Skip to main content

Über dieses Buch

This book is about the human factor in cybercrime: its offenders, victims and parties involved in tackling cybercrime. It takes a diverse international perspective of the response to and prevention of cybercrime by seeking to understand not just the technological, but the human decision-making involved.

This edited volume represents the state of the art of research on the human factor in cybercrime, addressing its victims, offenders, and policing. It originated at the Second annual Conference on the Human Factor in Cybercrime, held in The Netherlands in October 2019, bringing together empirical research from a variety of disciplines, and theoretical and methodological approaches.

This volume will be of particular interest to researchers and students in cybercrime and the psychology of cybercrime, as well as policy makers and law enforcement interested in prevention and detection.



Part I



The second annual conference on the human factor in cybercrime was organized in October 2019 in The Netherlands. During this three day small-scale conference many well-known international researchers presented their latest work on the human factor in cybercrime. The small scale of the conference enabled us to make all sessions plenary. This resulted in lively discussions of the presented research and very useful feedback for the presenters. A large selection of the presented work is included as chapters in this book. This collection of chapters represents the state of the art of research on The Human Factor in Cybercrime. All chapters are based on high quality empirical research and contain a variety of disciplines and theoretical and methodological approaches, all related to human factors in cybercrime.
Marleen Weulen Kranenbarg, Rutger Leukfeldt

The Annual Conference on the Human Factor in Cybercrime: An Analysis of Participation in the 2018 and 2019 Meetings

The Annual Conference on the Human Factor in Cybercrime is a small and specialised scientific event that aims to bring together scholars from around the world to present their research advances to a select audience. Its dynamic and linear format favours group discussions since all contributions are heard by all the attendants. This, together with its tailored social scheme, promotes interaction between members, which—in turn—leads to new collaborations. However, it has not yet been analysed whether the design of the conference actually encourages varied participation and fosters collaborative networks among its participants. The purpose of this chapter is to assess participation in the 2018 and 2019 editions to determine whether this is the case. Using descriptive analyses, here we show how participation in the conference has varied and examine the composition of the collaboration networks among the participants. The results show an increased and more diverse participation in the 2019 meeting along with a greater presence of stakeholders. Furthermore, the findings reveal that members of previously established organisations play an important role in cohering the network. Yet few connections exist between academia and practice. A further analysis of the strengths and weaknesses identified in the two editions of the conference serves to elaborate a series of recommendations for future editions.
Asier Moneva



The Online Behaviour and Victimization Study: The Development of an Experimental Research Instrument for Measuring and Explaining Online Behaviour and Cybercrime Victimization

The rise in cybercrime victimization underlines the need to understand how people behave online and how unsafe online behaviour may be related to victimization. Previous studies have often relied on self-reported behaviour or attitudes towards precautionary online behaviour. Studies that measured both actual online behaviour and explanatory factors in a large population are scarce. In this chapter, the research instrument of the online behaviour and victimization study is introduced. The chapter will outline the development of this instrument, which uses a population-based survey experiment. With this instrument, the actual behaviour of internet users can be measured. While filling out the survey respondents encounter (fictional) cyber-risk situations, allowing researchers to analyse how respondents deal with these situations. Moreover, based on theories and an extensive literature study that is shortly outlined in this chapter, measurements were incorporated in the study for numerous explanatory factors, including knowledge (awareness), opportunity and motivation. Finally, previous cybercrime victimization is measured, making it possible to research the association between actual online behaviour and online victimization.
M. Susanne van ’t Hoff-de Goede, E. Rutger Leukfeldt, Rick van der Kleij, Steve G. A. van de Weijer

No Gambles with Information Security: The Victim Psychology of a Ransomware Attack

Ransomware is a cybercrime in which criminals must coerce their victims’ cooperation to profit from infections. There are generally three possible outcomes of a successful infection: (1) a user, having a secure recent backup of his data, will not feel compelled to pay; (2) an unprepared victim would rather accept the data loss than pay the ransom; and (3) the victim values the compromised data more than the ransom being asked, and therefore pays. Though such crimes are initiated by technological means, they rely on social persuasion for success. The argument will be put forward in this paper that ransomware attacks take advantage of the psychology of loss aversion, and that by delivering loss feedback, these attacks exert a psychological influence that is advantageous to the attackers, and which affects individuals differently according to their neural characteristics. Evidence from cognitive, personality and evolutionary psychology are each presented; directions for further research into the risk factors and mechanisms of persuasion in ransomware attacks are indicated.
David L. McIntyre, Richard Frank

Shifting the Blame? Investigation of User Compliance with Digital Payment Regulations

Users play a crucial role in the majority of successful cyberattacks. Compliance with information security guidelines can lead to more secure digital behavior and thereby reduce the chance of successful attacks. Since customer compliance is especially relevant for banks, the Dutch Banking Association (DBA) has developed and implemented a set of five security guidelines for customers. Each guideline is split into several specific actions that customers need to undertake in order to comply. Failure to comply can lead to a negligence claim and financial losses when falling victim to cybercrime. Such security guidelines are only successful if people are aware of their existence and mostly comply. In a user survey (n = 119) we tested whether this was the case. Results indicate that only a quarter of our sample (24.4%) was aware guidelines existed. When asked about compliance with the five general guidelines, less than a quarter (23.5%) of participants reported following all five guidelines. When asked about compliance with all specified actions needed to comply with these guidelines, only 3.4% reported complete compliance. A more in-depth analysis revealed that awareness of the guidelines did not increase compliance. The findings from this paper support recent findings in the security literature that knowledge and awareness alone do not increase secure digital behavior. Taken together, the low awareness and even lower compliance rates with the DBA security guidelines demonstrated in this study suggest that banks may be unfairly shifting the blame towards their customers.
Sophie Van Der Zee

Protect Against Unintentional Insider Threats: The Risk of an Employee’s Cyber Misconduct on a Social Media Site

Social media is a cybersecurity risk for every business. What do people share on the Internet? Almost everything about oneself is shared: friendship, demographics, family, activities and work-related information. This could become a potential risk in every business if the organisation’s policies, training and technology fail to properly address these issues. In many cases, it is the employees’ behaviour that can put key company information at danger. Social media has turned into a reconnaissance tool for malicious actors and users accounts are now seen as a goldmine for cyber criminals. Investigation of social media is in the embryonic stage and thus is not yet well understood. This research project aims to collect and analyse open-source data from LinkedIn, discover data leakage and analyse personality types through software as a service (SAAS). The final aim of the study is to understand if there are behavioural factors that can predict one’s attitude towards disclosing sensitive data.
Guerrino Mazzarolo, Juan Carlos Fernández Casas, Anca Delia Jurcut, Nhien-An Le-Khac

Assessing the Detrimental Impact of Cyber-Victimization on Self-Perceived Community Safety

The internet has grown to become a primary means of interpersonal communication in many developed nations, bringing with it novel avenues for victimization. Academic study has demonstrated that these harms have significant adverse impacts on their victims’ sense of safety, both in digital and “real world” domains. Despite academic awareness, cyber-victimization remains largely absent from North American assessments of community safety. This study uses a cross-sectional sample of Canadian residents aged 15 or older, collected by Statistics Canada for the 28th cycle of the General Social Survey, to assess self-perceived community safety reported by individuals who had experienced cyber-victimization in the previous 12 months. Results indicated that the cyber-victimization group reported a significantly lower sense of safety, and that individuals who experienced cyber- and localized victimization were most adversely affected. This paper was intended to provide clarity for the development of community safety research in Canada, and includes policy discussion tailored toward this purpose.
James F. Popham

Show Me the Money! Identity Fraud Losses, Capacity to Act, and Victims’ Efforts for Reimbursement

In the Internet age, identity fraud has become quite a popular way to steal money—resulting in substantial numbers of victims as evidenced by victimization surveys. This article focuses on people who have been illegally debited from their bank account, one of the most common forms of identity fraud. For this group, we examine their patterns of action to report the incident to banks and police, and their success in achieving reimbursement of the money they lost. Following the argument of the Netherlands Council for Government Policy, it is assumed here that the “capacity to act” varies between people. In this context, it may lead to differential outcomes for victims after ID fraud. More specifically, we expect that groups in a socially disadvantaged position (low-educated) as well as impulsive people will more often refrain from contacting formal agencies (bank, police), and therefore more frequently lack reimbursement and remain with larger financial losses. Gottfredson and Hirschi’s self-control theory and Black’s theory on the behavior of law offer additional insight in support of this argument. We use data from 636 victims that were surveyed in the LISS panel, which is based on a Dutch representative population sample. Most of our hypotheses are confirmed by the data.
Johan van Wilsem, Take Sipma, Esther Meijer-van Leijsen

Victims of Cybercrime: Understanding the Impact Through Accounts

The technological changes of the last 30 years have facilitated a substantial increase in cybercrimes. The impact of these crimes on victims has not been the subject of extensive research. This paper based upon a British Home Office funded study draws upon the experience of 52 victims of computer misuse crime, which can be broadly grouped under hacking and computer virus related crimes. Drawing upon the interviews with these victims the researchers identified a continuum of three components founded upon the seriousness of the incident and the impact on the victim. These three categories included: incidents of inconvenience, crimes of inconvenience and serious crimes of personal violation or significant financial loss or fear of. The paper provides depth accounts of 15 of the 52 victims interviewed to illustrate this continuum.
Mark Button, Dean Blackbourn, Lisa Sugiura, David Shepherd, Richard Kapend, Victoria Wang

The Impact of a Canadian Financial Cybercrime Prevention Campaign on Clients’ Sense of Security

The purpose of this study was to evaluate the impact of a cybercrime prevention campaign that was run by a Canadian financial institution. More specifically, we examined how participants/clients perceived the financial institution’s initiative to inform them about cybercrimes. The study also explored whether or not the campaign had the desired effect, which was to reinforce the clients’ sense of security. This campaign took place on October 2018 and 1452 adults (831 males and 621 females) participated in the online web survey. The results indicated that the prevention campaign had been positively perceived by most of the respondents (93.2%). However, only a low percentage of individuals (18%) had seen the poster/campaign prior to the completion of the survey while the majority (82%) accessed the prevention campaign’s components during the survey. Further analysis has shown no gender differences in participants’ responses. In general, participants felt that the campaign has increased their sense of security, especially among older individuals (55 years old and over). Most participants have expressed an interest in receiving more information on cybercrime and how to take actions on protecting one’s self. Results suggest that it would be advisable to conduct targeted prevention campaigns in order to reach out to as many people as possible. Discussion also includes practical recommendations based on the results and the review of the literature.
Cameron Coutu, Benoît Dupont



Saint or Satan? Moral Development and Dark Triad Influences on Cybercriminal Intent

Research into psychological characteristics of cybercrime offenders is scarce, especially concerning cyber-dependent crimes. We shed light on the issue by evaluating the connection of negative and positive personality traits on cybercriminal intent. Specifically, we focus on the so-called Dark Triad of personality—Machiavellianism, narcissism, and psychopathy, as well as on moral development. We conduct a survey with students of a major German university who attended computer science/informatics courses or were enrolled in a major in informatics. Using the theory of planned behavior to measure cybercrime, we find that only higher Machiavellian and psychopathic tendencies coincide with higher cybercriminal intention, whereas there is no significant effect of narcissism on cybercriminal intention. On the other hand, moral development on a rule-abiding level has a deterrent effect. Contrary to intuition, stronger moral reasoning on a principled level might increase cybercriminal intention. We critically discuss our findings and future research directions.
Nicole Selzer, Sebastian Oelrich

Cyber-Dependent Crime Versus Traditional Crime: Empirical Evidence for Clusters of Offenses and Related Motives

It is unknown to what extent cyber-dependent offenders are distinctly different from other offenders and to what extent they have different motives. This is addressed in this study by examining to what extent cyber-dependent offenders can be distinguished from traditional offenders and by identifying clusters of cyber-dependent and traditional offenses. In addition, it is explored which motives for offending the offenders provide and to what extent a specific cluster of crimes distinguishes itself from the other clusters by specific motives. The analyses are based on a survey among a Dutch high-risk sample of adult cyber-dependent offenders (N = 268) and traditional offenders (N = 270). The principal component analysis identified seven clusters of crimes, four clusters that include only cyber-dependent crime and three clusters that only include traditional crimes. This indicates that cyber-dependent offenders can be distinguished from traditional offenders. In addition, cyber-dependent crimes can be distinguished from traditional crimes by almost all motives. The cyber-dependent crimes are mostly committed out of intrinsic motives, i.e., committing the crime is in itself rewarding. Financial motives are almost absent for cyber-dependent crime. Differences between cyber-dependent crime clusters are mainly found in extrinsic motives, i.e., the extent to which the external consequences of committing a crime is rewarding. The results are discussed in light of the existing cybercrime literature.
Marleen Weulen Kranenbarg

Examining Gender-Responsive Risk Factors That Predict Recidivism for People Convicted of Cybercrimes

This study sought to explore the role of gender-responsive approaches to reduce reoffending for women convicted of cybercrimes by comparing and contrasting the risk and needs assessment results among women and men convicted of cybercrimes in the United States. Assessments from 4457 individuals convicted of cybercrimes (both cyber-enabled and cyber-dependent) during 2005–2015 were included in this study. The domains from assessment results were used to examine the types of risk factors (or criminogenic needs) that predicted revocation by gender. Results demonstrated mixed support for gender-responsive risk factors. The criminal history domain was the strongest predictor for both genders, but the education and employment domain was not predictive for either gender. A measure related to mental health was found to predict risk reoffend among women and not men; however, findings provided support for other needs regardless of gender. Implications for gender-responsive policy and cybercrime are discussed.
Erin Harbinson

Exploring Masculinities and Perceptions of Gender in Online Cybercrime Subcultures

While there is now a substantial literature on the role played by online forums in cybercrime economies, there has been little research which accounts for the role played by gender in these communities. We study the role of gender in cybercrime communities, using an innovative research methodology which makes use of both qualitative and data science elements approaches to analyse a very large sample of posts on a cybercrime forum. Our findings suggest that a substantial subsection of cybercriminal activity associated with these forums is deeply tied up with ideas about gender. A significant number of the actors we studied first became involved in these forums in an attempt to hack, stalk or blackmail an intimate partner (usually a woman). Additionally, once involved in these communities, the performance and commodification of femininity was a key part of many of the ‘less-technical’ or ‘entry-level’ forms of cybercrime which we observed. Finally, despite the low technical skill of most of these actors, we found that they still had a deep connection to the ‘hacker’ identity, using misogyny to legitimise their position within this subculture and construct hacking as intrinsically masculine. We conclude by reflecting on the potential relevance for these findings for policy and intervention approaches in low-level cybercrime communities.
Maria Bada, Yi Ting Chua, Ben Collier, Ildiko Pete

Child Sexual Exploitation Communities on the Darkweb: How Organized Are They?

Because of the growing incidence and increasing technical sophistication of Darkweb child sexual exploitation (CSE), some have begun to label it as organized crime. By itself however, this label adds little to our understanding of the phenomenon. To gain a more detailed insight into the workings of Darkweb CSE, we apply the conceptual framework suggested by Von Lampe (Organized crime: Analyzing illegal activities, criminal structures and extra-legal governance. Sage, Thousand Oaks, CA, 2016a) and instead ask: how organized is CSE on the Darkweb? Six police investigation case files were systematically analyzed using methods akin to the Dutch Organized Crime Monitor, complemented with interviews with police officers and public prosecutors. While the barter of CSE material in itself is a deviant exchange, it is embedded in the social network provided by the forum environment. Darkweb CSE requires organization to the extent that running a forum involves a set of interlocking tasks, a certain level of technical sophistication, and continued effort to protect the forum from (outside) threats. We conclude that both the CSE crime and the criminals perpetrating it show clear signs of organization. CSE Darkweb fora constitute both associational and entrepreneurial structures that serve the social and criminal needs of their members. In the trust-based hierarchy of these networks, key players are able to exert some internal governance. Monetary profit, violence, and the desire to monopolize the market however, are largely absent. Detailed insight in the dynamics of Darkweb CSE interactions will contribute more to reducing the harm caused by these crimes than the mere application of a label.
Madeleine van der Bruggen, Arjan Blokland



Infrastructural Power: Dealing with Abuse, Crime, and Control in the Tor Anonymity Network

This chapter reports on the first empirical criminological research on the Tor Project, the organisation which develops the Tor anonymity network. There has been little focus as yet by cybercrime researchers on the human factors shaping the platforms and infrastructures on which the Internet depends. These are emerging as powerful technologies of control and profound sites of resistance in contemporary societies, increasingly taking on responsibility for enormous user communities and the crime and abuse which come with them. Of these, I focus on Tor, an international anonymity infrastructure which offers its users extremely strong protections against online surveillance and censorship. Tor has become a particularly important subject of criminological research on online crime. However, there is as yet no criminological research which deals with how the people who develop and maintain Tor understand these issues. Through interviews and archival research, I study how this community perceive Tor’s use for crime and harm and how they navigate these issues in practice, identifying three distinct sites at which Tor deals with crime, and three concomitant ways of making sense of Tor’s crime problem (conceptualised as ‘social worlds’ of Tor). I explore how Tor has developed from a disruptive character to an increasingly governmental one and the implications of this for understanding the role of platforms and infrastructures in the governance of online crime more broadly.
Ben Collier

Cybercrime Reporting Behaviors Among Small- and Medium-Sized Enterprises in the Netherlands

Despite the high prevalence of cybercrime victimization among businesses, only few of these crimes are reported to the police. This study used a sample of 529 Dutch small- and medium-sized enterprise (SME) owners, to examine which characteristics of the offence, the SME, and the SME owner predict cybercrime reporting behaviors. Moreover, the motives to either report cybercrime victimization to the police or not were examined. All respondents were shown three vignettes about fictional cybercrime incidents and were asked how they would react in this situation. Next, they were also asked about their reporting behaviors after actual cybercrime victimization. The large majority of SME owners said that they would report the incidents from the vignettes to the police, but after actual victimization only 14.1% of the cybercrimes was reported to the police. Seriousness and type of offense were the best predictors for cybercrime reporting, with cyber-enabled crimes being more often reported to the police than cyber-dependent crimes. Characteristics of the SME and the SME owner were often not related to reporting behaviors. Victims report cybercrime to the police because they want the perpetrator to be caught and to prevent him from doing the same to others, and they do not report cybercrimes because they think the police will not do anything and rather solve it themselves. When victims did report their victimization to the police, they were often unsatisfied because the police were indifferent and because the problems were not solved. Implications of these results for practice and future research are discussed.
Steve G. A. van de Weijer, Rutger Leukfeldt, Sophie van der Zee

Text Mining for Cybercrime in Registrations of the Dutch Police

Aim: Surveys mention substantial rates of cybercrime victimization. However, little is known about the number of police registrations that refer to cybercrime. The aim of this study was to estimate the number of police registrations referring to cybercrime in the Netherlands based on text fields within the police registration system. We focused on cyber-dependent crime (hacking, ransomware and DDoS attacks), as well as on cyber-enabled crime (online threats, stalking, libel, identity fraud and buying and selling fraud). Method: A random sample of Dutch police registrations from 2016 (n = 100.000) was selected, to estimate the number of cybercrime referrals. A machine-learning classifier was developed using text, in order to classify police registrations as referring to a type of cybercrime. Results: In 2016, between 0.10% and 0.62% of all registrations refer to cyber-dependent crime and between 3.33% and 7.41% were related to cyber-enabled crime. These estimates fall in between the rate of police-reported victimization of cybercrime and the number of cybercrimes based on the police’s uniform crime registration. Conclusion: Estimates of the rate of police-registered cybercrime based on textual fields of the police registrations were found to be relatively low but in absolute numbers substantial.
André M. van der Laan, Nikolaj Tollenaar

Law Enforcement and Disruption of Offline and Online Activities: A Review of Contemporary Challenges

The digital world represents a new frontier for law enforcement operations. The virtual nature of online communications creates challenges regarding legal frameworks and sovereignty that are exacerbated by the inherent context of the digital world, the current state of policing expertise and resources and the detection and reporting rates of cybercrimes. This chapter presents an informed review of the current state of “what works” in policing both offline and online, providing at each step the context needed to understand how new technologies impact police operations. Our conclusion suggests that new models of policing are indeed needed to effectively police the digital world and that cooperation through nodal governance could improve the ability of police agencies to regulate cyberoffenders.
Camille Faubert, David Décary-Hétu, Aili Malm, Jerry Ratcliffe, Benoît Dupont

Unique Offender, Unique Response? Assessing the Suitability and Effectiveness of Interventions for Cyber Offenders

Recent developments indicate that cyber-focused crimes are on the rise among both adolescents and adults, making a proper response vital. The knowledge in regard to how to effectively respond to cyber offenders is, however, still very limited. This chapter aims to provide insight into what interventions could potentially be effective for cyber offenders, taking into account their (unique) features. In this context, we assess three types of interventions: deterrence-based, risk-based and strength-based interventions. The potential effectiveness of these interventions is assessed by integrating findings from a systematic literature study, expert interviews and offender interviews. Our findings show that various “traditional” motivational, personal and contextual factors can be found among cyber offenders (e.g. peer pressure, neutralisation), but these manifest differently online. We also found factors (e.g. intellectual motivations, social discomfort, limited awareness of illegality) that set them apart from (most) traditional offenders. In light of these (unique) features, traditional interventions such as behavioural interventions can be effective, but need to be adjusted to the online context. Deterrence-based interventions are considered effective if they are applied more swiftly and focus more on generating general deterrence. Interventions that give first offenders the opportunity to use their talents in a pro-social way could potentially be effective for preventing reoffending. Considering the wide variety of cyber offenders, a tailor-made rather than a ‘one-size-fits all’ approach seems to be the right path.
Wytske van der Wagen, Tamar Fischer, Sifra Matthijsse, Elina van ’t Zand


Weitere Informationen

Premium Partner