For a slightly different Three Paper Thursday, I’m pulling together some of the work done by our Centre and others around the COVID-19 pandemic and how it, and government responses to it, are reshaping the cybercrime landscape.
The first thing to note is that there appears to be a nascent academic consensus emerging that the pandemic, or more accurately, lockdowns and social distancing, have indeed substantially changed the topology of crime in contemporary societies, leading to an increase in cybercrime and online fraud. The second is that this large-scale increase in cybercrime appears to be the result of a growth in existing cybercrime phenomena rather than the emergence of qualitatively new exploits, scams, attacks, or crimes. This invites reconsideration not only of our understandings of cybercrime and its relation to space, time, and materiality, but additionally to our understandings of what to do about it.
The first paper uses data from Action Fraud to assess changes in reported cybercrime since the beginning of the pandemic. It uses the Routine Activities Theory framework, which argues that crime is shaped by the spatiotemporal patterns of people’s everyday lives, with a co-present suitable target, motivated offender, and the lack of a suitable guardian creating the situational opportunity for crime to occur (the ‘triad of crime’). Thus, the changes in these routines which lockdowns and social distancing have created might well be expected to produce changes in patterns of criminal offending. The Action Fraud data suggests that this has in fact occurred, with large increases in the hacking of personal accounts, online fraud, and cybercrime victimisation overall. This appears mainly to affect individual victims, rather than organisations, with increases in victimisation particularly associated with the ‘strictest’ months of lockdown in the UK.
The second paper, one of our Centre’s own empirical papers on the pandemic, investigates this apparent rise in cybercrime at the source, studying a large cybercrime community and its apparent response to COVID-19. This uses a novel data source – marketplace data from the Hackforums cybercrime forum. These data are fairly comprehensive records of transactions, scraped from the relatively-recent ‘contracts’ system, which took the previously forum post based market and added a formal ledger of transactions with details of products, currencies, and feedback. We applied a range of statistical modelling approaches to this to understand the growth of this market from its small initial roots, and how the mature market reacted to the COVID-19 crisis. We found that the pandemic was associated with a significant uplift to transaction volumes, particularly to the benefit of already-existing ‘big fish’ sellers rather than smaller traders, who were less able to capitalise on the influx of custom. This appeared to be a stimulation of the existing market, rather than a transformation in the types of goods sold or exchanged, or an influx of new suppliers. For those interested in this rich dataset, the Cambridge Cybercrime Centre are able to provide it by request and legal agreement.
The third paper, also from the CCC, is an overview and discussion piece which looks at the effects of lockdowns and social distancing measures on cybercrime, drawing together evidence from a range of public sources and research data, particularly our weekly COVID-19 research reports. We published this (in collaboration with Edinburgh Napier University, the University of Edinburgh, and Abertay University) as the lockdowns were beginning to ease up across much of the world, however with the second wave now rearing its head, it appears that it may well have more continuing relevance than we might have thought at the time. As in the previous two papers, we observe in a range of official statistics and other measures an increase in cybercrime associated with the beginning of national lockdowns and the ‘move online’. From our observations of Denial-of-Service attacks and our massive social datasets collected from cybercrime communities (both available to researchers on request) we suggest, as we have discussed in our regular briefing papers, that these increases are indeed related to transformations to people’s daily lives. In particular, we see discussion of not only changes to victim’s routine activities, but to ‘push’ factors on the part of offenders, including increased free time, boredom, economic insecurity and cancelled school and work, which have created something of a perfect storm of conditions for increased motivation for those who commit cybercrime and increased risk for those who fall victim to it.
Noting the changes to routines of activity is important, hence we additionally employ Routine Activities Theory, as with the paper by Buil-Gil et al.. However, we argue that focusing on the ‘triad of crime’ misses out important other aspects which drive motivation and opportunity for those who commit cybercrime. The cultural and social psychological changes associated with COVID-19 – increased fear and vulnerability, economic uncertainty, unemployment, and loneliness are potentially important factors as well. We additionally argue that as responding to this ‘volume cybercrime’ is beyond the capacities of centralised agencies, and that online harm is taking on an increasingly local character, local police forces may well be at the forefront of any response. The cybersecurity and policing ‘needs’ and ‘risks’ of geographic (and other forms of) communities are not homogeneous, and, as research by Maria Bada has previously indicated, this may well benefit from a more tailored and responsive approach. While this sort of bilateral engagement with law enforcement around issues of cybercrime and online harm exists to some extent for business (especially large ones), it is largely absent for individuals and communities – this may well be served by existing policing infrastructure at the local level, with some adaptation.
Generally, local police have been removed from cybercrime policing, which is left up to private security companies and ‘high policing’ authorities such as the security services. The paper contends that reconceptualising cybercrime as not only a public policing issue but one of the key frontline duties of local police might provide scope to open it up to community policing concerns of accountability, responsiveness to local issues and needs, and civic participation. Drawing on their existing partnerships with communities, and understanding of local people and issues, local police may well be better situated than centralised law enforcement bodies to engage in some aspects of cybercrime policing. Notably, Police Scotland has indeed now announced a National Centre of Excellence for cybercrime policing, with a view to further integrating it into the frontline policing role.
Reflections on ‘community’ cybercrime policing and beyond
Bringing cybercrime into the ambit of local policing is by no means a simple task, and there is now a fairly long history of attempts to mainstream cybercrime work within policing, with substantial local variation in both governance and capacities. Concerns of organisational structure, and how policing links up between local, regional, national, and international levels, are particularly important, especially where cases cross jurisdictions and (for example) an officer from Glasgow needs to speak to one from Berlin. Working out the appropriate links between regional forces, with their responsiveness to on-the-ground concerns and local policing capacities; and centralised law enforcement bodies who are able to negotiate international relationships and lead joined-up operations are crucial to making a success of any ‘community’ cybercrime policing.
Finally, re-envisioning the role of the public police in this way necessarily links these discussions of cybercrime in the age of COVID-19 to increasingly prominent critiques of the role of the police and criminal justice in contemporary societies. I argue (separately to this paper, in a forthcoming piece) that reimagining the ownership of cybercrime policing issues at a local level might provide a useful stepping-stone to an abolitionist critique of cybercrime policing more broadly. Reconceiving the functions that are necessary to prevent and deal with online social harm at the local scale, rather than at the level of national security, suggests a set of functions which might usefully be transferred not only to private companies or local police, but eventually to communities themselves.