Trust and exchange : the production of trust in illicit online drug markets

Au cours de la dernière décennie, les marchés illicites en ligne sont passés de niches de marchés à plateformes économiques à part entière. L’un des aspects de cette expansion semble reposer dans l’abandon de l’articulation traditionnelle de la relation de confiance entre vendeurs et acheteurs pour l’adoption de transactions régies par les principes d’atomisation sociale et d’anonymat. Se situant au cœur d’une sociologie économique des marchés illicites encore émergente, cette thèse cherche donc à étudier l’élaboration de la confiance au sein des marchés de drogues illicites en ligne. En m’appuyant sur la notion d’institutions en tant que constructions sociales, j'avance la thèse selon laquelle ces marchés illicites modernisent les modalités de transaction des marchés licites traditionnels : des contrats sont proposés ; des tribunaux sont érigés; la sanction est formalisée ; et la gouvernance est transformée. Cette approche permet de révéler un schisme fondamental de la littérature et de ses postulats à l’égard de l'ordre social régnant au sein des marchés illicites en ligne -- rupture qui s’exprime notamment par l’opposition entre 1) une conception de ces marchés comme socialement atomisés et régis uniquement par la réputation ; et 2) l’idée selon laquelle les serveurs restent sous le contrôle des administrateurs. Afin de pallier cette discordance, je propose un modèle d’élaboration de la confiance notamment issu des approches cognitives et comportementales. Premièrement, je soutiens qu'un ensemble de mécanismes actifs de renforcement remplace fonctionnellement les principes sociaux traditionnels de la confiance. Deuxièmement, je soutiens que la confiance, aussi bien interpersonnelle qu’abstraite (à savoir, la confiance accordée aux institutions), est principalement produite selon un processus bayésien d'accumulation d'expériences. Dans cette perspective, l'article « Uncertainty and Risk » examine l'ensemble des mécanismes actifs de renforcement de la confiance -- première composante de ce modèle -- et révèle que les vendeurs ajustent les prix non seulement en fonction de la réputation, mais également des contrats et du statut. Dans les articles suivants, le processus bayésien d'accumulation d'expériences -- deuxième partie du modèle -- est abordé. L’étude menée dans l‘article « Building a case for trust » met ainsi en lumière une association entre les échanges répétés avec le vendeur et une tendance à effectuer des transactions de plus en plus importantes. Le troisième article (« A change of expectations? »), quant à lui, met en exergue le fait qu’un faible nombre d’expériences satisfaisantes suffit à augmenter la certitude de l’acheteur quant à la qualité du produit illicite. Dans leur ensemble, ces deux articles soutiennent l’idée selon laquelle le processus d'accumulation d'expériences favorise la coopération et les attentes. Enfin, ce travail s’achève par l’articulation des deux composantes de ce modèle et, de manière plus générale, par l’articulation de la thèse de la modernisation et d’une conception de la confiance dont l’élaboration repose sur un processus d’accumulation d’expériences sociales. L’apport unique d'une sociologie économique dans l’étude criminologique des marchés illicites est notamment souligné et des pistes de recherches futures sont discutées.During the last decade illicit online drug markets have grown from niche markets into full-fledged platform economies. It seems that over the course of a few years, sellers and buyers have left the social bases of trust behind preferring to exchange under conditions of social atomization and anonymity. Situated in an emerging economic sociological approach to illicit markets, this work examines the production of trust in illicit online drug markets. Drawing on economic sociology, namely, the notion of institutions as social constructions, I advance the thesis that these markets modernize the premodern exchange modes of traditional illicit markets: Contracts are implemented; courts are erected; sanctions are formalized; and governance transforms. This analysis reveals a fundamental schism in the literature and its assumptions about the social order of illicit online markets. Specifically, a conception of these markets as socially atomized and governed only by reputation, versus the recognition that servers remain under the control of administrators. Building off the modernization thesis and the schism, I propose a model for the production of trust that is sensitive to both cognitive and behavioral approaches to trust. First, I propose that a set of active trust producing mechanisms functionally replace the bases of trust that have eroded as illicit markets move online. Second, I argue that trust is primarily produced through a Bayesian process of accumulating experience, which produces both interpersonal and abstract trust. In the article Uncertainty and Risk I examine the first component, the active production of trust. I revisit a key debate in the literature, the pricing of illicit goods. We find that sellers set prices adjust prices not only with respect to reputation, but also contracts and status. In the following two articles, I examine the second part of the model, the bayesian process of experience accumulation. In the article Building a Case for Trust, I find that repeated exchanges with a seller are associated with a propensity towards larger transactions. In the third article, A Change of Expectations?, I find that even a few experiences increases expectations in the performance of the market institution. Thus, the two articles provide evidence that the process of experience accumulation promotes cooperation and expectation. I conclude the work by reconciling a tension between the two components of the model, the proposition that markets are modernized, but that trust is produced primarily through a process of experience accumulation. On this basis, I continue to highlight the contributions and analytical advantages of the economic sociological approach to illicit markets

Cyber Infrastructure Protection: Vol. III

Despite leaps in technological advancements made in computing system hardware and software areas, we still hear about massive cyberattacks that result in enormous data losses. Cyberattacks in 2015 included: sophisticated attacks that targeted Ashley Madison, the U.S. Office of Personnel Management (OPM), the White House, and Anthem; and in 2014, cyberattacks were directed at Sony Pictures Entertainment, Home Depot, J.P. Morgan Chase, a German steel factory, a South Korean nuclear plant, eBay, and others. These attacks and many others highlight the continued vulnerability of various cyber infrastructures and the critical need for strong cyber infrastructure protection (CIP). This book addresses critical issues in cybersecurity. Topics discussed include: a cooperative international deterrence capability as an essential tool in cybersecurity; an estimation of the costs of cybercrime; the impact of prosecuting spammers on fraud and malware contained in email spam; cybersecurity and privacy in smart cities; smart cities demand smart security; and, a smart grid vulnerability assessment using national testbed networks.https://press.armywarcollege.edu/monographs/1412/thumbnail.jp

Cyber Infrastructure Protection: Vol. II

View the Executive SummaryIncreased reliance on the Internet and other networked systems raise the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including: the nation’s mass transit and other transportation systems; banking and financial systems; factories; energy systems and the electric power grid; and telecommunications, which increasingly rely on a complex array of computer networks, including the public Internet. However, many of these systems and networks were not built and designed with security in mind. Therefore, our cyber infrastructure contains many holes, risks, and vulnerabilities that may enable an attacker to cause damage or disrupt cyber infrastructure operations. Threats to cyber infrastructure safety and security come from hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Cyber attackers can introduce new viruses, worms, and bots capable of defeating many of our efforts. Costs to the economy from these threats are huge and increasing. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cyber attacks, and to establish and enhance a framework to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such an infrastructure. This book addresses such questions as: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing telecommunications networks and information systems infrastructure security? What role will government and the private sector play in homeland defense against cyber attacks on critical civilian infrastructure, financial, and logistical systems? What legal impediments exist concerning efforts to defend the nation against cyber attacks, especially in preventive, preemptive, and retaliatory actions?https://press.armywarcollege.edu/monographs/1527/thumbnail.jp

ENTREPRENEURSHIP AND SUSTAINABLE DEVELOPMENT OF AGRICULTURE AS A STRATEGY OF RURAL DEVELOPMENT IN RURAL AREA Obaniyi K.S. Aremu, C.O, Adedapo, O.A , Wale, A.J.. & Alade B.T.,

Rural area is the most vulnerable sector of the economy in terms of food insecurity , unemployment and poverty . However entrepreneurship has provided solution to some extent to the problem of rural area. Since agriculture is the main source of livelihood of the rural community, sustaining entrepreneurship is an emerging problem among the agricultural communities as they seek key answers to sustainable agricultural development in rural communities. This paper seeks to identify the challenges the farmers entrepreneurship faced and how they can be motivated to overcome them in Nigeria. The finding revealed major challenges to rural development to be: high illiteracy level , lack of human capacity development, lack of continuity of government programme, lack of unity and cooperative efforts and high level of corruption and crime . Therefore, this paper conclude that in order to ensure a sustainable entrepreneurship and rural development , there is a need to have effective human capital development , engagement of principle of continuity of successive government, a viable cooperative system in the rural area and engagement of corruption free leadership system. Therefore this paper recommend the China model of development of rural area. The Agricultural programs adopted in China's rural development include decentralization of agricultural production, green revolution, commodity-based production, and agricultural market liberalization. Keywords: Entrepreneurship, Sustainable , Rural ,Development, Agriculture

Externalities and Enterprise Software: Helping and Hindering Legal Compliance

Enterprise software helps organizations comply with laws and regulations, yet software itself creates negative externalities that can undermine rights and laws. Software developers are an important regulatory force, yet many know little about how law and software interact. This work examines developer understanding of legal concepts and examples of the software code and law relationship: payroll, Sarbanes Oxley Act, web accessibility, and data protection

Understanding the Impact of Hacker Innovation upon IS Security Countermeasures

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace. Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining to the defeat of IS security countermeasures. This research sought to understand the manner in which hackers diffuse innovations within these communities. Employing a multi-site, positivist case study approach of four separate hacking communities, the study examined how hackers develop, communicate, and eventually adopt these new techniques and tools, so as to better inform future attempts at mitigating these attacks. The research found that three classes of change agents are influential in the diffusion and adoption of an innovation: the developer/introducer of the innovation to the community, the senior member of a community, and the author of tutorials. Additionally, the research found that three innovation factors are key to successful diffusion and adoption: the compatibility of the innovation to the needs of the community, the complexity of the innovation, and the change in image conferred upon the member from adopting the innovation. The research also described the process by which innovations are adopted within the hacking communities and detailed phases in this process which are unique to these communities

Fraud prevention through segregation of duties: authorization model in SAP GRC Access Control

The occurrence of cases motivated by fraud is becoming more prevalent in companies with weak internal control policies and security vulnerabilities. On one hand, internal fraud is usually carried out by top management or accounting positions which have higher privileges, and thus, more capabilities in the system to commit fraud. On the other hand, external fraud is managed by hackers who gain access to the internal information system through stealing employee credentials. This project presents a solution to prevent fraud in companies. This proposal consists in controlling and managing user’s authorizations through an Access Control principle: Segregation of Duties. Following this security philosophy, it is defined a role based architecture. Furthermore, a detailed process on Segregation of Duties is carried out from a risk-based approach. Conflicts among critical tasks lead to significant risks in the system. Those risks become the core of the study. With an emphasis on risk management lifecycle, it is described every phase developed for achieving an implementation that complies with Segregation of Duties. Based on the design proposed, it is depicted the methodology of a project, by using a tool that integrates and streamline risks, compliance, corporate governance and access control policies, which is SAP GRC Access Control. Taking into consideration the security measures defined, costs of its implementation were calculated to be compared with the great losses occasioned by fraud and data breaches. The results showed that the percentage invested in security is almost imperceptible, ranging from 0.002% to 0.7% of the economic losses that fraud involves. Finally, from the results presented and the methodology of the project performed, conclusions and recommendations are presented for enterprises to avoid fraud, through its detection and control.Doble Grado en Ingeniería Informática y Administración de Empresa

Unwanted entailments of the current EU AML/CFT regime

Dissertation presented as the partial requirement for obtaining a Master's degree in Law and Financial MarketsA presente tese visa investigar, de forma pragmática, a batalha contra o financiamento do terrorismo e o branqueamento de capitais no contexto do quadro europeu existente, bem como algumas das suas repercussões indesejadas. Para atingir esse objetivo, foi dada uma elucidação abrangente de todo o processo. A investigação, a acusação e a punição de todas as formas de enriquecimento ilícito estão atualmente em voga, bem como, sem dúvida, o financiamento do terrorismo. A monitorização das transações recebeu uma ênfase especial porque é a génese de alertas automatizados de atividades invulgares, dentro de um esquema complexo de relatórios. Foi utilizada uma abordagem técnica do instrumento, especialmente para ilustrar os custos de contingência e prudenciais esperados das instituições financeiras. Os determinantes dos fatores de risco num dado contexto também estavam sob escrutínio, bem como a necessidade de transparência num dado sistema. A tese também elucidou a incongruência de questões de aparente interesse público, nomeadamente a prevenção do branqueamento de capitais e financiamento do terrorismo e as suas reflexões negativas na proteção do consumidor e na integração financeira.The current thesis aimed to pragmatically investigate the battle against terrorism financing and money laundering in the context of the existing European framework, as well as some of its unintended repercussions. To achieve that goal, a comprehensive elucidation of the whole process was given. Investigation, prosecution, and punishment of all forms of illicit enrichment are currently in vogue., as well as, undoubtedly, the financing of terrorism. Transaction monitoring was given a special emphasis because it is the genesis of automated alerts of unusual activities, within a complex reporting scheme. A technical approach of the tool was utilized, especially to illustrate the contingency and prudential costs expected of financial institutions. The determinants of risk factors in given context were also under scrutiny, so was the need for transparency in given system. The thesis also elucidated the incongruity of two seemly public interest matters ML-FT prevention and its negative reflections in consumer protection and financial integration

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets