Prior research on network attacks is predominantly technical, yet little is known about behavioral patterns of attackers inside computer systems. This study adopts a criminological perspective to examine these patterns, with a particular focus on data thieves targeting organizational networks. By conducting interviews with cybersecurity experts and applying crime script analysis, we developed a comprehensive script that describes the typical progression of attackers through organizational systems and networks in order to eventually steal data. This script integrates phases identified in previous academic literature and expert-defined phases that resemble phases from industry threat models. However, in contrast to prior cybercrime scripts and industry threat models, we did not only identify sequential phases, but also illustrate the circular nature of network attacks. This finding challenges traditional perceptions of crime as a linear process. In addition, our findings underscore the importance of considering both successful and failed attacks in cybercrime research to develop more effective cybersecurity strategies.
MULTIFILE
Although the prevalence of cybercrime has increased rapidly, most victims do not report these offenses to the police. This is the first study that compares associations between victim characteristics and crime reporting behavior for traditional crimes versus cybercrimes. Data from four waves of a Dutch cross-sectional population survey are used (N = 97,186 victims). Results show that cybercrimes are among the least reported types of crime. Moreover, the determinants of crime reporting differ between traditional crimes and cybercrimes, between different types of cybercrime (that is, identity theft, consumer fraud, hacking), and between reporting cybercrimes to the police and to other organizations. Implications for future research and practice are discussed. doi: https://doi.org/10.1177/1477370818773610 This article is honored with the European Society of Criminology (ESC) Award for the “Best Article of the Year 2019”. Dit artikel is bekroond met de European Society of Criminology (ESC) Award for the “Best Article of the Year 2019”.
MULTIFILE
Previous quantitative studies applying Routine Activity Theory (RAT) to cybercrime victimization produced mixed results. Through semi-structured interviews with cybersecurity experts, the current study aims to qualitatively reevaluate the applicability of RAT to cyber-dependent crime, specifically data theft from organizations. An in-depth assessment of environmental factors appearing to affect data thieves’ actions resulted in concrete operationalizations of theoretical concepts. Importantly, we highlight the distinction between target selection and strategic choices made during the attack. Furthermore, RAT appeared to be as relevant, if not more, for explaining offender actions during an attack as for the initial convergence of offenders and digital targets.
DOCUMENT
In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
DOCUMENT
With a growing number of electric vehicles (EVs) on the road and charging infrastructure investments lagging, occupation of installed charging stations is growing and available charging points for EV drivers are becoming scarce. Installing more charging infrastructure is problematic from both a public(tax payers money, parking availability) and private (business case) perspective. Increasing the utilization of available charging stations is one of the solutions to satisfy the growing charging need of EV drivers and managing other stakeholders interests. Currently, in the Netherlands only 15-25% of the time connected to a public charging station is actually used for charging. The longest 4% of all sessions account for over 20% of all time connected while barely using this time for actually charging. The behaviour in which EV users stay connected to a charging station longer than necessary to charge their car is called “charging station hogging”. Using a large dataset (1.3 million sessions) on publiccharging infrastructure usage, this paper analyses the inefficient use of charging stations along three axes: where the hogging takes place (spatial), by whom (the characteristics of the user) and during which time frames (day, week and year). Using the results potential solutions are evaluated and assessed including their potential and pitfalls.
DOCUMENT
Websites placing cookies on your computer to track your browsing behavior. TikTok stores your personal data in China. Are you aware of what products, services, and organisations do with your personal data? It is often not obvious. Our digital lives are becoming more and more prominent. We are now meeting each other virtually for work and leisure, and are spotted and traced without our knowledge, both in physical places (public areas and streets) and in virtual spaces. Technology is developing rapidly and policy makers are not able to keep up, resulting in unknown threats for citizens in modern society. Moreover, technology can lead to inequality and exclusion, as demonstrated in the Dutch childcare benefits scandal. The aim of the Inholland Digital Rights Research Team, co-founded by Professors Wina Smeenk, Ander de Keijzer and Ben Wagner, is to focus their work on the social, economic, cultural, communication, design and technological elements that can lead to a digitally responsible society. This means that we want to be part of the debate and research on how technology in our digital age can contribute to the quality of peoples’ lives: how can people benefit from the digital society and how are they hindered, or even worse, excluded from partaking in our digital society. We do this in our research lines, as well as in the sustainable media lab courses and the data-driven minor.
DOCUMENT
Ethnographic fieldwork is a balancing act between distancing and immersing. Fieldworkers need to come close to meaningfully grasp the sense-making efforts of the researched. In methodological textbooks on ethnography, immersion tends to be emphasized at the expense of its counterpart. In fact, ‘distancing’ is often ignored as a central tenet of good ethnographic conduct. In this article we redirect attention away from familiarization and towards ‘defamiliarization’ by suggesting six estrangement strategies (three theoretical and three methodological) that allow the researcher to develop a more detached viewpoint from which to interpret data. We demonstrate the workings of these strategies by giving illustrations from Machteld de Jong’s field- and text-work, conducted among Moroccan-Dutch students in an institution of higher vocational education.
DOCUMENT
According to Johnson & Grandison (2007), failure to safeguard privacy of users of services provided by private and governmental organisations, leaves individuals with the risk of exposure to a number of undesirable effects of information processing. Loss of control over information about a person may lead to fraud, identity theft, reputation damage, and may cause psychosocial consequences ranging from mild irritation, unease, social exclusion, physical harm or even, in extreme cases, death. Although pooh-poohed upon by some opinion leaders from search engine and ICT industries for over a decade (Sprenger, 1999; Esguerra, 2009), the debate in the wake of events like the tragic case of Amanda Todd could be interpreted as supporting a case for proper attention to citizens’ privacy. Truth be told, for a balanced discussion on privacy in the age of Facebook one should not turn towards the social media environment that seems to hail any new development in big data analysis and profiling-based marketing as a breathtaking innovation. If the myopic view of technology pundits is put aside, a remarkably lively debate on privacy and related issues may be discerned in both media and scientific communities alike. A quick keyword search on ‘privacy’, limited to the years 2000-2015, yields huge numbers of publications: Worldcat lists 19,240; Sciencedirect 52,566, IEEE explore 71,684 and Google scholar a staggering 1,880,000. This makes clear that privacy is still a concept considered relevant by both the general public and academic and professional audiences. Quite impressive for a subject area that has been declared ‘dead’.
MULTIFILE
The outbreak of the COVID-19 virus in December 2019 and the restrictive measures that were implemented to slow down the spread of the virus have had a significant impact on our way of life. The sudden shift from offline to online activities and work may have resulted in new cybersecurity risks. The present study therefore examined changes in the prevalence, nature and impact of cybercrime among Dutch citizens and SME owners, during the pandemic. Qualitative interviews with ten experts working at various public and private organizations in the Netherlands that have insights into cybercrime victimization and data from victim surveys administrated in 2019 and 2021 were analyzed. The results show that there was only a small, non-statistically significant increase in the prevalence of cybercrime during the pandemic among citizens and SME owners. Nevertheless, the COVID-19 pandemic did have an impact on the modus operandi of cybercriminals: victims indicated that a considerable proportion of the offenses was related to the COVID-19 pandemic, particularly in the case of online fraud. Moreover, the use of new applications and programs for work was associated with an increased risk of cybercrime victimization during the COVID-19 crisis. These results suggest that increases in rates of registered cybercrime that were found in previous studies might be the consequence of a reporting effect and that cybercriminals adapt their modus operandi to current societal developments.
DOCUMENT
