This is a crucial question that touches on legal definitions, national security implications, and the evolving nature of cybercrime.

The consensus among legal experts and governments is that cyber fraudsters should primarily be treated as economic criminals, but with an important caveat: when their activities meet specific criteria, they can also be classified as terrorists or threats to national security.

Let's break down the distinctions:

Economic Criminals (The Default Classification for Cyber Fraud)

Most cyber fraudsters fall under the category of economic criminals.

• Primary Motivation: Their main goal is financial gain (greed, wealth accumulation) for themselves or their criminal organization. This includes stealing money, intellectual property for sale, financial information, or extorting funds through scams like phishing, ransomware, BEC, romance scams, etc.

• Target: Typically individuals, businesses, financial institutions, or governments, with the intent of illicitly obtaining assets or disrupting systems for profit.

• Legal Framework: They are prosecuted under laws related to fraud, theft, money laundering, extortion, computer misuse, and organized crime. Penalties focus on imprisonment, fines, and asset forfeiture.

• Impact: While the impact can be severe (bankruptcies, job losses, psychological distress for victims, significant economic losses for nations), the direct intent is not to instill terror or achieve a political/ideological objective.

Terrorists (A Specific and Narrow Classification)

Cyber fraudsters are classified as terrorists only when their actions meet the legal definition of terrorism, which typically includes:

• Motivation: The use or threat of violence (including cyber violence) against individuals or critical infrastructure to achieve a political, religious, or ideological goal. This is the key distinguishing factor from economic crime. The intent is to provoke a state of terror, intimidate a population, or compel a government/international organization.

• Impact: While financial damage might occur, it's usually secondary to the primary goal of creating fear, disrupting society, or furthering a specific cause. Attacks on critical infrastructure (power grids, water systems, hospitals) designed to cause widespread chaos or panic would be examples.

• Actors: Often associated with designated terrorist organizations or individuals inspired by their ideologies.

• Legal Framework: Prosecuted under anti-terrorism laws, which often carry harsher penalties, allow for broader surveillance powers, and can trigger international counter-terrorism measures.

Examples of when cyber fraud could be considered terrorism:

• Ransomware on Hospitals: If a ransomware attack on hospitals (like WannaCry, which has been attributed to North Korea) were carried out by a non-state group with the explicit intent to cause mass panic, disrupt healthcare to force political concessions, or demoralize a population, it could be classified as cyberterrorism.

• Destruction for Ideology: A group hacking into a financial system and destroying data (rather than stealing it for profit) specifically to destabilize an economy for ideological reasons.

Why the Distinction Matters:

1. Legal Definitions and Penalties: The legal definitions of "terrorism" are very specific and carry severe consequences. Misclassifying an economic crime as terrorism could lead to overreach of state power and dilute the very serious meaning of terrorism.

2. Resources and Powers: Law enforcement and intelligence agencies have different powers and resources for combating economic crime versus terrorism. Terrorism investigations often involve broader surveillance authorities and intelligence-gathering capabilities.

3. Attribution and Motivation: Accurately determining the perpetrator's motivation is crucial. Was it purely profit, or was there an underlying political/ideological agenda?

The Blurring Lines and the "Grey Area":

The lines can become blurred in specific scenarios:

• State-Sponsored Cyber Fraud (e.g., North Korea's Lazarus Group): As discussed, groups like Lazarus engage in massive cyber fraud (bank heists, crypto theft) with the explicit purpose of funding the regime's military and WMD programs, and to circumvent sanctions. While the direct act is economic crime, the ultimate objective is national security-related (supporting a hostile state's military capabilities and undermining international efforts to control proliferation). Many governments now classify such activities as threats to national security, even if they don't always use the "terrorism" label. They are often sanctioned under national security laws in addition to economic crime statutes.

• Disruption for Extortion (Ransomware): While usually an economic crime, some ransomware attacks (e.g., those targeting critical infrastructure like pipelines or hospitals) can cause significant societal disruption and fear, blurring the line toward terrorism, even if the primary goal is financial. Law enforcement agencies in the US (like the FBI) have sometimes stated that ransomware, due to its disruptive potential, is becoming a national security threat.

Conclusion:

Generally, cyber fraudsters should be treated as economic criminals and prosecuted under existing fraud, theft, and cybercrime laws. This classification reflects their primary motivation of financial gain.

However, when cyber fraud activities are:

• Directed by a hostile state (like North Korea) to fund illicit weapons programs or undermine sanctions, or

• Carried out by non-state actors with the clear intent to cause terror or advance a political/ideological cause through significant disruption or harm to critical infrastructure,

then these acts transcend mere economic crime and become matters of national security or even terrorism. The legal and strategic response in such cases will be significantly different, leveraging counter-terrorism and national security powers in addition to economic crime statutes. The crucial differentiator is the motive and ultimate objective behind the cyber act.