Cybercrime

Featured

A wide range of computer security threats exists—including faulty software, password trafficking and fraud, and hostile groups intending to inflict damage—and awareness of these threats varies. RAND has conducted research to measure and increase understanding of the impact of cybercrime on businesses and governments and has addressed such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and actions that can be taken in the face of cyberattack.

  • A laptop computer, a 9mm handgun, and bullets, photo by eldadcarin/Getty Images

    Report

    U.S. Weapons Are the Main Source of Illegal Arms on the Dark Web

    Jul 19, 2017

    Sixty percent of weapons on sale on the dark web come from the United States. This illicit market for firearms, explosives, and ammunition can anonymously arm criminals, terrorists, and others.

  • A graphical model meant to help prevent hackers from attacking vulnerable computer resources, photo courtesy of Pacific Northwest National Laboratory

    Content

    Challenges and Opportunities in Cyberspace

    Sep 30, 2016

    Cyberspace provides opportunities for innovation, commerce, and societal advancement but also raises issues for policymakers in securing cyber vulnerabilities, ensuring privacy and protection of personal data, and considering the use of cyber weapons as a national security asset.

Explore Cybercrime

  • Criminal hiding behind a mask on computer screen asking the owner for money

    Commentary

    The WannaCry Cyber Attack Could Be the First of Many If the NHS Takes No Action

    In the UK, the National Health Service (NHS) was one of the organizations most severely affected by the WannaCry ransomware. The NHS and other public sector organizations need to improve their cybersecurity processes and quickly before a more severe cyber attack takes place.

    Dec 1, 2017

  • Computer hacker with magnifying glass

    Commentary

    It's Time for the International Community to Get Serious About Vulnerability Equities

    Multiple countries around the world are likely discovering, retaining and exploiting zero-day vulnerabilities without a process to properly consider the trade-offs. This needs to change. It’s time for the international community to get serious about vulnerability equities.

    Nov 15, 2017

  • Trading information about Equifax and the company logo are displayed on a screen on the floor of the New York Stock Exchange, September 8, 2017

    Commentary

    The Equifax Breach: Yawn, or Yikes?

    In cases where personal information is exposed, such as the Equifax data breach, it is critical that consumers take steps to ensure their information is not abused. The simplest and perhaps the most effective way to enhance personal digital security is to protect account credentials using password management software.

    Nov 3, 2017

  • Multimedia

    Equifax and the Data-Breach Era: How Worried Should We Be?

    Large-scale data breaches like those of Equifax and OPM compromised the personal data of millions of people. What can be done to improve the response to such breaches? In this October 26th congressional briefing, Lillian Ablon and Sina Beaghley address victim and lawmaker reactions, national security implications, and considerations for policymakers.

    Oct 26, 2017

  • Credit cards, a chain, an open padlock, and a computer keyboard are visible next to the Equifax logo

    Commentary

    Equifax and the Data-Breach Era

    The personal and financial data of almost 146 million U.S. consumers has been compromised by the Equifax breach, the latest in a long line of high-profile hacks. Do consumers worry enough about such breaches? And what options are available to Congress?

    Oct 18, 2017

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

    Sep 15, 2017

  • Hacked internet of things

    Commentary

    Gaming Policy in Cyberspace

    Hacked devices and intellectual property theft are a rich hunting ground for policy development. The challenge posed by Internet-connect devices is only getting worse as the number of online devices continues to grow.

    Aug 23, 2017

  • Digital devices on a map of Australia

    Report

    Australia's Cyber Security Policy Options

    An exercise with participants from government, industry, think tanks, academia, and the media explored opportunities to improve cyber security and inform Australia's strategy. Recommendations include creating and enforcing technology security standards, crafting international agreements to address challenges, and increasing awareness to keep users safe online.

    Aug 7, 2017

  • Girl Scouts compete in the Mission Ocean Challenge during the USS California Science Experience at Naval Surface Warfare Center, November 6, 2010

    Commentary

    Cybersecurity Badge: One Big Step for Girl Scouts, Potentially Giant Leap for Women

    The Girl Scouts will start offering 18 cybersecurity badges next year. In addition to exposing girls to cyber concepts and challenges, this could encourage them to pursue cybersecurity or other STEM careers in which women are underrepresented.

    Aug 3, 2017

  • Computer hacker working on laptop late at night in office

    Commentary

    Connect, Buy-Now, Fire: How the Dark Web Allows Criminals to Buy Weapons—Anonymously

    Despite its small size compared to the offline market, the ability of the dark web to anonymously arm individuals of all backgrounds needs to be taken seriously. Its potential impact on international security is significant.

    Jul 25, 2017

  • News Release

    US Weapons Main Source of Illegal Arms Trade on the Dark Web

    The illegal sales on the dark web of firearms, weapons, explosives, and banned digital guides on homemade products present challenges for law enforcement agencies and national governments. Its potential to anonymously arm criminals and terrorists, as well as vulnerable and fixated individuals, is the most dangerous aspect.

    Jul 19, 2017

  • A man holds a laptop computer as cyber code is projected on him

    Report

    Could Stateless Attribution Promote International Cyber Accountability?

    The public may respond to government claims about who is behind a cyberattack with suspicion and confusion. Could an independent, global organization for cyber attribution help?

    Jun 2, 2017

  • A soldier sets up voice intercept equipment during a cyber integration exercise on Joint Base Lewis-McChord, Washington, October 21, 2015

    Commentary

    What Happens After ISIS Goes Underground

    As the Islamic State in Iraq and Syria suffers defeats on the battlefield, it is expanding its cyber presence to continue to encourage attacks abroad. The more the group relies on cyberspace, the more likely it will expose important segments of its organization to detection and disruption.

    May 30, 2017

  • A young man is frustrated by the WannaCry ransomware attack

    Commentary

    WannaCry Virus: A Lesson in Global Unpreparedness

    The WannaCry ransomware attack provides important lessons about how to secure cyber networks. History indicates that other attacks will follow. Preparedness is crucial.

    May 22, 2017

  • A person typing on a computer keyboard in a dark room

    Commentary

    Are Terrorists Using Cryptocurrencies?

    As the U.S. Treasury Department and its partners have denied terrorists access to the international financial system, new digital currencies could become an attractive alternative. They could be used for money laundering or to pay the personnel and vendors that keep the terrorist machine running.

    Apr 21, 2017

  • The 24-hour Operations Room inside GCHQ, Cheltenham, UK, November 17, 2015

    Commentary

    Five Eyes at 70: Where to from Here?

    The Five Eyes intelligence alliance of the U.S., Canada, Great Britain, Australia, and New Zealand began in the Cold War to meet the threat posed by the Soviet Union. Today, the nations' intelligence communities must contend with domestic terrorism and cyber threats while remaining ahead of Russia and China.

    Apr 21, 2017

  • World map

    Commentary

    Why It's So Hard to Stop a Cyberattack — and Even Harder to Fight Back

    Cyber weapons attack the underlying network or computer systems. The possibility of unexpected effects in the cyber world is therefore greater than in conventional warfare. Not knowing if the effects were intentional complicates the response.

    Mar 30, 2017

  • A coder types on laptop keyboard

    Commentary

    Reining in Internet Abuse

    The internet is being used for harmful, unethical, and illegal purposes. Examples include incitement and recruitment by terrorists, cyber bullying, and malicious fake news. Americans say they are unhappy with the tone of the online discourse, but are reluctant to consider potential remedies.

    Mar 23, 2017

  • News Release

    RAND Study Examines 200 Real-World 'Zero-Day' Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017