The Global Cybercrime Industry

Transcription

1 Nir Kshetri The Global Cybercrime Industry Economic, Institutional and Strategic Perspectives 4y Springer

2 1 The Global Cybercrime Industry and Its Structure: Relevant Actors, Motivations, Threats, and Counter measures The Rapidly Rising Global Cybercrime Industry Cybercrime: Definitional Issues Economic, Social, and Political Impacts of Cybercrimes Social Impacts. \ Political and National Security Impacts Methodological, Conceptual, Logical, and Statistical Problems in Estimating Cybercrime Trends in Cybercrimes Social Engineering Skills Types and Classification of Cybercrimes Targeted vs. Opportunistic Attacks Predatory Cybercrimes vs. Market-Based Cybercrimes Relevant Actors Associated with Cybercrimes Cyber-Criminals, Cyber-Terrorists, and State Actors Involved in Cyberattacks Cybercrime Victims and Targets Regulators and Governments Supranational Organizations Voluntary, Nonprofit, and Non-government Organizations Motivations Associated with Cybercrimes Intrinsic Motivation Extrinsic Motivation Combination of Motivations Trend Toward Extrinsically Motivated Crimes Businesses' Countermeasures to Combat Cybercrimes Concluding Comments 25 Notes 26 References 27

3 Simple Economics of Cybercrime and the Vicious Circle Introduction Economic Factors Affecting Crimes Target Attractiveness Economic Conditions Facing an Offender Economic Processes Motivating a Cyber-Criminal's Behavior Selection of Targets Structure of Cybercrimes: The Vicious Circle The Cybercrime Market Law-Enforcement Agencies Cyber-Criminals Cybercrime Victims Inter-jurisdictional Issues A Cyber-Criminal's Cost-Benefit Calculus The Benefit Side The Cost Side Concluding Comments 49 Note 50 References 50 An Institutional Perspective on Cybercrimes Introduction Institutional Theory Regulative Institutions Normative Institutions Cognitive Institutions Interrelationships Among Institutional Pillars Exogenous and Endogenous Institutions Neoinstitutionalism.... ' Institutions Operating at Various Levels Viewing Cybercrimes Through the Prism of the Literature on Institutions Formal Constraints and Crimes Informal Constraints and Crimes Institutions at Different Levels Influencing Cyberattacks International-Level Institutions and Cyberattacks National-Level Institutions and Cyberattacks Institutions at the Industry/Professional/ Inter-organizational Level and Cyberattacks Institutions at the Network Level and Cyberattacks Institutions at the Intra-organizational Level and Cyberattacks Concluding Comments 69 Notes 69 References 69

4 xi 4 Increasing Returns and Externality in Cybercrimes Introduction Increasing Returns and Feedback Loops in Cybercrimes Economic Feedback Sociopolitical Feedbacks Cognitive Feedback Mechanisms Associated with Externality in Cybercrimes Path Dependence and Externality Inefficiency and Congestion in the Law-Enforcement System Diffusion of Cybercrime Know-How and Technology Increased Predisposition Toward Cybercrime Concluding Comments.. 88 Notes! x 88 References 89 5 Institutional Field Evolved Around Cybercrimes Introduction The Theoretical Framework: Institutional Field Institutional Field Change Mechanisms Exogenous Shocks Changes in Organizational Logics Gradual Change in Field Structure Institutional Evolution Regulative Pillar Related to Cybercrime Normative and Cognitive Pillars Related to Cybercrime Institutional Field Formed Around Cybercrimes The Formation of Regulative Pillar Around Cybercrime The Formation of Normative Pillar Around Cybercrime The Formation of Cognitive Pillar Around Cybercrime Concluding Comments 110 Notes Ill References Information and Communications Technologies, Cyberattacks, and Strategic Asymmetry Introduction Strategic Asymmetry and ICTs Institutional and Organizational Factors Linked with Positive and Negative Asymmetries Institutions, ICTs, and National Security Ability to Create Positive Asymmetry and Minimize Vulnerabilities of Negative Asymmetry.. 131

5 rii Contents 6.4 Concluding Comments : : '. 133 Notes 134 References Global Heterogeneity in the Pattern of the Cybercrime Industry Introduction The Global Digital Security Threat: A Brief Survey Pattern of the Global Cyber-War and Crime: A Proposed Model Characteristics of the Source Nation Profile of Target Organization Concluding Comments 156 Notes 158 References Structure of Cybercrime in Developing Economies Introduction A Brief Survey of Cybercrimes in Developing Countries Broadband Connections and Increase in Cybercrimes Economic and Institutional Factors Related to Cybercrimes in Developing Economies Formal Institutions: Permissiveness of Regulatory Regimes Informal Institutions: Social Legitimacy and Cybercrime Defense Mechanisms Against Cybercrimes Concentration of Crimes Path Dependence Externalities Generated by Conventional Crimes and Cybercrimes Cybercrime Business Models in Developing Economies Motivations Behind Cybercrimes Concluding Comments 179 Notes 183 References Institutional and Economic Foundations of Cybercrime Business Models Criminal Entrepreneurship and Business Models in the Digital World Business Model and Their Components: Applying in the Context of the Cybercrime Industry Configuration of Competencies Company and Firm Boundaries The Internet and Organized Crime Groups' Reinvention of Business Models 196

6 xiii 9.4 Cybercrime Operators and Legitimate Businesses: Selling Concept vs. Marketing Concept Marketing Mix ofc2c vs. C2V Operators Quality Uncertainty, Technological Information, and Market Information The Problem of Quality Uncertainty inane-marketplace Technological Information and Market Information in an e-marketplace Development of Dynamic Capabilities Concluding Comments 201 References The Global Click Fraud Industry Introduction! Clicks and Value Creation in the Internet Economy A Survey of Click Fraud A Click Fraudster's Cost-Benefit Calculus The Offenders The Victims Concluding Comments 221 References Concluding Remarks and Implications Where Do We Go from Here? Implications for Businesses All Firms Are Not Equally Susceptible to the Vulnerability of Various ICT-Created Security Risks Some Firms Are More Affected by the Government's Measure Consideration of Security Risks in ICT and Competitive Strategies The Rank Effect Importance of Reporting Measures to Avoid Positive Feedbacks to Cyber-Criminals Combining Technological and Behavioral/Perceptual Measures Managing Market Information Collaborating with Government Agencies Harnessing the Power of Attachment in Online Communities Employing Online Security as a Competitive Advantage Tool 232

7 11.3 Implications for Consumers Revisiting a Cognitive Framework Related to Cybercrimes Tracking the Performance Indicators Frequently Minimizing Activities, Websites, Channels, and Networks Associated with Cybercrimes Understanding Communication Modes of Legitimate and Criminal Enterprises Need to Be Watchful for e-commerce Activities That Have Relatively High Incidence of Cybercrimes and Cyber-frauds Staying Safe Offline Monitoring Children's Online Activities Assessing the Credibility and Reputation of v Parties Involved in Economic Transactions Knowing About How Information Is Handled by Parties Involved in Various Transactions Implications for Policy Makers Cooperation and Collaboration Among National Governments, Computer Crime Authorities, and Businesses Paying Attention to Wider Institutional Fields Measures to Increase Reporting Rate Certainty vs. Severity of Punishment Developing Economies' Negative International Image and Exclusion from the Digital World Helping Small and Poor Countries Develop Anti-cybercrime Capabilities Collaborations with Businesses Measures to Educate Consumers and Increase the Distribution of and Access to Information Broadband Penetrations and Cybercrime in Developing Economies Dealing with Various Types of Online Communities Directions for Future Research Institutional Analysis of Cybercrime Empirical Analysis Inter-organizational Studies ICT-Created Positive and Negative Asymmetries Modus Operandi of Various Types of Cyber-Criminals Examination of Non-state Actors Longitudinal Analysis of Hackers 245

8 The Nature of Hot Products Portability in Cybercrimes Applying a Game-Theoretic Approach Developing a Typology of Cybercrimes Country-Level Case Studies of Cybercrimes Cybercrime Operations as a Born Global Phenomenon Final Thought 247 References 247