Reach Us +44-175-271-2024
All submissions of the EM system will be redirected to Online Manuscript Submission System. Authors are requested to submit articles directly to Online Manuscript Submission System of respective journal.

ACTION SPEAKS LOUDER THAN WORDS - UNDERSTANDING CYBER CRIMINAL BEHAVIOR USING CRIMINOLOGICAL THEORIES

Friday Wada1, Olumide Longe2,and Paul Danquah3
  1. Friday Wada Research Scholar, College of Business, Southern University and A & M College Postal Address: International Center for Information Technology, College of Business, Southern University and A & M College; Baton Rouge, Louisiana 70813 Email: friwada@yahoo.com
    Dr Friday Wada is a research scholar with the International Center for Information Technology, College of Business, Southern University, Baton Rouge, LA 70813.
  2. Olumide Longe Research Scholar, College of Business, Southern University and A & M College Postal Address: International Center for Information Technology, College of Business, Southern University and A & M College; Baton Rouge, Louisiana 70813 Email: longeolumide@fulbrightmail.org
    Dr. Longe Olumider is a research scholar with the International Center for Information Technology, College of Business, Southern University, Baton Rouge, LA 70813.
  3. Paul Danquah Lecturer, Pentecost University College Postal Address: Accra Institure of Technology, P.O. Box AN-19782, Ghana Email: padanquah@ait.edu.gh
    Mr Paul Danquah doubles as lecturer with the Pentecost University College Accra Ghana and a PhD Candidate at the Francis Allotey School of Postgraduate Studies,Accra Institute of Technology, Ghana.
 
Related article at Pubmed, Scholar Google

Visit for more related articles at Journal of Internet Banking and Commerce

Abstract

A number of criminological and social theories have been postulated to explain criminal activities and the behavior of conventional criminals. However, empirical research to validate these theories in the context of cyber activities and the application of these theories to cybercrime are still very sparse in literature. With increasing use and migration of products and service such as banking, commerce and other financial services to internet platforms, research is warranted that examines the application of these theories to addressing the problem of cyber criminality. In this discourse, our attention is directed towards appraising these theories and applying them to provide some explanation for online criminal behavior.

Keywords

Theories, Cybercrime, Victimization, Behaviour and Criminals

INTRODUCTION

Electronic media have been emphasized by various theoretical traditions. Sociologists, for instance, argued that point-to-point communication media-for instance, telephones- support shared aims that demonstrate a powerful collective representation (Alexander, 1988). Some, especially the Marxists, look at communication media as an exploitative tool by the elitist groups for socioeconomic and political control (Davis and Hutchison, 1997). Contribution to digital communication, Bell et al (1997) argued that the invention of mini-electronic and optical circuits capable of speeding the rate of information flow through networks would have a big impact on society. Despite the positive impact of technology on society, it has on the other hand led to unintended use in criminal activities like cybercrime. It has therefore become easier to steal a penny from millions of bank account owners using the internet than through conventional bank robbery.
The relative anonymity that the Internet offers also makes remedies against perpetrators much less effective than they are in the conventional crime scenario (Longe et al, 2010). Thus, for example, it is much easier to obtain a relatively anonymous e-mail account from a provider such as yahoo, hotmail or Google for use in connection with illicit conduct than it is to obtain a post-office box in the offline world.
Our intention in this discourse is directed towards appraising these theories and applying them to provide some explanation for online criminal behaviour as well as cyber victimization. The remaining part of the paper is organized as follows. Section 2 discusses social theories while in section 3, we addressed criminological theories relating to crime and criminology. Next we examined the state transition theory and its postulates (Jaishankar, 2008), which though untested empirically as at the time of writing remains the most popular theory for explaining cyber crime. The paper concludes in section 5 by discussing cyber policing and providing direction for future research.

SOCIAL THEORIES

From a social scientific point of view, security theories are used to provide and implement protection against breaches and information system misuse that have evolved. They focus on user security awareness, motivation, deterrents, technology and training (Kajava & Siponen, 1997; Gaunt,1998; Desman, 2002; Barman, 2002; Cox et al. 2001; Pipkin et al 2000; Proctor & Byrnes, 2002). Researchers have theorized that user perception of risks and choices based on those perceptions can influence system security (Aytes & Connolly 2003).
The situational characteristics theory proponents argued that situations within a system usage domain can impact on ethics and user behaviour (Perry, 1985; Martins and Eloff , 2002; Banerjee et al. 1998). Wood (1995; 2002) proposed the Human Firewall theory stating that those user actions can undo technical security measures. He advocated that organizations must sensitize and educate users and evaluate their compliance with security policies and procedures.
The theory of least possible privilege as proposed by Beatson (1991) suggests psychological profiling of potential new users, while Bray (2002) argues that new users are more vulnerable to security breaches when using information systems (IS). Denning (1999) theorizes about defensive information warfare and proposes that security policy training and awareness will better equip users against threats. Forcht et al (1998); and Gaunt (1998) theorized about ethical awareness and culture as factors that influence IT security. Kabay (2002) theorized about using social psychology as a tool to improve user security conduct.
The importance of the interest of senior management and integrating security issues as part of the corporate asset protection model was highlighted by Katsikas (2000), Kovacich and Halibozek (2003) and Perry (1985). Vroom and von Solms (2002) also modelled an Information System security awareness program to address end-users, IT personnel and management executives. McLean (1992) theorized about using values, perceptions and behaviour to change user attitude about security, while Murray (1991) argues that ignorance and incompetence about the consequence of security policy abuse is a serious problem among users. Parker (1999) proposed a theory that uses rewards and penalties to influence attitudes toward security in information systems.
Sasse et al (2001) theorized that the nature of the technology with respect to the user’s goals and intentions significantly influence security features and usage in IS systems. They went further to propose the use of training, punishment, and reporting security as a motivation for creating security awareness among users. Schlienger and Teufel (2002) adopted a socio-cultural approach to information security and posited that the cultural theory can be used to enhance security at different cultural layers-namely, corporate policies, top management, and individuals. Siponen (2000) used human morality as a force that can impact on security. Straub and Welke (1998) theorized about using strong deterrents to convince potential violators of those organizations means in business about protecting information infrastructures. Tudor (2001) argued for a theory that uses a holistic IS security architecture to incorporate infrastructure, policies, standards, awareness and compliance. He however, concentrated on awareness training at the expense of all the other components.

Social Control Theory

Hirschi (1969) explains, the Social Control Theory proposes that exploiting the process of socialization and social learning builds self-control and reduces the inclination to indulge in behavior recognized as antisocial. This theory emphasizes on the role of society in the control of criminal behavior. It specifies the fact that no society can afford to denounce criminal activity without duly accepting its responsibility towards the same. Theory of Social Control stresses on the fact that most delinquent behavior is the result of unmonitored 'Social Control' by the authorities and primarily, the family. The theory is indicative of the fact that relationships and commitments with respect to set norms and a belief structure encourage or discourage individuals and groups to break the law.
This explains the increase in cyber criminal activities in societies where wealth is worshiped irrespective of the means through which it is obtained. In relation to cyber crime, the characteristics unveiled in Brenner (2002a; 2002b and 2004) publications (2obviously show that the ability to maintain perfect anonymity and the lack of a deterrence factor on the internet creates the opportunity for users to perpetrate in cyber crime. This is consistent with the social control theory because ultimately, online delinquent behavior is the result of unmonitored 'Social Control' by constituted social networks and the community as a whole.

Social Learning Theory

Burgess and Akers (1966) Social learning theory is the theory that people learn new behavior through observational learning of the social factors in their environment. If people observe positively, desired outcomes in the observed behavior, then they are more likely to model, imitate, and adopt the behavior themselves. Essentially, this theory explains that people can learn new information and behaviors by watching other people. Known as observational learning (or modeling), this type of learning can be used to explain a wide variety of behaviors. In relation to cyber crime, It not very obvious that cyber crime perpetrators have learned to commit cyber crimes from observation as suggested by this theory. This definitely requires further research to clarify the relevance of this theory to those attempting to combat cyber crime. In relation to cyber crime, it is not very obvious that cyber crime perpetrators have learned to commit cyber crimes from observation as suggested by this theory. It is not empirically proven whether people observe the cyber criminal behavior and model, imitate, and adopt the behavior themselves. This definitely requires further research to clarify the relevance of this theory to those attempting to combat cyber crime.

Deindividuation Theory

Diener et al, (1976) described deindividuation as the situation where anti-normative behavior is released in groups in which individuals are not seen or paid attention to as individuals. Simply put, deindividuation is immersion in a group to the point at which the individual ceases to be seen as such.
There are three widely held perspectives as to how deindividuation affects the group dynamic. It weakens people against performing harmful or socially disapproved actions. It also seen to heighten peoples’ responsiveness to external cues, which may be either positive or negative and lastly. It increases people’s adherence to norms that emerge with the group.
In relation to cyber crime, since deindividuation asserts that the immersion of the individual within a crowd or group results in a loss of self identity and ultimately a behavior that is represented by the group, it could be used to explain why some people commit cyber crime as a result of their location and the regularity with which persons within their surroundings indulge themselves in this vice.
On the other hand, a society or group that has good values would very likely influence their members to rather desist from cyber crime. Deindividuation Theory explains that the immersion of the individual within a crowd or group results in a loss of self identity and ultimately a behavior that is represented by the group. This could be very ideal for cyber criminals who find themselves on the internet without an identity and as part of a group of users who indulge themselves in cyber crime. On the other hand, a user group on the internet that has good values would very likely influence their members to rather desist from the cyber crime vice.

CRIMINOLOGICAL THEORIES

Numerous theories have been advanced in criminology with components from different subject domain such as law, sociology, psychology, philosophy, computing and information security .to explain the commission of crime as a whole. We attempt in this section to discuss these theories in relation to cyber crime.

Routine Activity Theory

The Routine Activity Theory is a criminological theory that was propounded by Cohen and Felson in 1979.The theory pre supposes that for a crime to be committed, the following must be concurrently present;
(a) A suitable target is available: The suitable target here refers to a person, object or place.
(b) There is lack of a suitable guardian to prevent the crime from occurring: The capable or suitable guardian refers to a deterrent like police patrols, security guards, neighborhood watch, door staff, vigilant staff and coworkers, friends, neighbors and CCTV systems.
(c) A motivated offender is present: This presupposes that there can be no victim without the intentional actions of another individual.
This theory proposes that three situations that facilitate the occurrence of crime must happen at the same time and in the same space. The assessment of the situation determines whether or not a crime takes place
Routine Activity Theory definitely applies to cyber crime regardless of the category. It must be emphasized that a crime must occur when there is the opportunity for the crime to be committed. Opportunity is the cause of crime and indeed root cause of crime. For cyber crime to be successfully committed, the opportunity for crime is multiplied by the simple fact that the criminal is no longer "location-bound". The routine activity theory was confirmed by Bossler and Holt in their 2009 publication titled “On-line Activities, Guardianship, and Malware Infection: An Examination of Routine Activities Theory”.

Rational Choice Theory

Cornish (1986) rational choice theory argues that people make basic decision to commit a crime, or to not commit a crime, based on a simple cost-benefit analysis. The rational choice theory focused on non-sociological factors that can influence the decision to commit crime. It is an approach used by social scientists to understand human behavior, in the rational choice theory. "Rationality" means that an individual acts as if balancing costs against benefits to arrive at action that maximizes personal advantage. In rational choice theory, all decisions be it wise or unwise to anyone, are postulated as mimicking such a "rational" process.
In relation to cyber crime for example, electronic mechanisms such as user ID, automated access control systems and surveillance camera can serve as deterrents because they increased the perceived risk of being apprehended. The Rational Choice Theory explains the thought processes of a criminal and the decision to commit crime which is applicable to cyber crime because it will bring to the fore a more detailed analysis of the criminal’s thought processes in commission of the cyber crime.

Opportunity Theory

This theory does not focus on the events that contribute to the crime but on the opportunities that emerge as a result of preventive measures to curb the crime. Proponents of this theory argued that crimes transverse between location, time, target, direction, and method of committing the crime. They further assert that Opportunity to commit a crime is a root cause of crime. Also, they posit that no crime can occur without the physical opportunity and therefore opportunity plays a role in all crimes, not just those involving physical property thereby reducing opportunity of crime (Felson & Clarke, 1998)

Technology Theory

The response of technology to the cyber crime problems centre on the use of computer security theories to design and evolve solutions that provides authentication, verification, non-repudiation and validation. These theories and models rely on the use of cryptography, steganography, network protocols, and the use of software engineering process/models to develop systems that offer some form of protection for users and the information infrastructure. Cybercrime thrives on the web today because the internet did not inculcate in its protocols from the onset a mechanism that allows a host to selectively refuse messages (Crocker, 1982). This implication is that a benign host that desires to receive some particular messages must read all messages addressed to it. In essence, a malfunctioning or malicious host has the capacity to send many unwanted messages. This problem is exacerbated by the ubiquitous nature of the web and remains the Achilles heel of the issue of web security today. Although all the theories discussed above are related to cyber crime, we are inclined to adapt routine activity theory to this study because the theory captured the philosophical assumptions upon which this study is .based.

Crime Displacement Theory

The crime displacement theory focuses primarily on reduction of the opportunity to commit crime. The efforts tend to displace or move the crime from one locale to another locale (Felson and Clarke 1998). Crime displacement may involve the following;
• Geographical Movement: Moving Crime from one location to the other.
• Temporal Movement: Moving Crime from one time to the other.
• Target Movement: Moving Crime from one target to the other.
• Tactical Movement: Changing the approach to committing the crime from one to the other.
• Crime type: Changing the type of crime that is to be committed.
The use of Crime Displacement as a method of reducing crime may be applicable to fighting cyber crime. The outcomes are varying; these are Cox et al (2009);
• Positive: A crime is displaced to a less serious damage. It represents a success since it produces a net gain.
• Negative: A crime is displaced to a more serious crime with greater reward or greater social cost.
• Neutral: A crime is displaced to one of the same seriousness, of the same risk, rewards and damage.
• Even-Handed: Prevention is concentrated on those who are repeatedly victimized in order to achieve a more equitable distribution of crime.
• Attractive: Activities and /or places attract crime from other areas or activities (eg-red light districts attract customers from other areas, as well as other criminal activities)

THE SPACE TRANSITION THEORY

Proponents of space transition theory argued that behavior of people in cyber space tends to bring out their compliance and noncompliance behavior both in the physical and in cyber space. This theory does not explain physical crime but cyber crime and how people move and behave from one space to the other (Schmalleger & Pittaro, 2009). This entails persons with repressed criminal behavior (in the physical space) having a propensity to commit crime in cyberspace, which they would not otherwise commit in physical space, due to their status and position. It also implies that the status of persons in physical space does not transit to cyber space. Jaishankar (2008), for instance, argues that the individual behavior repressed in physical space is not repressed in cyber space. The Space transition theory argues that, people behave differently when they move from one space to another. The postulates of the theory are as follows:
• Persons, with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which, otherwise they would not commit in physical space, due to their status and position.
• Identity Flexibility, Dissociative Anonymity and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime
• Criminal behavior of offenders in cyberspace is likely to be imported to physical space, which in physical space may be exported to cyberspace as well.
• Intermittent ventures of offenders in to the cyberspace and the dynamic spatio-temporal nature of cyberspace provide the chance to escape.
• Strangers are likely to unite together in cyberspace to commit crime in the physical space.
• Associates of physical space are likely to unite to commit crime in cyberspace.
• Persons from closed society are more likely to commit crimes in cyberspace than persons from open society.
• The conflict of Norms and Values of Physical Space with the Norms and Values of cyberspace may lead to cyber crimes.
This theory was postulated like any other criminological theory in 2008 but it is yet to undergo empirical tests to determine its authenticity. The need to find appropriate basis for the explanation of cyber criminal behaviors and to model anti cyber crime solutions motivates the need to empirically test the Space Transition Theory.
The Space Transition Theory as explained above posits that persons, with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which, otherwise they would not commit in physical space, due to their status and position is advanced on the premise that individuals feel varying degrees of self-reproach if they commit criminal acts.
In this context, the repressed criminal behaviour within the physical space, they are concerned with their social status based on others people’s perceptions of their personalities and status. Typically most individuals would weigh both material and social risks of being a criminal as opposed to being a law-abiding person in the physical space. Arbak (2005) explains that these same people who are concerned about their social status in the physical world are not that bothered about their status in the cyberspace because there is no one to watch and stigmatize them.
This is however subjective because social engineering sites can link individuals and show locations and personalities of criminals. The implication is that this depends on the platform from which the cyber crime is being committed.
Anonymity may be used to act out some unpleasant need or emotion, often by abusing other people, it can be used to express honesty and openness that could not be discussed in a face-to-face encounter. Jaishankar (2008) Identity flexibility, dissociative anonymity and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime tends to be consistent with the notion that most members of any society are honest because of the fear of being caught (deterrence factor). Cyber space on the other hand changes the situation and makes room for no deterrence factor.
The third posit of the theory states that criminal behavior of offenders in cyberspace is likely to be imported to physical space, which in physical space may be exported to cyberspace as well. The growth of e-business and internet usage has made it easier for organized crime gangs to facilitate and cover up their criminal activities which may usually include fraud, money laundering, intimidation, theft and extortion. While people do not live in cyber space, they visit and exit at will, given the very dynamic nature of cyberspace such as the ability to publish a website and subsequently remove very quickly, there is a lot of difficulty in determining the location of crimes or criminals on the internet. This situation accounts for the statement; intermittent ventures of offenders in to the cyberspace and the dynamic spatio-temporal nature of cyberspace provide the chance to escape.
A lot of social sites and newsgroups are not moderated and thereby create an excellent platform for collecting and sharing information with like-minded people, this creates an environment for frustrated individuals spy, sabotage and possibly leak sensitive information. This explains the statements: strangers are likely to unite together in cyberspace to commit crime in the physical space and associates of physical space are likely to unite to commit crime in cyberspace.
It is also believed that most people from open societies have the liberty to express their sentiments unlike persons from closed societies. Cyberspace invariably presents some form of solace for persons from the closed societies hence the posit that persons from closed society are more likely to commit crimes in cyberspace than persons from open society. One cannot say this is absolute as there is no empirical evidence to back the statement. The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes. In cyberspace, the behaviour of one person may vary from the behavior of another person and this could lead to conflicts and ultimately cyber crimes.

CONCLUDING REMARKS

Policing the cyberspace has remained a daunting task partly because of the sociotechnical dynamism introduced into crime detection and apprehension on electronic platforms. While it is timely to adopt and enact new laws to meet the growing dimensions of cyber activities. Majority of the challenges in apprehending cyber criminals has to do with law enforcements’ inability to react appropriately to criminal activities on the webscape. This is because cybercrime does not share some of the characteristics of conventional crimes such as proximity of the criminal to the victim and crime location as well as the scale and size of the crime that can be committed which is limited by physical constraints such that security measures put in place serve as deterrents (Longe et al, 2008; 2009). Although some consensus exists among nations on how to combat and deal with crimes across borders using international policing such as the Interpol, the underlying theory still relates to the Peel model and it is therefore inadequate to face the cyber crime problem.
We cannot say as a matter of fact that there is any theory in existence from the criminal justice and policing angle that specifically addresses the problem of cyber crime. In this paper, we x-rayed existing criminological and social theories explaining conventional crime scenarios and attempted to apply them to crimes on the internet. We provided some insights on how these theories also explain causation in cybercriminal activities. Future work will engage empirical research to validate these assumptions in the context of online electronic activities.
 

References









































Copyright © 2024 Research and Reviews, All Rights Reserved

www.jffactory.net