File #2517: "2018_Book_CyberCriminology.pdf"
Text
1|Foreword|6
1|Contents|9
1|Part I Cyber Criminology and Psychology|11
2|Crime and Social Media: Legal Responses to Offensive Online Communications and Abuse|12
3|1 Introduction|12
3|2 Cyberbullying, Cyber-Harassment and Cyberstalking|14
3|3 Revenge Pornography, Sexting, Sextortion and Related Offences|19
3|4 Tackling Offensive Online Communications and Abuse: Issues and Concerns|24
4|4.1 Is the Legislation Fit for Purpose?|24
4|4.2 Enforcement Challenges|26
5|4.2.1 Anonymity|26
5|4.2.2 Jurisdictional Issues|27
5|4.2.3 Police Training|28
4|4.3 Raising Awareness and Education: Online Abuse, VAWG and Young Offenders|29
3|References|31
2|Explaining Why Cybercrime Occurs: Criminological and Psychological Theories|33
3|1 Introduction|33
3|2 Rational Choice Theories: Deterrence Theory and Routine Activity Theory|34
4|2.1 Deterrence Theory|34
4|2.2 Routine Activity Theory|36
3|3 Self-Control Theory|38
3|4 General Strain Theory|40
3|5 Social Learning Theory and Related Concepts and Theories|40
4|5.1 Sykes and Matza's Theory of Neutralization|42
4|5.2 Perceiving and Interpreting the Social Environment of Cyberspace and the Real World|43
3|6 Subcultural Theories|45
3|7 Conclusions|47
3|References|49
2|Cyber Aggression and Cyberbullying: Widening the Net|54
3|1 Introduction|54
3|2 Theoretical Understanding of Aggression|55
3|3 Cyberbullying: Definition, Conceptual, and Operational Issues|59
3|4 Cyber Aggression|61
4|4.1 Cyberbullying|62
4|4.2 Cyberstalking|63
4|4.3 Trolling|64
4|4.4 Cyberbullying, an Issue of Clarity|65
3|5 Implications for Casting the Net Wide in Terms of Prevention/Intervention Efforts|66
3|6 Conclusions|70
3|References|70
1|Part II Cyber-Threat Landscape|76
2|Policies, Innovative Self-Adaptive Techniques and Understanding Psychology of Cybersecurity to Counter Adversarial Attacks in Network and Cyber Environments|77
3|1 Introduction|77
3|2 Security Policies and Strategies|79
3|3 Adaptive Security Measures|81
4|3.1 Objectives and Components of Adaptive Security|83
4|3.2 Complex Adaptive Systems in Security Design|85
4|3.3 Structural Approach Based on Adaptive Security|86
4|3.4 Design Approach to an Adaptive Security Model|87
3|4 Adaptation Security Techniques|88
4|4.1 Randomized Network Addressing and Layout|89
4|4.2 Network Moving Target Defence|90
4|4.3 Inference-Based Adaptation|90
4|4.4 ACD Framework Based on Adversarial Reasoning|91
4|4.5 OS Fingerprinting Multi-session Model Based on TCP/IP, HTTP and TLS|91
4|4.6 Address Space Layout Randomization|93
4|4.7 Discussion on the Existing Adaptation Techniques|94
3|5 Human Factors and Psychology of Attack|94
3|6 Conclusions|95
3|References|96
2|The Dark Web|100
3|1 Virtual Private Networks|101
3|2 The Tor Approach|101
4|2.1 Tor Circuits and Nodes|102
4|2.2 Sending Packets|104
4|2.3 Tor Exit Nodes|106
4|2.4 Anonymous Servers|106
4|2.5 Anonymity and Browsers|108
4|2.6 Legitimate Uses of Tor|108
4|2.7 Anonymity and Crime|110
4|2.8 Alternatives to Tor|110
3|3 Potential Attacks|111
4|3.1 Traffic Correlation|111
4|3.2 DNS Leaks|113
4|3.3 Application Attacks|114
4|3.4 Metadata|115
3|4 Tor Identity Breaches|115
4|4.1 The Silk Road|115
4|4.2 Silk Road 2|118
4|4.3 Playpen|118
4|4.4 AlphaBay and Hansa Market|119
3|References|120
2|Tor Black Markets: Economics, Characterization and Investigation Technique|123
3|1 Introduction|123
3|2 Related Works|124
3|3 Economic Characterization|126
3|4 The Criminal Impact of the Marketplaces|127
3|5 Investigating the Marketplaces|128
4|5.1 System Description|128
4|5.2 Analysis|129
3|6 Investigation Analysis on Marketplaces|131
4|6.1 Drugs Vendors and Items|132
4|6.2 Identity Detection|132
4|6.3 Digital Goods Check|133
4|6.4 The Importance of Digital Identity|135
3|7 Conclusions|140
3|References|143
2|A New Scalable Botnet Detection Method in the Frequency Domain|145
3|1 Introduction|145
3|2 Related Work|148
3|3 The Botnet Life Cycle|149
3|4 Our Proposed Method|151
3|5 Discussion|158
3|6 Double Blind Experiment|160
3|7 Malware Samples Tested in a Controlled Environment|162
3|8 Sality Botnet Traffic Capture|163
3|9 Conclusions and Future Work|167
3|References|169
1|Part III Cybercrime Detection|171
2|Predicting the Cyber Attackers; A Comparison of Different Classification Techniques|172
3|1 Introduction|172
3|2 Method|173
3|3 Discussion|179
3|4 Conclusion|182
3|References|183
2|Crime Data Mining, Threat Analysis and Prediction|185
3|1 Introduction|185
3|2 Crime Analysis Framework|186
4|2.1 Data Domain Specification|186
4|2.2 Extracting the Target Dataset|187
4|2.3 Data Pre-processing|188
4|2.4 Data Mining Task Primitives|188
4|2.5 Data Mining|189
4|2.6 Interpretation and Using Discovered Knowledge|190
3|3 Data Mining Applications in Crime|190
4|3.1 Machine Learning Techniques in Crime Analysis|191
5|3.1.1 Cluster Analysis and Trend|191
5|3.1.2 Classification Techniques and Prediction|193
5|3.1.3 Association Rule Mining|197
5|3.1.4 Social Network Analysis|199
3|4 Conclusions and Further Work|200
3|References|200
2|SMERF: Social Media, Ethics and Risk Framework|205
3|1 Introduction|205
4|1.1 Social Media Project Types|207
4|1.2 Terminology|208
4|1.3 Social Media, SM|208
4|1.4 Prevent Duty|209
4|1.5 Risks|211
3|2 Passive Observation|215
4|2.1 Quantitative|215
4|2.2 Qualitative|216
4|2.3 SMERF: Passive Observation|217
3|3 Active Experiment|217
4|3.1 Quantitative|217
4|3.2 Qualitative|219
4|3.3 SMERF: Active Experiment|220
3|4 Miscellaneous Use of Social Media|220
4|4.1 Questionnaires|220
4|4.2 Participatory Action Research (PAR)|220
4|4.3 Social Media Software Development|221
3|5 Recommendations|222
3|6 Conclusion|223
3|References|226
2|Understanding the Cyber-Victimisation of People with Long Term Conditions and the Need for Collaborative Forensics-Enabled Disease Management Programmes|228
3|1 Introduction|228
3|2 Defining Chronic Conditions and Cyber-Victimisation|230
4|2.1 Chronic Conditions, Disabilities, and Vulnerability|230
4|2.2 Inconsistency in Defining Cyber-Victimisation|231
3|3 Impact of Victimisation and Available Support|233
4|3.1 The Impact of Victimisation and Cyber-Victimisation|233
4|3.2 Available Support for Victims of Cyber-Victimisation|236
3|4 Disease Management Programmes (DMP) and Online Health Support|238
4|4.1 The Historical Development of Disease Management Programmes|238
4|4.2 DMP Practices|240
4|4.3 DMP Evaluation|241
3|5 Towards Forensics-Enabled DMP to Support People with Long Term Conditions|243
3|6 Conclusions|246
3|References|247
2|An Investigator's Christmas Carol: Past, Present, and Future Law Enforcement Agency Data Mining Practices|252
3|1 Introduction and Framework|252
3|2 Past Law Enforcement Agency Data Mining Practices and Concerns|258
3|3 Other Industry Data Mining Practices|265
3|4 Present-Day Data Mining: Form, Participant, and (Another) Participant|266
3|5 Current Concerns|269
3|6 Future Possible Practices|271
3|7 Mitigating Issues|273
2|DaP: Deconstruct and Preserve for All: A Procedure for the Preservation of Digital Evidence on Solid State Drives and Traditional Storage Media|275
3|1 Introduction|275
4|1.1 Background|276
4|1.2 Motivation|277
3|2 DaP|277
3|3 Method|279
3|4 Results|280
4|4.1 Extract Protective MBR (MBR)|282
4|4.2 Extract GPT Header (GPT1)|282
4|4.3 Extract GPT Header and Copy of the GPT Header (GPT2)|283
4|4.4 Extract Partition Table (PT1)|283
4|4.5 Extract PT and Copy of PT (PT2)|283
4|4.6 Summary|283
4|4.7 Recommendations and Guidelines|284
3|5 Conclusions|285
4|5.1 Contention|285
4|5.2 Discussion|286
3|References|286
1|Part IV Education, Training and Awareness in Cybercrime Prevention|288
2|An Examination into the Effect of Early Education on Cyber Security Awareness Within the U.K.|289
3|1 Introduction|289
3|2 Curriculum and Resources|290
3|3 Academic Studies Journals|291
3|4 A Psychological Viewpoint|294
3|5 Research Design|295
3|6 Delivery Methods|296
3|7 Critical Analysis and Discussion|297
3|8 Conclusion|302
3|References|303
2|An Examination into the Level of Training, Education and Awareness Among Frontline Police Officers in Tackling Cybercrime Within the Metropolitan Police Service|305
3|1 Introduction|305
3|2 Police Response to Cybercrime|309
4|2.1 Action Fraud|310
4|2.2 The Legal Framework|310
5|2.2.1 Computer Misuse Act 1990|311
5|2.2.2 Data Protection Act 1998 (DPA) and General Data Protection Regulation (GDPR) 2018|311
5|2.2.3 Regulation of Investigatory Powers Act 2000 (RIPA)|313
5|2.2.4 The Human Rights Act 1998|314
3|3 Metropolitan Police Services Cybercrime Training and Awareness|314
4|3.1 The Ncalt Training Package Analyses|315
3|4 Proposed Improvement to the Cybercrime Training Package|318
3|5 Conclusions|320
3|References|321
2|Combating Cyber Victimisation: Cybercrime Prevention|322
3|1 Introduction|322
3|2 Legal Perspectives|325
4|2.1 Balancing Freedom and Protection|325
4|2.2 Legal Approaches|326
4|2.3 Authorisation Requirements|328
5|2.3.1 Regulation|329
5|2.3.2 Jurisdiction|330
5|2.3.3 International Co-operation|331
3|3 Theoretical Framework|331
3|4 Conclusion|334
3|References|334
2|Information Security Landscape in Vietnam: Insights from Two Research Surveys|337
3|1 Background|337
3|2 Framework of Analysis|338
4|2.1 Technology|339
4|2.2 Employees|340
4|2.3 Management|341
4|2.4 Legal and Compliance|341
3|3 Research Design|342
3|4 Findings|343
4|4.1 Sensitive Data|343
4|4.2 Targeted Attacks and Data Breaches in Vietnam|345
4|4.3 Managerial Aspect|346
4|4.4 Employees and Compliance|349
3|5 Discussion|350
3|References|351
1|Contents|9
1|Part I Cyber Criminology and Psychology|11
2|Crime and Social Media: Legal Responses to Offensive Online Communications and Abuse|12
3|1 Introduction|12
3|2 Cyberbullying, Cyber-Harassment and Cyberstalking|14
3|3 Revenge Pornography, Sexting, Sextortion and Related Offences|19
3|4 Tackling Offensive Online Communications and Abuse: Issues and Concerns|24
4|4.1 Is the Legislation Fit for Purpose?|24
4|4.2 Enforcement Challenges|26
5|4.2.1 Anonymity|26
5|4.2.2 Jurisdictional Issues|27
5|4.2.3 Police Training|28
4|4.3 Raising Awareness and Education: Online Abuse, VAWG and Young Offenders|29
3|References|31
2|Explaining Why Cybercrime Occurs: Criminological and Psychological Theories|33
3|1 Introduction|33
3|2 Rational Choice Theories: Deterrence Theory and Routine Activity Theory|34
4|2.1 Deterrence Theory|34
4|2.2 Routine Activity Theory|36
3|3 Self-Control Theory|38
3|4 General Strain Theory|40
3|5 Social Learning Theory and Related Concepts and Theories|40
4|5.1 Sykes and Matza's Theory of Neutralization|42
4|5.2 Perceiving and Interpreting the Social Environment of Cyberspace and the Real World|43
3|6 Subcultural Theories|45
3|7 Conclusions|47
3|References|49
2|Cyber Aggression and Cyberbullying: Widening the Net|54
3|1 Introduction|54
3|2 Theoretical Understanding of Aggression|55
3|3 Cyberbullying: Definition, Conceptual, and Operational Issues|59
3|4 Cyber Aggression|61
4|4.1 Cyberbullying|62
4|4.2 Cyberstalking|63
4|4.3 Trolling|64
4|4.4 Cyberbullying, an Issue of Clarity|65
3|5 Implications for Casting the Net Wide in Terms of Prevention/Intervention Efforts|66
3|6 Conclusions|70
3|References|70
1|Part II Cyber-Threat Landscape|76
2|Policies, Innovative Self-Adaptive Techniques and Understanding Psychology of Cybersecurity to Counter Adversarial Attacks in Network and Cyber Environments|77
3|1 Introduction|77
3|2 Security Policies and Strategies|79
3|3 Adaptive Security Measures|81
4|3.1 Objectives and Components of Adaptive Security|83
4|3.2 Complex Adaptive Systems in Security Design|85
4|3.3 Structural Approach Based on Adaptive Security|86
4|3.4 Design Approach to an Adaptive Security Model|87
3|4 Adaptation Security Techniques|88
4|4.1 Randomized Network Addressing and Layout|89
4|4.2 Network Moving Target Defence|90
4|4.3 Inference-Based Adaptation|90
4|4.4 ACD Framework Based on Adversarial Reasoning|91
4|4.5 OS Fingerprinting Multi-session Model Based on TCP/IP, HTTP and TLS|91
4|4.6 Address Space Layout Randomization|93
4|4.7 Discussion on the Existing Adaptation Techniques|94
3|5 Human Factors and Psychology of Attack|94
3|6 Conclusions|95
3|References|96
2|The Dark Web|100
3|1 Virtual Private Networks|101
3|2 The Tor Approach|101
4|2.1 Tor Circuits and Nodes|102
4|2.2 Sending Packets|104
4|2.3 Tor Exit Nodes|106
4|2.4 Anonymous Servers|106
4|2.5 Anonymity and Browsers|108
4|2.6 Legitimate Uses of Tor|108
4|2.7 Anonymity and Crime|110
4|2.8 Alternatives to Tor|110
3|3 Potential Attacks|111
4|3.1 Traffic Correlation|111
4|3.2 DNS Leaks|113
4|3.3 Application Attacks|114
4|3.4 Metadata|115
3|4 Tor Identity Breaches|115
4|4.1 The Silk Road|115
4|4.2 Silk Road 2|118
4|4.3 Playpen|118
4|4.4 AlphaBay and Hansa Market|119
3|References|120
2|Tor Black Markets: Economics, Characterization and Investigation Technique|123
3|1 Introduction|123
3|2 Related Works|124
3|3 Economic Characterization|126
3|4 The Criminal Impact of the Marketplaces|127
3|5 Investigating the Marketplaces|128
4|5.1 System Description|128
4|5.2 Analysis|129
3|6 Investigation Analysis on Marketplaces|131
4|6.1 Drugs Vendors and Items|132
4|6.2 Identity Detection|132
4|6.3 Digital Goods Check|133
4|6.4 The Importance of Digital Identity|135
3|7 Conclusions|140
3|References|143
2|A New Scalable Botnet Detection Method in the Frequency Domain|145
3|1 Introduction|145
3|2 Related Work|148
3|3 The Botnet Life Cycle|149
3|4 Our Proposed Method|151
3|5 Discussion|158
3|6 Double Blind Experiment|160
3|7 Malware Samples Tested in a Controlled Environment|162
3|8 Sality Botnet Traffic Capture|163
3|9 Conclusions and Future Work|167
3|References|169
1|Part III Cybercrime Detection|171
2|Predicting the Cyber Attackers; A Comparison of Different Classification Techniques|172
3|1 Introduction|172
3|2 Method|173
3|3 Discussion|179
3|4 Conclusion|182
3|References|183
2|Crime Data Mining, Threat Analysis and Prediction|185
3|1 Introduction|185
3|2 Crime Analysis Framework|186
4|2.1 Data Domain Specification|186
4|2.2 Extracting the Target Dataset|187
4|2.3 Data Pre-processing|188
4|2.4 Data Mining Task Primitives|188
4|2.5 Data Mining|189
4|2.6 Interpretation and Using Discovered Knowledge|190
3|3 Data Mining Applications in Crime|190
4|3.1 Machine Learning Techniques in Crime Analysis|191
5|3.1.1 Cluster Analysis and Trend|191
5|3.1.2 Classification Techniques and Prediction|193
5|3.1.3 Association Rule Mining|197
5|3.1.4 Social Network Analysis|199
3|4 Conclusions and Further Work|200
3|References|200
2|SMERF: Social Media, Ethics and Risk Framework|205
3|1 Introduction|205
4|1.1 Social Media Project Types|207
4|1.2 Terminology|208
4|1.3 Social Media, SM|208
4|1.4 Prevent Duty|209
4|1.5 Risks|211
3|2 Passive Observation|215
4|2.1 Quantitative|215
4|2.2 Qualitative|216
4|2.3 SMERF: Passive Observation|217
3|3 Active Experiment|217
4|3.1 Quantitative|217
4|3.2 Qualitative|219
4|3.3 SMERF: Active Experiment|220
3|4 Miscellaneous Use of Social Media|220
4|4.1 Questionnaires|220
4|4.2 Participatory Action Research (PAR)|220
4|4.3 Social Media Software Development|221
3|5 Recommendations|222
3|6 Conclusion|223
3|References|226
2|Understanding the Cyber-Victimisation of People with Long Term Conditions and the Need for Collaborative Forensics-Enabled Disease Management Programmes|228
3|1 Introduction|228
3|2 Defining Chronic Conditions and Cyber-Victimisation|230
4|2.1 Chronic Conditions, Disabilities, and Vulnerability|230
4|2.2 Inconsistency in Defining Cyber-Victimisation|231
3|3 Impact of Victimisation and Available Support|233
4|3.1 The Impact of Victimisation and Cyber-Victimisation|233
4|3.2 Available Support for Victims of Cyber-Victimisation|236
3|4 Disease Management Programmes (DMP) and Online Health Support|238
4|4.1 The Historical Development of Disease Management Programmes|238
4|4.2 DMP Practices|240
4|4.3 DMP Evaluation|241
3|5 Towards Forensics-Enabled DMP to Support People with Long Term Conditions|243
3|6 Conclusions|246
3|References|247
2|An Investigator's Christmas Carol: Past, Present, and Future Law Enforcement Agency Data Mining Practices|252
3|1 Introduction and Framework|252
3|2 Past Law Enforcement Agency Data Mining Practices and Concerns|258
3|3 Other Industry Data Mining Practices|265
3|4 Present-Day Data Mining: Form, Participant, and (Another) Participant|266
3|5 Current Concerns|269
3|6 Future Possible Practices|271
3|7 Mitigating Issues|273
2|DaP: Deconstruct and Preserve for All: A Procedure for the Preservation of Digital Evidence on Solid State Drives and Traditional Storage Media|275
3|1 Introduction|275
4|1.1 Background|276
4|1.2 Motivation|277
3|2 DaP|277
3|3 Method|279
3|4 Results|280
4|4.1 Extract Protective MBR (MBR)|282
4|4.2 Extract GPT Header (GPT1)|282
4|4.3 Extract GPT Header and Copy of the GPT Header (GPT2)|283
4|4.4 Extract Partition Table (PT1)|283
4|4.5 Extract PT and Copy of PT (PT2)|283
4|4.6 Summary|283
4|4.7 Recommendations and Guidelines|284
3|5 Conclusions|285
4|5.1 Contention|285
4|5.2 Discussion|286
3|References|286
1|Part IV Education, Training and Awareness in Cybercrime Prevention|288
2|An Examination into the Effect of Early Education on Cyber Security Awareness Within the U.K.|289
3|1 Introduction|289
3|2 Curriculum and Resources|290
3|3 Academic Studies Journals|291
3|4 A Psychological Viewpoint|294
3|5 Research Design|295
3|6 Delivery Methods|296
3|7 Critical Analysis and Discussion|297
3|8 Conclusion|302
3|References|303
2|An Examination into the Level of Training, Education and Awareness Among Frontline Police Officers in Tackling Cybercrime Within the Metropolitan Police Service|305
3|1 Introduction|305
3|2 Police Response to Cybercrime|309
4|2.1 Action Fraud|310
4|2.2 The Legal Framework|310
5|2.2.1 Computer Misuse Act 1990|311
5|2.2.2 Data Protection Act 1998 (DPA) and General Data Protection Regulation (GDPR) 2018|311
5|2.2.3 Regulation of Investigatory Powers Act 2000 (RIPA)|313
5|2.2.4 The Human Rights Act 1998|314
3|3 Metropolitan Police Services Cybercrime Training and Awareness|314
4|3.1 The Ncalt Training Package Analyses|315
3|4 Proposed Improvement to the Cybercrime Training Package|318
3|5 Conclusions|320
3|References|321
2|Combating Cyber Victimisation: Cybercrime Prevention|322
3|1 Introduction|322
3|2 Legal Perspectives|325
4|2.1 Balancing Freedom and Protection|325
4|2.2 Legal Approaches|326
4|2.3 Authorisation Requirements|328
5|2.3.1 Regulation|329
5|2.3.2 Jurisdiction|330
5|2.3.3 International Co-operation|331
3|3 Theoretical Framework|331
3|4 Conclusion|334
3|References|334
2|Information Security Landscape in Vietnam: Insights from Two Research Surveys|337
3|1 Background|337
3|2 Framework of Analysis|338
4|2.1 Technology|339
4|2.2 Employees|340
4|2.3 Management|341
4|2.4 Legal and Compliance|341
3|3 Research Design|342
3|4 Findings|343
4|4.1 Sensitive Data|343
4|4.2 Targeted Attacks and Data Breaches in Vietnam|345
4|4.3 Managerial Aspect|346
4|4.4 Employees and Compliance|349
3|5 Discussion|350
3|References|351