Computer scientists tend to focus on the technical aspects of cybercrime whereas for criminologists it is the human side that takes centre stage. But these two worlds are rapidly becoming one. The time has come for a new analytical framework for studying cybercrime.
‘Cybercrime has been used to describe a wide range of offenses,’ says Wytske van der Wagen, assistant professor within the Department of Criminology at Erasmus School of Law. ‘On the one hand, you have the digital equivalents of traditional crime, such as online shopping scams on eBay. On the other, you have cybercrime for which a digital infrastructure is not only a means but also a target. Think of unauthorised access to a computer, botnets, ransomware or shutting down a power grid.’ In her research, she mainly focusses on this latter, technical kind of cybercrime.
A closer look at the relationship between man and machine
Such technical cybercrime has dynamic attributes not observed in traditional crime. Think of automation, whereby a single mouse click can cause a lot of damage, or of a computer virus that, once released, spreads on its own, perhaps even wreaking unintended havoc. Right now, it still is a human perpetrator outsourcing certain tasks to a machine. But the role of the machine is ever-increasing. ‘With artificial intelligence on the rise, it may be the machine making most decisions,’ Van der Wagen says. ‘Some “pre-digital” criminological concepts and theories may remain applicable, with perhaps some adaptation required. But there is a knowledge gap when it comes to understanding how perpetrators and technology influence each other.’
The role of the machine in cybercrime is ever-increasing, especially with the rise of artificial intelligence
Actor-Network Theory
In her own efforts to fill this gap, Van der Wagen delved into so-called Actor Network Theory (ANT) in which the world is observed through a lens of constantly shifting relationships between humans and technology. ‘It does not provide new explanations as to the causes of cybercrime,’ she says. ‘It provides a new analytical framework for studying its dynamics. How do these criminal offenses unfold and what is the exact role of human and non-human actors in committing them?’ When it comes to ANT, man does not trump machine. Moreover, machines are active participants rather than passive contributors and they don’t even have to be neutral. They’re also not evil in and of themselves, but somewhere in between. ‘When you use this lens to scrutinise a botnet, from its creation through its use to its termination, you will notice a complex network of interactions between the various human and technical entities,’ Van der Wagen says. ‘The most important actor within such a network could be a human or it could be a machine. And you may have to reassess this for each kind of cybercrime, for each incident.’
Criminologists need to intensify their collaboration with technical specialists to increase their understanding of cybercrimes
Understanding cybercrime at all levels
Criminologists need to intensify their collaboration with technical specialists to increase their understanding of cybercrimes. Last year, Van der Wagen spent four months at the John Jay College of Criminal Justice of the City University of New York. She used this time to research the potential use of artificial intelligence by cybercriminals, and what this means for the relation between man and machine. ‘We are currently forging closer links between the various universities and research groups within the Leiden-Delft-Erasmus collaboration. We want to address all aspects of cybercrime and cyber security – the social, legal and technical aspects – and at all levels; from perpetrators to victims to companies to end-users.’ A promising and challenging collaboration, given that each discipline has its own vocabulary, research methods and frame of mind.
A diverse group of cybercriminals
The goal of such multi-disciplinary collaboration is to generate new insights and to develop new and effective strategies for tackling cybercrime through prevention and intervention. This, again, involves both technical aspects (how to dismantle a botnet) and human aspects (how to convince someone to end a criminal career or to not even start one). A person’s motives and character traits play an important role regarding the latter – something Van der Wagen has investigated on behalf of the Research and Documentation Centre (WODC) of the Ministry of Justice.
‘What cybercriminals have in common is that they are often male and technically skilled,’ she says. ‘Some of them are introvert and have only limited contact in the off-line world. But the stereotype image of a nerd, huddled up in the attic, hacking computer systems out of resentment or boredom, does not hold water. It is a very diverse group of people with many of them having good social skills.’
Effective strategies for tackling cybercrime require insight into these criminals’ motives and character traits
Appropriate action
First offenders typically lack insight into the damage they cause. They press a few buttons and, somewhere on earth, a computer system crashes. It’s like a game, but companies can suffer millions of euros in damage. For these perpetrators, it is important to raise awareness of the financial, technical, and emotional damage caused. ‘On top of that, you can order them to perform special community service in which they put their talents to good use,’ Van der Wagen says. ‘It may help them to repent their actions.’ Perpetrators who knowingly commit large-scale fraud or cause structural damage may be more effectively deterred by classic sanctions such as imprisonment or regular community service. Van der Wagen: ‘An annoying side-effect of cybercrime is that damage may continue to progress long after the perpetrator – the human actor – has been apprehended. The rise of artificial intelligence will only make matters worse.’
Read more stories in the Cyber Security Research Collection
Text: Merel Engelsman