Appendices

A3. The cyberpsychology of Internet facilitated organised crime

Introduction to cyberpsychology

Cyberpsychology is a field within applied psychology, focusing on the impact of emerging technology on human behaviour. Cyberpsychologists study Internet psychology, virtual environments, artificial intelligence, intelligence amplification, gaming, digital convergence, social media, mobile and networking devices. There are now 30 peer-reviewed journals, publishing in this area and over 1000 articles now generated per annum [267]. As the recently published three-volume Encyclopaedia of Cyber Behaviour notes, it is predicted that as a discipline cyberpsychology will enjoy exponential growth due to the continued rapid acceleration of Internet technologies and the “unprecedentedly pervasive and profound influence of the Internet on human beings” [268].

Multi-disciplinary approach

Arguably, academic investigation of criminal behaviour in cyberspace requires interdisciplinary efforts in a practical sense, and transdisciplinary theoretical perspectives in an exploratory context [269]. Cyberpsychology is an exemplification of how this combination can, and indeed must, be achieved, requiring input from psychology and computer science, but also similarly recent enterprises such as network science, data visualisation and digital humanities. At the same time, academics in this context need to be open to a number of possibilities, across the full spectrum of academic endeavour, ranging from the hard metrics of computational sciences to the qualitative interrogations of the social sciences. This approach will necessitate methodological and ideological openness on the part of the researcher.

Additionally cyberpsychologists support the use of virtual research methodologies to ensure accurate and robust findings – for example, anonymous confidential crime-related information online submission mechanism [270]. Consequently, to fully understand, and hence prevent, Internet-facilitated organised crime, we need to incorporate learnings from a variety of disciplines. For example, anthropological, ethnographic and sociological analyses of sophisticated cyber actors and networked organised crime groups could prove useful in illuminating this problem space. Additionally, advances in data visualisation methodology may provide greater speed of insight via graphic (and real-time) illustration of law enforcement digital intelligence.

In that vein, Vishik [271] notes “the multi-disciplinary nature of cyber security attacks is important, attacks happen for different reasons, only some of which are technical, other reasons include, for example, socioeconomic issues”. We need to understand all of these reasons to develop strategies to combat criminal behaviour manifested online, from isolated traces of lone cyber criminals, to complex and subtle indicators of sophisticated cyber criminal networks. Multi-disciplinary research in these areas is clearly very important, however it is understood that, for reasons of law enforcement or national security concerns, such may constitute intelligence and be subject to restrictions. While the principle of public dissemination of scientific research is a time-honoured tradition, arguably we should not be in the business of informing criminal populations as to law enforcement’s knowledge base.

Behaviour in cyberspace

Regarding behavioural characteristics in cyber space, the “online disinhibition effect”, Suler [272] maintains that people may do things in the virtual world that they may not do in the real world, with or without anonymity. There is a need to conceptualise technology in a new way, a need to think about cyberspace as an environment, as a place, as cyberspace. Furthermore there is a need to consider the impact of this environment on vulnerable populations (such as developing youth), criminal and deviant populations. This is required in order to understand modus operandi in this space. Cyberpsychology can assist in this regard, delivering insight at the human/technology interface [273] .

The critical point for law enforcement is the crosspollination between the online and virtual environments: concepts that develop in cyberspace but transfer to real world policing environments. One of the more salient concepts in this light is Suler’s [274] minimisation of authority (an aspect of online disinhibition) – whereby a person’s status (as law enforcement, for example) is not as readily appreciated in an online context than offline. Politicians, for example, are infamously treated with irreverence on social media. This levelling effect happens in tandem with the general disregard for established social order that also happens in technological contexts. Moreover, because organisations in this area can work at speed and at scale, they can get their product or service to market faster than government and legislators (and as a result, law enforcement) can react. As a result, by the time such services have been curtailed, the public have already spent some time consuming the product or service and are unhappy with it being removed. ‘Disruptive innovators’ such as Aereo (an online television streaming service [275], recently struck down [276]) and Uber (an app-driven car company [277] which has caused protests among taxi drivers [278]) are good examples in this regard, though illicit online markets such as Silk Road [279] should also be seen in this light. These are classic examples of Suler’s [280] minimisation of status transferring to an offline context: there is no little online authority to prevent these systems being put in place, and as a result, they are at scale before ‘real world’ authority can deal with them.

Regarding cybercrime Kirwan and Power [281] outline that “governments attempt to respond with law, corporations with policies and procedures, suppliers with terms and conditions, users with peer pressure, technologists with code” but where is the understanding of human behaviour? The challenge is to factor in an understanding of criminal behaviour that has been amplified and facilitated by technology [282].

The critical task for cyberpsychology as a discipline is to build up a body of established findings of how human beings experience technology, the critical task in forensic cyberpsychology is to focus on how criminal populations present in cyber environments. For many years efforts have focused on technology solutions to intrusive behaviour, arguably without consideration of how that behaviour mutates, amplifies or accelerates in cyber domains. This view is supported by Maughan:

“…discussing the cyber security threat space, and the consideration of this from a technical angle but also from a human angle, as humans are part of the threat, this needs more thinking. From a Department of Homeland Security (DHS) perspective, as a large agency, it is concerned about globalisation, borders, extremists, natural disasters. In cyber space, criminals, hackers, insider threats, the use of malware etc. and social engineering, all define the threat landscape - The consideration of the impact of people in cyber security is important. The White House 2009 cyber space definition talks about equipment, but is missing people. With regard to threats in cyber security, the user is the weakest link and cyber criminals are people.” [283]

Additionally, Rogers, Siegfried and Tidke [284] also acknowledge this blind spot in cybersecurity, pointing out that “research focusing on people is vital if we have any real hope of coming to grips with the phenomena of computer crime.”

Cyber-specific concepts such as those listed below are becoming well recognised. While recognising that such findings may not endure [285], they are with us at present. As a general rule, we should appreciate the possibility that people, including criminals and victims, act differently in cyberspace than they do ‘in real life’ and is of significance. This is something that mainstream psychology, and society in general, has resisted for some time - that what happens online somehow isn’t ‘real’. We must recognise that “the virtual complicates the physical, and vice versa” [286] - i.e. in terms of criminology what happens online can impact on the real world and vice versa. The Europol Internet Organised Crime Threat Assessment supports this view, stating that in terms of cybercrime there is a “dynamic relationship between online and offline organised crime” [287]. Crucially, it is likely that, as the barriers to crime participation and syndication online are reduced, there may be a resulting increase in online crime. Logically, given the dynamic relationship between online and offline organised crime, there are two possibilities: an increase in online organised crime may be associated with either an increase or a decrease in criminal activity in real world terms. For example, this is a moot point in the study of child sex offenders: does the consumption of child abuse material online ameliorate or exacerbate actual contact child-related sex offending? This is a long-standing observation in the social sciences with regard to niche or obscure tendencies, whereby prior to the invention of the Internet, those involved would have had difficulty finding other persons with similar interests and collaborating.

In the context of the Internet Organised Crime Threat Assessment, the most relevant cyberpsychological concepts include:

• Anonymity and self-disclosure [288]
• Cyber immersion [289]/presence [290]
• Self-presentation online [291]
• Pseudoparadoxical privacy [292] [293]
• Escalation online [294]
• Impulsivity and problematic Internet use [295]
• Dark tetrad of personality [296].

In addition to the above cyberpsychological constructs, attention should also be paid to the impact of technology on clinical psychological conditions. For example, disruptive, impulse-control and conduct disorders are known to have real world offline forensic implications [297], but research is required to further our understanding of their online manifestations.

Classification of cybercrime

New technologies present ever-increasing numbers of cybercrime opportunities from geotagging apps, to information harvested from social networking platforms. Schlinder [298] observes that “computer networks…done for criminals the same thing they’ve done for legitimate computers users: made the job easier and more convenient.

Technology has facilitated historical crimes such as fraud, and evolving crimes such as online child-related sex offending. Kirwan and Power [299] classify cybercrime as two distinct categories Internet enabled crime such as fraud, and Internet specific crime which includes recent crimes such as hacking. Cybercrime is a growing problem in the modern world, from online sexual exploitation of children to cyber terrorism. In considering the threat landscape however, we should note both the benefits and risks of what is likely to be an increasingly mediated, ubiquitous computing social environment. While the barriers to participation in crime are likely to be reduced, at the same time we are fast approaching the point whereby every crime will leave a digital trace. The phrase ‘all crime is cybercrime’ is a useful one [300] as it puts us in the mind frame of thinking ‘digital first’ and, given the continued development of cloud computing storage, it will be increasingly difficult for digital trace evidence to be entirely removed from a crime scene.

Profiling cybercriminals

In 1956, James Brussel provided one of the best known and accurate profiles, that of the New York Bomber, George Metesky. Criminal profiler Paul Britton [301] expanded on profiling literature in the 1990s, as did Douglas and Olshaker [302]. Canter has contributed to the science of profiling over two decades. Bednarz labelled criminal profiling as “a promising but immature science” [303], however in the last two decades substantial progress has been made. Findings range from a psychoanalytic approach describing hacking behaviour as a psycho-sexual urge in young men, a cathartic outlet [304], to Investigative Psychology’s statistical interpretation regarding geographical profiling of criminal patterns [305].

Allison and Kebbell [306] maintain that there are two assumptions that inform criminal profiling methodology, the ‘consistency assumption’ (i.e. behaviour of an offender will remain reasonably consistent) and the ‘homology assumption’ (offence style will reflect offender characteristics). However Kirwan and Power [307] point out that as technology changes therefore there may also be changes in criminal behaviour, thus presenting a challenge to the consistency assumption. In terms of the homology assumption, given the role of anonymity in cyber contexts can we be certain that offender characteristics will remain uniform, not only between real worlds and virtual worlds but essentially between one cybercrime and another? Again, this is an area in which anthropological work may prove useful (e.g. the work of Gabriella Coleman with regard to the hacking community [308]). According to Professor Rogers, the real challenge is to understand behavioural motivation concerning cybercrime "Like in traditional crimes… try to understand what motivates these people to get involved in computer crimes in the first place, how they choose their targets and what keeps them in this deviant behavior after the first initial thrill.” [309]

Theories of crime aim to provide explanatory value regarding criminal behaviour and therefore may also help to inform the psychology of cybercrime. The Psychology of Cyber Crime: Concepts and Principles [310] lists important theories of crime as follows; biological theories, labelling theories, geographical theories, routine activity theory, trait theories, learning theories, psychoanalytic theories, addiction and arousal theories and so forth. However concerning the application of theories of crime to cybercrime, an important question is as follows; are real world criminal and psychological theories applicable in virtual environments, do we need to modify them, or develop new theories? [311]. To date there is a paucity of research regarding how these established theories can be applied to cybercrime, and more importantly if it is methodologically correct to do so. In fact a fundamental problem may exist regarding methodology - can theoretical scales or metrics developed and validated offline be empirically employed whilst investigating criminal behaviour manifested online? A recent report “A primer on research in mediated environments: Reflections on cybermethodology” [312] considers this very issue.

Given the complex and changing nature of both the technology and the legal landscape, it is difficult to profile the ‘typical cyber criminal’. However, we can point to certain behavioural and psychological factors which are of interest. Former police officer and criminal justice instructor, Shinder [313], for example, notes in 2010 that we should bear in mind at least some degree of technical knowledge (ranging from ‘script kiddies’ who use others’ malicious code, to very talented hackers), though again this barrier is likely to continue to fall. In addition, Shinder notes a certain disregard for the law or rationalisations about why particular laws are invalid or should not apply to them, a certain tolerance for risk, the possibility of a ‘control freak’ nature, and enjoyment in manipulating or ‘outsmarting’ others. In terms of motive, Shinder lists monetary gain, emotion, political or religious beliefs, sexual impulses, or even boredom or the desire for ‘a little fun.’ While these factors are obviously linked to traditional or real world crime, what is not yet clear is whether cybercrime has the same associations or etiology. What is interesting from a cyberpsychological perspective are the behavioural, experiential, and developmental aspects of individual motive. There is a considerable gap in our knowledge regarding the cyberpsychological evolution of how individuals (who may or may not have a criminal history) become incorporated into organised cybercrime. Critical in this regard is the understanding of motive: transition from initial motive to sustaining motive, overlapping motives, and the prediction of evolving motives, along with an understanding of primary and secondary gains.

Future trends and threat assessment

One of the most urgent areas requiring research and investigation is the classification of cybercrime; to date there has been a tendency to simply name apparent 2.0 versions by simply adding the prefix cyber. Are bullying and cyber bullying the same underlying condition, and importantly is the literature on cyberbullying prior to the advent of the smartphone still relevant? Do real world stalkers and cyberstalkers share the same deviant tendencies? Is cyberstalking simply facilitated by technology, or is it a new and differentiated form of criminal behaviour? In the latter, observed differences are as follows; emergence of more female stalkers, stalking of multiple victims simultaneously, and the ability of the stalker to access more personal data of the victim [314]. Current problems regarding cybercrime are well established; hacking, malware production, identity theft, online fraud, child abuse material, online child solicitation, cyberstalking, cyberbullying, IP theft/software piracy, botnets, data breaches, organised cybercrime, ransomware and sextortion – however given the dynamic nature of the environment it is important to consider future trends and put in place a strategy to deal with them. Some future trends, threats and developments for consideration are briefly discussed below:

Cybernetic crime evolution

From a technical perspective, we can expect that there will be an increased volume of attacks in comparison to defence capabilities. As Maughan states:

“the volume of traffic used in DDoS attacks is currently about 400 Gbits per second, but this is increasing rapidly, an increase to 4 Tbits per second could happen and current security solutions cannot handle this. There is a need to develop new defences and tools for DDoS attacks, the best product is 15 years old.” [315]

Increasing human immersion in cyber physical systems is a concern for example; houses, cars, and smart cities - such systems have software that can be compromised and are often designed without cyber security in mind [316]. An additional threat posed to cyber security is the security workforce shortage - disconcerting when considered in the context of the increased technology skills of criminal populations. Emboldened organised crime incentivising and recruiting criminal population is another cause for concern, exemplified by the deep web offer of a Ferrari as a prize for the hacker who ‘dreams up the biggest scam’ [317]. Financial obscurity – bitcoin, dogecoin, litecoin, etc – there are ever increasing ways for criminals to launder money online. Distribution of malware via social engineering tactics is another evolution; that is the infecting of users by perceived trusted sources. Cyber propaganda is increasing; that is the gamed use of social media platforms for propaganda purposes and cyberterrorism [318].

Consequently, there is likely to be a wider opportunity base for organised cybercrime, to the point that we expect to see ‘next generation’ sophisticated cyber organisations of significantly increased size, complexity, reach, and confidence. Essentially, there is considerable room for growth for cybercriminal organisations of unprecedented scale, which will present significant challenges to law enforcement. In a behavioural context, we expect that such cybercriminals may attempt to justify their activities as ideological in nature (note the libertarian philosophy behind the Silk Road [319]). Additionally, we note the following behavioural threats and trends.

Psychological obsolescence: the disruptive impact of technology on youth development is likely to produce a cultural shift which may leave present psychological, social and cultural norms behind, including respect for property rights, privacy, national security, and the authority of law enforcement. What is the prognosis for a generation inured by the consumption of illegally downloadable music, videos software and games? What sort of criminal activities may this generation of ‘virtual shoplifters’ progress to? This is even before we consider more serious threats, such as the environmental developmental effects on those spending large amounts of time in deep web contexts, those exposed to age-inappropriate sexual content online [320], or those vulnerable to radicalisation online, by cyber terrorist interests.

Cyber criminal sensemaking of Big Data: While there has been a massive increase in the production of data, very little of it is getting analysed, yet at the same time the economic value of personally identifiable information is growing rapidly. This particular analytic gap in itself represents a criminal opportunity.

Ubiquitous victimology: the public need to be aware that increasingly, no matter where they are or what they are doing, they may be at risk of serious organised crime. This is because of the increase in mobile and wearable technologies, which may not have the same level of security features as laptop or desktop devices. In fact, given that mobile devices can now both store large amounts of sensitive information, as well as access cloud storage, the average device-carrying member of the public could now be considered forensically a high-risk victim in a cybersecurity context. This premise is supported by Maughan [321], noting that:

Mobile devices present a growing challenge in cyber security. The numbers of devices is predicted to double in 5 years. The security of devices is a problem - all device types have been compromised. The security of software on mobile devices is also a concern, along with security issues in apps, many of these store usernames and passwords are vulnerable to man-in-the-middle attacks (p. 6).

In addition, this problem will likely be further exacerbated by the ‘blurring of boundaries between corporate and private life’ [322] exemplified by the bring-your-own-device (BYOD) practices increasingly common in corporate life. Furthermore, the IoT presents a variety of additional attack surfaces to organised cybercriminals.

Cyberpsychological insight

As discussed, a key perspective is to consider cyber space as an immersive, as opposed to transactional entity, to consider cyberspace as an actual environment, and address the ‘minimisation and status of authority online’ [323]. The challenge for technology is perhaps to create an impression that there are consequences for the criminal use of technologies, and to develop digital deterrents targeting cyber criminals, and digital outreach protocols supporting victims. In that light, it is advisable for law enforcement authorities to have increased visibility or presence online. The most promising areas for multi-disciplinary cyberpsychologically-informed research to provide insight to law enforcement organisations tackling Internet-facilitated organised crime are as follows:

1. investigation of the role of social and psychological issues in the lifespan development of an individual into serious organised cybercrime
2. empirical exploration of the dynamic relationship between the real world and virtual world from a serious crime perspective
3. methodologically ‘factoring the criminal’ as a human into the digital forensic investigative process
4. development of a robust typology of organised cybercrime and cybercriminals
5. analysis of cybernetic crime evolution, structure and syndication
6. risk assessment of ubiquitous victimology.

Cyberpsychology research vision is focused on understanding new norms of behaviour online, and to consolidate them with or differentiate them from existing real world behaviours, and in doing so deliver insight. A theoretically profound, experimentally rigorous, developmentally longitudinal, and technically sophisticated research approach is required to achieve long-lasting positive societal effects, along with cooperation between academia, law enforcement and industry - in fact, all parties that have an interest in developing safe and secure societies.

Affiliations

Mary Aiken, Director RCSI CyberPsychology Research Centre
Sensemaking Felllow IBM Network Science Research Center
Fellow Middlesex University School of Law

Ciarán Mc Mahon, Ph.D., Research & Development Co-ordinator, RCSI CyberPsychology Research Centre