1 / 28

Measuring Cybercrime

Measuring Cybercrime. Pieter Hartel. How?. Victim reporting initiatives FBI Internet Criminal Complaint Centre Population and business surveys CBS (Statistics Netherlands) Technology based information Verizon Risk team Meta analyses United Nations Office of Drugs & Crime

gari
Download Presentation

Measuring Cybercrime

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Measuring Cybercrime Pieter Hartel

  2. How? • Victim reporting initiatives • FBI Internet Criminal Complaint Centre • Population and business surveys • CBS (Statistics Netherlands) • Technology based information • Verizon Risk team • Meta analyses • United Nations Office of Drugs & Crime • Police recorded crime statistics • Lecture 5 Cyber-crime Science

  3. Cyber-crime Science

  4. Victim reporting initiatives • 13th year • Almost 300,000 complaints in 2012 • 500M$ loss • 91% US, 1.4% CA, 0.14% NL • Numerous investigations, arrests [IC312] IC3. 2012 Internet Crime Report. Internet Crime Complaint center, Mar 2013. http://www.ic3.gov/media/annualreport/2012_IC3Report.pdf. Cyber-crime Science

  5. Method Cyber-crime Science

  6. Complaint form • See https://complaint.ic3.gov/ • Description of the actors • Target Information (name, …) • Offender information (name, IP…) • Witnesses (name, …) • Local police office (name, …) • Description of the incident • Related to an online service? (mail, …) • Monetary Loss ($) • Means of payment (Cash, PayPal, …) Cyber-crime Science

  7. Frequently reported crimes Cyber-crime Science

  8. Discussion • And the other 240,000 complaints? • Is this the tip of the iceberg? • How effective is case matching? • The extent of technology? • How many arrests? Cyber-crime Science

  9. Cyber-crime Science

  10. Population and business surveys • 5st year • N=78,000, response 38% • Uniform geographical distribution • 95% confidence interval <2% [CBS13] CBS. Veiligheidsmonitor 2012. Centraal Bureau voor de Statistiek, Den Haag, 2013. http://www.cbs.nl/nl-NL/menu/themas/veiligheid-recht/publicaties/publicaties/archief/2013/2013-veiligheidsmonitor-2012-pub.htm. Cyber-crime Science

  11. Method • Random sample from NL population 15+ • First letter with link to online form • Second letter two weeks later with paper form • Phone reminder again two weeks later Cyber-crime Science

  12. Question 13: Hacking • During the last 12 MONTHS has it ever happened that somebody with malicious intent broke in or logged in on a computer, email account, website or profile site (e.g. Hyves, Facebook, Twitter) of your own of anyone else in your household? • Someone broke in / logged in on a computer • Someone broke in / logged in on an email account • Someone broke in / logged in on a website Cyber-crime Science

  13. Victimization in NL Cyber-crime Science

  14. Crime drops [Far11] G. Farrell, A. Tseloni, J. Mailley, and N. Tilley. The crime drop and the security hypothesis. Journal of Research in Crime and Delinquency, 48(2):147-175, May 2011. http://dx.doi.org/10.1177/0022427810391539. Cyber-crime Science

  15. Discussion • Do the respondents understand the cyber questions? • Should the cyber questions be integrated? Cyber-crime Science

  16. Cyber-crime Science

  17. Technology based information • 9th year • 47,000 incidents • Of which 621 confirmed data breaches [Ver13] Verizon. Data Breach Investigations report. Verizon Risk Team, 2013. http://www.verizonenterprise.com/DBIR/2013/. Cyber-crime Science

  18. Method • 19 partners • First-hand forensic evidence • Reviewed and validated Cyber-crime Science

  19. Who? • Threat actor categories trend N=621 Cyber-crime Science

  20. What? • Threat action categories N=47626 Cyber-crime Science

  21. Discovery • Late and by someone else! Cyber-crime Science

  22. Discussion • What does this say about the population? • Why are incidents discovered so late and by others? Cyber-crime Science

  23. Cyber-crime Science

  24. Meta analysis • 1st year • Global connectivity revolution • Much of the Internet is privately owned [UNO13] UNODC. Chapter 2 of Comprehensive Study on Cybercrime. United Nations Office on Drugs and Crime, Feb 2013. http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf. Cyber-crime Science

  25. Method • Surveys from 69 countries, 40 businesses, 16 universities, and 11 organizations • Caveat Police recorded offence per 100,000 Number of specialised police per 100,000 Cyber-crime Science

  26. Cybercrime is increasing • More in the news than homicide • Law enforcement sees increasing trends • Increasing use of ICT creates opportunity • More suitable targets online • Few opportunities for guardianship • Reduced self control Cyber-crime Science

  27. Compared to conventional crime % respondents reporting victimization in last year, 2011 or latest available Cyber-crime Science

  28. Conclusions • “Cyber” creates opportunity • Cybercrime is increasing • Measuring cybercrime correctly is hard Cyber-crime Science

More Related