Skip to main content
European Commission logo
English English
CORDIS - EU research results
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary

Understanding the drivers of cybercriminality, and new methods to prevent, investigate and mitigate cybercriminal behaviour

Periodic Reporting for period 2 - CC-DRIVER (Understanding the drivers of cybercriminality, and new methods to prevent, investigate and mitigate cybercriminal behaviour)

Reporting period: 2021-11-01 to 2023-04-30

A free, democratic and open EU provides endless opportunities for its people. However, growth is not without risk, especially in cyberspace, in the ubiquity of connected devices and rapid technological change. Cybercriminals have adapted to cyberspace as a new terrain for committing crimes, seeking opportunities and taking on new forms. The EU-funded CC-DRIVER project, with 13 partners from nine countries, identified the human and technical drivers of cybercrime, especially how young people can be deterred from pursuing cybercrime and instead encouraged to use their cyber skills in more socially constructive ways.

CC-DRIVER used a multidisciplinary approach from the domains of psychology, criminology, anthropology, neurobiology and cyberpsychology to investigate and explain drivers of new forms of criminality. Scientific investigation of drivers into cybercrime, the impact of online disinhibition and the effect of youth decision-making processes have informed the project’s evidence-based intervention and deterrence strategies. Our measures are designed to educate regarding criminality and to divert youth from crime.

By investigating 'cybercrime as a service', the project designed policy templates for combatting online cybercrime and produced a youth self-assessment online metric tool designed to help understand cybercriminal behaviour and prompt positive pathways. The project partners also developed a self-assessment questionnaire to enable SMEs, CSOs and other stakeholders to assess their vulnerability to cybercrime attacks. CC-DRIVER has delivered opportunities for EU LEAs (law enforcement agencies) to exchange knowledge and experiences with a view to fostering common European approaches and strengthening the European Security Union. This project produced tools for LEAs to gather evidence and investigate and mitigate cybercrime operations. Finally, the project conducted a comparative analysis of cybercrime legislation and policy in eight Member States.
The project established several stakeholder boards and working groups. It created a 24-member Stakeholder Board in the early stages of the project. The Stakeholder Board members represented a wide range of stakeholder groups, including LEAs. The project’s separate LEA Working Group met eight times to exchange knowledge and experiences. We established a cluster of EU-funded security projects involving LEA partners that grew to 20 projects from our original eight to share knowledge. We also created an ethics advisory board, comprising four external experts to have their independent views on solutions proposed by the partners.

Based on its literature review, the consortium explored the phenomenon of cybercrime in four dimensions, as well as the challenges arising from them: (1) working definitions and typologies of cybercrime, (2) general legal framework, (3) current evolution of cybercrime, investigating the concept of cybercrime as a service, and (4) characteristics of the profiles of the offenders and victims for a selection of cybercrimes, as well as the modi operandi of the perpetrators.

The partners conducted a review of the techniques, tools and tactics of cyber criminals and cybercrime as a service and investigated the technological developments that facilitate criminality, the availability of hacking tools online, cryptocurrencies and the widespread use of anonymity and the dark web. They focused on human drivers that enable and/or allow humans to act differently online. The consortium’s resulting landscape study on cybercrime as a service (CaaS) is available on the project website.

The partners prepared a report on the drivers of cyber juvenile delinquency. They reviewed motivations and characteristics of offenders and factors associated with eight different types of cybercriminal acts (including illegal access, digital piracy, identity theft, cyberbullying, non-consensual sharing of intimate images, online hate speech, illegal virtual marketplaces and organised crime) across the spectrum of cybercriminality. The partners reviewed the literature in the key disciplines of criminology, psychology, cyberpsychology, neuroscience and digital anthropology. Partners conducted 36 semi-structured interviews with experts. To gather empirical evidence, the partners conducted a survey of 8,000 16- to 19-year-olds on the drivers of juvenile cybercrime. The survey measured 38 variables. The sampled countries included France, Spain, Germany, Italy, Netherlands, Romania, Sweden, Norway and the UK.

The project produced an online youth self-assessment metric tool designed to help understand cybercriminal behaviour and to prompt positive pathways. Furthermore, the project developed an online, self-assessment questionnaire that SMEs, CSOs and other stakeholders can use to assess, anonymously, their vulnerability to cybercrime attacks. The user receives a score and suggestions for addressing vulnerabilities. And for LEAs, CC-DRIVER produced tools to gather evidence using cloud forensics and investigating and mitigating cybercrime operations.

Partners have conducted a review of cybersecurity policies in eight countries (France, Germany, Italy, Netherlands, Romania, Spain, Sweden and the United Kingdom). This task involved desktop research as well as special interest group roundtables with subject matter experts to perform a review of five elements (strategy, legislation, engagement, enforcement and assessment) in the cybercrime landscape. The partners conducted a gap analysis of cybersecurity legislation and cybercriminality policies in the eight countries. They identified where legislation and policies are the same, similar or different with a view to recommending changes. The analysis was supported by questionnaires and workshops completed and attended by the task consortium.

The consortium reached out to stakeholders by a variety of means. It organised webinars, workshops, questionnaires, interviews, videos, press releases, newsletters and conference presentations. It summarised key insights in policy briefs, journal articles and blogposts and used its website as well as social media to establish contact with stakeholders and the general public.
In the second half of the project, the consortium produced policy templates for combatting online cybercriminality. A Wiki-based toolkit identified good cybersecurity policy practices, especially concerning young people and cybercriminality. The toolkit included benchmarks against which policymakers can see how their legislation stacks up against their peers.
In view of the sensitivity of the issues and subjects addressed in the project, Trilateral produced a protocol to provide guidance to partners on ethical and data protection issues relevant to the project. Partners conducted ethical, data protection and socio-economic impact assessments during Period 2.
The partners’ deliverables have helped produce a shared view among Member States, stakeholders and citizens of the dimensions of cybercriminality, its impact on our society and economy and what we, collectively and individually, can do to disrupt cybercriminal activities and behaviours.
CC-DRIVER project final conference session
CC-DRIVER project logo