We often imagine cybercriminals as complex masterminds hidden under a black hood. From a gaming chair in their basement headquarters, they use multiple futuristic devices built from recycled materials and interconnected by a sea of wires to launch cyberattacks on governments here and there while emptying your bank account and adding zeros to theirs in a jiffy. Well, the often less interesting truth is that there are many types of cybercriminals, and most of them, like everyone else, have things to learn and mistakes to make. Since no one likes to air their mistakes, and hackers are no exception, the cybercrime stories we hear about are so impressive that they often seem like science fiction. But where does myth end and reality begin?

Where, when and how a crime is committed is one of the big criminological questions. To explore this in the context of offline crime, criminologists have delved into the concept of crime journeys — the trips that offenders take before, during and after committing a crime. Consider burglars, for instance, as they embark on a crime journey. They might leave their residence, coordinate with accomplices, drive to an affluent residential area, survey potential targets, break into a chosen house, transport the stolen goods to their vehicle, deposit the loot in a storage facility, and finally return home. Now, applying a similar approach, what would the cybercrime journey of a hacker look like? Unfortunately, criminologists know very little about what hackers actually do on the Internet and the sites they visit when committing cybercrime. Understanding this process represents a renewed scientific challenge for the discipline.

The first challenge is conceptual, since the characteristics of the environment are not the same offline as online, nor are the skills needed by criminals to commit crimes the same in these environments. For one thing, time and space do not impose the same constraints on human behavior online as offline. While moving offline requires a considerable investment of time and usually a means of transportation, moving from one online site to another is reduced to the few seconds in which we do a search and click. The time it takes to do things, and therefore the effort required, is greatly reduced in the online environment. Moreover, many of the skills that are essential to committing crimes offline are of little value online. And, in turn, new ones are needed. For example, criminals pick locks offline to get into places, but online they will most likely need a password. The unique spatio-temporal characteristics of online environments, coupled with the new skills needed to commit online crimes, mean that traditional criminological theories may have limited explanatory scope for cybercrime. Understanding how cybercriminals “travel” online as a result of these constraints would provide insight into where they operate and how they select their online targets, a knowledge gap that must be urgently addressed.

In my Veni proposal, I build on the concept of crime journeys and propose to adapt them to the online environment as cybercrime journeys. This requires an initial conceptualization exercise that I will support with simulated data to identify what elements a cybercrime journey has, and how they can be measured. The resulting framework will allow me to start from a solid theoretical foundation on which to develop empirical studies. For the studies, I intend to recruit hackers with different backgrounds and levels of experience. Recruitment will be challenging in itself, as this population is difficult to reach (especially criminal hackers), but the effort is worthwhile for the potential internal validity of the research. Subjects will participate in simulated cybercrime challenges, controlled virtual scenarios in which they will need to complete a task that resembles that of a cybercriminal. After the challenge, I will interview the hackers as we watch the video of their performance to understand why they make the decisions they do. This strategy will allow to collect objective data on online criminal behavior with which to reconstruct hackers’ cybercrime journeys and understand how they think and act. I will then test whether the empirical regularities observed in offline crime journeys
(e.g., decreasing distance, preferential attachment/spatial exploration, rationality) also hold online.

The knowledge gained will not only advance criminological theory, but will also help improve cybercrime prevention strategies. Findings would help identify where hackers hang out online—which would enable place- and person-based interventions—and understand how hackers select their targets, which would enable the development of situational measures to limit their access. Law enforcement agencies, such as the Dutch National Police or Europol, could benefit from this knowledge, as their specialized units could develop evidence-based strategies to reduce cybercrime. Understanding offender mobility offline has served to develop criminological theory with a strong geographical component, such as the Crime Pattern Theory. My ambition is to take the first steps to do the same in the online environment.

Asier Moneva, postdoc NSCR & The Hague University of Applied Sciences

Dit artikel verscheen eerder in De Criminoloog van de NVC.