Abstract
In the serious game “Operation Digital Chameleon” red and blue teams develop attack and defense strategies as part of an IT security Awareness training. This paper presents the game design and selected results from a structured evaluation of techniques of neutralization applied by cybercrime threat actors. Various motives and five neutralization techniques are identified in fifteen instances of “Operation Digital Chameleon”. We argue that “Operation Digital Chameleon” is not only an instrument to raise IT security awareness but also a sensible method to explore techniques of neutralization in cybercrime.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gaycken, S.: Cyberwar: Das Internet als Kriegsschauplatz. Open Source Press (2010)
Füllgraf, W.: Hacktivisten: Abschlussbericht zum Projektteil der Hellfeldbeforschung, Wiesbaden (2015)
Hald, S., Pedersen, J.: An updated taxonomy for characterizing hackers according to their threat properties. In: 2012 14th International Conference on Advanced Communication Technology (ICACT), pp. 81–86 (2012)
TrendMicro: U-Markt - Peering into the German Cybercriminal Underground (2015)
ENISA: ENISA Threat Landscape Report 2016: 15 Top Cyber-Threats And Trends (2017)
Bässmann, J.: Täter im Bereich Cybercrime, Wiesbaden (2015)
Rieb, A., Lechner, U.: Operation digital chameleon – towards an open cybersecurity method. In: Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016), Berlin, pp. 1–10 (2016)
Bundeskriminalamt: Bundeslagebild Cybercrime 2015 (2016)
Logan, C.H., Blumstein, A., Cohen, J., Nagin, D.: Deterrence and Incapacitation: Estimating the Effects of Criminal Sanctions on Crime Rates (1980)
Young, R., Zhang, L., Prybutok, V.R.: Hacking into the minds of hackers. Inf. Syst. Manag. 24, 281–287 (2007)
Siponen, M., Vance, A.: Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q. 34, 487–502 (2010)
Sykes, G.M., Matza, D.: Techniques of neutralization: a theory of delinquency (1957)
Puhakainen, P.: A Design Theory for Information Security Awareness. Oulu University Press, Oulu (2006)
Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. Wiley, New York (1998)
Morris, R.: Computer hacking and the techniques of neutralization: an empirical assessment. In: Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications, pp. 1–17. Information Science Reference, Hershey (2011)
Minor, W.W.: Techniques of neutralization: a reconceptualization and empirical examination. J. Res. Crime Delinq. 18, 295–318 (1981)
Klockars, C.B.: The Professional Fence. Free Press, New York (1974)
Coleman, J.W.: The Criminal Elite: The Sociology of White Collar Crime. St. Martin’s Press, New York (1994)
Spafford, E.H.: Are computer hacker break-ins ethical? J. Syst. Softw. 17, 41–47 (1992)
Moore, R., McMullan, E.C.: Neutralizations and rationalizations of digital piracy: a qualitative analysis of university students. Int. J. Cyber Criminol. 3, 441–451 (2009)
Haupt, S.: Internet-Piraten ohne Gewissensbisse - warum Aufklärung und Strafaktionen nicht wirken (2007)
Haupt, S.: Musikkopisten und ihre Rechtfertigungen. VDM Verlag Dr. Müller, Saarbrücken (2007)
D’Ovidio, R., Mitman, T., El-Burki, I.J., Shumar, W.: Adult-child sex advocacy websites as social learning environments: a content analysis. Int. J. Cyber Criminol. 3, 421–440 (2009)
Higgins, G.E., Wolfe, S.E., Marcum, C.D.: Music piracy and neutralization: a preliminary trajectory analysis from short-term longitudinal data. Int. J. Cyber Criminol. 2, 324–336 (2008)
Hutchings, A.: A qualitative analysis of online offending and victimisation. In: Global Criminology: Crime and Victimization in the Globalized Era, pp. 93–114. Taylor and Francis (2013)
Li, W., Cheng, L.: Effects of neutralization techniques and rational choice theory on internet abuse in the workplace. In: PACIS 2013 Proceedings (2013)
Smallridge, J.L., Roberts, J.R.: Crime specific neutralizations: an empirical examination of four types of digital piracy. Int. J. Cyber Criminol. 7, 125–140 (2013)
Walkley, S.: Regulating cyberspace: an approach to studying criminal behaviour on the internet (2005). http://hdl.handle.net/1885/9994
Turgeman-Goldschmidt, O.: The rhetoric of hackers’ neutralisations. In: Schmalleger, F., Pittaro, M. (eds.) Crimes of the Internet, pp. 317–335. Pearson Education, Upper Saddle River (2009)
Holt, T.J., Copes, H.: Transferring subcultural knowledge on-line: practices and beliefs of persistent digital pirates. Deviant Behav. 31, 625–654 (2010)
Nicho, M., Kamoun, F.: Multiple case study approach to identify aggravating variables of insider threats in information systems. Commun. Assoc. Inf. Syst. 35, 333–356 (2014)
Goode, S., Cruise, S.: What motivates software crackers? J. Bus. Ethics 65, 173–201 (2006)
Hinduja, S.: Neutralization theory and online software piracy: an empirical analysis. Ethics Inf. Technol. 9, 187–204 (2007)
Australian Institute of Criminology: Hacking motives (2005)
Holt, T.J., Kilger, M.: Know Your Enemy: The Social Dynamics of Hacking. Honeynet Proj. 17 (2012)
Kilger, M., Arkin, O., Stutzman, J.: Profiling. In: Know Your Enemy: Learning about Security Threats, pp. 505–556. Addison Wesley Professional (2004)
Chiesa, R., Ducci, S., Ciappi, S.: Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hacking. CRC Press, Boca Raton, London, New York (2009)
Taylor, P.: Hackers: Crime and the Digital Sublime, New York (1999)
Falk, W.D.: “Ought” and motivation. In: Proceedings of the Aristotelian Society, pp. 111–138 (1947)
McGoogan, C.: Anonymous hacker knocks 20pc of dark web offline in campaign against child pornography. http://www.telegraph.co.uk/technology/2017/02/06/anonymous-knocks-20pc-dark-web-offline-campaign-against-child/?WT.mc_id=tmg_share_fb
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)
Kamath, M.: Hackers can remotely take over nuclear power plants by exploiting vulnerability in IES. http://www.techworm.net/2015/08/security-flaws-in-industrial-ethernet-switches.html
Neitzel, L., Huba, B.: Top ten differences between ICS and IT cybersecurity (2014). https://www.isa.org/standards-and-publications/isa-publications/intech-magazine/2014/may-jun/features/cover-story-top-ten-differences-between-ics-and-it-cybersecurity/
Robinson, M.: The SCADA threat landscape. In: 1st International Symposium on ICS SCADA Cyber Security Research 2013 (ICS-CSR 2013), pp. 30–41 (2013)
Thomson, I.: Paper factory fired its sysadmin. He returned via VPN and caused $1m in damage. Now jailed. https://www.theregister.co.uk/2017/02/18/it_admin_/
Unknown: Payback 13: Last of Anonymous anti-copyright hacktivists sentenced in Virginia. https://www.rt.com/usa/234191-anonymous-payback-collins-blake/
Cimpanu, C.: Anonymous Leaks Data of 52 Cincinnati Police Officers. http://news.softpedia.com/news/anonymous-leaks-data-of-52-cincinnati-police-officers-500801.shtml
Verdict, A.: Message to Cincinnati Police Department. YouTube (2016)
Schmidt, J.: 16-jähriger demonstriert Sicherheitslücken bei 17 Banken. https://www.heise.de/security/meldung/16-jaehriger-demonstriert-Sicherheitsluecken-bei-17-Banken-1104841.html
Bersoff, D.M.: Why good people sometimes do bad things: motivated reasoning and unethical behavior. Pers. Soc. Psychol. Bull. 25, 28–39 (1999)
Bässmann, J.: Situative Kriminalprävention; Chancen eines Kooperationsansatzes im Bereich Cybercrime (2014). http://www.praeventionstag.de/dokumentation/download.cms?id=1832&datei=20140508_19DPT_13-05-2014__Vortrag_Bae_sit_F2761-1832.pdf
Acknowledgments
We would like to acknowledge the funding from BMBF for project “Vernetzte IT-Sicherheit Kritischer Infrastrukturen” (FKZ: 16KIS0213). We thank all participants for making “Operation Digital Chameleon” a success.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Rieb, A., Gurschler, T., Lechner, U. (2017). A Gamified Approach to Explore Techniques of Neutralization of Threat Actors in Cybercrime. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2017. Lecture Notes in Computer Science(), vol 10518. Springer, Cham. https://doi.org/10.1007/978-3-319-67280-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-67280-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67279-3
Online ISBN: 978-3-319-67280-9
eBook Packages: Computer ScienceComputer Science (R0)