Lecture 11 - Cybercrime II

Question 1

Why is Cybercrime a contested concept

Answer 1

• Lack of consensus on the definition
• Definition remains useful from a legislative point of view
• Most powerful tool to fight cybercrime is the Budapest Convention

Question 2

Why is Cybercrime a social construct?

Answer 2

• Power
  o Politicians exert control to increase or keep their power over the weaker
• Control
  o Legalized strategy to allow cyber intrusion and control human behavior
• Profit
  o Business make profits out of problems
  o Cyber security companies

Question 3

What is cybersecurity security as a service?

Answer 3

• Computer security is ‘responsabilized’
• Reliance on non-public entities > lack of oversight and accountability

Question 4

Why is Culture of Fear?

Answer 4

News media and cybersecurity companies
- Deployment of preventive measures and remedies (resilience)
- State surveillance and the creation of a multibillion-dollar security industry

Question 5

What is the influence of piracy on cybercrime?

Answer 5

• Contrast among property & freedom of speech
• Copyright laws create more criminals
• Narrative of fear and economic losses (for the industry) – moral panic

Question 6

What are the features of cybercrime?

Answer 6

• All criminal activities perpetrated online have different features
  o Anonymity/identity flexibility
   Difficult to track threat actors
   Identity online might differ from identity online
  o Scalability
   One person can reach thousands
   Identity online might differ from identity offline
  o Global reach/deterritorialism
   Crime travels around the world in different territories, jurisdictions
   Access to victims from around the world
  o Absence of a guardian
   Capabilities are lacking to protect internet users
   On a technical level we lack protection
   On an organizational level, we lack correct legislation and correct experts
  o Assessibility
   Normally the victim must be in contact with the perpetrator, but online perpetrators have access to all information from around the world
   More opportunities for criminals because the pool of victim is enlarged
  o Criminal social learning
   Accessibility to social tools
   Easy access to all cybercrime tools
   More criminal behaviour to account for
   White collar crimes are easily learned
   Learning on the internet is way broader
  o Fast crime displacement

Question 7

What is the Social Learning Theory of crime? (in relation to cybercrime)

Answer 7

• Social learning theory of crime
  o Crime is something that people learn to commit
  o Human beings copy behaviour to learn it
  o We commit crimes because we learn to commit them
  o Differential association
   The idea that we tend to copy certain behaviour from people around us
   Someone particularly influential for us is likely to learn us their behaviour
   Law punishes behaviors that contribute to deviancy of others
  o Defintitions
   Criminal activities are defined as positive or negative activities
   There are behaviors that are defined depending on the community you belong to (hacking will be a positive activity in a hacking forum with like-minded hackers, but seen as negative activity by for example the police or your family)
   Law represents a statement that certain behaviors are unethical, immoral, illegal
   Positive (feeling of power, successful) or negative responses on the action
   Normally the easier to absorb, the more positive
  o Differential reinforcement
   Certain stimuli that are given to the person committing the crime
   Negative reinforcement makes it more likely that crime will not be committed in the future
   If the perpetrator does not get caught or penalized, he will experience a positive reinforcement and will increase the likelihood of committing crime in the future
   Punishment against the individuals who committed the crime
   Form of education of deterring possible future criminals
  o Imitation
   We imitate behavior that we see, especially when they are made by important people
  o Criticism: It cannot explain why certain individuals show behavior without having it learned from others

Question 8

What is the Rational Choice Theory?

Answer 8

o A sort of balance theory: people commit crime doing a cost benefit calculation
o Everyone could commit crime but not everyone thinks that the benefits outweigh the costs
o People choose to commit crime in a rational manner, the individual is placed at the center of the action and the one responsible for the action
o Supported by for example Reagan and Thatcher government
o Different view: People are also influenced by external factors
o Requirements for crime:
 Motivated offender
 Suitable target
 Absence of capable guardian
o Rational choice crime is often used for financially beneficial cyber crimes

Question 9

What is Routine Activity Theory?

Answer 9

o Criminals engage in criminal activity in a certain routine, doing the same things after each other
o Criminals can control what we are doing, not by checking our logs, but by seeing the way we behave online
o Having a routine, people can become a victim easier because the cybercrime can be adjusted to the routine (routine activities are used to victimize people)
o Factors
 VALUE: less significant
 INERTIA: difficult to transpose
 VISIBILITY: significant; online routine activities play a role in cybercrime victimization
 ACCESSIBILITY: significant
 GUARDIANSHIP: less significant

Question 10

What is Lifestyle-routine activity theory?

Answer 10

Question 11

What are the main elements of a hacker?

Answer 11

 Technology
 Knowledge
 Secrecy

Question 12

What are the services of cybercrime as a service?

Answer 12

Question 13

What are the organized cyber criminal network forms?

Answer 13

• Swarm
  o Large collective
  o Disorganized
  o Ephemeral clusters of individuals
  o Ex. Anonymous
• Hubs
  o Central command
  o Possibly hierarchical
  o Strong ties and discipline
  o Ex. LulzSec

Question 14

What are the differences between online and hybrid criminal networks?

Answer 14

• Online Network
  o More anonymitiy
  o Members share little personal info
  o International cooperation easier
  o International networks and targets
• On/Offline Network
  o Fixed group of core members who know each other
  o Use of criminal facilitators recruited online
  o Money sharing as the weak point
  o Specialists recruited online

Question 15

What is the Ransomware Crime Script?

Answer 15

• Preparation
  o Form criminal collaboration
  o Set up infrastructure
  o Develop ransomware
  o Sell ransomware
• Instrumental precondition
  o Select target
• Entry
  o Gain access
• Instrumental initiation
  o Infection
  o Date exfiltration
• Instrumental Actualisation
  o Encryption
• Doing
  o Extortion
  o Communication
  o Cash-in
  o Emancipation
• Post-condition
  o Money laundering
  o Pay collaborators and reinvest
• Exit

Question 16

What are the products on the dark market?

Answer 16

• Drug market
  o Shift off/on
  o Safer? Yes
  o Reliable? Depends
• Firearms
  o Under Investigated
  o Costs are higher than on normal market
  o Specialised websites
  o USA
• Identity Documents
  o Forums
  o Closed Websites
  o Prices vary
• Cybercrime
  o Data leaks
  o Email lists
  o Malware
  o CaaS

Question 17

What are the Dark Market Dynamics?

Answer 17

• Sellers and Buyers
  o Trust
  o Moderators
  o Scammers
• Payment
  o Cryptocurrencies
  o Escrow services
• Relation with LEAs and victims
  o Based on countries with weak legislation
  o CC and leaks primary victims: Western countries

Question 18

What are the forms of crime displacement?

Answer 18

• Temporal Displacement
  o Criminals are active in a different moment of the day (not so relevant for cybercrime, but can be effective)
• Tactical Displacement
  o Criminals adopt a new modus operandi (highly relevant especially with new malware)
• Target Displacement
  o Criminals select new and easier to reach target (highly relevant with phishing campaigns)
• Type of Crime displacement
  o *Criminals choose a new type of crime (highly relevant)
• Spatial displacement
  o Criminals commit crimes in new locations (not so relevant for the target, but relevant for the methods – Silk Road case)
• Perpetrator displacement
  o New criminals substitute the apprehended ones

Question 19

What are the Structures of networks according to Leukefeldt?

Answer 19

• Networks in the paper targeted customers of financial institutions, however the networks in question were not restricted to one type of crime only
  o Core members were often involved in other forms of offline and online crime
  o Most networks fell into the high-tech category of networks, were mostly international in nature
   Networks were composed of core members, enablers
• In the networks, a fixed group of core members was clear however the composition of the networks was subject to change regularly
• Four positions are present in these networks
  o Core members; members of networks initiating and coordinating attacks on online banking
   Perform a directive role for other members of the network
   Individuals providing services to criminal network are in a layer below core members
  o Professional enablers; offers services to core members and other criminals on own initiative
  o Recruited enablers; much simpler services to core members, and are encouraged by core members to do so
  o Money mules; bottom layer of networks, these people are used by core members or enablers to interrupt financial trail leading back to core members

Question 20

What is the origin and growth of cybercriminal networks according to leukefeldt?

Answer 20

Origin and growth
- Social ties play a role in the origin and growth of cybercriminal networks
o In Dutch cases, cybercriminal networks have emerged and grown as a result of core members knowing each other from the offline world
 Enablers and money mules were also recruited through social networks
- Forums still play an important role in networks
o Enable individuals to find suitable co-offenders and also provide a marketplace for buying and selling criminal services
o Forums gave access to criminal capabilities, and thus networks were able to increase their capacities relatively quickly compared to networks without access to these forums
- Four types of growth can be distinguished
o Completely through social contacts
o Social contacts as a base and forums to recruit specialists
o Forums as a base and social contacts to recruit local criminals
o Completely through forums
- All networks in the paper are engaged in attacks on online banking systems
o Crime scripts can be divided into two categories
 Low-tech & high-tech attacks
o These categories can be further subdivided
 Low-tech attacks with a high degree of direct interaction between attacker and victim
 Low-tech attacks with a low degree of direct interaction
 High-tech attacks with a low degree of interaction
 High-tech attacks without interaction
o
- Fig.1 shows relationship between crime scripts, international components, degree of specialization of networks ○ Y-axis; degree of technology use and offender-victim interaction ○ X-axis; degree to which a network has international components
- Fig.1 shows whether a network consists of specialists engaged in a singular type of attack or one that deploys all kinds of criminal activities
o ○ Majority of networks fall into category of high-tech and international networks
 ■ Core members, enablers, victims originate from different countries
o None of the networks fall into the local low-tech category
 ■ Clear difference form the Dutch cases where over half the networks fell into that category
o In each category there are specialized and non-specialized networks
- Social ties Vs. Forums
o Social ties playing an important role in the majority of networks can be confirmed for 16 out of the 21 networks where information exists about origin and growth
o Analysis shows that forums play an important role for the majority of cybercrime networks
 Forums play a role in 18 of the 22 networks and are used by the groups for different purposes
* Recruit enablers
* Purchase services
* Selling services
 Real world social ties, are of continued importance in the origin, growth process of cybercriminal networks
* Forums are also crucial for a change in the origin and growth of networks and also criminal possibilities
o Forums play a role as a social meeting place for buying services or selling goods
 Networks whose origin and growth take place on forums form a special group
* Are more fluid and have a small number of core members
* Forums ensure that traditional limitations of social ties can be overcome
o Forums make it possible to make new contacts and expand criminal possibilities

Question 21

What is Wall (2010) definition of cybercrime

Answer 21

Cyber-dependent crimes or true cybercrimes (Dos, Hacking)
* Cyber-enabled crimes or hybrid cybercrimes (Piracy, Scams, Phishing)
* Cyber-assisted crimes (Computer incidental to a real-world crime)