Journal of Crime and Justice

ISSN: 0735-648X (Print) 2158-9119 (Online) Journal homepage: www.tandfonline.com/journals/rjcj20

Introduction: new directions in cybercrime

research

Adam M. Bossler & Tamar Berenblum

To cite this article: Adam M. Bossler & Tamar Berenblum (2019) Introduction: new
directions in cybercrime research, Journal of Crime and Justice, 42:5, 495-499, DOI:
10.1080/0735648X.2019.1692426

To link to this article: https://doi.org/10.1080/0735648X.2019.1692426

Published online: 18 Nov 2019.

Submit your article to this journal

Article views: 81230

View related articles

View Crossmark data

Citing articles: 24 View citing articles

Full Terms & Conditions of access and use can be found at

https://www.tandfonline.com/action/journalInformation?journalCode=rjcj20
JOURNAL OF CRIME AND JUSTICE
2019, VOL. 42, NO. 5, 495–499
https://doi.org/10.1080/0735648X.2019.1692426

Introduction: new directions in cybercrime research

Adam M. Bosslera and Tamar Berenblumb
a
Department of Criminal Justice and Criminology, Georgia Southern University, Statesboro, GA, USA; bHebrew
University

The Internet, computers, cell phones, and other forms of technology have revolutionized every
aspect of human life over the last several decades, including how we communicate, bank, shop,
obtain the news, and entertain ourselves (Holt and Bossler 2016). These technological advancements
have also created myriad opportunities for offenders to commit various forms of crime. Online crimes
are often referred to as cybercrime and occur because ‘the perpetrator uses special knowledge of
cyberspace’ (Furnell 2002, 21). Cybercrime can therefore be viewed as a large umbrella term that
encompasses computer-assisted crime in which computers and technology are used in a supporting
role, such as the use of a computer to send harassing messages. At the same time, the term
cybercrime also includes computer-focused crimes that are a direct result of computer technology
and would not exist without it, such as unauthorized computer system trespassing (Furnell 2002;
McGuire and Dowling 2013).
Cybercrimes can be classified into different categories, including cyber-trespass (e.g., unauthor-
ized system access), cyber-deception/theft (e.g., identity theft, online fraud, digital piracy), cyber-
porn/obscenity (e.g., child sexual exploitation materials), and cyber-violence (e.g., cyberstalking;
cyber terrorism) (Holt, Bossler, and Seigfried-Spellar 2018; Wall 2001). It is nearly impossible to
estimate the amount of cybercrime that occurs in most nations across the world because of a lack
of standardized legal definitions for these offenses and few valid, reliable official statistics (Holt and
Bossler 2016). Evidence demonstrates, however, that cybercrime rates are increasing as the rates for
many forms of traditional street crimes continue to decrease (Tcherni et al. 2016).
The amount of research on cybercrime has grown exponentially over the last few decades. Much
of the preliminary work in this area focused on exploring how the nature of cybercrime and
cyberspace differed from traditional crime and terrestrial space (e.g., Grabosky 2001; Wall 1998).
A significant challenge for cybercrime scholars, both historically and currently, is the lack of official
statistics on most forms of cybercrime. In the United States, the Federal Bureau of Investigation’s
Uniform Crime Report’s Summary Reporting System (SRS), the most commonly used source for crime
data, provides no information on cybercrime or whether any form of technology was involved in the
commission of a crime. The National Incident-Based Reporting System (NIBRS), which the U.S. is fully
moving to in 2021, also does not provide a specific cybercrime category, but does allow agencies to
indicate whether a computer was involved in the commission of a crime. Since necessity is the
mother of invention, scholars studying cybercrime were required to collect primary data in innova-
tive ways, such as by analyzing forum discussions, bulletin boards, and blogs, deploying honeypots,
and developing field experiments (see Holt and Bossler 2016 for review). In addition, many scholars
surveyed different populations, with a heavy emphasis on college samples.
Scholars became particularly interested in testing whether traditional criminological theories,
such as routine activities theory, social learning theory, and the general theory of crime, applied to
various forms of cybercrime. As a result, scholars collected primary data and measured key concepts
of traditional criminological theories. The focus shifted from analyzing the similarities and differences

CONTACT Adam M. Bossler abossler@georgiasouthern.edu Georgia Southern University, Statesboro, GA, USA
© 2019 Midwestern Criminal Justice Association
496 A. M. BOSSLER AND T. BERENBLUM

of cybercrime in general to examining whether the same theoretical causes and correlates of
traditional crime applied equally well to cybercrime. Considering that these studies were often
based on college and youth samples, scholars examined simpler forms of cybercrime and cyberde-
viance, such as online harassment, digital piracy, and account password guessing, rather than more
complex forms of cybercrime requiring technical skills.
Data limitations were not the only hurdle for cybercrime researchers. It was not that long ago (a
little over a decade ago for the first co-editor) that cybercrime researchers shared stories about the
challenges they experienced in publishing cybercrime studies in traditional criminal justice journals.
Authors often heard from editors that their manuscripts were interesting, but that ‘cybercrime was
not a crime, and the topic would not appeal to a wide-ranging audience.’ Scholars started discussing
federal and state statutes early in their manuscripts to illustrate that the online behavior studied in
the manuscript was, in fact, illegal and punished by fines and imprisonment. Yet, cybercrime scholars
still heard that their manuscripts were not sufficiently ‘criminal’ enough and that the manuscript
would be more appropriate in cybersecurity, computer science, and IT journals.
Today, it seems that the general mood of the field is changing. There is a significant and growing
number of cybercrime-related presentations at national and international conferences each year. The
European Society of Criminology (ESC) Working Group on Cybercrime, which was created in the last
several years, organizes panels and discussions on cybercrime at the ESC meetings. In addition, the
Division of Cybercrime was just approved by the American Society of Criminology (ASC). Such
officially sanctioned and recognized groups did not seem possible just a few short years ago.
Furthermore, undergraduate and graduate offerings in cybercrime are increasing throughout the
country. Some programs are even offering specific certificates and undergraduate and graduate
degrees in cybercrime, such as Georgia Southern University and the University of South Florida.
These developments inspired the creation of the first annual Conference on the Human Factor in
Cybercrime held at Hebrew University in Jerusalem, Israel in October 2018. Criminologists and social
scientists sought an opportunity to come together to share their focused research on cybercrime
with others in the field and identify potential collaborators in computer science and engineering.
The second annual Conference on the Human Factor in Cybercrime was recently held in
October 2019 in the Netherlands with future possible conferences in Canada, the U.S., and other
participating countries.
The manuscripts in this special issue were culled from research presented at the first conference,
and illustrate several points about the current state of cybercrime research. First, they highlight the
international nature of cybercrime research. The authors hail from the United States, Canada, Israel,
the Netherlands, and Germany. Second, they demonstrate that theory is at the heart of all crimin-
ology research, even when the focus is on complex forms of cybercrime. Scholars in this special issue
use traditional criminological theories, such as routine activities theory, deterrence theory, and social
control, to better understand the causes and correlates of online fraud, website defacement,
cyberattacks against critical infrastructure, system trespassing, and cyberattacks against automo-
biles. These studies demonstrate the need to understand the human element of cybercrime as well
as its technical components.
Third, most of the manuscripts in this special issue focus on more complex forms of cybercrime,
demonstrating that the field is now able to better tackle these issues with innovative data collection
methods. Only two of the manuscripts collected primary data through the administration of surveys.
The other manuscripts all collected data in different and rich ways, such as the examination of police,
court, or probation records and files, emailing online fraudsters, scraping online platforms, and
downloading website defacement data.
The research of cybercrime scholars should be the key information source for policymakers, the
public, security professionals, and other academics on how to decrease various forms of cybercrime.
Unfortunately, there is a lack of evidence-based studies testing the effectiveness of cybercrime
policies. In Dupont’s ‘Enhancing the Effectiveness of Cybercrime Prevention through Policy
Monitoring,’ he argues that countries around the world have spent massive sums to invest in
 JOURNAL OF CRIME AND JUSTICE 497

cybersecurity, but have not spent the resources to develop tools to assess the effectiveness of
government interventions in reducing cybercrime. Dupont illustrates that policy monitoring would
lead to a more robust knowledge base regarding the effectiveness of cybercrime policies because it
would lead to a systematic collection of data, rigorous evaluations, and wide dissemination of the
evaluation results. In his analysis of 18 policy surveillance platforms, he outlines their main features
and discusses how they could be applied to cybercrime prevention efforts. He argues that the
creation of a cybercrime prevention surveillance tool should be considered a priority considering the
harms of cybercrime. Dupont writes: ‘It is now up to cyber-criminologists to determine the relevance
of this framework, its feasibility, and the collaborative resources that would be need to translate it
into reality.’
Maimon, Santos, and Park use a criminal event perspective in their manuscript entitled, ‘Online
Deception and Situations Conducive to the Progression of Non-Payment Fraud,’ to examine how
online fraudsters use urgency cues in their interactions with potential victims. Maimon and collea-
gues posted ‘for sale’ advertisements in order to exchange emails with potential fraudsters to
examine whether verbal cues of urgency in the early stages of a criminal event are followed by
verbal and non-verbal urgency cues in later stages. Their findings demonstrate the utility of the
criminal event perspective to better understand the dynamic aspect of online fraud specifically and
cybercrime in general.
Howell, Burruss, Maimon, and Sahani provide one of the first studies, if not the first study,
examining the causes and correlates of website defacement at the macro-level in ‘Website
Defacement and Routine Activities: Considering the Importance of Hackers’ Valuations of Potential
Targets.’ This manuscript provides a rare examination into how structural characteristics are related
to the frequency of website defacements at the national level. Collecting data on website deface-
ments, Howell et al. use routine activities theory as a framework to find that website defacements
were less likely to occur within a country that had capable guardianship and more likely to occur
when target suitability was present. These findings only applied to the frequency of recreational
website defacement and not political website defacements. Howell et al. demonstrate that routine
activities theory continues to be a useful framework to study cybercrime, regardless of whether the
test occurs at the individual or macro level.
Madarie, Ruiter, Steenbeek, and Kleemans also use a criminal event perspective in their manu-
script, ‘Stolen Account Credentials: An Empirical Comparison of Online Dissemination on Different
Platforms,’ to examine how stolen account credentials were offered on an online discussion forum,
online marketplace, and a paste website. In their analysis of data collected from web scrapes, they
found that variation existed among the three online platforms regarding the type of account
information available, the average asking price, rules for transactions, and the services provided
after the transaction. The manuscript should make the reader consider the importance of under-
standing the criminal event (i.e., knowing the answers to who, what, when, where, and how) before
we can develop deeper theoretical understanding of online behavior (i.e., answering the why
question).
The next two manuscripts of the special issue analyze data collected from official sources. In
‘Money Talks: Money Laundering Choices of Organized Crime Offenders in a Digital Age,’
Krulsbergen, Leukfeldt, Kleemans, and Roks examine case reports from 30 large-scale criminal
investigations into organized crime from the Dutch Organized Crime Monitor. They explore whether
information technology alters how organized crime spend and launder their criminal earnings. The
use of cryptocurrencies seemed to be limited to that of IT-related crime. Offenders of both traditional
crime and cybercrimes, however, preferred cash. Krulsbergen et al.’s findings do not support the
growing concern regarding organized crime becoming more involved in complex cybercrimes.
Harbinson and Selzer use data from the Administrative Office of the United States Courts,
Probation and Pretrial Services Office in their manuscript, ‘The Risk and Needs of Cyber-Dependent
Offenders Sentenced in the United States,’ to conduct one of the few studies that examine cyber
offenders from a corrections perspective. They examine the demographics and risk and needs of
498 A. M. BOSSLER AND T. BERENBLUM

cyber-dependent offenders serving community supervision in the federal probation system. Cyber
offenders generally scored low on risk to reoffend. When the cyber offenders had risk factors, they
were primarily found in criminal history and family and marital issues. These findings should make
the reader consider whether assessment tools created for ‘traditional’ offenders are appropriate for
cyber offenders and whether special assessments are needed. In addition, the findings show the
importance of additional research on the risk and needs of cyber offenders to help the courts and
probation departments modify their supervision conditions and interventions.
In the next two studies, both manuscripts demonstrate that college samples still have an
important role in testing the applicability of criminological theories to cybercrime. Both manuscripts
also emphasize the role of informal sanctions in influencing serious online behavior. ‘Perceived
Formal and Informal Sanctions on the Willingness to Commit Cyber Attacks Against Domestic and
Foreign Targets,’ by Adam Bossler examines the substantially under examined problem of cyber-
attacks against domestic and foreign targets. Collecting data from a college sample in the United
States, Bossler finds that anticipated formal sanctions were not related with a willingness to commit
website defacements and compromise bank and government servers. The findings support concerns
about the ability of formal sanctions to effectively curtail various forms of cybercrime. Congruent
with the traditional literature, anticipated informal sanctions, such as shame and embarrassment,
were more likely to reduce all cyberattacks examined.
In Berenblum, Kranenbarg, and Maimon’s, ‘Out of Control Online? A Combined Examination of
Peer Offending and Perceived Formal and Informal Social Control in Relation to System Trespassing,’
they examine the relationship between formal social control, informal social control, peer offending,
and system trespassing in an Israeli college sample. Berenblum et al. find that peer offending is
important in comparison to social control. They also find interesting interaction effects, such as those
with stronger IT skills and who perceive informal social to be ineffective in cyberspace have the
highest probability of offending. Their overall findings suggest that increasing the perception of
online formal and informal social control for specific groups, such as those with online deviant
friends or who have stronger IT skills, may reduce future offending.
The final manuscript explores an issue that significantly impacts our daily safety and privacy,
although most individuals are unaware of it – the cybersecurity of our automobiles. An increasing
amount of components within automobiles are both controlled by computers and provide informa-
tion to remote systems. The security of these systems from outside intruders is essential for safety
(e.g., auto-
pilot, breaking). These systems also hold enormous amounts of information about ourselves (e.g.,
account information, where we have been, our daily routines, etc.). In Kennedy, Holt, and Cheng’s,
‘Automotive Cybersecurity: Assessing a New Platform for Cybercrime and Malicious Hacking,’ they
use routine activities theory to identify effective guardianship strategies in the automotive supply
chain, including automobile manufacturers and their suppliers, that can prevent or mitigate the
cybersecurity risks threatening Connected and Autonomous Vehicles (CAVs). They specifically argue
that the companies responsible for the creation and adoption of these technologies have the most
important role in protecting CAVs from cybersecurity threats. After a through discussion of the key
threats and intervention points, the authors discuss the need for additional research and standards
for this field.
The field of cybercrime research is growing, scholars are exploring new innovative methods, and
our research is making a larger impact. This special issue is hopefully another indicator that the field
of cybercrime research has arrived, and that we are moving forward. The authors in this special issue
are all suggesting new directions for the field, but they all point forward. New challenges await us.
We would like to thank Mike Leiber and the staff at the Journal of Crime & Justice for the opportunity
to highlight these new directions.
 JOURNAL OF CRIME AND JUSTICE 499

Disclosure statement
No potential conflict of interest was reported by the authors.

Notes on contributors
Dr. Adam M. Bossler is Professor and Chair of the Department of Criminal Justice and Criminology at Georgia Southern
University. His research interests focus on the applicability of criminological theories to cybercrime offending and
victimization and the law enforcement response to cybercrime. His research has been funded by the Department of
Justice, National Science Foundation, and United Kingdom Home Office. He has co-authored three books (Cybercrime
and Digital Forensics: an Introduction, 2nd edition; Cybercrime in Progress: Theory and Prevention of Technology-Enabled
Offenses; and Policing Cybercrime and Cyberterror) and written extensively in peer-reviewed journals, including
Criminology and Public Policy, Policing, International Journal of Offender Therapy and Comparative Criminology, Journal
of Criminal Justice, and Deviant Behavior. He is also a board member on the International Interdisciplinary Research
Consortium on Cybercrime (IIRCC) and the European Society of Criminology’s Working Group on Cybercrime.
Dr. Tamar Berenblum is the research director of the The Federmann Cyber Security Center – Cyber Law Program, Faculty
of Law, the Hebrew University of Jerusalem, Israel, and the co-chair of the European Society of Criminology (ESC)
Working Group on Cybercrime. Tamar is also a Post-Doc Research Fellow at the Netherlands Institute for the Study of
Crime and Law Enforcement (NSCR), Netherlands, Rachel and Selim Benin School of Computer Science and Engineering,
the Hebrew University of Jerusalem, Israel and at The Center for Cyber Law & Policy at the Haifa University (CCLP).
Tamar’s research interests include victimology, sociology of knowledge, cybercrime, online social control and digital
rights. Her Doctoral thesis at the Hebrew University of Jerusalem, Israel titled ‘The Internet as a Sphere of Social Control’
examines the internet both as a sphere for social control and as a tool for such control over deviant activities. The study
focuses on mapping and analyzing online social control practices and the applicability of social control theories and
policies in the context of cyberspace.

References
Furnell, S. 2002. Cyber Crime: Vandalizing the Information Society. London: Addison Wesley.
Grabosky, P. 2001. “Virtual Criminality: Old Wine in New Bottles?” Social & Legal Studies 10: 243–249. doi:10.1177/
a017405.
Holt, T. J., and A. M. Bossler. 2016. Cybercrime in Progress: Theory and Prevention of Technology-Enabled Offenses. Crime
Sciences Series. New York: Routledge.
Holt, T. J., A. M. Bossler, and K. C. Seigfried-Spellar. 2018. Cybercrime and Digital Forensics: An Introduction. 2nd ed.
New York: Routledge.
McGuire, M., and S. Dowling. 2013. “Cybercrime: A Review of the Evidence.” Home Office Research Study. https://assets.
publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/248621/horr75-chap2.pdf
Tcherni, M., A. Davies, G. Lopes, and A. Lizotte. 2016. “The Dark Figure of Online Property Crime: Is Cyberspace Hiding
a Crime Wave?” Justice Quarterly 33: 890–911. doi:10.1080/07418825.2014.994658.
Wall, D. S. 1998. “Catching Cybercriminals: Policing the Internet.” International Review of Law, Computers & Technology
12: 201–218. doi:10.1080/13600869855397.
Wall, D. S. 2001. “Cybercrimes and the Internet.” In Crime and the Internet, edited by D. S. Wall, 1–17. New York:
Routledge.