The World of Cybercrimes

Cybercrimes are one of the most dangerous threats to our Nation. There are no boundaries when it comes to cybercrimes. A cybercrime is one of the fastest growing crime types of the century and includes criminal activity involving computers and the internet. Hacking a computer is not the only thing considered a cybercrime. Downloading movies and music illegally is also a cybercrime. Once thought as something that only the military or other government officials had to worry about, it is now on the rise since everyone has a computer and it is easy to find out how to hack into computer systems. With the rise of internet usage among businesses and private users, the risk of being a victim of cybercrime is huge. The Security Tracking Study performed by the Pomemon Institute states that 83 percent of multinational companies feel that within the past 12 months they have been a target of a cybercrime. Price Water House Coopers states that the number of businesses having a security breach is more along the lines of 92 percent.
Cybercrimes are attacks on computer hardware and software, downloading illegal movies and music, online fraud involving financial crimes and corruption with an organization, crimes against children and the elderly, cyber bullying and fraudulent telemarketing events for charitable donations. What was once something only “hackers” did is now something anyone can do. The term hacker was originally described as “any technical effort to manipulate the normal behavior of network connections and connected systems.” The managing director of Accenture’s security practice, Alastair MacWillson, notes that hackers have changed a lot over the past decade. What was a crime with little to no victimization simply to prove their worth and ability has now become a crime whereas there are many different types of victims. Some victims are government entities, financial institutions, social media users, employers, elderly and children.
Government entities and financial institutions have been the main victims of all things cybercrime related for the last couple of decades. There are a number of well-known hackers that have stolen credit card information and transferred money from one account to another for their own personal gain. Sometimes, these hackers claim that they are only hacking to help a company improve their security or to make a point. Regardless of the reason, hacking is very illegal.
Recently, more people are becoming victims of cybercrimes because everyone is on the internet for personal and business reasons. People of all ages use social media. A lot of people are too lax in their security practices and this opens them up to being hacked and taken advantage of. A hacker can “friend” someone whether it be young or old and find out where they work, who their family is, where they visit the most and where they bank simply by watching where they “check in” with their app or with their Facebook status. Metadata, which is data embedded in a picture, includes time and date, user information, location information, type of camera used, etc. which can also be used to tell hackers or stalkers where pictures are being taken down to the exact room within a building. This makes children vulnerable to hackers or even worse. Many people are unaware that each picture they take includes this metadata. Once a person becomes aware of this, they can turn off the feature but when an operating system updates, a person needs to double check that this feature is still disabled because sometimes the update will turn this feature back on without the user’s knowledge.
There are many types of cybercriminals. Cybercriminals are not just nerds or geeks anymore. Anyone can be a cybercriminal. If you do not know how to do something, just Google it and you can find out how to do anything and that includes hacking. The seven most common types of cybercriminals are hackers, script kiddies, cyberpunks, virus writers, phishers, hacktivists, insiders and cyber terrorists. The most well know type of cybercriminal is a hacker. Within the hacking world, there are many types of hackers. Hackers are normally split up into three different categories. Black hat hacker, white hat hacker and grey hat hacker.
Not all hackers are necessarily bad. But let us break them down by the different types. A black hat hacker is the type of hacker that we hear about the most. There are many movies based on the black hat hackers. Black hat hackers are the “bad boys” of the hacking world. They are criminals that have found a way to make money by committing crimes against people on the internet. These crimes can be against individuals or companies. The main goal is to wreak havoc and disrupt lives.
Some of the most well-known black hat hackers include Kevin Poulsen (Dark Dante), Albert Gonzalez, Vladimir Levin, Robert Tappan Morris, Michael Calce (MafiaBoy), David Smith, Adrian Lamo, George Hotz, Jonathan James (c0mrade), Gary McKinnon, and Steve Jobs.
Kevin Poulsen aka Dark Dante hacked into the telephone lines of KIIS-FM, a radio station in Los Angeles, and won a brand new Porsche 944 along with other prizes. Poulsen was named “Hannibal Lecter of computer crime” by the FBI in the 1980’s. He went underground but was captured in 1991. He was sentenced to just over four years in prison. He is now a senior editor for Wired News and one of his articles explains how he helped to identify 744 sex offenders that had MySpace.
Albert Gonzalez was a black hat hacker in every sense of the word. While most black hat hackers can turn it around and make a positive impact by helping the police, Albert could not. He was caught at an ATM machine in the middle of the night by a NYPD detective when Albert was using a number of different ATM cards to withdraw the limits on each card. When he was taken in, the police asked him to work with them to bring in members of a credit and debit card fraud ring that the Secret Service’s Electronic Crimes Task Force were having trouble catching. The group was called Shadowcrew and they had hundreds of members in Asia, Europe and the United States. Gonzalez became a paid confidential informant for the Secret Service in 2006.
While working with the Secret Service, Gonzalez pulled off one of the biggest credit card and ATM thefts in history. Between 2005 and 2007, he and his team stole and then sold over 170 million credit card and ATM numbers. They also hacked OfficeMax, Dave Y Buster’s, Marshalls, Target, JC Penney, Boston Market and Sports Authority. When he was arrested, 1.1 million dollars in cash we recovered from a fifty gallon drum he had buried in his parents’ backyard. He is now serving 20 years in prison.
In 1995, Vladimir Levin was living in Russia in an apartment when he used his lap top to transfer $10 million dollars from Citibank to his accounts. He and his accomplices we caught a few weeks later and they plead guilty to the charges. Citibank received all by $400,000 back from Levin and his group.
Robert Tappan Morris was the first person ever to be tried under the Computer Fraud and Abuse Act. In 1988, Morris released a computer worm that affected a tenth of the internet. He was caught quickly because he talked about his plan before ever executing it. The damage he caused was just over $15 million. Because the worm did not actually destroy any data, he only received community service and was fined. He now works Massachusetts Institute of Technology (MIT) in the Electrical Engineering and Computer Science department.
Michael Calce, also known as MafiaBoy, was a fifteen year old boy when he took down Amazon, Dell, eBay and Yahoo!. He caused the systems to fail and be down for about an hour. When asked why he did it, his only answer was to prove that he could. His attack is called a denial-of-service. He feels that he did not do anything wrong but instead he caused the entities that he attacked to beef up their security. President Clinton started up a cybersecurity group and Attorney General Janet Reno launched a manhunt. Because he was just a kid, MafiaBoy was sent to a youth group home for eight months after being caught and charged with 50 crimes. He is now one of the black hat hackers that have become white hat hackers. Calce is now hired by companies to test their cyber security.
David Smith sent out one email that was infected with a virus. This virus was then sent out to other computers and then sent out to more computers. In the end, over 60,000 email viruses were sent out because of Smith’s one email. He is the only person to ever go to prison for sending just one email.
Adrian Lamo (the homeless hacker) hacked from coffee shops, libraries and internet cafes. Lamo broke into The New York Times, Microsoft and Yahoo!. He added his name to The New York Times’ database of expert witnesses in 2002. Lamo had to pay $65,000 in damages and was under house arrest for six months and two years of probation. In 2010, he informed the U.S. Army that Bradley Manning was the person that leaked the Baghdad airstrike video in 2007. Lamo now works in Sacramento as a threat analyst.
George Hotz is most famous for hacking Sony’s PlayStation 3 in 2010 but before that he hacked Apple’s iPhone in 2007. In 2014, he was able to hack Google Chrome and he told Google about it. He now works with Google’s Project Zero that helps identify software issues within companies.
Jonathan James (c0mrade) was the first juvenile in the United States put in prison for cybercrimes. At the age of 15, he hacked into NASA and the Department of Defense. He also hacked into the Defense Threat Reduction Agency and intercepted messages containing highly secretive information. In 2008, James shot himself. His suicide note stated, “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”
In 2002, Gary McKinnon hacked a U.S. Army computer with the phrase, “Your security system is crap.” McKinnon had hacked the Army, Air Force, Navy and NASA to try and prove that the United States military was hiding secrets regarding UFOs.
Steve Jobs is also listed as a black hat hacker. Jobs and his buddy Steve Wozniak made a blue box that would match the exact tone to allow a person to use AT&T’s phone system to place free long distance calls. Jobs states that he and Wozniak made about $6000 from selling the blue boxes to their friends. They stopped when they almost got caught by the police. He says if it wasn’t for those blue boxes, there would not be an Apple Computer.
The Federal Bureau of Investigations (FBI) has a Top 10 Most Wanted list of cybercriminals, most of which have a reward attached to them if they are caught. The list includes Nicolae Popescu, Dumitru Daniel Bosogioiu, Evgeniy Mikhailovich Bogachev, The Chinese Army Five, Alexsey Belan, Peteris Sahurovs, Artem Semenov, Alexandr Sergeyevich Bobnew, Carlos Enrique Perez-Melara, and Noor Aziz Uddin. Nicolae Popescu has a $1 million reward on his head. Popescu and his group set up fake auctions on Cars.com and AutoTrader.com. The group stole over $3 million from Americans who thought they were bidding on real cars. In 2012, six of Popescu’s group were caught but Popescu and one of his partners got away. Their crimes include wire fraud, money laundering, and passport fraud.
Dumitru Daniel Bosogioiu was Popescu’s partner. He helped Popescu steal over $3 million dollars from unsuspecting Amercians on online car auctions. He has a $750,000 reward on his head.
Mikhailovich Bogachev is one the most dangerous cybercriminals on the FBI’s most wanted list. He owns the GameOver Zeus botnet with is thought to be the largest army of slave computers in the world. The GameOver Zeus botnet steals bank account numbers and passwords so that bank accounts can be hijacked. The FBI believes that the GameOver Zeus botnet has stolen over $100 million.
Sun Kailiang, Huang Zhenyu, Wen Xinyu, Wang Dong and Gu Chunhui are members of the Chinese Army Five. The FBI believe that The Chinese Army Five are members of a secret group within the Chinese People’s Liberation Army called “Unit 61398”. This group is accused of hacking into American owned companies and stealing trade secrets that give the Chinese information to help them in high tech project bids.
Alexsey Belan has a $100,000 bounty on his head. He is accused of hacking into three American computer networks and stealing usernames and passwords. He is also accused of selling these username and passwords and exposing millions of American accounts.
Peteris Sahuroves used Malvertising to hold computers ransom. Sahuroves would trick online news sites into advertising for his fake hotel chain. When a visitor of the site would click on the ad, they would be told the needed to pay a $50 ransom. If they did not pay the ransom, then their computers were bombarded with security alert pop-ups.
Artem Semenov is part of a ring of cybercriminals that hires “money mules” to open U.S. bank accounts. Once these accounts are opened, Semenov and his ring send unauthorized money transfers to the accounts. They money mules then transfer the money overseas to unnumbered accounts. Semenov has a $50,000 reward out for him.
Alexander Sergeyevich Bobnev also used money mules to help him move money from one account to another. The FBI claim that Bobnev would sneak into U.S. investment companies, launder money and sneak back out of the company. He would then have his money mules to get over $350,000 transferred to other accounts.
Carlos Enrique Perez-Melara has a $50,000 reward out for his capture. While he was a student in San Diego Perez-Melara helped spouses spy on their cheating spouses. While helping them spy, he also spied on them as well.
Noor Aziz Uddin stole over $50,000 and now has a $50,000 bounty on his head. The FBI say that he hacked computer systems from Saudi Arabia to Switzerland to Spain. Uddin would break into computer systems of large telecommunication firms and also defrauded government agencies.
A white hat hacker is the complete opposite of a black hat hacker. White hat hackers consider themselves to be the “Robin Hood” of the hacking world. Everything they do is to better the world or an organization. Many times an organization will hire a white hat hacker to test their security to make sure that they are not vulnerable to outside attacks. A white hat hacker will “hack” into the system like they are really going to do some damage but instead of doing anything bad, they simply let the organization know where their weaknesses lie. Many of the white hat hackers were once black hat hackers but saw the error of their ways and switched to the other side.
Most of the white hat hackers started out as black hat hackers. This is important for the white hat hackers being able to catch black hat hackers. Because they know how they work, they can get into their heads and figure out what their next step is. Some famous white hat hackers are Steve Wozniak, Linus Torvalds, Tim Berners-Lee, Julian Assange, Tsutomu Shimomura and Mark Zuckerberg.
Steve Wozniak co-founded Apple Computers with Steve Jobs. Before they created the Apple Computer, they both were “phreakers”. A phreaker was a person that hacked the telephone networks. Wozniak and Jobs made a Blue Box that could bypass the telephone lines by emitting audio tones and allow them to place free long distance phone calls. They went on to sell these Blue Boxes to their college buddies.
Linus Torvalds invented Linux. Linux is an easier way to get around the UNIX based systems that are currently used. It is a good alternative to Mac and Windows. Torvalds started making changes to his personal computer when he was a child. It was 1991 when he came up with the first version of Linux.
Tim Berners-Lee started about by making a computer from scratch using nothing more than parts from a television, a soldering iron, TTL gates and an M6800 processor. He is now credited as the person who created the World Wide Web in 1989.
Julian Assange was one of the first “ethical hackers” back in Australia in 1987. He lived by three rules: not to harm the system that he broke into, not to alter any information within the systems, and to share as much information as possible. He was arrested in 1991 but in 2006 he started up WikiLeaks. WikiLeaks is a way for whistleblowers to disclose illegal or unethical activities within the government.
Tsutomu Shimomura helped to take down Kevin Mitnick after Mitnick personally attacked Shimomura by hacking his computer. Shimomura in turn hacked Mitnick’s cell phone and helped track him to his apartment complex where Mitnick was arrested.
Mark Zuckerberg says that hacking is important for finding new ideas and getting new products out on the market. Zuckerberg claims he is a white hat hacker because he gets rid of the black hat hackers. Zuckerberg likes to hack to fix things. To him it is a way of life and a normal part of his daily routine.
Grey hat hackers are considered a hybrid between white hat hackers and black hat hackers. Grey hats do not usually do anything bad like destroying a computer system but they have been known to take for their own benefit. Whereas a white hat will break into a system just to let the companies know that they have weaknesses, and a black hat will break into a system to cause major damage, a grey hat will break in because they can and while in the system, the may or may not take something for themselves.
Grey hat hackers do not normally “hack and tell”. They like to stay in the shadows and not let their identities or reasons be known. Because of this, the list of known grey hat hackers is only made up of nicknames. “{}”, “Hardbeat”, and “Goatse Security” are a few that do not have “real people” attached to them. Khalil Shreateh, on the other hand, is a well-known name because of his grey hat hacking. Shreateh tried to get the attention of Facebook regarding a flaw that he found that would allow him to post to anyone’s page without their permission. Facebook did not pay attention to Shreateh’s warnings so he hacked Mark Zuckerberg’s page. Mark Zuckerberg is the founder of Facebook. Facebook would normally pay $500 for a report of a bug that affects them but because Shreateh is a grey hat, they refused to pay him at first. According to Facebook, their terms of service say that they will pay for information about any bugs but by demonstrating the bug on Zuckerberg’s page this comprised the security of the users. A white hat group started a campaign to help reward Shreateh. In just a day, they raised over $11,000.
Script kiddies are hackers in the making. They know just enough to be dangerous but do not cause any real damage. Script kiddies attack poorly secured systems. Once attacked by a script kiddie, a company can use this as a warning and make changes to their systems to make sure it is more secure before someone does any real damage.
Cyberpunks are more like a common street punk except that they are hiding on the internet. These types of cybercriminals normally do not have a lot of friends and try to impress people with their knowledge of computers in the online world. They can cause more damage than a script kiddie but are not “into” hurting people. They feel alone and misunderstood and only feel “alive” when online.
Virus writers are more intelligent than the cyberpunk but less dangerous than the cyber terrorist. They are in it in order to show off their intelligence and gain notoriety. Although they do cause damage to computers by crashing systems, they do not normally do anything to cause any financial damage. They are only a step above a cyberpunk because they do enjoy seeing the damage they cause being broadcast on television.
Phishers are more dangerous than script writers because they want to access usernames and passwords in order to gain access to bank information. Phishers pretend to be a trusted online entity and tricks a user into entering their information into the system where the phisher has set up a way to catch the information for future use. A user normally does not even know that they have been hacked until it is too late.
Hackavisits are hackers that think what they are doing is important and will help save the world. Sometimes these hackers are just doing what they are doing to prove a point with no damage intended. Other times, the group starts out with the greater good in mind but quickly find themselves doing it for the money. Some of these groups will attack political parties, religious groups and government groups. When in the wrong hands, a hackavist can cause massive damage to many systems. An example of such is Stuxnet where a worm was released and attacked Iran’s Atomic Program of Nuclear Facilities. This worm was thought to have been created by a government entity to weaken Iran.
Insiders are individuals that are working within an organization. They can be very dangerous because they know all the ins and outs of the organization and know where the weaknesses are. Although this is a small group of hackers, they cause a large amount of damage to many companies every year.
Cyber terrorists are individuals or groups that attack information, computer systems or computer programs with the intent of causing violence or damage to government groups or military. These groups are made up of activists who think they have to attack in order to get their point across. The more damage they can do, the better. The biggest hack of this type to date was the attack on the French Network TV5Monde which was claimed to be done by an Islamic State militant group. The group managed to interrupt the broadcast signal for almost a full day. These hackers also interrupted email and social media of TV5Monde. Information in support of the Islamic State and threats against the French military were posted on the station’s Facebook and Twitter pages before being shut down.
The number and type of cyber-attack are increasing every day. Some of the more obvious types of attacks include juice jacking, identity theft, ransomware, DDoS attacks, Botnets, spam and phishing, social engineering, malvertising, PUPs, Drive-by-downloads, remote administration tools, exploit kits and cyber bullying.
Juice jacking is a way that hackers can steal your data while your cell phone is being charged in a public place. Charging kiosks are set up all over the airport and in malls. When a phone is plugged into the kiosk to charge, all the data from that phone can be downloaded to a nearby laptop. Sometimes, a virus can be downloaded to the phone within one minute of plugging in the phone. The virus can be used to access a bank account or credit card. A few ways to protect yourself from juice jacking is to make sure your phone is charged before leaving home or by carrying a portable charger of your own.
Identity theft is the most common type of cybercrime and is when a person pretends to be someone else in order to commit fraud or receive financial gain. Phishing can be used to commit this type of cybercrime. Sometimes it can take years to undo what an identity thief has done. It is important to keep personal information safe so that no one can take your information and pretend to be you.
Ransomware is one of the worst types of attacks online. Ransomware access the computer and encrypts a user’s files using a public key encryption code. The user is then told they must pay a ransom to get the public key encryption code.
DDoS attacks “break” the internet by making online services unavailable. A remote attack is used to infect computers by planning malware on the system. Hackers are motivated by extortion and blackmail and attack using Botnets. Botnets are large groups of computers that are infected.
Botnets are networks of computers that have been infected by an attack. These are then used to infect other computers by sending spam or phishing viruses to the computer systems. Once infected, the botnets can send out malicious malware that can cause major damage to the systems.
Spam and phishing are cybercrimes that have been around since the beginning of the computer age. Spam is annoying but generally not damaging to the system. Spam floods email and webpages. Phishing, on the other hand, is used to trick a user into entering their username and password into a dummy site in order to access other systems and to cause financial and emotional damage to users.
Social engineering is a way to get someone to trust you enough to give you information about their finances or business. Once the person has let down their guard and become friendly with the attacker, they will willingly give their information to the hacker. The hacker can then wipe the users’ accounts with little or no interference because people are too ashamed to admit they were taken by people in that way. Sometimes social engineering can happen to the authorities too. Albert Gonzalez was a slick black hat hacker that social engineered the Secret Service before getting busted and going to prison.
Malvertising is one of the fastest growing types of cybercrimes. Malverstising is a way for hackers to get a user to click on an advertisement that is infected with malicious information. The hackers can take a normal advertisement and insert the malicious information without the knowledge of the user or the company.
PUPs are potentially unwanted programs are less harmful than other malware but are very annoying. This type of malware can be very disruptive to a user. When downloading a program from the internet, a user will unknowingly add a search bar or toolbar or security program that will keep popping up while trying to work on other programs. This program will be hard to remove from the computer but can be done by setting the computer back to a date before the program was added.
Drive-by-downloads are similar to malvertising. When a user visits a website, a download of malicious code is initiated by the computer. The infected computer is then used to infect other computers. Sometimes the websites do not even know that they are causing problems for users. Java and Adobe Flash are two of the big names that this happens to on a regular basis.
RATs or remote administration tools are used from a remote location. These tools are used to steal files and data. These tools are also used to send the location of the computer and control the device remotely.
Exploit kids are used by hackers to gain access to a computer. These are sold on the internet and are available on hacking sites and in hacking forums. These are extremely illegal but are used by cybercriminals to steal information from users.
Cyber bullying occurs in more homes then one would like to think. According to MASK (Mothers Awareness on School-age Kids) matters, almost 35 percent of children have been bullied online and it has happened more than once. Being disrespected or ignored is one of the most common types of cyber bullying. Almost all middle school kids have had their feeling hurt by cyber bullies. It’s hard to believe but mask matters states that 75 percent of middle school kids have gone to a web site that bashes other students. Almost half of all middle school students have had their passwords stolen and then been locked out of their accounts while the bully pretended to be them and sent hurtful messages to others or posted about others. Twenty percent of kids have received threatening or mean emails. Cyber bullying is just as psychologically and emotionally damaging as real life bullying. It can actually be worse because even after the kids are home, cyber bullies can still get to them through their phones and computers. Fifty-six percent of cyber bullying happens within a chat room online. Girls are more likely to become victims of cyber bullies and are also more likely to be the bully. Overall, over half of kids have said that someone has been mean or hateful to them online more than once.
There are ways to prevent cyber bullying. The most important thing is to know what your kids are doing online. Make sure that your child understands that what they say or do online is a permanent thing. Know the websites they go to and who they are talking to. Make it clear to your child that bullying is never ok and if they know that someone is bullying or being bullied then they should tell an adult.
Another type of cybercrime is a cyber-attack. A cyber-attack is when a computer launches an attack on another computer. Practical Law Company, Whitepaper on Cyber Attacks defines a cyber-attack as “an attack initiated from a computer against a website, computer systems or individual computer (collectively, a computer) that compromises the confidentiality, integrity or availability of the computer or information stored on it.” By definition, in order to be considered a cyber-attack, an attack must be an “attack or illegal attempt to gain something from a computer system.”
Punishments for cybercrimes incorporate a wide range of consequences. Fines, jail or prison time, probation, community service and loss of internet access are a few. Some types of community services expected could include helping with catching other hackers or volunteering at a local center teaching children or the elderly how to use the computer with the necessary supervision to keep the hacker from accessing any unauthorized websites. There are organizations that can learn from hackers and use them to beef up their security and protect their clients and their information. This is how black hat hackers get turned into white hat hackers.
IronGeek clarifies the violations and penalties associated with cybercrimes with very specific laws. The laws for each state are different. One should check the laws in their own state. There are extensive laws regarding hacking in all states and by following these guidelines one can make sure they are not doing anything that could get them in trouble. Of course not everyone cares about the “official” laws of the internet but these are important and should be mentioned. For the laws in Tennessee, see Appendix A. This explains in detail the State Hacking/ Computer Security Laws in Tennessee as stated IronGeek.
The Verge is a place to find out all the latest ways a hacker can get into your world. Hackers can access old SnapChats, turn your GoPro into a spycam, map your moves with tiny computers, mess with your “smart” television, thermostat, and coffee pot and watch you through your laptop. One of the scariest things is they can take control of your car while you are driving and there is nothing you can do about it.
There are ways to protect yourself and your computer from these cybercriminals. The main safety measure to think about is your password. Your password should be a minimum of eight characters and include a combination of upper case letters, lower case letters, numbers and special symbols. Do not make the password any part of your name, birth date or anything to do with family. Once you have a good password, do not give it to anyone. Keep your passwords in a safe place, nowhere near your computer. If you have to put it in a file, make sure the file is not on a computer that has internet access.
Another safety precaution is to keep your files backed up and in a separate location from your computer. Using a thumb drive that you keep in a safe is a good place for your important documents that are both paper and digital. Or give the thumb drive to a trusted family member that does not live with you.
The main thing to do is have good internet security software in place. Firewalls are good at keeping the cybercriminals at bay. Do not download anything that you are unsure of and if it looks fishy, do not click on the link. If you realize that you did click on a link and now have malware on your computer, go back to a date before the download to keep from infecting other computers.
Cybercrimes are everywhere but there are ways to protect yourself if you are careful and diligent. If you would not trust someone with something in real life then do not trust them on the internet. Assume that everyone you meet is trying to get your personal information and remember that anyone can be a cybercriminal. Be aware of the different types of cybercrimes and the different types of cybercriminals. There are also places that are set up for people to report cybercrimes. Go to FBI.GOV to report cybercrimes. Most importantly, stay safe but have fun.
References
(n.d.). Retrieved May 13, 2015, from https://www.maskmatters.org/pdf/CyberbullyingFacts.pdf
(2013). Retrieved May 13, 2015, from http://www.forbes.com/sites/thesba/2013/08/28/how-to-prevent-cyber-crime/
Batke, K. (2011, December 20). 7 Types of Cyber Criminals. Retrieved May 3, 2015, from http://www.faronics.com/news/blog/7-types-of-cyber-criminals/
Cyber Attacks - Definition, Types, Prevention. (2014, December 2). Retrieved April 29, 2015, from http://www.thewindowsclub.com/cyber-attacks-definition-types-prevention
Facts About Cyber Bullying|NoBullying|Anti Bullying Information Center. (2013, December 15). Retrieved May 13, 2015, from http://nobullying.com/facts-about-cyber-bullying/
Grant, C. (2012, May 7). Top 10 Notorious Black Hat Hackers - Listverse. Retrieved May 13, 2015, from http://listverse.com/2012/05/08/top-10-notorious-black-hat-hackers/
Hacker Hat Colors Explained: Black Hats, White Hats, and Gray Hats. (2015). Retrieved May 13, 2015, from http://www.howtogeek.com/157460/hacker-hat-colors-explained-black-hats-white-hats-and-gray-hats/
Hamid, T. (2010, October 5). Playing with Firewalls. Retrieved May 5, 2015, from http://www.wsj.com/articles/SB10001424052748703453804575479632855718318
Hersher, R. (2015, February 7). Meet Mafiaboy, The 'Bratty Kid' Who Took Down The Internet. Retrieved May 14, 2015, from http://www.npr.org/sections/alltechconsidered/2015/02/07/384567322/meet-mafiaboy-the-bratty-kid-who-took-down-the-internet
Hoffman, C. (2013, April 20). Hacker Hat Colors Explained: Black Hats, White Hats, and Gray Hats. Retrieved May 12, 2015, from http://www.howtogeek.com/157460/hacker-hat-colors-explained-black-hats-white-hats-and-gray-hats/
How To Prevent Cyber Crime. (2013, August 28). Retrieved May 13, 2015, from http://www.forbes.com/sites/thesba/2013/08/28/how-to-prevent-cyber-crime/
I'm a Hacker, Says Facebook Owner and Founder Mark Zuckerberg. (2012, February 5). Retrieved May 14, 2015, from http://www.heyahey.com/im-a-hacker-says-facebook-owner-and-founder-mark-zuckerberg
Jeffries, A. (2013, July 31). The top 10 new reasons to be afraid of hackers. Retrieved May 15, 2015, from http://www.theverge.com/2013/7/31/4568992/top-10-new-reasons-to-be-afraid-of-hackers-def-con-black-hat
Lee, J. (2012, July 13). 5 Of The World. Retrieved May 16, 2015, from http://www.makeuseof.com/tag/5-worlds-famous-influential-white-hat-hackers/
Mitchell, B. (2015). Hacking - What is a Hacker in Computer Networking? Retrieved May 13, 2015, from http://compnetworking.about.com/od/networksecurityprivacy/f/what-is-hacking.htm
Neal, R. (2013, August 21). Facebook Hacker Rewarded: Facebook Apologizes To Khalil Shreateh, Indiegogo Account Gives $10k To Palestinian Hacker. Retrieved May 17, 2015, from http://www.ibtimes.com/facebook-hacker-rewarded-facebook-apologizes-khalil-shreateh-indiegogo-account-gives-10k-palestinian
Pagliery, J. (2014, November 18). Nicolae Popescu: $1 million reward. Retrieved May 13, 2015, from http://money.cnn.com/gallery/technology/security/2014/11/18/fbi-cyber-most-wanted/
Parker, T. (2012, July 10). 6 Ways To Protect Yourself Against Cybercrime. Retrieved May 4, 2015, from http://www.investopedia.com/financial-edge/0712/6-ways-to-protect-yourself-against-cybercrime.aspx
Prevent Cyberbullying. (n.d.). Retrieved May 13, 2015, from http://www.stopbullying.gov/cyberbullying/prevention/
Preventing and Recovering from Cybercrime. (2014, November 4). Retrieved May 13, 2015, from http://www.tripwire.com/state-of-security/incident-detection/preventing-and-recovering-from-cybercrime/
SCHECHNER, S. (2015, April 9). French Network TV5Monde Hacked by Group Claiming to Be Islamic State. Retrieved May 2, 2015, from http://www.wsj.com/articles/frances-tv5monde-hacked-by-group-claiming-to-be-islamic-state-1428581883
State Hacking/Computer Security Laws. (2015). Retrieved May 5, 2015, from http://www.irongeek.com/i.php?page=computerlaws/state-hacking-laws
Steve Jobs' First Business was Selling Blue Boxes that Allowed Users to Get Free Phone Service Illegally. (2012, October 5). Retrieved May 18, 2015, from http://www.todayifoundout.com/index.php/2012/10/steve-jobs-first-business-was-selling-blue-boxes-that-allowed-users-to-get-free-phone-service-illegally/
The Origin of "Hacker" (2008, April 1). Retrieved May 13, 2015, from http://imranontech.com/2008/04/01/the-origin-of-hacker/
Tips to Stop Cyberbullying. (2015). Retrieved May 13, 2015, from http://www.safeteens.com/tips-to-stop-cyberbullying/
Verini, J. (2010, November 13). The Great Cyberheist. Retrieved May 15, 2015, from http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html?_r=0
What is a Grey Hat? (n.d.). Retrieved May 13, 2015, from https://www.secpoint.com/what-is-a-grey-hat.html
What's juice jacking? (2014, September 4). Retrieved May 18, 2015, from http://www.techadvisory.org/2014/09/whats-juice-jacking/
Williams, J. (2005, April 29). Cyberpunk. Retrieved May 1, 2015, from http://www.urbandictionary.com/define.php?term=cyberpunk
Yin-Poole, W. (2014, July 17). Remember PS3 hacker Geohot? Now he works for Google. Retrieved May 13, 2015, from http://www.eurogamer.net/articles/2014-07-17-remember-ps3-hacker-geohot-now-he-works-for-google

Appendix A
Tennessee State Hacking/Computer Security Laws * 39-14-601. Part definitions. �
As used in this part, unless the context otherwise requires:

(1) "Access" means to approach, instruct, communicate, or connect with, store data in, retrieve or intercept data from, or otherwise make use of any resources of a computer, computer system, or computer network, or information exchanged from any communication between computers or authorized computer users and electronic, electromagnetic, electrochemical, acoustic, mechanical, or other means;

(2) "Authorization" means any and all forms of consent, including both implicit and explicit consent;

(3) "Computer" means a device or collection of devices, including its support devices, peripheral equipment, or facilities, and the communication systems connected to it which can perform functions including, but not limited to, substantial computation, arithmetic or logical operations, information storage or retrieval operations, capable of being used with external files, one (1) or more operations which contain computer programs, electronic instructions, allows for the input of data, and output data (such operations or communications can occur with or without intervention by a human operator during the processing of a job);

(4) "Computer contaminants" means any set of computer instructions that are designed to modify or in any way alter, damage, destroy, or disrupt the proper operation of a computer system, or computer network without the intent or authorization of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, which are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network. Such contaminants may include viruses or worms, which terms shall have the following meanings:

(A) "Virus" means a migrating program which, at least, attaches itself to the operating system of any computer it enters and can infect any other computer that has access to an "infected" computer; and

(B) "Worm" means a computer program or virus that spreads and multiplies, eventually causing a computer to "crash" or cease functioning, but does not attach itself to the operating system of the computer it "infects";

(5) "Computer network" means a set of two (2) or more computer systems that transmit data over communication circuits connecting them, and input/output devices including, but not limited to, display terminals and printers, which may also be connected to telecommunication facilities;

(6) "Computer program" means an ordered set of data that are coded instructions or statements that, when executed by a computer, cause the computer to process data;

(7) "Computer software" means a set of computer programs, procedures, and associated documentation concerned with the operation of a computer, computer system, or computer network whether imprinted or embodied in the computer in any manner or separate from it, including the supporting materials for the software and accompanying documentation;

(8) "Computer system" means a set of connected devices including a computer and other devices including, but not limited to, one (1) or more of the following: data input, output, or storage devices, data communication circuits, and operating system computer programs that make the system capable of performing data processing tasks;

(9) "Data" means a representation of information, knowledge, facts, concepts, or instructions which is being prepared or has been prepared in a formalized manner, and is intended to be stored or processed, or is being stored or processed, or has been stored or processed in a computer, computer system, or computer network;

(10) "Electronic mail service provider" means any person who:

(A) Is an intermediary in sending or receiving electronic mail; and

(B) Provides to end-users of electronic mail services the ability to send or receive electronic mail;

(11) "Financial instrument" includes, but is not limited to, any check, cashier's check, draft, warrant, money order, certificate of deposit, negotiable instrument, letter of credit, bill of exchange, credit card, debit card, marketable security, or any computer system representation thereof;

(12) "Input" means data, facts, concepts, or instructions in a form appropriate for delivery to, or interpretation or processing by, a computer;

(13) "Intellectual property" includes data, which may be in any form including, but not limited to, computer printouts, magnetic storage media, punched cards, or may be stored internally in the memory of a computer;

(14) "Local exchange company" includes telecommunications service providers as defined in � 65-4-101; competing telecommunications service providers as such term is defined in � 65-4-101; telephone cooperatives; cellular or other wireless telecommunications providers; and interactive computer service providers as defined in 47 U.S.C. � 230(f);

(15) "Output" means data, facts, concepts or instructions produced or retrieved by computers from computers or computer memory storage devices;

(16) "Owner" means an owner or lessee of a computer or a computer network, or an owner, lessee or licensee of computer data, computer programs, or computer software;

(17) "Property" shall include:

(A) Real property;

(B) Computers and computer networks; and

(C) Financial instruments, computer data, computer programs, computer software, and all other personal property regardless of whether they are:

(i) Tangible or intangible;

(ii) In a format readable by humans or by a computer;

(iii) In transit between computers or within a computer network or between any devices which comprise a computer; or

(iv) Located on any paper or in any device in which it is stored by a computer or by a human;

(18) "Services" includes, but is not limited to, the use of a computer, a computer system, a computer network, computer software, computer program, or data to perform tasks;

(19) "System hacker" means any person who knowingly accesses and without authorization alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network; and

(20) "To process" means to use a computer to put data through a systematic sequence of operations for the purpose of producing a specified result.

[Acts 1989, ch. 591, � 1; 1993, ch. 445, � 1; 2003, ch. 317, � 2.]

39-14-602. Violations � Penalties. �
(a) Whoever knowingly, directly or indirectly, accesses, causes to be accessed, or attempts to access any telephone system, telecommunications facility, computer software, computer program, data, computer, computer system, computer network, or any part thereof, for the purpose of:

(1) Obtaining money, property, or services for oneself or another by means of false or fraudulent pretenses, representations, or promises violates this subsection (a) and is subject to the penalties of � 39-14-105;

(2) Causing computer output to purposely be false for, but not limited to, the purpose of obtaining money, property, or services for oneself or another by means of false or fraudulent pretenses, representations, or promises violates this subsection (a) and is subject to the penalties of � 39-14-105; or

(3) Effecting the creation or alteration of a financial instrument or of an electronic transfer of funds with the intent to disrupt, alter, misappropriate, or commit fraud violates this subsection (a) and is subject to the penalties of � 39-14-105.

(b) Whoever intentionally and without authorization, directly or indirectly:

(1) Accesses any computer, computer system, or computer network commits a Class C misdemeanor. Operating a computer network in such a way as to allow anonymous access to that network shall constitute implicit consent to access under this part;

(2) Alters, damages, destroys, or attempts to damage or destroy, or causes the disruption to the proper operation of any computer, or who performs an act which is responsible for the disruption of any computer, computer system, computer network, computer software, program, or data which resides or exists internal or external to a computer, computer system, or computer network is punishable as in � 39-14-105;

(3) Introduces or is responsible for the malicious input of any computer contaminant into any computer, computer system, or computer network commits a Class B misdemeanor;

(4) Accesses, causes to be accessed, or attempts to access any computer software, computer network, or any part thereof, for the purpose of maliciously gaining access to computer material or to tamper maliciously with computer security devices including, but not limited to, system hackers, commits a Class A misdemeanor; or

(5) Makes or causes to be made an unauthorized copy, in any form, including, but not limited to, any printed or electronic form of computer data, computer programs, or computer software residing in, communicated by, or produced by a computer or computer network commits an offense punishable as provided in � 39-14-105.

(c) Whoever receives, conceals, uses, or aids another in receiving, concealing, or using any proceeds resulting from a violation of either subsection (a) or subdivision (b)(2), knowing the proceeds to be the result of such violation, or whoever receives, conceals, uses, or aids another in receiving, concealing, or using any books, records, documents, property, financial instrument, computer software, program, or other material, property, or objects, knowing that the item has been used in violating either subsection (a) or subdivision (b)(2) is subject to the penalties of � 39-14-105.

(d) Any person who violates this section in connection with an act of terrorism commits a Class A felony.

[Acts 1989, ch. 591, � 1; 1993, ch. 445, � 1; 2002, ch. 849, � 4; 2003, ch. 317, � 3; 2006, ch. 809, � 1.]

39-14-603. Unsolicited bulk electronic mail. �
(a) It is an offense for a person without authority to falsify or forge electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers.

(b) Transmission of electronic mail from an organization to its members shall not be deemed to be the transmission of unsolicited bulk electronic mail as prohibited by this section.

(c) Nothing in this section shall be construed to interfere with or prohibit terms or conditions in a contract or license related to computers, computer data, computer networks, computer operations, computer programs, computer services, or computer software or to create any liability by reason of terms or conditions adopted by or technical measures implemented by a Tennessee-based electronic mail service provider to prevent the transmission of unsolicited electronic mail in violation of this section.

(d) As used in this section, "without authority" means a person who uses a computer, a computer network, or the computer services of an electronic mail service provider to transmit unsolicited bulk mail in contravention of the authority granted by or in violation of the policies set by the electronic mail service provider.

(e) The transmission of electronic signals by a local exchange company to the extent that the local exchange company merely carries that transmission over its network shall not be deemed to be the transmission of unsolicited bulk electronic mail as prohibited by this section.

(f) A violation of this section shall be punished according to the damage to the property of another caused by the violation and shall be graded as provided in � 39-14-105.

[Acts 2003, ch. 317, �� 4, 8.]

39-14-604. Civil action � Damages, attorney fees, and costs. �
(a) Any person whose property or person is injured by reason of a violation of any provision of this part may file a civil action and recover for any damages sustained and the costs of the civil action. Without limiting the generality of the term, "damages" shall include loss of profits.

(b) If the injury arises from the transmission of unsolicited bulk electronic mail, the injured person, other than an electronic mail service provider, may also recover attorney's fees and costs, and may elect, in lieu of actual damages, to recover the lesser of ten dollars ($10.00) for each and every unsolicited bulk electronic mail message transmitted in violation of this part, or one thousand dollars ($1,000) per day. The injured person shall not have a cause of action against the electronic mail service provider that merely transmits the unsolicited bulk electronic mail over its computer network.

(c) If the injury arises from the transmission of unsolicited bulk electronic mail, an injured electronic mail service provider may also recover attorney's fees and costs and may elect, in lieu of actual damages, to recover the greater of ten dollars ($10.00) for each and every unsolicited bulk electronic mail message transmitted in violation of this part, or one thousand dollars ($1,000) per day.

(d) At the request of any party to an action brought pursuant to this section, the court may, in its discretion, conduct all legal proceedings in such a way as to protect the secrecy and security of the computer, computer network, computer data, computer program, and computer software involved in order to prevent possible recurrence of the same or a similar act by another person and to protect any trade secrets of any party. The provisions of this section shall not be construed to limit any person's right to pursue any additional civil remedy otherwise allowed by law.

[Acts 2003, ch. 317, � 5.]

39-14-605. Venue. �
For the purposes of venue under the provisions of this part, any violation of this part shall be considered to have been committed:

(1) In any county in which any act was performed in furtherance of any transaction violating this part;

(2) In any county in which any violator had control or possession of any proceeds of the violation or of any books, records, documents, property, financial instrument, computer software, computer program, or other material, objects, or items which were used in furtherance of the violation; and

(3) In any county from which, to which, or through which, any access to a computer, computer system, or computer network was made, whether by wire, electromagnetic waves, microwaves, or any other means of communication.

[Acts 1989, ch. 591, � 1; T.C.A. � 39-14-603; Acts 2003, ch. 317, � 6.]
39-14-606. Transmission of electronic signals by a local exchange company. �

The transmission of electronic signals by a local exchange company to the extent that the local exchange company merely carries that transmission over its network shall not be deemed to be the transmission of unsolicited bulk electronic mail as prohibited by this part.

[Acts 2003, ch. 317, � 8.]