Skip to main content

About this book

This book provides a comprehensive overview of the current and emerging challenges of cyber criminology, victimization and profiling. It is a compilation of the outcomes of the collaboration between researchers and practitioners in the cyber criminology field, IT law and security field.

As Governments, corporations, security firms, and individuals look to tomorrow’s cyber security challenges, this book provides a reference point for experts and forward-thinking analysts at a time when the debate over how we plan for the cyber-security of the future has become a major concern.

Many criminological perspectives define crime in terms of social, cultural and material characteristics, and view crimes as taking place at a specific geographic location. This definition has allowed crime to be characterised, and crime prevention, mapping and measurement methods to be tailored to specific target audiences. However, this characterisation cannot be carried over to cybercrime, because the environment in which such crime is committed cannot be pinpointed to a geographical location, or distinctive social or cultural groups.

Due to the rapid changes in technology, cyber criminals’ behaviour has become dynamic, making it necessary to reclassify the typology being currently used. Essentially, cyber criminals’ behaviour is evolving over time as they learn from their actions and others’ experiences, and enhance their skills. The offender signature, which is a repetitive ritualistic behaviour that offenders often display at the crime scene, provides law enforcement agencies an appropriate profiling tool and offers investigators the opportunity to understand the motivations that perpetrate such crimes. This has helped researchers classify the type of perpetrator being sought.

This book offers readers insights into the psychology of cyber criminals, and understanding and analysing their motives and the methodologies they adopt. With an understanding of these motives, researchers, governments and practitioners can take effective measures to tackle cybercrime and reduce victimization.

Table of Contents


Cyber Criminology and Psychology


Crime and Social Media: Legal Responses to Offensive Online Communications and Abuse

The rapid emergence of social media has significantly facilitated the contact and exchange of information between people. At the same time it has opened up avenues to new threats and offensive online behaviour. This chapter focuses on the legal aspects of offensive online communications including cyberbullying, revenge pornography and other related offences. These offences have spread considerably in the recent years, acquiring new dimensions and posing new challenges. It will be argued that the current legal framework in England and Wales is complex. The legislation dealing with offensive online communications and abuse is in need of clarification and simplification. This is a necessary step that must go hand in hand with reforms in the area of law enforcement and preventative measures aimed at raising public awareness and education.
Oriola Sallavaci

Explaining Why Cybercrime Occurs: Criminological and Psychological Theories

Several criminological and psychological theories and their empirical support for explaining cybercrime are reviewed. Social learning theory, self-control theory, and subcultural theories have garnered much empirical attention and support. Lack of moral qualms, association with deviant peers and neutralizations have consistently been associated with a wide range of cyber-offending. From routine activities theory, increased visibility is associated with higher cyber-victimization and cyber-offending across many offenses. Integrating social learning and self-control concepts, research has found that effects of low self-control on cybercrime are mediated through association with deviant peers and beliefs that the behaviors are not morally wrong. Research in the tradition of subcultural theories have discovered the norms underlying memberships in deviant groups of persistent digital pirates, hackers, and regular participants in the online illicit sex trade. Limited research has examined deterrence theory, general strain theory, or differential reinforcements in social learning theory. Future research is needed to integrate the perceived characteristics of cyberspace with the formation of attitudes and beliefs supportive of perpetration of cybercrimes, and to address the dearth of knowledge about the nature of social interactions in cyberspace and how such interactions shape real world interactions.
Loretta J. Stalans, Christopher M. Donner

Cyber Aggression and Cyberbullying: Widening the Net

There is growing attention on cyberbullying from media, schools, parents, researchers and policy makers, though disagreement still exists within the literature on both concept and definition. There is, however, some agreement on its associated features, such as intentional behaviour towards an individual or group. As dependency on the internet and electronic devices grows in terms of social interaction, so does a need to identify, understand, and intervene, in aggressive, hostile, and victimising situations. This chapter proposes an argument to widen the net when examining cyberbullying, through adopting the term ‘cyberaggression’, an inclusive term for the various forms of hostile, direct and indirect behaviour which occur in the online sphere. Examining these forms through the lens of cyberaggression will allow for a more holistic and unified approach to understanding victimisation in the online environment. This case is made with the support of theory and research from the fields of bullying and aggression, and has further implications for legislation, policy holders and researchers alike.
John M. Hyland, Pauline K. Hyland, Lucie Corcoran

Cyber-Threat Landscape


Policies, Innovative Self-Adaptive Techniques and Understanding Psychology of Cybersecurity to Counter Adversarial Attacks in Network and Cyber Environments

Despite the increasing evolution of the cyber environment, enterprises seem to find it challenging to identify a solution to create an effective defensive posture. As the cyber phenomenon becomes a fundamental part of our society, it is essential to identify adaptive methods to increase the worldwide defensive condition in the most effective manner possible. A decade ago, it was not possible to imagine today’s cyber-threat landscape. Cybercriminals have adapted their methods to circumvent traditional defences and hide undetected on systems for months or even years. There are different reasons for such attacks, and understanding the psychology of attacks are essential. Therefore, enterprise security also needs to be adapted with an intelligence, multi-layered approach to IT security. This paper surveys the latest research on the foundation of Adaptive Enterprise Security (AEC). To this end, it discusses potential security policies and strategies that are easy to develop, are established, and have a major effect on an enterprise’s security practices. These policies and strategies can then efficiently be applied to an enterprise’s cyber policies for the purposes of enhancing security and defence. Moreover, it will take into briefly discuss the need for a thorough understanding of human factors and psychology of attacks. The study also discusses various adaptive security measures that enterprises can adopt to continue with securing their network and cyber environments. To this end, the paper continues to survey and analyse the effectiveness of some of the latest adaptation techniques deployed to secure these network and cyber environments.
Reza Montasari, Amin Hosseinian-Far, Richard Hill

The Dark Web

The dark web consists of those websites that cannot be accessed except through special anonymizing software, most commonly the Tor package. Web services hidden this way have proved extremely difficult for authorities to track down. While there are many legitimate hidden sites, the dark web has also attracted a wide range of criminal enterprises, often enabled by the availability of anonymous cryptocurrency payments. While Tor has some theoretical weaknesses, most law-enforcement actions against hidden sites (the Silk Road, Playpen, etc.) have succeeded only because of operational mistakes by the sites’ administrators.
Peter Lars Dordal

Tor Black Markets: Economics, Characterization and Investigation Technique

The cyber threat is highly dynamic and evolves in parallel with the innovation of systems and communications, which are outside the control of government authorities and respond exclusively to business logic and free initiative, often contingent on implementation of illegal activities. In particular, the threat posed by the criminal use of the Internet goes far beyond the cybercrime, especially with the Tor network, where black markets are shifted with the shape of renown legal marketplaces as Ebay and Amazon. Hence even common crime can benefit of new modus operandi and new routes to deliver illegal goods or services, enforcing new investigation techniques to Law Enforcement Agencies (LEAs). This paper formerly analyses the goods/services categories of fourteen Tor marketplaces and the related vendors, while the last one provides a discussion on a novel investigative technique related to PGP Keys inter-relations. In particular, with the evolution/growth of the markets, the vendors are increasingly adopting open source tools and technologies, as PGP, which can be exploited to infer information such as the established relationships between users. This public information about the keys can be used to retrace social network of entities connected by PGP relationship and apply well-established graph analysis techniques. Finally, the paper analyses the strength and weaknesses of proposed methods, depicting future research directions.
Gianluigi Me, Liberato Pesticcio

A New Scalable Botnet Detection Method in the Frequency Domain

Botnets have become one of the most significant cyber threat over the last decade. The diffusion of the “Internet of Things” and its for-profit exploitation, contributed to botnets spread and sophistication, thus providing real, efficient and profitable criminal cyber-services. Recent research on botnet detection focuses on traffic pattern-based detection, analyzing the network traffic generated by the infected hosts, in order to find malicious behaviors regardless of the specific payload, architecture and protocol. In this chapter, we address the periodic behavior of infected hosts communicating with their Command-and-Control (C2) servers. We introduce an effective, fast and scalable approach based on the layer-5 traffic analysis in the frequency domain, without using the well-known Fast Fourier Transform. The mentioned analysis has been performed exploiting the logs of a wide corporate network and tested on real malware samples, in order to demonstrate its applicability almost in every practical scenario.
Giovanni Bottazzi, Giuseppe F. Italiano, Giuseppe G. Rutigliano

Cybercrime Detection


Predicting the Cyber Attackers; A Comparison of Different Classification Techniques

Identification of cybercriminals has been always a challenge for law enforcement agencies, they utilize different techniques and methods to tackle this issue. An effective predictor not only helps law enforcement agencies to chase the criminals but also is beneficial for cyber security experts to profile cyber attackers and their method of attacks and plan broad strategies for preventing future cyber threats. In this research we aim to investigate the effect of classification techniques on prediction of cyber attackers in past and possible future cyber-attacks. Our investigation is based on Open Source Intelligence and historical data about cyber-attacks. To train our proposed predictors, we use different classification algorithms and by comparing their accuracy in prediction of cyber attackers we will nominate the most accurate and reliable model. Finally to evaluate the predictor we apply a test set to discover to what extent a predictor can help law enforcement agencies in their investigations to chase cyber criminals.
Sina Pournouri, Shahrzad Zargari, Babak Akhgar

Crime Data Mining, Threat Analysis and Prediction

Cybercriminology as a subject area has numerous dimensions. Some studies in the field primarily focus on a corrective action to reduce the impact of an already committed crime. However, there are existing computational techniques which can assist in predicting and therefore preventing cyber-crimes. These quantitative techniques are capable of providing valuable holistic and strategic insights for law enforcement units and police forces to prevent the crimes from happening. Moreover, these techniques can be used to analyse crime patterns to provide a better understanding of the world of cyber-criminals. The main beneficiaries of such research works, are not only the law enforcement units, as in the era of Internet-connectivity, many business would also benefit from cyber attacks and crimes being committed in the cyber environment. This chapter provides an all-embracing overview of machine learning techniques for crime analysis followed by a detailed critical discussion of data mining and predictive analysis techniques within the context of cybercriminology.
Maryam Farsi, Alireza Daneshkhah, Amin Hosseinian Far, Omid Chatrabgoun, Reza Montasari

SMERF: Social Media, Ethics and Risk Framework

SMERF is a proposed framework to support researchers and investigators in risk assessment when working with Social Media (SM). The aim of SMERF is to mitigate risk, by identifying it a priori. Risk assessment is considered where there is a potential danger involved in undertaking SM-related projects, which may include Digital Investigations and undergraduate or postgraduate projects. The vulnerbilities of the researcher or investigator that conduct SM-related work is discussed and what types of threats they may be exposed to are described. These are related to current counter-terrorim laws, data protection regulations and acceptable use policies. SMERF is proposed to mitigate risks that the investigator or researcher and their associated organisations maybe exposed to. The development of SMERF is agile and therefore has the ability to adapt to different organisations’ requirements. Finally, a quality assurance and risk assessment life-cycle is proposed and recommendations are for SMERF to be reviewed annually and updated appropriately.
Ian Mitchell, Tracey Cockerton, Sukhvinder Hara, Carl Evans

Understanding the Cyber-Victimisation of People with Long Term Conditions and the Need for Collaborative Forensics-Enabled Disease Management Programmes

Research shows that people with long term conditions and disabilities are frequently labelled as vulnerable, and commonly victimised online. They require instrumental support to understand their conditions and empower them to manage their own treatment in everyday life. However, additional short and long term consequences related to cyber-victimisation could intensify existing psychological and health complications. For instance, ‘distress’ as a commonly reported impact of cyber-victimisation could theoretically lead to neurohormonal changes in the blood, increasing cortisol, catecholamine and insulin secretion resulting in increased blood glucose, heartbeat, blood pressure, urination and other changes. Therefore, in this study we demonstrate the need and explain the means towards extending support and risk assessment systems and procedures to cover the collection and preservation of incidents reported by individuals. This can be used to support third-party interventions such as taking a legal action in cases where the impact of cyber-victimisation is seen to escalate and worsen. As such, we first define vulnerable groups with long term conditions and provide a review of the impact of various types of cyber-victimisation on their health management. Then, we discuss how Disease Management Programmes (DMP) developed over time to include web-based applications as an example of existing cost-effective approaches to improve the quality of healthcare provided to people with long term conditions. We then demonstrate the added value of incorporating forensics readiness to enable Police intervention, support the victim’s eligibility for extended instrumental support from national health services. Finally, this level of documentation offers an opportunity to implement more accurate methods to assess risk associated with victimisation.
Zhraa A. Alhaboby, Doaa Alhaboby, Haider M. Al-Khateeb, Gregory Epiphaniou, Dhouha Kbaier Ben Ismail, Hamid Jahankhani, Prashant Pillai

An Investigator’s Christmas Carol: Past, Present, and Future Law Enforcement Agency Data Mining Practices

Law enforcement agencies (LEA) and internal investigators rely heavily on non-LEA structured and unstructured data sources for the surveillance, detection, investigation, and prosecution of criminal matters. Modern LEA practices use data and algorithms to investigate crimes, to predict criminal behavior, and to catch potential perpetrators by mining data through the practice of predictive policing. However, LEA may need to modify their current and future data mining practices if the availability of data or the methods of analysis are constrained. This article addresses the history, current practices, and potential future uses associated with LEA data mining. It also examines existing privacy concerns and new data protection regulations that impact the collection and retention of source data, and it discusses the LEA access to and use of data sources and algorithmic approaches. It further considers Artificial Intelligence-aided tools and methodologies; analyzes whether a lack of human interaction outweighs the privacy concerns associated with the collected data; and considers whether big data collections are permeated with biased past practices such that predictive algorithms (and their performance) are undermined.
James A. Sherer, Nichole L. Sterling, Laszlo Burger, Meribeth Banaschik, Amie Taal

DaP∀: Deconstruct and Preserve for All: A Procedure for the Preservation of Digital Evidence on Solid State Drives and Traditional Storage Media

Human error is often a cause of contamination of potential digital evidence and can jeopardise an entire case. One of the biggest problems is the data acquisition stage that requires the Digital Forensic Analyst to make bit-for-bit copies of the device seized. This procedure, despite using write-blockers, can go wrong. The proposed Deconstruct and Preserve for all (DaP∀) aims at mitigating the risk involved in exposing any data to these procedures and ensures that third parties get an exact match; the process works on SSDs, GPT formatted devices, and other traditional formats, e.g. HDD. The results show a GPT TRIM enabled SSD imaged multiple times produces verification of matched hashes. With these results, it is proposed that DaP∀ should be considered as a Standard Operating Procedure (SOP) when completing data acquisition.
Ian Mitchell, Josué Ferriera, Tharmila Anandaraja, Sukhvinder Hara

Education, Training and Awareness in Cybercrime Prevention


An Examination into the Effect of Early Education on Cyber Security Awareness Within the U.K.

Children are increasingly being exposed to more technology than ever before and at a younger age, with studies now being conducted investigating the effects of technology exposure from aged 0. European Commission, Joint Research Centre, (Chaudron, 2015), report has highlighted that today’s children by the time they leave education, will have used more technology and of a far greater variety than any within the current generations of working adults. According to the Children’s commissioner, (2017), currently one third of internet users are under the age of 18 – ‘Growing up digital’, and according to the UK Council for Child Internet Safety (UKCCIS), 2017 the average time spent on the internet by 12 to 15-year olds is now 20 h per week.
With this in mind there is a need to ensure that they are not just utilizing the knowledge and skills of previous generations to use the latest gadget, app or software, but to know how it works, why it works in that way, and what it’s strengths and weaknesses are. This will give them a platform of knowledge that will overtake the current generations and take it much farther than we could have dreamed.
Timothy Brittan, Hamid Jahankhani, John McCarthy

An Examination into the Level of Training, Education and Awareness Among Frontline Police Officers in Tackling Cybercrime Within the Metropolitan Police Service

The term cybercrime is used to describe acts, which incorporates the unlawful usage of computer technology and the internet. Cyber criminals have no jurisdiction as they can operate from anywhere in the world. The complexity of investigation of such crimes will make it difficult if the police are not adequately trained or educated on the subject matter in being able to identify the offenders and bring them to justices. This chapter aims to highlight the importance of the UK Metropolitan Police Service (MPS) valuing, protecting and processing its information and intelligence with confidentiality, integrity and availability (CIA), as this would have a direct impact on the public’s trust and confidence in the police. If the security of this information protection is breached this could have a detrimental effect on the MPS service to deliver, public confidence and the organisations reputational values. Therefore, it is extremely important that the right level of training and education be provided to police officers to be able to protect and safeguard the information on their Information Communications and Technology (ICT) systems. This chapter will review the current policing practices and training that officers undertake to combat cyber-crimes and highlights the effectiveness of these training.
Homan Forouzan, Hamid Jahankhani, John McCarthy

Combating Cyber Victimisation: Cybercrime Prevention

The global penetration of networked communications has exposed different areas of society to the threats of cybercrimes. These levels of society include, but are not limited to, nations and communities. Today, individual organisations and governments are significantly more likely to be victimised through the use of information and communications technologies than experience conventional forms of victimisation (UNODC 2013).
Abdelrahman Abdalla Al-Ali, Amer Nimrat, Chafika Benzaid

Information Security Landscape in Vietnam: Insights from Two Research Surveys

The increasingly reliance on technology poses the greater threats to firms’ information security.
From sensitive internal information, such as financial data or product information, to external data collecting through interaction and transactions with external stakeholders, all are under the threats of being stolen. Building an information defence system is, therefore, vital and is not only simply involving the application of technology, but also requires the effort of both managerial and employees level. In this chapter, we shed light on the current information defence system of Vietnamese SMEs, from budget to planning, and from managerial level to employees level. This study compiles results from multi-stage surveys and interviews. The two quantitative surveys were conducted to understand information security in Vietnamese SMEs from managerial perspectives and from employees perspectives respectively. A follow-up series of in-depth interviews with experts and end-users was carried out to elaborate on the quantitative’s findings. Results indicate that Vietnamese SMEs deal with many types of sensitive data and managers are aware of its sensitivity. However, investment in information defence system is low and training does not occur frequently. The human aspects of information security is overlooked.
Mathews Nkhoma, Duy Dang Pham Thien, Tram Le Hoai, Clara Nkhoma
Additional information

Premium Partner

    Image Credits