Prior research on network attacks is predominantly technical, yet little is known about behavioral patterns of attackers inside computer systems. This study adopts a criminological perspective to examine these patterns, with a particular focus on data thieves targeting organizational networks. By conducting interviews with cybersecurity experts and applying crime script analysis, we developed a comprehensive script that describes the typical progression of attackers through organizational systems and networks in order to eventually steal data. This script integrates phases identified in previous academic literature and expert-defined phases that resemble phases from industry threat models. However, in contrast to prior cybercrime scripts and industry threat models, we did not only identify sequential phases, but also illustrate the circular nature of network attacks. This finding challenges traditional perceptions of crime as a linear process. In addition, our findings underscore the importance of considering both successful and failed attacks in cybercrime research to develop more effective cybersecurity strategies.
MULTIFILE
By analysing intelligence-gathering reform legislation this article discusses access to justice for communications interception by the intelligence and security services. In the aftermath of the Snowden revelations, sophisticated oversight systems for bulk communications surveillance are being established across the globe. In the Netherlands prior judicial consent and a binding complaint procedure have been established. However, although checks and balances for targeted communications interference have been created, accountability mechanisms are less equipped to effectively remedy indiscriminate interference. Therefore, within the context of mass communications surveillance programs, access to justice for complainants remains a contentious issue.
MULTIFILE
Longitudinal criminological studies greatly improved our understanding of the longitudinal patterns of criminality. These studies, however, focused almost exclusively on traditional types of offending and it is therefore unclear whether results are generalizable to online types of offending. This study attempted to identify the developmental trajectories of active hackers who perform web defacements. The data for this study consisted of 2,745,311 attacks performed by 66,553 hackers and reported to Zone-H between January 2010 and March 2017. Semi-parametric group-based trajectory models were used to distinguish six different groups of hackers based on the timing and frequency of their defacements. The results demonstrated some common relationships to traditional types of crime, as a small population of defacers accounted for the majority of defacements against websites. Additionally, the methods and targeting practices of defacers differed based on the frequency with which they performed defacements generally.
