Artificial Intelligence: Cybercrime Prevention

In previous articles we delved into Artificial Intelligence applied to Criminal Law. In this article, we will analyze the so-called cybercrimes and the increase in their commission, as well as identity theft.

Cybercrime can be defined as any criminal activity involving a computer, a device connected to the network or the network itself. The origin of cybercrime is not trivial, and some believe that the first cybercrime arose in 1834 in France when two thieves accessed the financial markets and stole information from the telegraph network.

These identity theft crimes can be of various kinds, whether by voice, video or photo. Acts as simple as answering a phone call with a “yes” can be the means used to commit cybercrimes.

The problem lies in the ease with which Artificial Intelligence can create identical profiles of people, generating content such as conversations, emails or messages.

However, not everything was going to be negative, as Artificial Intelligence will also allow threats and cyberattacks to be detected , managing the risks of companies and users. On a practical level, some of the most common cybercrimes that reach the Court are those related to charges for purchases made with cards whose data has been fraudulently obtained by cyber fraudsters.

In order to combat these cybercrimes, it is necessary to develop cybersecurity policies, as the ways of committing crimes have changed as a result of the emergence of new technologies.

Recently, we have learned of national data on cybercrime (which has been included in the Report on Cybercrime in Spain 2022), with the Security Forces and Corps recording a total of 374,737 cybercrimes in 2022, which is 22% more than during the previous year.

Of the total number of cybercrimes mentioned, nine out of ten, that is, 335,995, were computer frauds (also known as scams), which increased by 26% compared to last year.

Next, there are threats and coercion committed through the Internet, that is, 15,982, which represent 4.2% of the total, although they were reduced by 7.7% compared to the year 2021, with a decrease in so-called crimes against honor, IP-IT and data interference.

The profile of the offender is male (725 of those arrested and/or investigated), aged between 26 and 40 and of Spanish nationality. The territories with the most crimes committed are Catalonia and the Community of Madrid, exceeding 63,000 in both cases, followed by Andalusia with 56,900 and the Valencian Community with 34,000. During 2022, the number of those arrested and investigated reached 15,097 people, which represented an increase of 9.4% compared to 2021.

The Criminal Code regulates a series of cybercrimes , some of the most relevant being the following:

• Discovery and disclosure of secrets, damaging personal or family privacy or one's own image (Article 197 of the Criminal Code).
• Illegal access to computer systems, when the security measures of the computer system are violated and against the legitimate user (article 197 bis and ter of the Criminal Code).
• Discovery and disclosure of business secrets, with assets and the socio-economic order being the protected legal asset (article 278 of the Criminal Code and 279 of the aforementioned regulations).
• Computer damage when the victim's assets are attacked, a criminal conduct that was introduced after the 2015 reform, including computer damage (articles 264, 264 bis and ter, as well as 400 of the Penal Code).
• Computer fraud, such as currency, public or private documents, credit cards, etc. (articles 386 to 399 bis of the Penal Code).
• Computer fraud, highlighting so-called phishing and ransomware as examples of this type of criminal conduct (articles 248 to 251 of the Criminal Code).
• Telecommunications fraud (articles 255 and 256 of the Criminal Code).
• Sexual cybercrimes, highlighting child grooming, which considers as illicit conduct the use of ICTs to contact a minor under sixteen years of age, in addition to carrying out acts included in precepts 183 to 189 of the Criminal Code, or to provide pornographic material in which a minor is represented or appears (also regulated in the aforementioned articles). Additionally, the crimes of sexual abuse and sexual harassment through ICTs are regulated (article 184 of the Criminal Code), as well as obscene exhibitionism (article 185 of the Criminal Code) before minors or disabled people in need, as well as the sale or dissemination of said content (article 186 of the aforementioned legal body) and those related to prostitution, sexual exploitation or corruption of minors (articles 187 to 189 bis of the Criminal Code).
• Crimes against intellectual property, in broad terms (Article 270 of the Criminal Code).
• Crimes against honour, when the protected legal right is injured through slander and libel (articles 205 and 208 of the Criminal Code). When these are disseminated through advertising, article 211 of the Criminal Code.
• Threats and coercion, the most reported crimes second only to cyber fraud (articles 169 to 171 of the Criminal Code for threats, as well as 271.2 and, for coercion, articles 172 to 172 ter of the aforementioned legal body).
• Hatred and apology for terrorism whenever it is carried out through the use of ICT (articles 510 and 578 of the Penal Code).

This type of cybercrime can be prevented through strategies such as those mentioned below:

1. Performing a backup of data , on mobile devices and in the cloud, on a weekly, monthly, quarterly or annual basis, checking from time to time that they are working correctly and can be recovered.
2. Encrypting data, that is, by using codes , which can be done through a virtual private network, also known as VPN.
3. Use of questions and answers to answer, which must be unique, complex and unpredictable, and kept in a safe place.
4. Managing administrative privileges , reducing vulnerability through regular password changes, restricting access, and more.
5. For companies, we recommend installing security software , updating existing software, activating antispam filters or configuring firewalls.
6. It is important that people have training in this regard.
7. Implementation of cybersecurity policies .

All of the above must be implemented by companies specializing in the field, which is why we recommend outsourcing the management of this matter.