Skip to main content
SpringerLink
Log in

A Gamified Approach to Explore Techniques of Neutralization of Threat Actors in Cybercrime

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10518))

Included in the following conference series:

Abstract

In the serious game “Operation Digital Chameleon” red and blue teams develop attack and defense strategies as part of an IT security Awareness training. This paper presents the game design and selected results from a structured evaluation of techniques of neutralization applied by cybercrime threat actors. Various motives and five neutralization techniques are identified in fifteen instances of “Operation Digital Chameleon”. We argue that “Operation Digital Chameleon” is not only an instrument to raise IT security awareness but also a sensible method to explore techniques of neutralization in cybercrime.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gaycken, S.: Cyberwar: Das Internet als Kriegsschauplatz. Open Source Press (2010)

    Google Scholar 

  2. Füllgraf, W.: Hacktivisten: Abschlussbericht zum Projektteil der Hellfeldbeforschung, Wiesbaden (2015)

    Google Scholar 

  3. Hald, S., Pedersen, J.: An updated taxonomy for characterizing hackers according to their threat properties. In: 2012 14th International Conference on Advanced Communication Technology (ICACT), pp. 81–86 (2012)

    Google Scholar 

  4. TrendMicro: U-Markt - Peering into the German Cybercriminal Underground (2015)

    Google Scholar 

  5. ENISA: ENISA Threat Landscape Report 2016: 15 Top Cyber-Threats And Trends (2017)

    Google Scholar 

  6. Bässmann, J.: Täter im Bereich Cybercrime, Wiesbaden (2015)

    Google Scholar 

  7. Rieb, A., Lechner, U.: Operation digital chameleon – towards an open cybersecurity method. In: Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016), Berlin, pp. 1–10 (2016)

    Google Scholar 

  8. Bundeskriminalamt: Bundeslagebild Cybercrime 2015 (2016)

    Google Scholar 

  9. Logan, C.H., Blumstein, A., Cohen, J., Nagin, D.: Deterrence and Incapacitation: Estimating the Effects of Criminal Sanctions on Crime Rates (1980)

    Google Scholar 

  10. Young, R., Zhang, L., Prybutok, V.R.: Hacking into the minds of hackers. Inf. Syst. Manag. 24, 281–287 (2007)

    Article  Google Scholar 

  11. Siponen, M., Vance, A.: Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q. 34, 487–502 (2010)

    Google Scholar 

  12. Sykes, G.M., Matza, D.: Techniques of neutralization: a theory of delinquency (1957)

    Google Scholar 

  13. Puhakainen, P.: A Design Theory for Information Security Awareness. Oulu University Press, Oulu (2006)

    Google Scholar 

  14. Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. Wiley, New York (1998)

    Google Scholar 

  15. Morris, R.: Computer hacking and the techniques of neutralization: an empirical assessment. In: Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications, pp. 1–17. Information Science Reference, Hershey (2011)

    Google Scholar 

  16. Minor, W.W.: Techniques of neutralization: a reconceptualization and empirical examination. J. Res. Crime Delinq. 18, 295–318 (1981)

    Article  Google Scholar 

  17. Klockars, C.B.: The Professional Fence. Free Press, New York (1974)

    Google Scholar 

  18. Coleman, J.W.: The Criminal Elite: The Sociology of White Collar Crime. St. Martin’s Press, New York (1994)

    Google Scholar 

  19. Spafford, E.H.: Are computer hacker break-ins ethical? J. Syst. Softw. 17, 41–47 (1992)

    Article  Google Scholar 

  20. Moore, R., McMullan, E.C.: Neutralizations and rationalizations of digital piracy: a qualitative analysis of university students. Int. J. Cyber Criminol. 3, 441–451 (2009)

    Google Scholar 

  21. Haupt, S.: Internet-Piraten ohne Gewissensbisse - warum Aufklärung und Strafaktionen nicht wirken (2007)

    Google Scholar 

  22. Haupt, S.: Musikkopisten und ihre Rechtfertigungen. VDM Verlag Dr. Müller, Saarbrücken (2007)

    Google Scholar 

  23. D’Ovidio, R., Mitman, T., El-Burki, I.J., Shumar, W.: Adult-child sex advocacy websites as social learning environments: a content analysis. Int. J. Cyber Criminol. 3, 421–440 (2009)

    Google Scholar 

  24. Higgins, G.E., Wolfe, S.E., Marcum, C.D.: Music piracy and neutralization: a preliminary trajectory analysis from short-term longitudinal data. Int. J. Cyber Criminol. 2, 324–336 (2008)

    Google Scholar 

  25. Hutchings, A.: A qualitative analysis of online offending and victimisation. In: Global Criminology: Crime and Victimization in the Globalized Era, pp. 93–114. Taylor and Francis (2013)

    Google Scholar 

  26. Li, W., Cheng, L.: Effects of neutralization techniques and rational choice theory on internet abuse in the workplace. In: PACIS 2013 Proceedings (2013)

    Google Scholar 

  27. Smallridge, J.L., Roberts, J.R.: Crime specific neutralizations: an empirical examination of four types of digital piracy. Int. J. Cyber Criminol. 7, 125–140 (2013)

    Google Scholar 

  28. Walkley, S.: Regulating cyberspace: an approach to studying criminal behaviour on the internet (2005). http://hdl.handle.net/1885/9994

  29. Turgeman-Goldschmidt, O.: The rhetoric of hackers’ neutralisations. In: Schmalleger, F., Pittaro, M. (eds.) Crimes of the Internet, pp. 317–335. Pearson Education, Upper Saddle River (2009)

    Google Scholar 

  30. Holt, T.J., Copes, H.: Transferring subcultural knowledge on-line: practices and beliefs of persistent digital pirates. Deviant Behav. 31, 625–654 (2010)

    Article  Google Scholar 

  31. Nicho, M., Kamoun, F.: Multiple case study approach to identify aggravating variables of insider threats in information systems. Commun. Assoc. Inf. Syst. 35, 333–356 (2014)

    Google Scholar 

  32. Goode, S., Cruise, S.: What motivates software crackers? J. Bus. Ethics 65, 173–201 (2006)

    Article  Google Scholar 

  33. Hinduja, S.: Neutralization theory and online software piracy: an empirical analysis. Ethics Inf. Technol. 9, 187–204 (2007)

    Article  Google Scholar 

  34. Australian Institute of Criminology: Hacking motives (2005)

    Google Scholar 

  35. Holt, T.J., Kilger, M.: Know Your Enemy: The Social Dynamics of Hacking. Honeynet Proj. 17 (2012)

    Google Scholar 

  36. Kilger, M., Arkin, O., Stutzman, J.: Profiling. In: Know Your Enemy: Learning about Security Threats, pp. 505–556. Addison Wesley Professional (2004)

    Google Scholar 

  37. Chiesa, R., Ducci, S., Ciappi, S.: Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hacking. CRC Press, Boca Raton, London, New York (2009)

    Google Scholar 

  38. Taylor, P.: Hackers: Crime and the Digital Sublime, New York (1999)

    Google Scholar 

  39. Falk, W.D.: “Ought” and motivation. In: Proceedings of the Aristotelian Society, pp. 111–138 (1947)

    Google Scholar 

  40. McGoogan, C.: Anonymous hacker knocks 20pc of dark web offline in campaign against child pornography. http://www.telegraph.co.uk/technology/2017/02/06/anonymous-knocks-20pc-dark-web-offline-campaign-against-child/?WT.mc_id=tmg_share_fb

  41. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)

    Google Scholar 

  42. Kamath, M.: Hackers can remotely take over nuclear power plants by exploiting vulnerability in IES. http://www.techworm.net/2015/08/security-flaws-in-industrial-ethernet-switches.html

  43. Neitzel, L., Huba, B.: Top ten differences between ICS and IT cybersecurity (2014). https://www.isa.org/standards-and-publications/isa-publications/intech-magazine/2014/may-jun/features/cover-story-top-ten-differences-between-ics-and-it-cybersecurity/

  44. Robinson, M.: The SCADA threat landscape. In: 1st International Symposium on ICS SCADA Cyber Security Research 2013 (ICS-CSR 2013), pp. 30–41 (2013)

    Google Scholar 

  45. Thomson, I.: Paper factory fired its sysadmin. He returned via VPN and caused $1m in damage. Now jailed. https://www.theregister.co.uk/2017/02/18/it_admin_/

  46. Unknown: Payback 13: Last of Anonymous anti-copyright hacktivists sentenced in Virginia. https://www.rt.com/usa/234191-anonymous-payback-collins-blake/

  47. Cimpanu, C.: Anonymous Leaks Data of 52 Cincinnati Police Officers. http://news.softpedia.com/news/anonymous-leaks-data-of-52-cincinnati-police-officers-500801.shtml

  48. Verdict, A.: Message to Cincinnati Police Department. YouTube (2016)

    Google Scholar 

  49. Schmidt, J.: 16-jähriger demonstriert Sicherheitslücken bei 17 Banken. https://www.heise.de/security/meldung/16-jaehriger-demonstriert-Sicherheitsluecken-bei-17-Banken-1104841.html

  50. Bersoff, D.M.: Why good people sometimes do bad things: motivated reasoning and unethical behavior. Pers. Soc. Psychol. Bull. 25, 28–39 (1999)

    Article  Google Scholar 

  51. Bässmann, J.: Situative Kriminalprävention; Chancen eines Kooperationsansatzes im Bereich Cybercrime (2014). http://www.praeventionstag.de/dokumentation/download.cms?id=1832&datei=20140508_19DPT_13-05-2014__Vortrag_Bae_sit_F2761-1832.pdf

Download references

Acknowledgments

We would like to acknowledge the funding from BMBF for project “Vernetzte IT-Sicherheit Kritischer Infrastrukturen” (FKZ: 16KIS0213). We thank all participants for making “Operation Digital Chameleon” a success.

Author information

Authors and Affiliations

  1. Universität der Bundeswehr München, Werner-Heisenberg-Weg 39, 85577, Neubiberg, Germany

    Andreas Rieb, Tamara Gurschler & Ulrike Lechner

Authors
  1. Andreas Rieb
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tamara Gurschler
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ulrike Lechner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andreas Rieb .

Editor information

Editors and Affiliations

  1. Centre for Legal Informatics, University of Vienna, Vienna, Austria

    Erich Schweighofer

  2. A-SIT, Graz, Austria

    Herbert Leitold

  3. European Union Agency for Network and Information Security, Heraklion, Greece

    Andreas Mitrakas

  4. Goethe University Frankfurt, Frankfurt, Hessen, Germany

    Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Rieb, A., Gurschler, T., Lechner, U. (2017). A Gamified Approach to Explore Techniques of Neutralization of Threat Actors in Cybercrime. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2017. Lecture Notes in Computer Science(), vol 10518. Springer, Cham. https://doi.org/10.1007/978-3-319-67280-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67280-9_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67279-3

  • Online ISBN: 978-3-319-67280-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation