Cybercrime

Intermediate

Cybercrime encompasses any criminal activity that involves a computer, networked device, or digital network as either the target, the tool, or the means of the offense. As societies have become deeply dependent on digital infrastructure, cybercrime has grown into one of the most significant threats facing individuals, corporations, and governments worldwide. The category spans a vast range of illegal conduct, from financially motivated attacks such as ransomware and credit card fraud to politically motivated activities like state-sponsored espionage and hacktivism. The global cost of cybercrime is estimated to exceed ten trillion dollars annually by the mid-2020s, making it more profitable than the entire global illegal drug trade.

The study of cybercrime draws from multiple disciplines including computer science, criminal justice, law, psychology, and international relations. Technical understanding of attack vectors, malware, network protocols, and encryption is essential, but equally important are the legal frameworks that define and prosecute these offenses. Key legislation includes the Computer Fraud and Abuse Act in the United States, the Computer Misuse Act in the United Kingdom, and the Budapest Convention on Cybercrime, the first international treaty addressing internet and computer crime. Investigators and analysts must also understand the psychology of threat actors, who range from lone individuals seeking financial gain to organized criminal syndicates and nation-state advanced persistent threat groups.

Modern cybercrime defense relies on a layered approach combining technology, policy, and human awareness. Organizations deploy firewalls, intrusion detection systems, endpoint protection, and security information and event management platforms, while simultaneously training employees to recognize social engineering attacks. Digital forensics teams preserve and analyze electronic evidence for legal proceedings, and incident response plans ensure organizations can contain and recover from breaches. As emerging technologies like artificial intelligence, the Internet of Things, and quantum computing reshape the digital landscape, both the attack surface and the defensive toolkit continue to evolve rapidly.

Practice a little. See where you stand.

Part of:AP Cybersecurity AP Cybersecurity

Ready to practice?5 minutes. No pressure.

Take the Quiz Learn First

Quiz

Reveal what you know — and what needs work

Adaptive Learn

Responds to how you reason, with real-time hints

Start here

Flashcards

Build recall through spaced, active review

Cheat Sheet

The essentials at a glance — exam-ready

Glossary

Master the vocabulary that unlocks understanding

Learning Roadmap

A structured path from foundations to mastery

Book

Deep-dive guide with worked examples

Role-play

Think like an expert — no grading

Key Concepts

A social engineering attack in which an attacker impersonates a trusted entity through email, text messages, or fraudulent websites to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.

Example

An employee receives an email appearing to come from their company's IT department asking them to click a link and reset their password. The link leads to a fake login page that captures their credentials.

A type of malicious software that encrypts a victim's files or locks them out of their system, then demands a ransom payment, typically in cryptocurrency, in exchange for the decryption key or restored access.

Example

The WannaCry attack in 2017 exploited a Windows vulnerability to spread across 150 countries, encrypting files on over 200,000 computers and demanding Bitcoin payments from hospitals, businesses, and government agencies.

The psychological manipulation of people into performing actions or divulging confidential information. It exploits human trust, fear, urgency, and helpfulness rather than technical software vulnerabilities.

Example

An attacker calls a company's help desk, pretends to be a senior executive locked out of their account, and pressures the technician into resetting the password immediately without proper verification.

A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period, typically carried out by well-funded nation-state or organized criminal groups pursuing strategic objectives.

Example

The SolarWinds supply chain attack discovered in 2020, attributed to a nation-state actor, compromised a software update mechanism to infiltrate thousands of organizations including multiple U.S. government agencies over several months.

The scientific process of identifying, preserving, analyzing, and presenting digital evidence from computers, networks, and storage devices in a manner that is legally admissible in court proceedings.

Example

After a data breach, forensic investigators create bit-for-bit images of affected hard drives, analyze log files and memory dumps, and reconstruct the timeline of the intrusion to determine how the attacker gained access.

A previously unknown software security flaw that is exploited by attackers before the vendor becomes aware of it or has released a patch. The term 'zero-day' refers to the fact that developers have had zero days to fix the vulnerability.

Example

The Stuxnet worm, discovered in 2010, used four separate zero-day vulnerabilities in Windows to target and damage Iranian nuclear centrifuges, demonstrating how zero-days can be weaponized for cyber warfare.

An attack in which multiple compromised computer systems, often forming a botnet, flood a target server, service, or network with overwhelming traffic to exhaust its resources and render it unavailable to legitimate users.

Example

In 2016, the Mirai botnet hijacked hundreds of thousands of IoT devices such as cameras and routers to launch a massive DDoS attack against the DNS provider Dyn, temporarily taking down major websites including Twitter, Netflix, and Reddit.

The fraudulent acquisition and use of another person's private identifying information, typically for financial gain. Cybercriminals steal personal data through breaches, phishing, or malware and use it to open accounts, make purchases, or commit further fraud.

Example

After the 2017 Equifax data breach exposed the personal information of 147 million people, criminals used stolen Social Security numbers and birth dates to open fraudulent credit card accounts and file false tax returns.

A portion of the internet that is intentionally hidden and requires special software such as the Tor browser to access. It hosts anonymous communication channels and marketplaces where illegal goods and services, including stolen data, malware, and hacking tools, are bought and sold.

Example

The Silk Road marketplace, shut down by the FBI in 2013, operated as a hidden Tor service where users anonymously bought and sold illegal drugs, forged documents, and hacking services using Bitcoin.

The organized approach to addressing and managing the aftermath of a security breach or cyberattack. A structured incident response plan aims to limit damage, reduce recovery time and costs, and preserve evidence for investigation and potential prosecution.

Example

When a company detects ransomware spreading across its network, the incident response team isolates affected systems, activates backup recovery procedures, notifies law enforcement, and communicates with stakeholders according to a predefined playbook.

One concept at a time.

Explore your way

Choose a different way to engage with this topic — no grading, just richer thinking.

Explore your way — choose one:

Explore with AI →

Curriculum alignment— Standards-aligned

Grade level

Grades 9-12College+

Learning objectives

•Identify major categories of cybercrime including identity theft, ransomware attacks, and online fraud schemes
•Apply digital forensic techniques to preserve chain of custody and extract evidence from compromised systems
•Analyze the socioeconomic factors and technological vulnerabilities that enable organized cybercriminal operations globally
•Evaluate international legal frameworks and cross-border cooperation mechanisms for prosecuting transnational cybercrime networks

Recommended Resources

This page contains affiliate links. We may earn a commission at no extra cost to you.

Books

Cybersecurity and Cyberwar: What Everyone Needs to Know

by P.W. Singer & Allan Friedman

The Art of Intrusion

by Kevin Mitnick & William Simon

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

by Kim Zetter

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

by Andy Greenberg

Courses

Introduction to Cyber Security

CourseraEnroll

Computer Forensics

edXEnroll

My Progress Focus Mode

Tech & Computing

Computer Science

The study of computation, algorithms, data structures, and the design of software systems, encompassing everything from theoretical foundations to artificial intelligence and software engineering.

Intermediate

Law & Policy

Criminal Justice

The study of the system of law enforcement, courts, and corrections that addresses criminal behavior, ensures due process, and seeks to balance public safety with individual rights.

Intermediate

Interdisciplinary

Information Security

The practice of protecting information from unauthorized access, disclosure, alteration, and destruction through technical, administrative, and physical controls built around the principles of confidentiality, integrity, and availability.

Intermediate

Interdisciplinary

Cryptography

The science of securing information through mathematical algorithms and protocols, ensuring confidentiality, integrity, and authentication in digital communications.

Intermediate

Law & Policy

International Law

The body of rules and principles governing relations between states, international organizations, and individuals in the global legal order.

Intermediate

Cybercrime

Quiz

Adaptive Learn

Flashcards

Cheat Sheet

Glossary

Learning Roadmap

Book

Role-play

Key Concepts

Phishing

Ransomware

Social Engineering

Advanced Persistent Threat (APT)

Digital Forensics

Zero-Day Vulnerability

Distributed Denial of Service (DDoS)

Identity Theft

Dark Web

Incident Response

Explore your way

Grade level

Learning objectives

Recommended Resources

Books

Cybersecurity and Cyberwar: What Everyone Needs to Know

The Art of Intrusion

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

Courses

Introduction to Cyber Security

Computer Forensics

Related Topics

Computer Science

Criminal Justice

Information Security

Cryptography

International Law