Is there a way to keep would-be first offenders away from cybercrime? A panel at the 2019 International Conference on Cyber Security tackled the topic.
Floor Jansen, Ph.D., advisor to the Dutch National High Tech Crime Unit, began with an in-depth description on how to identify cybercriminals.
The typical cybercriminal looks very different from the criminals of serious organized crime, she said. The average age of a cybercriminal is 19, as opposed to a drug trafficker’s 40 to 50 years of age. Their recidivism levels are also very low, and it doesn’t take much to deter them away from cyber offenses. Lastly, they quite often have autistic traits.
Cybercriminals have several key identifiable characteristics, Jansen went on to discuss.
Firstly, they have no clear distinction between what is right and wrong online because these boundaries in the online world are less obvious. As they hide behind computer screens, they typically never see the damage they inflict on victims. While most cybercriminals usually come from good families, their parents are unaware of the full scope of what their kids are doing online, she added.
They tend to be negatively influenced by their peers, who also spend hours online and are not within reach of the positive influence of parents or educators. Finally, while the reward for crime is primarily money, cybercriminals’ motivations are more intrinsic—some do it just for fun and because they know they can.
With low recidivism levels, interventions aimed at deterring cybercrime are important and effective. A “hack right” intervention aimed at first time offenders studies the offender and creates a tailored approach, which could include training about online boundaries, cyber based community service, coaching by ethical hackers, and presenting positive alternatives to cybercrimes.
When discussing rehabilitation of hackers, Jansen finds that a combined approach works best. They need social workers who have the right tools to talk to and educate kids, and they also need the help of cybersecurity experts to help understand where these boundaries between right and wrong lie. The two work together to fill in each other’s gaps.
Greg Francis, the Acting National Prevent Lead of the U.K.’s National Crime Agency, said he believes law enforcement is an important tool in deterring cybercrime.
“Law enforcement, sometimes I believe—and this is not an agency view, this is my view—can be so focused on the blood and thunder, the arrest and prosecution, they sometimes forget that their job is to also provide service.”
That’s where knock-and-talks come into the picture.
Knock-and-talks are a type of cease-and-desist where if someone is at the periphery of any type of crime, law enforcement will go into the individual’s house and give them a warning. These methods help raise the awareness of law enforcement online and increase perception of risk that is otherwise not visible. In fact, Francis said, “every single one we’ve delivered over the four years—up to 500 cease-and-desists have been signed—not one has pushed back. I think we’ve got only got one case where we can say that individual has gone back and committed a crime.”
“The question is what is a more productive response to a potential crime?” Francis asked. “To wait for it to happen, because that’s where the blood and thunder is, or to make sure that the ones that we’re investigating are there because they’ve made an informed choice?”