Cybercrime

Featured

A wide range of computer security threats exists—including faulty software, password trafficking and fraud, and hostile groups intending to inflict damage—and awareness of these threats varies. RAND has conducted research to measure and increase understanding of the impact of cybercrime on businesses and governments and has addressed such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and actions that can be taken in the face of cyberattack.

  • A woman shocked and upset by something on her phone, photo by AntonioGuillem/Getty Images

    Report

    Strategies for Countering Online Abuse

    Jun 18, 2020

    Digital platforms that let users interact virtually and often anonymously have given rise to harassment and other criminal behaviors. Tech-facilitated abuse—such as nonconsensual pornography, doxing, and swatting—compromises privacy and safety. How can law enforcement respond?

  • Cybercrime concept of handcuffs icon on a digital background, photo by blackboard/Adobe Stock

    Report

    What Could Help Law Enforcement Deal with Crime on the Dark Web?

    Oct 29, 2019

    Crime in traditional online forums often leaves a trail of data that can be followed. But on the dark web, the process of collecting those data and turning them into evidence can be difficult. A panel of law enforcement practitioners and researchers identified ways to address this challenge.

Explore Cybercrime

  • gavel and laptop

    Journal Article

    Good Practice Guide Addresses Network and Information Security Aspects of Cybercrime

    The sharing and exchange of information between Computer Emergency Response Teams (CERTs) and the law enforcement community in Europe face several legal and operational barriers. This report offers recommendations for CERTs, law enforcement, and policymakers in Brussels.

    Nov 1, 2012

  • Globe surrounded by binary data

    Commentary

    The Case for a Cyber-Security Safety Board: A Global View on Risk

    Innovative approaches are needed to break the current stalemate of information sharing and to build a solid and reliable evidence base on the state of cyber-security, writes Neil Robinson.

    Jun 18, 2012

  • A hacker at his computer desk

    Commentary

    Setting International Norms on Cyberwar Might Beat a Treaty

    Restricting cyberweapon development could be harmful inasmuch as its core activity is the discovery of vulnerabilities in software—the very activity also required to bulletproof software against attacks from criminal hackers, writes Martin Libicki.

    Jun 11, 2012

  • Report

    Exploring How the EU Should Establish a Cybercrime Centre

    After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.

    Mar 27, 2012

  • computer virus cyber worm

    Report

    The Characteristics of Cyberspace Pose Challenges to Those Who Seek to Defend It

    It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.

    Dec 20, 2011

  • Commentary

    Commentary

    Could Bin Laden's Death Prompt a Cyber Attack?

    A truly monumental attack that could cripple key U.S. computer systems — something akin to the Stuxnet worms attack on Iran's nuclear infrastructure, for example — would take many months of planning, significant expertise, and a great deal of money to pull off, writes Isaac Porche.

    May 6, 2011

  • Report

    Report

    Influences on the Adoption of Multifactor Authentication

    Passwords are proving less and less capable of protecting computer systems from abuse. Multifactor authentication (MFA) — which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) — is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA — and where they choose to use it.

    Apr 15, 2011

  • Report

    Understanding the Security, Privacy, and Trust Aspects of Cloud Computing

    Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources—such as storage and applications—that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses.

    Apr 4, 2011

  • Journal Article

    Journal Article

    Encryption and the Loss of Patient Data

    Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does.

    Jan 1, 2011

  • Brochure

    Brochure

    Chaos or Control?

    What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.

    Mar 11, 2010

  • News Release

    News Release

    U.S. Must Focus on Protecting Critical Computer Networks from Cyber Attack

    Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

    Oct 8, 2009

  • computer programming code

    Report

    Cyberdeterrence and Cyberwar

    Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

    Sep 10, 2009

  • Computer password screen

    Commentary

    The Cracks in Data Privacy

    In the future, the EU will inevitably have to adjust its system of rules to cope with the evolving uses of personal data, globalization and international data flows, write Neil Robinson and Lorenzo Valeri.

    May 19, 2009

  • Research Brief

    Research Brief

    Cybersecurity Economic Issues: Corporate Approaches and Challenges to Decisionmaking

    This research brief addresses key cybersecurity concerns, such as protecting critical products and services and ensuring that software will work. It identifies how organizations perceive the importance of cybersecurity in making investment decisions.

    Nov 18, 2008

  • News Release

    News Release

    Computer-Based Crime to Be Focus of Silicon Valley Forum

    Security experts from the technology industry, law enforcement and academia will outline what is needed to better measure and understand the effect of computer-based crime in the United States during a public forum Sept. 25 in Silicon Valley.

    Sep 13, 2007

  • Commercial Book

    Commercial Book

    Conquest in Cyberspace: National Security and Information Warfare

    Explores the potential for and limitations to information warfare, including its use in weapons systems and in command-and-control operations as well as in the generation of ''noise'' and how far ''friendly conquest'' in cyberspace extends.

    May 12, 2007

  • News Release

    News Release

    RAND Launches National Computer Security Survey for Departments of Justice and Homeland Security

    On behalf of the U.S. Departments of Justice and Homeland Security, the RAND Corporation is fielding the first national survey to measure the impact of cybercrime on American businesses.

    May 2, 2006

  • Report

    Report

    Handbook of Legal Procedures of Computer and Network Misuse in EU Countries

    A comprehensive and up-to-date collection of information on rules, regulations and laws concerning computer misuse in all 25 European Union (EU) countries.

    Mar 24, 2006

  • Report

    Report

    Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology

    Introduces the Vulnerability Assessment and Mitigation methodology, which guides its users through a comprehensive review of vulnerabilities across all aspects of information systems and identifies relevant mitigation techniques.

    Jan 1, 2004

  • Report

    Report

    Understanding the Insider Threat: Proceedings of a March 2004 Workshop

    Reports the results of a workshop on ensuring the security of information against malevolent actions by insiders in the intelligence community with access to sensitive information and information systems.

    Jan 1, 2004