This article examines the network structure, criminal cooperation, and external interactions of cybercriminal networks. Its contribution is empirical and inductive. The core of this study involved carrying out 10 case analyses on closed cybercrime investigations – all with financial motivations on the part of the offenders - in the UK and beyond. Each analysis involved investigator interview and access to unpublished law enforcement files. The comparison of these cases resulted in a wide range of findings on these cybercriminal networks, including: a common division between the scam/attack components and the money components; the presence of offline/local elements; a broad, and sometimes blurred, spectrum of cybercriminal behaviour and organisation. An overarching theme across the cases that we observe is that cybercriminal business models are relatively stable.
DOCUMENT
Accurate and reliable decision-making in the criminal justice system depends on accurate expert reporting and on the correct interpretation of evidence by the judges, prosecutors, and defense lawyers. The present study aims to gain insight into the judiciary's capability to assess the accuracy and reliability of forensic expert reports by first examining the extent to which criminal justice professionals are able to differentiate between an accurate (or sound) expert report and an inaccurate (or unsound) expert report. In an online questionnaire, 133 participants assessed both a sound and an unsound expert report. The findings show that, on average, participants were unable to significantly distinguish between sound and unsound forensic expert reports. Second, the study explored the influence of institutional authority on the evaluation of forensic expert reports. Reports that were not recognized as flawed—particularly those originating from well-known and reputable institutions—were subjected to less critical examination, increasing the risk of evaluation errors. These results suggest that the perceived institutional authority influences the assessment of forensic evidence. The study highlights the need for tools to support criminal justice professionals in evaluating forensic evidence, particularly when experts are unregistered. Recommendations include adhering to established quality standards, consulting counter-expert evaluations, improving courtroom communication, and enhancing forensic knowledge through training. Overall, the findings underscore the importance of critical evidence evaluation to reduce the risk of misinterpretation and wrongful convictions in the judicial process.
DOCUMENT
In most models on terrorism, interaction with other radicals is a key factor. However, systematic empirical evidence that radical ties affect behaviour is scarce. Our access to detailed police information allows us to apply Social Network Analysis (SNA) on a Dutch Salafi-Jihadi network and analyse the social relationships and network positions of 80 actors, out of whom 20 turned to terrorist acts. The results suggest that ties to leaders and terrorist offenders, co-attendance of radicalising settings and greater structural embeddedness relate to the likelihood of individual actors turning to acts of terrorism. However, we also find some individual attributes that may offer competing explanations. In this paper we discuss our findings and address how future research may provide further insights into an important issue for agencies involved in countering terrorism: which radical actors, if any, are more likely to turn to acts of terrorism?
DOCUMENT
The first reason for this study is that a gap appears to exist in the available theories on corruption; very little research is available on corruption by a network, nor does the network theory thoroughly discuss the risks or pitfalls of networks. The second reason for this study is the observation that policies and investigations appear to be limited in dealing with corruption in network-like structures, while at the same time international and European organisations refer to ‘trading in influence’, political and high-profile corruption and the need to eradicate these forms of corruption. The descriptions of both trading in influence and ‘political corruption’ are such that they refer to a web, circle or network in which corruption occurs. The current literature and research on corruption in network-like structures is not extensive, nor do literature and research on networks extensively discuss the pitfalls of networks or how such a collective can become corrupt. This study seeks to bridge both themes, thereby learning from the day-to-day reality of large corruption cases which are difficult to investigate, and comparing them to what is described in the existing bodies of literature on corruption and networks. Thus, understanding network corruption is relevant to prevent, detect and address corruption in our modern society. It will help create awareness and understanding of when social capital becomes corrupted. In this study I consider the structure of the network and the responsibility in these networks in real-life cases: what consequences this has in terms of how the conduct should be assessed; what it means when corruption is a collective behaviour; and whether the behaviour of individuals can be assessed independently of the network. We need to understand which norms are laid down in the anti-corruption policies and models and compare them with the norms upheld in social networks, to explore whether it is possible to distinguish networks from network corruption. In particular, the various roles that individuals take on in such networks needs consideration. The three case studies (the FIFA case, the News of the World case and the Roermond case) concerned serious misconduct by a given set of persons having some form of loose association, but sometimes with little individual behaviour being criminal. In this study the link between networks and corruption is explored by means of the following central question: In what way and to what extent is corruption linked to the functioning of social networks, and what does this entail for our knowledge of corruption and networks and the policies to eradicate corruption?
MULTIFILE
ENGLISH: A vast and growing body of research has shown that crime tends to run in families. However, previous studies focused only on traditional crimes and research on familial risk factors for cyber offending is very scarce. To address this gap in the literature, the present study examines the criminal behavior of the family members of a sample of cyber offenders prosecuted in the Netherlands. The sample consists of 979 cyber offenders prosecuted for computer trespassing between 2001 and 2018, and two matched groups of 979 traditional offenders and 979 non-offenders. Judicial information and kinship data from Dutch Statistics were used to measure criminal behavior among family members. Both traditional offenders and cyber offenders were found to be more likely to have criminal fathers, mothers, and siblings than non-offenders. Additional analyses, however, showed different patterns between cyber offenders who were only prosecuted for cyber offenses and those who also committed traditional crimes. While the former group of cyber offenders were similar to non-offenders in terms of family offending, the latter group of cyber offenders were more similar to traditional offenders. Overall, these results suggest that the traditional mechanisms of intergenerational transmission of crime can only partially explain cybercrime involvement. NEDERLANDS: Uit een groot en groeiend aantal onderzoeken blijkt dat criminaliteit vaak in families voorkomt. Eerdere studies richtten zich echter alleen op traditionele misdrijven en onderzoek naar familiaire risicofactoren voor cybercriminaliteit is zeer schaars. Om deze leemte in de literatuur op te vullen, onderzoekt deze studie het criminele gedrag van familieleden van een steekproef van cyberdelinquenten die in Nederland worden vervolgd. De steekproef bestaat uit 979 cyberdelinquenten die tussen 2001 en 2018 zijn vervolgd voor computervredebreuk, en twee gematchte groepen van 979 traditionele delinquenten en 979 niet-delinquenten. Justitiële informatie en verwantschapsgegevens van het Centraal Bureau voor de Statistiek werden gebruikt om crimineel gedrag onder familieleden te meten. Zowel traditionele daders als cybercriminelen bleken vaker criminele vaders, moeders en broers en zussen te hebben dan niet-daders. Aanvullende analyses lieten echter verschillende patronen zien tussen cyberdelinquenten die alleen werden vervolgd voor cyberdelicten en degenen die ook traditionele delicten pleegden. Terwijl de eerste groep cyberdelinquenten vergelijkbaar was met niet-delinquenten wat betreft gezinsdelinquentie, leek de tweede groep cyberdelinquenten meer op traditionele delinquenten. In het algemeen suggereren deze resultaten dat de traditionele mechanismen van intergenerationele overdracht van criminaliteit de betrokkenheid bij cybercriminaliteit slechts gedeeltelijk kunnen verklaren.
DOCUMENT
Presentation by Rutger Leukfeldt on Financially motivated cybercriminal networks, during workshop on Cybercrime Offenders. Cybercrime perpetrators are as diverse and complex as the cybercrime that they commit. For example, they come from different backgrounds and have different (egotistical, technical, monetary, ideological, political, professional, vengeful, sexual or other) motivations. They may or may not be professional criminals, and individuals or part of organised groups or networks (example of Advanced Persistent Threats). Some may commit crime on their own account or make their services available to others, and some may be supported by or be state actors. A better understanding of the types of perpetrators and their motivations and techniques can be instrumental for the prevention of cybercrime and for a more effective criminal justice response. The aim of this workshop is to contribute to such a better understanding and to initiate steps towards a typology of offenders.
DOCUMENT
Introduction: Few studies have examined the sales of stolen account credentials on darkweb markets. In this study, we tested how advertisement characteristics affect the popularity of illicit online advertisements offering account credentials. Unlike previous criminological research, we take a novel approach by assessing the applicability of knowledge on regular consumer behaviours instead of theories explaining offender behaviour.Methods: We scraped 1,565 unique advertisements offering credentials on a darkweb market. We used this panel data set to predict the simultaneous effects of the asking price, endorsement cues and title elements on advertisement popularity by estimating several hybrid panel data models.Results: Most of our findings disconfirm our hypotheses. Asking price did not affect advertisement popularity. Endorsement cues, including vendor reputation and cumulative sales and views, had mixed and negative relationships, respectively, with advertisement popularity.Discussion: Our results might suggest that account credentials are not simply regular products, but high-risk commodities that, paradoxically, become less attractive as they gain popularity. This study highlights the necessity of a deeper understanding of illicit online market dynamics to improve theories on illicit consumer behaviours and assist cybersecurity experts in disrupting criminal business models more effectively. We propose several avenues for future experimental research to gain further insights into these illicit processes.
DOCUMENT
Criminologists have frequently debated whether offenders are specialists, in that they consistently perform either one offense or similar offenses, or versatile by performing any crime based on opportunities and situational provocations. Such foundational research has yet to be developed regarding cybercrimes, or offenses enabled by computer technology and the Internet. This study address this issue using a sample of 37 offender networks. The results show variations in the offending behaviors of those involved in cybercrime. Almost half of the offender networks in this sample appeared to be cybercrime specialists, in that they only performed certain forms of cybercrime. The other half performed various types of crimes on and offline. The relative equity in specialization relative to versatility, particularly in both on and offline activities, suggests that there may be limited value in treating cybercriminals as a distinct offender group. Furthermore, this study calls to question what factors influence an offender's pathway into cybercrime, whether as a specialized or versatile offender. The actors involved in cybercrime networks, whether as specialists or generalists, were enmeshed into broader online offender networks who may have helped recognize and act on opportunities to engage in phishing, malware, and other economic offenses.
DOCUMENT
Human factor in cybersecurity This unique event aims to: -Provide a near zero cost event to reduce barriers to international collaborations between researchers -Promote the exchange of cybersecurity findings and perspectives -Reach out to and engage new audiences curious about cybersecurity
VIDEO
This is the age of network extinction. Small is trivial. Notorious vagueness and non-commitment on the side of slackerish members killed the once cute, postmodern construct of networks. Platforms did the rest. Decentralization may be the flavour of the day, but no one is talking about networks anymore as a solution for the social media mess. Where have all the networks gone?(This essay was written in August 2019 for the INC/Transmediale co-publication The Eternal Network: The Ends and Becomings of Network Culture that came out on January 28, 2020 at the opening of the Berlin Transmediale festival. You can read and download the publication here. The essay was slightly shortened; below you will find the original text).
MULTIFILE
