The project established several stakeholder boards and working groups. It created a 24-member Stakeholder Board in the early stages of the project. The Stakeholder Board members represented a wide range of stakeholder groups, including LEAs. The project’s separate LEA Working Group met eight times to exchange knowledge and experiences. We established a cluster of EU-funded security projects involving LEA partners that grew to 20 projects from our original eight to share knowledge. We also created an ethics advisory board, comprising four external experts to have their independent views on solutions proposed by the partners.
Based on its literature review, the consortium explored the phenomenon of cybercrime in four dimensions, as well as the challenges arising from them: (1) working definitions and typologies of cybercrime, (2) general legal framework, (3) current evolution of cybercrime, investigating the concept of cybercrime as a service, and (4) characteristics of the profiles of the offenders and victims for a selection of cybercrimes, as well as the modi operandi of the perpetrators.
The partners conducted a review of the techniques, tools and tactics of cyber criminals and cybercrime as a service and investigated the technological developments that facilitate criminality, the availability of hacking tools online, cryptocurrencies and the widespread use of anonymity and the dark web. They focused on human drivers that enable and/or allow humans to act differently online. The consortium’s resulting landscape study on cybercrime as a service (CaaS) is available on the project website.
The partners prepared a report on the drivers of cyber juvenile delinquency. They reviewed motivations and characteristics of offenders and factors associated with eight different types of cybercriminal acts (including illegal access, digital piracy, identity theft, cyberbullying, non-consensual sharing of intimate images, online hate speech, illegal virtual marketplaces and organised crime) across the spectrum of cybercriminality. The partners reviewed the literature in the key disciplines of criminology, psychology, cyberpsychology, neuroscience and digital anthropology. Partners conducted 36 semi-structured interviews with experts. To gather empirical evidence, the partners conducted a survey of 8,000 16- to 19-year-olds on the drivers of juvenile cybercrime. The survey measured 38 variables. The sampled countries included France, Spain, Germany, Italy, Netherlands, Romania, Sweden, Norway and the UK.
The project produced an online youth self-assessment metric tool designed to help understand cybercriminal behaviour and to prompt positive pathways. Furthermore, the project developed an online, self-assessment questionnaire that SMEs, CSOs and other stakeholders can use to assess, anonymously, their vulnerability to cybercrime attacks. The user receives a score and suggestions for addressing vulnerabilities. And for LEAs, CC-DRIVER produced tools to gather evidence using cloud forensics and investigating and mitigating cybercrime operations.
Partners have conducted a review of cybersecurity policies in eight countries (France, Germany, Italy, Netherlands, Romania, Spain, Sweden and the United Kingdom). This task involved desktop research as well as special interest group roundtables with subject matter experts to perform a review of five elements (strategy, legislation, engagement, enforcement and assessment) in the cybercrime landscape. The partners conducted a gap analysis of cybersecurity legislation and cybercriminality policies in the eight countries. They identified where legislation and policies are the same, similar or different with a view to recommending changes. The analysis was supported by questionnaires and workshops completed and attended by the task consortium.
The consortium reached out to stakeholders by a variety of means. It organised webinars, workshops, questionnaires, interviews, videos, press releases, newsletters and conference presentations. It summarised key insights in policy briefs, journal articles and blogposts and used its website as well as social media to establish contact with stakeholders and the general public.
