digital predictions: putting cybercrime victimisation theories to … · 2016-12-12 · prevalence...
TRANSCRIPT
DIGITAL PREDICTIONS: PUTTING CYBERCRIME VICTIMIZATION
THEORIES TO THE TESTCAITLYN MCGEER
CENTRE FOR CRIMINOLOGY | FACULTY OF LAW
UNIVERSITY OF OXFORD
WHAT IS CYBER-VICTIMIZATION?
CYBER-ENABLED CRIMECYBER-ENABLED CRIME CYBER-DEPENDENTCRIME
CYBER-DEPENDENTCRIME
Existing offenses that can be assisted by internet-technology
E.g. fraud
Exist because of internet-technology concerned
E.g. Hacking, malware
CYBER-ENABLED CRIME CYBER-DEPENDENTCRIME
Cons of definition: Neither accurate nor helpful when it comes to understanding the true
scale of the problem or how to tackle it (e.g. IBM Watson – Artificial Intelligence use for cyber crime)
Pros of definition: To produce statistical reports
To separate traditional crime from the “new” cybercrimes,
PREVALENCE
TOTAL E-FRAUD OFFENCES IN 2015: 617,618(RATE: 11/1000) TOTAL E-FRAUD OFFENCES IN 2015: 617,618(RATE: 11/1000)
IN 2011/12 OVER ONE-THIRD (37%) OF ADULT INTERNETUSERS REPORTED EXPERIENCING A NEGATIVE ONLINE INCIDENTIN THE PAST 12 MONTHS (ONS, 2011; ONS, 2012B)
IN 2011/12 OVER ONE-THIRD (37%) OF ADULT INTERNETUSERS REPORTED EXPERIENCING A NEGATIVE ONLINE INCIDENTIN THE PAST 12 MONTHS (ONS, 2011; ONS, 2012B)
SYMANTEC (2012) REPORTED BLOCKING 5.5 BILLION ‘ATTACKS’ GLOBALLY IN 2011, AN INCREASE OF OVER 81 PER CENT FROM 3 BILLION REPORTED BLOCKS IN 2010.
SYMANTEC (2012) REPORTED BLOCKING 5.5 BILLION ‘ATTACKS’ GLOBALLY IN 2011, AN INCREASE OF OVER 81 PER CENT FROM 3 BILLION REPORTED BLOCKS IN 2010.
Police Recorded
Crime
Victim Surveys
Corporate Data
IMPACTS
CITY OF LONDON POLICE: “TRUE COST OF FRAUD” - £3,900 PER ADULT/YEAR
CAN YOU PREDICT CYBER-VICTIMIZATION?
CYBER-VICTIMIZATION
CYBER-VICTIMIZATION
BIG FIVEBIG FIVE
E-TRUSTE-TRUST
RATRAT
RAT
MOTIVATEDOFFENDERMOTIVATEDOFFENDER
SUITABLE TARGETSUITABLE TARGETABSENT/INADEQUATE
GUARDIANSHIPABSENT/INADEQUATE
GUARDIANSHIP
DECREASEDRISK
INCREASEDRISK
RAT EXTENDED
RAT EXTENDED
MOTIVATEDOFFENDERMOTIVATEDOFFENDER
SUITABLE TARGETSUITABLE TARGETABSENT/INADEQUATE
GUARDIANSHIPABSENT/INADEQUATE
GUARDIANSHIP
Holtfreter, Reisig, and Pratt (2008), Pratt et al. (2010), Reyns(2013), and van Wilsem (2013b) engaging in online-banking and shopping increase
individuals’ risk of victimization; Holt and Bossler (2008) and Williams (2016)
o significant relationship between these types of activities and victimization.
Choi (2008) the presence of protective software decreases the risk of
victimization, Marcum (2008), Holt and Bossler (2008), Marcum, Higgins, and
Ricketts (2010), and Bossler and Holt (2010) insignificant relationship between these variables.
Hutchings and Hayes (2009) protective mechanisms are inefficient at protecting against
cybercrime to begin with.
RAT EXTENDED
DECREASEDRISK
INCREASEDRISK
RAT EXTENDED
Big Five
Big Five
• FUTURE ORIENTATED
• EMPATHETIC
• NOT EASILY FRUSTRATED
• DILIGENT
• PREFER MENTAL OVER PHYSICAL
• AVOID RISK
HIGHSC
HIGHSC
• IMMEDIATE
• EASY GRATIFICATION
• THRILLING OR RISKY
• REQUIRES LITTLE PLANNING OR SKILL
• NOT CONCERNED
LOWSC
LOWSC
Big Five - GTC
Watching pornography (Buzzell et al., 2006)
Using online chat rooms (Hinduja and Patchin, 2008a; Hinduja and Patchin, 2008b)
Pirating music (Higgins, 2005; Moon, McCluskey, and McCluskey, 2010)
(financially) impulsive (Pratt and Cullen, 2000; Reisig, Pratt, and Holtfreter, 2009)
Big Five - GTC
Big Five - GTC
DECREASEDRISK
INCREASEDRISK
EXTERNALEXTERNAL INTERNALINTERNAL
E-Trust
E-Trust
INTERPERSONAL
INSTITUTIONAL
RISK
/FEA
R
E-TRU
ST
RISK/F
EAR
E-TR
UST
E-Trust
E-Trust
DECREASEDRISK
INCREASEDRISK
HOW VALID ARE THE LEADINGTHEORIES EXPLAINING OF CYBER-VICTIMIZATION?
CYBER-VICTIMIZATION
CYBER-VICTIMIZATION
BIG FIVEBIG FIVE
E-TRUSTE-TRUST
RATRAT
2014 - 2015 CSEW
CYBER-VICTIMIZATION
CYBER-VICTIMIZATION
BIG FIVEBIG FIVE
E-TRUSTE-TRUST
RATRAT
TESTING THE THEORIES
H1: RAT VARIABLES STATISTICALLY CORRELATE TO CYBER-VICTIMIZATION.
H2: THE BIG FIVE VARIABLES STATISTICALLY CORRELATE TO CYBER-VICTIMIZATION.
H3: E-TRUST VARIABLES STATISTICALLY CORRELATE TO CYBER-VICTIMIZATION.
Alpha at p<0.10
Step 1: Bivariate Associations
Converting frequencies into percentages
Step 2: Binary Logistic Regression Models
Forward step-wise selection
ANALYTICAL STRATEGY
Figure 3.1 Flow Diagram of the 2014-15 CSEW Core Questionnaire
Household Grid
Perceptions of crime
Screener Questionnaire
Victim Modules (max 6)
Performance of the Criminal Justice System
Mobile phone crime
Plastic card fraud
Anti-social behaviour (Group A)
Module B:
Attitudes to the Criminal Justice
System
Module A:
Experiences of the police
Module C:
Crime prevention and security
Module D:
Online security
Gangs and Personal Security
Self-Completion Module:
Domestic Violence, Sexual Victimisation and Stalking
Demographics and media consumption
Experiences of the Criminal Justice System
Mass marketing fraud
Self-Completion Module:
Drugs and Drinking
Self-Completion Module:
Nature of partner domestic abuse in the last 12 months
Figure 3.1 Flow Diagram of the 2014-15 CSEW Core Questionnaire
Household Grid
Perceptions of crime
Screener Questionnaire
Victim Modules (max 6)
Performance of the Criminal Justice System
Mobile phone crime
Plastic card fraud
Anti-social behaviour (Group A)
Module B:
Attitudes to the Criminal Justice
System
Module A:
Experiences of the police
Module C:
Crime prevention and security
Module D:
Online security
Gangs and Personal Security
Self-Completion Module:
Domestic Violence, Sexual Victimisation and Stalking
Demographics and media consumption
Experiences of the Criminal Justice System
Mass marketing fraud
Self-Completion Module:
Drugs and Drinking
Self-Completion Module:
Nature of partner domestic abuse in the last 12 months
VARIABLES - EXPLANATORY
Variable Scale Range M (SD) Valid N
Explanatory VariablesCyber-Dependent (0 = Non-victim; 1 = Victim) 0-1 .18 (.38) 7884Cyber-Enabled (0 = Non-victim; 1 = Victim) 0-1 .08 (.28) 7884
WHETHER RESPONDENTS HAD PERSONALLYEXPERIENCED IN THE PRIOR YEAR WHILE USING THEINTERNET: UNAUTHORISED ACCESS TO/USE OFPERSONAL DATA; AND/OR A COMPUTER VIRUS (OROTHER COMPUTER INFECTION)
RESPONDENTS HAD EVER RECEIVED ANY EMAILS, FROM AN INDIVIDUAL OR COMPANY ABOUTANY OF THE FOLLOWING: A BIG WIN IN A LOTTERY, PRIZE DRAW, SWEEPSTAKE, ORCOMPETITION THAT THEY HAD NOT ENTERED; THE CHANCE TO MAKE AN INVESTMENTWITH A GUARANTEED HIGH RETURN; INVITATION TO GET TO KNOW THEM WITH A VIEW TOA POSSIBLE FRIENDSHIP OR RELATIONSHIP; HELP IN MOVING LARGE SUMS OF MONEY FROMABROAD; HELP IN RELEASING AN INHERITANCE; AN URGENT REQUEST TO HELP SOMEONEGET OUT OF SOME SORT OF FINANCIAL TROUBLE; A JOB OFFER, A FRANCHISE OFFER OROTHER BUSINESS OPPORTUNITY; A LOAN ON VERY ATTRACTIVE TERMS; HELP TO RECOVERMONEY LOST FROM A PREVIOUS SCAM; RELEASING YOUR PENSION SAVINGS EARLY; AND/ORPAYING AN URGENT DEBT.
VARIABLES – RESPONSE (RAT)Variable Scale Range M (SD) Valid N
Routine Activities TheoryGuardianship
Passive (0 = no activities; 1 = 1 activity; 2 = 2 activities; 3 = 3 activities; 4= all activities)Activities: downloading software updates and patches whenever prompted; installing anti-virus orother security software such as firewall; protecting their home wireless connection with a password or been cautious using public wifi; and logging out of websites when finished.
0-4 2.29 (1.28) 6338
Active (0 = no activities; 1 = 1 activity; 2 = 2 activities; 3 = 3 activities; 4 = 4 activities; 5 = 5 activities; 6 = 6 activities; 7 = 7 activities; 8= all activities)Activities: using complex passwords; using different passwords for each account; checking for signs that a site is secure before purchasing online; adjusting website security settings; scanning computer for viruses or malicious software; deleting suspicious emails without opening them; online adding known persons on social networks; and being cautious with putting personal details on social networking sites.
0-8 3.98 (2.47) 6338
Avoidance (0 = no activities; 1= 1 activities; 2 = 2 activities)Activities: only download known files or programs; and only used well-known or trusted sites.
0-2 1.13 (.08) 6338
Target SuitabilityOnline Activities
Banking (0 = No; 1 = Yes) 0-1 .65 (.47) 6338Shopping (0 = No; 1 = Yes) 0-1 .80 (.40) 6338Online government services
(0 = No; 1 = Yes) 0-1 .58 (.49) 6338
Social media (0 = No; 1 = Yes) 0-1 .61 (.48) 6338E-mail, IM, chat rooms
(0 = No; 1 = Yes) 0-1 .84 (.36) 6338
Browsing for news or information
(0 = No; 1 = Yes) 0-1 .80 (.39) 6338
Gaming (0 = No; 1 = Yes) 0-1 .33 (.47) 6338Internet Use (1 = less than once/week; 2 =once a week; 3 = 2-3
times/week; 4 = once a day; 5 = several times a time)
1-5 4.47 (.97) 6338
Access Location (ref Laptop at Home/Work/SchoolDesktop (0 = All Other Locations; 1 = Primary Access
Location)0-1 .21 (.41) 6315
Laptop Away from Home/Work/School
(0 = All Other Locations; 1 = Primary Access Location)
0-1 .02 (.14) 6315
Mobile phone or smartphone
(0 = All Other Locations; 1 = Primary Access Location)
0-1 .27 (.44) 6315
Handheld computer (0 = All Other Locations; 1 = Primary Access Location)
0-1 .15 (.35) 6315
Game Console (0 = All Other Locations; 1 = Primary Access Location)
0-1 .004 (.06) 6315
Digital TV (0 = All Other Locations; 1 = Primary Access Location)
0-1 .001 (.04) 6315
Public Computer (0 = All Other Locations; 1 = Primary Access Location)
0-1 .007 (.08) 6315
*p<0.1**p<0.05***p<0.01
VARIABLES – RESPONSE (BIG FIVE)
Variable Scale Range M (SD) Valid N
The Big FiveLow Self-Control
Club-goer (0 = No; 1 = Yes) 0-1 .06 (.24) 7872Pub Attendance (1 = Not attendance; 2 = 1 -3 times/month; 3 = 4-8
times/month; 4 = 9+ times/month)1-4 1.71 (.85) 7883
Variable Scale Range M (SD) Valid N
E-TrustSystem Quality (0 = poor job, very poor job; 1 = excellent job,
good job, fair job)0-1 .85 (.35) 2781
Fear (0 = not very worried, not worried at all – i.e. not worried; 1 = very worried, fairly worried – i.e. worried)
0-1 .42 (.49) 6858
RiskSecurity Consciousness (0 = less conscious, about the same; 1 = more
conscious) 0-1 .46 (.49) 6333
Previous Victimization (0 = No; 1 = Yes) 0-1 .14 (.34) 7884
VARIABLES – RESPONSE (E-TRUST)
Variable Scale Range M (SD) Valid N
Age in years old (ref 26-44)16-25 (0 = All Other Ages; 1 = 16-25) 0-1 .08 (.27) 784845-59 (0 = All Other Ages; 1 = 45-59) 0-1 .25 (.43) 7848Over 60 (0 = All Other Ages; 1 = Over 60) 0-1 .37 (.48) 7848
Gender (0 = Male; 1 = Female) 0-1 .54 (.49) 7884Employment Status (0 = unemployed, otherwise economically inactive;
1= employed, economically inactive: student, or economically inactive: retired coded)
0-1 .97 (.15) 7883
Education (0 = no education; 1 = some form of education: O-Level/GCSE, degree or diploma; Apprenticeship orA/AS level; or other)
0-1 .77 (.14) 7561
Income (1 = under £5,000; 2 = £5,000-£9,999; 3 = £10,000-£14,999; 4 = £15,000-£19,999; 5 = £20,000-£24,999; 6 = £25,000-£29,999; 7= £30,000-£34,999; 8 = £35,000-£39,999; 9 = £40,000-£44,999; 10 = £45,000-£49,999; 11=£50,000-£59,999; 12 = £60,000-£69,999; 13 = £70,000-£79,999; 14 = £80,000 or over.)
1-14 6.23 (3.30) 6800
Children (0 = had no child under 16; 1 = has child under 16) 0-1 .25 (.43) 7884
VARIABLES – CONTROL
RESULTS – CYBER DEPENDENT
*p<0.1**p<0.05***p<0.01
Variable coeff. S.E. Exp(B)
Routine Activities TheoryGuardianship
Passive .12*** .03 1.13Avoidance -.14*** .04 .87
Target SuitabilityOnline Activities
Online government services (ref has not done) .26*** .08 1.30E-mail, IM, chat rooms (ref has not done) .31*** .12 1.37Browsing for news or information (ref has not done)
.17* .10 1.19
Gaming (ref has no done) .15** .07 1.16Internet Use .19*** .05 1.21Access Location (ref Laptop at Home/Work/School
Mobile phone or smartphone (ref all other locations)
-.52*** .08 .59
Handheld computer (ref all other locations) -.61*** .09 .55E-Trust
Fear (ref no worry) .38*** .07 1.47Risk
Security Consciousness (ref less or same) .66*** .07 1.97Previous Victimization (ref no victimization) .24** .08 1.27
Control Variables16-25 years old (ref all other non-included ages between 16-101)
.18* .11 1.12
Gender (ref male) -.34*** .06 .71Children (ref no child) .18** .07 1.19
Constant -3.09*** .21 .05Unweighted N = 6165
RESULTS – CYBER ENABLED
*p<0.1**p<0.05***p<0.01
Variable coeff. S.E. Exp(B)
Routine Activities TheoryGuardianship
Active .08*** .02 1.08Avoidance .14** .06 1.15
Control VariablesAge (ref 26-44)
16-25 years old (ref all other non-included ages between 16-101)
-.39** .17 .68
Over 60 years old (ref all other non-included ages between 16-101)
.23** .10 1.25
Constant -2.73** .09 .06Unweighted N = 6311
E-Trust (H3)System Quality XFearRisk
Security ConsciousnessPrevious Victimization
= Increased Risk of Victimization= Decreased Risk of Victimization
X = Insignificant Relationship with Victimization
Cyber-Dependent Victimization
Variable Valid Not Valid
Routine Activities Theory (H1)Guardianship
PassiveActive XAvoidance
Target SuitabilityOnline Activities
Banking XShopping XOnline government servicesSocial media XE-mail, IM, chat roomsBrowsing for news or informationGaming
Internet UseAccess Location
Desktop XLaptop Away from Home/Work/School X
Mobile phone or smartphone Handheld computerGame Console XDigital TV XPublic Computer X
Cyber-Enabled Victimization
Variable Valid Not Valid
Routine Activities Theory (H1)Guardianship
Passive XActiveAvoidance
Target SuitabilityOnline Activities
Banking XShopping XOnline government services XSocial media XE-mail, IM, chat rooms XBrowsing for news or information XGaming X
Internet Use XAccess Location
Desktop XLaptop Away from Home/Work/School XMobile phone or smartphone XHandheld computer XGame Console XDigital TV XPublic Computer X
The Big Five (H2)Club-goer XPub Attendance X
E-Trust (H3)System Quality XFear XRisk
Security Consciousness XPrevious Victimization X
The Big Five (H2)Club-goer XPub Attendance X
DECREASEDRISK
INCREASEDRISK
PRINCIPLE IMPLICATIONS
STUDY LIMITATIONS
VARIABLE SELECTION
DATA AVAILABILITY
TEMPORAL ORDERING
VAST MAJORITY OF CYBERCRIME ATTEMPTS FAIL
WE DO NOT REALLY UNDERSTAND CYBERCRIME
UNDERSTOOD IN RELATION TO OFFLINE CRIME
DEFINITIONAL ISSUES
CONCLUSION
1) DIFFERING VICTIMIZATION PATTERNS. 2) CYBER-DEPENDENT VICTIMIZATION PATTERNS WERE MORE
RELATED TO OFFLINE CRIME3) RAT, THE BIG FIVE, AND E-TRUST HOLD LITTLE
APPLICABILITY TO CYBERCRIME AS A WHOLE4) WE NEED NEW THEORIES5) FUTURE RESEARCH
1) NEW MODULE IN CSEW2) AGE, GENDER, AND HAVING CHILDREN UNDER THE AGE OF 16 3) OTHER MEASURES OF THE BIG FIVE (NARCISSISM AND SOCIAL
ANXIETY) CORRELATE6) POLICY EVALUATION
THANK YOUQUESTIONS?
Time A:
Time B:
Time C:
Time D:
Cybercrime Failure:
Hacker sends out email
Victim’s inbox receives email
Victim opens email
Victim’s security settings filter out the email into junk
Victim does not open email
Malware activates Malware fails to activate
Time A:
Time D:
Burglar starts breaking into a home
Burglary occurs