Lecture 11 - Cybercrime II Flashcards
Why is Cybercrime a contested concept
- Lack of consensus on the definition
- Definition remains useful from a legislative point of view
- Most powerful tool to fight cybercrime is the Budapest Convention
Why is Cybercrime a social construct?
- Power
o Politicians exert control to increase or keep their power over the weaker - Control
o Legalized strategy to allow cyber intrusion and control human behavior - Profit
o Business make profits out of problems
o Cyber security companies
What is cybersecurity security as a service?
- Computer security is ‘responsabilized’
- Reliance on non-public entities > lack of oversight and accountability
Why is Culture of Fear?
News media and cybersecurity companies
- Deployment of preventive measures and remedies (resilience)
- State surveillance and the creation of a multibillion-dollar security industry
What is the influence of piracy on cybercrime?
- Contrast among property & freedom of speech
- Copyright laws create more criminals
- Narrative of fear and economic losses (for the industry) – moral panic
What are the features of cybercrime?
- All criminal activities perpetrated online have different features
o Anonymity/identity flexibility
Difficult to track threat actors
Identity online might differ from identity online
o Scalability
One person can reach thousands
Identity online might differ from identity offline
o Global reach/deterritorialism
Crime travels around the world in different territories, jurisdictions
Access to victims from around the world
o Absence of a guardian
Capabilities are lacking to protect internet users
On a technical level we lack protection
On an organizational level, we lack correct legislation and correct experts
o Assessibility
Normally the victim must be in contact with the perpetrator, but online perpetrators have access to all information from around the world
More opportunities for criminals because the pool of victim is enlarged
o Criminal social learning
Accessibility to social tools
Easy access to all cybercrime tools
More criminal behaviour to account for
White collar crimes are easily learned
Learning on the internet is way broader
o Fast crime displacement
What is the Social Learning Theory of crime? (in relation to cybercrime)
- Social learning theory of crime
o Crime is something that people learn to commit
o Human beings copy behaviour to learn it
o We commit crimes because we learn to commit them
o Differential association
The idea that we tend to copy certain behaviour from people around us
Someone particularly influential for us is likely to learn us their behaviour
Law punishes behaviors that contribute to deviancy of others
o Defintitions
Criminal activities are defined as positive or negative activities
There are behaviors that are defined depending on the community you belong to (hacking will be a positive activity in a hacking forum with like-minded hackers, but seen as negative activity by for example the police or your family)
Law represents a statement that certain behaviors are unethical, immoral, illegal
Positive (feeling of power, successful) or negative responses on the action
Normally the easier to absorb, the more positive
o Differential reinforcement
Certain stimuli that are given to the person committing the crime
Negative reinforcement makes it more likely that crime will not be committed in the future
If the perpetrator does not get caught or penalized, he will experience a positive reinforcement and will increase the likelihood of committing crime in the future
Punishment against the individuals who committed the crime
Form of education of deterring possible future criminals
o Imitation
We imitate behavior that we see, especially when they are made by important people
o Criticism: It cannot explain why certain individuals show behavior without having it learned from others
What is the Rational Choice Theory?
o A sort of balance theory: people commit crime doing a cost benefit calculation
o Everyone could commit crime but not everyone thinks that the benefits outweigh the costs
o People choose to commit crime in a rational manner, the individual is placed at the center of the action and the one responsible for the action
o Supported by for example Reagan and Thatcher government
o Different view: People are also influenced by external factors
o Requirements for crime:
Motivated offender
Suitable target
Absence of capable guardian
o Rational choice crime is often used for financially beneficial cyber crimes
What is Routine Activity Theory?
o Criminals engage in criminal activity in a certain routine, doing the same things after each other
o Criminals can control what we are doing, not by checking our logs, but by seeing the way we behave online
o Having a routine, people can become a victim easier because the cybercrime can be adjusted to the routine (routine activities are used to victimize people)
o Factors
VALUE: less significant
INERTIA: difficult to transpose
VISIBILITY: significant; online routine activities play a role in cybercrime victimization
ACCESSIBILITY: significant
GUARDIANSHIP: less significant
What is Lifestyle-routine activity theory?
What are the main elements of a hacker?
Technology
Knowledge
Secrecy
What are the services of cybercrime as a service?
What are the organized cyber criminal network forms?
- Swarm
o Large collective
o Disorganized
o Ephemeral clusters of individuals
o Ex. Anonymous - Hubs
o Central command
o Possibly hierarchical
o Strong ties and discipline
o Ex. LulzSec
What are the differences between online and hybrid criminal networks?
- Online Network
o More anonymitiy
o Members share little personal info
o International cooperation easier
o International networks and targets - On/Offline Network
o Fixed group of core members who know each other
o Use of criminal facilitators recruited online
o Money sharing as the weak point
o Specialists recruited online
What is the Ransomware Crime Script?
- Preparation
o Form criminal collaboration
o Set up infrastructure
o Develop ransomware
o Sell ransomware - Instrumental precondition
o Select target - Entry
o Gain access - Instrumental initiation
o Infection
o Date exfiltration - Instrumental Actualisation
o Encryption - Doing
o Extortion
o Communication
o Cash-in
o Emancipation - Post-condition
o Money laundering
o Pay collaborators and reinvest - Exit
What are the products on the dark market?
- Drug market
o Shift off/on
o Safer? Yes
o Reliable? Depends - Firearms
o Under Investigated
o Costs are higher than on normal market
o Specialised websites
o USA - Identity Documents
o Forums
o Closed Websites
o Prices vary - Cybercrime
o Data leaks
o Email lists
o Malware
o CaaS
What are the Dark Market Dynamics?
- Sellers and Buyers
o Trust
o Moderators
o Scammers - Payment
o Cryptocurrencies
o Escrow services - Relation with LEAs and victims
o Based on countries with weak legislation
o CC and leaks primary victims: Western countries
What are the forms of crime displacement?
- Temporal Displacement
o Criminals are active in a different moment of the day (not so relevant for cybercrime, but can be effective) - Tactical Displacement
o Criminals adopt a new modus operandi (highly relevant especially with new malware) - Target Displacement
o Criminals select new and easier to reach target (highly relevant with phishing campaigns) - Type of Crime displacement
o *Criminals choose a new type of crime (highly relevant) - Spatial displacement
o Criminals commit crimes in new locations (not so relevant for the target, but relevant for the methods – Silk Road case) - Perpetrator displacement
o New criminals substitute the apprehended ones
What are the Structures of networks according to Leukefeldt?
- Networks in the paper targeted customers of financial institutions, however the networks in question were not restricted to one type of crime only
o Core members were often involved in other forms of offline and online crime
o Most networks fell into the high-tech category of networks, were mostly international in nature
Networks were composed of core members, enablers - In the networks, a fixed group of core members was clear however the composition of the networks was subject to change regularly
- Four positions are present in these networks
o Core members; members of networks initiating and coordinating attacks on online banking
Perform a directive role for other members of the network
Individuals providing services to criminal network are in a layer below core members
o Professional enablers; offers services to core members and other criminals on own initiative
o Recruited enablers; much simpler services to core members, and are encouraged by core members to do so
o Money mules; bottom layer of networks, these people are used by core members or enablers to interrupt financial trail leading back to core members
What is the origin and growth of cybercriminal networks according to leukefeldt?
Origin and growth
- Social ties play a role in the origin and growth of cybercriminal networks
o In Dutch cases, cybercriminal networks have emerged and grown as a result of core members knowing each other from the offline world
Enablers and money mules were also recruited through social networks
- Forums still play an important role in networks
o Enable individuals to find suitable co-offenders and also provide a marketplace for buying and selling criminal services
o Forums gave access to criminal capabilities, and thus networks were able to increase their capacities relatively quickly compared to networks without access to these forums
- Four types of growth can be distinguished
o Completely through social contacts
o Social contacts as a base and forums to recruit specialists
o Forums as a base and social contacts to recruit local criminals
o Completely through forums
- All networks in the paper are engaged in attacks on online banking systems
o Crime scripts can be divided into two categories
Low-tech & high-tech attacks
o These categories can be further subdivided
Low-tech attacks with a high degree of direct interaction between attacker and victim
Low-tech attacks with a low degree of direct interaction
High-tech attacks with a low degree of interaction
High-tech attacks without interaction
o
- Fig.1 shows relationship between crime scripts, international components, degree of specialization of networks ○ Y-axis; degree of technology use and offender-victim interaction ○ X-axis; degree to which a network has international components
- Fig.1 shows whether a network consists of specialists engaged in a singular type of attack or one that deploys all kinds of criminal activities
o ○ Majority of networks fall into category of high-tech and international networks
■ Core members, enablers, victims originate from different countries
o None of the networks fall into the local low-tech category
■ Clear difference form the Dutch cases where over half the networks fell into that category
o In each category there are specialized and non-specialized networks
- Social ties Vs. Forums
o Social ties playing an important role in the majority of networks can be confirmed for 16 out of the 21 networks where information exists about origin and growth
o Analysis shows that forums play an important role for the majority of cybercrime networks
Forums play a role in 18 of the 22 networks and are used by the groups for different purposes
* Recruit enablers
* Purchase services
* Selling services
Real world social ties, are of continued importance in the origin, growth process of cybercriminal networks
* Forums are also crucial for a change in the origin and growth of networks and also criminal possibilities
o Forums play a role as a social meeting place for buying services or selling goods
Networks whose origin and growth take place on forums form a special group
* Are more fluid and have a small number of core members
* Forums ensure that traditional limitations of social ties can be overcome
o Forums make it possible to make new contacts and expand criminal possibilities
What is Wall (2010) definition of cybercrime
Cyber-dependent crimes or true cybercrimes (Dos, Hacking)
* Cyber-enabled crimes or hybrid cybercrimes (Piracy, Scams, Phishing)
* Cyber-assisted crimes (Computer incidental to a real-world crime)