Available online at www.sciencedirect.

com
ScienceDirect
ScienceDirect
Procedia
Available Computer
online Science 00 (2019) 000–000
at www.sciencedirect.com
Procedia Computer Science 00 (2019) 000–000 www.elsevier.com/locate/procedia
www.elsevier.com/locate/procedia
ScienceDirect
Procedia Computer Science 161 (2019) 1147–1155

The Fifth Information Systems International Conference 2019

The Fifth Information Systems International Conference 2019
A Systemic Cybercrime Stakeholders Architectural Model
A Systemic Cybercrime Stakeholders Architectural Model
Manmeet Mahinderjit Singh*, Anizah Abu Bakar
Manmeet Mahinderjit Singh*, Anizah Abu Bakar
School of Computer Science, University of Science Malaysia, Penang, Malaysia
School of Computer Science, University of Science Malaysia, Penang, Malaysia

Abstract
Abstract
The increased of cybercrime incidents taking place in the world is at its perilous magnitude causing losses in term of money and
The
trust.increased
Even thoughof cybercrime incidents
there are various taking placesolutions
cybersecurity in the world is at its
in place; theperilous
threat ofmagnitude
cybercrimecausing
is still losses
a hardin term of Exploration
problem. money and
of cybercrime
trust. Even thoughchallenges, especially
there are the preventions
various cybersecurity and detections
solutions in place;ofthe
thethreat
cybercrime should be
of cybercrime investigated
is still by composing
a hard problem. all
Exploration
of
thecybercrime
stakeholders challenges,
and playersespecially the preventions
of a cybercrime issue. Inand
thisdetections
paper; an of the cybercrime
exploration should
of several be investigated
cybercrime by composing
stakeholders is done. all
It is
the stakeholders
argued and players
that cybercrime of a cybercrime
is a systemic issue.
threat and In this
cannot paper; an
be tackled exploration
with of several
cybersecurity cybercrime
and legal systems.stakeholders is done.
The architectural It is
model
proposed
argued is cybercrime
that significant and
is a should
systemicbecome
threat one
and of the considered
cannot be tackled milestones in designing
with cybersecurity security
and legal control
systems. in architectural
The tackling cybercrime
model
proposed
globally. is significant and should become one of the considered milestones in designing security control in tackling cybercrime
globally.
© 2019 The Authors. Published by Elsevier B.V.
© 2019 The Authors. Published by Elsevier B.V.
© 2019
This The
is an Authors.
open accessPublished by Elsevier
article under B.V.
the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
This is an
Peer-review open access
under article under
responsibility of the CC BY-NC-ND
scientific committee
Peer-review under responsibility of the scientific committee license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
ofofThe
The Fifth
Fifth Information
Information Systems
Systems International
International Conference
Conference 2019
2019.
Peer-review under responsibility of the scientific committee of The Fifth Information Systems International Conference 2019
Keywords: Big data, Internet of Things (IoT); Cyberspace; Routine Activity Theory; Systemic
Keywords: Big data, Internet of Things (IoT); Cyberspace; Routine Activity Theory; Systemic

1. Introduction
1. Introduction
The increased cybercrime incidents taking place in the world are at its perilous magnitude causing losses in term
The increased
of money cybercrime
and trust incidents taking
towards technology place in the
[1] mentioned world
above. aredefinition
The at its perilous magnituderevolves
of cybercrime causing the
losses in term
offense or
of
crime committed in cyberspace through tools such as a computer; smartphones using a network system intending or
money and trust towards technology [1] mentioned above. The definition of cybercrime revolves the offense to
crime
breachcommitted in cyberspace
confidentiality, integritythrough tools such [2]
and availability as aofcomputer; smartphones
any assets. Cybercrime using
is aa network systemofintending
combination crime andto
breach confidentiality, integrity and availability [2] of any assets. Cybercrime is a combination of crime
cyberspace. Crime implies a behavior performed by an attack that is considered harmful and therefore has a potential and
cyberspace. Crime implies
cost to individuals a behavior
or society. There performed by an attack
are many purposes that is considered
of conducting harmful
cybercrime actand therefore
such has a potential
as for financial gain,
cost to individuals or society. There are many purposes of conducting cybercrime act such as for
entertainment, an activist for political or religious purpose and for revenge [3]. Based on prediction done financial gain,
by
entertainment, an activist for political or religious purpose and for revenge [3]. Based on prediction done by

* Corresponding author. Tel.: +60-46-535-346.

* E-mail manmeet@usm.my
address:author.
Corresponding Tel.: +60-46-535-346.
E-mail address: manmeet@usm.my
1877-0509 © 2019 The Authors. Published by Elsevier B.V.
This is an open
1877-0509 access
© 2019 Thearticle under
Authors. the CC BY-NC-ND
Published license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
by Elsevier B.V.
Peer-review
This under
is an open responsibility
access of the scientific
article under CC BY-NC-NDcommittee of The
license Fifth Information Systems International Conference 2019
(http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the scientific committee of The Fifth Information Systems International Conference 2019

1877-0509 © 2019 The Authors. Published by Elsevier B.V.

This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the scientific committee of The Fifth Information Systems International Conference 2019.
10.1016/j.procs.2019.11.227
1148 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155
2 Author name / Procedia Computer Science 00 (2019) 000–000

Cybersecurity Accenture [4], it's predicted that the damage caused by cybercrime will rise to 6 billion in 2021. The
damage due to cybercrime consists of destructed data; lost productivity, theft of intellectual property, theft of personal
and financial data, embezzlement, fraud, post-attack, disruption to the normal course of business, forensic
investigation, restoration and deletion of hacked data and systems, and reputational harm [4]. Another alarming
incident recorded by Javelin and Strategy [5] in 2017 illustrates almost 15.4 million consumers were the victim of
Identity theft in which $16 billion loss was reported worldwide. This makes identity theft a very lucrative illegal
business.
One main catalyst of crime in the cyberspace is due to its nature and characteristic which conform to dynamic
spatiotemporal coupled with identity flexibility, anonymity and lack of deterrence [6]. The nonexistence or blurs line
between space and time in cybercrime and traditional based crime leads to online offenders getting away from the
crime committed without even being tracked. The challenges with tackling cybercrime worldwide lie in the
stakeholders of the cybercrime. According to Yar [7, 8]; based on motivations either financial or non-financial; a
valuable victim and a lack of guardianship in term of technological; jurisdiction and even law; the likelihood of crime
increases. Most of victim or consumers attacked are naïve when it comes to technology. The lack of cross-transnational
law in tackling cybercrime between western countries and among ASIA Pacific countries is worrying [9]. For instance;
most of the latest attacks such as ransomware have no clear conviction or law, every country has its own jurisdiction
and lack of cooperation between countries make cybercrime a non-trivial issue. With many factors leading to
cybercrime such as technology advancement such as the Internet and smartphones with no regards to security; users
lack awareness and technology background; lack of cross-transnational law; the issue of cybercrime is seen as a
systemic failure. Systemic is a group of integrated components; instead of its individual components. When dealing
with cybercrime threats; many cybersecurity researchers design solutions that are not able to mitigate the cybercrime
attack completely. Solutions designed are only capable to provide security measurements in lessening the attack's
impact and triggers alerts only after an attack has occurred. A detective solution such as Intrusion detection systems
(IDS) has its limitations such as in disallowing genuine packets (false positives) in through the system and allowing
malware packets (false negatives) through due to programming glitch or software errors. Nevertheless; certain attacks
such as ransomware cannot be halted and only could be mitigated with preventive solutions. Another reason why
cybercrime threat requires systemic solutions are the different stakeholders exist. Technological based security
countermeasures, safeguards, and legal systems play an important role in acting as guardianship to mitigate attacks.
However; the challenge here is when technology could be compromised and the legal system is diversified based on
nations, cultural and societal contexts. Thus, in this paper; exploration of the relationship of cybercrime and its
stakeholders is presented. The identification of essential components or stakeholders tackling cybercrime threats is
presented as well. The significance of these findings is to assist policymakers in designing cybercrime policies that
are comprehensive and concise.
The outline of the paper is as the following. Section 2 covers the factors; stakeholders and risks within cybercrime
threats. Section 3 presents an identified model of Systemic Components in Tackling Cybercrime. Finally; there is a
section on Conclusion.

2. Factors; stakeholders and risks involving cybercrime threats.

The definition of cybercrime involves offenses committed through cyberspace by using a computer or network as
a tool and intention to cause information leakage [1, 3, 10]. The impact of a cybercrime severity is based on the context
of the purpose/motivations of the attack itself; the offender and the victim involved [3]. In the context of a government
agency; the impact of cyber-attack done by hackers which aim to disrupt the services of governmental related might
bring down normal operations causing losses in term of money and reputation. Nevertheless; the loss of reputation
towards authority, such as financial centers of the law offices are other consequences. A new technological platform
such as Bring Your Own Devices in which employees use their own mobile devices in an organization to complete
any office related tasks [11] open many windows of vulnerabilities in which attacks could occur at the server end;
mobile devices and communication channel [11]. Among factors contributing to the increased numbers of cybercrime
cases includes; i) cyberspaces features [6]; ii) lack of data quality mechanisms [12, 13] iii) lack of security concern in
emerging trends and technologies (etc: Big data, IoT and Artificial Intelligences products) [12, 14] and iv) lack of
human knowledge and awareness [15] in dealing with cyberspace and latest trends technologies.
 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155 1149
Author name / Procedia Computer Science 00 (2019) 000–000 3

The nature and character of cyberspace, which conform to dynamic spatiotemporal coupled with Identity flexibility,
Anonymity and lack of deterrence provides offenders the choice to commit cybercrime [3, 6]. In addition; with the
explosion of a massive and high volume of data through trend such as Big data; most of the data generated and
processed each day using high-end infrastructure are hardly cleaned and verified for its correctness and quality [12].
As a result, there are more chances for a cybercrime attack to happen. Following metaphors such as, “garbage in-
garbage out”; most computer servers contain data that are inaccurate leading to the wrong decision-making process.
For instance; data generated via thousands of sensors which are not secured and in plain text manner would likely
transit through unsecured wireless channels such as Bluetooth or Wifi [13]. The lack of data annotation of sensor data,
causing data quality to be questionable and data are prone to be corrupted and leak due to lack of protection such as
encryption [12].
Another reason for the rise of cybercrime attacks is with the advent of technologies and trends. With mobile
computing and BYOD specifically; the line between personal and professional hours, devices and data have
disappeared [11, 13]. The personal mobile device used at home after office hour to access sensitive corporate data or
communicating work-related email using office email software lead to employees being an easy target of hackers
launching spamming or phishing attack [13]. Both; Internet of Things (IoT) and Big data which coined the concept of
“everything every time” adopt architecture such as cloud servers and Hadoop servers for data processing and storages
[16]. These architectures have a lack of security solutions in protecting its data, neither in transit nor at rest. For
instance; Hadoop server, which uses Map reductive to assist the processing of queries involving large data; the
likelihood of entrusted mappers returning wrong results that will generate incorrect aggregate results is huge and due
to the amount of data being handled; it is impossible to identify and track the incorrect query [16].
The convergences of IoT, Big Data and Artificial Intelligences (AI) in presenting a better cybersecurity solution
through proactive future attack mitigation are seen through Intrusion detection systems; antivirus products and
biometric-based access control solutions. However; there is a dark side to this technology. Artificial Intelligence
algorithm trained and detect objects differently compare to human. Many intrusion detection systems and biometrics
algorithms designed using AI algorithms which are publicly available and open source. Thus, this system is prone to
be tricked and outsmart by hackers while designing malware that is undetectable [14]. There are also some hacking
companies selling their services which are adopting Artificial Intelligences in designing dashboards and providing
analytics for displaying details in marketing their new written malware [14]. Technologies here, which are designed
supposedly to provide better living could also turn into a nightmare when it is used for bad intention.
As human who are the users to all the technologies and systems out there; the lack of knowledge of the technology
makes them the weakest link of the security chain system [15]. Human failed to understand the product vulnerabilities
they are handling in which causing threats such as social engineering and carding to increase. As mentioned by Bruce
Schneier [15]; “security is a process and not a product”; tackling security issue by merely introducing security
mitigation without understanding the human factors is not enough. Nevertheless; due to the factor of making money
fast; most of the hackers today are turning cybercrimes as a business model rather than a hobbyist or for fun reason.
From simply providing hacking services to maintaining a large organized crime ring; the Internet and Darknet become
the enablers for cybercriminals to share and markets their illegal goods and services.

2.1. Emerging technological impact on cybercrime equation

The advancement and vulnerabilities lie in cyberspace and technology trend such as Big data and it; cybercrime
threats defy an asymmetrical relationship. Every user given the opportunity would be able to launch any form of
cybercrime attacks from anywhere and anytime via everything that connects via the internet (etc: IoE: data, person,
process) with less effort and low cost. Nevertheless, returns and impact are high. The asymmetrical relationship
between all the components such as the internet, technological tools, offender's motivation and skills and targets
accessibility; attack could be launched within a spatiotemporal setting (as shown in Fig 1).
1150 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155
4 Author name / Procedia Computer Science 00 (2019) 000–000

Fig.1. Cybercrime equation.

This low effort and low cost of launching attacks, especially with open source tools and services provided within
the Internet such as mailing; the impact and returns of this act are high. Imagine when a phisher sent emails using a
mailing list consisting of many users; the likelihood of anyone responding to the email still exists even the number is
small. The effort is worthwhile and without any defensive or guardianship mechanism in term of network filters, user
awareness and even policy in place; human is the weakest link in this equation.

2.2. Cybercrime components or stakeholders

Based on Routine Activity Theory (RAT) [7, 8]; an offender with motivations either financial or non-financial; a
valuable victim and a lack of guardianship in term of technological; jurisdiction and even law; would likely increase
crime rates. Routine Activity Theory (RAT) was designed in 1979 by Cohen and Felson [7] who argued that without
a guardianship in place; any type of crimes would take place. However, this theory takes onto assumption of time and
spatial in which the theorist argued that as long as the offender and the victim is within distances and there is no
guardian authority, such as the police; etc. within similar distance; crime will take place.
Cyberspace has become a connector between people regardless of their location and time differences. Nevertheless;
crime committed in cyberspace could come from anywhere and at any time. Thus; the role of offender-victims requires
some adjustments. Similarly, for the guardianship, which adopts the notion of spatial and temporal as well.
Guardianship in cybercrime is seen as the role played by solution with cybersecurity and the legal system. Researchers
[17, 18] proposed Situational Crime Prevention in which they argue that crime can be reduced by altering situations
rather than an offender disposition. This theory could be further used to integrate cybersecurity solutions that would
protect the confidentiality; integrity, and availability of information. However; even with guardianship in place; cyber-
attacks still take place. Email servers would classify email containing URL as spam, but it's still up to the user that
receive the email to determine to click open or delete the email altogether. Any organization which has all the security
protection beginning with authentication and authorization systems; network protection system (firewall, IDS); data
protection (encryption, digital signature) and even communication channel protections (TLS/SSL & VPN), it is
entirely with the user to decide if they want to click open an attachment or not. It only takes one employee to click an
attachment containing malware open; the whole organization could be in for trouble. An attack such ransomware is
even sophisticated. User drift into surfing internet sometimes tends to click on the page and even URL containing this
type of malware. Once this malware is triggered; it would then hold ransom to the data on your computer and claim
to release only once payment is made. Nevertheless, in terms of laws and jurisdictions which act as regulations;
guidelines; standard and even policies in term of cybercrime mitigation purposes; vulnerability lies in term its
adoption. With each country has their own regulations and laws; collecting evidence and prosecuting cybercriminal
becomes an open issue. Thus; the main argument here is, even when the guardianship is in place; cybercrime is still a
non-trivial challenge. Next, risk due to technology and legal based guardianship will be explored.

2.3. Criminology theories on technological influences in cyber attacks

Table 1 displays the related work on some theorists in demonstrating the reasoning behind the importance of
 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155 1151
Author name / Procedia Computer Science 00 (2019) 000–000 5

technology as a cause and guardian to crime in a society.

Table 1: Criminology theorists and its mapping to cybercrime.

Theory Criminology Concept Mapped to Cybercrime Perspective Stakeholders

Social Learning Theory Criminal behavior is acquired through Cybercriminal conduct crime by Offender
[19] observational learning imitation and modelling from others
(etc: Hacking)

Cultural Lag [20] Failure to develop social consensus on
appropriate application of modern
technology lead to a breakdown in
social settings.
Digital Drift Theory [21] Internet interactions, which requires
no face-to-face and borderless could
drift non-criminal towards criminality
Space Transition Theory Explanation about the nature of the
[6] behavior of the persons who bring out
their conforming and non-conforming
behavior in the physical space and
cyberspace.
Situational Crime Crime can be reduced by altering
Prevention [17, 18] situations rather than an offender
disposition.
Any application/technology designed Guardianship
with no regard of protection lead to the
human being the weakest link
Some offenders get drifted into Offenders
becoming cyber criminals due to
internet pseudo-reciprocal environment
(etc: Child pornography)
Factors such as offenders behavior; the Offender
social settings they live in and the
internet features lead to cybercrime.
Implementation of the defender / Guardianship
guardianship system, reduce likelihood
of crime

Mapping into the importance of these theories into cybercrime has been done. The stakeholders involved here are
either the offender or the guardianship. Overall two main points can be made based on the theory mapping exercise.
One point is the role of technology, which behaves as a guardian and sometimes acts as the cause of cyber-attacks
growth [20]. In 1922; Ogburn argued about the importance of developing social consensus on appropriate applications
of modern technology. He claimed that failure in doing so does lead to a breakdown in social settings. Observing his
claim in today technology's development; many products are designed without any concern given into security
importance. For instance; many IoT applications such as smart home systems are designed with minimal concern
given into their design. Smart home hub configurations files containing users’ sensitive details like the password and
smartphone numbers and even IP address of all connected components are not encrypted. Any simple hacking tool
could allow remote access to these files via unprotected WiFi and Bluetooth network channel. Once user details are
obtained; a home could be compromised, which leads to cyber-attacks compromising confidentiality; integrity and
availability to take place. The lack of market study and social consensus before a product is launching is causing most
of the technological-based products security and privacy concern. Some consumers are unaware of the vulnerabilities
of products they are handling and some who do; does not care much in protecting themselves. The second point focus
on the importance of social settings in the usage of technology. Many researchers focus their work on the importance
of consumer behavior in dealing with technology [6, 21]. For instance; Goldsmith [21] argued on how interaction with
a computer could lead to users being drift and consequently lead them towards criminality. He argues; people who
have a fetish in pornography could drift themselves deeper into child porn. An interesting note here is how this theory
fits some cases of social engineering attack occurring. Due to drifting; some users would leave some details along
with their surfing habits which could lead them to become phishing victims without their own knowing. Attacks such
as watering hole or defaced websites and form jacking (user leaves their details when filling up forms containing their
sensitive details) could support this theory.
1152 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155
6 Author name / Procedia Computer Science 00 (2019) 000–000

2.4. Lack of security concern in new technological advancement

Before 2008; the innovation of supercomputers and nanotechnology in powerful chip design; power-saving
batteries and emerging technology of mobile computing have already taken place. Interesting; as stated in the
Telegraph UK [22]; 2008 and 2009 also demonstrates a widespread of apps markets like Google plaster and Apple
Store; the development of satellite navigation with the adoption of GPS in mobile phones and new phones such as
Microsoft Phones and social messaging's account growth (Facebook and Twitter). By the end of 2010; 3D technology
innovation; added location-based check-ins services and the Android-based Smartphone were well accepted by the
consumer [23]. With Facebook is recording a staggering 500 million users across and adoption of mobile computing
everywhere; the outbreak of trends and technologies has also influenced the growth of cybercrime attack. This is
proven when in 2011; an increased in hacktivism occur. Hacktivism tends to attack the system to change the social
setting; thus, changing political and business agenda and prospecting in which cases of hackers accessing personal
user data. One real case was the hacktivism was against Sony [24]. It has been estimated the incident lead to a loss of
$170m. The 2012 year onward; IoT and Big Data trends become the key factors to many applications and systems we
observe today. The main problem is the lack of security concern in these technologies or before it. Developers chasing
for profit in their products would not focus on securing their innovations. Thus; most of the vulnerabilities of
technology are exploited by cybercriminals to infiltrate the cyberspace and the users.

2.5. Ambiguities in cybercrime laws and jurisdictions

In order to deal with these transnational crimes; The Council of Europe in 2001 has introduced a Convention on
Cybercrime known as the Budapest Convention to allow collaboration among states for transnational cybercrime
investigation and prosecution. Not all countries ratified this convention. For instance; The Association of Southeast-
Asia Nations (ASEAN) country consisting of Singapore, Indonesia, Malaysia, Philippines, Thailand, Vietnam, Laos
and Myanmar did not ratify this convention. ASEAN, which was established in 1976 [25] to promote peace and
cooperation only did recognize; cybercrime as a transnational crime during the 2004 Joint Communique of the Fourth
ASEAN Ministerial Meeting [26]. Thus; the outcome of the meeting leads to strategic planning in term of legalization
and jurisdictions between ASEAN countries. In order to enforce a platform of collaborations and sharing of
cybercrime events; ASEAN Telecommunications and IT Ministers (TELMIN) established national Computer
Emergency Response Teams (CERTs) in 2003 [27]. Other two initiatives which focus is providing awareness to the
public; to impose sustainable partnership between private and public sectors and discuss issues relating to cyber
terrorism and cybercrime are ASEAN ICT Masterplan 2015 (AIM 2015) [28] and ASEAN Regional Forum (ARF)
[29]. The issues identified by observing ASEAN efforts in tackling cybercrime are mainly three points. First; non-
participation in the first and the only cybercrime global convention. Second; the delay undertaking in tackling and
accepting cybercrime as a global threat. Third; the fewer and slow efforts in designing a more comprehensive plan to
tackle crime.
Among other challenges of tackling cybercrime lies in the difficulties in enforcement of laws universally;
concealment of cyber cases by victims; the difference in cultures and customs in the global place and problems of
detection, enforcement and evidence. The fast-growing of criminology studies; law and jurisdictions and policies in
Western countries such as Budapest Convention and General Data Protection Regulation (GDPR); most of the ASIAN
countries are far behind when it comes to cybercrime mitigation efforts. The failure to mitigate cybercrime is seen as
a social failure rather than the failure of guardianship (technical or legal). Lack of cooperation between nations,
especially between the Western and Non-Western countries are real. One case that took place in ASIA is the horrific
case of a pedophile; Richard Huckle [30, 31]. Huckle is believed to have targeted nearly 200 children in Malaysia and
Cambodia over a span of nine years (since 2003), shared and sold images of his horrific crimes, including rapes on
the Darkweb. Even though the perpetrator was charged in 2014 and prosecuted in 2016; disturbing facts on how the
investigation details were shared and concealed from responsible authorities are appalling. Clearly; the issue in this
case is the offenders were not apprehended as early as possible due to lack of information sharing and blur international
and jurisdiction laws. Next, a systemic cybercrime stakeholder model is presented.
 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155 1153
Author name / Procedia Computer Science 00 (2019) 000–000 7

3. A Systemic Architectural Model of Cybercrime Stakeholders

A proposed architectural model will be explained.

Fig.2. Cybercrime components/stakeholders.

Based on the components presented in Fig 2. There a few stakeholders identified, such as the Offender; Target
(Victim); Technology; Social Settings & Law & Jurisdictions. Below is the explanation of each component:

 Offenders: Individual behavior and characteristics play an important role in determining the likelihood of becoming
a cybercriminal [19, 32]. Based on Gottfredson and Hirschi [32]; low self-control individual and lack of concern
for others would likely commit a cyber-attack crime. Based on Bandura [19]; cybercrime needs individuals to be
innovative and capable to imitate and learn skills from others. Hacking and digital piracy would require these skills.
Another important trait in an offender is to always evaluate their actions against the cost/benefit of committing the
crime. Thus; when these traits are carefully studied; any measurement to identify these traits and detecting the
behaviors based on their usage of technology such as social media and mobile devices could be used to provide
mitigation for cybercrime.
 Target (Victim): The target here has features such as being valuable; always accessible online and always being
visible. In cyberspace; data at rest and transit in domains such as Healthcare; Financial etc. located on cloud servers;
mobile devices and network servers are valuable containing user sensitive information. These data are always
accessible and visible regardless of the time and location. These traits made a target prone to become a victim.
However; most of the target, especially when it comes to consumers fail to understand the cyberspace platforms
and its vulnerabilities. Users naively adopt any computer systems without some simple background and lack of
awareness of safety in cyberspace.
 Technology: Technology regardless as cybercrime contributor or guardianships is an essential component. Starting
from the technologist; product innovators; researchers focusing on cybersecurity solutions; the need to completely
understand technology vulnerability and providing countermeasures is beyond technicality knowledge. Product
solution which adopts security coining with the theme of Privacy by Design or Privacy /Security by Default; are
not capable of solving all cybercrime attacks and its vulnerabilities. Products or any technology security solutions
1154 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155
8 Author name / Procedia Computer Science 00 (2019) 000–000

designed and produced must carefully follow the concept of Informed by Design [33]. Each product design must
be studied and solutions for design might not be enough for all kinds of products. Each technology has its own
vulnerabilities should have its own set of security solutions integrated prior before it hits the market.
 Social & Law Settings: Social norms and values added up cybercrime attacks occurring and not being prosecuted.
In International context; with each country having its own law and jurisdiction and own social consensus. For
instance; some countries allow its citizen to view pornographic images and watching videos, but in other countries;
it could be forbidden. Thus, to charge and prosecute cyber criminals that commit their crime oversea would become
non-trivial unless a treaty or any International agreement on the crimes are installed prior. Social settings also
become an important component when lacking cooperation between countries in collecting evidence and charging
offenders take place.

Based on the explanation; the components identified could be used in approaching cybercrime issues and in
providing solutions in terms of designing and creating global policies. A standardize baseline policies should carefully
study each cybercrime attacks taking place in different platforms (desktop; mobile computing; Internet of Things
systems; Big Data Infrastructures; Cloud Computing services; Edge computing devices; Communication channels).

4. Conclusion

In this article; cybercrime issues revolving stakeholders such as offender; its target/victim; technological; society
and law have been presented. The proposed architectural model could stand as a platform for future explorations in
designing mitigation solutions for the cybercrime perspective. In the future; in-depth research in evaluating these
components in terms of its importance and the relationship between each other will be done.

Acknowledgements

This research is funded by a RUI Grant no: 1001/PKOMP/8014003 which was awarded by University Sains
Malaysia (USM).

References

[1] W.Kim, O.R. Jeong, C. Kim, and J. So. (2011) “The Dark Side of The Internet: Attacks, Costs and Responses.” Information Systems 36
(3): 675-705, ISSN 0306-4379, https://doi.org/10.1016/j.is.2010.11.003.
[2] United Nation Office on Drugs And Crime. (2013) Comprehensive Study on Cybercrime, February 2013. Available from:
https://www.unodc.org/documents/commissions/CCPCJ/CCPCJ_Sessions/CCPCJ_22/_E-CN15-2013-
CRP05/Comprehensive_study_on_cybercrime.pdf.
[3] H.S Brar, and G.Kumar. (2018) “Cybercrimes: A Proposed Taxonomy and Challenges.” Journal of Computer Networks and
Communications, Article ID 1798659, 11 pages. https://doi.org/10.1155/2018/1798659.
[4] Morgan, Steve. (2017) Cybercrime Damages $6 Trillion By 2021. Available from: https://cybersecurityventures.com/hackerpocalypse-
cybercrime-report-2016/.
[5] Javelin, and Strategy. n.d. Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy &
Research Study.
[6] Jaishankar, K. (2008). “Space Transition Theory of Cyber Crimes”, in Schmallager, F., & Pittaro, M. (Eds.), Crimes of the Internet.
pp.283-301. Upper Saddle River, NJ: Prentice Hall.
[7] E.R Leukfeldt, and M. Yar. (2016) “Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical Analysis.” Deviant
Behavior 37 (3): 263-280. doi: 10.1080/01639625.2015.1012409.
[8] N. Martin, and J. Rice. (2011) “Cybercrime: Understanding and Addressing The Concerns of Stakeholders.” Computers & Security 30 (8):
803-814, ISSN 0167-4048. doi: https://doi.org/10.1016/j.cose.2011.07.003.
[9] Tee, Kenneth. n.d. Current Laws Inadequate to Deal With Cross-Border Cybercrimes, 27 August 2018. Available from:
https://www.malaymail.com/news/malaysia/2018/08/27/current-laws-inadequate-to-deal-with-cross-border-cybercrimes-says-
expert/1666481.
[10] Solms, B.V. (2001) “Information Security — A Multidimensional Discipline.” Computers & Security 20 (6): 504-508, ISSN 0167-4048.
doi: .https://doi.org/10.1016/S0167-4048(01)00608-3.
 Manmeet Mahinderjit Singh et al. / Procedia Computer Science 161 (2019) 1147–1155 1155
Author name / Procedia Computer Science 00 (2019) 000–000 9

[11] Singh, Manmeet Mahinderjit, Chen Wai Chan, and Zakiah Zulkefli. (2017) “Security and Privacy Risks Awareness for Bring Your Own
Device (BYOD) Paradigm.” International Journal of Advanced Computer Science and Applications (IJACSA) 8 (2). doi:
http://dx.doi.org/10.14569/IJACSA.2017.080208.
[12] N. Pius Owoh, N, M. Mahinderjit Singh, and Z.F Zaaba. (2018) “Automatic Annotation of Unlabeled Data from Smartphone-Based
Motion and Location Sensors.” Sensors 18: 2134.
[13] Zulkefli, Z., M. Mahinderjit Singh, and N.H.A.H Malim. (2015) “Advanced Persistent Threat Mitigation Using Multi Level Security –
Access Control Framework”, in Gervasi O. et al. (eds) Computational Science and Its Applications -- ICCSA 2015, Lecture Notes in
Computer Science 9158, Springer, Cham.
[14] Kilpatrick, H. (2018) The Threats Artificial Intelligence Poses to Cybersecurity. Available from: https://www.scnsoft.com/blog/ai-threats-
cybersecurity.
[15] Scheneir, B. (2000) “Chapter 7: The Human Factor”, in Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, Inc.,
New York, NY.
[16] Bekker, A. (2018) Buried Under Big Data: Security Issues, Challenges, Concerns. Available from: https://www.scnsoft.com/blog/big-
data-security-challenges.
[17] Clarke, R.V., and M. Felson (1993). “Routine Activity and Rational Choice.” Advances in Criminology Theory 5, New Brunswick,
Transaction Publishers, Inc.
[18] Felson, M. (1994). Crime and Everyday Life: Insight and Implications For Society, Thousand Oaks, Pine Forge Press.
[19] Bandura, A. (1977) Social Learning Theory, Englewood Cliffs, NJ, Prentice Hall.
[20] Volti, R., and William F. Ogburn. (2004). “Social Change with Respect to Culture and Original Nature.” Technology and Culture 45 (2):
396-405. Available from http://www.jstor.org/stable/40060750.
[21] Goldsmith, A., and R. Brewer. (2015). “Digital Drift and The Criminal Interaction Order.” Theoretical Criminology 19 (1): 112–130. doi:
https://doi.org/10.1177/1362480614538645.
[22] Telegraph UK. (2009) Top 10 Technology Highlights of 2009. Available from: https://www.telegraph.co.uk/technology/6817359/Top-10-
technology-highlights-of-2009.html.
[23] Richmond, S., E. Barnett, and M. Warman. (2010) “Top 10 technology highlights of 2010”, Telegraph UK. Available from:
https://www.telegraph.co.uk/technology/8216648/Top-10-technology-trends-of-2010.html.
[24] Richmond, S., M. Warman, C. Williams, and E. Barnett. (2011) “Technology Trends Of 2011: Year in Review.” Telegraph UK. Available
from: https://www.telegraph.co.uk/technology/news/8956806/Technology-trends-of-2011-year-in-review.html.
[25] ASEAN. (1976) Treaty of Amity and Cooperation in Southeast Asia Indonesia, 24 February 1976. Available from: http://asean.org/treaty-
amity-cooperation-southeast-asia-indonesia-24-february-1976/>. [Accessed November 2016].
[26] ASEAN. (2004) Joint Communique of the Fourth ASEAN Ministerial Meeting on Transnational Crime (AMMTC), Bangkok. Available
from: http://asean.org/joint-communique-of-the-fourth-asean-ministerial-meeting-on-transnational-crime-ammtc-bangkok/>. [Accessed
November 2016].
[27] ASEAN. (2015) ASEAN ICT Masterplan 2015 Completion Report, Jakarta, ASEAN Secretariat.
[28] ASEAN. (2016) ASEAN Telecommunications and IT Ministers Meeting (TELMIN). Available from: http://asean.org/asean-economic-
community/asean-telecommunications-and-it-ministers-meeting-telmin/>. [Accessed November 2016].
[29] ASEAN Regional Forum (ARF). (2006). ASEAN Regional Forum Statement on Cooperation in Fighting Cyber Attack and Terrorist
Misuse of Cyberspace. Available from: http://www.mofa.go.jp/region/asia-paci/asean/conference/arfstate0607-3.html>. [Accessed
November 2016].
[30] The Star. (2016) Paedophile Richard Huckle Who Abused Malaysian Children Jailed for Life. Available from:
https://www.thestar.com.my/news/nation/2016/06/06/paedophile-richard-huckle-who-abused-malaysian-children-jailed-for-
life/#ZvBbRbz4R47uXtF4.99.
[31] ABC News. Richard Huckle: Malaysian Police 'Weren't Given Enough Info' On British Paedophile. Available from:
https://www.abc.net.au/news/2016-06-09/malaysia-not-given-enough-info-on-british-paedophile/7497720.
[32] Gottfredson, M., and T. Hirschi. (1990). A General Theory of Crime, Stanford: CA, Stanford University Press.
[33] Lindley, J., P. Coulton, and R. Coope. (2018) “Informed by Design”, in Living in the Internet of Things: Cybersecurity of the IoT - 2018,
London. pp. 1-12. doi: 10.1049/cp.2018.0022.