Cybercrime

Featured

A wide range of computer security threats exists—including faulty software, password trafficking and fraud, and hostile groups intending to inflict damage—and awareness of these threats varies. RAND has conducted research to measure and increase understanding of the impact of cybercrime on businesses and governments and has addressed such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and actions that can be taken in the face of cyberattack.

  • A woman shocked and upset by something on her phone, photo by AntonioGuillem/Getty Images

    Report

    Strategies for Countering Online Abuse

    Jun 18, 2020

    Digital platforms that let users interact virtually and often anonymously have given rise to harassment and other criminal behaviors. Tech-facilitated abuse—such as nonconsensual pornography, doxing, and swatting—compromises privacy and safety. How can law enforcement respond?

  • Cybercrime concept of handcuffs icon on a digital background, photo by blackboard/Adobe Stock

    Report

    What Could Help Law Enforcement Deal with Crime on the Dark Web?

    Oct 29, 2019

    Crime in traditional online forums often leaves a trail of data that can be followed. But on the dark web, the process of collecting those data and turning them into evidence can be difficult. A panel of law enforcement practitioners and researchers identified ways to address this challenge.

Explore Cybercrime

  • Globe and computer keyboard

    Commentary

    What Is an Act of Cyberwar? It's a Decision, Not a Conclusion

    Perhaps making war can persuade the attacker to stop. Yet, war also risks further disruption, great cost, as well as possible destruction and death—especially if matters escalate beyond cyberspace, writes Martin Libicki.

    Mar 4, 2013

  • digital globe with data orbits

    Commentary

    The European Cyber Security Strategy: Too Big to Fail?

    The European Cyber Security Strategy is remarkable because it tries to co-ordinate policy across three areas whose competences and mandates were formerly very separate: law enforcement, the 'Digital Agenda', and defence, security, and foreign policy, writes Neil Robinson.

    Feb 8, 2013

  • Commentary

    Opening of the European Cybercrime Centre — a Journey Begins

    While the opening of the EC3 at Europol, in line with our first-choice scenario, is very welcome, our study uncovered a range of risks that the EC3 will need to confront if it is to tackle cybercrime in a more coordinated and effective manner, writes Neil Robinson.

    Jan 11, 2013

  • Binary code and laptops

    Commentary

    A Matter of Degree: Who Can Authorize a Cyberattack?

    Understanding when the United States should engage in cyberwar and who should approve cyberattacks requires understanding that cyberwar has multiple personalities: operational, strategic, and that great gray area in-between, writes Martin Libicki.

    Jan 9, 2013

  • Running a test in a U.S. Air Force cyber lab

    Blog

    A Cybercrisis Is Inevitable — and Manageable

    The United States can manage a cybercrisis by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise.

    Jan 9, 2013

  • Report

    Cybercrises Can Be Managed with Multiple Strategies

    The chances are growing that the United States will find itself in a crisis in cyberspace. Such crises can be managed by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise from crises.

    Jan 3, 2013

  • digital globe

    Commentary

    Cyber Operations Can Supplement a War, but They Cannot Be the War

    The U.S. military, with its high-tech systems, must protect itself from cyber threats with much the same careful management that protects it against vulnerabilities associated with, say, explosives. But there can be no choice between boots on the ground and fingers on a keyboard, writes Martin Libicki.

    Dec 19, 2012

  • Multimedia

    Crisis and Escalation in Cyberspace

    In a presentation at the Google LAX Office, Martin Libicki, Adjunct Management Scientist, RAND Corporation, discusses the evolving field of cyberwarfare, and the form of crisis and escalation in the context of cyberspace.

    Nov 15, 2012

  • gavel and laptop

    Journal Article

    Good Practice Guide Addresses Network and Information Security Aspects of Cybercrime

    The sharing and exchange of information between Computer Emergency Response Teams (CERTs) and the law enforcement community in Europe face several legal and operational barriers. This report offers recommendations for CERTs, law enforcement, and policymakers in Brussels.

    Nov 1, 2012

  • Globe surrounded by binary data

    Commentary

    The Case for a Cyber-Security Safety Board: A Global View on Risk

    Innovative approaches are needed to break the current stalemate of information sharing and to build a solid and reliable evidence base on the state of cyber-security, writes Neil Robinson.

    Jun 18, 2012

  • A hacker at his computer desk

    Commentary

    Setting International Norms on Cyberwar Might Beat a Treaty

    Restricting cyberweapon development could be harmful inasmuch as its core activity is the discovery of vulnerabilities in software—the very activity also required to bulletproof software against attacks from criminal hackers, writes Martin Libicki.

    Jun 11, 2012

  • Report

    Exploring How the EU Should Establish a Cybercrime Centre

    After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.

    Mar 27, 2012

  • computer image with lock

    Project

    Cybersecurity: Examining Challenges for the Future

    Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.

    Feb 29, 2012

  • computer virus cyber worm

    Report

    The Characteristics of Cyberspace Pose Challenges to Those Who Seek to Defend It

    It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.

    Dec 20, 2011

  • Commentary

    Could Bin Laden's Death Prompt a Cyber Attack?

    A truly monumental attack that could cripple key U.S. computer systems — something akin to the Stuxnet worms attack on Iran's nuclear infrastructure, for example — would take many months of planning, significant expertise, and a great deal of money to pull off, writes Isaac Porche.

    May 6, 2011

  • Report

    Influences on the Adoption of Multifactor Authentication

    Passwords are proving less and less capable of protecting computer systems from abuse. Multifactor authentication (MFA) — which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) — is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA — and where they choose to use it.

    Apr 15, 2011

  • Report

    Understanding the Security, Privacy, and Trust Aspects of Cloud Computing

    Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources—such as storage and applications—that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses.

    Apr 4, 2011

  • Journal Article

    Encryption and the Loss of Patient Data

    Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does.

    Jan 1, 2011

  • Brochure

    Chaos or Control?

    What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.

    Mar 11, 2010

  • News Release

    U.S. Must Focus on Protecting Critical Computer Networks from Cyber Attack

    Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

    Oct 8, 2009