In 2016, the Dyn company, a premier domain name system, suffered a security incident that caused significant portions of the internet go dark across Europe and North America. The attack, a distributed denial of service (DDoS) sent botnets to infect computer networks, causing them to send a flood of traffic to servers, which then became overwhelmed and crashed. The blackout affected some of the most highly trafficked entertainment, news, social media, and e-tail organizations.
The world had never seen a cyberattack of this magnitude. The U.S. Department of Homeland Security immediately launched an investigation, but it quickly hit a snag. The code for the malware used in the attack had been released on a hacker forum, meaning that anyone could acquire and use it. The perpetrator likely released the code to make it more challenging to determine its source.
Thankfully, investigators rose to the occasion. Roughly four years later, the U.S. Justice Department released a statement that it had secured a guilty plea from one of the individuals responsible for the attack. The hard work of cybercrime investigators made the apprehension possible.
This article explores what cybercrime investigators do and maps out the steps to become a cybercrime investigator. It covers:
The internet has evolved drastically since its inception. Digital devices now flood every aspect of our day-to-day experience. They allow people to acquire many services, including commerce, information, entertainment, and communication, at the click of a button. Personal devices are both ubiquitous and increasingly connected through cyberspace. While technological advances have certainly benefited society, ease of use has come with its drawbacks. Bad actors have learned to leverage these advances to commit cybercrimes.
Cybercrime investigators provide similar services as typical criminal justice investigators, but with key differences. They gather evidence, process crime scenes, and interview victims, witnesses, and suspects. They investigate in disreputable locations to find leads and coordinate with other relevant law enforcement agencies to determine legal violations. Finally, they file reports supporting the prosecution, providing physical and digital evidence to prove the case.
But there are significant differences in cybercrime investigation. Cybercrime scenes involve CPUs and motherboards. The disreputable places a cybercrime investigator is likely to visit are primarily on the dark web rather than in a physical space.
A forensics investigator working in the cyber world must understand both typical forensics and computer forensics. The perpetrator of a physical crime can often be found somewhere in the vicinity of the crime and may potentially have left behind witnesses. The perpetrator of computer crime can be anywhere in the world and is far more likely to have committed a crime in seclusion. Cybercrime is, therefore, easier to execute and harder to prosecute.
Investigators' approaches to cybercrime may also be different. For example, in the name of information security, a cybercrime expert may act as an "ethical hacker." deliberately breaking into an organization's electronic infrastructure to find and address security flaws.
Not all cyber threats are merely financial. Cybercriminals seeking leverage against others may steal sensitive data or commit identity theft. Espionage agents working for hostile powers may seek access and information that can compromise national security. Each of the FBI's 56 field offices has a squad dedicated to dettecting vulnerabilities in the security operating systems.
Because of the prevalence of cybercrime, a talented cybercrime investigator can find employment in many industries. Some work for consulting firms, providing services to multiple agencies and organizations in the public and private sectors. Those interested in law enforcement usually work directly for government agencies, sometimes focusing on particular types of crime, such as financial crimes, trafficking, or crimes against children.
Criminal investigators generally share an affinity for solving puzzles and a desire to uphold the law. Add in an interest in modern technology and you may have what it takes to be a cybercrime investigator. Below are the steps you need to take to start a career path in this field.
Your first step is to get a bachelor's degree. Cybersecurity is a safe bet, though related fields such as criminal justice, information technology, and computer science are also common entry points. Some community colleges offer two-year associate degrees in criminal justice that provide a good stepping stone toward admission to a bachelor's program. A master's degree in cybercrime or cybersecurity can be a valuable commodity worth pursuing, though many investigator jobs don't require it. The farther you advance in the field, the more likely you are to benefit from a graduate degree.
Some fields require certification, an official industry-approved acknowledgment of an individual's knowledge and skills often attained through continuing education. While the professional cybersecurity industry doesn't require certification, it does demand constant vigilance around new developments in tech, computer systems, digital forensics, and information security. Certification can demonstrate how seriously you take your profession and help ensure you stay current on topics most relevant to your discipline.
Hgh-profile certifications in the cybersecurity business include the Certified Information Systems Security Professional (CISSP), granted by the Information System Security Certification Consortium (ISC). Records for 2022 indicate that there are currently 156,054 CISSPs worldwide.
Becoming a respected cyber investigator doesn't happen overnight. To reach the pinnacle of the field, you need to spend time in the trenches. You can obtain experience working in low-level positions for consulting groups or in internships at private or public investigative agencies. In addition, you may work as part of an investigative team, learning from those with more experience. Regardless of where you obtain knowledge, it's essential to understand the latest innovations and developments on both sides of the law.
Those who wish to reach the top of this field can prepare with a higher degree or certification. Higher education provides important insights into a field whose dynamics are constantly changing. It can also lead to increased salaries and promotions.
To pursue a master's degree in cybercrime, you need a bachelor's degree, preferably in a related field such as computer science, criminal justice, information security, or cybersecurity. Applicants with a solid knowledge of computer systems and data security have a better chance at admission.
Certification provides another potential avenue for demonstrating commitment to the discipline. While it involves taking many courses relevant to the industry, certification is often much less time-consuming than obtaining a master's. On the other hand, a master's degree only needs to be earned once. In contrast, investigators may need to renew their certifications regularly.
Cybercrime certifications are plentiful. Prominent examples include the CISSP (Certified Information Systems Security Professional) and the CEH (Certified Ethical Hacker). The latter involves breaking into systems to expose flaws so actual bad actors can't exploit them.
Whichever route you opt for, choosing to pursue a career in cyber investigation places you at the forefront of modern criminal justice, a fascinating and ever-challenging field.
Questions or feedback? Email firstname.lastname@example.org