Organised Crime Groups in Cyberspace: A Typology

By Kim-Kwang Raymond Choo

Three categories of organised groups that exploit advances in information and communications technologies (ICT) to infringe legal and regulatory controls: (1) traditional organised criminal groups which make use of ICT to enhance their terrestrial criminal activities; (2) organised cybercriminal groups which operate exclusively online; and (3) organised groups of ideologically and politically motivated individuals who make use of ICT to facilitate their criminal conduct are described in this article. The need for law enforcement to have in-depth knowledge of computer forensic principles, guidelines, procedures, tools, and techniques, as well as anti-forensic tools and techniques will become more pronounced with the increased likelihood of digital content being a source of disputes or forming part of underlying evidence to support or refute a dispute in judicial proceedings. There is also a need for new strategies of response and further research on analysing organised criminal activities in cyberspace.

Springer Science + Business Media, LLC, 2008, 26p.

download

CrimeRead-Me.OrgMarch 23, 2025organized crime, cybercrime, criminology, cyberspace, digital crime

Sweeter than honey: Are Gmail accounts associated with greater rewards at a higher risk of hijacking?

By Danielle Stibbe, Stijn Ruiter, Wouter Steenbeek, Asier Moneva

Objectives: This study investigates the effect of advertised rewards in credential leaks on the likelihood and speed of account hijacking. Methods: In an online field experiment, we created 176 honey Gmail accounts and randomly assigned them to eight different posts containing account credential leaks. We used a 2 × 2 experimental design, manipulating two key variables within the post titles: the number of accounts (5 K or 1.5 M) and the promise of access to additional platforms (absent or present). We then monitored the accounts for any subsequent activity. Results: Our findings indicate that the promise of access to additional platforms increased the likelihood and speed of an attempted access. Only 12 accounts were fully accessed, however, because most hijackers did not complete the second-factor authentication (2FA) process required for gaining full access. It seems that the 2FA acted as a deterrent to complete Gmail account hijacking. Conclusions: The study aligns with the rational choice perspective of crime, showing that the prospect of greater rewards leads to more attempted account accesses

Computers in Human Behavior Reports, Volume 14, May 2024, 100410

download

Justice, Social ScienceRead-Me.OrgFebruary 21, 2025gmail account security, account hijacking, cybercrime, phishing attacks, online fraud, digital security

Criminal Expertise and Hacking Efficiency

By Asier Moneva, Stijn Ruiter, Daniël Meinsma

Criminal expertise plays a crucial role in the choices offenders make when committing a crime, including their modus operandi. However, our knowledge about criminal decision making online remains limited. Drawing on insights from cyber security, we conceptualize the cybercrime commission process as the sequence of phases of the cyber kill chain that offenders go through. We assume that offenders who follow the sequence consecutively use the most efficient hacking method. Building upon the expertise paradigm, we hypothesize that participants with greater hacking experience and IT skills undertake more efficient hacks. To test this hypothesis, we analyzed data from 69 computer security and software engineering students who were invited to hack a vulnerable website in a computer lab equipped with monitoring software, which allowed to collect objective behavioral measures. Additionally, we collected individual measures regarding hacking expertise through an online questionnaire. After quantitatively measuring efficiency using sequence analysis, a regression model showed that the expertise paradigm may also apply to hackers. We discuss the implications of our novel research for the study of offender decision-making processes more broadly.

Computers in Human Behavior, Volume 155, June 2024, 108180

download

Rule of Law, Social ScienceRead-Me.OrgFebruary 21, 2025criminal expertise, hacking efficiency, cybercrime, technical proficiency, digital forensics, hacker profiling

Trends in and Characteristics of Cybercrime in NSW.

By Ilya Klauzner, Amy Pisani

AIM To examine the trends in, major characteristics of, and the police response to cybercrime in NSW. METHOD We extracted data from the ReportCyber Application Platform (RCAP), a national cybercrime reporting system operated by the Australian Cyber Security Centre. Data was analysed over a three-year period from 1 July 2019 to 30 June 2022 and was restricted to incidents where the victim resided in NSW. We separate cybercrime into five offence categories: cyber-enabled fraud, identity theft, cyber-enabled abuse, online image abuse (OIA), and device. We conducted a descriptive analysis on the victim, suspected perpetrator, and report characteristics to report on trends and characteristics of reported cybercrime. We estimated an ordinary least squares regression model to identify factors correlated with a referral to police of reported cybercrime. RESULTS Over the three years to June 2022, there were 39,494 reports of cybercrime where the victim resided in NSW, and more than $404 million reported lost. Cybercrime reports increased by 42%, with all cyber offence categories increasing except cyber abuse. Increases in cyber enabled fraud and identity crime, spurred a corresponding increase in reported cyber crime related financial losses by individuals. Most victims were individuals (89%), male (53%) and over 25 years of age (87%); however, differences in victim type were observed within offence categories. While a high proportion of victims have evidence about the incident (94%), the majority did not know their perpetrator and therefore few reports included suspect details (28%). The majority (71%) of reports were closed by police in RCAP with no further investigation undertaken. Reports were however more likely to be referred to police when the incident involved a victim aged 17 years or younger, the suspect was known to the victim, money was lost, or an OIA offence was indicated. CONCLUSION Our results show that cybercrime in NSW largely follows the same increasing trend that has been observed in national cybercrime studies. However, the statistics we report here only offer a partial view of reported cybercrime in NSW as we do not capture data reported directly to police or other national reporting systems. There are clear benefits in ongoing public reporting of cybercrime trends both at the national level and separately for individual states and territories, which could be enabled by integrating reporting systems and enhancing police data

Bureau Brief no. 165.

Sydney: NSW Bureau of Crime Statistics and Research. , 2023. 18p.

Download

Rule of Law, Social ScienceRead-Me.OrgFebruary 8, 2025cybercrime, cybercrime trends, cyber enabled fraud, identity theft, online abuse, cybersecurity, NSW crime trends, cybercrime reporting

Online behaviour, life stressors and profit-motivated cybercrime victimisation

By Isabella Voce and Anthony Morgan

This study analyses data from a survey of Australian adult computer users conducted in June 2021 to examine the influence of online routine activities and life stressors on the likelihood of profit-motivated cybercrime victimisation.

Compared with non-victims, victims spent more time online, more frequently engaged in recreational online activities and were more likely to employ higher-risk online practices. Small-to-medium enterprise owners working from home were more likely to be victims. Respondents who had experienced recent increases in financial stress and gambling and negative impacts on interpersonal relationships during the COVID-19 pandemic were also more likely to be a victim of cybercrime.

Being accessible online and a lack of personal and physical guardianship are associated with an increased risk of being a victim, but other factors may influence the susceptibility of computer users to cybercrime victimisation. This has important implications for cybercrime responses

Trends & issues in crime and criminal justice no. 675. Canberra: Australian Institute of Criminology. 2023. 18p.

Download

violence and oppressionGuest UserApril 2, 2024Australia, cybercrime, cybercrime victimizarion, COVID-19, life stressors, profit-driven crime

Confounds and overestimations in fake review detection: Experimentally controlling for product-ownership and data-origin

By Felix Soldner, Bennett Kleinberg, Shane D. Johnson

The popularity of online shopping is steadily increasing. At the same time, fake product reviews are published widely and have the potential to affect consumer purchasing behavior. In response, previous work has developed automated methods utilizing natural language processing approaches to detect fake product reviews. However, studies vary considerably in how well they succeed in detecting deceptive reviews, and the reasons for such differences are unclear. A contributing factor may be the multitude of strategies used to collect data, introducing potential confounds which affect detection performance. Two possible confounds are data-origin (i.e., the dataset is composed of more than one source) and product ownership (i.e., reviews written by individuals who own or do not own the reviewed product). In the present study, we investigate the effect of both confounds for fake review detection. Using an experimental design, we manipulate data-origin, product ownership, review polarity, and veracity. Supervised learning analysis suggests that review veracity (60.26–69.87%) is somewhat detectable but reviews additionally confounded with product-ownership (66.19–74.17%), or with data-origin (84.44–86.94%) are easier to classify. Review veracity is most easily classified if confounded with product-ownership and data-origin combined (87.78–88.12%). These findings are moderated by review polarity. Overall, our findings suggest that detection accuracy may have been overestimated in previous studies, provide possible explanations as to why, and indicate how future studies might be designed to provide less biased estimates of detection accuracy.

PLoS ONE 17(12): 2022

download

Kevin PicoMarch 6, 2024data collection, data analysis, data-origin, deepfake, detection, cybercrime

Testing human ability to detect ‘deepfake’ images of human faces

By Sergi D. Bray , Shane D. Johnson and Bennett Kleinberg

Deepfakes’ are computationally created entities that falsely represent reality. They can take image, video, and audio modalities, and pose a threat to many areas of systems and societies, comprising a topic of interest to various aspects of cybersecurity and cybersafety. In 2020, a workshop consulting AI experts from academia, policing, government, the private sector, and state security agencies ranked deepfakes as the most serious AI threat. These experts noted that since fake material can propagate through many uncontrolled routes, changes in citizen behaviour may be the only effective defence. This study aims to assess human ability to identify image deepfakes of human faces (these being uncurated output from the StyleGAN2 algorithm as trained on the FFHQ dataset) from a pool of non-deepfake images (these being random selection of images from the FFHQ dataset), and to assess the effectiveness of some simple interventions intended to improve detection accuracy. Using an online survey, participants (N = 280) were randomly allocated to one of four groups: a control group, and three assistance interventions. Each participant was shown a sequence of 20 images randomly selected from a pool of 50 deepfake images of human faces and 50 images of real human faces. Participants were asked whether each image was AI-generated or not, to report their confidence, and to describe the reasoning behind each response. Overall detection accuracy was only just above chance and none of the interventions significantly improved this. Of equal concern was the fact that participants’ confidence in their answers was high and unrelated to accuracy. Assessing the results on a per-image basis reveals that participants consistently found certain images easy to label correctly and certain images difficult, but reported similarly high confidence regardless of the image. Thus, although participant accuracy was 62% overall, this accuracy across images ranged quite evenly between 85 and 30%, with an accuracy of below 50% for one in every five images. We interpret the findings as suggesting that there is a need for an urgent call to action to address this threat.

Journal of Cybersecurity, 2023, 1–18

download

Social SciencesKevin PicoMarch 6, 2024deepfake, image, detection, cybersecurity, StyleGAN, case study, AI, cybercrime

The Effect of COVID‑19 Restrictions on Routine Activities and Online Crime

By Shane D. Johnson and Manja Nikolovska

Objectives Routine activity theory suggests that levels of crime are affected by peoples’ activity patterns. Here, we examine if, through their impact on people’s on- and off-line activities, COVID-19 restriction affected fraud committed on- and off-line during the pandemic. Our expectation was that levels of online offending would closely follow changes to mobility and online activity—with crime increasing as restrictions were imposed (and online activity increased) and declining as they were relaxed. For doorstep fraud, which has a different opportunity structure, our expectation was that the reverse would be true. Method COVID-19 restrictions systematically disrupted people’s activity patterns, creating quasi-experimental conditions well-suited to testing the effects of “interventions” on crime. We exploit those conditions using ARIMA time series models and UK data for online shopping fraud, hacking, doorstep fraud, online sales, and mobility to test hypotheses. Doorstep fraud is modelled as a non-equivalent dependent variable, allowing us to test whether findings were selective and in line with theoretical expectations. Results After controlling for other factors, levels of crime committed online were positively associated with monthly variation in online activities and negatively associated with monthly variation in mobility. In contrast, and as expected, monthly variation in doorstep fraud was positively associated with changes in mobility. Conclusions We find evidence consistent with routine activity theory, suggesting that disruptions to people’s daily activity patterns afect levels of crime committed both on- and off-line. The theoretical implications of the findings, and the need to develop a better evidence base about what works to reduce online crime, are discussed.

Journal of Quantitative Criminology, 2022.

download

Kevin PicoMarch 6, 2024online fraud, fraud, hacking, doorstep-fraud, Routine activity theory, covid-19, online crime, online scams, cybercriminal, cybercrime

Shoplifting in mobile checkout settings: cybercrime in retail stores

By John Aloysius, Ankur Arora, Viswanath Venkatesh

Purpose: Retailers are implementing technology-enabled mobile checkout processes in their stores to improve service quality, decrease labor costs and gain operational efficiency. These new checkout processes have increased customer convenience primarily by providing them autonomy in sales transactions in that store employee interventions play a reduced role. However, this autonomy has the unintended consequence of altering the checks and balances inherent in a traditional employee-assisted checkout process. Retailers, already grappling with shoplifting, with an estimated annual cost of billions of dollars, fear that the problem may be exacerbated by mobile checkout and concomitant customer autonomy. The purpose of this paper is to understand the effect of mobile checkout processes in retail stores on cybercrime in the form of shoplifting enabled by a technology transformed the retail environment. Design/methodology/approach The authors conducted an online survey of a US sample recruited from a crowdsourced platform. The authors test a research model that aims to understand the factors that influence the intention to shoplift in three different mobile checkout settings − namely, smartphone checkout settings, store-provided mobile device checkout settings, and employee-assisted mobile checkout settings − and compare it with a traditional fixed location checkout setting. Findings: The authors found that, in a smartphone checkout setting, intention to shoplift was driven by experiential beliefs and peer influence, and experiential beliefs and peer influence had a stronger effect for prospective shoplifters when compared to experienced shoplifters; in a store-provided mobile devices checkout setting, experiential beliefs had a negative effect on shoplifters’ intention to shoplift and the effect was weaker for prospective shoplifters when compared to experienced shoplifters. The results also indicated that in an employee-assisted mobile checkout setting, intention to shoplift was driven by experiential beliefs and peer influence, and experiential beliefs had a stronger effect for prospective shoplifters when compared to experienced shoplifters. Originality/value: This study is the among the first, if not first, to examine shoplifters’ intention to shoplift in mobile checkout settings. We provide insights into how those who may not have considered shoplifting in less favorable criminogenic settings may change their behavior due to the autonomy provided by mobile checkout settings and also provide an understanding of the shoplifting intention for both prospective and experienced shoplifters in different mobile checkout settings.

Information Technology and People, April 2019, 32(5):1234-1261

download

PreventionRead-Me.OrgFebruary 16, 2024shoplifing, cybercrime, crime, technology, shoplifters

CRIME