Enhancing the effectiveness of cybercrime prevention through policy monitoring

This article examines the feasibility of designing and implementing a cybercrime prevention monitoring approach to enhance the quality of knowledge about policies that aim to reduce the prevalence and impact of online harms. Despite very significant investments made by governments over the past decade to improve the cybersecurity of publicly and privately-operated computer systems, there is very limited systematic knowledge about what cybercrime prevention policies have been adopted in various parts of the world and even less knowledge about their effectiveness in reducing the exposure of individuals and organizations to cybercrime. Borrowing from the policy monitoring (or policy surveillance) methodology that was developed in a broad range of fields such as public health and education, this article argues that such an approach would be critical in advancing our understanding of what is being done to control cybercrime, what works, what doesn’t, and what is promising. This article provides an overview of the principles and benefits of the policy monitoring approach, reviews the main features of a sample of 18 policy monitoring platforms, assesses a dozen cybersecurity policy rating initiatives—concluding that very few of them include cybercrime in their framework, then provides a template for the creation of a dedicated cybercrime prevention monitoring tool that would benefit academics, policy-makers and practitioners

Datation par le carbone 14 d'un niveau sédimentaire de l'archipel du lac Tchad

International audienceUne datation de 460 ans BP d'un niveau d'argile d'une carotte prélevée dans l'archipel du lac Tchad permet de situer une phase d'assèchement dans l'histoire récente du lac et de calculer une vitesse de sédimentation. Le rôle et l'importance des conditions locales sont soulignés

The impact of a Canadian financial cybercrime prevention campaign on clients’ sense of security

The purpose of this study was to evaluate the impact of a cybercrime prevention campaign that was run by a Canadian financial institution. More specifically, we examined how participants/clients perceived the financial institution’s initiative to inform them about cybercrimes. The study also explored whether or not the campaign had the desired effect, which was to reinforce the clients’ sense of security. This campaign took place on October 2018 and 1452 adults (831 males and 621 females) participated in the online web survey. The results indicated that the prevention campaign had been positively perceived by most of the respondents (93.2%). However, only a low percentage of individuals (18%) had seen the poster/campaign prior to the completion of the survey while the majority (82%) accessed the prevention campaign’s components during the survey. Further analysis has shown no gender differences in participants’ responses. In general, participants felt that the campaign has increased their sense of security, especially among older individuals (55 years old and over). Most participants have expressed an interest in receiving more information on cybercrime and how to take actions on protecting one’s self. Results suggest that it would be advisable to conduct targeted prevention campaigns in order to reach out to as many people as possible. Discussion also includes practical recommendations based on the results and the review of the literature

Enhancing relationships between criminology and cybersecurity

‘Cybercrime’ is an umbrella concept used by criminologists to refer to traditional crimes that are enhanced via the use of networked technologies (i.e. cyber-enabled crimes) and newer forms of crime that would not exist without networked technologies (i.e. cyber-dependent crimes). Cybersecurity is similarly a very broad concept and diverse field of practice. For computer scientists, the term ‘cybersecurity’ typically refers to policies, processes and practices undertaken to protect data, networks and systems from unauthorised access. Cybersecurity is used in subnational, national and transnational contexts to capture an increasingly diverse array of threats. Increasingly, cybercrimes are presented as threats to cybersecurity, which explains why national security institutions are gradually becoming involved in cybercrime control and prevention activities. This paper argues that the fields of cyber-criminology and cybersecurity, which are segregated at the moment, are in much need of greater engagement and cross-fertilisation. We draw on concepts of ‘high’ and ‘low’ policing (Brodeur, 2010) to suggest it would be useful to consider ‘crime’ and ‘security’ on the same continuum. This continuum has cybercrime at one end and cybersecurity at the other, with crime being more the domain of ‘low’ policing while security, as conceptualised in the context of specific cybersecurity projects, falls under the responsibility of ‘high’ policing institutions. This unifying approach helps us to explore the fuzzy relationship between cyber-crime and cyber-security and to call for more fruitful alliances between cybercrime and cybersecurity researchers

Countering distrust in illicit online networks : the dispute resolution strategies of cybercriminals

The core of this paper is a detailed investigation of the dispute resolution system contained within Darkode, an elite cybercriminal forum. Extracting the dedicated disputes section from within the marketplace, where users can report bad behaviour and register complaints, we carry out content analysis on these threads. This involves both descriptive statistics across the dataset and qualitative analysis of particular posts of interest, leading to a number of new insights. First, the overall level of disputes is quite high, even though members are vetted for entry in the first instance. Second, the lower ranked members of the marketplace are the most highly represented category for both the plaintiffs and defendants. Third, vendors are accused of malfeasance far more often than buyers, and that their “crimes” are most commonly either not providing the product/service or providing a poor one. Fourth, the monetary size of the disputes is surprisingly small. Finally, only 23.1% of disputes reach a clear outcome

Saisir la sécurité privée : quand l’État, l’industrie et la police négocient un nouveau cadre de régulation

L’accroissement substantiel de l’industrie de la sécurité a profondément changé la manière dont la sécurité est gouvernée aujourd’hui. Une récente proposition législative de la province de Québec sur la sécurité privée – Loi sur la sécurité privée – nous a servi de point de départ pour répondre à deux objectifs, soit tenter de définir l’objet « sécurité privée » et comprendre les liens qu’entretient cette sécurité privée avec l’État et la police. Une analyse de la littérature grise accompagnant cette loi (mémoires déposés à l’Assemblée nationale du Québec et consultations particulières de la Commission des institutions) nous a permis de décrire les divers morcellements de la sécurité privée, ainsi que la difficulté à la circonscrire clairement, les frontières l’entourant étant larges et poreuses. En outre, notre analyse a mis en lumière certaines spécificités de l’État dans la gouvernance de la sécurité – soit sa capacité à légiférer et à légitimer – qui continuent à peser sur l’industrie. Enfin, il est observé que l’industrie de la sécurité privée ne tente pas tant de se substituer à la police que de se construire une place à part, qui lui soit propre et, si est possible, libre de toute contrainte.The dramatic growth of the security industry has significantly altered the way security is governed today. We relied on a recent bill on private security enacted by the province of Québec to question two dimensions, that is the definition of the object ‘private security,’ as seen by the state, and the existing ties of this private security with the state and the public police. Drawing from submissions (white papers) made to the parliamentary committee reviewing the Bill and from transcripts of the hearings held in Parliament, we designed a four-layer model to describe the vagueness of the delimitations of private security, as well as its inner divisions. Then, we shed some light on the capacity of the state to legislate and legitimate, thus keeping the state in a very strategic, and partially unchallengeable, position in the governance of security. Finally, we found that the private security doesn’t want so much to replace the public police than create its own place in the field of security