The Cyber Crime Ecosystem
An ecosystem is defined by biologists as the interacting biotic community and its environment. Importing this concept to human societies, social scientists have proposed that human populations employ social organization and technology in their efforts to adapt to the environment (either natural or built) and evolve. Drawing on these claims, we believe the interactions among cyber criminals, enablers (i.e., individuals who support the online criminal operations), targets and guardians (i.e., official law enforcement agencies and system administrators) form a unique ecosystem in which the activities of each actor influence the behaviors of other actors.
Cybercriminals are individuals who use computers to attack other people’s computer systems, networks, IoT devices and data. Cybercriminals’ motivations to engage in online crimes may include prestige, recreation, ideology, revenge, and profit, and their skill levels vary from very low to very high. Although several studies reveal that most cybercriminals have relatively low technical capability, it is known that these online offenders plan the execution of their illegitimate online activities in a careful manner, and use various techniques to get their attacks onto victims’ computers and networks.
Cybercrimes’ enablers are individuals and organizations that provide services to those who wish to carry out cyberattacks. These enablers include: coders or programmers of malicious software, distributors and vendors who trade and sell hacking tools and stolen data, teachers who exchange information regarding cybercrime techniques and tools, and moderators and administrators of online marketplaces who maintain the criminal infrastructure, vouch for the goods and enforce social norms in marketplaces. Online offenders and enablers of cybercrimes meet in either offline or online environments.
Victims of cybercrimes are individuals and companies who experience attacks on their computers, networks and IoT devices. Unfortunately, victims’ unawareness of their own victimization, and their unwillingness to report cybercrimes to law enforcement agencies, complicates the task of estimating the number of victims from these crimes.
Finally, the list of relevant guardians in the context of cybercrimes includes law enforcement agencies (e.g., the FBI and municipal and local police agencies), governmental non-police organizations (e.g., the National Security Agency), as well as systems administrators at different Internet Service Providers (ISPs), corporations and industries.
Our research group seeks to collect and produce evidence from each of the key junctures formed by the online interaction between the different actors that drive cybercrime in effort to guide policy decisions and design technical tools that will allow effective prevention and mitigation of cybercrime incidents.