# Cybercrime Research ((this section is a work in progress)) ## welcome in the Eye of the Beholder! ![[img/logoV2.png]] This bad D&D pun[^1] is also a way for me to frame how unusually _subjective_ this domain is (more so than many forms of offline offending).  Five overlapping angles make that clear: | **Angle** | **Why it matters in cybercrime** | | ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Social construction of “crime”** | Unlike street theft, online acts such as port-scanning, jail-breaking a phone, or scraping a website can look criminal, heroic, or routine depending on who’s looking.  They become “crime” only once lawmakers, platforms, victims, _and_ the wider culture attach that label. | | **Legal patchwork** | What is legal in France (e.g., certain kinds of security research) may breach U.S. law, and vice-versa.  Researchers, hacktivists, and multinational firms routinely straddle inconsistent statutes and case law. | | **Variable harm perception** | Many victims don’t notice being victimised (e.g., silent data exfiltration), while some non-victim observers feel intensely threatened (e.g., by defacements or doxxing).  Severity is judged less by visible injuries and more by perceived privacy or reputational loss. | | **Normative ambiguity** | Some online communities celebrate behaviours that mainstream society condemns: think torrenting, doxxing for “social justice,” or grey-hat hacking.  Insider norms can treat these as legitimate resistance or free expression. | | **Evolving technologies & metaphors** | Because digital assets are intangible and infinitely replicable, analogies to “theft,” “trespass,” or “vandalism” never line up perfectly.  The metaphors we pick shape whether we view an act as crime, misuse, or innovation. | However, “Eye of the beholder” isn’t an excuse for relativism; it’s a reminder that **definitions, harms, and responses are negotiated**, not fixed.  - Cybercrime scholars must first ask _whose_ definition they’re adopting (legislators’, security vendors’, users’, or offenders’) before they can measure prevalence or harm. - A purely technical classification (e.g., “SQL injection”) says little about intent, social impact, or criminal justice relevance.  Conversely, purely legal definitions may ignore crucial technical nuance.  Bridging those viewpoints is essential. - Because statutes and norms shift rapidly, yesterday’s “piracy epidemic” becomes today’s streaming subscription; last year’s crypto-mining might be tomorrow’s regulated utility. Researchers must timestamp their claims. - Balancing security with openness (encryption, vulnerability disclosure), or policing with free expression (DDoS as protest) hinges on recognising that different beholders weigh values differently. - If a teenage hacker sees themself as a curiosity-driven tinkerer rather than a criminal, restorative approaches (bug-bounty programmes, ethical hacking internships) may work better than punitive ones. # What's next? (work in progress) This section intend to explore complex cybercriminal activities, organizational structures, and global impact. We will cover dark web, major players, frauds and profit-driven schemes that fuel cybercrime; but also assess the challenges faced by law enforcement and cybersecurity agencies worldwide. ## Explore ad- frauds trends My recent longitudinal study of six underground **ad-fraud forums** shows how cyber-criminal communities organise, innovate and scale. By treating them as “start-ups” that nurture customers, build capabilities and measure growth, the paper gives practitioners a rare, data-driven window into the business models powering online crime. Have a look at the paper here [[TFSC22.pdf]] and read a summary and detailed implications for practice here: [[Cybercriminal communities, growth and innovation]]. [^1]: The beholder is a classic Dungeons & Dragons monster, portrayed as a floating orb with a central eye, a gaping mouth, and numerous eyestalks: a nightmarish creature reminiscent of H.P. Lovecraft’s most haunting horrors.