http://orcid.org/0000-0001-8275-8445
![Sample our Social Sciences journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/110822/TOC-Subject-Sample-2021-Social-Sciences.jpg"})
ABSTRACT
Drawing on Sutherland’s theory of behaviour systems in crime, this study investigates social media fraud (SMF) facilitated by botnets to understand the onset and maturation of this new online offending behaviour. We find legitimate actors in the system – Internet of Things manufacturers, online social networks, hosting companies and law enforcement agencies – share a way of life that prioritises private gains and avoids implicit responsibility for security. They arrive at a Nash equilibrium that provides a weak and disorganised social response to crime. SMF providers, on the other hand, are cleverly organised and exploit weaknesses in security, adapting to change and developing working relationship with those who benefit from their activities and share their lenient behaviour towards fraudulent activities. We conclude that the rise in cybercrime is a result of the behaviours of all actors in the system, not just those who offend.
Disclosure statement
There is no conflict of interest regarding the publication of this article.
Notes
1. Brenner, “Cybercrime.”
2. Anderson et al., “Measuring the Cost of Cybercrime”; and Anderson, “Why Information Security Is Hard.”
3. Bagchi and Udo. “Analysis of the Growth of Computer and Internet Security Breaches,” Soska and Christin, “Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem”; and Wall, Cybercrime.
4. Armstrong and Forde. “Internet Anonymity Practices in Computer Crime.”
5. Grabosky, “The global dimension of cybercrime.”
6. Broadhurst, “Developments in the Global Law Enforcement of Cyber-Crime.”
7. Sutherland, Principles of Criminology.
8. Paquet-Clouston, Bilodeau, and Décary-Hétu, “Can We Trust Social Media Data?”, 1.
9. Burden and Palmer, “Internet Crime,” 22.
10. Franklin et al., “An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants.”
11. Ibid.
12. Wehinger, “The Dark Net.”
13. Afroz et al., “Honor among Thieves.”
14. Stone-Gross et al., “The Underground Economy of Spam”; Motoyama et al., “An Analysis of Underground Forums.”
15. Yip, Webber, and Shadbolt, “Trust among Cybercriminals?”
16. Moore, Clayton, and Anderson, “The Economics of Online Crime.”
17. Poulsen, Kingpin.
18. Glenny, Darkmarket.
19. Barratt, “Silk Road.”
20. Kruithof et al., “Internet-Facilitated Drugs Trade.”
21. Soska and Christin, “Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem.”
22. Afroz, McCoy, and Greenstadt, “Honor among Thieves”; Charette, “L’illusion des signaux pénaux”; McCarthy and Hagan, “When Crime Pays”; and Tremblay and Morselli, “Patterns in Criminal Achievement.”
23. Franklin et al., “An Inquiry into the Nature of Internet Miscreants”; Christin, “Traveling the Silk Road”; Morselli et al., “Conflict Management in Illicit Drug Cryptomarkets.”
24. Holt et al., “Examining the Risk Reduction Strategies of Actors in Online Criminal Markets.”
25. Moore, Clayton, and Anderson, “Economics of Online Crime.”
26. Aldridge and Décary-Hétu, “Not an ‘Ebay for Drugs’.”
27. BBC News, “Mariposa botnet ‘mastermind’ jailed in Slovenia.”
28. Sully and Thompson, “The Deconstruction of the Mariposa Botnet.”
29. Krebs, “DDoS on Dyn Impacts Twitter, Spotify, Reddit.”
30. See note 25 above.
31. See note 6 above.
32. Ferrell, “Broadening Marketing’s Contribution to Data Privacy.”
33. Anderson, “Why Information Security Is Hard.”
34. Krebs, “Microsoft Issues WanaCrypt Patch for Windows 8, XP.”
35. Ibid.
36. Anderson and Moore, “Information Security Economics–and Beyond”; Powell, “Is Cyberspace a Public Good.”
37. Tremblay, le Délinquant idéal.
38. Sutherland, Principles of Criminology, 275.
39. Ibid, 271.
40. Ibid.
41. Sutherland recognises that a behaviour system may include many types of crime or only one – the method is not perfect and depends on decisions made by researchers. Some crimes may stand out in a system and are easily isolated while others may be considered as part of a larger category.
42. Sutherland, Principles of Criminology.
43. Sutherland, Principles of Criminology, 271.
44. Ibid., 275.
45. Ibid.
46. Clarke, Situational Crime Prevention, 282.
47. Levi, The Phantom Capitalists.
48. Charette, “L’illusion des signaux pénaux.”
49. See, for example, Tremblay, le délinquant idéal, 133–151, for a study of car thieves.
50. Paquet-Clouston, Bilodeau, and Décary-Hétu, “Can We Trust Social Media Data?”, 1.
51. Mangold and Faulds, “Social Media: The New Hybrid Element of the Promotion Mix.”
52. Alejandro, “Journalism in the Age of Social Media.”
53. Marwick and Boyd, “I Tweet Honestly, I Tweet Passionately.”
54. Bennett, “The Personalization of Politics: Political Identity, Social Media, and Changing Patterns of Participation.”
55. Briones et al., “Keeping Up with the Digital Age.”
56. Brown and Fiorella, “Influence Marketing” and Khamis and Welling, “Self-Branding, ‘Micro-Celebrity’ and the Rise of Social Media Influencers.”
57. The Economist, “Celebrities’ Endorsement Earnings on Social Media.”
58. Stringhini et al., “Poultry Markets: On the Underground Economy of Twitter Followers.”
59. Paquet-Clouston, Bilodeau, and Décary-Hétu, “Can We Trust Social Media Data?”.
60. IoT systems are rudimentary computers found in appliances such as routers and smart TVs.
61. Bilodeau and Dupuy, “Dissecting Linux/Moose.”
62. Linux/Moose, which uses the infected systems (bots) as proxies to connect to OSN and conduct SMF, was still active at the time of writing.
63. For technical information on the structure of the compromised network, see Paquet-Clouston et al., “EGO MARKET”; Bilodeau and Dupuy, “Dissecting Linux/Moose”; and ESET Research, ‘Linux/Moose’.
64. Other ethical considerations related to the research are addressed in Paquet-Clouston, Bilodeau, and Décary-Hétu, ‘Can We Trust Social Media Data?’.
65. Paquet-Clouston et al., “EGO MARKET.”
66. Ibid.
67. Abu Rajab et al., “A Multifaceted Approach to Understanding the Botnet Phenomenon”; Cooke, Jahanian and McPherson, “The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets” and Provos and Holz, “Virtual Honeypots: From Botnet Tracking to Intrusion Detection.”
68. Holt, “On the Value of Honeypots to Produce Policy Recommendations”; and Maimon et al., “Restrictive Deterrent Effects of a Warning Banner in an Attacked Computer System.”
69. Association of Computing Machinery, “ACM Code of Ethics and Professional Conduct.”
70. Deibert et al., “Tracking GhostNet,”; and Dittrich, Bailey and Dietrich, “Towards Community Standards for Ethical Behavior in Computer Security Research”.
71. The information on potential customers was publicly available on OSN and the data presented were completely anonymised.
72. Paquet-Clouston, Bilodeau, and Décary-Hétu, “Can We Trust Social Media Data?”.
73. Moore, Clayton, and Anderson, “Economics of Online Crime”; Anderson and Moore, “Information Security Economics”; Powell, “Is Cyberspace a Public Good.”
74. Krebs, “Inside the Gozi Bulletproof Hosting Facility.”
75. The Spamhaus Project, https://www.spamhaus.org.
76. Rosoff, “Instagram’s Growth Is Astounding.”
77. See note 72 above.
78. Ibid.; and Paquet-Clouston et al., “EGO MARKET.”
79. Ingram, “What If the Twitter Growth Everyone Is Hoping for Never Comes?”
80. Paquet-Clouston, Bilodeau, and Décary-Hétu, “Can We Trust Social Media Data?”; and Paquet-Clouston et al., “EGO MARKET.”
81. Paquet-Clouston, Bilodeau, and Décary-Hétu, “Can We Trust Social Media Data?”; and Paquet-Clouston et al., “EGO MARKET.”
82. Web hosting companies sell or rent servers with Internet connectivity to their clients.
83. For examples, see: https://www.godaddy.com/legal.
84. Nguyen, “What Life for a Bangladeshi Click Farmer Looks Like.”
85. Correa, “Global Efforts Take Down 37,000 Websites Selling Counterfeit Goods.”
86. Bilodeau and Dupuy, “Dissecting Linux/Moose.”
87. Paquet-Clouston et al., “EGO MARKET.”
88. Ibid.
89. Wehinger, “The Dark Net”; Franklin et al., “Inquiry into the Nature and Causes of Internet Miscreants”; and Christin, “Traveling the Silk Road.”
90. Charette, “L’Illusion signaux pénaux”; Afroz et al., “Honor among Thieves”; Tremblay and Morselli, “Patterns in Criminal Achievement”; McCarthy and Hagan, “When Crime Pays.”
91. Charette, “L’Illusion signaux pénaux”; and Levi, The Phantom Capitalists.
92. See note 42 above.
93. See note 30 above.
94. Nash, “Non-Cooperative Games”; and Hindriks and Myles, Intermediate Public Economics.
95. Federal Trade Commission, “FTC Charges D-Link Put Consumers’ Privacy at Risk.”
Additional information
Funding
Notes on contributors
Masarah Paquet-Clouston
Masarah Paquet-Clouston is a security researcher at GoSecure. With her background in economics and criminology, her research’s goal is to understand complex social problems related to criminality that emerge from technological innovation and help society overcome them. Her recent work appeared in the ACM Proceedings of Social Media and Society, International Journal of Drug Policy and the International Criminal Justice Review.
David Décary-Hétu
David Décary-Hétu is an assistant Professor at the School of Criminology of the University of Montreal. His work focuses on online illicit markets and more specifically cryptomarkets, the 2nd generation online illicit markets. He has developed the DATACRYPTO tool that he uses to collect large amounts of information on cryptomarket participants. His research goals are to better understand the structure of markets and actors who participate in them as well as to understand the performance in the context of online illicit markets. The results of his research, funded by both the provincial and federal governments, have been published in journals such as the Journal of Research in Crime and Delinquency and the International Journal of Drug Policy.
Olivier Bilodeau
Olivier Bilodeau is leading the Security Research team at GoSecure. With more than 10 years of information security experience, he enjoys attracting embedded Linux malware and reverse engineering it. Invested in his community, he co-organizes MontréHack — a monthly workshop focused on applied information security–, he is in charge of NorthSec’s training sessions and is hosting NorthSec’s Hacker Jeopardy. He maintains several open source projects including Asciidoctor-Reveal.js and Malboxes.