ENGLISH: A vast and growing body of research has shown that crime tends to run in families. However, previous studies focused only on traditional crimes and research on familial risk factors for cyber offending is very scarce. To address this gap in the literature, the present study examines the criminal behavior of the family members of a sample of cyber offenders prosecuted in the Netherlands. The sample consists of 979 cyber offenders prosecuted for computer trespassing between 2001 and 2018, and two matched groups of 979 traditional offenders and 979 non-offenders. Judicial information and kinship data from Dutch Statistics were used to measure criminal behavior among family members. Both traditional offenders and cyber offenders were found to be more likely to have criminal fathers, mothers, and siblings than non-offenders. Additional analyses, however, showed different patterns between cyber offenders who were only prosecuted for cyber offenses and those who also committed traditional crimes. While the former group of cyber offenders were similar to non-offenders in terms of family offending, the latter group of cyber offenders were more similar to traditional offenders. Overall, these results suggest that the traditional mechanisms of intergenerational transmission of crime can only partially explain cybercrime involvement. NEDERLANDS: Uit een groot en groeiend aantal onderzoeken blijkt dat criminaliteit vaak in families voorkomt. Eerdere studies richtten zich echter alleen op traditionele misdrijven en onderzoek naar familiaire risicofactoren voor cybercriminaliteit is zeer schaars. Om deze leemte in de literatuur op te vullen, onderzoekt deze studie het criminele gedrag van familieleden van een steekproef van cyberdelinquenten die in Nederland worden vervolgd. De steekproef bestaat uit 979 cyberdelinquenten die tussen 2001 en 2018 zijn vervolgd voor computervredebreuk, en twee gematchte groepen van 979 traditionele delinquenten en 979 niet-delinquenten. Justitiële informatie en verwantschapsgegevens van het Centraal Bureau voor de Statistiek werden gebruikt om crimineel gedrag onder familieleden te meten. Zowel traditionele daders als cybercriminelen bleken vaker criminele vaders, moeders en broers en zussen te hebben dan niet-daders. Aanvullende analyses lieten echter verschillende patronen zien tussen cyberdelinquenten die alleen werden vervolgd voor cyberdelicten en degenen die ook traditionele delicten pleegden. Terwijl de eerste groep cyberdelinquenten vergelijkbaar was met niet-delinquenten wat betreft gezinsdelinquentie, leek de tweede groep cyberdelinquenten meer op traditionele delinquenten. In het algemeen suggereren deze resultaten dat de traditionele mechanismen van intergenerationele overdracht van criminaliteit de betrokkenheid bij cybercriminaliteit slechts gedeeltelijk kunnen verklaren.
DOCUMENT
Criminal expertise plays a crucial role in the choices offenders make when committing a crime, including their modus operandi. However, our knowledge about criminal decision making online remains limited. Drawing on insights from cyber security, we conceptualize the cybercrime commission process as the sequence of phases of the cyber kill chain that offenders go through. We assume that offenders who follow the sequence consecutively use the most efficient hacking method. Building upon the expertise paradigm, we hypothesize that participants with greater hacking experience and IT skills undertake more efficient hacks. To test this hypothesis, we analyzed data from 69 computer security and software engineering students who were invited to hack a vulnerable website in a computer lab equipped with monitoring software, which allowed to collect objective behavioral measures. Additionally, we collected individual measures regarding hacking expertise through an online questionnaire. After quantitatively measuring efficiency using sequence analysis, a regression model showed that the expertise paradigm may also apply to hackers. We discuss the implications of our novel research for the study of offender decision-making processes more broadly.
DOCUMENT
Het onderzoek dat ten grondslag ligt aan dit artikel onderzoekt hoe de overheid markten reguleert voor (financiële) producten en diensten teneinde falen van de markt te voorkomen. Het behandelt specifiek EU Richtlijn 2014/57/EU betreffende strafrechtelijke sancties voor marktmisbruik en de implementatie daarvan in Nederland en opvolgend gebruik door het Openbaar Ministerie en Autoriteit Financiële Markten en hun Convenant ter voorkoming van ongeoorloofde samenloop van bestuurlijke en strafrechtelijke sancties. Het beantwoord de vraag of deze richtlijn de ontwikkeling van effectief reguleren van de financiële markt bevordert of remt. De slotsom ten aanzien van de implementatie van Richtlijn 2014/57/EU is – kort gezegd – dat “slechts” het aantal jaren gevangenisstraf voor handel met voorkennis en marktmisbruik van twee naar vier aangepast dient te worden. Het artikel concludeert tenslotte dat de huidige praktijk van het Convenant tussen OM en Autoriteit Financiële Markten kan blijven bestaan. De Autoriteit Financiële Markten kan haar inspanningen om haar toezicht verder in de geest van responsive regulation te verbeteren ongestoord door het OM voortzetten.
DOCUMENT
Despite the benefits of the widespread deployment of diverse Internet-enabled devices such as IP cameras and smart home appliances - the so-called Internet of Things (IoT) has amplified the attack surface that is being leveraged by cyber criminals. While manufacturers and vendors keep deploying new products, infected devices can be counted in the millions and spreading at an alarming rate all over consumer and business networks. The objective of this project is twofold: (i) to explain the causes behind these infections and the inherent insecurity of the IoT paradigm by exploring innovative data analytics as applied to raw cyber security data; and (ii) to promote effective remediation mechanisms that mitigate the threat of the currently vulnerable and infected IoT devices. By performing large-scale passive and active measurements, this project will allow the characterization and attribution of compromise IoT devices. Understanding the type of devices that are getting compromised and the reasons behind the attacker’s intention is essential to design effective countermeasures. This project will build on the state of the art in information theoretic data mining (e.g., using the minimum description length and maximum entropy principles), statistical pattern mining, and interactive data exploration and analytics to create a casual model that allows explaining the attacker’s tactics and techniques. The project will research formal correlation methods rooted in stochastic data assemblies between IoT-relevant measurements and IoT malware binaries as captured by an IoT-specific honeypot to aid in the attribution and thus the remediation objective. Research outcomes of this project will benefit society in addressing important IoT security problems before manufacturers saturate the market with ostensibly useful and innovative gadgets that lack sufficient security features, thus being vulnerable to attacks and malware infestations, which can turn them into rogue agents. However, the insights gained will not be limited to the attacker behavior and attribution, but also to the remediation of the infected devices. Based on a casual model and output of the correlation analyses, this project will follow an innovative approach to understand the remediation impact of malware notifications by conducting a longitudinal quasi-experimental analysis. The quasi-experimental analyses will examine remediation rates of infected/vulnerable IoT devices in order to make better inferences about the impact of the characteristics of the notification and infected user’s reaction. The research will provide new perspectives, information, insights, and approaches to vulnerability and malware notifications that differ from the previous reliance on models calibrated with cross-sectional analysis. This project will enable more robust use of longitudinal estimates based on documented remediation change. Project results and methods will enhance the capacity of Internet intermediaries (e.g., ISPs and hosting providers) to better handle abuse/vulnerability reporting which in turn will serve as a preemptive countermeasure. The data and methods will allow to investigate the behavior of infected individuals and firms at a microscopic scale and reveal the causal relations among infections, human factor and remediation.
