November 22, 2022
Session 5
9:00-10:15 a.m
Online Risky Behaviors Scale Validation and Identification of Behavioral Sub-groups: An Assessment Using Classical Test Theory and the Rasch Model
Research has shown that risky behaviors that limit or circumvent cybersecurity measures increase risk of cybercrime victimization. However, numerous researchers have highlighted the difficulty in identifying an unambiguous cyber-risk profile given the range of behaviors that are categorized as risky and the inconsistency of the significance of these behaviors among cybercrimes. This study presents and validates a scale measure of online risky behavior not to link specific activities to victimization. Rather, this scale seeks to measure the propensity of a user to engage in behaviors that increase their risk of victimization. Further, the study specifically links the sub-scales of the instrument to the tenets of the Routines Activities Theory. The data required to validate the scale was collected from a sample of university students. Validation was performed at the entire scale and individual item levels using Classical Test Theory and the Rasch model. Further Latent Profile Analysis was applied to determine the existence of sub-groups and associated profiles of risky behavior. The resulting scale is important to the generalizability of cybercrime victimization research and in providing a standardized and reliable method to assess the effectiveness of interventions. Further, it can provide a deeper profile based understanding of risk behavior patterns.
Dr. Troy Smith
Dr. Rutger Leukfeldt
NSCR/Centre of Expertise Cyber Security, The Hague University of Applied Sciences
An Assessment of Cryptomixing Services in Online Illicit Markets
Dr. Jin R. Lee
George Mason University
The Internet has become a popular marketplace for the sale ofillicit products, including stolen personal information, drugs, and firearms. Many of these products are acquired usingcryptocurrencies, which is generally defined as forms of digital currency that are traceable through blockchain ledger technology. These currencies are thought to be more secure than other forms of digital payment, though law enforcement and financial service providers have found ways to investigate account holders and their transactions. Consequently, severalservice providers have begun to offer cryptomixing services, which effectively launders payments to circumvent detection and investigation tools. Few have explored the practices of cryptomixing services, or the ways in which they are marketedon the Open and Dark Web. This inductive qualitative analysis will examine a sample of 18 cryptomixing services advertised on both the Open and Dark Web to better understand cryptomixing and its role in facilitating illicit transactions in various contexts.
Dr. Tom Holt
Michigan State University
Elizabeth O’Dell
Michigan State University
Rational Vendors on the Cryptomarket Ecosystem: Risk, Benefit, and Shipments
Shu Qi Liu
Simon Fraser University
Dr. Richard Frank
Simon Fraser University
Cryptomarkets are dark web marketplaces that facilitate the sale of illicit goods and services, primarily drugs, between vendors and buyers. The cryptomarket ecosystem has a high turnover rate with the majority of markets disappearing within two years and new markets constantly appearing. Vendors are a party of interest because they support the thriving cryptomarket ecosystem. Data was collected from eight cryptomarkets between June 2021 and January 2022 to identify unique vendors and examine their migration habits, risk tolerance and risk management when shipping drug products internationally. When a large cryptomarket shuts down and vendors are displaced, vendors often migrate to the next largest cryptomarket because that cryptomarket is trustworthy and has sufficient demand for their products. Vendors have a limited risk tolerance and implement their own security measures when selling high risk products, such as firearms, by reducing their digital footprint. Experienced vendors who work in teams in different countries can ship drug products while limiting the risk that their package will be seized. Major vendors often decide against increasing their risk if they already have a satisfactory amount of domestic business. Cryptomarket vendors weigh risk against the benefits of online dealing and take actions that lead to profit.
Coffee break
Session 6
10:45 a.m.-12:00 p.m.
Digital piracy, gender, and techniques of neutralization: Do male college students use different techniques of neutralization than female students?
Dr. Adam Bossler
Georgia Southern University
Criminologists have been studying digital piracy for a few decades now. Most researchers have identified a gender gap in which males are more likely than females to commit digital piracy. In this study, the author uses a large convenience sample of college students to examine whether the use of techniques of neutralization helps explain this gender gap. In addition, the study explores whether male digital pirates use different techniques of neutralization that female pirates. Implications for the importance of techniques of neutralization in creating digital piracy policy and education programs are explored
Identity Theft Prevention: An Experimental Evaluation of Prospect Theory
Dr. C. Jordan Howell
University of South Florida
Prior research has primarily assessed cybercrime victimization using survey data or victim interviews. This line of research is problematic given that cybercrime occurrences are underreported; thus, our ability to understand the factors that might prevent victimization is limited. Guided by prospect theory, the current study addresses this limitation by employing a randomized experimental design to determine if security messages reduce re-victimization among a sample of known identity theft victims. The study began by extracting stolen identities from various illicit networks, including the victims' names, banking information, and contact details. We then assigned the victims to a control group or one of two treatment groups. Those in the treatment groups received a variation of a security message aimed to nudge respondents to protect their sensitive information by not clicking malicious links; those in the control group did not receive a security message. Finally, we launched a series of smishing attacks (phishing via phone text messages) against participants. We found support for prospect theory: security messages and messaging content influenced respondents' likelihood of clicking malicious links. We discuss the theoretical and proactive policy implications.
Dr. Catherine Muniz
University of Texas at El Paso
Dr. George Burruss
University of South Florida
Taylor Fisher
University of South Florida
Motivating Cyber Hygiene through Information: Does Framing Promote Protection Motivation in Online Behavior?
Cybersecurity industry leaders and government officials warn the public about victimization risks, hoping that citizens will adopt protective behaviors while using the Internet. While advising the public is common, it does not guarantee that individuals will adopt the recommended actions. The current study uses protection motivation theory to understand how subjects perceived online victimization threats (specifically identity theft). We examined whether the framing of threat appeal influenced changes in these perceptions and anticipated future behavior. We use a sample of American Internet users and an experimental vignette design to expose individuals to the same threat appeal but with different messaging: victimization statistics, victimization statistics with an FBI/IC3 header before the text, victimization statistics with an anecdote, and victimization statistics with an anecdote and FBI/IC3 header. We evaluated potential changes in perceptions of fear, risk, seriousness, and protection motivation based on the type of message given to respondents. We discuss the experiment results and their implications for cybersecurity education efforts.
Dr. George Burruss
University of South Florida
Taylor Fisher
University of South Florida
Dr. Fawn Ngo
University of South Florida
Lunch break
Session 7
1:30-2:45 p.m.
Hacker mobility in cyberspace and the least effort principle
Dr. Stijn Ruiter
Netherlands Institute for the Study of Crime and Law Enforcement
Daniël Meinsma
The Hague University of Applied Sciences
Crime journeys refer to the sequence of trips before, during, and after committing the crime. This paper examines the least effort principle in cybercrime journeys with a pre-selected target. We adapt this principle to cyberspace under the assumption that hackers act rationally trying to maximize rewards with minimum effort. We assume that, as hackers journey to cybercrime, they would then try to follow the sequence of steps described in the cyber kill chain as the most efficient method of hacking a target website—as long as the sequence is followed in a linear fashion. To test this premise, we recruited 70 IT security and software engineering students to participate in a capture-the-flag exercise that consisted of hacking a target website and combined it with an online questionnaire. The exercise was held in a computer lab that incorporated monitoring software to collect objective measures of the participants as they attempted the hack. Using sequence analysis, 2952 keystrokes served to measure the hacking efficiency of participants. We hypothesize that the ability to commit cybercrime more efficiently is linked with expertise, as it grows with prior cybercrime experience and will also be higher for hackers with more IT skills.
Dr. Asier Moneva
NSCR/Centre of Expertise Cyber Security, The Hague University of Applied Sciences
The non-consensual dissemination of intimate images (NCII): victims’ rationales behind not reporting this crime and their perspective on how to legally conserve NCII
Dr. Catherine Van de Heyning
University of Antwerp
Dr. Michel Walrave
University of Antwerp
Many policy makers focused on the non-consensual distribution of intimate images (NCII) while tackling cyberviolence. A high psychosocial impact of NCII has resulted in countries criminalising NCII. The recent proposal for a directive of the EU to include NCII as an EU crime spotlights the urgency felt by authorities to tackle NCII. Notwithstanding the trend to criminalise NCII and the psychosocial consequences, the majority of NCII incidents are not filed to the police whilst victims’ motivations for not doing so remain unexplored. This mixed-method study among Belgian youngsters (15-25y) explores the victims’ rationales for (not) reporting an NCII incident. Firstly, victims’ perceptions on the correct penalisation of NCII in national law and what aggravating factors are relevant, are investigated. Secondly, victims’ motivations for (not) reporting an NCII incident are mapped. Results demonstrate that victims would have NCII offenders attend awareness courses (e.g. impact of NCII) rather than implying imprisonment and identified recidivism to be an appropriate aggravating factor. Moreover, the type of relationship with the offender (close or superficial) was one of the rationales for not reporting an NCII incident. These outcomes might be of interest for initiatives that aim to evaluate the current legal approach of NCII.
Aurélie Gilen
University of Antwerp
The psychological impact of cybercrime victimization: The importance of personal and circumstantial factors
Jildau Borwell
NHL Stenden University of Applied Sciences; Open University of the Netherlands; Dutch Police
The increase in cybercrime raises concerns about the psychological impact of this type of crime on victims. The current study investigated the relationship between personal (e.g., demographic and socioeconomic characteristics) and circumstantial (e.g., direct consequences and duration of the crime) factors and the psychological impact of cybercrime victimization. An analysis was conducted on survey data collected among 2,415 victims of hacking, financial cybercrime and person-centered cybercrime. The results show how specific personal and circumstantial factors are associated with the psychological impact cybercrime victims experience. Psychological impact was divided in sense of security (how safe do victims feel in the digital world and how trusting or fearful they are of it) and emotional well-being (the direct impact on the victim’s emotional state). Effects were found of age, living situation, gender, religiousness, socio-economic status, hacking implications and duration of the crime. In addition to an academic and theoretical contribution, this study can aid in the development of appropriate prevention and support measures for cybercrime victims. Measures could focus on those victims who have characteristics associated with a higher psychological impact, and the circumstances that increase impact could be prevented or counteracted. This could be of interest to all parties dealing with cybercrime victims.
Session 8
3:15-4:35 p.m.
Ransomware models in Organizations: Vaccination Model Vs. recurrent campaigns
Dr. Tamar Berenblum
Imperva, The Federmann Cyber Security Research Center, The Hebrew University of Jerusalem
Securing well-functioning IT systems from outside and inside threats becomes a business process on its own, and within the context of information security, human behavior has a fundamental role.
Phishing is an attack based on social engineering to obtain user data and permissions by convincing the victim to open a message. It poses a significant risk to organizations since they tackle the most vulnerable component of the system - its users. Education is critical success factors in fighting phishing.
In this talk, we present comparison between two approaches to such an educational campaign based on data collected in varied organizations in Israel. The first, based on recurrent exposure to phishing campaign in an attempt to help users learn what a typical phishing attempt looks like and avoid harm. The second is based on a vaccination model, where users are exposed to real limited damage caused by a successful phishing attempt. This simulation of exposure to real-life and concrete harm aimed at changing the user behavior.
We will discuss the effectiveness of such interventions and suggest a practical way to implement such processes in business environment.
Dr. Amit Rechavi
Ruppin Academic Center
HUJI Cyber Security Research Center
Uncovering threat in the dark: A qualitative analysis of Darknet forum content relating to cyber security and critical infrastructure
The increasing connectivity and remote access of industrial devices and critical infrastructure (CI) is now exposing facilities and institutions to malicious actors who aim to cause significant damage. Throughout the various stages of a cyber-attack, publicly available Darknet forums could be used by hackers to gather information, acquire hacking knowledge, and develop malware and attack strategies against targeted CI sectors. The purpose of the current study is to explore and identify the types of data that are useful for malicious individuals intending to conduct cyber-attacks against the CI industry. Applying and searching keyword queries in a Darknet forum called Dread, search results published between 2018 to 2022 were reviewed and qualitatively analyzed to categorize information that could be useful to hackers. Over 36,793 results were analyzed from the forum, 888 of which were found to provide information related to hacking and/or cybersecurity malicious actors could apply to CI facilities. Four major types of data retrievable by malicious attackers were identified through thematic content analysis: indirect reconnaissance data, question inquiries, hacking-as-a-service, and educational materials. These findings revealed the necessity to implement policies and preventative strategies to counter the increasing threat against critical infrastructure brought by accessible open-source information.
Yuxuan (Cicilia) Zhang
Simon Fraser University
Communities & Digital Crime: Identifying the Links Between Community-Level Internet Technology and Cyber Offending
The environmental criminology literature identifies strong links between communities and offending behavior through the spatial organization of opportunities and neighborhood social cohesion. Increases in cyber offending behavior over the last two decades raise the question of whether this relationship persists with behavior online. Motivated by theory and prior research, this study investigates whether neighborhood levels of access and use of the internet are related to a range of offending behaviors online. This project uses nationally representative self-report survey data of adult U.S. Internet users and U.S. Census data to estimate latent classes of community-level internet technology (IT). A distal outcome model is used to estimate the relationships between latent classes of neighborhood IT levels and multiple types of cyber offending behavior. Analyses indicate heterogeneity in levels of internet technology across community contexts and cyber offending behaviors. Engagement in cyber offending varies across residential contexts of urbanity by IT, and elements of neighborhood social cohesion appear to have a slight protective effect against cyber offending. The results of this study inform literature across a range of subjects including community contexts of crime, the role of internet infrastructure in digital behavior, and criminological theory of cyber offending.
