Criminal expertise and hacking efficiency

Asier Moneva*, Stijn Ruiter, Daniël Meinsma

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

Criminal expertise plays a crucial role in the choices offenders make when committing a crime, including their modus operandi. However, our knowledge about criminal decision making online remains limited. Drawing on insights from cyber security, we conceptualize the cybercrime commission process as the sequence of phases of the cyber kill chain that offenders go through. We assume that offenders who follow the sequence consecutively use the most efficient hacking method. Building upon the expertise paradigm, we hypothesize that participants with greater hacking experience and IT skills undertake more efficient hacks. To test this hypothesis, we analyzed data from 69 computer security and software engineering students who were invited to hack a vulnerable website in a computer lab equipped with monitoring software, which allowed to collect objective behavioral measures. Additionally, we collected individual measures regarding hacking expertise through an online questionnaire. After quantitatively measuring efficiency using sequence analysis, a regression model showed that the expertise paradigm may also apply to hackers. We discuss the implications of our novel research for the study of offender decision-making processes more broadly.

Original languageEnglish
Article number108180
Number of pages15
JournalComputers in Human Behavior
Volume155
DOIs
Publication statusPublished - Jun 2024

Keywords

  • Criminal decision-making
  • Cyber kill chain
  • Expertise paradigm
  • Hacking
  • Sequence analysis

Fingerprint

Dive into the research topics of 'Criminal expertise and hacking efficiency'. Together they form a unique fingerprint.

Cite this