case study of cybercrime

Unpacking Cyber Crime: In-depth Analysis and Case Studies

By Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

In an era characterized by unprecedented digital connectivity, our reliance on the Internet and other digital technologies has grown exponentially. However, this dependence has also opened gates to a nefarious world of crimes committed in cyberspace, known as cyber crimes. Ranging from the theft of an individual’s personal data to crippling nations’ infrastructures, these digital felonies have evolved to become one of the most sophisticated challenges to law enforcement agencies and national security. This in-depth exploration of cybercrime provides an illumination into its diverse forms, historical progression, notorious instances, societal impact, and viable prevention strategies. This discourse aims to furnish the reader with a lucid understanding of the complex web interweaved by cybercriminals, the extensive damage they perpetrate, and, most importantly, how to arm and protect ourselves in this ongoing battle in the digital world.

Types of Cyber Crime

Unmasking the multifaceted threat of cybercrime in our digital society.

As the digital era takes firm root, transcending almost all facets of our daily lives, it unveils an ever-evolving landscape of vulnerability to various types of cyber crimes. Understanding the nuanced complexities of these threats is indispensable in guiding our collective response to safeguard the inviolability of our virtual dwellings.

Imperative for discussion is the specter of identity theft, which involves the unlawful acquisition and utilization of another individual’s personal information for illegitimate financial gains. Cybercriminals exploit various avenues, such as phishing schemes and data breaches, to execute this violation, leading to disastrous personal and financial consequences for the victim.

Malware , a portmanteau of malicious software, lingers as another notable threat. Ruthlessly subtle, this category of cybercrime extends to ransomware , which locks users out of their systems or data, holding it hostage until a ransom is paid. Spyware follows closely, covertly monitoring and transmitting the user’s activities to a third party. Both breed a pervasive sense of violation and create vast economic downstream effects.

Cyberstalking and cyberbullying, while demarcated less by economic impacts, remain potent narcotics in the cocktail of cybersecurity threats. These crimes are characterized by intentional intimidation, harassment, or threat to another individual, utilizing digital mediums. The psychological trauma imparted by these infringements reflects the wider societal repercussions that transcend the digital sphere.

Notably, the list would be incomplete without recognizing cyber-terrorism and cyber-warfare. These acts, striking at the intersection of technology and geopolitical maneuvering, involve the use of Internet-based attacks in terrorist activities and warfare, often targeting critical infrastructures and national security or causing a state of panic and fear.

The rapidly evolving universe of financial technology is not untouched by cybercrime. Crypto-jacking emerges as a salient threat where hackers hijack a computer’s resources to mine for cryptocurrency without the owner’s knowledge or consent— a subtle and yet potent symbol of how technology’s greatest strengths can morph into its most haunting vulnerabilities.

Lastly, the advent of Deepfakes and AI-generated content birthed a new realm of cybercrime. These acts involve the use of artificial intelligence to create or alter video, audio, or image content to depict scenes or convey messages that were never captured or intended, potentially causing severe personal, political, and societal unrest.

In navigating through the labyrinth of cybercrime, it becomes clear that our informational infrastructure functions as a double-edged sword. Heightened awareness and understanding of the multiple types of cyber crimes, corrective measures, and prevention strategies are critical to ensure the security of our accelerated journey into the digital age. As we teeter on the brink of this new epoch, let it be fortified by knowledge, caution, and, above all, a shared responsibility toward a safe and secure online world.

Illustration depicting various forms of cybercrime, including hacking, identity theft, and cyber terrorism

Historical Perspective of Cyber Crime

The evolutionary trajectories of cybercriminal strategies: a deeper dive.

While initial aspects of cybercrime, including identity theft, malware, cyberstalking, and cyber-terrorism, remain relevant, the ingenious adaptability of cybercriminals continues to morph these original paradigms into more complex constructs. Deepfakes and AI-generated content, crypto-jacking, and even cyber warfare itself continue to evolve. More recently, however, these forms of cybercrime are being joined, and in some cases superseded, by other more sophisticated threats.

Spear phishing, a targeted version of phishing, has emerged as one of the most insidious cybercrimes. Cybercriminals no longer toss out a wide net in the hopes of ensnaring an unsuspecting fish but have now shifted to crafting precise, personalized lures to hook specific individuals or organizations. This modality, premised on thorough research and social engineering , typifies today’s cunning adversary, who forgoes brute force for psychological manipulation.

Next in this progression of cybercrime sophistication is the advent of Advanced Persistent Threat s (APTs). Unlike the blitzkrieg assault-style adopted by most traditional cyberattack s, APTs are slow and methodical infiltrations designed to remain undetected for prolonged periods. By leveraging backdoor techniques and a patient, stealthy approach, these threat actors compromise systems to exfiltrate data or create systemic disruption in a silent, protracted manner.

Further underscoring the evolutionary trends, cybercriminals now employ Botnets, networks of compromised devices commanded by a central operator. The damages that can be inflicted range from devastating Distributed Denial-of-Service attacks to enormous volumes of spam mail. Cybercriminals disregard the sanctity of individual autonomy and readily surrender to the collective might of these enslaved devices.

Reflecting a leap from dexterity to craftiness, supply chain attack s represent another ingenious cybercriminal innovation. These comprise a systemic, strategic violation entailing the compromise of trusted software or hardware suppliers. By infiltrating these sources, cybercriminals can lurk undetected, poised to pounce on end-users who implicitly trust their providers and, by extension, become unsuspecting victims.

Lastly, while already touched upon in the subject of deepfakes, weaponized AI and Machine Learning take the potential for harm to unprecedented heights. As these technologies advance, they become double-edged swords, providing enormous potential benefits but also harboring potential hazards. They can be manipulated to carry out highly sophisticated attacks that adapt, learn, and emulate human behaviors, making them harder to detect and counter.

In conclusion, the cybercriminal landscape remains perpetually fluid. It continues to evolve, harboring devastating potential and emphasizing the critical need for robust countermeasures and vigilance. As much as we are captivated by technology’s spell, we must also remain equally committed to fathoming its dark possibilities and approach this evolving challenge with the same unyielding determination.

Image illustrating the evolution of cybercriminal strategies

Depicting Major Cyber Crime Case Studies

When regarding the multifaceted arena of cybercrimes, a few notorious examples have made all the difference in shaping both legislative processes and public perception. These archetypical scenarios paint a stark picture of the danger posed by cybercriminals and the significant, often devastating, consequences for victims.

The infamous Yahoo data breach, which revealed itself from 2013 to 2014, can never be forgotten. It compromised approximately three billion user accounts, rendering it the most prodigious data compromise in history. Personal data, including names, email addresses, and passwords, fell into malevolent hands, leading to a leap in fraudulent activities globally. The ensuing turbulence resulted in the resignation of Yahoo’s CEO, loss of consumer trust, and a $50 million settlement.

Adobe Systems witnessed a devastating blow in October 2013—a data violation exposing approximately 38 million active user accounts. The compromised data included encrypted debit and credit card data paired with user login credentials, creating a substantial identity theft concern. Adobe had to face huge economic losses and significant reputation damage, which took years to recover from.

The Heartland Payment Systems breach in 2008 was another significant incident that stirred the digital world. Dating back to when companies scarcely understood the imminent threat of cybercrime, this attack led to a loss of over 130 million credit and debit card details. Heartland witnessed a significant financial loss of around $140 million in remediation.

In terms of affecting global infrastructure, the WannaCry ransomware attack in May 2017 was a stark example. The ransomware targeted computers running Microsoft Windows, encrypting data and demanding ransom in Bitcoin. Over 200,000 systems across 150 countries, including significant healthcare organizations, were taken hostage. The immense global disruption prompted a surge in infrastructure investment to improve cyber defense capabilities.

While most attacks impact a specific corporation or sector, the Mirai botnet attack of 2016 introduced a broader systemic threat. The malware transformed networked devices such as IP cameras, printers, and routers into a botnet to conduct distributed denial-of-service attacks. With millions of IoT devices compromised, the Mirai botnet was capable of unparalleled distributed destruction, showcasing how vulnerable global digital infrastructure can be.

Cyber espionage provides another multifaceted concern. An example was Operation Aurora in 2009, aiming to steal sensitive information from top companies, including Google and Adobe. This incident underscored the threat toward intellectual property and corporate competitive advantage, galvanizing a reevaluation of digital security measures in businesses across the world.

On the more sinister end of the spectrum, the Stuxnet worm attack showcased how cybercrime could transform into cyber warfare. In 2010, the Stuxnet worm damaged approximately one-fifth of Iran’s nuclear centrifuges, epitomizing how cyber-attacks can transgress the digital realm and enact substantial real-world damage.

Through these examples and more, it becomes perceptibly clear how multifarious the landscape of cybercrimes truly is. It underscores the imperative need for stringent cybersecurity measures, vigorous legislative action, and individual awareness of the perils that lurk in the depths of the digital world. As we further immerse ourselves in an overwhelmingly interconnected society, it is incumbent upon us to study and learn from these sobering lessons of history.

A visual representation of the dangerous landscape of cybercrimes, depicting various hacking symbols and locked padlocks.

Impact of Cyber Crime on Individuals and Society

Beyond the directly visible forms of cybercrime, such as identity theft, malware, cyberbullying, deepfakes, cyberterrorism, and crypto-jacking, there lies a plethora of repercussions affecting individual victims and wider societal structures. These implications come as a direct result of cybercrime, which infiltrates various sectors, from personal privacy to economic stability, manifesting differently across each strata of society.

When confronted with the repercussions of cybercrime, it is essential to explore the psychological impact on victims. According to research conducted by the American Psychological Association, individuals who have been victims of cyber crimes often suffer from feelings of violation, loss of trust, and feelings of powerlessness. These outcomes equip cybercriminals with a powerful psychological tool – fear, which they can deploy to extort more information or inflict further harm on their victims.

The financial implications of cybercrime are also critical. On an individual level, victims may incur substantial costs to recover from identity theft or ransomware attacks. On a larger scale, businesses are also impacted—with losses in the billions annually due to cyber theft of intellectual property and sensitive corporate information.

Cyber crimes also pose a severe threat to critical infrastructure. A targeted attack, like the Stuxnet worm or the Mirai botnet attack, can disrupt entire networks or systems. This endangerment of critical infrastructures exposes vulnerabilities in sectors such as energy, telecommunications, transportation, and healthcare, upon which our societies heavily rely.

Furthermore, cybercrime disrupts social order by exploiting our increasing reliance on digital platforms. The damage caused by malicious activities in cyberspace can instigate societal tension or even panic. For instance, the spread of false information through deepfakes or AI-generated content can destabilize communities, alter public opinion, and incite fear or chaos within the public domain.

Moreover, the infiltration of educational institutions and exploitation of data breaches, such as those experienced by Adobe Systems and Yahoo, incite concern for the security of personal and academic data, impacting trust in these institutions.

Finally, the global aspect of cyber crime complicates the enforcement of laws and the attribution of criminals. Differing legislation across jurisdictions, coupled with the abstract nature of cyberspace, often leads to perpetrators evading justice, which again amplifies public fear and mistrust.

The increasing sophistication of cyber criminal activities demands a comprehensive, multi-faceted approach to cybersecurity involving not only technological solutions but also legislative measures, international cooperation, and public awareness initiatives. Vigilance remains paramount – for both the individual and the broader social structures at risk.

In conclusion, while the repercussions of cybercrime are manifold and persistently evolving, the driving force behind combating this modern plague remains undeterred – a relentless commitment to understanding, outwitting, and ultimately neutralizing this digital threat. The continuous enhancement of cybersecurity measures, active legislative action on cybercrimes, and individual awareness of cybercrime risks are just several in the legion of dedicated efforts aimed to equip society with the tools necessary to tackle this complex issue.

An image depicting the consequences of cyber crime, showing a lock being broken, symbolizing the violation of security and privacy.

Prevention and Mitigation Strategies

Effectively addressing the potential risks and outcomes of cybercrimes necessitates a multi-pronged approach that leans heavily on collaboration, education, and the implementation of cutting-edge cybersecurity strategies. this measure rings especially pertinent against the backdrop of a progressively interconnected world, teetering on the precipice of the much-heralded fourth industrial revolution..

Collaborating across sectors and agencies is a vital strategy for tackling cybercrimes. Internationally, creating a shared understanding of cyber threats and fostering cooperation to deal with them can significantly bolster collective security measures. This includes forming partnerships with international police forces, such as INTERPOL and Europol, to expedite the identification, tracking, and prosecution of cybercriminals regardless of their geographical location.

An educated populace is arguably the first line of defense against cybercrime. The general public must be armed with the knowledge necessary to safeguard sensitive information and thwart the attempts of cybercriminals. Robust security awareness programs must be incorporated into our educational institutions, corporations, and public services, acquainting people with the modus operandi of cybercriminals and how best to respond. This includes increased awareness of the intricacies of social engineering attacks to mitigate risks like whaling and pretexting that have not been previously covered in this article.

Implementing progressive cybersecurity protocols plays a pivotal role in curbing cybercrimes. Organizations should strive for a dynamic, proactive approach as opposed to a static, reactive one. Frequent system audits, vulnerability assessments, and penetration testing can unveil potential security loopholes before cybercriminals can exploit them. A zero-trust architecture that presumes no user or process is intrinsically trustworthy, coupled with behavioral-based threat detection, could significantly bolster an organization’s defense.

Moreover, using encrypted communication channels and urging employees to regularly update their passwords and employ two-factor authentication systems can mitigate unauthorized access risks. Leveraging advanced technologies, like quantum cryptography, can offer foolproof data security, rendering any eavesdropping attempts futile.

Lastly, while strengthening legislative measures against cybercrimes, nations must also create an environment conducive to the reporting of such incidents. Victims often shy away from reporting due to fear of reputational damage or lack of faith in the justice system. Ensuring confidentiality and demonstrating stringent punishment against perpetrators could effectively deter the commission of these crimes.

As we tiptoe into an era dominated by Big Data, 5G, and Artificial Intelligence, our strategies against cybercrime must evolve at a concordant, if not more rapid, pace. A synergized effort spanning individuals, organizations, and countries, buttressed by relentless vigilance, is our best hope in the grand scheme of cybersecurity. Striking that balance between advancing technologically and maintaining cyber hygiene will be the perpetual litmus test for our digitized world.

Illustration of a person protecting a digital lock with a shield, symbolizing the defense against cybercrime risks and outcomes.

As we continue to tread through this digital age, understanding the insidious nature of cyber crimes not only informs but empowers us as individuals, organizations, and as a society. We have explored in detail the varied forms of these crimes, their evolution through the years, their devastating impacts exemplified through notable case studies, and the undeniably lasting mark they leave on individuals and societies alike. Furthermore, we have offered a glimpse into the strategies that can be employed to fortify our defenses against these invisible aggressors. The key lies in continual awareness, constant vigilance, and strategic preparedness so that we may navigate this intricate digital universe safely. As we move forward, remember the fight against cybercrime isn’t just for those in the corridors of power but for every Internet user who plays a vital role in this digital ecosystem.

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

Cybercrime case studies

Case study: David – through the eyes of the parent

What happened.

David is a working dad with three children: Daniel and Matilda (7) and Angie (14). Angie has just commenced her second year of high school. Angie begged David for a smartphone. David finally relents and gives Angie his old smartphone. As a condition for receiving the phone, Angie must share her passcode and must leave the phone to charge overnight in the kitchen.

Angie spends a lot of time on her phone. David will often ask Angie what she is doing on the phone. He tries to monitor her use and keeps track of the phone bill. David has to start working long nights on a special project for work. David is not able to monitor Angie’s phone use as closely. Soon, Angie begins to keep her phone in the room overnight.

As the months go by, David notices Angie’s behaviour changes. She becomes withdrawn and irritable. Her school work starts to suffer.

David receives a call from the school principal – the principal needs an urgent meeting with David. The principal tells David that a parent of one of Angie’s friends told the principal that Angie is in contact with a man online who sends Angie inappropriate messages. David talks to Angie and learns that she met this man on a messaging app and they message constantly.

How was David affected?

David is horrified and feels like he has failed Angie. He feels he has neglected his duty as a parent.

David is devastated that Angie did not tell him what was happening.

David feels powerless to keep his child safe. David starts to suffer from anxiety, affecting his work and relationships.

Romance and dating scams involve scammers taking advantage of people looking for romantic partners, often via dating websites, apps or social media, by pretending to be prospective companions. They play on emotional triggers to extract money, gifts or personal details.

Romance baiting encourages victims to take advantage of a fake investment opportunity.

Case study: Amara – a retired widow

Amara received and accepted a friend request from Ferenc, a Hungarian serviceman on peacekeeping duties in Afghanistan. Ferenc and Amara grew closer together. Ferenc shared pictures with her and told Amara he had lost his wife to cancer. This was similar to Amara’s own experience – her elderly husband died of cancer two years ago.

Ferenc said he was being posted to Cyprus but that his time in the military was nearly finished. Ferenc told Amara he wanted to set up a jewellery store when he retired.

Ferenc told Amara he was coming to see her but had some trouble with his bank card not working in Cyprus and could not get funds to pay for an export tax on his gemstones. Taking out a loan, Amara transferred Ferenc $15,000 to cover the tax bill. Shortly after, Ferenc told Amara that he had been detained by local authorities in Malaysia on the way to Australia. He needed $20,000 to pay his legal and court fees.

Amara contacted the Malaysian police – they had no knowledge of Ferenc. When Amara told Ferenc she could not send the additional money, he responded with very angry messages, and then ceased contact altogether.

How was Amara affected?

Amara was left confused and hurt. She feels betrayed and cheated. She knows in her head that this was a scam, but in her heart still feels that Ferenc might be out there and she has let him down.

Amara had to re-enter the workforce to service the loan she took. She is also at risk of having her identity stolen because she shared a lot of personal information with the scammer calling himself Ferenc.

Ransomware is a form of extortion using malicious software (malware) that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.

Case study: Jin and Bella – small business owners

Jin and Bella run a family owned accounting firm that provides outsourced bookkeeping and accounts functions for small businesses across Victoria.

The business operates through an online platform—client companies log in through a website portal and can take care of several bookkeeping needs for their businesses, such as tracking their expenses, processing receipts and calculating deductions.

Jin and Bella’s business computers were infected with ransomware via a suspect email just before tax time. This ransomware locked down the business’ platform so that clients were unable use the portal. The cybercriminals demanded $100,000 in Bitcoin, a cryptocurrency, to restore the network. Jin and Bella refused to pay. The cybercriminals threatened to publish the private information of Jin and Bella’s clients. Jin and Bella did not know what to do. They did not have the money to pay the ransomware. Eventually, Jin and Bella contacted Victoria Police to report the crime.

The majority of Jin and Bella’s clients were unable to submit their tax returns on time. Clients were extremely dissatisfied with the service.

The Australian Cyber Security Centre advises against paying ransoms. Payment of the ransom may increase an individual or organisation’s vulnerability to future ransomware incidents. In addition, there is no guarantee that payment will undo the damage.

How were Jin, Bella and their clients affected?

The reputation of Jin and Bella’s business suffered and as a result, they lost clients. Jin and Bella experienced considerable stress and anxiety from the attack.

The Australian Cyber Security Centre External Link has observed cybercriminals successfully using ransomware to disrupt operations and cause reputational damage to Australian organisations across a range of sectors:

State and Territory governments
Education and research organisations

The Australian Cyber Security Centre External Link reported a 15% increase in ransomware cybercrime reports in the 2020–21 financial year. 21

Image-based sexual abuse is the creation, distribution or threatened distribution of intimate, nude or sexual image or videos, without the consent of the person pictured. This includes images or videos that have been digitally altered using specialised software.

You can also report image-based abuse to the eSafety Commissioner External Link .

Deepfakes use artificial intelligence software to learn from large numbers of images or recordings of a person to create an extremely realistic but false depiction of them doing or saying something that they did not actually do or say. 24

Case study: Aisha – a teacher

Aisha is a teacher who unknowingly had malware called a Remote Access Trojan (RAT) downloaded onto her smart phone.

Using the RAT, a cybercriminal accessed her email and text messages, and forwarded some private, intimate pictures to colleagues and family members in her contacts.

The cybercriminal also posted these images, as well as some digitally altered “deepfakes”, to several adult websites. Some of these images were found by students at Aisha’s school.

Aisha did not make a report to Victoria Police, but tried to track down the websites where the images were posted to demand that they were taken down. She suspects that her ex-boyfriend – who has a history of control and emotionally abusive behaviour – was behind the attack, but she did not have any way to prove this.

How was Aisha affected?

Aisha has been devastated by these events— both privately and professionally.

Although her school ultimately understood that she was a victim, the damage to her reputation was irreversible. This, coupled with the anxiety that her students had seen these personal and deepfake images of her, led to her giving up her teaching position at the school. This was her primary source of income.

18 Australian Competition & Consumer Commission, 12 February 2021, Romance Baiting Scams on the Rise, https://www.accc.gov.au/media-release/romance-baiting-scams-on-the-rise External Link

19 Australian Competition & Consumer Commission, 12 February 2021, Romance Baiting Scams on the Rise, https://www.accc.gov.au/media-release/romance-baiting-scams-on-the-rise External Link

20 Australian Competition & Consumer Commission, 12 February 2021, Romance Baiting Scams on the Rise, https://www.accc.gov.au/media-release/romance-baiting-scams-on-the-rise External Link

21 Australian Cyber Security Centre, 2021, ACSC Annual Cyber Threat Report: 1 July 2020 to 30 June 2021

22 Office of the eSafety Commissioner, October 2017, Image-Based Abuse, National Survey: Summary Report (October 2017) https://www.esafety.gov.au/sites/default/files/2019-07/Image-based-abus… External Link

23 Office of the eSafety Commissioner, October 2017, Image-Based Abuse, National Survey: Summary Report (October 2017) https://www.esafety.gov.au/sites/default/files/2019-07/Image-based-abus… External Link

24 eSafety Commissioner, Deepfake trends and challenges — position statement, https://www.esafety.gov.au/about-us/tech-trends-and-challenges/deepfakes External Link

Reviewed 29 March 2023

Victoria Police Cybercrime Strategy 2022-2027 - Print only version pdf 2.93 MB
Print full document

Cybercrime Strategy 2022–2027

What is cybercrime?
Our mission
Cybercrime is a global problem that affects Victoria
A problem accelerated by the COVID-19 pandemic
The harm and cost to our community
Our strategic priorities
Strategic priority: Prevent
Strategic priority: Report
Strategic priority: Support
Strategic priority: Investigate
Strategic priority: Disrupt
Critical enablers
Collaborating for better outcomes
A call to action

Share this page

Twitter , opens a new window
Facebook , opens a new window
LinkedIn , opens a new window

Partner Overview

Join Us for Growth, Innovation and Cybersecurity Excellence.

Become a Channel Partner

Be a Valued Partner and Embark on a Journey of Profitability.

Partner Portal

Unified Security Platform

The 15 Internet Crime Stories That Make Cybersecurity Measures Essential

Read the best, most fascinating tech stories that cover the risks of the digital landscape and find out how to stay safe

Last updated on February 28, 2024

Internet crime stories are dime a dozen but these examples will show you why online security is essential. From ethical hacking to blackmail and car hijacking, these true stories show how you must act now to secure your well-being in the digital landscape. We carefully curated the best, most fascinating tech stories that cover the risks involved in any digital activity of device, so use the links below to navigate them.

The mom whose laptop was locked down by a ransomware attack
Tom was blackmailed because of his hacked Ashley Madison account
How ethical hackers took over her PC
They remote hacked his car
Ransomware deletes 2 years of academic papers
His WoW account got hacked. Twice
Your data has been breached
Catfish isn’t dinner, it’s lies, manipulation, and theft
Hillary Clinton’s Aides Got Phished And Lost Her The Election
He fell prey to the same scam twice and lost $1,350
Who would want to be you? Some can even become You.
When your workplace, a gaming giant, gets hit
The casual, public Wi-Fi hack
Customer support falls prey to a social engineering hack
Hotel managers and clients had nightmares due to one lock hack posted

Cyber security incidents and getting hacked seem like distant, fascinating things where other people get hurt, but you stay safe. Truth is, getting hacked or scammed can happen to anyone and it might even have happened to you in the past.

The average number of devices used by you and most people have increased exponentially in the recent years. We’re surrounded by IoT devices, wear smart bracelets, have friends who are betting their savings on cryptocurrency, and we sign up to dozens of social media platforms.

This means cyber attacks have a lot of ways to get to you – either by targeting you specifically or by simply compromising your info in large-scale attacks. The best way to learn is through experience, so let’s do just that.

Here are the real stories of people who got hacked and what they learned, plus some actionable tips to enhance your security.

1. The mom whose laptop was locked down by a ransomware attack

Two days before Thanksgiving, Alina’s mother got hit by a ransomware attack. 5,726 files got locked by CryptoWall , an encryption malware so powerful it is almost impossible to recover the information.

Alina’s mom contacted the attacker through the ransomware’s communication feature.

As all ransomware creators, he told her she can either pay to get her files back or lose them forever.

The price to unlock her files was 500$ in the first week and 1000$ in the second one, after which the files would be deleted.

Payment was to be done in Bitcoin, a complicated process which she had to learn on the fly.

Because of a major snowstorm that closed down the banks, Alina’s mom couldn’t pay the ransom in the first week, and ended up having to plead with her attacker to not increase the price to 1,000$.

Surprisingly, he accepted and gave her the key to unlock her files. However, no one should ever pay a ransom, the risks far outweigh the benefits.

T he full story is here: How my mom got hacked & What I’ve learned after my mom got hacked (and her data held for ransom)

Find out what steps to take for your protection: WHAT IS RANSOMWARE AND 9 EASY STEPS TO KEEP YOUR SYSTEM PROTECTED

2. tom was blackmailed because of his hacked ashley madison account.

After the Ashley Madison hack, cyber criminals contacted him and demanded 500$ to remove his name from a publicly searchable registry.

If not, they would also send an email to his family, informing them of Tom’s affair. Tom refused, believing that if he paid them, they would know that he had something to lose and could be blackmailed further.

He was wise, but that didn’t mean he didn’t suffer. In the end, Tom had to live knowing his affairs on AM could be exposed at any time by the hackers.

Moreover, there were also people who took it up upon themselves to impart justice on people in circumstances they couldn’t, or wouldn’t, understand.

The story: In Ashley Madison’s wake, here’s one man’s story of sex, sorrow and extortion

Securing your pc doesn’t have to be expensive: 13 free pc security hacks to build your online protection, 3. how ethical hackers took over her pc.

Sophie is a technology reporter at the Daily Telegraph.

As part of an assignment, she accepted to be part of an ethical hacking experiment. Basically, a group of ethical hackers would try to compromise her system without her knowing how, when and where.

They pretended to be whistleblowers in control of sensitive government information and sent her an email with some of the files attached.

The malware infection occurred the moment she opened the file, and the attackers got access to everything, including email address and web cam. And it wasn’t even that difficult to do.

The story: How hackers took over my computer

This is how you can protect your email address: the complete guide to email security, 4. they remote hacked his car.

Andy Greenberg, a senior writer at Wired, once took part in a groundbreaking experiment which tested how car hacking could be done.

Next, the transmission was cut and finally, they remotely activated the breaks. And they did all of these things with Andy behind the wheel.

The experiment uncovered a massive flaw in Jeep’s cars which was later fixed. Today, this is even easier to achieve, due to the rise of electric cars and the huge push towards autonomous vehicles like trucks, taxis and more.

The story: Hackers Remotely Kill a Jeep on the Highway—With Me in It

Learn more about how software can expose you, something that works the same way whether we’re talking about computers or self-driving cars: 8 vulnerable software apps exposing your computer to cyber attacks, 5. ransomware deletes 2 years of academic papers.

What’s the first thing people do when they get hit by a malware attack? They panic and ask for help in a dedicated forum: “My PC is infected.

Please, can anyone help me? ”

For this user however, it was too little, too late. For 2 years he worked on his academic papers, and then they got encrypted by ransomware.

The timing was awful as well: it happened right before they were due. Antivirus didn’t help and he had no backup.

We hope he didn’t pay.

What we do know is that ransomware attacks are much more frequent that you can imagine and they target individuals and businesses alike.

The story: My PC got hacked by troldesh ransomware. please is there anyone who can help.

Find out how to backup your data so ransomware does not affect you: how to backup your computer – the best advice in one place, 6. his wow account got hacked. twice.

Gamers are favorite targets for cyber criminals, since they don’t want to lose the time and money invested in a character and are willing to pay the ransom.

As a result of a potential phishing attempt, this guy had his WoW account hacked and all his progress lost. And it happened to him not once, but twice!

The same type of attack happens in most popular online games.

League of Legends phishing volumes are truly legendary, so we talked to their security team to find out how to avoid getting your account stolen.

The story: So my WoW account got hacked… twice.

Learn more about security and gaming: gamers, time to take your cyber security to the next level, 7. your data has been breached.

The Office of Personnel Management, OPM for short, can be considered the US Government’s HR Department.

Among other things, it keeps records of employee personal information, such as height, weight, hair and eye color.

In 2014, the OPM got hacked, and the information of 22 million government employees leaked, most likely in the hands of a foreign government.

143 million US consumers had their sensitive personal information exposed. That’s 44% of the population and today we’re still seeing reports of more Equifax leaks.

Odds are, if you’re a US citizen, your info is floating around on the dark web , at the mercy of cyber criminals. What do you think the US government did to deal with the Equifax hack?

After less than one month since the incident, the IRS awarded Equifax a contract for fraud detection. Clearly, it’s up to you and you alone to protect your identity.

The story: OPM got hacked and all I got was this stupid e-mail

Learn how to stay as safe as possible from identity theft: how to prevent identity theft in 20 essential steps, 8. catfish isn’t dinner, it’s lies, manipulation and theft.

Some people hack you not with malware or suspicious links, but by gaining your trust and love.

This journalist’s mother started using the online dating site Match.com, and eventually formed a connection with a soldier on active duty in Afghanistan.

After a while, the soldier asked for a 30,000$ loan to help him clear a sizeable inheritance of gold and jewelry from US customs.

By now, the journalist and her brother intervened, suspecting the soldier was catfishing their mother.

In the Match.com case, the victims confronted the man with their suspicions and other evidence they had accumulated over time.

The supposed soldier revealed he was a man from Ghana trying to support his sisters, and scamming people online was the best way he knew how to do that.

The story: My mom fell for a scam artist on Match.com—and lived to tell the tale

Learn about the top online scams and how to avoid them: top 11 scams used by online criminals to trick you, 9. hillary clinton’s aides got phished and lost her the election.

Unless you’ve been living under a rock, you definitely know why Hillary Clinton lost the US Election to Donald Trump.

When forwarding the phishing email to a computer technician, he wrote “This is a legitimate email” instead of “illegitimate”. This gave hackers from Russia access to about 60,000 emails from Podesta’s private Gmail account.

They stole all that data, gave it to Wikileaks, and the rest is actual history.

“The FBI’s laid-back approach meant that Russian hackers were able to roam inside the DNC’s computer systems for almost seven months before Democratic officials finally realised the gravity of the attack and brought in external cybersecurity experts.”

But it was too late, as the election results have shown.

The story: Top Democrat’s emails hacked by Russia after aide made typo, investigation finds

Learn why phishing is so effective and how you can avoid it: 15 steps to maximize your financial data protection, 10. he fell prey to the same scam twice and lost $1,350.

In 2007, Justin was at a difficult point in his life.

Unemployed, with a weak skill set and verging on alcoholism, Justin decided to turn his life around by moving to Italy.

Determined to find a cheap flight, Justin searched for sellers of frequent flyer miles.

He found two sellers and talked to them over the phone. One of them even sent him a photo of his driver’s license. In a twisted sequence of events, both of them scammed him for a total sum of 1350$.

Sounds unlikely?

Think again. Justin tried to find a cheap shortcut and get that ‘too good to be true’ deal and became blind to any potential scammers.

Plus, the phone conversations and photos helped dispel any suspicions he might have. This is how most scamming attempts succeed, by preying on people who give in to the fear of missing out.

The story: How I Lost $1,350 by Falling for the Same Internet Scam Twice in One Week

Learn more about how social scams work and how to avoid them: social scams – the full breakdown and protection plan, 11. who would want to be you some can even become you..

One day, Laura received a call from her credit card company, saying someone else had tried to obtain a credit card using her name, address and social security number.

Eventually, she guessed the answers and saw the extent of the damage.

The impersonator had created more than 50 accounts in Laura’s name, and got credit for utilities such as heat, cable, electricity and even a newspaper subscription.

What’s more, the companies went after Laura in order to get their money back.

After notifying the police and tracking down the impersonator, Laura got a court order and managed to fix a lot of the damage, but only after a lot of sweat and stress.

While her case was a fortunate one, few people share her luck and this story should act as a reminder to always safeguard your personal information.

Another stolen identity case created a buzz on Reddit . This user had an argument with an old roommate, who then decided to take revenge.

He created social media accounts using the victim’s name, photoshopping the person with an ISIS flag and posting questionable content The story: ‘Someone had taken over my life’

While a scary and multifaceted attack, it is possible to protect yourself against these types of threats. Here are 20 SECURITY STEPS YOU SHOULD TAKE TO PREVENT IDENTITY THEFT.

12. when your workplace, a gaming giant, gets hit.

In late 2014, one of the biggest and most expensive hacks ever recorded took place at Sony and one employee reveals the inside situation.

Half of the companies 6800 computers and servers were rendered dead and had ALL of their information stolen and deleted.

As a result, employees had to rewrite every single deleted file by hand. Paper became the main form of communication, used in written memos and to-do-lists, even their salaries were paid using hand-written checks.

The damage didn’t stop there.

The hackers got a hold of employee personal information. The source of the article had to change all her credit card passwords, Facebook, Amazon and eBay accounts, almost 30 accounts in total.

The story: I work at Sony Pictures. This is what it was like after we got hacked.

Because of their size and income, companies are frequent targets for hackers. here is a list of 10 critical corporate cybersecurity risks, 13. the casual, public wi-fi hack.

Maurits Martijn, a Dutch journalist at De Correspondent, entered a busy Amsterdam café with Wouter Slotboom, an ethical hacker.

Within a few minutes, Slotboom had set up his gear, consisting of a laptop and a small black device and connected to the coffeehouses Wi-Fi.

All you needed was around $80-90 worth of software and equipment, an average intelligence and that was it, a few minutes was all it took to get a hold of a few dozen users personal information.

Slotboom’s small, black device could fool a phone into connecting to his own Wi-Fi network, giving him control over the entire traffic coming and going from a device.

If Slotboom wanted to, he could wait until one user wrote in his email address and password and then take it over.

With it, he could control most of the services registered on that email.

While you don’t need to be paranoid every time you connect to a public Wi-Fi, it’s best if you know the risks of doing so.

The story: Don’t use public Wi-Fi when reading this article.

There are ways in which you can stay safe on public hotspots: 11 security steps to stay safe on public wi-fi networks, 14. customer support falls prey to a social engineering hack.

The impersonator then used Eric’s fake information in a conversation with an Amazon customer support representative and found out his real address and phone number.

Using Eric’s real information, the impersonator got in touch with various services and even managed to issue a new credit card in Eric’s name.

Eric got wind of his impersonator’s efforts by reading the customer support transcripts, and also found out his real purpose: to get the last 4 digits of his credit card.

Amazon didn’t do anything to protect Eric’s account, even though he repeatedly signaled the problem, so he finally decides to switch from Amazon to Google.

As a parting note, he gets an email from Amazon implying they have provided the impersonator with the last 4 digits of his credit card.

This story about this guy’s tumultuous experience with Amazon will make you think twice about storing confidential information in your online accounts.

The fact that Amazon failed to protect his account and look into the matter shows how a lack of cyber security education can endanger users

The story: Amazon’s customer service backdoor

Here is a guide on how to protect yourself against social engineering attacks, 15. hotel managers and clients had nightmares due to one lock hack.

In this Forbes story , reporters chronicles the chaos experienced by hotel managers and the panic felt by their customers after a burglar used online hacking tools to bypass the electronic locks on the doors.

He then used that Onity-lock hack to do a series of break-ins. How did this cautionary tale end?

On a bittersweet note.

The original burglar is serving a prison sentence, but the electronic locks in question can still be easily hacked.

A Wired reporter tried it himself, almost 6 years after the original Onity hack, and it still worked. He managed to break into a hotel room.

His story is amazing and it follows the birth of the original hacking method, how the burglar got to it and what came out of the entire publicized event.

The story: The Hotel Room Hacker

If you rely on electronic locks and other IoT devices to secure your belongings, this guide will be very useful: IOT SECURITY – All You Need To Know And Apply

16. the moderna conundrum.

According to Reuters and other major publications , Moderna Inc, one of the three biotech companies developing an efficient COVID-19 vaccine, has come under attack in late July. US’s Justice Department and the FBI have accused two Chinese nationals in this case.

They have been charged with spying on the American biotech company and three other targets in a bid to slow down or effectively stop the development of the COVID-19 vaccine.

Source from inside the FBI has revealed that the two arrested Chinese citizens are part of a hacking group funded by the Chinese government.

The company has emerged unscathed from the incident. No data has left Moderna’s databanks and the network remains intact.

The story: China-backed hackers ‘targeted COVID-19 vaccine firm Moderna’

These stories may help you realize that not protecting your information and relying on other Internet users to be nice and play fair is not a viable strategy.

Cyber criminals don’t care about the consequences of their attacks.

They only want to reach their purpose, and sometimes that purpose may have nothing to do with you.

You could just be a collateral victim, but the aftermath would be all too real for you.

Ana Dascalescu

Cyber Security Enthusiast

The Atlantic wrote about cyberflâneur and I think that's the best way to describe myself. Or maybe a digital jack-of-all-trades with a long background in blogging, video production and streaming. I spend my waking hours snooping through online communities of all types, from Reddit to security forums, from gaming blogs to banal social media platforms like Instagram. Sometimes I even contribute to those communities.

This is going to help me with my TedTalk homework so much Thank u

All govts should have passed cyber crimes prevention laws with universal applicable provisions along with trans-border access of criminals.

I have been hacked by an old boyfriend for 7 years. On a daily basis he ruins my life. is their any legal help out their to prosecute someone? police do nothing.

This is a very good article and would have been ever so much more usefull before hacking actually became a threat to EVERY SiNGLE person on the planet. One day, i dont know, whenever I had my first real smartphone stolen or lost I guess. Like an iPhone 3g or a Motorolla Razor back then, combined with the loss of a social security card, a couple licenses, AAA, bank cards etc….have I gradually become more and more awhere of fraudulent cr@p regarding every aspect of my life to the point I swear people think ive lost my sanity. From false electric bills, to CC’s, not to mention the hell that has become fraudulent phone bills in hardware, upgrades, accts. Really I have no idea at all just how far it reaches at this point. Is it unmodest of me to say that my whole complete tall tale to this day should be up in that top 12 list? In my eyes this IS the end of the world. Information being hacked by individuals, god willing yours or anyone elses with ZERO morals falls into the wrong hands could perform some of the most malicious of anythings. I guess it comes down to whose “code” is better. Kind of like an anonymous shouting contest or chess game. “My ‘d@>k’ is bigger than yours.” They didn’t teach us any coding BS or how in the hell to read it when i was in highschool. But it should come footnoted by whoever is lurking in your server, their address, etc…so you can go to their house and introduce yourself. Oneday not too long ago this cyber security ‘deal’ became extremely serious and god forbid as damaging as it has been on myself and my family. Rule #1 – Never lose ANYTHING!!!!!! Rule #2 – ANYTHING At ALL. Especially a smartphone and make sure anytime you connect to the internet via wifi at your home that it is secure with a dome of protection. I’ll kill it with that last fact is so important or you may one day ramage your neighbrhood knocking on every single persons home within a 3 mile radius and demand to know who provides their internet service. And on that very same day you may end up going to a mental ward and then getting arrested because you can’t read the code or prove a damn thing. I could write a book.

Small Business Cybersecurity Corner

Small business cybersecurity case study series.

Ransomware, phishing, and ATM skimming are just a few very common and very damaging cybersecurity threats that Small Businesses need to watch out for. The following Case Studies were created by the National Cyber Security Alliance , with a grant from NIST, and should prove useful in stimulating ongoing learning for all business owners and their employees.

Case 1: A Business Trip to South America Goes South Topic: ATM Skimming and Bank Fraud
Case 2: A Construction Company Gets Hammered by a Keylogger Topic: Keylogging, Malware and Bank Fraud
Case 3: Stolen Hospital Laptop Causes Heartburn Topic: Encryption and Business Security Standards
Case 4: Hotel CEO Finds Unwanted Guests in Email Account Topic: Social Engineering and Phishing
Case 5: A Dark Web of Issues for a Small Government Contractor Topic: Data Breach

Cybercrime Charles R. Nesson Last Updated: June 15, 2001 Table of Contents Introduction Case Studies and Readings Further Discussion Topics Further Reading

Introduction

"Cyber crime" is not a rigorously defined concept. For our purposes, consider it to embrace criminal acts that can be accomplished while sitting at a computer keyboard. Such acts include gaining unauthorized access to computer files, disrupting the operation of remote computers with viruses, worms, logic bombs, Trojan horses, and denial of service attacks; distributing and creating child pornography, stealing another's identity; selling contraband, and stalking victims. Cyber crime is cheap to commit (if one has the know-how to do it), hard to detect (if one knows how to erase one's tracks), and often hard to locate in jurisdictional terms, given the geographical indeterminacy of the net.

Our purpose in considering the subject of cyber crime is not to catalog it exhaustively, but rather to raise and consider questions of particular interest that are presented by cyber methodologies of committing crimes. The most interesting questions arise at the points where criminal opportunities presented by the new technologies stretch the bounds of our criminal law.

Case Studies and Readings

Case Study 1: Cyberstalking Case Study 2: Virtual Porn Case Study 3: Hacking Case Study 4: Where Did It Happen? Case Study 5: Enforcement Across Borders

Case Study 1: Cyberstalking

Excerpts from Radosevich, Thwarting The Stalker: Are Anit-Stalking Measures Keeping Pace with Today's Stalker? , 2000 U. Ill. L. Rev. 1371 (2000) [Citations omitted]

Scope of the Problem In the United States, recent data suggest that stalkers terrorize approximately one million women each year. Although stalking is not necessarily a gender-specific crime, seventy-five to eighty percent of stalking cases involve a male stalking a female. In addition, only a minority of stalking victims are celebrities; the majority of targets are ordinary citizens. Estimates from the early 1990s indicate ordinary citizens account for fifty-one percent of stalking targets but celebrities comprise only seventeen percent of all stalking victims; the remaining thirty-two percent of stalking victims are lesser-known entertainment figures.... As the Internet and other electronic communications technologies permeate virtually every aspect of society, electronic stalking has been increasing as well, although no detailed statistics have been developed for this phenomenon. However, both electronic harassment and stalking also seem to target women as victims. "In a 1993 survey of 500 members of Systers, an electronic mailing list for women in computer science, twenty percent of the respondents reported having been the targets of sexual harassment on-line." The term "cyberstalking" has been coined to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Because of the emerging nature of this form of stalking, the available evidence of cyberstalking is still largely anecdotal, but it suggests that the majority of cyberstalkers are men and the majority of their victims are women. As in off-line stalking, in many on-line cases, the cyberstalker and the victim had a prior relationship, and when the victim attempts to end the relationship, the cyberstalking begins. Preliminary evidence on cyberstalking has come from incidents handled by state law-enforcement agencies. For example, the Stalking and Threat Assessment Unit of the Los Angeles District Attorney's Office has estimated that e-mail or other electronic communications were a factor in approximately twenty percent of the roughly 600 cases handled by the unit. About twenty percent of the cases handled by the Sex Crimes Unit in the Manhattan District Attorney's Office involved cyberstalking. Finally, by 1999, an estimated forty percent of the caseload in the Computer Investigations and Technology Unit of the New York City Police Department involved electronic threats or harassment, and "virtually all of these... occurred in the past three or four years." ... Problems Unique to Cyberstalking Cases "Stalkers harness the tremendous power of the Web to learn about their prey and to broadcast false information about the people they target. And the Internet - the same tool they use to investigate and spread terror - provides stalkers with almost impenetrable anonymity." In cyberspace, stalking and harassment may occur via e-mail and through user participation in news groups, bulletin boards, and chat rooms. One major difference from off-line stalking is that cyberstalkers can also dupe other Internet users into harassing or threatening victims. For example, a cyberstalker may post an inflammatory message to a bulletin board using the name, phone number, or e-mail address of the victim. Each subsequent response to the victim, whether from the actual cyberstalker or others, will have the intended effect on the victim, but the cyberstalker's effort is minimal. The veil of anonymity offered by the Internet also puts the cyberstalker at an advantage. Internet users can conceal their true identity by using different Internet Service Providers (ISPs) and/or by adopting different screen names. When an individual creates an electronic mailbox through a web site on the Internet, most ISPs request some identifying information from the user, but rarely do the ISPs authenticate or confirm this information. If the services require payment, the user can typically pay in advance with a nontraceable form of payment, such as a money order. As long as payment is received in advance, the ISP has little incentive to verify any information given and will simply provide service to the account holder. Cyberstalkers can also change their screen names and use "mail servers that purposefully strip identifying information and transport headers from electronic mail." Stalkers can make the message nearly perfectly anonymous by first forwarding their mail through several of these types of servers. Although ISPs are beginning to receive more complaints about harassing and threatening behavior on-line, they have yet to pay much attention to these types of complaints. On-line industry associations assert that providing more attentive protection to their customers (informing them as to the ISP's complaint procedures, the policies as to what constitutes prohibited harassment, and the ISP's follow-up procedures) would be costly and difficult. They argue that "no attempt to impose cyberstalking reporting or response requirements should be made unless fully justified," yet they assert that "the decentralized nature of the Internet would make it difficult for providers to collect and submit such data." The anonymity of the cyberstalker's threat and potential lack of direct conduct between the stalker and the victim can be particularly ominous to a cyberstalking victim, and make it more difficult for ISPs and law enforcement to identify, locate, and arrest the stalker. Also, with the knowledge that they are anonymous, cyberstalkers might be more willing to pursue their victims, using additional information easily gleaned from the Internet. Furthermore, Internet web sites provide great assistance and resources to off-line stalkers and cyberstalkers alike. Web sites can teach an individual how to stalk a woman and how to research her social security number, her home address, and her driver's license number. Stalking, and particularly cyberstalking, is a growing social problem. Criminal anti-stalking statutes have provided a first-step toward eradicating this behavior. By using anti-stalking statutes in the criminal justice system, the state controls the prosecution of the stalker and must prove its case beyond a reasonable doubt. The primary benefit for a victim of stalking is that, with a conviction after a criminal trial, a judge or jury can sentence the stalker to prison. Jailing a defendant provides at least temporary safety for the victim. However, for some victims, their stalkers are able to escape direct prosecution for stalking by skirting the language of the state's stalking statute and engaging in some form of cyberstalking. Until broader language is implemented to cover the use of new information technologies and methodologies in stalking cases, victims may have to search for alternative solutions.

Discussion Problem:

David posted a message on a Yahoo! discussion board saying that Jane was available for sex anytime of the day or night and listing her home phone number and home address. In the next week, Jane got as many as 25 calls a day, from as far away as Germany. Jane went to the authorities -- local, county, state, even the FBI -- trying to get help, but all said, "We have no idea how to help you."

"I felt like someone had broken into my house, touched all of my things, didn't take anything and left. I felt violated and scared for my life," said Jane.

Assuming that both David and Jane live in California, has David committed an offense under the following California statute?

Cal Pen Code § 646.9: Stalking

"(a) Any person who willfully, maliciously, and repeatedly follows or harasses another person and who makes a credible threat with the intent to place that person in reasonable fear for his or her safety, or the safety of his or her immediate family, is guilty of the crime of stalking . . . "(e) For the purposes of this section, 'harasses' means a knowing and willful course of conduct directed at a specific person that seriously alarms, annoys, torments, or terrorizes the person, and that serves no legitimate purpose. This course of conduct must be such as would cause a reasonable person to suffer substantial emotional distress, and must actually cause substantial emotional distress to the person. "(f) For purposes of this section, 'course of conduct' means a pattern of conduct composed of a series of acts over a period of time, however short, evidencing a continuity of purpose. Constitutionally protected activity is not included within the meaning of 'course of conduct.' "(g) For the purposes of this section, 'credible threat' means a verbal or written threat or a threat implied by a pattern of conduct or a combination of verbal or written statements and conduct made with the intent to place the person that is the target of the threat in reasonable fear for his or her safety or the safety of his or her family and made with the apparent ability to carry out the threat so as to cause the person who is the target of the threat to reasonably fear for his or her safety or the safety of his or her family. It is not necessary to prove that the defendant had the intent to actually carry out the threat. . . ."

What Problems do you see in prosecuting David under this California statute?

To what extent would the following amendment to the statute meet the problems?

This statute provides in part that "credible threat" means a verbal or written threat, including that performed through the use of an electronic communication device, or a threat implied by a pattern of conduct or a combination of verbal, written, or electronically communicated statements and conduct made with the intent to place the person that is the target of the threat in reasonable fear for his or her safety or the safety of his or her family and made with the apparent ability to carry out the threat so as to cause the person who is the target of the threat to reasonably fear for his or her safety or the safety of his or her family. It is not necessary to prove that the defendant had the intent to actually carry out the threat.

Consider the so-called " Nuremberg Files ", a web site that lists names of doctors who perform abortions in a manner that is highly threatening to them. ( WARNING: This material is very graphic in nature and may be disturbing to many readers. It is presented in order to provide a complete view of the facts of the case).

Legend: Black font (working); Greyed-out Name (wounded); Strikethrough (fatality)

If you follow the hyperlinked names, Use Your "BACK" button to return to the list

Could those responsible for this site be prosecuted for stalking? Does the broadening of stalking statutes suggested by Radosevich raise constitutional questions? You might consider, in this connection, the Ninth Circuit's opinion that the First Amendment to the Constitution protects the Nuremberg Files.

Case Study 2: Virtual Porn

The 1996 Child Pornography Prevention Act prohibits "visual depiction" that "appears to be" or "conveys the impression" of a minor engaging in sexually explicit conduct. By this act, Congress attempts to criminalize the transmission of digitally created pornographic images that merely look like children engaging in sexually explicit acts, even if no children are actually involved. Should the creation and trafficking in such images be criminal? Is it within the constitutional power of Congress to make such acts criminal?

Excerpts from Burke, The Criminalization of Virtual Child Pornography: A Constitutional Question , 34 Harv. J. on Legis. 339 (1997) [Citations omitted]

Freedom of press is not the freedom for the thought you love the most. It's freedom for the thought you hate the most. --Larry Flynt

I. THE CONSTITUTIONAL FRAMEWORK

A. New York v. Ferber and its Implications

New York v. Ferber examined the constitutionality of a New York criminal statute prohibiting persons from knowingly promoting sexual performances by minors by distributing materials that depict such performances, even if the materials were not legally obscene. In upholding the statute, the Court concluded that states were "entitled to greater leeway in the regulation of pornographic depictions of children" for five reasons.

First, the Court found the prevention of sexual exploitation and abuse of children to be a "government objective of surpassing importance" because it recognized the harm to the physiological, emotional, and mental health of the child. The second reason given by the Court was that a state legitimately could conclude that sexual abuse is linked to the distribution of child pornography. The third justification emphasized the integral role that the advertising and selling of child pornography plays in the production of such materials, "an activity [that is] illegal throughout the Nation." Fourth, the Court concluded that "the value of permitting live performances and photographic reproductions of children engaged in lewd sexual conduct is exceedingly modest, if not de minimis," and that the "First Amendment interest is limited to that of rendering the portrayal somewhat more 'realistic' by utilizing or photographing children." Fifth and finally, the Court held that creating another classification of speech outside of First Amendment protection, that is, nonobscene child pornography, was not incompatible with earlier decisions, particularly when the class of materials "bears so heavily and pervasively on the welfare of children engaged in its production."

In holding that child pornography did not enjoy First Amendment protection, the Court placed it on the same level as obscene adult pornography, yet altered the definition somewhat. Obscenity that is not protected under the First Amendment is defined in Miller v. California by a conjunctive inquiry into "(a) whether the 'average person, applying contemporary community standards' would find that the work, taken as a whole, appeals to the prurient interest [in sex]; (b) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state law; and (c) whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value."

The Ferber Court adjusted the Miller formulation by stipulating that the trier of fact (1) did not need to find that the material appeals to the prurient interest of the average person, (2) is not required to find that the sexual conduct portrayed be done in a patently offensive manner, and (3) need not consider the material at issue as a whole. While the definition of unprotected child pornography is not exact and to a degree shares the same difficulty in consistent application as that of Miller , the Court suggested that the statute at issue in Ferber is directed at the "hard core of child pornography" and that permissible educational, medical, or artistic works would amount to little more than "a tiny fraction of the materials within the statute's reach."

The Ferber Court found that suppression of this speech was justified by the state's compelling interest in protecting its children from sexual abuse, an interest that complements an overall constitutional framework favoring statutory provisions that promote and protect the interests of children. Even so, the Ferber Court restricted this new category of unprotected expression to laws aimed at works that "visually depict sexual conduct by children below a specific age" wherein the conduct proscribed is suitably limited and described.

Thus, the Ferber category of unprotected expression is by its terms limited to visual depictions of actual minors engaged in sexually explicit conduct. The Court expressly noted that "the distribution of descriptions or other depictions of sexual conduct, not otherwise obscene, which do not involve live performance or photographic or other visual reproduction of live performances, retains First Amendment protection." Further, in questioning whether visual depictions of children performing sexual acts or lewdly exhibiting their genitals would ever constitute an important part of any serious work, the Court suggested that if it were necessary for literary or artistic value, there are alternatives to the use of a child. Either a person over the statutory age who looked younger could be used or a "simulation outside of the prohibition of the statute" could be employed. That the Court envisioned the performance of actual children within its definition of child pornography is further intimated by a subsequent decision that defined the scienter requirement for a violation of federal child pornography law as including either an actual or constructive knowledge of the actors' minority.

The Supreme Court thus far has unequivocally defined child pornography in terms of child participation. In Ferber , the Court repeatedly used language such as "the use of children," "sexual abuse," "lewd sexual conduct," and "children engaged in its production," while it characterized the production of child pornography as "an activity illegal throughout the nation." Nevertheless, in its 1996 legislation Congress expanded the definition to include visual depictions that only appear to involve the participation of minors. Because the Ferber Court suggested to pornographers that simulations outside the statutory prohibition would be permissible, the issue is whether or not Congress constitutionally can include a simulation in the category of unprotected speech, and if so, to what degree. In other words, did the Court concentrate its ruling in Ferber on participation because the New York statute was thus limited, or did the Court, notwithstanding the statute, define child pornography in terms of participation as a matter of constitutional law?

B. Osborne v. Ohio : Less than Unprotected Speech

Eight years after Ferber, the Supreme Court in Osborne v. Ohio was confronted with an Ohio statute that criminalized the possession and viewing of child pornography. The issue presented was akin to that in Stanley v. Georgia with respect to obscenity. In Stanley , the Court held that a Georgia statute that punished the private possession of obscene materials violated the First and Fourteenth Amendments to the Constitution. The Court stressed the privacy interests of Stanley and his right "to read or observe what he pleases--the right to satisfy his intellectual and emotional needs in the privacy of his own home." Even though the material at issue was concededly obscene, the interests advanced by Georgia in suppressing it--that is, a fear unsubstantiated by empirical evidence that exposure would lead to deviant sexual behavior or crimes of sexual violence, --did not override privacy considerations.

In contrast, in Osborne the Court found that Ohio did advance reasons that outweighed any privacy interest associated with the possession of child pornography. The Court concluded that three interests supported Ohio's criminalization of private possession. First, the Court followed Ferber in recognizing that the materials produced by child pornographers permanently recorded the victims' abuse, which would result in continuing harm to the child victims by haunting them for years to come. Second, because evidence suggested that pedophiles use child pornography to seduce children, the Court reasoned that the state could legitimately encourage the destruction of child pornography by banning its possession. Third, the Court found that it was reasonable for the state to conclude that production would decrease if demand decreased as a result of penalizing possession. While penalizing the possession of adult obscenity also would likely decrease demand and encourage its destruction, the State's overriding interest in the context of child pornography, that is, protecting the physical and psychological health of minors, is absent with respect to adult obscenity.

The Court's primary emphasis in Osborne centered on the possible exploitation of children as victims in the production of pornography. The gravity of its concern for the exploitative use of children not only justified the criminalization of the dissemination of child pornography, but its possession as well. Again, as in Ferber , the Court stressed the actual abuse of the child in the production of child pornography, suggesting that the essence of the definition involved the employment of minors in its production. The question then remains, did the Court concentrate its ruling in Osborne , as in Ferber , on participation because the Ohio statute was thus limited, or did the Court, notwithstanding the statute, define child pornography in terms of participation as a matter of constitutional law? Osborne suggests there is something more pernicious about child pornography than obscenity. Is it the conduct involved? Or is it the fact that the State's interest in suppression is greater with respect to child pornography than with respect to obscenity?

Andy, an artist who works in multimedia, produces a series of depictions of a single scene in which a minor child is engaging in sexually explicit conduct. Andy intends these various depictions to be viewed all together as one piece of art, titled "Continuum." Continuum is a display from left to right of an oil painting that is impressionistic, an oil painting that is realist, a photograph of the realist oil painting, and a digital rendering that is completely realistic. Andy created each element of Continuum without the use of a model. No actual child was involved in any way in the production of the work. Bill, with Andy's permission, posts digital images of the separate panels of Continuum on a web site. Is the conduct of either Andy or Bill criminal?

The constitutionality of the federal statute criminalizing virtual porn is presently before the United States Supreme Court in Ashcroft v. Free Speech Coalition .

Case Study 3: Hacking

Hacking is the process of gaining unauthorized access to a computer system. Consider the following set of facts from United States v. Morris , 928 F.2d 504, (March 7, 2001):

In the fall of 1988, Morris was a first-year graduate student in Cornell University's computer science Ph.D. program. Through undergraduate work at Harvard and in various jobs he had acquired significant computer experience and expertise. When Morris entered Cornell, he was given an account on the computer at the Computer Science Division. This account gave him explicit authorization to use computers at Cornell. Morris engaged in various discussions with fellow graduate students about the security of computer networks and his ability to penetrate it. In October 1988, Morris began work on a computer program, later known as the INTERNET "worm" or "virus." The goal of this program was to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers. Morris designed the program to spread across a national network of computers after being inserted at one computer location connected to the network. Morris released the worm into INTERNET, which is a group of national networks that connect university, governmental, and military computers around the country. The network permits communication and transfer of information between computers on the network. Morris sought to program the INTERNET worm to spread widely without drawing attention to itself. The worm was supposed to occupy little computer operation time, and thus not interfere with normal use of the computers. Morris programmed the worm to make it difficult to detect and read, so that other programmers would not be able to "kill" the worm easily. Morris also wanted to ensure that the worm did not copy itself onto a computer that already had a copy. Multiple copies of the worm on a computer would make the worm easier to detect and would bog down the system and ultimately cause the computer to crash. Therefore, Morris designed the worm to "ask" each computer whether it already had a copy of the worm. If it responded "no," then the worm would copy onto the computer; if it responded "yes," the worm would not duplicate. However, Morris was concerned that other programmers could kill the worm by programming their own computers to falsely respond "yes" to the question. To circumvent this protection, Morris programmed the worm to duplicate itself every seventh time it received a "yes" response. As it turned out, Morris underestimated the number of times a computer would be asked the question, and his one-out-of-seven ratio resulted in far more copying than he had anticipated. The worm was also designed so that it would be killed when a computer was shut down, an event that typically occurs once every week or two. This would have prevented the worm from accumulating on one computer, had Morris correctly estimated the likely rate of reinfection. Morris identified four ways in which the worm could break into computers on the network: (1) through a "hole" or "bug" (an error) in SEND MAIL, a computer program that transfers and receives electronic mail on a computer; (2) through a bug in the "finger demon" program, a program that permits a person to obtain limited information about the users of another computer; (3) through the "trusted hosts" feature, which permits a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and (4) through a program of password guessing, whereby various combinations of letters are tried out in rapid sequence in the hope that one will be an authorized user's password, which is entered to permit whatever level of activity that user is authorized to perform.

On November 2, 1988, Morris released the worm from a computer at the Massachusetts Institute of Technology. MIT was selected to disguise the fact that the worm came from Morris at Cornell. Morris soon discovered that the worm was replicating and reinfecting machines at a much faster rate than he had anticipated. Ultimately, many machines at locations around the country either crashed or became "catatonic." When Morris realized what was happening, he contacted a friend at Harvard to discuss a solution. Eventually, they sent an anonymous message from Harvard over the network, instructing programmers how to kill the worm and prevent reinfection. However, because the network route was clogged, this message did not get through until it was too late. Computers were affected at numerous installations, including leading universities, military sites, and medical research facilities. The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000.

Morris was found guilty, following a jury trial, of violating 18 U.S.C. § 1030(a)(5)(A). He was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.

Morris had relatively good intentions. Unlike Morris, most hackers do not. Or do they? Consider the following piece written by an individual known as The Mentor upon his arrest:

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering." "Damn kids. They're all alike." But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world. Mine is a world that begins with school. I'm smarter than most of the other kids, this crap they teach us bores me. "Damn underachiever. They're all alike." I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head." "Damn kid. Probably copied it. They're all alike." I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me, or feels threatened by me, or thinks I'm a smart ass, or doesn't like teaching and shouldn't be here. Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. ***

Should intent to cause harm make a difference? Should Morris have been convicted? If the Mentor committed the same acts as Morris, would he deserve a greater sentence? Consider that most hackers are young; many are minors. Should this fact shape how the criminal law approaches the crime?

Case Study 4: Where Did It Happen?

18 U.S.C. Section 875(c), provides:

Whoever transmits in interstate or foreign commerce any communication containing any threat to kidnap any person or any threat to injure the person of another, shall be fined under this title or imprisoned not more than five years, or both. On January 16, 1997, Mr. Kammersell, then nineteen years old, logged on to the Internet service provider (ISP) America Online ("AOL") from his home computer in Riverdale, Utah. Mr. Kammersell's girlfriend was employed at AOL's service center in Ogden, Utah. He sent a bomb threat to her computer terminal via "instant message," hoping that the threat would enable her to leave work early so they could go on a date. Mr. Kammersell claims that the jurisdictional element of § 875(c) cannot be met if based solely on the route of the transmission, where the sender and recipient are both in the same state. Every message sent via AOL automatically goes from the state of origin to AOL's main server in Virginia before going on to its final destination. This pattern of transmission is the same whether the communication is an electronic mail (e-mail) message or an instant message. When Kammersell sent the bomb threat, it was automatically transmitted through interstate telephone lines from his computer in Utah to the AOL server in Virginia and then back to Utah to his girlfriend's terminal at the Ogden service center.

Should this make a difference?

Historically, state governments have asserted the primary responsibility for creating and enforcing criminal laws. Does the Internet call for a different approach? Should all computer crimes be considered federal? What role should the states play?

Case Study 5: Enforcement Across Borders

Excerpts from Michael A. Sussman, The Critical Challenges from International High-Tech and Computer-Related Crime at the Millenium , 9 Duke J. Comp. & Int'l L. 451 (1999) [Citations omitted]

THE CHALLENGES Imagine this scene out of tomorrow's headlines: A hacker, going on-line through the Internet, breaks into computers that the Federal Aviation Administration (FAA) uses for air traffic control. He disrupts a regional air traffic network, and the disruption causes the crash of a DC-10 in the Rocky Mountains, killing all aboard. The FAA and the FBI know there has been a hacker intrusion, originating through the Internet, but nothing else. Since anyone can access the Internet from anywhere in the world, the FBI has no idea where the hacker may be located. Moreover, they do not know the motive of the attack or the identity of the attackers. Is it a terrorist group, targeting the United States and likely to strike again at any time, or is it a fourteen-year-old hacker whose prank has spun tragically out of control? Let us follow this scenario a bit further. Within thirty minutes of the plane crash, the FBI tracks the source of the attack to an Internet Service Provider (ISP) in Germany. Assuming the worst, another attack could occur at any time, and hundreds of planes in flight over the United States are at risk. The next investigative step is to determine whether the ISP in Germany is a mere conduit, or whether the attack actually originated with a subscriber to that service. In either case, the FBI needs the assistance of the German ISP to help identify the source of the attack, but it is now 3:00 a.m. in Germany. Does the FBI dare wait until morning in Europe to seek formal legal assistance from Germany or permission from the German government to continue its investigation within their borders? Does the Department of Justice authorize the FBI's computer experts to conduct a search, without German consent, on the German ISP from their terminals in Washington? Does the FBI agent need a U.S. court order to access private information overseas? What would be the reach of such an order? If the FBI agent plows forward and accesses information from computers in Germany, will the German government be sympathetic to the U.S. plight, will the violation of German sovereignty be condemned, or both? What are the diplomatic and foreign policy implications of the United States remotely (and without advance notice) conducting a search that may intrude into German sovereignty? The legal and policy implications of possible "transborder searches," such as the one contemplated in this scenario, are quickly becoming a concern for law enforcement agencies around the globe as they grapple with new challenges posed by networked communications and new technologies. Traditional investigative procedures - and particularly the often cumbersome procedures that govern investigations at the international level - may not be adequate to meet the need in computer crime cases for immediate law enforcement action reaching beyond national borders. The globalization of criminal activity has created vexing problems that, in some cases, defy simple solutions.... ...At a meeting of senior law enforcement officials from the G-8 countries in January 1997, Attorney General Reno stated: "Until recently, computer crime has not received the emphasis that other international crimes have engendered. Even now, not all affected nations recognize the threat it poses to public safety or the need for international cooperation to effectively respond to the problem. Consequently, many countries have weak laws, or no laws, against computer hacking - a major obstacle to solving and to prosecuting computer crimes." The solution to this problem is simple to state: "[countries] need to reach a consensus as to which computer and technology-related activities should be criminalized, and then commit to taking appropriate domestic actions." But it is not as easy to implement. An international "consensus" concerning the activities that universally should be criminalized may take time to develop. Meanwhile, individual countries that lack this kind of legislation will each have to pass new laws, an often cumbersome and time-consuming process. In the United States, for example, action by both the Congress and the President is required for new legislation. ***

The FBI suspected Vasily Gorshkov, a Russian national, of being the person who broke into computer systems at several American corporations, then sent email to company officials demanding payment in exchange for not distributing or destroying sensitive data. To catch Gorshkov and prove his guilt, the FBI set up sting operation. It created a shell computer security company called Invita in Seattle and invited Gorshkov to come to Seattle to test the Invita system by trying to hack into it. Gorshkov fell for the bait and accepted the challenge. Operating from a computer at the Invita office, he demonstrated his hacking skill by penetrating the security system. In doing so, however, he accessed hacking tools he kept on his home machine in Russia. All the while, the FBI secretly used a "sniffer" program that logs every keystroke a person types. Using passwords recorded by the "sniffer," the FBI then was able to enter the computers in Russia, where Gorshkov kept his data, and download immense amounts of information tying Gorshkov to the criminal extortion of the American companies.

In court documents, Gorshkov's lawyer has challenged the FBI's right to use that material, claiming his client's privacy was invaded because he did not consent to have his computer usage recorded. Gorshkov's lawyer contends the FBI should have obtained a search warrant before downloading the information. The investigators say they had to follow this procedure because they needed to secure the incriminating information before the suspect's Russian counterparts destroyed data.

How far can U.S. law enforcement go to catch non-citizens who break into American systems? Should countries have a right to conduct transborder searches of computers located in other countries to effectuate their own domestic laws?

Should the United States cooperate with German investigations into the dissemination of Neo-Nazi propaganda over the Internet into Germany when such propaganda is protected by the First Amendment in the United States? If not, can the U.S. complain when a country that does not criminalize the possession of child pornography refuses to cooperate with a U.S. criminal investigation into child pornography? Will the Internet create a "lowest common denominator" approach to enforcing computer crime laws, in which any Country in the world can create a safe-haven that effectively blocks other countries from investigating computer crimes?

Further Discussion Topics

1. What conduct should be criminal in cyberspace? How is computer crime different from traditional crime?

2. When existing legal structures prove inadequate to deal with criminal activities, how should governments and individuals proceed? Should it be legal for a victim to "hack back"?

3. Some have proposed that tort law applied to internet service providers would be more effective than criminal law in handling computer crimes. The argument is that if ISPs are held liable for crimes committed on their networks, then they will more effectively police activity under their auspices. Furthermore, ISPs would have an incentive to implement new technologies, such as IPv6, that enhance accountability and traceability. Do you agree with this assessment? Is an ISP-policed Internet preferable to one supervised by the government? See Lee, et al, Electronic Commerce, Hackers, And The Search For Legitimacy: A Regulatory Proposal , 14 Berkeley Tech. L. J. 839 (1999).

4. Wire and mail fraud laws often serve as a "stopgap" measure when legislatures have failed to keep pace with technology. Prosecutors use this laws to indict individuals for actions that have not yet specifically been made criminal. Is this an appropriate way to handle the problem of lag time before legislatures recognize new cyber-crimes? If not, what is?

5. Judge Easterbrook makes the following argument: No law school offers a class entitled "The Law of the Horse." Such a course would be pointless: one would learn little about any substantive area of law by reading unrelated cases, some commercial, some tort, and all of which involved horses. Similarly, Easterbrook argues, cyber-law is meaningless as a separate discipline. Problems posed by technology can be solved using traditional approaches. Is this applicable in the area of cyber-crime? Or are the problems posed by technology qualitatively different? See Frank Easterbrook, Cyberspace and the Law of the Horse , 1996 U. Chi. Legal F. 207; Lawrence Lessig, The Law of the Horse: What Cyberlaw Might Teach , 113 Harv. L. Rev. 501 (December, 1999).

6. Can state governments effectively prosecute cyber-crimes? Is the prevalence of crimes in cyberspace an effective argument in favor of the federalization of crimes?

Financial crime and fraud in the age of cybersecurity

In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on anti–money laundering (AML) controls alone in 2017. The crimes themselves, detected and undetected, have become more numerous and costly than ever. In a widely cited estimate, for every dollar of fraud institutions lose nearly three dollars, once associated costs are added to the fraud loss itself. 1 World Economic Forum Annual Meeting, Davos-Klosters, Switzerland, January 23–26, 2018; LexisNexis risk solutions 2018 True Cost of Fraud study, LexisNexis, August 2018, risk.lexisnexis.com. Risks for banks arise from diverse factors, including vulnerabilities to fraud and financial crime inherent in automation and digitization, massive growth in transaction volumes, and the greater integration of financial systems within countries and internationally. Cybercrime and malicious hacking have also intensified. In the domain of financial crime, meanwhile, regulators continually revise rules, increasingly to account for illegal trafficking and money laundering, and governments have ratcheted up the use of economic sanctions, targeting countries, public and private entities, and even individuals. Institutions are finding that their existing approaches to fighting such crimes cannot satisfactorily handle the many threats and burdens. For this reason, leaders are transforming their operating models to obtain a holistic view of the evolving landscape of financial crime . This view becomes the starting point of efficient and effective management of fraud risk.

The evolution of fraud and financial crime

Fraud and financial crime adapt to developments in the domains they plunder. (Most financial institutions draw a distinction between these two types of crimes: for a view on the distinction, or lack thereof, see the sidebar “Financial crime or fraud?”) With the advent of digitization and automation of financial systems, these crimes have become more electronically sophisticated and impersonal.

Financial crime or fraud?

For purposes of detection, interdiction, and prevention, many institutions draw a distinction between fraud and financial crime. Boundaries are blurring, especially since the rise of cyberthreats, which reveal the extent to which criminal activities have become more complex and interrelated. What’s more, the distinction is not based on law, and regulators sometimes view it as the result of organizational silos. Nevertheless, financial crime has generally meant money laundering and a few other criminal transgressions, including bribery and tax evasion, involving the use of financial services in support of criminal enterprises. It is most often addressed as a compliance issue, as when financial institutions avert fines with anti–money laundering activities. Fraud, on the other hand, generally designates a host of crimes, such as forgery, credit scams, and insider threats, involving deception of financial personnel or services to commit theft. Financial institutions have generally approached fraud as a loss problem, lately applying advanced analytics for detection and even real-time interdiction. As the distinction between these three categories of crime have become less relevant, financial institutions need to use many of the same tools to protect assets against all of them.

One series of crimes, the so-called Carbanak attacks beginning in 2013, well illustrates the cyber profile of much of present-day financial crime and fraud. These were malware-based bank thefts totaling more than $1 billion. The attackers, an organized criminal gang, gained access to systems through phishing and then transferred fraudulently inflated balances to their own accounts or programmed ATMs to dispense cash to waiting accomplices (Exhibit 1).

Significantly, this crime was one simultaneous, coordinated attack against many banks. The attackers exhibited a sophisticated knowledge of the cyber environment and likely understood banking processes, controls, and even vulnerabilities arising from siloed organizations and governance. They also made use of several channels, including ATMs, credit and debit cards, and wire transfers. The attacks revealed that meaningful distinctions among cyberattacks, fraud, and financial crime are disappearing. Banks have not yet addressed these new intersections, which transgress the boundary lines most have erected between the types of crimes (Exhibit 2).

A siloed approach to these interconnected risks is becoming increasingly untenable; clearly, the operating model needs to be rethought.

As banks begin to align operations to the shifting profile of financial crime, they confront the deepening connections between cyber breaches and most types of financial crime. The cyber element is not new, exactly. Until recently, for example, most fraud has been transaction based, with criminals exploiting weaknesses in controls. Banks counter such fraud with relatively straightforward, channel-specific, point-based controls. Lately, however, identity-based fraud has become more prevalent, as fraudsters develop applications to exploit natural or synthetic data. Cyber-enabled attacks are becoming more ambitious in scope and omnipresent, eroding the value of personal information and security protections.

In a world where customers infrequently contact bank staff but rather interact almost entirely through digital channels, “digital trust” has fast become a significant differentiator of customer experience. Banks that offer a seamless, secure, and speedy digital interface will see a positive impact on revenue, while those that don’t will erode value and potentially lose business. Modern banking demands faster risk decisions (such as real-time payments) so banks must strike the right balance between managing fraud and handling authorized transactions instantly.

The growing cost of financial crime and fraud risk has also overshot expectations, pushed upward by several drivers. As banks focus tightly on reducing liabilities and efficiency costs, losses in areas such as customer experience, revenue, reputation, and even regulatory compliance are being missed (Exhibit 3).

Bringing together financial crime, fraud, and cyber operations

At leading institutions the push is on to bring together efforts on financial crime, fraud, and cybercrime. Both the front line and back-office operations are oriented in this direction at many banks. Risk functions and regulators are catching on as well. AML, while now mainly addressed as a regulatory issue, is seen as being on the next horizon for integration. Important initial steps for institutions embarking on an integration effort are to define precisely the nature of all related risk- management activities and to clarify the roles and responsibilities across the lines of defense. These steps will ensure complete, clearly delineated coverage—by the businesses and enterprise functions (first line of defense) and by risk, including financial crime, fraud, and cyber operations (second line)—while eliminating duplication of effort.

All risks associated with financial crime involve three kinds of countermeasures: identifying and authenticating the customer, monitoring and detecting transaction and behavioral anomalies, and responding to mitigate risks and issues. Each of these activities, whether taken in response to fraud, cybersecurity breaches or attacks, or other financial crimes, are supported by many similar data and processes. Indeed, bringing these data sources together with analytics materially improves visibility while providing much deeper insight to improve detection capability. In many instances it also enables prevention efforts.

In taking a more holistic view of the underlying processes, banks can streamline business and technology architecture to support a better customer experience, improved risk decision making, and greater cost efficiencies. The organizational structure can then be reconfigured as needed. (Exhibit 4).

From collaboration to holistic unification

Three models for addressing financial crime are important for our discussion. They are distinguished by the degree of integration they represent among processes and operations for the different types of crime (Exhibit 5).

Generally speaking, experience shows that organizational and governance design are the main considerations for the development of the operating model. Whatever the particular choice, institutions will need to bring together the right people in agile teams, taking a more holistic approach to common processes and technologies and doubling down on analytics—potentially creating “fusion centers,” to develop more sophisticated solutions. It is entirely feasible that an institution will begin with the collaborative model and gradually move toward greater integration, depending on design decisions. We have seen many banks identify partial integration as their target state, with a view that full AML integration is an aspiration.

Collaborative model. In this model, which for most banks represents the status quo, each of the domains—financial crime, fraud, and cybersecurity—maintain their independent roles, responsibilities, and reporting. Each unit builds its own independent framework, cooperating on risk taxonomy and data and analytics for transaction monitoring, fraud, and breaches. The approach is familiar to regulators, but offers banks little of the transparency needed to develop a holistic view of financial-crime risk. In addition, the collaborative model often leads to coverage gaps or overlaps among the separate groups and fails to achieve the benefits of scale that come with greater functional integration. The model’s reliance on smaller, discrete units also means banks will be less able to attract top leadership talent.
Partially integrated model for cybersecurity and fraud. Many institutions are now working toward this model, in which cybersecurity and fraud are partially integrated as the second line of defense. Each unit maintains independence in this model but works from a consistent framework and taxonomy, following mutually accepted rules and responsibilities. Thus a consistent architecture for prevention (such as for customer authentication) is adopted, risk-identification and assessment processes (including taxonomies) are shared, and similar interdiction processes are deployed. Deeper integral advantages prevail, including consistency in threat monitoring and detection and lower risk of gaps and overlap. The approach remains, however, consistent with the existing organizational structure and little disrupts current operations. Consequently, transparency is not increased, since separate reporting is maintained. No benefits of scale accrue, and with smaller operational units still in place, the model is less attractive to top talent.
Unified model. In this fully integrated approach, the financial crimes, fraud, and cybersecurity operations are consolidated into a single framework, with common assets and systems used to manage risk across the enterprise. The model has a single view of the customer and shares analytics. Through risk convergence, enterprise-wide transparency on threats is enhanced, better revealing the most important underlying risks. The unified model also captures benefits of scale across key roles and thereby enhances the bank’s ability to attract and retain top talent. The disadvantages of this model are that it entails significant organizational change, making bank operations less familiar to regulators. And even with the organizational change and risk convergence, risks remain differentiated.

The imperative of integration

The integration of fraud and cybersecurity operations is an imperative step now, since the crimes themselves are already deeply interrelated. The enhanced data and analytics capabilities that integration enables are now essential tools for the prevention, detection, and mitigation of threats.

Most forward-thinking institutions are working toward such integration, creating in stages a more unified model across the domains, based on common processes, tools, and analytics. AML activities can also be integrated, but at a slower pace, with focus on specific overlapping areas first.

The starting point for most banks has been the collaborative model, with cooperation across silos. Some banks are now shifting from this model to one that integrates cybersecurity and fraud. In the next horizon, a completely integrated model enables comprehensive treatment of cybersecurity and financial crime, including AML. By degrees, however, increased integration can improve the quality of risk management, as it enhances core effectiveness and efficiency in all channels, markets, and lines of business.

Strategic prevention: Threats, prediction, and controls

The idea behind strategic prevention is to predict risk rather than just react to it. To predict where threats will appear, banks need to redesign customer and internal operations and processes based on a continuous assessment of actual cases of fraud, financial crime, and cyberthreats. A view of these is developed according to the customer journey. Controls are designed holistically, around processes rather than points. The approach can significantly improve protection of the bank and its customers (Exhibit 6).

To arrive at a realistic view of these transgressions, institutions need to think like the criminals. Crime takes advantage of a system’s weak points. Current cybercrime and fraud defenses are focused on point controls or silos but are not based on an understanding of how criminals actually behave. For example, if banks improve defenses around technology, crime will migrate elsewhere—to call centers, branches, or customers. By adopting this mind-set, banks will be able to trace the migratory flow of crime, looking at particular transgressions or types of crime from inception to execution and exfiltration, mapping all the possibilities. By designing controls around this principle, banks are forced to bring together disciplines (such as authentication and voice-stress analysis), which improves both efficacy and effectiveness.

Efficiencies of scale and processes

The integrated fraud and cyber-risk functions can improve threat prediction and detection while eliminating duplication of effort and resources. Roles and responsibilities can be clarified so that no gaps are left between functions or within the second line of defense as a whole. Consistent methodologies and processes (including risk taxonomy and risk identification) can be directed toward building understanding and ownership of risks. Integrating operational processes and continuously updating risk scores allow institutions to dynamically update their view on the riskiness of clients and transactions.

Data, automation, and analytics

Through integration, the anti-fraud potential of the bank’s data, automation, and analytics can be more fully realized. By integrating the data of separate functions, both from internal and external sources, banks can enhance customer identification and verification. Artificial intelligence and machine learning can also better enable predictive analytics when supported by aggregate sources of information. Insights can be produced rapidly—to establish, for example, correlations between credential attacks, the probability of account takeovers, and criminal money movements. By overlaying such insights onto their rules-based solutions, banks can reduce the rates of false positives in detection algorithms. This lowers costs and helps investigators stay focused on actual incidents.

The aggregation of customer information that comes from the closer collaboration of the groups addressing financial crime, fraud, and cybersecurity will generally heighten the power of the institution’s analytic and detection capabilities. For example, real-time risk scoring and transaction monitoring to detect transaction fraud can accordingly be deployed to greater effect. This is one of several improvements that will enhance regulatory preparedness by preventing potential regulatory breaches.

The customer experience and digital trust

The integrated approach to fraud risk can also result in an optimized customer experience. Obviously, meaningful improvements in customer satisfaction help shape customer behavior and enhance business outcomes. In the context of the risk operating model, objectives here include the segmentation of fraud and security controls according to customer experience and needs as well as the use of automation and digitization to enhance the customer journey. Survey after survey has affirmed that banks are held in high regard by their customers for performing well on fraud.

Unified risk management for fraud, financial crime, and cyberthreats thus fosters digital trust, a concept that is taking shape as a customer differentiator for banks. Security is clearly at the heart of this concept and is its most important ingredient. However, such factors as convenience, transparency, and control are also important components of digital trust. The weight customers assign to these attributes varies by segment, but very often such advantages as hassle-free authentication or the quick resolution of disputes are indispensable builders of digital trust.

A holistic view

The objective of the transformed operating model is a holistic view of the evolving landscape of financial crime. This is the necessary standpoint of efficient and effective fraud-risk management, emphasizing the importance of independent oversight and challenge through duties clearly delineated in the three lines of defense. Ultimately, institutions will have to integrate business, operations, security, and risk teams for efficient intelligence sharing and collaborative responses to threats.

How to proceed?

The target fraud-risk operating model: key questions for banks.

In designing their target risk operating model for financial crimes, fraud, and cybersecurity, leading banks are probing the following questions.

Processes and activities

What are the key processes or activities to be conducted for customer identification and authentication, monitoring and detection of anomalies, and responding to risks or issues?
How frequently should specific activities be conducted (such as reporting)?
What activities can be consolidated into a “center of excellence”?

People and organization

Who are the relevant stakeholders in each line of defense?
What skills and how many people are needed to support the activities?
What shared activities should be housed together (for example, in centers of excellence)?
What is the optimal reporting structure for each type of financial crime—directly to the chief risk officer? To the chief operations officer? To IT?

Data, tools, and technologies

What data should be shared across cybersecurity, fraud, and other financial-crime divisions? Can the data sit in the same data warehouses to ensure consistency and streamlining of data activities?
What tools and frameworks should converge (for example, risk-severity matrix, risk-identification rules, taxonomy)? How should they converge?
What systems and applications do each of the divisions use? Can they be streamlined?
What are the governance bodies for each risk type? How do they overlap? For example, does the same committee oversee fraud and cybersecurity? Does committee membership overlap?
What are the specific, separate responsibilities of the first and second lines of defense?
What measurements are used to set the risk appetite by risk type? How are they communicated to the rest of the organization?

When banks design their journeys toward a unified operating model for financial crime, fraud, and cybersecurity, they must probe questions about processes and activities, people and organization, data and technology, and governance (see sidebar “The target fraud-risk operating model: Key questions for banks”).

Most banks begin the journey by closely integrating their cybersecurity and fraud units. As they enhance information sharing and coordination across silos, greater risk effectiveness and efficiency becomes possible. To achieve the target state they seek, banks are redefining organizational “lines and boxes” and, utility.

Most have stopped short of fully unifying the risk functions relating to financial crimes, though a few have attained a deeper integration. A leading US bank set up a holistic “center of excellence” to enable end-to-end decision making across fraud and cybersecurity. From prevention to investigation and recovery, the bank can point to significant efficiency gains. A global universal bank has gone all the way, combining all operations related to financial crimes, including fraud and AML, into a single global utility. The bank has attained a more holistic view of customer risk and reduced operating costs by approximately $100 million.

As criminal transgressions in the financial-services sector become more sophisticated and break through traditional risk boundaries, banks are watching their various risk functions become more costly and less effective. Leaders are therefore rethinking their approaches to take advantage of the synergies available in integration. Ultimately, fraud, cybersecurity, and AML can be consolidated under a holistic approach based on the same data and processes. Most of the benefits are available in the near term, however, through the integration of fraud and cyber operations.

Explore a career with us

The new frontier in anti–money laundering

Flushing out the money launderers with better customer risk-rating models

Cybersecurity and the risk function

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

View all journals
My Account Login
Explore content
About the journal
Publish with us
Sign up for alerts
Open access
Published: 23 February 2023

Exploring the global geography of cybercrime and its driving forces

Shuai Chen ORCID: orcid.org/0000-0003-3623-1532 1 , 2 ,
Mengmeng Hao ORCID: orcid.org/0000-0001-5086-6441 1 , 2 ,
Fangyu Ding ORCID: orcid.org/0000-0003-1821-531X 1 , 2 ,
Dong Jiang 1 , 2 ,
Jiping Dong 1 , 2 ,
Shize Zhang 3 ,
Qiquan Guo 1 &
Chundong Gao 4

Humanities and Social Sciences Communications volume 10 , Article number: 71 ( 2023 ) Cite this article

10k Accesses

10 Citations

1 Altmetric

Metrics details

Criminology
Science, technology and society

Cybercrime is wreaking havoc on the global economy, national security, social stability, and individual interests. The current efforts to mitigate cybercrime threats are primarily focused on technical measures. This study considers cybercrime as a social phenomenon and constructs a theoretical framework that integrates the social, economic, political, technological, and cybersecurity factors that influence cybercrime. The FireHOL IP blocklist, a novel cybersecurity data set, is used to map worldwide subnational cybercrimes. Generalised linear models (GLMs) are used to identify the primary factors influencing cybercrime, whereas structural equation modelling (SEM) is used to estimate the direct and indirect effects of various factors on cybercrime. The GLM results suggest that the inclusion of a broad set of socioeconomic factors can significantly improve the model’s explanatory power, and cybercrime is closely associated with socioeconomic development, while their effects on cybercrime differ by income level. Additionally, results from SEM further reveals the causal relationships between cybercrime and numerous contextual factors, demonstrating that technological factors serve as a mediator between socioeconomic conditions and cybercrime.

Persistent interaction patterns across social media platforms and over time

Michele Avalle, Niccolò Di Marco, … Walter Quattrociocchi

Negativity drives online news consumption

Claire E. Robertson, Nicolas Pröllochs, … Stefan Feuerriegel

A cross-verified database of notable people, 3500BC-2018AD

Morgane Laouenan, Palaash Bhargava, … Etienne Wasmer

Introduction

Cybercrime is a broad term used by government, businesses, and the general public to account for a variety of criminal activities and harmful behaviours involving the adoption of computers, the internet, or other forms of information communications technologies (ICTs) (Wall, 2007 ). As an emerging social phenomenon in the information age, cybercrime has aroused growing concern around the world due to its high destructiveness and widespread influence. In 2017, the WannaCry ransomware attack affected more than 230,000 computers across 150 countries, resulting in economic losses of more than 4 billion dollars and posing a serious danger to the global education, government, finance, and healthcare sectors (Ghafur et al., 2019 ; Castillo and Falzon, 2018 ; Mohurle and Patil, 2017 ). Although there is currently no precise and universally accepted definition of cybercrime (Phillips et al., 2022 ; Holt and Bossler, 2014 ), it is generally acknowledged that the term covers both traditional crimes that are facilitated or amplified by utilising ICTs as well as new types of crimes that emerged with the advent of ICTs (Ho and Luong, 2022 ). Based on the role of technology in the commission of the crime, the most widely utilised typology divides cybercrime into cyber-dependent crime (such as hacking, distributed denial of service, and malware) and cyber-enabled crime (online fraud, digital piracy, cyberbullying) (Brenner, 2013 ; Sarre et al., 2018 ; McGuire and Dowling, 2013 ). Along with the rapid development of ICTs and the increasing prevalence of the internet, these criminal activities are significantly disrupting the global economy, national security, social stability, and individual interests. Although it is difficult to estimate the precise financial cost of cybercrime (Anderson et al., 2013 ; Anderson et al., 2019 ), statistical evidence from governments and industries indicates that the economic losses caused by cybercrime are extremely enormous and are still rising rapidly (McAfee, 2021 ).

Cybercrime is complicated in nature and involves many disciplines, including criminology, computer science, psychology, sociology, economics, geography, political science, and law, among others (Holt, 2017 ; Dupont and Holt, 2022 ; Payne, 2020 ). Computer science and cybersecurity efforts are primarily focused on applying technical approaches such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), firewalls, and anti-virus software to mitigate cyberattack threats (Kumar and Carley, 2016 ; Walters, 2015 ). These methods may help to some extent lessen the adverse impacts of cybercrime on both organisations and individuals. However, these technical solutions are largely unaware of the human and contextual factors that contribute to the issues, providing only reactive solutions, and are unable to keep up with the rapidly evolving modus operandi and emerging technologies (Clough, 2015 ; Neal, 2014 ). It is suggested that cybercrime is a complex social phenomenon driven by the compound interactions of underlying socioeconomic factors. Human and social factors play a substantial role in the formation of cybercrime agglomerations (Waldrop, 2016 ; Watters et al., 2012 ; Leukfeldt and Holt, 2019 ). They are also important aspects of cybercrime prevention and control (Dupont and Holt, 2022 ). The human factors influencing cybercrime have been the subject of an expanding body of sociological and psychological study in recent years. These studies, which covered cyberbullying, online harassment, identity theft, online fraud, malware infection, phishing, and other types of cybercrime, generally applied traditional criminological and psychological theories, such as routine activities theory, lifestyle-routine activities theory, self-control theory, and general strain theory, to explain the victimisation and offending of various cybercrimes (Bergmann et al., 2018 ; Mikkola et al., 2020 ; Ngo and Paternoster, 2011 ; Pratt et al., 2010 ; Williams, 2016 ). Results from these studies suggested that by altering criminal motivations and opportunity structures, individual factors (i.e., age, gender, ethnicity, education, socioeconomic status, and self-control) and situational factors (online activities, time spent online, risk exposure, deviant behaviours) may have an impact on cybercrime offence and victimisation. These findings advanced our knowledge in understanding the impact of technology on criminal behaviours, factors affecting the risk of cyber victimisation, and the applicability of traditional criminological theories to cybercrime (Holt and Bossler, 2014 ).

Cybercrime is a highly geographical phenomenon on a macro-level scale, with some countries accounting for a disproportionate amount of cybercrimes (Kigerl, 2012 ; Kigerl, 2016 ). This spatial heterogeneity is closely related to specific socioeconomic contexts (Kshetri, 2010 ). Academic efforts have been made to identify the clusters of high cybercrime countries and to explain the potential socioeconomic factors that led to the formation of these clusters. For example, Mezzour, Carley, and Carley ( 2014 ) found that Eastern European countries hosted a greater number of attacking computers due to their superior computing infrastructure and high levels of corruption. Similarly, Kumar and Carley ( 2016 ) found that higher levels of corruption and large internet bandwidth would favour attack origination. They also noted that countries with the greater gross domestic product (GDP) per capita and better ICT infrastructure were targeted more frequently. Meanwhile, Srivastava et al. ( 2020 ) pointed out that countries with better technology and economic capital were more likely to become the origins of cybercrime, but countries with better cybersecurity preparedness may reduce the frequency of the cybercrime originating within them. Moreover, Holt, Burruss, and Bossler ( 2018 ) suggested that nations with better technological infrastructure, greater political freedom, and fewer organised crime were more likely to report malware infections, while Overvest and Straathof ( 2015 ) suggested that the number of internet users, bandwidth, and economic ties were significantly related to cyberattack origin. Kigerl ( 2012 ) found that a higher unemployment rate and more internet users were linked to an increase in spam activities. However, these studies have tended to utilise a restricted range of predictor variables and only included certain aspects of cybercrime. Besides, most of the studies have been conducted at the national level, which could potentially hide many disparities within countries.

In this work, we construct a conceptual model to better represent the context from which cybercrime emerges, which is applied as a framework to analyse the underlying socioeconomic driving forces. A novel cybersecurity data set, the FireHOL IP blocklist, is adopted as a proxy to reflect the levels of cybercriminal activities within different areas. A set of social, economic, political, technological, and cybersecurity indicators is used as explanatory variables. Generalised linear models (GLMs) are used to quantify the effect of each factor on cybercrime, while structural equation modelling (SEM) is used to estimate the complex interactions among various factors and their direct and indirect effects on cybercrime.

Conceptual framework

We propose a conceptual framework for examining the driving forces of cybercrime by reviewing existing empirical literature and integrating different criminological theories. The conceptual framework includes five interrelated components: the social, economic, political, technological, and cybersecurity factors. The potential pathways by which each component may directly or indirectly influence cybercrime are illustrated in Fig. 1 .

The solid line indicates a direct effect, and a dashed line indicates indirect effect. H1–H5 refer to the five hypotheses, “+” indicates a positive effect, and “−” indicates a negative effect.

The social and economic factors depict the level of regional development, serving as the fundamental context in which cybercrime emerges. Given the intrinsic technological nature of cybercrime, global urbanisation, and the information technology revolution have promoted global connectivity and created unprecedented conditions and opportunities for cybercrime (UNODC, 2013 ). From the perspective of general strain theory, poverty, unemployment, income inequality, and other social disorders that are accompanied by social transformations could lead to cultures of materialism and stimulate motivations of cybercrime for illegal gains (Meke, 2012 ; Onuora et al., 2017 ). On the other hand, economically developed regions generally have superior ICT infrastructure, which can provide convenient and low-cost conditions for cybercriminals to commit crimes. High educational attainment is also likely to be associated with cybercrime, given that cybercrime usually requires some level of computer skills and IT knowledge (Holt and Schell, 2011 ; Asal et al., 2016 ). In general, better socioeconomic conditions are associated with more cybercriminal activities, which leads us to develop the first two hypotheses:

H1: Social factor is positively associated with cybercrime .

H2: Economic factor is positively associated with cybercrime .

The influence of political factors on cybercrime is mainly reflected in the regulation and intervention measures of governments in preventing and controlling cybercrime, such as legal system construction, government efficiency, control of corruption, and political stability. The offender’s decision to engage in illegal activity is a function of the expected probability of being arrested and convicted and the expected penalty if convicted (Ehrlich, 1996 ). As with traditional crimes, the lack of efficient social control and punishment mechanism will breed criminal behaviours. The deterrent effect of the legislation makes cybercriminals have to consider the consequences they need to bear. While the virtual and transnational nature of cyberspace makes it easier for perpetrators to avoid punishment, cybercrime can be deterred to some extent by increasing the severity of punishment and international law enforcement cooperation (Hall et al., 2020 ). On the other side, cybercriminals could seek protection through corrupt connections with the local institutional environment, which would weaken law enforcement operations and encourage cybercriminal activities (Hall et al., 2020 ; Lusthaus and Varese, 2021 ; Sutanrikulu et al., 2020 ). For instance, corruption in law enforcement authorities makes it hard for cybercriminals to be punished, while corruption in network operators or internet service providers (ISPs) makes it easier for cybercriminals to apply for malicious domain names or register fake websites. Some studies have shown that areas with high levels of corruption usually have more cybercriminal activities (Mezzour et al., 2014 ; Watters et al., 2012 ). Cybercrimes are typically attributed to political corruption, ineffective governance, institutional weakness, and weak rule of law across West Africa and East Europe (Asal et al., 2016 ). Therefore, we propose that:

H3: Political factor is negatively associated with cybercrime .

The technological environment, which is composed of communication conditions and underlying physical ICT infrastructure, serves as an essential medium through which cybercrime is committed. According to the rational choice theory, crime is the result of an individual’s rational consideration of the expected costs and benefits attached to their criminal activity (Mandelcorn et al., 2013 ; Brewer et al., 2019 ). Better internet infrastructure, greater internet penetration, and faster connection could facilitate cybercrimes by reducing crime costs, expanding opportunities, and increasing potential benefits. For example, in a majority of spam and DDoS attacks, cybercriminals often carry out large-scale coordinated attacks by sending remote commands to a set of compromised computers (also known as botnets). High-performance computers and high-bandwidth connectivity such as university, corporate, and government servers allow for more efficient attacks and could expand the scope of cybercrime, making them preferred by cybercriminals (Hoque et al., 2015 ; Van Eeten et al., 2010 ; Eslahi et al., 2012 ). We thus hypothesise that:

H4: Technological factor is positively related to cybercrime .

Cybersecurity preparedness reflects the capabilities and commitment of a country to prevent and combat cybercrime. According to the International Telecommunication Union (ITU), cybersecurity preparedness involves the legal, technical, organisation, capacity, and cooperation aspects (Bruggemann et al., 2022 ). Legal measures such as laws and regulations define what constitutes cybercrime and specify necessary procedures in the investigation, prosecution, and sanction of cybercrime, providing a basis for other measures. Technical measures refer to the technical capabilities to cope with cybersecurity risks and build cybersecurity resilience through national institutions and frameworks such as the Computer Incident Response Teams (CIRTs) or Computer Emergency Response Teams (CERTs). Organisation measures refer to the comprehensive strategies, policies, organisations, and coordination mechanisms for cybersecurity development. Capacity development reflects the research and development, awareness campaigns, training and education, and certified professionals and public agencies for cybersecurity capacity building. Cooperation measures refer to the collaboration and information sharing at the national, regional, and international levels, which is essential in addressing cybersecurity issues given the transnational nature of cybercrime. According to the general deterrence theory and routine activity theory of criminology (Leukfeldt and Holt, 2019 ; Hutchings and Hayes, 2009 ; Lianos and McGrath, 2018 ), cybersecurity preparedness serves as a deterrent or a guardianship of cybercrime. It is crucial in defending a country from external cybercrime as well as reducing cybercrime originating from within. Therefore, we hypothesise that:

H5: Cybersecurity preparedness is negatively associated with cybercrime .

The five hypotheses proposed in the conceptual model (Fig. 1 ) outline the direct effects of various contextual drivers on cybercrime. The social, economic, political, technological, and cybersecurity factors may interact in other ways, which could also have an indirect impact on cybercrime. Then, using a combination of two statistical methods and a set of explanatory covariates, we test the hypothesised pathways.

Cybercrime data

It is commonly acknowledged among cybercrime scholars that the lack of standardised legal definitions of cybercrime and valid, reliable official statistics makes it difficult to estimate the prevalence or incidence of cybercrime around the world (Holt and Bossler, 2015 ). Although in some countries, law enforcement agencies do collect data on cybercrime (e.g., police data and court judgement), there are inevitable under-reporting and under-recording issues with these official data (Holt and Bossler, 2015 ; Howell and Burruss, 2020 ). This has prompted some researchers to use alternative data sources to measure cybercrime, including social media, online forums, emails, and cybersecurity companies (Holt and Bossler, 2015 ). Among these data sources, technical data such as spam emails, honeypots, IDS/IPS or firewall logs, malicious domains/URLs, and IP addresses are often used as proxies for different aspects of cybercrime (Amin et al., 2021 ; Garg et al., 2013 ; Kigerl, 2012 ; Kigerl, 2016 ; Kigerl, 2021 ; Mezzour et al., 2014 ; Srivastava et al., 2020 ; Kshetri, 2010 ), accounting for a large proportion in the literature of macro-level cybercrime research. However, due to the anonymity and virtuality of cyberspace, cybercriminals are not restrained by national boundaries and could utilise compromised computers distributed around the world as a platform to commit cybercrime. Meanwhile, IP addresses can be faked or spoofed by using technologies such as proxy servers, anonymity networks, and virtual private networks (VPNs) to hide the true identity and location of cybercriminals (Holt and Bossler, 2015 ; Leukfeldt and Holt, 2019 ). As a result, the attribution of cybercriminal becomes extremely challenging and requires a high level of expertise and coordination from law enforcement agencies and cybersecurity teams (Lusthaus et al., 2020 ). Therefore, instead of capturing where cybercriminals reside in physical space, most studies using these technical data are measuring the possible locations where the cyberattacks or cybercrimes originate, even if part of them could be locations where cybercriminals choose to host their botnets or spam servers. Though there is partial support that certain types of cyberattacks originate from physically proximate IP addresses (Maimon et al., 2015 ), more elaborate and comprehensive research is lacking.

In this study, we used a novel cybersecurity data set, the IP addresses from FireHOL blocklist (FireHOL, 2021 ), as a proxy to measure cybercrime. The FireHOL IP blocklist is a composition of multiple sources of illegitimate or malicious IP addresses, which can be used on computer systems (i.e., servers, routers, and firewalls) to block access from and to these IPs. These IPs are related to certain types of cybercrime activities, including abuse, attacks, botnets, malware, command and control, and spam. We adopt FireHOL level 1 blocklist, which consists of ~2900 subnets and over 600 million unique IPs, with a minimum of false positives. The anonymous IPs, which are used by other parties to hide their true identities, such as open proxies, VPN providers, etc., were excluded from the analysis. Next, we applied an open-source IP geolocation database, IP2Location™ Lite, to map these unique IP addresses in specific geographic locations in the form of country/region/city and longitude/altitude pair. The location accuracy of the IP geolocation is high at the national and regional levels, with ~98% accuracy at the country level and 60% at the city level. In order to reduce uncertainty, we focused on the analysis at the state/region level. At last, we calculated the counts of unique IPs located within each subnational area to measure the global distribution of cybercrimes.

Although FireHOL IP blocklist has the same restrictions as other technical data, it was used in this study for several reasons. The basic function of IP addresses in the modern internet makes it an indispensable element in different phases of cybercrime, it is also the key ingredient of cybercrime attribution and digital evidence collection. As a result, an IP-based firewall is one of the most effective and commonly used preventive measures for cybersecurity defence. FireHOL IP blocklist has the advantage of global coverage and includes different cybercrime types. It dynamically collects cybercrime IPs from multiple sources around the world. Although it is difficult to determine whether the IPs in the blocklist are the real sources of cybercrime or come from infected machines, it does reflect the geographical distribution of the malicious IPs that are related to certain cybercrime activities. Besides, it provides a more fine-grained estimate of the subnational cybercrime geography than country-level statistics.

Explanatory variables

We adopted a broad set of explanatory variables to characterise the social, economic, political, technological, and cybersecurity conditions based on the conceptual model presented above (Fig. 1 ). The social environment is represented by population, the population aged 15–64, education index, nighttime light index, and human development index (HDI); The economic condition is measured by income index, GDP growth, Gini index, unemployment (% of the total labour force) and poverty rate; The political environment is measure by 5 dimensions of the World Governance Indicators (WGI), including control of corruption, government effectiveness, rule of law, political stability and absence of violence/terrorism, voice and accountability. The technological environment is reflected by the internet infrastructure (the number of internet data centres and internet exchange centres), internet users (% of the population), international bandwidth (per internet user), secure internet server (per 1 million people), and fixed broadband subscriptions (per 100 people). Moreover, we applied the five dimensions of the Global Cybersecurity Index (GCI) to assess the level of commitment among various nations to cybersecurity, including legal measures, technical measures, organisational measures, capacity development measures, cooperation measures, and one overall cybersecurity index (the sum of the 5 measures above). Population, income index, education index, HDI, nighttime light, and infrastructure data are collected at the subnational administrative level, while other variables are derived at the country level. Log transformations (base 10) were used to improve normality for variables with skewed distributions, including population, nighttime light, infrastructure, fixed broadband, secure internet server, and bandwidth. All variables were normalised for further analysis.

Generalised linear models (GLMs)

In this study, GLMs were used to assess the potential influence of various explanatory variables on cybercrime and to identify the most important factors. A GLM is an extension of a regular regression model that includes nonnormal response distributions and modelling functions (Faraway, 2016 ). GLM analyses were conducted at two scales: the global scale and the income group scale. All GLMs were built in R version 4.1.2 using the “glm” function of the “stats” package (R, Core Team, 2013 ), and a gaussian distribution is used as the link function. The Akaike information criterion (AIC), the determination coefficient ( R 2 ), and the significance level of the predictors ( p -value) are used to evaluate GLMs. The model with the lowest AIC and highest R 2 value is chosen as the optimal model. Variance inflation factors (VIFs) were calculated using the “car” package (Fox et al., 2012 ) to test for collinearity between quantitative explanatory variables prior to the GLM analysis. Variables with a VIF value greater than 10 (VIF > 10) were regarded as collinearity generators and were therefore excluded from further analysis. The relative contribution and coefficients of each GLM were plotted using the “GGally” package.

Structural equation modelling (SEM)

SEM was used to examine the causal relationships within the networks of interacting factors, thereby distinguishing the direct from indirect drivers of cybercrime. SEM is a powerful, multivariate technique found increasingly in scientific investigations to test and evaluate multivariate causal relationships (Fan et al., 2016 ). SEM differs from other modelling approaches in that it tests both the direct and indirect effects on pre-assumed causal relationships. The following fit indices were considered to evaluate model adequacy: (a) root mean square error of approximation (RMSEA), which is a “badness of fit” index in which 0 indicates a perfect fit while higher values indicate a lack of fit; (b) standardised root mean square residual (SRMR), which is similar to RMSEA and should be less than 0.09 for good model fit; (c) comparative fit index (CFI), which represents the amount of variance that has been accounted for in a covariance matrix ranging from 0.0 to 1.0, with a higher CFI value indicating better model fit; (d) Tucker–Lewis index (TLI), which is a non-normed fit index (NNFI) that proposes a fit index independent of sample size. In this study, SEM analysis was conducted using AMOS (Arbuckle, 2011 ).

Spatial distribution of cybercrime IPs

We mapped the subnational distribution of cybercrime IPs globally, which reveals significant spatial variability (see Fig. 2 ). On a global scale, most cybercrime IPs were located in North America, Central and Eastern Europe, East Asia, India, and eastern Australia. Meanwhile, areas with low numbers of cybercrime IPs were primarily found in large parts of Africa except for South Africa, western and northern parts of South America, Central America, some regions of the Middle East, southern parts of Central Asia, and some regions of Southeast Asia. On a continental scale, we found that the number of cybercrime IPs increased gradually from Africa to Europe. The two continents with the most cybercrime IPs were North America and Europe, with North America showing more variations. This trend seems to be closely associated with the regional socioeconomic development level. To further investigate this relationship, we grouped the subnational regions by income level according to the World Bank classification rules. We found a more evident pattern, with high-income regions hosting the majority of cybercrime IPs and lower-middle-income regions hosting the least.

a Number of cybercrime IPs at the subnational level. b Log-transformed cybercrime IP count by continent: Africa (AF), Asia/Oceania (AS/OC), South America (SA), North America (NA) and Europe (EU). c Log-transformed cybercrime IP count by income group: low-income (LI), lower-middle-income (LMI), upper-middle-income (UMI) and high-income (HI) groups. The centre line, boxes, and whiskers show the means, 1 standard error (SE), and 95% confidence interval (CI), respectively.

Major factors influencing cybercrime

GLMs were built based on the 5 categories of 26 representative influential variables identified in the conceptual framework. After excluding 8 collinear variables (i.e., government effectiveness, rule of law, HDI, and 5 cybersecurity measures) and 7 nonsignificant variables (GDP growth, unemployment, poverty, political stability, voice and accountability, bandwidth, and internet users), the global scale GLM model includes 11 variables with an R 2 value of 0.82. Figure 3 shows the relative contribution of each predictor variable to the model. Globally, the social and technological factors contribute most to the model, with relative contribution rates of 53.4% and 30.1%, respectively. Infrastructure alone explains up to 18.1% of the model variance in cybercrimes ( R 2 to 0.504). However, the inclusion of the population and education index improves the explanation of model variance by 18.3% and 28.5%, respectively ( R 2 to 0.596 and 0.766). This is also the case with GLMs of different income groups, indicating that despite the main effects of technological factors, the inclusion of a broad set of socioeconomic factors significantly improves the accuracy of models that attempt to quantify the driving forces of cybercrime.

Relative contribution of predictor variables to cybercrime.

When assessed by income group, we noted that although the social and technological factors were the most important factors in explaining cybercrime, the contribution of each variable varies by income group. For example, the contribution of the income index decreases gradually from low-income regions to wealthier regions, while the Gini index is more significant in upper-middle regions and high-income regions than in low-income regions and lower-middle-income regions. Fixed broadband subscriptions contributed the most in low-income regions and the least in high-income regions. Additionally, cybersecurity preparedness has a greater influence on low-income and lower-middle-income regions.

Estimated effect of factors on cybercrime

The coefficient values in Fig. 4 represent effect sizes from the GLMs for the relationship between cybercrime and the five categories of contextual factors. At the global scale, cybercrime is positively correlated with social, economic, and technological factors, suggesting that most cybercrimes are launched in regions with a higher population, higher urbanisation, better educational and economic conditions, and, most importantly, improved internet infrastructure and communication conditions. By contrast, cybercrime is negatively related to political and cybersecurity factors, indicating that the control of corruption and the commitment to cybersecurity show certain inhibitory effects on cybercrime.

The coefficient values are represented as dots, significant variables are represented as filled dots, nonsignificant variables are represented as hollow dots, and bars represent 95% CIs.

From the perspective of income groups, the ways contextual factors affect cybercrime remain basically consistent with the global results, but subtle differences are observed. In low-income countries, the influence of the income index on cybercrime is the strongest, and cybercrime is significantly associated with a higher income index, higher education index, better infrastructure, and higher fixed broadband subscriptions. This pattern may indicate that in low-income countries, wealthier areas tend to have more cybercrimes due to the existence of better communication conditions in these areas. However, in high-income countries, where the internet is universally available, the roles of income index and fixed broadband subscriptions gradually weaken. In contrast, the effects of the Gini index and education are stronger in wealthier countries, indicating that economic inequality and education in these countries can be important drivers of cybercrime. Moreover, the control of corruption is negatively related to cybercrime in lower-middle, upper-middle, and high-income regions.

Pathways of factors for cybercrime

To understand the intricate interactions among different predictors, we perform SEM based on the conceptual model. The SEM model is composed of five latent variables, representing the social, economic, political, technological, and cybersecurity context, and each latent variable has five components reflected by the explanatory variables. Overall SEM fit is assessed, showing a good fit (CFI = 0.917, TLI = 0.899, SRMR = 0.058). SEM confirms many of the hypotheses in the conceptual model, and all relationships are statistically significant. Fig. 5 shows the results of SEM.

Black arrows indicate a positive effect, red arrows indicate a negative effect, and values on the straight arrows between variables represent the standardised path coefficients.

According to the SEM, all the hypotheses are tested and supported. Specifically, social, economic, and technological factors have direct positive effects on cybercrime (standardised path coefficients of direct effect are 0.03, 0.10, and 0.61, respectively), indicating that when social, economic, and technological factors go up by 1 standard deviation, cybercrime goes up by 0.03, 0.10, and 0.61 standard deviations, respectively. By contrast, the political and cybersecurity factors have direct negative effects on cybercrime (standardised path coefficients of direct effect are −0.22 and −0.07, respectively), indicating that 1 standard deviation rise in political and cybersecurity factors are associated with 0.22 and 0.07 standard deviations decrease of cybercrime, respectively. It is worth noting that although the direct effects of social and economic factors on cybercrimes are relatively small, their indirect effects on cybercrime through the mediation of technological and political factors are non-negligible.

In sum, SEM quantifies the direct and indirect effects of social, economic, political, technological, and cybersecurity factors on cybercrime, consistent with the hypotheses outlined in the conceptual model. More importantly, the results suggest that even though cybercrimes are primarily determined by technological factors, the direct and indirect effects of underlying social, economic, political, and cybersecurity also play significant roles. This suggests that the technological factor is a necessary but not sufficient condition for the occurrence of cybercrime.

In the current study, we mapped the global subnational distribution of cybercrimes based on a novel cybersecurity data set, the FireHOL IP blocklist. Given the widespread difficulty in obtaining cybercrime data, the data sources used in this study could provide an alternative measure of the subnational cybercrime level on a global scale. Compared to country-level studies (Amin et al., 2021 ; Garg et al., 2013 ; Goel and Nelson, 2009 ; Solano and Peinado, 2017 ; Sutanrikulu et al., 2020 ), the results present a more fine-grained view of the spatial distribution of cybercrime. The map reveals high spatial variability of cybercrime between and within countries, which appears to be closely related to local socioeconomic development status.

To recognise the driving forces behind cybercrime, we proposed a theoretical framework that encompasses the social, economic, political, technological, and cybersecurity factors influencing cybercrime, drawing on existing theoretical and empirical research. On this basis, we used GLMs to identify the major factors and their contributions to cybercrime and SEM to quantify the direct and indirect effects of these driving forces. The GLM results show that using technological factors alone as explanatory variables is insufficient to account for cybercrime, and the inclusion of a broad suite of social, economic, political, technological, and cybersecurity factors can remarkably improve model performance. Global scale modelling indicates that cybercrime is closely associated with socioeconomic and internet development, as developed regions have more available computers and better communication conditions that facilitate the implementation of cybercrime. Some studies have argued that wealthier areas might have fewer incentives for cybercrime, while poorer areas could benefit more from cybercrime activities (Ki et al., 2006 ; Kigerl, 2012 ; Kshetri, 2010 ). However, our study shows that the technological factors constituted by the internet infrastructure and communication conditions are necessary for the production of cybercrime, rendering wealthier areas more convenient for committing cybercrime.

Meanwhile, the GLMs of the 4 income groups demonstrate important differential impacts of the explanatory variables on cybercrime. For example, in low-income countries, where the overall internet penetration rate is low, cybercrime originates mainly in more developed areas with better internet infrastructure, higher internet penetration, and higher education levels. A typical example is the “Yahoo Boys” in Nigeria, referring to young Nigerians engaged in cyber fraud through Yahoo mail, mostly well-educated undergraduates with digital skills (Lazarus and Okolorie, 2019 ). A range of factors, such as a high rate of unemployment, a lack of legitimate economic opportunities, a prevalence of cybercrime subculture, a lack of strong cybercrime laws, and a high level of corruption, have motivated them to obtain illegal wealth through cybercrime. In contrast, cybercrime in high-income regions originates in areas with a high Gini index and a high education level. One possible explanation for this finding may be that well-educated individuals who live in countries with a high Gini index are paid less for their skills than their counterparts, which motivates them to engage in cybercrimes to improve their lives.

Encouragingly, both the GLM and SEM results suggest that political factors and cybersecurity preparedness can mitigate the incidence of cybercrime to some extent, in agreement with the hypotheses. Though previous country-level studies suggest that countries facing more cybersecurity threats tend to have a high level of cybersecurity preparedness (Makridis and Smeets, 2019 ; Calderaro and Craig, 2020 ), our results indicate that cybersecurity preparedness could in turn reduce cybercrimes that originate from a country. This emphasises the importance of government intervention and cybersecurity capacity building. The necessary intervening measures may include the enactment and enforcement of laws, regulation of telecommunication operators and internet service providers (ISPs), strengthening of strike force by security and judicial departments, and improvement of cybersecurity capacity. Given the interconnectedness of cyberspace and the borderless nature of cybercrime, it must be recognised that cybersecurity is not a problem that can be solved by any single country. Thus, enhancing international cooperation in legal, technical, organisational, and capacity aspects of cybersecurity becomes an essential way to tackle cybersecurity challenges.

As presented through SEM, technological factors are closely associated with the development of socioeconomic development and serve as a mediator between socio-economic conditions and cybercrime. In the past decades, ICTs have developed unevenly across different parts of the world due to a range of geographic, socioeconomic, and demographic factors, which has led to the global digital divide (Pick and Azari, 2008 ). The disparities in internet access in different regions have largely determined the spatial patterns of cybercrime. Currently, developing countries (especially those within Asia, Africa, and Latin America) are the fastest-growing regions in terms of ICT infrastructure and internet penetration (Pandita, 2017 ). However, even in developed countries, the progress of technological innovation has outpaced the establishment of legal regulations, national institutions and frameworks, policies and strategies, and other mechanisms that could help manage the new challenges (Bastion and Mukku, 2020 ). Many developing countries are facing difficulties in combating cybercrime due to a lack of adequate financial and human resources, legal and regulatory frameworks, and technical and institutional capacities, providing a fertile ground for cybercrime activities. In this vein, it is extremely urgent and necessary to enhance the cybersecurity capacities of developing countries and engage them in the international cooperation of cybersecurity, ensuring that they can maximize the socio-economic benefits of technological development instead of being harmed by it.

Cybercrime is a sophisticated social phenomenon rooted in deep and comprehensive geographical and socioeconomic causes. This study offers an alternative perspective in solving cybersecurity problems instead of pure technical measures. We believe that improvements in cybersecurity require not only technological, legal, regulatory, and policing measures but also broader approaches that address the underlying social, economic, and political issues that influence cybercrime. While the results presented in this study are preliminary, we hope that this work will provide an extensible framework that can be expanded for future studies to investigate the driving forces of cybercrime.

However, our study has several limitations due to the disadvantages of data. First and foremost, the geo-localisation of cybercrimes or cybercriminals remains a major challenge for cybercrime research. Although the FireHOL IP blocklist has the potential to measure global cybercrime at a high spatial resolution, IP-based measures may not accurately capture the true locations of cybercriminals, as they may simply exploit places with better ICT infrastructure. Therefore, caution should be exercised in interpreting the associations between cybercrime and socioeconomic factors. Future studies combining survey data, police and court judgement data, and cybercrime attribution techniques are needed to further validate the accuracy and validity of IP-based technical data in measuring the geography of cybercrime and gain a deeper understanding of the driving forces of cybercrime. Besides, COVID-19 has greatly changed the way we live and work, and many studies have suggested that the pandemic has increased the frequency of cybercrimes within the context of economic recession, high unemployment, accelerated digital transformation, and unprecedented uncertainty (Lallie et al., 2021 ; Eian et al., 2020 ; Pranggono and Arabo, 2021 ). Unfortunately, the blocklist data cannot well capture this dynamic due to a lack of temporal attributes. Furthermore, different types of cybercrime can be influenced by different mechanisms. We use the total amount of all types of cybercrime IPs instead of looking into a specific type of cybercrime, given that such segmentation may result in data sparsity for some groups. Future studies are needed to determine how different categories of cybercrimes are affected by socioeconomic factors. At last, micro-level individual and behaviour characteristics and more fine-grained explanatory variables should be included to better understand cybercrime.

Data availability

The FireHOL IP lists data are publicly available at the FireHOL website ( https://iplists.firehol.org/ and https://github.com/firehol/blocklist-ipsets ); population, education index, income index, HDI, and subnational regions data are available from Global Data Lab ( https://globaldatalab.org ); nighttime light data are available from the Earth Observation Group ( https://eogdata.mines.edu/download_dnb_composites.html ); Population aged 15–64, Gini index, GDP growth, unemployment, poverty rate, control of corruption, government effectiveness, rule of law, political stability and absence of violence/terrorism, and voice and accountability, are obtained from World Bank ( https://databank.worldbank.org/home.aspx ), the internet users, international bandwidth, secure internet server, and fixed broadband subscriptions are available from International Telecommunication Union (ITU) ( https://www.itu.int/itu-d/sites/statistics ); the internet infrastructure are collected from TeleGeography ( https://www.internetexchangemap.com ) and the World Data Centers Database ( https://datacente.rs ); the legal measures, technical measures, organisational measures, capacity development, cooperation measures and overall cybersecurity index were obtained from the Global Cybersecurity Index (GCI) of the ITU ( https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx ).

Amin RW, Sevil HE, Kocak S, Francia G, Hoover P (2021) The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information 12(1):2

Article Google Scholar

Anderson R, Barton C, Böhme R, Clayton R, Van Eeten MJ, Levi M, Moore T, Savage S (2013) Measuring the cost of cybercrime. In: The economics of information security and privacy. Springer, pp. 265–300

Anderson R, Barton C, Bölme R, Clayton R, Ganán C, Grasso T, Levi M, Moore T, Vasek M (2019) Measuring the changing cost of cybercrime. The 18th Annual Workshop on the Economics of Information Security. https://doi.org/10.17863/CAM.41598

Arbuckle JL (2011) IBM SPSS Amos 20 user’s guide. Amos Development Corporation, SPSS Inc. pp. 226–229

Asal V, Mauslein J, Murdie A, Young J, Cousins K, Bronk C (2016) Repression, education, and politically motivated cyberattacks. J Glob Secur Stud 1(3):235–247

Bastion G, Mukku S (2020) Data and the global south: key issues for inclusive digital development. https://doi.org/10.13140/RG.2.2.35091.50724

Bergmann MC, Dreißigacker A, von Skarczinski B, Wollinger GR (2018) Cyber-dependent crime victimization: the same risk for everyone? Cyberpsychol Behav Soc Network 21(2):84–90

Brenner SW (2013) Cybercrime: re-thinking crime control strategies. Crime online: Willan. pp. 12–28

Brewer R, de Vel-Palumbo M, Hutchings A, Holt T, Goldsmith A, Maimon D (2019) Cybercrime prevention: theory and applications. Springer

Bruggemann R, Koppatz P, Scholl M, Schuktomow R (2022) Global cybersecurity index (GCI) and the role of its 5 pillars. Soc Indic Res 159(1):125–143

Calderaro A, Craig AJ (2020) Transnational governance of cybersecurity: policy challenges and global inequalities in cyber capacity building. Third World Q 41(6):917–938

Castillo D, Falzon J (2018) An analysis of the impact of Wannacry cyberattack on cybersecurity stock returns. Rev Econ Financ 13:93–100

Google Scholar

Clough J (2015) Principles of cybercrime. Cambridge University Press

Dupont B, Holt T (2022) The human factor of cybercrime. Soc Sci Comput Rev 40(4):860–864

Ehrlich I (1996) Crime, punishment, and the market for offenses. J Econ Perspect 10(1):43–67

Eian IC, Yong LK, Li MYX, Qi YH, Fatima Z (2020) Cyber attacks in the era of covid-19 and possible solution domains. Preprints 2020, 2020090630

Eslahi M, Salleh R, Anuar NB (2012) ‘Bots and botnets: an overview of characteristics, detection and challenges’. 2012 IEEE International Conference on Control System, Computing and Engineering. IEEE, pp. 349–354

Fan Y, Chen J, Shirkey G, John R, Wu SR, Park H, Shao C (2016) Applications of structural equation modeling (SEM) in ecological studies: an updated review. Ecol Process 5(1):1–12

Faraway JJ (2016) Extending the linear model with R: generalized linear, mixed effects and nonparametric regression models. Chapman and Hall/CRC

FireHOL (2021) FireHOL. FireHOL IP lists. https://iplists.firehol.org [Accessed on Aug 21, 2021]

Fox J, Weisberg S, Adler D, Bates D, Baud-Bovy G, Ellison S, Firth D, Friendly M, Gorjanc G, Graves,S (2012) Package ‘car’, Vienna: R Foundation for Statistical Computing, 16

Garg V, Koster T, Camp LJ (2013) Cross-country analysis of spambots. EURASIP J Inform Secur 2013(1):1–13

Ghafur S, Kristensen S, Honeyford K, Martin G, Darzi A, Aylin P (2019) A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ Digit Med 2(1):1–7

Goel RK, Nelson MA (2009) Determinants of software piracy: economics, institutions, and technology. J Technol Transfer 34(6):637–658

Hall T, Sanders B, Bah M, King O, Wigley E (2020) Economic geographies of the illegal: the multiscalar production of cybercrime. Trend OrganCrime 24:282–307

Ho HTN, Luong HT (2022) Research trends in cybercrime victimization during 2010–2020: a bibliometric analysis. SN Soc Sci 2(1):1–32

Holt T, Bossler A (2015) Cybercrime in progress: Theory and prevention of technology-enabled offenses. Routledge

Holt TJ (2017) Cybercrime through an interdisciplinary lens. Routledge

Holt TJ, Bossler AM (2014) An assessment of the current state of cybercrime scholarship. Deviant Behav 35(1):20–40

Holt TJ, Burruss GW, Bossler AM (2018) Assessing the macro-level correlates of malware infections using a routine activities framework. Int J Offender Ther Comp Criminol 62(6):1720–1741

Article PubMed Google Scholar

Holt TJ, Schell BH (2011) Corporate hacking and technology-driven crime. Igi Global

Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17(4):2242–2270

Howell CJ, Burruss GW (2020) Datasets for analysis of cybercrime. In: The Palgrave handbook of international cybercrime and cyberdeviance. Palgrave Macmillan. pp. 207–219

Hutchings A, Hayes H (2009) Routine activity theory and phishing victimisation: who gets caught in the ‘net’? Curr Issues Crim Justice 20(3):433–452

Ki E-J, Chang B-H, Khang H (2006) Exploring influential factors on music piracy across countries. J Commun 56(2):406–426

Kigerl A (2012) Routine activity theory and the determinants of high cybercrime countries. Soc Sci Comput Rev 30(4):470–486

Kigerl A (2016) Cyber crime nation typologies: K-means clustering of countries based on cyber crime rates. Int J Cyber Criminol10(2): 147–169

Kigerl A (2021) Routine activity theory and malware, fraud, and spam at the national level, Crime Law Soc Chang 76:109–130

Kshetri N (2010) Diffusion and effects of cyber-crime in developing economies. Third World Q 31(7):1057–1079

Kumar S, Carley KM (2016) ‘Approaches to understanding the motivations behind cyber attacks’. 2016 IEEE Conference on Intelligence and Security Informatics (ISI). IEEE, pp. 307–309

Lallie HS, Shepherd LA, Nurse JR, Erola A, Epiphaniou G, Maple C, Bellekens X (2021) Cyber security in the age of covid-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comput Secur 105:102248

Article PubMed PubMed Central Google Scholar

Lazarus S, Okolorie GU (2019) The bifurcation of the Nigerian cybercriminals: Narratives of the Economic and Financial Crimes Commission (EFCC) agents. Telemat Informat 40:14–26

Leukfeldt R, Holt TJ (2019) The human factor of cybercrime. Routledge

Lianos H, McGrath A (2018) Can the general theory of crime and general strain theory explain cyberbullying perpetration? Crime Delinq 64(5):674–700

Lusthaus J, Bruce M, Phair N (2020) ‘Mapping the geography of cybercrime: a review of indices of digital offending by country’. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW): IEEE, pp. 448–453

Lusthaus J, Varese F (2021) Offline and local: the hidden face of cybercrime. Policing J Policy Pract 15(1):4–14

Maimon D, Wilson T, Ren W, Berenblum T (2015) On the relevance of spatial and temporal dimensions in assessing computer susceptibility to system trespassing incidents. Br J Criminol 55(3):615–634

Makridis CA, Smeets M (2019) Determinants of cyber readiness. J Cyber Policy 4(1):72–89

Mandelcorn S, Modarres M, Mosleh A (2013) An explanatory model of cyberattacks drawn from rational choice theory. Trans Am Nuclear Soc 109(1):1869–1871

McAfee (2021) McAfee and the Center for Strategic and International Studies (CSIS). The Hidden Costs of Cybercrime. https://www.csis.org/analysis/hidden-costs-cybercrime [Accessed on Aug 21, 2021]

McGuire M, Dowling S (2013) Cyber-crime: a review of the evidence summary of key findings and implications Home Office Research Report 75, Home Office, United Kingdom, Oct. 30p

Meke E (2012) Urbanization and cyber Crime in Nigeria: causes and consequences. Eur J Comput Sci Inform Technol 3(9):1–11

Mezzour G, Carley L, Carley KM (2014) Global mapping of cyber attacks. Available at SSRN 2729302

Mikkola M, Oksanen A, Kaakinen M, Miller BL, Savolainen I, Sirola A, Zych I, Paek H-J (2020) Situational and individual risk factors for cybercrime victimization in a cross-national context. Int J Offender Ther Comparat Criminol https://doi.org/10.1177/0306624X20981041

Mohurle S, Patil M (2017) A brief study of wannacry threat: ransomware attack 2017. Int J Adv Res Comput Sci 8(5):1938–1940

Neal S (2014) Cybercrime, transgression and virtual environments. Crime: Willan, pp. 71–104

Ngo FT, Paternoster R (2011) Cybercrime victimization: an examination of individual and situational level factors. Int J Cyber Criminol 5(1):773

Onuora A, Uche D, Ogbunude F, Uwazuruike F (2017) The challenges of cybercrime in Nigeria: an overview. AIPFU J School Sci 1(2):6–11

Overvest B, Straathof B (2015) What drives cybercrime? Empirical evidence from DDoS attacks. CPB Netherlands Bureau for Economic Policy Analysis

Pandita R (2017) Internet: a change agent an overview of internet penetration & growth across the world. Int J Inform Dissemination Technol 7(2):83

Payne BK (2020) Defining cybercrime. The Palgrave handbook of international cybercrime and cyberdeviance. Palgrave Macmillan. pp. 3–25

Phillips K, Davidson JC, Farr RR, Burkhardt C, Caneppele S, Aiken MP (2022) Conceptualizing cybercrime: definitions, typologies and taxonomies. Forensic Sci 2(2):379–398

Pick JB, Azari R (2008) Global digital divide: Influence of socioeconomic, governmental, and accessibility factors on information technology. Inform Technol Dev 14(2):91–115

Pranggono B, Arabo A (2021) COVID‐19 pandemic cybersecurity issues. Internet Technol Lett 4(2):e247

Pratt TC, Holtfreter K, Reisig MD (2010) Routine online activity and internet fraud targeting: extending the generality of routine activity theory. J Res Crime Delinquency 47(3):267–296

R (Core Team, 2013) R: A language and environment for statistical computing. R Core Team

Sarre R, Lau LY-C, Chang LY (2018) Responding to cybercrime: current trends. Taylor & Francis

Solano PC, Peinado AJR (2017) ‘Socio-economic factors in cybercrime: Statistical study of the relation between socio-economic factors and cybercrime’. 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA): IEEE, pp. 1–4

Srivastava SK, Das S, Udo GJ, Bagchi K (2020) Determinants of cybercrime originating within a nation: a cross-country study. J Glob Inf Technol Manag 23(2):112–137

Sutanrikulu A, Czajkowska S, Grossklags J (2020) ‘Analysis of darknet market activity as a country-specific, socio-economic and technological phenomenon’. 2020 APWG Symposium on Electronic Crime Research (eCrime): IEEE, pp. 1–10

UNODC (2013) Comprehensive study on cybercrime. United Nations, New York

Van Eeten M, Bauer JM, Asghari H, Tabatabaie S (2010) The role of internet service providers in botnet mitigation an empirical analysis based on spam data. TPRC

Waldrop MM (2016) How to hack the hackers: The human side of cybercrime. Nature 533: 164–167

Wall D (2007) Cybercrime: the transformation of crime in the information age. Polity

Walters GD (2015) Proactive criminal thinking and the transmission of differential association: a cross-lagged multi-wave path analysis. Crim Just Behav 42(11):1128–1144

Watters, PA, McCombie, S, Layton, R and Pieprzyk, J (2012) Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP). J Money Laund Control . ISSN: 1368-5201

Williams ML (2016) Guardians upon high: an application of routine activities theory to online identity theft in Europe at the country and individual level. Br J Criminol 56(1):21–48

Download references

Acknowledgements

This research was funded by the National Key Research and Development Project of China, grant number 2020YFB1806500 and the Key Research Program of the Chinese Academy of Sciences, grant number ZDRW-XH-2021-3. We thank Yushu Qian, Ying Liu, Qinghua Tan for providing valuable suggestions.

Author information

Authors and affiliations.

Institute of Geographic Sciences and Nature Resources Research, Chinese Academy of Sciences, Beijing, China

Shuai Chen, Mengmeng Hao, Fangyu Ding, Dong Jiang, Jiping Dong & Qiquan Guo

College of Resources and Environment, University of Chinese Academy of Sciences, Beijing, China

Shuai Chen, Mengmeng Hao, Fangyu Ding, Dong Jiang & Jiping Dong

Big Data Center of State Grid Corporation of China, Beijing, China

Shize Zhang

The Administrative Bureau of Chinese Academy of Sciences, Beijing, China

Chundong Gao

You can also search for this author in PubMed Google Scholar

Contributions

DJ, QQG and CDG designed the research; SC, FYD, DJ, SZZ and MMH performed the research; SC, FYD and JPD analysed the data; SC, FYD, DJ and MMH wrote the first draft of the paper; JPD, SZZ, QQG, CDG and DJ gave useful edits, comments and suggestions to this work.

Corresponding author

Correspondence to Dong Jiang .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Ethical approval

This article does not contain any studies with human participants performed by any of the authors.

Informed consent

Additional information.

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Chen, S., Hao, M., Ding, F. et al. Exploring the global geography of cybercrime and its driving forces. Humanit Soc Sci Commun 10 , 71 (2023). https://doi.org/10.1057/s41599-023-01560-x

Download citation

Received : 19 May 2022

Accepted : 14 February 2023

Published : 23 February 2023

DOI : https://doi.org/10.1057/s41599-023-01560-x

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Quick links

Explore articles by subject
Guide to authors
Editorial policies

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Springer Nature - PMC COVID-19 Collection

Cybercrime Victimization and Problematic Social Media Use: Findings from a Nationally Representative Panel Study

Eetu marttila.

Economic Sociology, Department of Social Research, University of Turku, Assistentinkatu 7, 20014 Turku, Finland

Aki Koivula

Pekka räsänen, associated data.

The survey data used in this study will be made available through via Finnish Social Science Data Archive (FSD, http://www.fsd.uta.fi/en/ ) after the manuscript acceptance. The data are also available from the authors on scholarly request.

Analyses were run with Stata 16.1. The code is also available from the authors on request for replication purposes.

According to criminological research, online environments create new possibilities for criminal activity and deviant behavior. Problematic social media use (PSMU) is a habitual pattern of excessive use of social media platforms. Past research has suggested that PSMU predicts risky online behavior and negative life outcomes, but the relationship between PSMU and cybercrime victimization is not properly understood. In this study, we use the framework of routine activity theory (RAT) and lifestyle-exposure theory (LET) to examine the relationship between PSMU and cybercrime victimization. We analyze how PSMU is linked to cybercrime victimization experiences. We explore how PSMU predicts cybercrime victimization, especially under those risky circumstances that generally increase the probability of victimization. Our data come from nationally representative surveys, collected in Finland in 2017 and 2019. The results of the between-subjects tests show that problematic PSMU correlates relatively strongly with cybercrime victimization. Within-subjects analysis shows that increased PSMU increases the risk of victimization. Overall, the findings indicate that, along with various confounding factors, PSMU has a notable cumulative effect on victimization. The article concludes with a short summary and discussion of the possible avenues for future research on PSMU and cybercrime victimization.

Introduction

In criminology, digital environments are generally understood as social spaces which open new possibilities for criminal activity and crime victimization (Yar, 2005 ). Over the past decade, social media platforms have established themselves as the basic digital infrastructure that governs daily interactions. The rapid and vast adaptation of social media technologies has produced concern about the possible negative effects, but the association between social media use and decreased wellbeing measures appears to be rather weak (Appel et al., 2020 ; Kross et al., 2020 ). Accordingly, researchers have proposed that the outcomes of social media use depend on the way platforms are used, and that the negative outcomes are concentrated among those who experience excessive social media use (Kross et al., 2020 ; Wheatley & Buglass, 2019 ). Whereas an extensive body of research has focused either on cybercrime victimization or on problematic social media use, few studies have focused explicitly on the link between problematic use and victimization experiences (e.g., Craig et al., 2020 ; Longobardi et al., 2020 ).

As per earlier research, the notion of problematic use is linked to excessive and uncontrollable social media usage, which is characterized by compulsive and routinized thoughts and behavior (e.g., Kuss & Griffiths, 2017 ). The most frequently used social scientific and criminological accounts of risk factors of victimization are based on routine activity theory (RAT) (Cohen & Felson, 1979 ) and lifestyle-exposure theory (LET) (Hindelang et al., 1978 ). Although RAT and LET were originally developed to understand how routines and lifestyle patterns may lead to victimization in physical spaces, they have been applied in online environments (e.g., Milani et al., 2020 ; Räsänen et al., 2016 ).

As theoretical frameworks, RAT and LET presume that lifestyles and routine activities are embedded in social contexts, which makes it possible to understand behaviors and processes that lead to victimization. The excessive use of social media platforms increases the time spent in digital environments, which, according to lifestyle and routine activities theories, tends to increase the likelihood of ending up in dangerous situations. Therefore, we presume that problematic use is a particularly dangerous pattern of use, which may increase the risk of cybercrime victimization.

In this study, we employ the key elements of RAT and LET to focus on the relationship between problematic social media use and cybercrime victimization. Our data come from high quality, two-wave longitudinal population surveys, which were collected in Finland in 2017 and 2019. First, we examine the cross-sectional relationship between problematic use and victimization experiences at Wave 1, considering the indirect effect of confounding factors. Second, we test for longitudinal effects by investigating whether increased problematic use predicts an increase in victimization experiences at Wave 2.

Literature Review

Problematic social media use.

Over the last few years, the literature on the psychological, cultural, and social effects of social media has proliferated. Prior research on the topic presents a nuanced view of social media and its consequences (Kross et al., 2020 ). For instance, several studies have demonstrated that social media use may produce positive outcomes, such as increased life satisfaction, social trust, and political participation (Kim & Kim, 2017 ; Valenzuela et al., 2009 ). The positive effects are typically explained to follow from use that satisfy individuals’ socioemotional needs, such as sharing emotions and receiving social support on social media platforms (Pang, 2018 ; Verduyn et al., 2017 ).

However, another line of research associates social media use with several negative effects, including higher stress levels, increased anxiety and lower self-esteem (Kross et al., 2020 ). Negative outcomes, such as depression (Shensa et al., 2017 ), decreased subjective well-being (Wheatley & Buglass, 2019 ) and increased loneliness (Meshi et al., 2020 ), are also commonly described in the research literature. The most common mechanisms that are used to explain negative outcomes of social media use are social comparison and fear of missing out (Kross et al., 2020 ). In general, it appears that the type of use that does not facilitate interpersonal connection is more detrimental to users’ health and well-being (Clark et al., 2018 ).

Even though the earlier research on the subject has produced somewhat contradictory results, the researchers generally agree that certain groups of users are at more risk of experiencing negative outcomes of social media use. More specifically, the researchers have pointed out that there is a group of individuals who have difficulty controlling the quantity and intensity of their use of social media platforms (Kuss & Griffiths, 2017 ). Consequently, new concepts, such as problematic social media use (Bányai et al., 2017 ) and social networking addiction (Griffiths et al., 2014 ) have been developed to assess excessive use. In this research, we utilize the concept of problematic social media use (PSMU), which is applied broadly in the literature. In contrast to evidence of social media use in general, PSMU consistently predicts negative outcomes in several domains of life, including decreased subjective well-being (Kross et al., 2013 ; Wheatley & Buglass, 2019 ), depression (Hussain & Griffiths, 2018 ), and loneliness (Marttila et al., 2021 ).

To our knowledge, few studies have focused explicitly on the relationship between PSMU and cybercrime victimization. One cross-national study of young people found that PSMU is consistently and strongly associated with cyberbullying victimization across countries (Craig et al., 2020 ) and another one of Spanish adolescents returned similar results (Martínez-Ferrer et al., 2018 ). Another study of Italian adolescents found that an individual’s number of followers on Instagram was positively associated with experiences of cybervictimization (Longobardi et al., 2020 ). A clear limitation of the earlier studies is that they focused on adolescents and often dealt with cyberbullying or harassment. Therefore, the results are not straightforwardly generalizable to adult populations or to other forms of cybercrime victimization. Despite this, there are certain basic assumptions about cybercrime victimization that must be considered.

Cybercrime Victimization, Routine Activity, and Lifestyle-Exposure Theories

In criminology, the notion of cybercrime is used to refer to a variety of illegal activities that are performed in online networks and platforms through computers and other devices (Yar & Steinmetz, 2019 ). As a concept, cybercrime is employed in different levels of analysis and used to describe a plethora of criminal phenomena, ranging from individual-level victimization to large-scale, society-wide operations (Donalds & Osei-Bryson, 2019 ). In this study, we define cybercrime as illegal activity and harm to others conducted online, and we focus on self-reported experiences of cybercrime victimization. Therefore, we do not address whether respondents reported an actual crime victimization to the authorities.

In Finland and other European countries, the most common types of cybercrime include slander, hacking, malware, online fraud, and cyberbullying (see Europol, 2019 ; Meško, 2018 ). Providing exact estimates of cybercrime victims has been a challenge for previous criminological research, but 1 to 15 percent of the European population is estimated to have experienced some sort of cybercrime victimization (Reep-van den Bergh & Junger, 2018 ). Similarly, it is difficult to give a precise estimate of the prevalence of social media-related criminal activity. However, as a growing proportion of digital interactions are mediated by social media platforms, we can expect that cybercrime victimization on social media is also increasing. According to previous research, identity theft (Reyns et al., 2011 ), cyberbullying (Lowry et al., 2016 ), hate speech (Räsänen et al., 2016 ), and stalking (Marcum et al., 2017 ) are all regularly implemented on social media. Most of the preceding studies have focused on cybervictimization of teenagers and young adults, which are considered the most vulnerable population segments (e.g., Hawdon et al., 2017 ; Keipi et al., 2016 ).

One of the most frequently used conceptual frameworks to explain victimization is routine activity theory (RAT) (Cohen & Felson, 1979 ). RAT claims that the everyday routines of social actors place individuals at risk for victimization by exposing them to dangerous people, places, and situations. The theory posits that a crime is more likely to occur when a motivated offender, a suitable target, and a lack of capable guardians converge in space and time (Cohen & Felson, 1979 ). RAT is similar to lifestyle-exposure theory (LET), which aims to understand the ways in which lifestyle patterns in the social context allow different forms of victimization (Hindelang et al., 1978 ).

In this study, we build our approach on combining RAT and LET in order to examine risk-enhancing behaviors and characteristics fostered by online environment. Together, these theories take the existence of motivated offenders for granted and therefore do not attempt to explain their involvement in crime. Instead, we concentrate on how routine activities and lifestyle patterns, together with the absence of a capable guardian, affect the probability of victimization.

Numerous studies have investigated the applicability of LET and RAT for cybercrime victimization (e.g., Holt & Bosser, 2008 , 2014 ; Leukfeldt & Yar, 2016 ; Näsi et al., 2017 ; Vakhitova et al., 2016 , 2019 ; Yar, 2005 ). The results indicate that different theoretical concepts are operationalizable to online environments to varying degrees, and that some operationalizations are more helpful than others (Näsi et al., 2017 ). For example, the concept of risk exposure is considered to be compatible with online victimization, even though earlier studies have shown a high level of variation in how the risk exposure is measured (Vakhitova et al., 2016 ). By contrast, target attractiveness and lack of guardianship are generally considered to be more difficult to operationalize in the context of technology-mediated victimization (Leukfeldt & Yar, 2016 ).

In the next section, we will take a closer look at how the key theoretical concepts LET and RAT have been operationalized in earlier studies on cybervictimization. Here, we focus solely on factors that we can address empirically with our data. Each of these have successfully been applied to online environments in prior studies (e.g., Hawdon et al., 2017 ; Keipi et al., 2016 ).

Confounding Elements of Lifestyle and Routine Activities Theories and Cybercrime Victimization

Exposure to risk.

The first contextual component of RAT/LET addresses the general likelihood of experiencing risk situations. Risk exposure has typically been measured by the amount of time spent online or the quantity of different online activities – the hours spent online, the number of online accounts, the use of social media services (Hawdon et al., 2017 ; Vakhitova et al., 2019 ). The studies that have tested the association have returned mixed results, and it seems that simply the time spent online does not predict increased victimization (e.g., Ngo & Paternoster, 2011 ; Reyns et al., 2011 ). On the other hand, the use of social media platforms (Bossler et al., 2012 ; Räsänen et al., 2016 ) and the number of accounts in social networks are associated with increased victimization (Reyns et al., 2011 ).

Regarding the association between the risk of exposure and victimization experiences, previous research has suggested that specific online activities may increase the likelihood of cybervictimization. For example, interaction with other users is associated with increased victimization experiences, whereas passive use may protect from cybervictimization (Holt & Bossler, 2008 ; Ngo & Paternoster, 2011 ; Vakhitova et al., 2019 ). In addition, we assume that especially active social media use, such as connecting with new people, is a risk factor and should be taken into account by measuring the proximity to offenders in social media.

Proximity to Offenders

The second contextual component of RAT/LET is closeness to the possible perpetrators. Previously, proximity to offenders was typically measured by the amount of self-disclosure in online environments, such as the number of followers on social media platforms (Vakhitova et al., 2019 ). Again, earlier studies have returned inconsistent results, and the proximity to offenders has mixed effects on the risk victimization. For example, the number of online friends does not predict increased risk of cybercrime victimization (Näsi et al., 2017 ; Räsänen et al., 2016 ; Reyns et al., 2011 ). By contrast, a high number of social media followers (Longobardi et al., 2020 ) and online self-disclosures are associated with higher risk of victimization (Vakhitova et al., 2019 ).

As in the case of risk exposure, different operationalizations of proximity to offenders may predict victimization more strongly than others. For instance, compared to interacting with friends and family, contacting strangers online may be much riskier (Vakhitova et al., 2016 ). Earlier studies support this notion, and allowing strangers to acquire sensitive information about oneself, as well as frequent contact with strangers on social media, predict increased risk for cybervictimization (Craig et al., 2020 ; Reyns et al., 2011 ). Also, compulsive online behavior is associated with a higher probability of meeting strangers online (Gámez-Guadix et al., 2016 ), and we assume that PSMU use may be associated with victimization indirectly through contacting strangers.

Target Attractiveness

The third contextual element of RAT/LET considers the fact that victimization is more likely among those who share certain individual and behavioral traits. Such traits can be seen to increase attractiveness to offenders and thereby increase the likelihood of experiencing risk situations. Earlier studies on cybercrime victimization have utilized a wide selection of measures to operationalize target attractiveness, including gender and ethnic background (Näsi et al., 2017 ), browsing risky content (Räsänen et al., 2016 ), financial status (Leukfeldt & Yar, 2016 ) or relationship status, and sexual orientation (Reyns et al., 2011 ).

In general, these operationalizations do not seem to predict victimization reliably or effectively. Despite this, we suggest that certain operationalizations of target attractiveness may be valuable. Past research on the different uses of social media has suggested that provocative language or expressions of ideological points of view can increase victimization. More specifically, political activity is a typical behavioral trait that tends to provoke reactions in online discussions (e.g. , Lutz & Hoffmann, 2017 ). In studies of cybervictimization, online political activity is associated with increased victimization (Vakhitova et al., 2019 ). Recent studies have also emphasized how social media have brought up and even increased political polarization (van Dijk & Hacker, 2018 ).

In Finland, the main division has been drawn between the supporters of the populist right-wing party, the Finns, and the supporters of the Green League and the Left Alliance (Koiranen et al., 2020 ). However, it is noteworthy that Finland has a multi-party system based on socioeconomic cleavages represented by traditional parties, such as the Social Democratic Party of Finland, the National Coalition Party, and the Center Party (Koivula et al., 2020 ). Indeed, previous research has shown that there is relatively little affective polarization in Finland (Wagner, 2021 ). Therefore, in the Finnish context it is unlikely that individuals would experience large-scale victimization based on their party preference.

Lack of Guardianship

The fourth element of RAT/LET assesses the role of social and physical guardianship against harmful activity. The lack of guardianship is assumed to increase victimization, and conversely, the presence of capable guardianship to decrease the likelihood victimization (Yar, 2005 ). In studies of online activities and routines, different measures of guardianship have rarely acted as predictors of victimization experiences (Leukfeldt & Yar, 2016 ; Vakhitova et al., 2016 ).

Regarding social guardianship, measures such as respondents’ digital skills and online risk awareness have been used, but with non-significant results (Leukfeldt & Yar, 2016 ). On the other hand, past research has indicated that victims of cyber abuse in general are less social than non-victims, which indicates that social networks may protect users from abuse online (Vakhitova et al., 2019 ). Also, younger users, females, and users with low educational qualifications are assumed to have weaker social guardianship against victimization and therefore are in more vulnerable positions (e.g., Keipi et al., 2016 ; Pratt & Turanovic, 2016 ).

In terms of physical guardianship, several technical measures, such as the use of firewalls and virus scanners, have been utilized in past research (Leukfeldt & Yar, 2016 ). In a general sense, technical security tools function as external settings in online interactions, similar to light, which may increase the identifiability of the aggressor in darkness. Preceding studies, however, have found no significant connection between technical guardianship and victimization (Vakhitova et al., 2016 ). Consequently, we decided not to address technical guardianship in this study.

Based on the preceding research findings discussed above, we stated the following two hypotheses:

H1: Increased PSMU associates with increased cybercrime victimization.
H2: The association between PSMU and cybercrime victimization is confounded by factors assessing exposure to risk, proximity to offenders, target attractiveness, and lack of guardianship.

Research Design

Our aim was to analyze how problematic use of social media is linked to cybercrime victimization experiences. According to RAT and LET, cybercrime victimization relates to how individuals’ lifestyles expose them to circumstances that increase the probability of victimization (Hindelang et al., 1978 ) and how individuals behave in different risky environments (Engström, 2020 ). Our main premise is that PSMU exposes users more frequently to environments that increase the likelihood of victimization experiences.

We constructed our research in two separate stages on the basis of the two-wave panel setting. In the first stage, we approached the relationship between PSMU and cybercrime victimization cross-sectionally by using a large and representative sample of the Finnish population aged 18–74. We also analyzed the extent to which the relationship between PSMU and cybercrime victimization was related to the confounders. In the second stage of analysis, we paid more attention to longitudinal effects and tested for the panel effects, examining changes in cybercrime victimization in relation to changes in PSMU.

Participants

We utilized two-wave panel data that were derived from the first and second rounds of the Digital Age in Finland survey. The cross-sectional study was based on the first round of the survey, organized in December 2017, for a total of 3,724 Finns. In this sample, two-thirds of the respondents were randomly sampled from the Finnish population register, and one-third were supplemented from a demographically balanced online respondent pool organized by Taloustutkimus Inc. We analyzed social media users ( N = 2,991), who accounted for 77% of the original data. The data over-represented older citizens, which is why post-stratifying weights were applied to correspond with the official population distribution of Finns aged 18–74 (Sivonen et al., 2019 ).

To form a longitudinal setting, respondents were asked whether they were willing to participate in the survey a second time about a year after the first data collection. A total of 1,708 participants expressed willingness to participate in the follow-up survey that was conducted 15 months after the first round, in March 2019. A total of 1,134 people participated in the follow-up survey, comprising a response rate of 67% in the second round.

The question form was essentially the same for both rounds of data collection.

The final two-wave data used in the second-stage of analysis mirrored on population characteristics in terms of gender (males 50.8%) and age (M = 49.9, SD = 16.2) structures. However, data were unrepresentative in terms of education and employment status when compared to the Finnish population: tertiary level education was achieved by 44.5% of participants and only 50.5% of respondents were employed. The data report published online shows a more detailed description of the data collection and its representativeness (Sivonen et al., 2019 ).

Our dependent variable measured whether the participants had been a target of cybercrime. Cybercrime was measured with five dichotomous questions inquiring whether the respondent had personally: 1) been targeted by threat or attack on social media, 2) been falsely accused online, 3) been targeted with hateful or degrading material on the Internet, 4) experienced sexual harassment on social media, and 5) been subjected to account stealing. 1 In the first round, 159 respondents (14.0%) responded that they had been the victim of cybercrime. In the second round, the number of victimization experiences increased by about 6 percentage points, as 71 respondents had experienced victimization during the observation period.

Our main independent variable was problematic social media use (PSMU). Initially, participants’ problematic and excessive social media usage was measured through an adaptation of the Compulsive Internet Use Scale (CIUS) , which consists of 14 items ratable on a 5-point Likert scale (Meerkerk et al., 2009 ). Our measure included five items on a 4-point scale scored from 1 (never) to 4 (daily) based on how often respondents: 1) “Have difficulties with stopping social media use,” 2)”'Have been told by others you should use social media less,” 3) “Have left important work, school or family related things undone due to social media use,” 4) “Use social media to alleviate feeling bad or stress,” and 5) “Plan social media use beforehand.”

For our analysis, all five items were used to create a new three-level variable to assess respondents’ PSMU at different intensity levels. If the respondent was experiencing daily or weekly at least one of the signs of problematic use daily, PSMU was coded as at least weekly . Second, if the respondent was experiencing less than weekly at least one of the signs of problematic use, PSMU was coded as occasionally. Finally, if the respondent was not experiencing any signs of problematic use, PSMU was coded to none.

To find reliable estimates for the effects of PSMU, we controlled for general social media use , including respondents’ activity on social networking sites and instant messenger applications. We combined two items to create a new four-level variable to measure respondents’ social media use (SMU). If a respondent reported using either social media platforms (e.g., Facebook, Twitter), instant messengers (e.g., WhatsApp, Facebook Messenger) or both many hours per day, we coded their activity as high . We coded activity as medium , if respondents reported using social media daily . Third, we coded activity as low for those respondents who reported using social media only on a weekly basis. Finally, we considered activity as very low if respondents reported using platforms or instant messengers less than weekly.

Confounding variables were related to participants’ target attractiveness, proximity to offenders, and potential guardianship factors.

Target attractiveness was measured by online political activity . Following previous studies (Koiranen et al., 2020 ; Koivula et al., 2019 ), we formed the variable based on four single items: following political discussions, participating in political discussions, sharing political content, and creating political content. Participants’ activity was initially determined by means of a 5-point scale (1 = Never, 2 = Sometimes, 3 = Weekly, 4 = Daily, and 5 = Many times per day). For analysis purposes, we first separated “politically inactive” users, who reported never using social media for political activities. Second, we coded as “followers” participants who only followed but never participated in the political discussions in social media. Third, we classified as “occasional participants” those who at least sometimes participated in political activities on social media. Finally, those participants who at least weekly used social media to participate in political activities were classified as “active participants.”

Proximity to offenders was considered by analyzing contacting strangers on social media . Initially, the question asked the extent to which respondents were in contact with strangers on social media, evaluated with a 5-point interval scale, from 1 ( Not at all ) to 5 ( Very much ). For the analysis, we merged response options 1 and 2 to form value 1, and 4 and 5 to form 3. Consequently, we used a three-level variable to measure respondents’ tendency to contact strangers on social media, in which 1 = Low, 2 = Medium, and 3 = High intensity.

Lack of guardianship was measured by gender, age, education, and main activity. Respondent’s gender (1 = Male , 2 = Female ), age (in years), level of education, and main activity were measured. While these variables could also be placed under target attractiveness, we placed them here. This is because background characteristics the variables measure are often invisible in online environments and exist only in terms of expressed behavior (e.g., Keipi et al., 2016 ). For statistical analysis, we classified education and main activity into binary variables. Education was measured with a binary variable that implied whether the respondent had achieved at least tertiary level education or not. The dichotomization can be justified by relatively high educational levels in Finland, where tertiary education is often considered as cut-off point between educated and non-educated citizens (Leinsalu et al., 2020 ). Main activity was measured with a binary variable that differentiated unemployed respondents from others (working, retirees, and full-time students). Regarding the lack of guardianship, unemployed people are less likely to relate to informal peer-networks occurring at workplaces or educational establishments, a phenomenon that also takes place in many senior citizens’ activities. Descriptive statistics for all measurements are provided in (Table (Table1 1 ).

Descriptive statistics for the applied variables

Analytic techniques

The analyses were performed in two different stages with STATA 16. In the cross-sectional approach we analyzed the direct and indirect associations between PSMU and cybercrime victimization. We reported average marginal effects and their standard errors with statistical significances (Table (Table2.). 2 .). The main effect of PSMU was illustrated in Fig. 1 by utilizing a user-written coefplot package (Jann, 2014 ).

The likelihood of cybercrime victimization according to confounding and control variables. Average marginal effects (AME) with standard errors estimated from the logit models

Standard errors in parentheses

*** p < 0.001, ** p < 0.01, * p < 0.05

An external file that holds a picture, illustration, etc.
Object name is 12103_2021_9665_Fig1_HTML.jpg

Likelihood of cybercrime victimization according to the level of problematic social media use. Predicted probabilities with 95% confidence intervals

When establishing the indirect effects, we used the KHB-method developed by Karlson et al. ( 2012 ) and employed the khb command in Stata (Kohler et al., 2011 ). The KHB method decomposes the total effect of an independent variable into direct and indirect via a confounding / mediating variable (Karlson et al., 2012 ). Based on decomposition analysis, we reported logit coefficients for the total effect, direct effects, and indirect effects with statistical significances and confounding percentages (Table (Table3 3 .).

The decomposition of effect of PSMU on online victimization with respect to confounding factors. The logit coefficients estimated using the KHB method

In the second stage, we analyzed the panel effects. We used hybrid mixed models to distinguish two time-varying factors: between-person effects and within-person effects, and predicted changes in cybercrime victimization with respect to changes in problematic social media use. We also tested how the relationship between cybercrime victimization and other time-varying variables changed over the observation period. The hybrid models were performed by using the xthybrid command (Schunck & Perales, 2017 ).

The results for our first hypothesis are presented in Fig. 1 . The likelihood of becoming a victim of cybercrime increased significantly as PSMU increased. Respondents who reported problematic use on a daily basis experienced cybercrime with a probability of more than 40%. The probability of becoming a victim was also high, 30%, if problematic use occurred weekly.

The models predicting cybercrime victimization are shown in Table Table2. 2 . In the first model (M1), PSMU significantly predicted the risk of victimization if a participant reported even occasional problematic use (AME 0.06; p < 0.001). If the respondent reported problematic use weekly (AME 0.17; p < 0.001) or daily (AME 0.33; p < 0.001), his or her probability of becoming a victim was significantly higher.

The next three models (M2-M4) were constructed on the basis of variables measuring risk exposure, proximity to offenders, and target attractiveness. The second model (M2) indicates that highly intensive social media use (AME 0.19, p < 0.001) was related to cybercrime victimization. The third (M3) model presents that those who reported low intensity of meeting strangers online had lower probability of being victims (AME -0.11, p < 0.001) and those who reported high intensity had higher probability (AME 0.12, p < 0.05). Finally, the fourth (M4) model suggests that political activity was related to victimization: those who reported participating occasionally (AME 0.07, p < 0.01) and actively (AME 0.14, p < 0.001) had higher probability of being a victim.

Next, we evaluated how different guardianship factors were related to victimization. The fifth model (M5) indicates that age, gender, and economic activity were identified as significant protective factors. According to the results, older (AME -0.01, p < 0.001) and male (AME -0.04, p < 0.001) participants were less likely to be targets of cybercrime. Interestingly, higher education or unemployment was not related to victimization. Finally, the fifth model also suggests that the effect of PSMU remained significant even after controlling for confounding and control variables.

We decomposed the fifth model to determine how different confounding and control variables affected the relationship between PSMU and victimization. The results of the decomposition analysis are shown in Table Table3. First, 3 . First, the factors significantly influenced the association between PSMU and victimization ( B = 0.38, p < 0.001), which means that the confounding percentage of background factors was 58.7%. However, the total effect of PSMU remained significant ( B = 0.27, p < 0.001). Age was the most significant factor in the association between PSMU and victimization ( B = 0.14; p < 0.001), explaining 36% of the total confounding percentage. Political activity was also a major contributing factor ( B = 0.12, p < 0.001) that explained 31.2% of the total confounding percentage. The analysis also revealed that meeting strangers online significantly confounded the relationship between PSMU and victimization ( B = 0.7, p < 0.001).

In the second stage, we examined the longitudinal effects of PSMU on cybercrime victimization using panel data from Finnish social media users. We focused on the factors varying in short term, that is why we also analyzed the temporal effects of SMU, contacting strangers online, and online political activity on victimization. The demographic factors that did not change over time or for which temporal variability did not vary across clusters (such as age) were not considered in the second stage.

Table Table4 4 shows the hybrid models predicting each variable separately. The within-effects revealed that increased PSMU increased individuals’ probability of being victimized during the observation period ( B = 0.77, p = 0.02). Moreover, the between-effects of PSMU was significant ( B = 2.00, p < 0.001), indicating that increased PSMU was related to individuals’ higher propensity to be victimized over the observation period.

Unadjusted logit coefficients of cybercrime victimization according to PSMU and confounding variables from hybrid generalized mixed models

Each variable modelled separately

We could not find significant within-subject effects in terms of other factors. However, the between-effects indicated that SMU ( B = 2.00, p < 0.001), low intensity of meeting strangers online ( B = -3.27, p < 0.001), and online political participation ( B = 2.08, p < 0.001) distinguished the likelihood of individuals being victimized.

Over the last decade, social media has revolutionized the way people communicate and share information. As the everyday lives of individuals are increasingly mediated by social media technologies, some users may experience problems with excessive use. In prior studies, problematic use has been associated with many negative life outcomes, ranging from psychological disorders to economic consequences.

The main objective of this study was to determine whether PSMU is also linked to increased cybercrime victimization. First, we examined how PSMU associates with cybercrime victimization and hypothesized that increased PSMU associates with increased cybercrime victimization (H1). Our findings from the cross-sectional study indicated that PSMU is a notable predictor of victimization. In fact, daily reported problematic use increased the likelihood of cybercrime victimization by more than 30 percentage points. More specifically, the analysis showed that more than 40% of users who reported experiencing problematic use daily reported being victims of cybercrime, while those who never experienced problematic use had a probability of victimization of slightly over 10%.

We also examined how PSMU captures other risk factors contributing to cybercrime victimization. Here, we hypothesized that the association between PSMU and cybercrime victimization is mediated by exposure to risk, proximity to offenders, target attractiveness, and lack of guardianship (H2). The decomposition analysis indicated that confounding factors explained over 50 percent of the total effect of PSMU. A more detailed analysis showed that the association between PSMU and cybercrime victimization was related to respondents’ young age, online political activity, activity to meet strangers online, and intensity of general social media use. This means that PSMU and victimization are linked to similar factors related to routine activities and lifestyle that increase the target's attractiveness, proximity to offenders and lack of guardianship. Notably, the effect of PSMU remained significant even after controlling for the confounding factors.

In the longitudinal analysis, we confirmed the first hypothesis and found that increased PSMU was associated with increased cybercrime victimization in both within- and between-subject analyses. The result indicated a clear link between problematic use and cybercrime experiences during the observation period: as problematic use increases, so does the individual’s likelihood of becoming a victim of cybercrime. At the same time, according to the between-subject analysis, it also appears that cybercrime experiences are generally more likely to increase for those who experience more problematic use. Interestingly, we could not find within-subject effects in terms of other factors. This means, for example, that individuals' increased encounters with strangers or increased online political activity were not directly reflected in the likelihood of becoming a victim during the observation period. The between-subject analyses, however, indicated that an individual’s increased propensity to be victimized is related to higher level of social media activity, intensity of meeting strangers online, and online political activity over time.

Our findings are consistent with those of preceding research pointing to the fact that cybervictimization is indeed a notable threat, especially to those already in vulnerable circumstances (Keipi et al., 2016 ). The probabilities of cybercrime risk vary in online interactional spaces, depending on the absence and presence of certain key components suggested in our theoretical framework. Despite the seriousness of our findings, recent statistics indicate that cybercrime victimization is still relatively rare in Finland. In 2020, seven percent of Finnish Internet users had experienced online harassment, and 13 percent reported experiencing unwelcome advances during the previous three months (OSF, 2020 ). However, both forms of cybercrime victimization are clearly more prevalent among younger people and those who use social media frequently.

Cybercrime is becoming an increasingly critical threat as social media use continues to spread throughout segments of the population. Certain online activities and routinized behaviors can be considered to be particularly risky and to increase the probability of cybercrime victimization. In our study, we have identified problematic social media use as a specific behavioral pattern or lifestyle that predicts increased risk of becoming a victim of cybercrime.

Although the overall approach of our study was straightforward, the original theoretical concepts are ambiguously defined and alternative meanings have been given to them. It follows that the empirical operationalization of the concepts was not in line with some studies looking at the premises of RAT and LET framework. Indeed, different empirical measures have been employed to address the basic elements associating with risks of victimization (e.g., Hawdon et al., 2017 ; Pratt & Turanovic, 2016 ). In our investigation, we focused on selected online activities and key socio-demographic background factors.

Similarly, we need to be cautious when discussing the implications of our findings. First, our study deals with one country alone, which means that the findings cannot be generalized beyond Finland or beyond the timeline 2017 to 2019. This means that our findings may not be applicable to the highly specific time of the COVID-19 pandemic when online activities have become more versatile than ever before. In addition, although our sample was originally drawn from the national census database, some response bias probably exists in the final samples. Future research should use longitudinal data that better represent, for example, different socio-economic groups. We also acknowledge that we did not control for the effect of offline social relations on the probability of cybercrime risk. Despite these limitations, we believe our study has significance for contemporary cybercrime research.

Our study shows that PSMU heightens the risk of cybercrime victimization. Needless to say, future research should continue to identify specific activities that comprise “dangerous” lifestyles online, which may vary from one population group to another. In online settings, there are a variety of situations and circumstances that are applicable to different forms of cybercrime. For instance, lack of basic online skills regarding cybersecurity can work like PSMU.

In general, our findings contribute to the assumption that online and offline victimization should not necessarily be considered distinct phenomena. Therefore, our theoretical framework, based on RAT and LET, seems highly justified. Our observations contribute to an increasing body of research that demonstrates how routine activities and lifestyle patterns of individuals can be applied to crimes committed in the physical world, as well as to crimes occurring in cyberspace.

Biographies

is a PhD student at the Unit of Economic Sociology, University of Turku, Finland. Marttila is interested in the use of digital technologies, risks, and well-being.

is a University Lecturer at the Unit of Economic Sociology, University of Turku, Finland. Koivula’s research deals with political preferences, consumer behavior and use of online platforms.

is Professor of Economic Sociology at University of Turku, Finland. His current research interests are in digital inequalities and online hate speech in platform economy.

Open Access funding provided by University of Turku (UTU) including Turku University Central Hospital. This study was funded by the Strategic Research Council of the Academy of Finland (decision number 314171).

Data Availability

Code availability, declarations.

The authors declare no conflicts of interest.

All procedures performed in studies involving human participants were in accordance with the ethical standards of the institutional and/or national research committee and with the 1964 Helsinki declaration and its later amendments or comparable ethical standards.

2) Have you been falsely accused online?

3) Have you been targeted with hateful or degrading material on the Internet?

4) Have you experienced sexual harassment social media?

5) Has your online account been stolen or a new account made with your name without your permission?

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appel M, Marker C, Gnambs T. Are social media ruining our lives? A review of meta-analytic evidence. Review of General Psychology. 2020; 24 (1):60–74. doi: 10.1177/1089268019880891. [ CrossRef ] [ Google Scholar ]
Bányai, F., Zsila, Á., Király, O., Maraz, A., Elekes, Z., Griffiths, M. D., et al. (2017). Problematic social media use: Results from a large-scale nationally representative adolescent sample. PLoS ONE , 12 (1). 10.1371/journal.pone.0169839 [ PMC free article ] [ PubMed ]
Bossler AM, Holt TJ, May DC. Predicting online harassment victimization among a juvenile population. Youth & Society. 2012; 44 (4):500–523. doi: 10.1177/0044118X11407525. [ CrossRef ] [ Google Scholar ]
Clark JL, Algoe SB, Green MC. Social network sites and well-being: The role of social connection. Current Directions in Psychological Science. 2018; 9 :44–49. doi: 10.1016/j.copsyc.2015.10.006. [ CrossRef ] [ Google Scholar ]
Cohen LE, Felson M. Social change and crime rate trends: A routine activity approach. American Sociological Review. 1979; 44 (4):588–608. doi: 10.2307/2094589. [ CrossRef ] [ Google Scholar ]
Craig W, Boniel-Nissim M, King N, Walsh SD, Boer M, Donnelly PD, et al. Social media use and cyber-bullying: A cross-national analysis of young people in 42 countries. Journal of Adolescent Health. 2020; 66 (6):S100–S108. doi: 10.1016/j.jadohealth.2020.03.006. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Donalds C, Osei-Bryson KM. Toward a cybercrime classification ontology: A knowledge-based approach. Computers in Human Behavior. 2019; 92 :403–418. doi: 10.1016/j.chb.2018.11.039. [ CrossRef ] [ Google Scholar ]
Engström A. Conceptualizing lifestyle and routine activities in the early 21st century: A systematic review of self-report measures in studies on direct-contact offenses in young populations. Crime & Delinquency. 2020; 67 (5):737–782. doi: 10.1177/0011128720937640. [ CrossRef ] [ Google Scholar ]
Europol (2019). European Union serious and organised crime threat assessment. Online document, available at: https://ec.europa.eu/home-affairs/what-we-do/policies/cybercrime_en
Gámez-Guadix M, Borrajo E, Almendros C. Risky online behaviors among adolescents: Longitudinal relations among problematic Internet use, cyberbullying perpetration, and meeting strangers online. Journal of Behavioral Addictions. 2016; 5 (1):100–107. doi: 10.1556/2006.5.2016.013. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Griffiths, M. D., Kuss, D. J., & Demetrovics, Z. (2014). Social networking addiction: An overview of preliminary findings. In K. P. Rosenberg & L. C. B. T.-B. A. Feder (Eds.), Behavioral addictions: Criteria, evidence, and treatment (pp. 119–141). San Diego: Academic Press. 10.1016/B978-0-12-407724-9.00006-9
Hawdon J, Oksanen A, Räsänen P. Exposure to online hate in four nations: A cross-national consideration. Deviant Behavior. 2017; 38 (3):254–266. doi: 10.1080/01639625.2016.1196985. [ CrossRef ] [ Google Scholar ]
Hindelang MJ, Gottfredson MR, Garofalo J. Victims of personal crime: An empirical foundation for a theory of personal victimization. Ballinger Publishing Co; 1978. [ Google Scholar ]
Holt TJ, Bossler AM. Examining the applicability of lifestyle-routine activities theory for cybercrime victimization. Deviant Behavior. 2008; 30 (1):1–25. doi: 10.1080/01639620701876577. [ CrossRef ] [ Google Scholar ]
Holt TJ, Bossler AM. An assessment of the current state of cybercrime scholarship. Deviant Behavior. 2014; 35 (1):20–40. doi: 10.1080/01639625.2013.822209. [ CrossRef ] [ Google Scholar ]
Hussain, Z., & Griffiths, M. D. (2018). Problematic social networking site use and comorbid psychiatric disorders: A systematic review of recent large-scale studies. Frontiers in Psychiatry , 9 (686). 10.3389/fpsyt.2018.00686 [ PMC free article ] [ PubMed ]
Jann, B. (2014). Plotting regression coefficients and other estimates . The Stata Journal , 14 (4), 708–737. 10.1177%2F1536867X1401400402
Karlson, K. B., Holm, A., & Breen, R. (2012). Comparing regression coefficients between same-sample nested models using logit and probit: A new method. Sociological methodology, 42 (1), 286–313. 10.1177%2F0081175012444861
Keipi, T., Näsi, M., Oksanen, A., & Räsänen, P. (2016). Online hate and harmful content: Cross-national perspectives. Taylor & Francis. http://library.oapen.org/handle/20.500.12657/22350
Kim B, Kim Y. College students’ social media use and communication network heterogeneity: Implications for social capital and subjective well-being. Computers in Human Behavior. 2017; 73 :620–628. doi: 10.1016/j.chb.2017.03.033. [ CrossRef ] [ Google Scholar ]
Kohler, U., Karlson, K. B., & Holm, A. (2011). Comparing coefficients of nested nonlinear probability models. The Stata Journal, 11 (3), 420–438. 10.1177/1536867X1101100306
Koivula A, Kaakinen M, Oksanen A, Räsänen P. The role of political activity in the formation of online identity bubbles. Policy & Internet. 2019; 11 (4):396–417. doi: 10.1002/poi3.211. [ CrossRef ] [ Google Scholar ]
Koivula A, Koiranen I, Saarinen A, Keipi T. Social and ideological representativeness: A comparison of political party members and supporters in Finland after the realignment of major parties. Party Politics. 2020; 26 (6):807–821. doi: 10.1177/1354068818819243. [ CrossRef ] [ Google Scholar ]
Koiranen I, Koivula A, Saarinen A, Keipi T. Ideological motives, digital divides, and political polarization: How do political party preference and values correspond with the political use of social media? Telematics and Informatics. 2020; 46 :101322. doi: 10.1016/j.tele.2019.101322. [ CrossRef ] [ Google Scholar ]
Kross E, Verduyn P, Demiralp E, Park J, Lee DS, Lin N, et al. Facebook use predicts declines in subjective well-being in young adults. PLoS ONE. 2013; 8 (8):e69841. doi: 10.1371/journal.pone.0069841. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Kross E, Verduyn P, Sheppes G, Costello CK, Jonides J, Ybarra O. Social media and well-being: Pitfalls, progress, and next steps. Trends in Cognitive Sciences. 2020; 25 (1):55–66. doi: 10.1016/j.tics.2020.10.005. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Kuss D, Griffiths M. Social networking sites and addiction: Ten lessons learned. International Journal of Environmental Research and Public Health. 2017; 14 (3):311. doi: 10.3390/ijerph14030311. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Leinsalu M, Baburin A, Jasilionis D, Krumins J, Martikainen P, Stickley A. Economic fluctuations and urban-rural differences in educational inequalities in mortality in the Baltic countries and Finland in 2000–2015: A register-based study. International Journal for Equity in Health. 2020; 19 (1):1–6. doi: 10.1186/s12939-020-01347-5. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Leukfeldt ER, Yar M. Applying routine activity theory to cybercrime: A theoretical and empirical analysis. Deviant Behavior. 2016; 37 (3):263–280. doi: 10.1080/01639625.2015.1012409. [ CrossRef ] [ Google Scholar ]
Longobardi C, Settanni M, Fabris MA, Marengo D. Follow or be followed: Exploring the links between Instagram popularity, social media addiction, cyber victimization, and subjective happiness in Italian adolescents. Children and Youth Services Review. 2020; 113 :104955. doi: 10.1016/j.childyouth.2020.104955. [ CrossRef ] [ Google Scholar ]
Lowry PB, Zhang J, Wang C, Siponen M. Why do adults engage in cyberbullying on social media? An integration of online disinhibition and deindividuation effects with the social structure and social learning model. Information Systems Research. 2016; 27 (4):962–986. doi: 10.1287/isre.2016.0671. [ CrossRef ] [ Google Scholar ]
Lutz C, Hoffmann CP. The dark side of online participation: Exploring non-, passive and negative participation. Information, Communication & Society. 2017; 20 (6):876–897. doi: 10.1080/1369118X.2017.1293129. [ CrossRef ] [ Google Scholar ]
Marcum CD, Higgins GE, Nicholson J. I’m watching you: Cyberstalking behaviors of university students in romantic relationships. American Journal of Criminal Justice. 2017; 42 (2):373–388. doi: 10.1007/s12103-016-9358-2. [ CrossRef ] [ Google Scholar ]
Martínez-Ferrer B, Moreno D, Musitu G. Are adolescents engaged in the problematic use of social networking sites more involved in peer aggression and victimization? Frontiers in Psychology. 2018; 9 :801. doi: 10.3389/fpsyg.2018.00801. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Marttila E, Koivula A, Räsänen P. Does excessive social media use decrease subjective well-being? A longitudinal analysis of the relationship between problematic use, loneliness and life satisfaction. Telematics and Informatics. 2021; 59 :101556. doi: 10.1016/j.tele.2020.101556. [ CrossRef ] [ Google Scholar ]
Meerkerk GJ, Van Den Eijnden RJJM, Vermulst AA, Garretsen HFL. The Compulsive Internet Use Scale (CIUS): Some psychometric properties. Cyberpsychology and Behavior. 2009; 12 (1):1–6. doi: 10.1089/cpb.2008.0181. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Meshi D, Cotten SR, Bender AR. Problematic social media use and perceived social isolation in older adults: A cross-sectional study. Gerontology. 2020; 66 (2):160–168. doi: 10.1159/000502577. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Meško G. On some aspects of cybercrime and cybervictimization. European Journal of Crime, Criminal Law and Criminal Justice. 2018; 26 (3):189–199. doi: 10.1163/15718174-02603006. [ CrossRef ] [ Google Scholar ]
Milani R, Caneppele S, Burkhardt C. Exposure to cyber victimization: Results from a Swiss survey. Deviant Behavior. 2020 doi: 10.1080/01639625.2020.1806453. [ CrossRef ] [ Google Scholar ]
Näsi M, Räsänen P, Kaakinen M, Keipi T, Oksanen A. Do routine activities help predict young adults’ online harassment: A multi-nation study. Criminology and Criminal Justice. 2017; 17 (4):418–432. doi: 10.1177/1748895816679866. [ CrossRef ] [ Google Scholar ]
Ngo FT, Paternoster R. Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology. 2011; 5 (1):773–793. [ Google Scholar ]
Official Statistics of Finland (OSF) (2020). Väestön tieto- ja viestintätekniikan käyttö [online document]. ISSN=2341–8699. 2020, Liitetaulukko 29. Vihamielisten viestien näkeminen, häirinnän kokeminen ja epäasiallisen lähestymisen kohteeksi joutuminen sosiaalisessa mediassa 2020, %-osuus väestöstä. Helsinki: Tilastokeskus. Available at: http://www.stat.fi/til/sutivi/2020/sutivi_2020_2020-11-10_tau_029_fi.html
Pang H. How does time spent on WeChat bolster subjective well-being through social integration and social capital? Telematics and Informatics. 2018; 35 (8):2147–2156. doi: 10.1016/j.tele.2018.07.015. [ CrossRef ] [ Google Scholar ]
Pratt TC, Turanovic JJ. Lifestyle and routine activity theories revisited: The importance of “risk” to the study of victimization. Victims & Offenders. 2016; 11 (3):335–354. doi: 10.1080/15564886.2015.1057351. [ CrossRef ] [ Google Scholar ]
Reep-van den Bergh CMM, Junger M. Victims of cybercrime in Europe: A review of victim surveys. Crime Science. 2018; 7 (1):1–15. doi: 10.1186/s40163-018-0079-3. [ CrossRef ] [ Google Scholar ]
Reyns BW, Henson B, Fisher BS. Being pursued online. Criminal Justice and Behavior. 2011; 38 (11):1149–1169. doi: 10.1177/0093854811421448. [ CrossRef ] [ Google Scholar ]
Räsänen P, Hawdon J, Holkeri E, Keipi T, Näsi M, Oksanen A. Targets of online hate: Examining determinants of victimization among young Finnish Facebook users. Violence and Victims. 2016; 31 (4):708–725. doi: 10.1891/0886-6708.vv-d-14-00079. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Schunck, R., & Perales, F. (2017). Within- and between-cluster effects in generalized linear mixed models: A discussion of approaches and the xthybrid command. The Stata Journal , 17(1), 89–115. 10.1177%2F1536867X1701700106
Shensa A, Escobar-Viera CG, Sidani JE, Bowman ND, Marshal MP, Primack BA. Problematic social media use and depressive symptoms among U.S. young adults: A nationally-representative study. Social Science and Medicine. 2017; 182 :150–157. doi: 10.1016/j.socscimed.2017.03.061. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
Sivonen, J., Kuusela, A., Koivula, A., Saarinen, A., & Keipi, T. (2019). Working papers in economic sociology: Research Report on Finland in the Digital Age Round 2 Panel-survey . Turku.
Wagner M. Affective polarization in multiparty systems. Electoral Studies. 2021; 69 :102199. doi: 10.1016/j.electstud.2020.102199. [ CrossRef ] [ Google Scholar ]
Vakhitova ZI, Alston-Knox CL, Reynald DM, Townsley MK, Webster JL. Lifestyles and routine activities: Do they enable different types of cyber abuse? Computers in Human Behavior. 2019; 101 :225–237. doi: 10.1016/j.chb.2019.07.012. [ CrossRef ] [ Google Scholar ]
Vakhitova ZI, Reynald DM, Townsley M. Toward the adaptation of routine activity and lifestyle exposure theories to account for cyber abuse victimization. Journal of Contemporary Criminal Justice. 2016; 32 (2):169–188. doi: 10.1177/1043986215621379. [ CrossRef ] [ Google Scholar ]
Valenzuela S, Park N, Kee KF. Is there social capital in a social network site?: Facebook use and college student’s life satisfaction, trust, and participation. Journal of Computer-Mediated Communication. 2009; 14 (4):875–901. doi: 10.1111/j.1083-6101.2009.01474.x. [ CrossRef ] [ Google Scholar ]
Van Dijk JA, Hacker KL. Internet and democracy in the network society. Routledge. 2018 doi: 10.4324/9781351110716. [ CrossRef ] [ Google Scholar ]
Verduyn P, Ybarra O, Résibois M, Jonides J, Kross E. Do social network sites enhance or undermine subjective well-being? A critical review. Social Issues and Policy Review. 2017; 11 (1):274–302. doi: 10.1111/sipr.12033. [ CrossRef ] [ Google Scholar ]
Wheatley D, Buglass SL. Social network engagement and subjective well-being: A life-course perspective. The British Journal of Sociology. 2019; 70 (5):1971–1995. doi: 10.1111/1468-4446.12644. [ PubMed ] [ CrossRef ] [ Google Scholar ]
Yar M. The novelty of ‘Cybercrime’ European Journal of Criminology. 2005; 2 (4):407–427. doi: 10.1177/147737080556056. [ CrossRef ] [ Google Scholar ]
Yar, M., & Steinmetz, K. F. (2019). Cybercrime and society . SAGE Publications Limited.

McCombs School of Business

Español ( Spanish )

Videos Concepts Unwrapped View All 36 short illustrated videos explain behavioral ethics concepts and basic ethics principles. Concepts Unwrapped: Sports Edition View All 10 short videos introduce athletes to behavioral ethics concepts. Ethics Defined (Glossary) View All 58 animated videos - 1 to 2 minutes each - define key ethics terms and concepts. Ethics in Focus View All One-of-a-kind videos highlight the ethical aspects of current and historical subjects. Giving Voice To Values View All Eight short videos present the 7 principles of values-driven leadership from Gentile's Giving Voice to Values. In It To Win View All A documentary and six short videos reveal the behavioral ethics biases in super-lobbyist Jack Abramoff's story. Scandals Illustrated View All 30 videos - one minute each - introduce newsworthy scandals with ethical insights and case studies. Video Series

Case Study UT Star Icon

Cyber Harassment

After a student defames a middle school teacher on social media, the teacher confronts the student in class and posts a video of the confrontation online.

In many ways, social media platforms have created great benefits for our societies by expanding and diversifying the ways people communicate with each other, and yet these platforms also have the power to cause harm. Posting hurtful messages about other people is a form of harassment known as cyberbullying. Some acts of cyberbullying may not only be considered slanderous, but also lead to serious consequences. In 2010, Rutgers University student Tyler Clementi jumped to his death a few days after his roommate used a webcam to observe and tweet about Tyler’s sexual encounter with another man. Jane Clementi, Tyler’s mother, stated:

“In this digital world, we need to teach our youngsters that their actions have consequences, that their words have real power to hurt or to help. They must be encouraged to choose to build people up and not tear them down.”

In 2013, Idalia Hernández Ramos, a middle school teacher in Mexico, was a victim of cyber harassment. After discovering that one of her students tweeted that the teacher was a “bitch” and a “whore,” Hernández confronted the girl during a lesson on social media etiquette. Inquiring why the girl would post such hurtful messages that could harm the teacher’s reputation, the student meekly replied that she was upset at the time. The teacher responded that she was very upset by the student’s actions. Demanding a public apology in front of the class, Hernández stated that she would not allow “young brats” to call her those names. Hernández uploaded a video of this confrontation online, attracting much attention.

While Hernández was subject to cyber harassment, some felt she went too far by confronting the student in the classroom and posting the video for the public to see, raising concerns over the privacy and rights of the student. Sameer Hinduja, who writes for the Cyberbullying Research Center, notes, “We do need to remain gracious and understanding towards teens when they demonstrate immaturity.” Confronting instances of a teenager venting her anger may infringe upon her basic rights to freedom of speech and expression. Yet, as Hinduja explains, teacher and student were both perpetrators and victims of cyber harassment. All the concerns of both parties must be considered and, as Hinduja wrote, “The worth of one’s dignity should not be on a sliding scale depending on how old you are.”

Discussion Questions

1. In trying to teach the student a lesson about taking responsibility for her actions, did the teacher go too far and become a bully? Why or why not? Does she deserve to be fired for her actions?

2. What punishment does the student deserve? Why?

3. Who is the victim in this case? The teacher or the student? Was one victimized more than the other? Explain.

4. Do victims have the right to defend themselves against bullies? What if they go through the proper channels to report bullying and it doesn’t stop?

5. How should compassion play a role in judging other’s actions?

6. How are factors like age and gender used to “excuse” unethical behavior? (ie. “Boys will be boys” or “She’s too young/old to understand that what she did is wrong”) Can you think of any other factors that are sometimes used to excuse unethical behavior?

7. How is cyberbullying similar or different from face-to-face bullying? Is one more harmful than the other? Explain.

8. Do you know anyone who has been the victim of cyber-bullying? What types of harm did this person experience? Why or why not? Does she deserve to be fired for her actions?

Causing Harm

Causing harm explores the types of harm that may be caused to people or groups and the potential reasons we may have for justifying these harms.

Bibliography

Teacher suspended after giving student a twitter lesson http://www.cnn.com/2013/09/12/world/americas/mexico-teacher-twitter/index.html

Pros and Cons of Social Media in the Classroom http://campustechnology.com/Articles/2012/01/19/Pros-and-Cons-of-Social-Media-in-the-Classroom.aspx?Page=1

How to Use Twitter in the Classroom http://thenextweb.com/twitter/2011/06/23/how-to-use-twitter-in-the-classroom/

Twitter is Turning Into a Cyberbullying Playground http://www.takepart.com/article/2012/08/08/twitter-turning-cyberbullying-playground

Can Social Media and School Policies be “Friends”? http://www.ascd.org/publications/newsletters/policy-priorities/vol17/num04/Can-Social-Media-and-School-Policies-be-%C2%A3Friends%C2%A3%C2%A2.aspx

What Are the Free Expression Rights of Students In Public Schools Under the First Amendment? http://www.firstamendmentschools.org/freedoms/faq.aspx?id=12991

Teacher Shames Student in Classroom After Student Bullies Teacher on Twitter http://cyberbullying.us/teacher-shames-student-in-classroom-after-student-bullies-teacher-on-twitter/

Stay Informed

Support our work.

Download Maltego
Register for free
Product Roadmap
OSINT Profiler
Maltego Data Pass
Data Sources
Maltego Pro
Maltego Enterprise - OSINT Package
Maltego Enterprise - CTI Package
Maltego Community
Online Documentation
Blog, Case studies and Whitepapers
Contact Support
Legal Documents
Incident Response
Cyber Threat Intelligence
Fraud & Abuse
Corporate Investigations
Cyber Security Operations Incident Response Cyber Threat Intelligence
Trust & Safety Fraud & Abuse Corporate Investigations

Case Study: Ukrainian Cyber Police Fights Crime with Maltego

Maltego Team

The Cyber Police Department of the National Police of Ukraine was established in 2015 to detect and investigate all crimes committed using the information technologies and telecommunications. Since the beginning of the full-scale invasion of Ukraine, the Department has been actively involved in protecting Ukraine’s cyber defence and carrying out tasks related to cyber warfare, as a measure to counter the armed aggression of the Russian Federation.

The Department is tasked with leading various criminal investigations such as computer-related fraud, internet crimes, child abuse, and performing tasks related to protecting Ukrainian cyber infrastructure and more. Their day-to-day work requires them to gather and analyze information from OSINT, social media intelligence, infrastructure footprinting, and other data sources.

Maltego is widely used in daily activities of the Ukrainian Cyber Police 🔗︎

Since 2020, the Ukrainian Cyber Police Department has relied on Maltego to analyze digital traces of suspected individuals across the internet , including social networks, websites, forums, financial transactions, and other user activities across the surface web and the dark web. They use Maltego particularly for the execution and report generation of the following aspects of their criminal investigative work:

Discovering Relationships
Social Network Analysis
Person or Organization Profiling
Domains and IP Address Tracking

According to investigators of the Ukrainian Cyber Police Department, the main advantage of using Maltego is the possibility to apply a flexible approach.

Maltego’s strength lies in its capacity to visualize relationships among Entities, even when dealing with large volumes of data.

Ukrainian Cyber Police 🔗︎

Ultimately, Maltego enables the Ukrainian Cyber Police to quickly obtain information about the subject from the surface web and the deep and dark web.

Download this case study now to learn why the Ukrainian Cyber Police uses Maltego to uncover identities of malicious hackers’ and Russian military personnel.

Download the resource

By clicking on "Access", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

Case study: ccp games ensures game integrity with maltego.

Investigating the Alleged Leak of FSB Agents’ Phone Numbers

Unmasking a Darkweb Persona: scaryred24

Investigation into Europe’s Shadow Army: Exploitation of Refugees in the European Union

Investigating Fake Crypto Exchanges with Maltego, DomainTools & WhoisXML API

Newsletter. Be the first to know about our product updates, new data integrations, upcoming events, and latest use cases!

By clicking on "Subscribe", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

Maltego for Professionals
Maltego CTI (Cyber Threat Intelligence) Package
Maltego OSINT Package
Product Features
Product Update Roadmap
Channel Partners
Register for Community Edition
Reset Password for Community Edition
Transform Hub
Become a Data Partner
Press Mentions
Download logo
Documentation
Get Support
Impact Connect Program
#Madewithmaltego

Legal Notice
License Agreement
Data Processing Agreement
Data Privacy
Website Privacy
Cookie Policy

The first place to go when you need to know.
Map connected infrastructure to get ahead of threats.
Discover and monitor lookalike domains with unmatched speed and coverage.
Integrate DomainTools data with SIEM, SOAR, and other tools.
The world’s largest Passive DNS intelligence solution.
Unlock the power of 13+ years of historical passive DNS data, updated in real time.
The “on-premise” version of DNSDB API resulting in the fastest response time, unlimited query volume, and total query privacy.
Regular expression search across every label of a fully qualified domain name and select RData.
If it’s happening online, you’ll know.
Daily risk-scored domain list and targeted feeds.
Predictive risk scoring and infrastructure profiling.
Integrations
Enhance threat hunting and domain alerts in your preferred SIEM.
Create event playbooks and take targeted action with our leading domain intelligence.
Uncover actor infrastructure and profile threats in your preferred platform.
Transform threat data into intelligence with top security vendor partnerships.
VAR’s, Distributors, MSSP’s and System Integrators can grow revenue and improve margins.
Cyber Product and Service companies can quickly advance and differentiate your solution.
Cyber Technology Companies enhance and expand your capabilities.
See the Internet. Identify risk.
Gain the early upper hand on emerging campaigns.
Make unknown threats known before they do damage.
Defend your brand and reputation.
Discover “who is” behind attacks and threats.
Build homegrown or third-party security applications with the world’s best Internet intelligence.
Strengthening cybersecurity resilience across government systems.
Increasing the financial sector’s resilience against attacks.
Bolstering protection and defenses for PII and PHI.
Helping defenders of the high-tech attack surface.
Safeguarding against data breaches, consumer-based attacks, phishing, BEC, and other threats.
Meet our exceptional executive team of experts and industry leaders.
Join our team to collaborate with exceptional people who are dedicated to protecting the Internet.
Access the latest DomainTools news and press coverage.
We’re here to help with product info, pricing, and current and future account services.
Resource Center
Explore our library of thought leadership articles and insights.
Watch live and on-demand cybersecurity training from the DomainTools team.
Stream informative and exclusive episodes of DomainTools “Breaking Badness” podcast.
Discover the real-world impact of DomainTools DNS intelligence.
Navigate DomainTools features effortlessly with our comprehensive guides.
Access everything you need, including endpoint, response formats, sample queries, and product service levels.
Explore our in-depth Frequently Asked Questions by category to get the answers you need.
Featured DomainTools Reports The DomainTools Report: Spring 2023 Edition Read More
Support and Learning
Request a Demo

The Resurgence of the “Manipulaters” Team - Breaking HeartSenders

Share this entry.

Share on Facebook
Share on Twitter
Share on Linkedin
Share by Mail

The Pakistan-based “Manipulaters” (their corruption of the word “manipulators”) represent a notorious and, in some respects, pioneering cybercrime empire. The Manipulaters have a decade-long history of selling phishing kits, spamming services, and malware. This history spans dozens of cybercrime marketplaces and the malicious domains associated with them are measured in the tens of thousands. The Manipulaters have enabled countless attacks against enterprises and customers; most security teams at Fortune 100 companies have encountered their deployed phishing kits or received spam from their mailers.

Nearly nine years ago, Brian Krebs released research on the Manipulaters Team , a fraud group that tricked people into giving up usernames and passwords via fake bank and e-commerce sites. Since then, the Manipulaters claimed to be turning over a new leaf–righting their wrongs and refraining from running large fraud schemes.

In 2021, Krebs reviewed the social media postings from the Manipulaters which showed they were prospering, while rather poorly hiding their activities behind a software development firm in Lahore that secretly enabled an entire generation of spammers and scammers.

In late 2023, our researchers stumbled upon a set of domains that linked back to their organization. That triggered the subsequent investigation into the historical domain and host records that unearthed that the Manipulaters have profited for more than a decade by selling vast quantities of phishing kits, commodity malware and spamming services, and more – eventually expanding into selling web domains, both for their own use as well as resale to other criminals. Coincidentally, in early 2024 and apropos of nothing, the Manipulaters reached out directly to Krebs asking for his removal of previous stories on their exploits.

Though lacking the technical sophistication many other large cybercrime vendors have, their most notable characteristic is being one of the earliest phishing-focused cybercrime marketplaces to horizontally integrate their business model while also spreading their operations across several separately branded shops. Unfortunately for them, another notable characteristic is a history of severe operational security inconsistencies.

Using a combination of domain-related data and open-source intelligence (OSINT) techniques, DomainTools Research identified dozens of Manipulaters cybercrime marketplaces that show a threat actor group that represents a growing concern. This concern is not limited to innocent consumers and enterprises; a series of operational security failures call into question the integrity of their criminal enterprise and may even suggest some of their customers are also targets. Ironically, the most significant risk to Manipulaters’ customers might be the Manipulaters themselves.

This piece explores both facets of this prolific, but perhaps enigmatically flawed, group.

The Role of Cybercrime Marketplaces

Cybercrime marketplaces serve a foundational role in the underground economy. These marketplaces exist primarily as a storefront for cybercrime service offerings but can also become de facto communities. Such communities can enable cybercrime in several ways, including driving innovation by associating cybercrime with financial reward, refining new techniques and methods that benefit members of the group, and lowering the technical barriers to entry to cybercrime by providing tools developed by others. Importantly, removing technical barriers to entry also increases the addressable market such cybercrime marketplaces cater to.

Marketing Apparatus

What the Manipulaters lack in technical sophistication, they make up for in scale and scope. Whereas other cybercrime groups seek to build an iconic brand, the Manipulaters prefer to deploy dozens of cybercrime shops using different names. This strategy is likely based on several motivating factors, including:

Spreading risk across many domains makes the takedown of a single domain less operationally disruptive and may help avoid law enforcement scrutiny by appearing small.
Operating several brands allows for reputation laundering if a customer accuses them of being a scam or offering low-quality products.
Saturating the underground economy with seemingly disparate products and services that make new entrants less likely to compete.

The Long Road to Now

The Manipulaters are rapidly expanding operations following a period of relative inactivity after journalist Brian Krebs identified several of their members . This expansion appears to focus more on spamming tools and sender services, likely because of the overabundance of phishing kits and the relative ease of cloning them is less profitable than a services model.

Evidence suggests that new members have joined and at least one early member of the Manipulaters left the group. They appear to have a physical presence in Pakistan, including Lahore, Fatehpur, Karachi, and Faisalabad.

The Manipulaters have a long history of selling phishing kits, account checkers, proxy and RDP access, “bulletproof” hosting, and forged identity documents. Regarding software applications, they often rebrand or cobble together existing tools. Their priority now appears to be selling spam services.

The domain wecodesolutions[.]pk is closely associated with the Manipulaters. This domain proves useful in collecting additional domains associated with the host 191.101.164[.]254 (Figure 1). Two domains are of particular interest:

lak3code[.]com

The interface shown in Figure 2 resembles one featured in an advertisement for “Office 365 Private Page with Antibot” posted on heartsender[.]com, another Manipulaters storefront (Figure 3). The ad includes a list of features used in modern phishing campaigns combined with a management panel.

mrcodertools[.]com

The path /web/site/login appended to the domain mrcodertools[.]com reveals a management panel named “HeartSender” that resembles the one found at lak3code[.]com/web/site/login (Figure 4). Several menu items are notable: user requests, announcements, advertisements, and user feedback. Most of these pages require an authenticated user to access them. Some, however, do not.

The “Advertisements” screen contains a data table with more than 10,700 rows. Each entry includes a specific software product the Manipulaters sell (Figure 5). This panel may also represent part of the apparatus the Manipulaters use to manage customers and promote their services.

The “Create Advertisement” page is similarly accessible by an unauthenticated user. The dropdown menu for the field “Software Type” reveals the names of several products: HeartSender, FudSender, ClaySender, InboxXploiter, XploiterEmailVerifier, D29Sender, and AccountChecker (Figure 6). These product names proved helpful.

Building a query in DomainTools Iris Investigate for domains containing the product names listed in Figure 6 returns several results, including 117 domains, several hosts, and notable email addresses closely associated with the Manipulaters like saim.raza1338@gmail[.]com (Figure 7). These results offer helpful footholds and pivots to identify additional Manipulaters-controlled domains and infrastructure.

Introducing HeartSender

The heartsender[.]com storefront focuses on email and email-to-SMS spamming services (Figure 8). Customer response in cybercrime communities to HeartSender has been largely positive and represents a meaningful technical advancement for the Manipulaters, especially its improved email-to-SMS spamming capabilities (Figure 9). The latest person to join the Manipulaters could be the reason for the improved capabilities.

A code snippet found on another Manipulaters domain may offer insight into how the Node.js version of HeartSender works (Figure 10).

The Javascript function generateXML() dynamically constructs an XML string based on form field values using string concatenation and interpolation. This XML corresponds to a predefined scheme for sending emails using HeartSender. Perhaps the most notable portions of “main.js” are found in the <Settings> element. These elements exist to evade spam filters and detection generally, including <PauseEvery> , <Delay> , <BodyTransferEncoding> , <LetterEncoding> , <LetterEncryption> , and <LinkEncoding> .

The desktop version of HeartSender also deserves particular attention, but for different reasons.

Additional Pivots From the HeartSender Demo and a Pakistan IP Address

A screenshot of HeartSender 4.00.11’s interface displays the IP address 175.107.237[.]55 (Lahore, Pakistan) (Figure 11). This IP address is associated with several accounts, including the email addresses fudtoolshop@gmail[.]com, bodla057@gmail[.]com, mr6450465@gmail[.]com, and admin@coderteam[.]in. It is also associated with the usernames “saimraza786” and “mrbodla.” These naming conventions and aliases closely match those historically tied to the Manipulaters.

Domain registrations associated with the email address “fudtoolshop@gmail[.]com” return nearly 500 domains, many flagged as high risk in DomainTools Iris Investigate. The email address bodla057@gmail[.]com returns a domain registration for bodla[.]info with registrant “Hamza Bodla” in Fatehpur, Pakistan.

From HeartSender to dozens of Manipulaters-run shops

The host 185.11.145[.]254 has long been associated with Manipulaters activity and revealed dozens of deployed shops.

The Manipulaters often pair shop domains with domains containing tutorials and promotional videos for their products, providing a helpful point of reference for mapping the group’s domain footprint. Some of these domains include:

Trouble on the Horizon Targeting USPS-Related Impersonation and Session Cookie Grabbing

The Manipulaters’ newfound interest in email-to-SMS spam could be in response to the massive increase in smishing activity impersonating the USPS . Proofs posted on HeartSender’s Telegram channel contain numerous references to postal service impersonation, including proving delivery of USPS-themed phishing lures and the sale of a USPS phishing kit (Figures 13-14).

The Manipulaters appear to favor spamming services paired with session cookie grabbers, including operating a cybercrime shop focused almost exclusively on cookie theft and even creating an account named grabber@fudteambilling[.]com (Figure 15). This dangerous combination can make account takeover activity much less detectable than traditional credential phishing.

A Case Study in Technical Debt and Sloppy Authentication

Ironically, the Manipulaters may create more short-term risk to their own customers than law enforcement. The data table “User Feedbacks” (sic) exposes what appear to be customer authentication tokens, user identifiers, and even a customer support request that exposes root-level SMTP credentials–all visible by an unauthenticated user on a Manipulaters-controlled domain. Given the risk of abuse, this domain will not be published.

There is so much more, however. Breach records associated with the unnamed domain and other domains used by the Manipulaters reveal a large online footprint paired with several severe operational security failures.

When It Rains, It Pours

Research suggests that several PCs associated with the Manipulaters have been compromised by stealer malware for a considerable amount of time, exposing vast swaths of account-related data along with an outline of the group’s membership, operations, and position in the broader underground economy. Curiously, the large subset of identified Manipulaters customers appear to be compromised by the same stealer malware. All observed customer malware infections began after the initial compromise of Manipulaters PCs, which raises a number of questions regarding the origin of those infections.

These breach records can be divided into three clusters. Overlap exists between activity clusters likely because several people were working on the same projects.

Cluster “Adnan”

Associated usernames: adnan, grabber, harsh, mrcoder, xleet

Associated email addresses: admin@fudsender[.]club, admin@fudsender[.]com, admin@heartsender[.]com, f.udtoolshop@gmail[.]com, fudscam@fudsender[.]com, fudsender.utube@gmail[.]com, fudspam.toolss@gmail[.]com, fudspam@hotmail[.]com, fudtool786@gmail[.]com, mohsinaseller@gmail[.]com, mr.codertools@gmail[.]com, saim.pays@gmail[.]com, xleet@fudsender[.]com

Associated domains: busypaymant[.]com, fudsell[.]com, fudsender[.]com, fudsender[.]store, fudteambilling[.]com, fudtool[.]su, fudtoolshop[.]com, fudtoolvideos[.]com, mrcodertools[.]com, profud[.]tools, provip[.]tools, saimraza[.]com

Cluster “Imran”

Associated usernames: fudtoolr, imran231, saimraza786, turbopk

Associated email addresses: abdulrehman940@gmail[.]com, admin@buyspamtools[.]com, admin@fudsender[.]com, admin@fudteam[.]com, admin@remitciti[.]com, admin@turbopk[.]net, ikorai99@gmail[.]com, info@shahg[.]co, itmalik91@gmail[.]com, itwebs92@gmail[.]com, saim.raza1338@gmail[.]com, sh4hgh3x0r@gmail[.]com

Associated domains: billing.saimraza[.]info, fudtoolshop[.]com, fudtoolvideos[.]com

Cluster “Bodla”

Associated usernames: live:fudtoolshop, mr6450465, mrbodla, mrbodlah, saimraza007, saimraza123, saimraza786

Associated email addresses: admin@coderteam[.]in, admin@fudteam[.]com, bodla0143@gmail[.]com, bodla057@gmail[.]com, fudtool786@gmail[.]com, fudtoolshop@gmail[.]com, help.alizain@gmail[.]com, henrylukeusa@gmail[.]com, mr6450465@gmail[.]com, osamaevee2000@gmail[.]com, sahrn512@gmail[.]com

Associated domains: bodla[.]info, coderteam[.]in

Conclusion, Where Do We Go From Here?

The Manipulaters offer illustrative examples of how cybercrime vendors integrate into the broader underground economy. In the decade they have been active, the Manipulaters have appeared in and created many different marketplaces selling phishing kits, malware, spamming services and more. Most recently, DomainTools Research has found them moving into email-to-SMS services with HeartSender, as well as pairing spamming services with session cookie grabbers. We have also found some of their infrastructure seems to be accessible by unauthenticated users and that some of their (and their customers’) infrastructure has been compromised by malware.

Given the Manipulaters’ resurgence and improved capabilities, DomainTools Research urges businesses and consumers to remain vigilant against threat actor groups like the Manipulaters and those they enable with their products and services.

Download our Security Bulletin for more additional background details on the Manipulaters and to explore the role of historical Whois and DNS data in mapping a domain-focused threat actor’s footprint.

For free 2024 lists of domains, email addresses, and usernames associated with the Manipulaters and a non-exhaustive collection of domains from 2015 to early 2018, visit our SecuritySnacks GitHub Repo .

Active Shops – 03.25.24:

bulktools[.]su buyfreshtools[.]com buyspampages[.]com buyspamtool[.]com buyspamtool[.]ru claysender[.]com d29sender[.]com freespamtool[.]com freshscampages[.]com freshspamtool[.]com freshtoolshop[.]com fudfreshtools[.]com fudlinkheartsender[.]com fudpage[.]com fudpagetools[.]com fudscampages[.]com fudscams[.]net fudsender[.]com fudsender[.]live fudsender[.]ru fudspam[.]com fudspam[.]su fudtools[.]com gxsender[.]com heartsender[.]com heartsenderscampages[.]com inboxxploiter[.]com newspamtools[.]com nodesender[.]com officesender[.]com scampageshop[.]com smtpshop[.]com spamfather[.]com spamtoolx[.]com stroxshop[.]com toolsplug[.]com xleetshop[.]com

Email addresses:

admin@buyspamtools[.]com admin@claysender[.]com admin@coderteam[.]in admin@fudsender[.]club admin@fudsender[.]com admin@fudsender[.]store admin@fudspam[.]tools admin@fudteam[.]com admin@heartsender[.]com admin@remitciti[.]com admin@turbopk[.]net afaqkhan.khan334@gmail[.]com ahmadbodla@yahoo[.]com aliraza0347601@gmail[.]com askimran.33@gmail[.]com bluebtcus@gmail[.]com bodla_143@yahoo[.]com bodla0143@gmail[.]com bodla057@gmail[.]com burhanahmad107@hotmail[.]com emraanmurtaza9@gmail[.]com f.udtoolshop@gmail[.]com faisal_awan2011@yahoo[.]com freshtoolsshop@gmail[.]com fud.tool.s@gmail[.]com fudpages@gmail[.]com fudpagez@gmail[.]com fudscam@fudsender[.]com fudsender.utube@gmail[.]com fudspam.toolss@gmail[.]com fudspam@hotmail[.]com fudtool786@gmail[.]com fudtoolshop@gmail[.]com grabber@fudteambilling[.]com gxsender@hotmail[.]com hamzaseller@gmail[.]com heartsender123@gmail[.]com heartsenderupdates@gmail[.]com ikorai99@gmail[.]com imranmurtaza03@gmail[.]com imranmurtaza323@gmail[.]com info@shahg[.]co itwebs92@gmail[.]com javidtabiseller@gmail[.]com mohsin@gmail[.]com mohsinaseller@gmail[.]com mr_coder@inbox[.]ru mr.codertools@gmail[.]com mr6450465@gmail[.]com mrbodla@gmail[.]com mrbodla@yahoo[.]com osamaevee2000@gmail[.]com pakfunplus91@gmail[.]com privatetools26@yahoo[.]com rainyeyes143@gmail[.]com saim.pays@gmail[.]com saim.raza1338@gmail[.]com saim.raza933@gmail[.]com saimmalik123@yahoo[.]com saimraza1992@gmail[.]com sanwal_raza66@yahoo[.]com sh4hgh3x0r@gmail[.]com smtpshop.su@yahoo[.]com sunnyseller@gmail[.]com support@mr-coder[.]com talhasheikh918@gmail[.]com xitforum00@gmail[.]com xleet@fudsender[.]com

adminfreshscampages buyfreshtool clay_sender clayadmin d29admin d29sender d29senderupdate freshfud_tools freshscampagesadmin fud spam fud_page fudfreshtool fudpages fudpagesadmin fudsender fudspam_com fudtool fudtoolshop hamzabodla heartsender imran33 krank007 fudtoolshop mr-coder mrbodla mrbodlah mrcoder node_sender nodesenderadmin rainy_eyes rameez786 saadaliadmin saimraza saimraza007 saimraza786 sunny_bodla057

A Look Back on "The Manipulaters"

[Special Report] Father Phishmas, Give Us The Money

Merry Phishmas: Beware US Postal Service Phishing During the Holidays

Enhancing dnsdbq Output With Geolocation Data

We need an American Girl who bolsters cybersecurity

Nowhere Near Extinction: Mastodon One Year Later

Threat Intelligence
Phishing and Fraud Prevention
Threat Hunting
Brand Protection
Forensics & Incident Response
Application Enrichment
Federal Government
Financial Services
Iris Detect
Iris Enrich
Iris Investigate
Farsight DNSDB
Predictive Risk Scoring
Hosting IP Risk Feed & Hotlist
Domain Risk Feed & Hotlist
Domain Visibility Feed
Domain Discovery Feed
Farsight Newly Active Domains
Farsight Newly Observed Hostnames
Farsight Newly Observed Domains
DomainTools Monitors
Cortex XSOAR
CrowdStrike
IBM Resilient
Splunk SOAR
TheHive and Cortex
Reseller Partner
Technology Partners
MSSP Partners
OEM Partners
Partner Portal
API Documentation

Cyber Security Today, April 3, 2024 - New Linux vulnerability is found, and a must-read ransomware case study Cybersecurity Today

This episode reports on a data breach at OWASP, Google to delete data it collected in Incognito Mode, and more

More Episodes

Unprecedented GPS jamming attack affects 1600 aircraft over Europe

A 63-hour-long marathon of GPS jamming attacks disrupted global satellite navigation systems for hundreds of aircraft flying through the Baltic region – and Russia is thought to be responsible

By Jeremy Hsu

29 March 2024

GPS attacks can interfere with the safe operation of aircraft

Marko Hannula / Alamy

Russia is suspected of launching a record-breaking 63-hour-long attack on GPS signals in the Baltic region. The incident, which affected hundreds of passenger jets earlier this month, occurred amid rising tensions between Russia and the NATO military alliance more than two years since the start of Russia’s full-scale invasion of Ukraine .

“We have seen an increase in GPS jamming since the start of Russia’s war against Ukraine, and allies have publicly warned that Russia has been behind GPS jamming…

Sign up to our weekly newsletter

Receive a weekly dose of discovery in your inbox! We'll also keep you up to date with New Scientist events and special offers.

To continue reading, subscribe today with our introductory offers

No commitment, cancel anytime*

Offer ends 2nd of July 2024.

*Cancel anytime within 14 days of payment to receive a refund on unserved issues.

Inclusive of applicable taxes (VAT)

Existing subscribers

More from New Scientist

Explore the latest news, articles and features

Knowing how to hack will be vital in a cybercrime-filled future

Subscriber-only

ChatGPT can be made to write scam emails and it slashes their cost

Pegasus review: terrifying exposé of the world's most powerful spyware, spoofing cyberattack can make cameras see things that aren’t there, popular articles.

IMAGES

Cyber Crime & Case studies
Cybercrime: Rising Concern to Cyber World
(PDF) A Qualitative Case Study of Cybercrime Types on Ahmadu Bello
(PDF) Cybercrime case on social media in Indonesia
10 Different Types of Cybercrime in 2023 (Best Explained)
14 Most Common Types of Cyber Attacks (and How to Prevent Them)

VIDEO

Digital Forensics Case B4DM755 TryHackMe
क्यों बढ़ रहे है ONLINE SCAMS ॥ #shortsvideo #scamshorts
MS SecOps Exam Study 8
Strengthening own self to avoid victimization from Cyber Crime
What is Cyber Kidnapping? Real Incident Case Study
Case-Study : How to Enhance Vulnerability Management with Analytics AND Intelligence

COMMENTS

Top 10 cyber crime stories of 2021
Here are Computer Weekly's top 10 cyber crime stories of 2021: 1. Colonial Pipeline ransomware attack has grave consequences. Though it did not trouble the fuel supply at petrol stations in the ...
Cybercrime Investigation Case Studies: An Excerpt from Placing the
2 Cybercrime Investigation Case Studies. recovered. So, a statement that electronic evidence may be recovered in a specific situation literally means maybe, because it depends on other factors. Usually, the answer as to whether a forensic artifact of evi-dence can be recovered is simply, it depends.
Unpacking Cyber Crime: In-depth Analysis and Case Studies
Depicting Major Cyber Crime Case Studies. When regarding the multifaceted arena of cybercrimes, a few notorious examples have made all the difference in shaping both legislative processes and public perception. These archetypical scenarios paint a stark picture of the danger posed by cybercriminals and the significant, often devastating ...
Cybercrime case studies
Jin and Bella's business computers were infected with ransomware via a suspect email just before tax time. This ransomware locked down the business' platform so that clients were unable use the portal. The cybercriminals demanded $100,000 in Bitcoin, a cryptocurrency, to restore the network. Jin and Bella refused to pay.
PDF A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach Nelson Novaes Neto, Stuart Madnick, Anchises Moraes G. de Paula, Natasha Malara Borges Working Paper CISL# 2020-07 ... New data protection and privacy laws and recent cyber security regulations, such as the General Data Protection Regulation (GDPR) that went into effect in Europe in 2018, ...
PDF The Hacking of Sony Pictures: A Columbia University Case Study
This Columbia University case study explores this landmark attack, which underlined the importance of a well-coordinated cyber crisis management and public relations response following a cyber attack as much it reaffirmed the need for strong information security programs and investments prior to its occurrence.
The biggest cyber attacks of 2023
The biggest cyber attacks of 2023. High-profile ransomware attacks dominated 2022's headlines. Patrick O'Connor explores 2023's biggest cyber attacks and lessons we can all learn. 'Prediction is very difficult, especially if it's about the future,' said Niels Bohr, the father of the atomic model and a Nobel Laureate.
Case Study: Viasat Attack
Case study of the Russian Viasat attack that impacted telecommunication systems in Ukraine on February 24th 2022. ... These documents, such as UN agreements, cyber strategies and multistakeholder efforts, help provide a better sense of the context in which this attack occurred. Independent evaluation of these documents in relation to this case ...
The 15 Cybercrime Stories That Will Make You Care More About Cybersecurity
15. Hotel managers and clients had nightmares due to one lock hack. In this Forbes story, reporters chronicles the chaos experienced by hotel managers and the panic felt by their customers after a burglar used online hacking tools to bypass the electronic locks on the doors. "I had dreams about it for many nights.
Understanding cybercrime in 'real world' policing and law enforcement
This increase in, and shift to, cybercrime, combined with interchangeable and often confusing terminology, has led to recent suggestion that the prefix 'cyber-' may soon become redundant, as almost all crimes will be touched by technology (Furnell and Dowling, 2019).Indeed, all serious and organised crimes investigated now feature some encryption, and the Internet is used in the ...
Small Business Cybersecurity Case Study Series
The following Case Studies were created by the National Cyber Security Alliance, with a grant from NIST, and should prove useful in stimulating ongoing learning for all business owners and their employees. Case 1: A Business Trip to South America Goes South Topic: ATM Skimming and Bank Fraud; Case 2: A Construction Company Gets Hammered by a ...
Cybercrime
Case Study 3: Hacking . Hacking is the process of gaining unauthorized access to a computer system. Consider the following set of facts from United States v.Morris, 928 F.2d 504, (March 7, 2001): . In the fall of 1988, Morris was a first-year graduate student in Cornell University's computer science Ph.D. program.
Financial cybercrime and fraud
In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on anti-money laundering (AML) controls alone in 2017. The crimes themselves, detected and undetected, have become more numerous and costly than ever. In a widely cited estimate, for every dollar of fraud institutions lose ...
10. Case study: Combatting cyber threats, disinformation, and Internet
The International Telecommunication Union has warned of a growing cyber capacity gap, with least developed countries especially lacking the resources, technological know-how and cybersecurity ecosystem to effectively mitigate the growing cyber risks and prepare for "opportunistic actors that [take] advantage of our desire for information ...
Introduction: new directions in cybercrime research
Dr. Tamar Berenblum is the research director of the The Federmann Cyber Security Center - Cyber Law Program, Faculty of Law, the Hebrew University of Jerusalem, Israel, and the co-chair of the European Society of Criminology (ESC) Working Group on Cybercrime. Tamar is also a Post-Doc Research Fellow at the Netherlands Institute for the Study of Crime and Law Enforcement (NSCR), Netherlands ...
(PDF) Case Studies of Cybercrime and its Impact on ...
This study examines 10 case studies of publicly traded companies affected by cybercrime, and its impact on marketing activity and shareholder value. The study also describes some of the major ...
Exploring the global geography of cybercrime and its driving forces
This study considers cybercrime as a social phenomenon and constructs a theoretical framework that integrates the social, economic, political, technological, and cybersecurity factors that ...
Cybercrime Victimization and Problematic Social Media Use: Findings
In this study, we define cybercrime as illegal activity and harm to others conducted online, and we focus on self-reported experiences of cybercrime victimization. ... As in the case of risk exposure, different operationalizations of proximity to offenders may predict victimization more strongly than others. For instance, ...
Cyber Harassment
Cyber Harassment. After a student defames a middle school teacher on social media, the teacher confronts the student in class and posts a video of the confrontation online. In many ways, social media platforms have created great benefits for our societies by expanding and diversifying the ways people communicate with each other, and yet these ...
Case Study: Ukrainian Cyber Police Fights Crime with Maltego
Ukrainian Cyber Police 🔗︎. Ultimately, Maltego enables the Ukrainian Cyber Police to quickly obtain information about the subject from the surface web and the deep and dark web. Download this case study now to learn why the Ukrainian Cyber Police uses Maltego to uncover identities of malicious hackers' and Russian military personnel.
The Role of Cybercrime Marketplaces
The Pakistan-based "Manipulaters" (their corruption of the word "manipulators") represent a notorious and, in some respects, pioneering cybercrime empire. The Manipulaters have a decade-long history of selling phishing kits, spamming services, and malware. This history spans dozens of cybercrime marketplaces and the malicious domains associated with them are measured in the tens of ...
Cyber Security Today, April 3, 2024
A new Linux vulnerability is found and a must-read ransomware case study. Welcome to Cyber Security Today. It's Wednesday, April 3rd, 2024. I'm Howard Solomon, contributing reporter on ...
Cyber Security Today, April 3, 2024
Cyber Security Today, April 3, 2024 - New Linux vulnerability is found, and a must-read ransomware case study Cybersecurity Today Tech News This episode reports on a data breach at OWASP, Google to delete data it collected in Incognito Mode, and more. More Episodes; This episode reports on a data breach at OWASP, Google to delete data it ...
Unprecedented GPS jamming attack affects 1600 aircraft over Europe
A 63-hour-long marathon of GPS jamming attacks disrupted global satellite navigation systems for hundreds of aircraft flying through the Baltic region - and Russia is thought to be responsible

Unpacking Cyber Crime: In-depth Analysis and Case Studies

Types of Cyber Crime

Historical Perspective of Cyber Crime

Depicting Major Cyber Crime Case Studies

Impact of Cyber Crime on Individuals and Society

Prevention and Mitigation Strategies

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

On this page:

Case study: David – through the eyes of the parent

How was David affected?

Case study: Amara – a retired widow

How was Amara affected?

Case study: Jin and Bella – small business owners

How were Jin, Bella and their clients affected?

Case study: Aisha – a teacher

How was Aisha affected?

Cybercrime Strategy 2022–2027

Related links

Share this page

The 15 Internet Crime Stories That Make Cybersecurity Measures Essential

1. The mom whose laptop was locked down by a ransomware attack

Find out what steps to take for your protection: WHAT IS RANSOMWARE AND 9 EASY STEPS TO KEEP YOUR SYSTEM PROTECTED

The story: In Ashley Madison’s wake, here’s one man’s story of sex, sorrow and extortion

The story: How hackers took over my computer

The story: Hackers Remotely Kill a Jeep on the Highway—With Me in It

The story: My PC got hacked by troldesh ransomware. please is there anyone who can help.

The story: So my WoW account got hacked… twice.

The story: OPM got hacked and all I got was this stupid e-mail

The story: My mom fell for a scam artist on Match.com—and lived to tell the tale

The story: Top Democrat’s emails hacked by Russia after aide made typo, investigation finds

The story: How I Lost $1,350 by Falling for the Same Internet Scam Twice in One Week

While a scary and multifaceted attack, it is possible to protect yourself against these types of threats. Here are 20 SECURITY STEPS YOU SHOULD TAKE TO PREVENT IDENTITY THEFT.

The story: I work at Sony Pictures. This is what it was like after we got hacked.

The story: Don’t use public Wi-Fi when reading this article.

The story: Amazon’s customer service backdoor

If you rely on electronic locks and other IoT devices to secure your belongings, this guide will be very useful: IOT SECURITY – All You Need To Know And Apply

The story: China-backed hackers ‘targeted COVID-19 vaccine firm Moderna’

Leave a Reply (Cancel Reply)

Small Business Cybersecurity Corner

Financial crime and fraud in the age of cybersecurity

The evolution of fraud and financial crime

Financial crime or fraud?

Bringing together financial crime, fraud, and cyber operations

From collaboration to holistic unification

The imperative of integration

Strategic prevention: Threats, prediction, and controls

Efficiencies of scale and processes

Data, automation, and analytics

The customer experience and digital trust

A holistic view

How to proceed?

Processes and activities

People and organization

Data, tools, and technologies

Explore a career with us

The new frontier in anti–money laundering

Flushing out the money launderers with better customer risk-rating models

Cybersecurity and the risk function

Exploring the global geography of cybercrime and its driving forces

Similar content being viewed by others

Persistent interaction patterns across social media platforms and over time

Negativity drives online news consumption

A cross-verified database of notable people, 3500BC-2018AD

Introduction

Conceptual framework

Cybercrime data

Explanatory variables

Generalised linear models (GLMs)

Structural equation modelling (SEM)

Spatial distribution of cybercrime IPs

Major factors influencing cybercrime

Estimated effect of factors on cybercrime

Pathways of factors for cybercrime

Data availability

Acknowledgements

Author information

Contributions

Corresponding author

Ethics declarations

Ethical approval