digital predictions: putting cybercrime victimisation theories to … · 2016-12-12 · prevalence...

DIGITAL PREDICTIONS: PUTTING CYBERCRIME VICTIMIZATION

THEORIES TO THE TESTCAITLYN MCGEER

CENTRE FOR CRIMINOLOGY | FACULTY OF LAW

UNIVERSITY OF OXFORD

WHAT IS CYBER-VICTIMIZATION?

CYBER-ENABLED CRIMECYBER-ENABLED CRIME CYBER-DEPENDENTCRIME

CYBER-DEPENDENTCRIME

Existing offenses that can be assisted by internet-technology

E.g. fraud

Exist because of internet-technology concerned

E.g. Hacking, malware

CYBER-ENABLED CRIME CYBER-DEPENDENTCRIME

Cons of definition: Neither accurate nor helpful when it comes to understanding the true

scale of the problem or how to tackle it (e.g. IBM Watson – Artificial Intelligence use for cyber crime)

Pros of definition: To produce statistical reports

To separate traditional crime from the “new” cybercrimes,

PREVALENCE

TOTAL E-FRAUD OFFENCES IN 2015: 617,618(RATE: 11/1000) TOTAL E-FRAUD OFFENCES IN 2015: 617,618(RATE: 11/1000)

IN 2011/12 OVER ONE-THIRD (37%) OF ADULT INTERNETUSERS REPORTED EXPERIENCING A NEGATIVE ONLINE INCIDENTIN THE PAST 12 MONTHS (ONS, 2011; ONS, 2012B)

IN 2011/12 OVER ONE-THIRD (37%) OF ADULT INTERNETUSERS REPORTED EXPERIENCING A NEGATIVE ONLINE INCIDENTIN THE PAST 12 MONTHS (ONS, 2011; ONS, 2012B)

SYMANTEC (2012) REPORTED BLOCKING 5.5 BILLION ‘ATTACKS’ GLOBALLY IN 2011, AN INCREASE OF OVER 81 PER CENT FROM 3 BILLION REPORTED BLOCKS IN 2010.

SYMANTEC (2012) REPORTED BLOCKING 5.5 BILLION ‘ATTACKS’ GLOBALLY IN 2011, AN INCREASE OF OVER 81 PER CENT FROM 3 BILLION REPORTED BLOCKS IN 2010.

Police Recorded

Crime

Victim Surveys

Corporate Data

IMPACTS

CITY OF LONDON POLICE: “TRUE COST OF FRAUD” - £3,900 PER ADULT/YEAR

CAN YOU PREDICT CYBER-VICTIMIZATION?

CYBER-VICTIMIZATION

CYBER-VICTIMIZATION

BIG FIVEBIG FIVE

E-TRUSTE-TRUST

RATRAT

RAT

MOTIVATEDOFFENDERMOTIVATEDOFFENDER

SUITABLE TARGETSUITABLE TARGETABSENT/INADEQUATE

GUARDIANSHIPABSENT/INADEQUATE

GUARDIANSHIP

DECREASEDRISK

INCREASEDRISK

RAT EXTENDED

RAT EXTENDED

MOTIVATEDOFFENDERMOTIVATEDOFFENDER

SUITABLE TARGETSUITABLE TARGETABSENT/INADEQUATE

GUARDIANSHIPABSENT/INADEQUATE

GUARDIANSHIP

Holtfreter, Reisig, and Pratt (2008), Pratt et al. (2010), Reyns(2013), and van Wilsem (2013b) engaging in online-banking and shopping increase

individuals’ risk of victimization; Holt and Bossler (2008) and Williams (2016)

o significant relationship between these types of activities and victimization.

Choi (2008) the presence of protective software decreases the risk of

victimization, Marcum (2008), Holt and Bossler (2008), Marcum, Higgins, and

Ricketts (2010), and Bossler and Holt (2010) insignificant relationship between these variables.

Hutchings and Hayes (2009) protective mechanisms are inefficient at protecting against

cybercrime to begin with.

RAT EXTENDED

DECREASEDRISK

INCREASEDRISK

RAT EXTENDED

Big Five

• FUTURE ORIENTATED

• EMPATHETIC

• NOT EASILY FRUSTRATED

• DILIGENT

• PREFER MENTAL OVER PHYSICAL

• AVOID RISK

HIGHSC

HIGHSC

• IMMEDIATE

• EASY GRATIFICATION

• THRILLING OR RISKY

• REQUIRES LITTLE PLANNING OR SKILL

• NOT CONCERNED

LOWSC

LOWSC

Big Five - GTC

Watching pornography (Buzzell et al., 2006)

Using online chat rooms (Hinduja and Patchin, 2008a; Hinduja and Patchin, 2008b)

Pirating music (Higgins, 2005; Moon, McCluskey, and McCluskey, 2010)

(financially) impulsive (Pratt and Cullen, 2000; Reisig, Pratt, and Holtfreter, 2009)

Big Five - GTC

Big Five - GTC

DECREASEDRISK

INCREASEDRISK

EXTERNALEXTERNAL INTERNALINTERNAL

E-Trust

E-Trust

INTERPERSONAL

INSTITUTIONAL

RISK

/FEA

R

E-TRU

ST

RISK/F

EAR

E-TR

UST

E-Trust

E-Trust

DECREASEDRISK

INCREASEDRISK

HOW VALID ARE THE LEADINGTHEORIES EXPLAINING OF CYBER-VICTIMIZATION?

CYBER-VICTIMIZATION

CYBER-VICTIMIZATION

BIG FIVEBIG FIVE

E-TRUSTE-TRUST

RATRAT

2014 - 2015 CSEW

CYBER-VICTIMIZATION

CYBER-VICTIMIZATION

BIG FIVEBIG FIVE

E-TRUSTE-TRUST

RATRAT

TESTING THE THEORIES

H1: RAT VARIABLES STATISTICALLY CORRELATE TO CYBER-VICTIMIZATION.

H2: THE BIG FIVE VARIABLES STATISTICALLY CORRELATE TO CYBER-VICTIMIZATION.

H3: E-TRUST VARIABLES STATISTICALLY CORRELATE TO CYBER-VICTIMIZATION.

Alpha at p<0.10

Step 1: Bivariate Associations

Converting frequencies into percentages

Step 2: Binary Logistic Regression Models

Forward step-wise selection

ANALYTICAL STRATEGY

Figure 3.1 Flow Diagram of the 2014-15 CSEW Core Questionnaire

Household Grid

Perceptions of crime

Screener Questionnaire

Victim Modules (max 6)

Performance of the Criminal Justice System

Mobile phone crime

Plastic card fraud

Anti-social behaviour (Group A)

Module B:

Attitudes to the Criminal Justice

System

Module A:

Experiences of the police

Module C:

Crime prevention and security

Module D:

Online security

Gangs and Personal Security

Self-Completion Module:

Domestic Violence, Sexual Victimisation and Stalking

Demographics and media consumption

Experiences of the Criminal Justice System

Mass marketing fraud


Drugs and Drinking


Nature of partner domestic abuse in the last 12 months

VARIABLES - EXPLANATORY

Variable Scale Range M (SD) Valid N

Explanatory VariablesCyber-Dependent (0 = Non-victim; 1 = Victim) 0-1 .18 (.38) 7884Cyber-Enabled (0 = Non-victim; 1 = Victim) 0-1 .08 (.28) 7884

WHETHER RESPONDENTS HAD PERSONALLYEXPERIENCED IN THE PRIOR YEAR WHILE USING THEINTERNET: UNAUTHORISED ACCESS TO/USE OFPERSONAL DATA; AND/OR A COMPUTER VIRUS (OROTHER COMPUTER INFECTION)

RESPONDENTS HAD EVER RECEIVED ANY EMAILS, FROM AN INDIVIDUAL OR COMPANY ABOUTANY OF THE FOLLOWING: A BIG WIN IN A LOTTERY, PRIZE DRAW, SWEEPSTAKE, ORCOMPETITION THAT THEY HAD NOT ENTERED; THE CHANCE TO MAKE AN INVESTMENTWITH A GUARANTEED HIGH RETURN; INVITATION TO GET TO KNOW THEM WITH A VIEW TOA POSSIBLE FRIENDSHIP OR RELATIONSHIP; HELP IN MOVING LARGE SUMS OF MONEY FROMABROAD; HELP IN RELEASING AN INHERITANCE; AN URGENT REQUEST TO HELP SOMEONEGET OUT OF SOME SORT OF FINANCIAL TROUBLE; A JOB OFFER, A FRANCHISE OFFER OROTHER BUSINESS OPPORTUNITY; A LOAN ON VERY ATTRACTIVE TERMS; HELP TO RECOVERMONEY LOST FROM A PREVIOUS SCAM; RELEASING YOUR PENSION SAVINGS EARLY; AND/ORPAYING AN URGENT DEBT.

VARIABLES – RESPONSE (RAT)Variable Scale Range M (SD) Valid N

Routine Activities TheoryGuardianship

Passive (0 = no activities; 1 = 1 activity; 2 = 2 activities; 3 = 3 activities; 4= all activities)Activities: downloading software updates and patches whenever prompted; installing anti-virus orother security software such as firewall; protecting their home wireless connection with a password or been cautious using public wifi; and logging out of websites when finished.

0-4 2.29 (1.28) 6338

Active (0 = no activities; 1 = 1 activity; 2 = 2 activities; 3 = 3 activities; 4 = 4 activities; 5 = 5 activities; 6 = 6 activities; 7 = 7 activities; 8= all activities)Activities: using complex passwords; using different passwords for each account; checking for signs that a site is secure before purchasing online; adjusting website security settings; scanning computer for viruses or malicious software; deleting suspicious emails without opening them; online adding known persons on social networks; and being cautious with putting personal details on social networking sites.

0-8 3.98 (2.47) 6338

Avoidance (0 = no activities; 1= 1 activities; 2 = 2 activities)Activities: only download known files or programs; and only used well-known or trusted sites.

0-2 1.13 (.08) 6338

Target SuitabilityOnline Activities

Banking (0 = No; 1 = Yes) 0-1 .65 (.47) 6338Shopping (0 = No; 1 = Yes) 0-1 .80 (.40) 6338Online government services

(0 = No; 1 = Yes) 0-1 .58 (.49) 6338

Social media (0 = No; 1 = Yes) 0-1 .61 (.48) 6338E-mail, IM, chat rooms

(0 = No; 1 = Yes) 0-1 .84 (.36) 6338

Browsing for news or information

(0 = No; 1 = Yes) 0-1 .80 (.39) 6338

Gaming (0 = No; 1 = Yes) 0-1 .33 (.47) 6338Internet Use (1 = less than once/week; 2 =once a week; 3 = 2-3

times/week; 4 = once a day; 5 = several times a time)

1-5 4.47 (.97) 6338

Access Location (ref Laptop at Home/Work/SchoolDesktop (0 = All Other Locations; 1 = Primary Access

Location)0-1 .21 (.41) 6315

Laptop Away from Home/Work/School

(0 = All Other Locations; 1 = Primary Access Location)

0-1 .02 (.14) 6315

Mobile phone or smartphone

(0 = All Other Locations; 1 = Primary Access Location)

0-1 .27 (.44) 6315

Handheld computer (0 = All Other Locations; 1 = Primary Access Location)

0-1 .15 (.35) 6315

Game Console (0 = All Other Locations; 1 = Primary Access Location)

0-1 .004 (.06) 6315

Digital TV (0 = All Other Locations; 1 = Primary Access Location)

0-1 .001 (.04) 6315

Public Computer (0 = All Other Locations; 1 = Primary Access Location)

0-1 .007 (.08) 6315

*p<0.1**p<0.05***p<0.01

VARIABLES – RESPONSE (BIG FIVE)


The Big FiveLow Self-Control

Club-goer (0 = No; 1 = Yes) 0-1 .06 (.24) 7872Pub Attendance (1 = Not attendance; 2 = 1 -3 times/month; 3 = 4-8

times/month; 4 = 9+ times/month)1-4 1.71 (.85) 7883


E-TrustSystem Quality (0 = poor job, very poor job; 1 = excellent job,

good job, fair job)0-1 .85 (.35) 2781

Fear (0 = not very worried, not worried at all – i.e. not worried; 1 = very worried, fairly worried – i.e. worried)

0-1 .42 (.49) 6858

RiskSecurity Consciousness (0 = less conscious, about the same; 1 = more

conscious) 0-1 .46 (.49) 6333

Previous Victimization (0 = No; 1 = Yes) 0-1 .14 (.34) 7884

VARIABLES – RESPONSE (E-TRUST)


Age in years old (ref 26-44)16-25 (0 = All Other Ages; 1 = 16-25) 0-1 .08 (.27) 784845-59 (0 = All Other Ages; 1 = 45-59) 0-1 .25 (.43) 7848Over 60 (0 = All Other Ages; 1 = Over 60) 0-1 .37 (.48) 7848

Gender (0 = Male; 1 = Female) 0-1 .54 (.49) 7884Employment Status (0 = unemployed, otherwise economically inactive;

1= employed, economically inactive: student, or economically inactive: retired coded)

0-1 .97 (.15) 7883

Education (0 = no education; 1 = some form of education: O-Level/GCSE, degree or diploma; Apprenticeship orA/AS level; or other)

0-1 .77 (.14) 7561

Income (1 = under £5,000; 2 = £5,000-£9,999; 3 = £10,000-£14,999; 4 = £15,000-£19,999; 5 = £20,000-£24,999; 6 = £25,000-£29,999; 7= £30,000-£34,999; 8 = £35,000-£39,999; 9 = £40,000-£44,999; 10 = £45,000-£49,999; 11=£50,000-£59,999; 12 = £60,000-£69,999; 13 = £70,000-£79,999; 14 = £80,000 or over.)

1-14 6.23 (3.30) 6800

Children (0 = had no child under 16; 1 = has child under 16) 0-1 .25 (.43) 7884

VARIABLES – CONTROL

RESULTS – CYBER DEPENDENT

*p<0.1**p<0.05***p<0.01

Variable coeff. S.E. Exp(B)


Passive .12*** .03 1.13Avoidance -.14*** .04 .87


Online government services (ref has not done) .26*** .08 1.30E-mail, IM, chat rooms (ref has not done) .31*** .12 1.37Browsing for news or information (ref has not done)

.17* .10 1.19

Gaming (ref has no done) .15** .07 1.16Internet Use .19*** .05 1.21Access Location (ref Laptop at Home/Work/School

Mobile phone or smartphone (ref all other locations)

-.52*** .08 .59

Handheld computer (ref all other locations) -.61*** .09 .55E-Trust

Fear (ref no worry) .38*** .07 1.47Risk

Security Consciousness (ref less or same) .66*** .07 1.97Previous Victimization (ref no victimization) .24** .08 1.27

Control Variables16-25 years old (ref all other non-included ages between 16-101)

.18* .11 1.12

Gender (ref male) -.34*** .06 .71Children (ref no child) .18** .07 1.19

Constant -3.09*** .21 .05Unweighted N = 6165

RESULTS – CYBER ENABLED

*p<0.1**p<0.05***p<0.01

Variable coeff. S.E. Exp(B)


Active .08*** .02 1.08Avoidance .14** .06 1.15

Control VariablesAge (ref 26-44)

16-25 years old (ref all other non-included ages between 16-101)

-.39** .17 .68

Over 60 years old (ref all other non-included ages between 16-101)

.23** .10 1.25

Constant -2.73** .09 .06Unweighted N = 6311

E-Trust (H3)System Quality XFearRisk

Security ConsciousnessPrevious Victimization

= Increased Risk of Victimization= Decreased Risk of Victimization

X = Insignificant Relationship with Victimization

Cyber-Dependent Victimization

Variable Valid Not Valid

Routine Activities Theory (H1)Guardianship

PassiveActive XAvoidance


Banking XShopping XOnline government servicesSocial media XE-mail, IM, chat roomsBrowsing for news or informationGaming

Internet UseAccess Location

Desktop XLaptop Away from Home/Work/School X

Mobile phone or smartphone Handheld computerGame Console XDigital TV XPublic Computer X

Cyber-Enabled Victimization

Variable Valid Not Valid

Routine Activities Theory (H1)Guardianship

Passive XActiveAvoidance


Banking XShopping XOnline government services XSocial media XE-mail, IM, chat rooms XBrowsing for news or information XGaming X

Internet Use XAccess Location

Desktop XLaptop Away from Home/Work/School XMobile phone or smartphone XHandheld computer XGame Console XDigital TV XPublic Computer X

The Big Five (H2)Club-goer XPub Attendance X

E-Trust (H3)System Quality XFear XRisk

Security Consciousness XPrevious Victimization X

The Big Five (H2)Club-goer XPub Attendance X

DECREASEDRISK

INCREASEDRISK

PRINCIPLE IMPLICATIONS

STUDY LIMITATIONS

VARIABLE SELECTION

DATA AVAILABILITY

TEMPORAL ORDERING

VAST MAJORITY OF CYBERCRIME ATTEMPTS FAIL

WE DO NOT REALLY UNDERSTAND CYBERCRIME

UNDERSTOOD IN RELATION TO OFFLINE CRIME

DEFINITIONAL ISSUES

CONCLUSION

1) DIFFERING VICTIMIZATION PATTERNS. 2) CYBER-DEPENDENT VICTIMIZATION PATTERNS WERE MORE

RELATED TO OFFLINE CRIME3) RAT, THE BIG FIVE, AND E-TRUST HOLD LITTLE

APPLICABILITY TO CYBERCRIME AS A WHOLE4) WE NEED NEW THEORIES5) FUTURE RESEARCH

1) NEW MODULE IN CSEW2) AGE, GENDER, AND HAVING CHILDREN UNDER THE AGE OF 16 3) OTHER MEASURES OF THE BIG FIVE (NARCISSISM AND SOCIAL

ANXIETY) CORRELATE6) POLICY EVALUATION

THANK YOUQUESTIONS?

Time A:

Time B:

Time C:

Time D:

Cybercrime Failure:

Hacker sends out email

Victim’s inbox receives email

Victim opens email

Victim’s security settings filter out the email into junk

Victim does not open email

Malware activates Malware fails to activate

Time A:

Time D:

Burglar starts breaking into a home

Burglary occurs

digital predictions: putting cybercrime victimisation theories to … · 2016-12-12 · prevalence...

Documents