzzled when opinion polls show the public believes crime is actually increasing. Although violent crime has certainly decreased (and is relatively accurately tracked since it is generally reported), overall crime actually is increasing, led by property crimes that are almost impossible to combat, and invisible in crime statistics. The most prevalent property crime today, credit card theft, is not even reported to the police in almost all cases, but instead is settled quietly between the cardholder victim and his bank. And since fraud is not one of the FBI UCR statistical categories, it is left un-reported in FBI statistics. Here is an example--financier Bernie Madoff committed probably the largest personal crime in history---$50 billion worth of theft in his Ponzi scheme. Yet that crime was never recorded in FBI UCR statistics because it was not one of the eight crimes they designate for reporting--homicide, rape, aggravated assault, robbery, arson, aggravated theft (of an actual item), burglary, or car theft. It's time for a change, and time for politicians to come clean.

This is the budding problem for the nation's police forces.It's what you get when you recruit a generation a cops who want and expect to play cowboy.

Like white collar crime, cybercrime is not taken a seriously as it should. In actuality the narrative on cybercrime is just about nonexistent. However , just like white collar crime, the effects in many cases are the same as if being shot with a gun or being run over by a hit and run driver. Law enforcement is just as vulnerable as any of us as evidenced by police departments having to pay those who held their computing systems hostage due to having no defense against ransom ware.