EBCS Articles

The classical view of an information system is that it represents and reflects physical reality. We suggest this classical view is increasingly obsolete: digital technologies are now creating and shaping physical reality. We call this phenomenon the ontological reversal. The ontological reversal is where the digital version is created first, and the physical version second (if needed). This ontological reversal challenges us to think about the role of humans and technology in society. It also challenges us to think about our role as IS scholars in this digital world and what it means for our research agendas.

Objectives: Test whether the presence of a surveillance message on an attacked computer system influences system trespassers’ active engagement with the compromised system (i.e., entering computer commands). The hypothesized restrictive deterrent effect is tested both in the context of a first system trespassing incident and in the progression of repeated trespassing incidents in an attacked computer system. Methods: We designed a randomized controlled trial and deployed a series of virtual target computers with known vulnerabilities into the computer network of a large public university in the United States. The target computers were set to either display or not display a surveillance banner once system trespassers infiltrated them. Results: We find that the presence of a surveillance banner in the attacked computer systems reduced the probability of commands being typed in the system during longer first system trespassing incidents. Further, we find that the probability of commands being typed during subsequent system trespassing incidents (on the same target computer) is conditioned by the presence of a surveillance banner and by whether commands have been entered during previous trespassing incidents. Conclusions: These findings offer modest support for the application of restrictive deterrence in the study of system trespassing.

System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on the deterrence perspective, we employ a large set of target computers built for the sole purpose of being attacked and conduct two independent experiments to investigate the influence of a warning banner on the progression, frequency, and duration of system trespassing incidents. In both experiments, the target computers (86 computers in the first experiment and 502 computers in the second) were set either to display or not to display a warning banner once intruders had successfully infiltrated the systems; 1,058 trespassing incidents were observed in the first experiment and 3,768 incidents in the second. The findings reveal that although a warning banner does not lead to an immediate termination or a reduction in the frequency of trespassing incidents, it significantly reduces their duration. Moreover, we find that the effect of a warning message on the duration of repeated trespassing incidents is attenuated in computers with a large bandwidth capacity. These findings emphasize the relevance of restrictive deterrence constructs in the study of system trespassing.

Online crime has increased in severity and frequency over the past two decades. However, although several scientific disciplines have commonly employed criminological theories to explain this phenomenon, mainstream criminology has devoted relatively scant attention to the investigation of cyber-criminals and their victims. Drawing on this assumption that more criminological attention should be given to this important type of crime, this article presents an interdisciplinary review of the current state of research on cyber-dependent crimes (i.e., crimes that require the use of computer technology to exist, such as hacking). We begin with a brief discussion of the ecosystem of cyber-dependent crimes and the key actors who operate within it, including the online offenders and enablers, targets and victims, and guardians. Next, we review empirical scholarship that pertains to each actor while distinguishing between nontheoretical research and theoretically driven studies. We then detail methodological and theoretical avenues that should be pursued by future research and discuss why criminological research should lead policy initiatives and guide the design of technical tools that improve the scientific community’s ability to generate a safer and more secure cyber-environment. We conclude by discussing potential ways in which cyber-dependent crime research could pave the way for the advancement of mainstream criminological theory and research.

Cybercrime has been the focus of public attention during the last decade. However, within the criminological field, no prior research initiatives have been launched in an effort to better understand this phenomenon using computer network data. Addressing this challenge, we employ the classical routine-activities and lifestyle perspective to raise hypotheses regarding the trends and origin of computer-focused crime incidents (i.e. computer exploits, port scans, and Denial of Service (DoS) attacks) against a large university computer network. We first propose that computer-focused crimes against a university network are determined by the university users’ daily activity patterns. In addition, we hypothesize that the social composition of the network users determines the origin of computer attacks against the university network. We use data recorded between the years 2007 and 2009 by an Intrusion Prevention System (IPS) to test these claims. Consistently with our theoretical expectations, two important findings emerge. First, computer attacks are more likely to occur during university official business hours. Second, an increase in the number of foreign network users substantially increases the number of computer-focused crimes originating from Internet Protocol (IP) addresses linked with these users’ countries of origin. Future directions for subsequent studies are discussed.

We employ knowledge regarding the early phases of system trespassing events and develop a contextrelated, theoretically driven study that explores computer networks’ social vulnerabilities to remote system trespassing events. Drawing on the routine activities perspective, we raise hypotheses regarding the role of victim client computers in determining the geographical origins and temporal trends of (1) successful password cracking attempts and (2) system trespassing incidents. We test our hypotheses by analyzing data collected from large sets of target computers, built for the sole purpose of being attacked, that were deployed in two independent research sites (China and Israel). Our findings have significant implications for cyber-criminological theory and research.

Research Summary: The results of previous research indicate that the presentation of deterring situational stimuli in an attacked computing environment shapes system trespassers’ avoiding online behaviors during the progression of a system trespassing event. Nevertheless, none of these studies comprised an investigation of whether the effect of deterring cues influence system trespassers’ activities on the system. Moreover, no prior research has been aimed at exploring whether the effect of deterring cues is consistent across different types of system trespassers. We examine whether the effect of situational deterring cues in an attacked computer system influenced the likelihood of system trespassers engaging in active online behaviors on an attacked system, and whether this effect varies based on different levels of administrative privileges taken by system trespassers. By using data from a randomized experiment, we find that a situational deterring cue reduced the probability of system trespassers with fewer privileges on the attacked computer system (nonadministrative users) to enter activity commands. In contrast, the presence of these cues in the attacked system did not affect the probability of system trespassers with the highest level of privileges (administrative users) to enter these commands.

Policy Implications: In developing policies to curtail malicious online behavior committed by system trespassers, a “one-policy-fits-all” approach is often employed by information technology (IT) teams to protect their organizations. Our results suggest that although the use of a warning banner is effective in reducing the amount of harmful commands entered into a computer system by nonadministrative users, such a policy is ineffective in deterring trespassers who take over a network with administrative privileges. Accordingly, it is important to recognize that the effectiveness of deterring stimuli in cyberspace is largely dependent on the level of administrative privileges taken by the system trespasser when breaking into the system. These findings present the need for the development and implementation of flexible policies in deterring system trespassers.

Many online chat applications live in a grey area between the legitimate web and the dark net. The Telegram network in particular can aid criminal activities. Telegram hosts “chats” which consist of varied conversations and advertisements. These chats take place among automated “bots” and human users. Classifying legitimate activity from illegitimate activity can aid law enforcement in finding criminals. Social network analysis of Telegram chats presents a difficult problem. Users can change their username or create new accounts. Users involved in criminal activity often do this to obscure their identity. This makes establishing the unique identity behind a given username challenging. Thus we explored classifying users from their language usage in their chat messages.

The volume and velocity of Telegram chat data place it well within the domain of big data. Machine learning and natural language processing (NLP) tools are necessary to classify this chat data. We developed NLP tools for classifying users and the chat group to which their messages belong. We found that legitimate and illegitimate chat groups could be classified with high accuracy. We also were able to classify bots, humans, and advertisements within conversations.

Restricted Boltzmann machines are a generative neural network. They summarize their input data to build a probabilistic model that can then be used to reconstruct missing data or to classify new data. Unlike discrete Boltzmann machines, where the data are mapped to the space of integers or bitstrings, continuous Boltzmann machines directly use floating point numbers and therefore represent the data with higher fidelity. The primary limitation in using Boltzmann machines for big-data problems is the efficiency of the training algorithm. This paper describes an efficient deterministic algorithm for training continuous machines.

Crime prevention through environmental design (CPTED) is a non-punitive method for reducing crime through the design of the built environment. The relevance of CPTED strategies however is less clear in the context of computing environments. Building upon prior research indicating that computing environments may change computer users’ behaviors, this study tests the effectiveness of CPTED based approaches in mitigating system trespassing events. Findings from this randomized controlled field trial demonstrate that specific CPTED strategies can mitigate hacking events by: reducing the number of concurrent activities on the target computer, attenuating the number of commands typed in the attacked computer, and decreasing the likelihood of hackers returning to a previously hacked environment. Our findings suggest some novel and readily implemented strategies for reducing cybercrime.

Victims of romance fraud experience both a financial and emotional burden. Although multiple studies have offered insight into the correlates of perpetration and victimization, no known study has examined if, and how, romance fraud can be curtailed. The current study uses a randomized experimental design to test the restrictive deterrent effect of warning messages sent to romance fraudsters via email. We find that active romance fraudsters who receive a deterrence message, instead of non-deterrence messages, respond at a lower rate; and, among those who respond, use fewer words and have a lower probability of seeking reply without denying wrongdoing. The results provide support for restrictive deterrence in cyberspace. Theoretical and policy implications are discussed.

The popularity of the deterrence perspective across multiple scientific disciplines has sparked a lively debate regarding its relevance in influencing both offenders and targets in cyberspace. Unfortunately, due to the invisible borders between academic disciplines, most of the published literature on deterrence in cyberspace is confined within unique scientific disciplines. This chapter therefore provides an interdisciplinary review of the issue of deterrence in cyberspace. It begins with a short overview of the deterrence perspective, presenting the ongoing debates concerning the relevance of deterrence pillars in influencing cybercriminals’ and cyberattackers’ operations in cyberspace. It then reviews the existing scientific evidence assessing various aspects of deterrence in the context of several disciplines: criminology, law, information systems, and political science. This chapter ends with a few policy implications and proposed directions for future interdisciplinary academic research.

Accessing public Wi-Fi networks can be as dangerous as it is convenient. People who access a public Wi-Fi network should engage in self-protective behaviors to keep their data safe from malicious actors on the same network as well as persons looking over their shoulder, literally and proverbially. Using two independent research designs, we examined under what circumstances were people more likely to access an unsecured Wi-Fi network and engage in risky behavior on these networks. Findings from the first study, based on survey data, reveal that people who are more situationally aware are less likely to access personal accounts on public Wi-Fi, and more likely to cover their screen to prevent others from viewing personal information. Additionally, findings show that people with higher computer proficiencies are less likely to engage with public Wi-Fi. For the second study, our research team designed and deployed honeypot Wi-Fi networks. We found that people are more likely to access these unsecured, rogue networks in establishments with fewer on-duty employees and that do not offer legitimate public Wi-Fi. Additionally, the number of on-duty employees is associated with an increase in physical security behaviors, such as concealing a screen. We conclude by discussing how these findings can aid in reducing susceptibility to online victimization.

As the demand for cheaper electronic devices has increased, the location of manufacturing foundries has changed, sometimes to untrusted places in foreign countries. Some of these locations have limited oversight of the manufacturing of complicated and sensitive electronic components including integrated circuits (ICs). The integrated circuits are key component in all current electronic devices and can be modified to be malicious or to monitor the functions of their applications. These malicious modifications on the ICs are called hardware trojans (HWTs). HWTs an be designed to quietly monitor, to actively send out sensitive information, or to destroy their host device completely. The idea of hardware trojans in Wireless Sensor Networks (WSNs) has not been investigated before; thus, our goal is to demonstrate the potential threat that hardware trojans pose for sensor networks. This is important to study, given that in WSNs hundreds of sensors are deployed and in most cases left unattended, which gives the opportunity to an attacker to trigger a HWT on the sensors. For our investigation, we used TelosB sensors that have been used for some WSN applications. An attacker in a network can, for example, take advantage of the SPI bus that is used by the radio to eavesdrop messages and even disrupt communications completely. Currently, security breaches through software is given great importance in the WSN academic and research community. Our research shows that the same level of importance must be given to attacks through hardware to ensure a trusted and secure network.

Law-abiding citizens are concerned with deterring and preventing crime. One strategy to accomplish this goal is to increase the costs and reduce the benefits that particular situations present to offenders. This form of crime control is known as situational crime prevention. Like law-abiding persons, offenders must concern themselves with being victimized. Differently, however, offenders must also worry about being detected and punished by formal agents. Thus, situational prevention from the offenders’ perspective is relatively complex, encompassing efforts to block not only opportunities for victimization but also for law enforcement. Building on the work of Clarke, the present study uses qualitative data from drug dealers to illustrate how and why offenders use situational strategies and techniques to evade their adversaries. The article concludes by discussing implications for future work.

The IEEE 802.15.4 standard has attracted timecritical applications in wireless sensor networks because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS management scheme’s security mechanisms still leave the 802.15.4 medium access control vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 networks either focus on nonbeacon-enabled 802.15.4 networks or cannot defend against insider attacks for beacon-enabled 802.15.4 networks. In this paper, we illustrate this by demonstrating attacks on the availability and integrity of the beaconenabled 802.15.4 network. To confirm the validity of the attacks, we implement the attacks using Tmote Sky motes for wireless sensor nodes, where the malicious node is deployed as an inside attacker. We show that the malicious node can freely exploit information retrieved from the beacon frames to compromise the integrity and availability of the network. To defend against these attacks, we present BCN-Sec, a protocol that ensures the integrity of data and control frames in beacon-enabled 802.15.4 networks. We implement BCN-Sec, and show its efficacy during various attacks.

Criminals have a firsthand perspective on why and how to commit crime. In this chapter, we outline and illustrate five ways that offender-based research can be used to inform understanding of crime prevention, more specifically situational crime prevention: namely, (1) by directly determining what works to reduce crime; (2) generating findings that are suggestive of what prevention measures to invent and employ; (3) refining understanding of why a given prevention method reduces crime; (4) figuring out how offenders get around particular prevention measures; and, (5) gathering information on not only the positive but also the unintended, negative outcomes of prevention procedures. We conclude by discussing the choices involved in conducting offender-based research for the betterment of situational crime prevention.

Adopting the criminal event perspective, we explore how online fraudsters make use of urgency cues in their interactions with potential victims throughout the progression of an online nonpayment fraud attempt. Integrating claims from the ‘Interpersonal-Deception Theory’ with situational explanations of crime, we investigate whether fraudsters’ presentations of verbal cues of urgency during the early stages of a criminal event are followed by a consistent presentation of verbal and non-verbal urgency cues. To answer this question, we posted a large number of ‘for-sale’ advertisements over a classified-ad website and interacted with online fraudsters and legitimate users who responded to our ads over email. Our findings highlight the relevance of the criminal event perspective in guiding research on targets and offenders in cyberspace.

Although a relatively simple form of hacking, website defacement can have severe consequences both for the websites that are attacked and the reputation of their owners. However, criminological research has yet to fully explore the causes and correlates of website defacement. We consider whether variables derived from routine activity theory can be applied to understanding website defacement. Specifically, using a sample of websites that were targeted by hackers in 2017 across the world, we examine the relationship between a country’s structural characteristics and the frequency of website defacement reported for the country. We find that website defacements are less likely to occur in the presence of capable guardianship (strong military presence) and more likely to occur when certain measures of target suitability are present. Additionally, using hackers’ self-reported valuations of potential targets, we separate defacements into two groups, and examine whether websites targeted for political reasons have different correlates than websites targeted for recreational reasons. Findings reveal that recreational defacements are deterred by capable guardianship (strong military presence) and are influenced by certain measures of target suitability while political defacements are not.

Opioid crisis was declared as a public health emergency in 2017 by the President of USA. According to the Centers for Disease Control and Prevention, more than 91 Americans die every day from an opioid overdose. Nearly $4B is provided to address the opioid epidemic in the 2018 spending bill and help fulfill the President’s Opioid Initiative.

How to monitor and predict the opioid epidemic accurately and in real time? The traditional methods mainly use the hospital data and usually have a lag of several years. Even though they are accurate, the long lag period prevents us from monitoring and predicting the epidemic in real time. We observe that people discuss things related to the epidemic a lot in social media platforms. These user behavior data collected from social media platforms can potentially help us monitor and predict the epidemic in real time.

In this paper, we study how to use Twitter to monitor the epidemic. We collect the historic tweets containing the set of keywords related to the epidemic. We count the frequency of the tweets posted at each month and each state. We compare the frequency values with the real-world death rates at each month and each state. We identify high correlation between tweet frequency values and real-world death rates. The statistical significance demonstrates that the Twitter data can be used for predicting the death rate and epidemic in future.