internet vulnerabilities & criminal activity criminology theories & cyber crime 11.1 4/19/10...
TRANSCRIPT
Internet Vulnerabilities & Criminal Activity
Criminology Theories & Cyber Crime11.1
4/19/10
Criminology Theories & Cyber Crime11.1
4/19/10
Classifications of Cyber Crimes
Cyber trespass Crossing boundaries into other people’s property
&/or cause damage Hacking, defacement, malware
Cyber deceptions & thefts Stealing money or resources Credit card fraud, IP violations
Cyber pornography Breach laws of obscenity
Cyber violence Psychological or physical harm to others Hate speech, stalking
Cyber trespass Crossing boundaries into other people’s property
&/or cause damage Hacking, defacement, malware
Cyber deceptions & thefts Stealing money or resources Credit card fraud, IP violations
Cyber pornography Breach laws of obscenity
Cyber violence Psychological or physical harm to others Hate speech, stalking
Cyber Criminals
Broad range of persons Students, terrorists, amateurs, organized crime groups
More likely to have affluent socioeconomic backgrounds
Has knowledge of computers & the Internet which enables him/her to commit crime of choice
Any technically oriented person has potential to become cyber criminal
Cyber criminal has changed since the ‘80’s and 90’s when cyber crime was infiltration by hacking
Broad range of persons Students, terrorists, amateurs, organized crime groups
More likely to have affluent socioeconomic backgrounds
Has knowledge of computers & the Internet which enables him/her to commit crime of choice
Any technically oriented person has potential to become cyber criminal
Cyber criminal has changed since the ‘80’s and 90’s when cyber crime was infiltration by hacking
FBI’s Definitions of Cyber Criminals
Crackers Young offenders seeking intellectual
stimulation
Criminals Adult subgroups Commit fraud, damage systems undertake
espionage
Vandals Not pursuing intellectual stimulation Motivated by revenge
Crackers Young offenders seeking intellectual
stimulation
Criminals Adult subgroups Commit fraud, damage systems undertake
espionage
Vandals Not pursuing intellectual stimulation Motivated by revenge
Typology for Cyber Criminals
White-collar criminals Vengeful criminals
Disgruntled employees Patient criminals
Desire more than what they have Negative state of mind not immediately obvious
Desperate criminals Facing financial crisis Easiest to catch
White-collar criminals Vengeful criminals
Disgruntled employees Patient criminals
Desire more than what they have Negative state of mind not immediately obvious
Desperate criminals Facing financial crisis Easiest to catch
Typology for Cyber Criminals cont.
Hackers Old School Hackers
Computer experts Used technology in new, innovative ways
Internals Disgruntled or ex-employees
Cyber punks Antisocial, socially inept, angst toward the world Direct anger into cyberspace
Professional criminals & cyber terrorists Guns for hire Good at espionage, leave no trace
Newbies & Script Kiddies Want recognition but lack skills Usually teenagers looking for recoognition
Hackers Old School Hackers
Computer experts Used technology in new, innovative ways
Internals Disgruntled or ex-employees
Cyber punks Antisocial, socially inept, angst toward the world Direct anger into cyberspace
Professional criminals & cyber terrorists Guns for hire Good at espionage, leave no trace
Newbies & Script Kiddies Want recognition but lack skills Usually teenagers looking for recoognition
Typology for Cyber Criminals cont.
Crackers Obtain & use data illegally, IP violators Password crackers
Concerned with cryptography & encoding Will use any means to discover passwords
Executable program crackers Programs should obey humans Reverse engineer programs so changes can be made Have years of experience programming Can easily discover program weaknesses
Hobbyists Cross between above 2 groups Cracks code for knowledge May release cracked code to the public
Crackers Obtain & use data illegally, IP violators Password crackers
Concerned with cryptography & encoding Will use any means to discover passwords
Executable program crackers Programs should obey humans Reverse engineer programs so changes can be made Have years of experience programming Can easily discover program weaknesses
Hobbyists Cross between above 2 groups Cracks code for knowledge May release cracked code to the public
Typology for Cyber Criminals cont.
Con artists Great actors Motivations
Financial stress - need money Power - control over victims, smarter, better than victims Challenge - enjoy what they do, mastered the skill Punish the victim - victim deserves what they get
Techniques used Familiarization - flatter victim, gain victims trust Risk free investments - con man will refund all victim’s
money if the plan fails Avoiding questions - talk a lot, vague answers, spout
useless jargon Pressurizing tactics - once in a lifetime chance, will regret it
if not done
Con artists Great actors Motivations
Financial stress - need money Power - control over victims, smarter, better than victims Challenge - enjoy what they do, mastered the skill Punish the victim - victim deserves what they get
Techniques used Familiarization - flatter victim, gain victims trust Risk free investments - con man will refund all victim’s
money if the plan fails Avoiding questions - talk a lot, vague answers, spout
useless jargon Pressurizing tactics - once in a lifetime chance, will regret it
if not done
Typology for Cyber Criminals cont.
Psycho-criminals Mentally ill - need no external conditions to commit crimes Pedophiles
Abnormal sexual attraction to children Larger pool of victims online
Cyberstalkers Torment victims at a distance Usually have sexual motivations, power & control
Serial Killers Internet used as tool to track down victims Disorganized - low IQ, social outcast, bad at covering tracks Organized - high IQ, Know what he/she wants & how too get
away with it. Most dangerous of all cyber criminals.
Psycho-criminals Mentally ill - need no external conditions to commit crimes Pedophiles
Abnormal sexual attraction to children Larger pool of victims online
Cyberstalkers Torment victims at a distance Usually have sexual motivations, power & control
Serial Killers Internet used as tool to track down victims Disorganized - low IQ, social outcast, bad at covering tracks Organized - high IQ, Know what he/she wants & how too get
away with it. Most dangerous of all cyber criminals.
Crimes in Physical Space vs Crimes in Cyber Space
Transnational nature and jurisdictional issues Attacks can take place anywhere from
anywhere Multiple boundaries may be crossed
Physical constraints Do not exist in cyber space Crime can happen in milliseconds
Proximity No physical proximity required
Transnational nature and jurisdictional issues Attacks can take place anywhere from
anywhere Multiple boundaries may be crossed
Physical constraints Do not exist in cyber space Crime can happen in milliseconds
Proximity No physical proximity required
Crimes in Physical Space vs Crimes in Cyber Space
cont.
Scale & multiple victimization Automated process Multiple simultaneous victims for the same
effort
Conduct at issue may not be illegal Conduct may not be criminalized in country
where it originates Cannot extradite criminal unless law of
his/her country is broken
Scale & multiple victimization Automated process Multiple simultaneous victims for the same
effort
Conduct at issue may not be illegal Conduct may not be criminalized in country
where it originates Cannot extradite criminal unless law of
his/her country is broken
Crimes in Physical Space vs Crimes in Cyber Space
Perfect anonymity Can disguise identity in ways impossible in
the physical world Can achieve perfect pseudonymity
Velocity Criminal activity can happen very rapidly Slammer took down large part of the
Internet in 15 minutes
Perfect anonymity Can disguise identity in ways impossible in
the physical world Can achieve perfect pseudonymity
Velocity Criminal activity can happen very rapidly Slammer took down large part of the
Internet in 15 minutes
Space Transition Theory
1) Persons with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which otherwise they would not commit in physical space, due to their status and position.
Concern for status in physical space does not transition to cyber space.
Behavior repressed in physical space are not in cyber space.
1) Persons with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which otherwise they would not commit in physical space, due to their status and position.
Concern for status in physical space does not transition to cyber space.
Behavior repressed in physical space are not in cyber space.
Space Transition Theory
2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime.
Disinhibiting effect allows individuals: Open honesty about personal issues To act out on unpleasant needs
Deinidividualization - inner restraints are lost when individuals not seen as individuals Leads to behavior that is
Less altruistic More selfish More aggressive
2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime.
Disinhibiting effect allows individuals: Open honesty about personal issues To act out on unpleasant needs
Deinidividualization - inner restraints are lost when individuals not seen as individuals Leads to behavior that is
Less altruistic More selfish More aggressive
Space Transition Theory
2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime.
Deterrence factor changes Attacks can be made from a remote location Crime reslts not immediately apparent
2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime.
Deterrence factor changes Attacks can be made from a remote location Crime reslts not immediately apparent
Space Transition Theory
3) Criminal behavior of offenders in cyberspace is likely
to be imported to physical space which, in physical
space maybe exported to cyberspace as well.
Cyber crime has moved from the single individual
acting for fame to professional criminals
Huge financial gain with little risk
Growth of e-commerce attracts criminals to the net
3) Criminal behavior of offenders in cyberspace is likely
to be imported to physical space which, in physical
space maybe exported to cyberspace as well.
Cyber crime has moved from the single individual
acting for fame to professional criminals
Huge financial gain with little risk
Growth of e-commerce attracts criminals to the net
Space Transition Theory
4) Intermittent venture of offenders in to the cyberspace and the dynamic spatiotemporal nature of cyberspace provide the chance to escape
Cyber space is transient Cyber space is dynamic Cyber crimes have do not have spatial -
temporal restrictions of traditional crimes
4) Intermittent venture of offenders in to the cyberspace and the dynamic spatiotemporal nature of cyberspace provide the chance to escape
Cyber space is transient Cyber space is dynamic Cyber crimes have do not have spatial -
temporal restrictions of traditional crimes
Space Transition Theory
5) (a)Strangers are likely too unite together in cyberspace to commit crime in the physical space; (b) Associates of physical space are likely to unite to commit crime in cyberspace.
Cyberspace allows for recruitment and dissemination
Cyberspace is: Unmoderated Easy to access
Cyberspace can pose an insider threat Spy / mole Disgruntled employee
5) (a)Strangers are likely too unite together in cyberspace to commit crime in the physical space; (b) Associates of physical space are likely to unite to commit crime in cyberspace.
Cyberspace allows for recruitment and dissemination
Cyberspace is: Unmoderated Easy to access
Cyberspace can pose an insider threat Spy / mole Disgruntled employee
Space Transition Theory
6) Persons from closed society are more likely to commit crimes in cyberspace than persons from open society.
Open society allows individuals to voice opinions & vent feelings.
Cyberspace allows individuals from closed societies to express anger & frustrations through hate messages, web page vandalism, up to cyber terrorism attacks
6) Persons from closed society are more likely to commit crimes in cyberspace than persons from open society.
Open society allows individuals to voice opinions & vent feelings.
Cyberspace allows individuals from closed societies to express anger & frustrations through hate messages, web page vandalism, up to cyber terrorism attacks
Space Transition Theory
7) The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes.
Cyberspace is international Societal differences between individuals
may lead to cyber crime Conflicts between nations carry over
into cyberspace
7) The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes.
Cyberspace is international Societal differences between individuals
may lead to cyber crime Conflicts between nations carry over
into cyberspace
Routine Activity Theory
Routine activities in conventional societies provide opportunities for perpetrator to commit crime
Three things must be present for crime to occur: Suitable target is available
Motivated offender is present
Lack of a suitable guardian to prevent crime from occurring
Assessment of situation determines whether or not a crime takes place.
Routine activities in conventional societies provide opportunities for perpetrator to commit crime
Three things must be present for crime to occur: Suitable target is available
Motivated offender is present
Lack of a suitable guardian to prevent crime from occurring
Assessment of situation determines whether or not a crime takes place.
Routine Activity Theory
A suitable target can be: A person An object A place
Target comes to the attention of a person searching for a criminal opportunity
Targets behavior may place target in contact with perpetrator
No significant deterring mechanism is present
A suitable target can be: A person An object A place
Target comes to the attention of a person searching for a criminal opportunity
Targets behavior may place target in contact with perpetrator
No significant deterring mechanism is present
Routine Activity Theory
Motivated Perpetrator Predatory crime is a method for the
perpetrator to secure basic needs of desires
Actions of perpetrator are intentional and illegal
Motivated Perpetrator Predatory crime is a method for the
perpetrator to secure basic needs of desires
Actions of perpetrator are intentional and illegal
Routine Activity Theory
A capable guardian Police patrol, Security guards Neighbors, neighborhood watch, dogs Locks, fences, CCTV systems Passwords, tokens, biometric measures
Guardians can be formal or informal Guardians can be human or machine Guardians MUST be capable of acting as
a deterrent
A capable guardian Police patrol, Security guards Neighbors, neighborhood watch, dogs Locks, fences, CCTV systems Passwords, tokens, biometric measures
Guardians can be formal or informal Guardians can be human or machine Guardians MUST be capable of acting as
a deterrent
Opportunity Theory
Opportunity to commit a crime is a root cause of crime
No crime can occur without the physical opportunity
Opportunity plays a role in all crimes, not just those involving physical property
Reducing opportunity reduces crime
Opportunity to commit a crime is a root cause of crime
No crime can occur without the physical opportunity
Opportunity plays a role in all crimes, not just those involving physical property
Reducing opportunity reduces crime
Displacement Theory
Reductions in opportunity will not reduce crime because crime will be displaced to another location
Opportunity is so compelling that removing perpetrators will not reduce crime because other perpetrators will step in
Research on displacement theory has shown crime is not always displaced
Reductions in opportunity will not reduce crime because crime will be displaced to another location
Opportunity is so compelling that removing perpetrators will not reduce crime because other perpetrators will step in
Research on displacement theory has shown crime is not always displaced
Routine Activity Theory & the Internet
Opportunity to commit crime is multiplied Target and perpetrator are much more
likely to come in contact with each other Victim has to keep returning to scene of
the crime Deterrence comes shifting either events or
circumstances Neither are easily altered
Opportunity to commit crime is multiplied Target and perpetrator are much more
likely to come in contact with each other Victim has to keep returning to scene of
the crime Deterrence comes shifting either events or
circumstances Neither are easily altered
Routine Activity Theory & the Internet
Cybercrime has more to do with the effectiveness of indirect guardianship
Internet is open & unmoderated Mechanisms of the Internet designed to
transfer data, not to examine the data Internet guardianships are all mechanical
Reactive, respond to some action - IDS Cannot respond to new, previously untried
activity
Cybercrime has more to do with the effectiveness of indirect guardianship
Internet is open & unmoderated Mechanisms of the Internet designed to
transfer data, not to examine the data Internet guardianships are all mechanical
Reactive, respond to some action - IDS Cannot respond to new, previously untried
activity
Hacker Neutralization Techniques
Allows for temporary neutralization of
values, beliefs, and attitudes so illegal
behaviors can be performed.
Justification of an act requires the need
to assert its positive values
Used by different types of deviants
Allows for temporary neutralization of
values, beliefs, and attitudes so illegal
behaviors can be performed.
Justification of an act requires the need
to assert its positive values
Used by different types of deviants
Hacker Neutralization Techniques
Denial of Injury No harm or insignificant harm done to victim
No physical information stolen, information in
an electronic form
Belief that downloading is copying not stealing
As long as no one knows their information is
being perused, no harm is done
Denial of Injury No harm or insignificant harm done to victim
No physical information stolen, information in
an electronic form
Belief that downloading is copying not stealing
As long as no one knows their information is
being perused, no harm is done
Hacker Neutralization Techniques
Denial of Victim Victim is deserving of punishment Four categories of victims
Close enemies who have harmed offender directly People who do not conform to normative social
roles Groups with tribal stigmas Remote enemies who hold positions perceived as
questionable or corrupt Offender may assume role of “avenger” or
“crusader for justice” May justify actions as revenge
Denial of Victim Victim is deserving of punishment Four categories of victims
Close enemies who have harmed offender directly People who do not conform to normative social
roles Groups with tribal stigmas Remote enemies who hold positions perceived as
questionable or corrupt Offender may assume role of “avenger” or
“crusader for justice” May justify actions as revenge
Hacker Neutralization Techniques
Condemnation of the Condemners Divert attention from offenders actions to
the motives and behaviors of those condemning offender’s actions
Mistrust of authority Promote decentralization Price charged by software companies too
high and unfair Victim failed to protect their computer
system
Condemnation of the Condemners Divert attention from offenders actions to
the motives and behaviors of those condemning offender’s actions
Mistrust of authority Promote decentralization Price charged by software companies too
high and unfair Victim failed to protect their computer
system
Hacker Neutralization Techniques
Appeal to higher loyalties Offender doesn’t deny damage, act was
done to protect higher loyalties Loyalty to group
Responsibility to family or spouse
Employer (Corporate crimes)
Claim actions were done to acquire
knowledge
Appeal to higher loyalties Offender doesn’t deny damage, act was
done to protect higher loyalties Loyalty to group
Responsibility to family or spouse
Employer (Corporate crimes)
Claim actions were done to acquire
knowledge
Hacker Neutralization Techniques
Self-fulfillment Illegal activity done for
Fun Excitement or thrill Computer virtuosity
Offender achieves feelings of superiority & control
Voyeurism Demonstration of ability
Self-fulfillment Illegal activity done for
Fun Excitement or thrill Computer virtuosity
Offender achieves feelings of superiority & control
Voyeurism Demonstration of ability
Hacker Neutralization Techniques
Hackers do not use all neutralization techniques Denial of responsibility Sad story Both external forms of neutralization Only use techniques based on internal
neutralization Hackers take pride in what they do Hackers feel in shame or guilt
Hackers do not use all neutralization techniques Denial of responsibility Sad story Both external forms of neutralization Only use techniques based on internal
neutralization Hackers take pride in what they do Hackers feel in shame or guilt
Computer Hackers & Social Organization
Mutual Association Clear interpersonal relationship No strong or deep interpersonal
relationships on or off line Social connections relatively shallow Multiple identities and multiple forum use
may limit ability to form interpersonal connections
Utilize social networks to exchange knowledge and information
Mutual Association Clear interpersonal relationship No strong or deep interpersonal
relationships on or off line Social connections relatively shallow Multiple identities and multiple forum use
may limit ability to form interpersonal connections
Utilize social networks to exchange knowledge and information
Computer Hackers & Social Organization
Mutual Participation Groups are stratified rather than centrally
controlled Participation in groups did not lead to group
attacks Many do not want an group affiliation
Mutual Participation Groups are stratified rather than centrally
controlled Participation in groups did not lead to group
attacks Many do not want an group affiliation
Computer Hackers & Social Organization
Division of labor Some specialization in group forums does
exist Stratification & division of labor
Small group of moderators Larger group of users exchanging knowledge &
information
Loose set of rules Give respect, get respect No flaming
Large population of users enforcing the rules
Division of labor Some specialization in group forums does
exist Stratification & division of labor
Small group of moderators Larger group of users exchanging knowledge &
information
Loose set of rules Give respect, get respect No flaming
Large population of users enforcing the rules
Computer Hackers & Social Organization
Extended duration
No group with extended history
Relationships appear transitory
Relationships within forums weak & short-
lived
Extended duration
No group with extended history
Relationships appear transitory
Relationships within forums weak & short-
lived