Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

The Cybercrime Triangle

Information technology can increase the convergence of three dimensions of the crime triangle due to the spatial and temporal confluence in the virtual world. In other words, its advancement can lead to facilitating criminals with more chances to commit a crime against suitable targets living in different real-world time zones without temporal and spatial orders. However, within this mechanism, cybercrime can be discouraged “…if the cyber-adversary is handled, the target/victim is guarded, or the place is effectively managed” (Wilcox & Cullen, 2018, p. 134). In fact, Madensen and Eck (2013) assert that only one effective controller is enough to prevent a crime. Given this condition of the crime triangle, it must be noted that each of these components (the offender, the target, and the place) or controllers (i.e., handler, guardian, and manager) can play a pivotal role in reducing cybercrime. To date, scholars and professionals have analyzed the phenomenon of cybercrime and developed cybercrime prevention strategies relying predominantly on cybercrime victimization (suitable targets) but have yet to utilize the broader framework of the crime triangle commonly used in the analysis and prevention of crime. More specifically, the dimensions of cybercrime offenders, places, or controllers have been absent in prior scientific research and in guiding the establishment and examination of cybercrime prevention strategies. Given this gap, much remains to be known as to how these conceptual entities operate in the virtual realm and whether they share similarities with what we know about other crimes in the physical world. Thus, the purpose of this study is to extend the application of the “Crime Triangle,” a derivative of Routine Activity Theory, to crime events in the digital realm to provide scholars, practitioners, and policy makers a more complete lens to improve understanding and prevention of cybercrime incidents. In other words, this dissertation will endeavor to devise a comprehensive framework for our society to use to form cybersecurity policies to implement a secure and stable digital environment that supports continued economic growth as well as national security. The findings of this study suggest that both criminological and technical perspectives are crucial in comprehending cybercrime incidents. This dissertation attempts to independently explore these three components in order to portray the characteristics of cybercriminals, cybercrime victims, and place management. Specifically, this study first explores the characteristics of cybercriminals via a criminal profiling method primarily using court criminal record documents (indictments/complaints) provided by the FIU law library website. Second, the associations between cybercrime victims, digital capable guardianship, perceived risks of cybercrime, and online activity are examined using Eurobarometer survey data. Third, the associations between place management activities and cybercrime prevention are examined using “Phishing Campaign” and “Cybersecurity Awareness Training Program” data derived from FIU’s Division of Information Technology

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

What Do We Know About Senior Citizens As Cybervictims? A Rapid Evidence Synthesis

Internet-based victimization of senior citizens is an important potential threat of growing social, economic, and public policy interest. Given this, we sought to examine whether the existing research base could be used to formulate sound public policy in this area. To do so, we conducted a rapid evidence synthesis and assessment of the research literature from 2010-2020 surrounding three central organizing themes: cyber-related harms, responses and strategies, and prevention programs and solutions. Results reveal that there is an insufficient research base, lack of diverse research topics, and shortage of research beyond that of which is exploratory in nature. However, our findings did show promising insights on areas for future research development, such as support for seniors and their caregivers. We conclude with recommendations for future research that can begin to address the vulnerabilities senior citizens face with online victimization and potential policy implications for how to effectively combat this issue and these acts

Cybersecurity Legislation and Ransomware Attacks in the United States, 2015-2019

Ransomware has rapidly emerged as a cyber threat which costs the global economy billions of dollars a year. Since 2015, ransomware criminals have increasingly targeted state and local government institutions. These institutions provide critical infrastructure – e.g., emergency services, water, and tax collection – yet they often operate using outdated technology due to limited budgets. This vulnerability makes state and local institutions prime targets for ransomware attacks. Many states have begun to realize the growing threat from ransomware and other cyber threats and have responded through legislative action. When and how is this legislation effective in preventing ransomware attacks? This dissertation investigates the effects of state cybersecurity legislation on the number of ransomware attacks on state and local institutions from 2015-2019. I review various arguments linking cybersecurity legislation to cybersecurity vulnerability and develop a set of hypotheses about the features of legislation that should deter and prevent ransomware attacks. The cybersecurity literature suggests increased training is a key mechanism to prevent ransomware attacks. However, I find no relationship between direct state legislation on cybersecurity training and ransomware. Instead, the statistical evidence suggests that there are fewer ransomware attacks in states with legislation that indirectly encourages training by shifting the responsibility for a cyber failure back onto vulnerable institutions. This legislation typically focuses on data breaches and often requires the institution to disclose failures, which increases reputational costs. The threat of increased costs for a cybersecurity failure changes these institutions’ cost benefit analysis and encourages these institutions to proactively improve their cybersecurity, such as through increased training. I further examine data breach laws in California and find evidence that these types of laws can promote increased cybersecurity measures. Thus, future legislation should focus on holding institutions responsible for cybersecurity failures, which should in turn lead to increased cybersecurity

Analysis of cybercrime activity: perceptions from a South African financial bank

Research report submitted to the School of Economic and Business Sciences, University of the Witwatersrand in partial fulfilment of the requirements for the degree of Master of Commerce (Information Systems) by coursework and research. Johannesburg, 28 February 2017.This study is informed by very little empirical research in the field of cybercrime and specifically in the context of South African banks. The study bridges this gap in knowledge by analyzing the cybercrime phenomenon from the perspective of a South African bank. It also provides a sound basis for conducting future studies using a different perspective. In order to achieve this, an interpretive research approach was adopted using a case study in one of the biggest banks in South Africa where cybercrime is currently a topical issue and one that is receiving attention from senior management. Cohen and Felson (1979) Routine Activity Theory was used as a theoretical lens to formulate a conceptual framework which informed the data collection, analysis and synthesis of cybercrime in the selected bank. Primary data was obtained via semistructured interviews. Secondary data was also obtained which allowed for data triangulation. From the perspective of a South African bank, the study concluded that weak security and access controls, poor awareness and user education, prevalent use of the internet, low conviction rates and perceived material gain are the major factors that lead to cybercriminal activity. In order to curb the ever increasing rate of cybercrime, South African banking institutions should consider implementing stronger security and access controls to safeguard customer information, increase user awareness and education, implement effective systems and processes and actively participate in industry wide focus groups. The transnational nature of cybercrime places an onus on all banks in South Africa and other countries to collaborate and define a joint effort to combat the increasing exposure to cybercriminal activity. The use of the Routine Activity Theory provided an avenue to study the cybercrime phenomenon through a different theoretical lens and aided a holistic understanding of the trends and the behavioral attributes contributing to cybercriminal activity that can help South African banks model practical solutions to proactively combat the splurge of cybercrime. Keywords: Cybercrime, internet, crime, computer networks, Routine Activity Theory, South African banks.GR201

Cyber Defense Planning in Tabletop Exercises and Consideration of a Fractured Flaw Theory for Security Applications

Cybersecurity threats endanger every part of American life. Security and emergency preparedness professionals plan and prevent cyber-attacks using tabletop exercises. The tabletop exercises establish the risks and protection strategies for multiagency threats, thus, various agencies and industrial partners must work together in these training events. The purpose of this grounded study will be to develop criteria for selecting tabletop participants and explore the risks of participation. An additional consideration is the impact of the sponsoring agencies\u27 agenda on the value of the outcome for the participants. There is sufficient evidence to justify the investigation of these issues. Failing to include the correct participants has led to significant data breaches in the last few years. Participants may also place themselves in more significant harm through participation. The publication of the outcomes of tabletop exercises, including security gaps, causes grave concerns. The primary theory guiding security concepts is Walodi Weibull\u27s ‘weakest link theory;’ however, the flawed fracture theory may be invaluable as an alternative to the weakest link theory. The study design will qualitatively evaluate recent critical infrastructure exercises. Historical literature reviews and current qualitative efforts (ongoing exercises, action items, interviews, and surveys) provide the basis for improvement. A survey with 39 participants, four in-depth interviews across multiple business sizes, and one federal employee yielded findings related to noncompliance, tabletop baggage, and cascading events. Not having the correct participants leads to weaknesses across tabletop events. Having a missing organization or participant causes complications in response and leads to unrealistic responses. The current consequence of participating in a tabletop exercise was that although participation improved responsiveness and security, smaller partners may face a disproportionate increase in risk. Finally, the agenda, goals, and objectives are all impacted by the tabletop exercise’s sponsor. The prevalence of organizational noncompliance was unexpected. Theoretically, expanding from the weakest link model to the fractured flaw model will significantly improve how security professionals manage risk and survivability. Improving tabletop exercises will enhance the nation\u27s emergency preparedness and potential resiliency

Crime scripting: A systematic review

The file attached to this record is the author's final peer reviewed version.More than two decades after the publication of Cornish’s seminal work about the script-theoretic approach to crime analysis, this article examines how the concept has been applied in our community. The study provides evidence confirming that the approach is increasingly popular; and takes stock of crime scripting practices through a systematic review of over one hundred scripts published between 1994 and 2018. The results offer the first comprehensive picture of this approach, and highlights new directions for those interested in using data from cyber-systems and the Internet of Things to develop effective situational crime prevention measures