Periodic Reporting for period 1 - CC-DRIVER (Understanding the drivers of cybercriminality, and new methods to prevent, investigate and mitigate cybercriminal behaviour A Research)
Periodo di rendicontazione: 2020-05-01 al 2021-10-31
CC-DRIVER uses a multidisciplinary approach from the domains of psychology, criminology, anthropology, neurobiology and cyberpsychology to investigate and explain drivers of new forms of criminality. Scientific investigation of drivers into cybercrime, the impact of online disinhibition and the effect of youth decision-making processes have informed the project’s evidence-based intervention and deterrence strategies. Our measures are designed to educate regarding criminality and to divert youth from crime.
By investigating 'cybercrime-as-a-service', the project will design policy templates for combatting online cybercrime and produce a youth self-assessment online metric tool designed to help understand cybercriminal behaviour and prompt positive pathways. The project partners are developing a self-assessment questionnaire to enable SMEs, CSOs and other stakeholders to assess their vulnerability to cybercrime attacks. CC-DRIVER is delivering opportunities for EU LEAs (Law Enforcement Agencies) to exchange knowledge and experiences with a view to fostering common European approaches and strengthening the European Security Union. The project will produce tools for LEAs to gather evidence and investigate and mitigate cybercrime operations. Finally, the project is also conducting a comparative analysis of cybercrime legislation and policy in eight Member States.
Based on an initial literature review, the consortium has explored the phenomenon of cybercrime in four dimensions, as well as the challenges arising from them: (1) working definitions and typologies of cybercrime, (2) general legal framework, (3) current evolution of cybercrime, investigating the concept of cybercrime-as-a-service, (4) characteristics of the profiles of the offenders and victims for a selection of cybercrimes, as well as the modi operandi of the perpetrators.
The partners then conducted a review of the techniques, tools and tactics of cyber criminals and cybercrime-as-a-service and investigated the technological developments that facilitate criminality, the availability of hacking tools online, cryptocurrencies and the widespread use of anonymity and the Dark Web. They focused on human drivers that enable and/or allow humans to act differently online. The consortium’s resulting landscape study on “cybercrime-as-a-service” (CaaS) is available on the project website.
The partners are currently finalising a report on the drivers of cyber juvenile delinquency. It reviews motivations and characteristics of offenders and factors associated with eight different types of cybercriminal acts (including illegal access, digital piracy, identity theft, cyberbullying, non-consensual sharing of intimate images, online hate speech, illegal virtual marketplaces and organised crime) across the spectrum of cybercriminality. In the first 18 months partners reviewed the literature in the key disciplines of criminology, psychology, cyberpsychology, neuroscience and digital anthropology. Partners conducted 36 semi-structured interviews with experts. To gather empirical evidence, the partners conducted a survey of 16- to 19-year-olds, 1000 in each of nine European countries, on the drivers of juvenile cybercrime. The survey measured 38 variables. The sampled countries included France, Spain, Germany, Italy, Netherlands, Romania, Sweden, Norway and the UK.
The project has also produced an online youth self-assessment metric tool designed to help understand cybercriminal behaviour and to prompt positive pathways. Furthermore, the project has developed an online, self-assessment questionnaire that SMEs, CSOs and other stakeholders can use to assess, anonymously, their vulnerability to cybercrime attacks. The user will receive a score and suggestions for addressing vulnerabilities. And for LEAs, CC-DRIVER is producing tools to gather evidence using cloud forensics and investigate and mitigate cybercrime operations.
Partners have conducted a review of cybersecurity policies in eight countries ( France, Germany, Italy, Netherlands, Romania, Spain, Sweden and the United Kingdom). This task involved desktop research as well as special interest group roundtables with subject matter experts to perform a review of five elements (strategy, legislation, engagement, enforcement and assessment) in the cybercrime landscape. The partners conducted a gap analysis of cybersecurity legislation and cybercriminality policies in the eight countries. They identified where legislation and policies are the same, similar or different with a view to recommending changes. The analysis was supported by questionnaires and workshops completed and attended by the task consortium.
The consortium has reached out to stakeholders by a variety of means. It has organised webinars, workshops, questionnaires, interviews, videos, press releases, newsletters. It has summarised key insights in policy briefs, journal articles and blogposts and uses a website as well as social media to establish contact with stakeholders and the general public.
In view of the sensitivity of the issues and subjects addressed in the project, Trilateral has produced a protocol to provide guidance to partners on ethical and data protection issues relevant to the project. Partners are conducting ethical, data protection and social impact assessments during Period 2.
The partners have the expectation that their deliverables will help produce a shared view among Member States, stakeholders and citizens of the dimensions of cybercriminality, its impact on our society and economy and what we, collectively and individually, can do to disrupt cybercriminal activities and behaviours.