Prior research on network attacks is predominantly technical, yet little is known about behavioral patterns of attackers inside computer systems. This study adopts a criminological perspective to examine these patterns, with a particular focus on data thieves targeting organizational networks. By conducting interviews with cybersecurity experts and applying crime script analysis, we developed a comprehensive script that describes the typical progression of attackers through organizational systems and networks in order to eventually steal data. This script integrates phases identified in previous academic literature and expert-defined phases that resemble phases from industry threat models. However, in contrast to prior cybercrime scripts and industry threat models, we did not only identify sequential phases, but also illustrate the circular nature of network attacks. This finding challenges traditional perceptions of crime as a linear process. In addition, our findings underscore the importance of considering both successful and failed attacks in cybercrime research to develop more effective cybersecurity strategies.
MULTIFILE
This article describes the development of foreign fighters’ preparatory modes of operation between 2000 and 2013, based on an analysis of 17 closed police investigations and 21 semi-structured interviews with police investigators, public prosecutors, and lawyers. Through the use of grounded theory methods and a crime script analysis, we find that the phenomenon is not as new as is often portrayed. It changes over time as changing opportunity structures have an impact on the activities foreign fighters undertake during the preparation phase. We demonstrate how geopolitical changes, social opportunity structures, and technological developments affect themodus operandiover time. One of the implications of our findings is that the dynamic nature of the foreign fighting phenomenon requires flexible and tailored prevention measures.
DOCUMENT