peterzayda - stock.adobe.com
It is vital to gain insight into the motives, working methods and earning models of cyber criminals to better understand the effectiveness of security measures.
Research into the human factor in cyber crime is still in its infancy, both in the Netherlands and internationally.
One person taking a close look at the subject is Rutger Leukfeldt, senior researcher on cyber crime at the Netherlands Institute for the Study of Crime and Law Enforcement (NSCR) and lecturer on cyber security in small and medium-sized enterprises (SMEs) at the Haagse Hogeschool in the Netherlands.
Leukfeldt says much current research in the field of cyber crime and cyber security is technological by nature. “In addition, research into the legal and privacy aspects [of cyber crime] has been conducted for a long time, but the number of studies that focus on the non-technical aspects is extremely small,” he says.
But Leukfeldt is confident that this will improve because he sees a growing awareness of the importance of insight into the person behind the cyber criminal. “It is a multidisciplinary issue,” he says. “Research into perpetrators, their motives and earning models should not be carried out by technicians, but by psychologists and criminologists.”
Finding out what kind of people become cyber criminals offers opportunities to determine the right interventions, he adds.
This is not a matter of understanding how one specific company can protect itself against cyber crime, but about how a country can put up a better fight against cyber crime, says Leukfeldt. “This is not just a task for the police and the judiciary, but is a public-private matter,” he says. “It is important to know what kind of criminal network we are dealing with, how well its members know each other, whether there is a solid business model behind it or whether it is mainly opportunistic crime.
“Then you are in a much better position to set up your investigation policy, because you know what you’re talking about.”
As well as the organised gangs, there are also individual cyber criminals to consider, says Leukfeldt. “Think of the classic image of a hacker who, in the attic of his parents’ house, first shuts down his school’s systems and then goes on and on. When these individual offenders are arrested, it is important to know whether the traditional intervention methods used in regular crime also work for these criminals.”
Read more about young hackers
- “Fan” who broke into Apple’s mainframe from his home in Melbourne has avoided prison because the information he gathered was recovered.
- An initiative in Rotterdam is helping young people get into the IT sector by targeting those overlooked by traditional methods.
- Young hackers in the Netherlands are being rehabilitated through punishments that educate rather than incarcerate.
Leukfedt questions whether it make sense to send hackers to prison or have them carry out community service. “Or are other methods needed for this type of offender to ensure that they no longer commit cyber crime?” he says. “We don’t know these things yet, although there have been experiments with alternative punishments for cyber criminals this year.”
Various studies have suggested that hackers tend to be young and a better understanding of them and early intervention can steer them clear of problems in the future, says Leukfeldt. “In general, cyber criminals are younger than regular criminals,” he points out.
Youngsters used to get into mischief outside in the street, but now, young people cause trouble online as well, says Leukfeldt. “It is important to understand how to put them in the right direction,” he adds.
The rapid technological developments of today make it almost child’s play to carry out a criminal attack, he says. For example, distributed denial of service (DDoS) and malware scripts have been available online for years.
“Also, it is childishly easy to get instructions and explanations on how to carry out an attack at the dark web,” says Leukfeldt. So does this mean that that the number of occasional cyber criminals will increase dramatically in the coming years?
“It can be very easy to get sucked into what is happening there, probably easier than in the offline world, because it is much more accessible,” says Leukfeldt. “Still, it remains to be seen whether this will actually happen, because that would mean that a very high percentage of young people would be cyber criminals, and that seems to me to be a bit strong.”
Factors in criminal behaviour
Several factors are involved before people start showing criminal behaviour, and the opportunity alone does not seem to be enough, says Leukfeldt, who recently secured a four-year grant to investigate the ways in which people end up in cyber crime.
Leukfeldt is also one of the authors of the research agenda The human factor in cyber crime and cyber security, which was presented to Dutch scientific research organisation NWO in 2017. The document provides guidance for future research by formulating the main research questions and mapping out innovative research methods and datasets.
“With this research agenda, we want to give direction to fragmented research,” he says. “I hope that NWO and equivalent international organisations make funds available for further research into the human factor in cyber crime.”
Various ministries in the Netherlands government have also shown interest, but it is not easy to obtain funding because the studies cost a lot of time and money, and there is generally little money available for this type of research.
Nevertheless, gaining insight is very important to help prevent cyber crime, says Leukfeldt. “For example, we see a new type of perpetrator emerging that we have not seen in regular crime,” he says. “In the digital world, we see very young people who do not have the traditional characteristics of organised criminals. It is important to gain more insight into this.”