Crime scripting: A systematic review

The file attached to this record is the author's final peer reviewed version.More than two decades after the publication of Cornish’s seminal work about the script-theoretic approach to crime analysis, this article examines how the concept has been applied in our community. The study provides evidence confirming that the approach is increasingly popular; and takes stock of crime scripting practices through a systematic review of over one hundred scripts published between 1994 and 2018. The results offer the first comprehensive picture of this approach, and highlights new directions for those interested in using data from cyber-systems and the Internet of Things to develop effective situational crime prevention measures

Reducing Ransomware Crime: Analysis of Victims’ Payment Decisions

In this paper, the decision-making processes of victims during ransomware attacks were analysed. Forty-one ransomware attacks using qualitative data collected from organisations and police officers from cybercrime units in the UK were examined. The hypothesis tested in this paper is that victims carefully analyse the situation before deciding whether to pay a ransom. This research confirms that victims often weigh the costs and benefits of interventions before making final decisions, and that their decisions are based on a range of reasons. As ransomware attacks become more prevalent globally, the findings should be highly relevant to those developing guidance and policies to prevent or minimise ransom payments

Applying Neutralisation Theory to Better Understand Ransomware Offenders

The work presented in this paper investigates the crime of ransomware from the perspective of neutralisation theory. In particular, this research-in-progress paper aims to explore the feasibility of using neutralisation theory to better understand one of the key stakeholders in ransomware operations: the offenders. Individuals (including offenders) may employ techniques of neutralisation in order to justify their rule-breaking acts, and to diminish both the perceived consequences of their acts and the feeling of guilt. The focus of this work is on highly organised ransomware groups that not only conduct cyber attacks but also operate Ransomware-as-a-Service (RaaS) businesses. Secondary data was used in this research, including media interviews with alleged ransomware offenders. Data analysis is currently ongoing, but preliminary results show that ransomware offenders mainly use six neutralisation techniques to minimise the perceived impact and/or guilty feeling of their actions. These six neutralisation techniques are (1) denial of victim, (2) denial of injury, (3) claim of benefits, (4) claim of entitlement, (5) defence of necessity, and (6) claim of relative acceptability. The findings from this work can shed some light on the ransomware offending pathways, which in turn can be utilised to devise more effective countermeasures for combatting ransomware crime

The Social and Technological Incentives for Cybercriminals to Engage in Ransomware Activities

Ransomware attacks and the use of the dark web forums are two serious contemporary cyber-problems. These two areas have been investigated separately in the past, but there is currently a gap in our understanding with regard to the interactions between them – i.e., dark web forums that can potentially lead to ransomware activities. The rise of Ransomware-as-a-Service (RaaS) exacerbates these problems even further. The aim of this paper is therefore to investigate the social and technological discourse within the dark web forums that may foster or initiate some of the users’ pathway towards ransomware-related criminal activities. To this aim, we carried out data collection (crawling) of pertinent posts from the “Dread” dark web forum, based on sixteen keywords commonly associated with ransomware. Our data collection and manual screening processes resulted in the identification of 1,279 posts related to ransomware, with the posting dates between 25 March 2018 and 30 September 2022. Our dataset confirms that ransomware-related posts exist on the Dread dark web forum. We found that these posts can generally be grouped into eight categories: Hacker, Potential Hacker, RaaS Provider, Education, Information, News, Debate and Other. Furthermore, the contents of these posts shed some light on the social and technological incentives that may encourage some actors to get involved in ransomware crimes. In conclusion, such posts pose a threat to cyber security, because they might provide a pathway for wannabe ransomware operators to get in on the act. The findings from our research can serve as a starting point for devising practical countermeasures, for instance by considering how such posts should be handled in the future, or how some follow-up intervention actions can be prepared in anticipation of certain actors getting involved in ransomware as a result of reading posts in such forums

Privacy in Transport? Exploring Perceptions of Location Privacy Through User Segmentation

Unanticipated accumulation and dissemination of accurate location information flows is the latest iteration of the privacy debate. This mixed-methods research contributes a grounded understanding of risk perceptions, enablers and barriers to privacy preserving behaviour in a cyber-physical environment. We conducted the first representative survey on internet privacy concerns, cyber and physical risk taking, privacy victimisation, usage of location sharing apps and transport choices in the UK with 466 participants. The responses segregated participants into four distinct, novel clusters (cyber risk takers, physical risk takers, transport innovators, and risk abstainers) with cross-validated prediction accuracy of 92%. In the second part of the study, we qualitatively explored these clusters through 12 homogeneous focus groups with 6 participants each. The predominant themes of the groups matched their clusters with little overlap between the groups. The differences in risk perception and behaviours varied greatly between the clusters. Future transport systems, apps and websites that rely on location data therefore need a more personalised approach to information provision surrounding location sharing. Failing to recognise these differences could lead to reduced data sharing, riskier sharing behaviour or even total avoidance of new forms of technology in transport

Multistatic micro-doppler radar feature extraction for classification of unloaded/loaded micro-drones

This paper presents the use of micro-Doppler signatures collected by a multistatic radar to detect and discriminate between micro-drones hovering and flying while carrying different payloads, which may be an indication of unusual or potentially hostile activities. Different features have been extracted and tested, namely features related to the Radar Cross Section of the micro-drones, as well as the Singular Value Decomposition (SVD) and centroid of the micro-Doppler signatures. In particular, the added benefit of using multistatic information in comparison with conventional radar is quantified. Classification performance when identifying the weight of the payload that the drone was carrying while hovering was found to be consistently above 96% using the centroid-based features and multistatic information. For the non-hovering scenarios classification results with accuracy above 95% were also demonstrated in preliminary tests in discriminating between three different payload weights

Your Money or Your Business: Decision-Making Processes in Ransomware Attacks

In this paper, we explore decision-making processes of ransomware victims, focusing on organisations. We examine 39 ransomware attacks using qualitative data collected from victims and police officers from cybercrime units in the UK. A basic premise of this paper is that victims make rational decisions to (not) pay ransoms. Their decision-making processes represent a complex infrastructure that consists of several reasons that drive these choices. Our research shows that victims weigh the costs and benefits of the attack outcomes before making final decisions. The aim of this work is to develop an in-depth understanding of these processes and suggest measures to avoid ransom payments, which, in turn, will help reduce ransomware crime

Chapter 9: 'Crowd Spatial Patterns at Bus Stops: Security Implications and Effects of Warning Messages' from book: Safety and Security in Transit Environments: An Interdisciplinary Approach

This is a chapter from Safety and Security in Transit Environments: An Interdisciplinary Approach edited by Vania Ceccato and Andrew Newton. This chapter is available open access under a CC BY license. As other chapters in Safety and Security in Transit Environments assert, crimes such as pickpocketing can concentrate near bus stops, and crowding and congestion is a factor that heightens this risk. But to target interventions effectively, it is useful to determine what local-level interactions characterise this crowding behaviour. This paper aims to provide a first step to using data collected from laboratory experiments to address questions from crime and transport research. The experiment considered differences in interpersonal distances to further analyse crowding behaviour to attain further insight that could narrow the focus of possible interventions. Audio warnings are examined as a possible solution, and findings show that crowding peaks when passengers board the bus, and audio messages may be one approach for addressing this. To conclude, implications of identifying boarding as a problem area, and the effectiveness of warning messages as a situational crime prevention tool are discussed

Micro UAV crime prevention: Can we help Princess Leia?

Crime rates are known to be affected by changes in crime opportunity structures. Amongst the current causes of change are emerging technologies, and in particular, micro unmanned aerial vehicles (micro UAV). As those devices are becoming increasingly sophisticated, the perceived rewards, difficulties and risks associated with the commission of certain crimes can be significantly influenced. Detection of micro UAVs or those who operate them is therefore increasingly regarded as an important aspect of the prevention of future drone crimes. In this chapter, we empirically demonstrate the possibility of using a conventional radar system to detect micro UAVs flying and hovering in its line of sight, and discuss one the main limitations: target identification. Using a DJI Phantom 2 vision+ drone and a multistatic radar system operating at 2.4 GHz, we show that the radar signal scattered from this target is approximately ten times weaker than that scattered by a person. These experimental results with detection of a micro UAV in time and Doppler domain using a multistatic radar are believed to be the first of this kind reported in the literature