Cybercrime in The Netherlands 2009
a picture on the basis of police files
an emperical study resulting in a draft cybercrime research programme
paper for the third Giganet workshop
Montreal, Canada, 30-31 May 2010
W.Ph. Stol, E.R. Leukfeldt, M.M.L. Domenie
Introduction and research questions
This study is about cybercrime in The Netherlnds. We use the term cybercrime as the
umbrella concept for all crimes in which ICT plays an essential role. Not every form of
cybercrime can be included in the study, the list of cybercrimes is simply too long. The
following cybercrimes are addressed: hacking, e-fraud, cyber extortion, child pornography
and hate crimes. These five were selected because, of all cybercrimes, they constitute the most
serious social problems in The Netherlands, and as such they receive the most attention from
police and judiciary. The three main questions in our study are:
(1) what is the nature of the cybercrimes?
(2) what do we know about the offenders?
(3) what is the scope of the cybercrimes?
Methods of research
In order to answer these research questions, we first performed an international literature
study, a media analysis, as well as a web research and document analysis. For the
international literature study, we consulted multimedia centres, and looked for books, articles,
reports and other relevant publications. The media analysis consisted of an analysis of reports
about cybercrime in the Dutch daily newspapers from 2006 and 2007. This yielded
information, not only about cybercrimes, but also for example about research reports, police
actions and key persons. The web research consisted of an internet search for information
about cybercrime, research reports and key persons. The document analysis meant that we
studied policy documents on the subject of combating cybercrime.
The main part of the study however, consisted of an analysis of police files. In total,
we analyzed 665 files, comprising 139 hacking files, 314 e-fraud files, 13 cyber extortion
files, 159 child pornography files and 40 hate crime files.
Our analysis of police files improved our insight into cybercrime, but this research
method also has its limitations. The police files that we studied only shed light on crimes that
have been reported to the police and that the police recorded in their computer system. Police
files from the regular police computer systems (such as the ones we consulted) do not give us
much information about organized crime, for example. Additional research is needed to
complete the picture.
Hacking, according to Dutch law, is the deliberate and illegal entering into a computerised
work, and is an offence according to article 138a paragraph 1 of the Dutch Criminal Code
(electronic break-in). Hacking-related offences are: copying, tapping or recording of data after
entering (article 138a paragraph 2), the intentional or inadvertent causing of a disruption in
the system (articles 161 under paragraph 6 and 161 under paragraph 7, respectively), the
intentional or inadvertent destruction of data (article 350a and 350b respectively), tapping
and/or recording of data (article 139c) and installing of recording, tapping and/or monitoring
equipment (article 139d).
In literature, hackers are categorised in various ways including on the basis of their
primary motivations, such as acquiring knowledge, personal challenge, power and financial
profit. However, there does not seem to be any empirical foundation for the categories used.
The image of various different categories of hackers does not emerge from our file study.
Rather than clear-cut categories, the picture of a varied group of people emerges, although a
few salient characteristics did emerge.
The police files show that Dutch hackers are primarily men under the age 45 who were
born in the Netherlands. They seldom commit their crimes in an organised setting, the
majority of the cases only involve one suspect. Hacking is often done in connection with
relationships: suspect and victim are for instance ex-lovers, jealous spouses or school friends,
but former business associates may also be involved. The primary motivation of the suspect is
often revenge, but we have also seen other motives, such as curiosity and financial profit.
Suspects use various criminal techniques. Although most police files are unclear about
the precise techniques used, suspects in hacking cases definitely deface websites, install
keyloggers, make phishing websites and do social engineering. Botnets, DDoS-attacks,
sniffing and spoofing are seldom found in police files. The fact that in 20 to 25% of the police
files the hack is performed from abroad, within as well as outside Europe, is the most
important finding with regard to police investigation.
Hacking is usually not an isolated offence. All in all, hacking is found to be
(1) cybercrime in the narrow sense (copying or destroying data or destroying or disturbing a
(2) crimes against property (swindling, fraud, theft, extortion, embezzlement);
(3) inter-personal conflicts (slander, threat, libel, stalking, assault).
Hacking is primarily aimed at personal interests (financial profit, settling a conflict) and not at
social disruption or general menacing. The issues are normally quite mundane, involving
ordinary people who are frustrated with each other. Up to a point, hacking has become
democratised: it is no longer the exclusive domain of whizz kids, instead it is also committed
by people who are less well-versed in the technical ins and outs. It is impossible to be precise
about the exact extent of hacking. It is only a very small part of the crime registered by the
police. The results from a victim study in Friesland, a Dutch province, show a substantial
number of unreported crimes (dark number) of this nature. From both local and international
literature about cybercrime and information security we know that companies in particular are
frequently victims of attempts, successful and otherwise, to hack into computer systems.
Victims among individuals are less common.
Fraud is not listed as such in the Dutch Criminal Code: usually swindling (art. 326) and/or
forgery are involved (art.225). E-fraud is fraud aimed at financial profit and for the execution
of which ICT is essential. The manifestations of e-fraud we encountered in literature are: trade
in false goods, false financial transactions (including auction and deposit fraud), and market
manipulation. E-fraud can be committed with or without identity abuse. Identity abuse is
assuming an identity other than one’s own digital identity, with the intent of making dishonest
financial profit. The making of the false identity precedes the identity abuse. This can be done
by identity theft (stealing the identity of an existing person), identity creation (creating a
fictitious identity) and identity delegation (assuming the identity of an existing person with
his/her permission). In literature, the expectation is that in the coming years many will fall
victim to e-fraud with identity abuse and causing much financial harm. In addition, deposit
fraud is also seen as a threat.
In various aspects, analysis of the police files shows a different picture to that of
literature. Most files from the file study do not deal with Nigerian Scams (419 fraud) and
identity theft but with swindle through sales sites. E-fraud generally does not have
connections with other crimes, cyber or otherwise. And where it does, there are connections
with the theft of identity data (especially digital, but also non-digital) and sometimes also with
hacking. These offences are then a means to commit the e-fraud.
E-fraudsters usually work alone, and there is no organised crime involved, with the
exception of a few files. According to the files, financial profit is the central motive. In
general, e-fraud concerns fairly simple cases: the perpetrator places an advert or makes a
website or presents information in other ways to seduce the victim into paying for goods or
services that never materialise. In short, most e-fraud cases are not technical fireworks.
Perpetrators of e-fraud draw from a limited stock of techniques. There is social engineering in
nearly every case. In some cases, phishing is used. The files with e-fraud frequently involve
identity abuse. Although in literature attention is often drawn to cooperating fraud gangs
(Nigerian scams, skimming), the major part of the frauds we found in our files was the work
of swindlers that operate fairly simply. The image that literature paints of e-fraud requiring
above-average technical insights and skills was not substantiated at all by our study.
The suspects we know are generally born in the Netherlands, operate from the
Netherlands, and are usually men aged between 18 and 35 years. Generally speaking, e-fraud
is not something for the age group of 12-18 years, nor for persons older than 35. Apparently,
persons between 18 and 34 years old have the optimal e-fraud equipment: they are old enough
to have sufficient social skills for social engineering and young enough to be able to move
about nimbly in cyberspace. Suspects are more likely to be unemployed, but they are less
likely than average to live alone. So, with regard to their living arrangements they are not
socially isolated, as they are with regard to their employment position. Their lack of income
from working could go some way to explaining their main motive: financial profit.
An analysis of legal antecedents shows that e-fraud suspects are likely to also commit
other offences, and so they have a more extensive criminal repertoire than just fraud. This can
also be explained by the fact that most suspects are male and relatively young - and so they
belong to a group of persons that is likely to commit offences relatively often.
E-fraud features ten times more frequently in police files than hacking. From our own
research we know that 25 (2.2%) of the 1,246 inhabitants of Friesland that we interviewed
have been the victim of e-fraud in the past two years. Only one victim pressed charges. This
indicates a high dark number.
Extortion means obtaining unlawful advantage due to threat or violence. We use the term
cyber extortion when ICT is essential for the execution of the crime. Various manifestations
are mentioned in literature:
(1) threat: threatening to paralyse websites or networks;
(2) damage and disruption: damaging essential data and disrupting industrial production
(3) shaming: publicising sensitive information;
(4) protection: offering ‘protection ’ from for instance DDoS-attacks.
These four manifestations can occur in combination with each other.
In the Dutch Criminal Code extortion is a criminal offence according to article 317
(extortion). Also, articles 318 (threatening) and 285 (menacing) may apply. These criminal
techniques usually require breaking into computer systems, which is punishable according to
article 138a. In instances where computerised work is deliberately or inadvertently destroyed,
the articles 161 under paragraph 6 and 161 under paragraph 7 of the Dutch Criminal Code
apply. Articles 350a and 350b apply in cases of data destruction.
We only found 13 files about cyber extortion for the period 2003-2007, nation wide.
Where links with other crimes could be established, cyber extortion seems to be a
continuation of earlier threats. Suspects commit extortion by threatening to publicise sensitive
information about the victim. The sensitive information is usually related to child
pornography. Victims have child pornography on their computers and are blackmailed
because of it, or suspects pressure minors into sending nude photos of themselves (and these
are then used to blackmail the victim). At various points during the analysis we detected a
connection between cyber extortion and offences related to relationships and/or sexuality.
Apart from child pornography, relational problems, stalking and assault were also found.
Together these aspects imply that cyber extortion is related to sex crimes and/or sex offenders.
The limited number of files does not allow for any bold conclusions, but this indication of a
connection between youth, sex crimes and extortion is an area that would benefit from further
Literature does not give us much information about the offender characteristics of
cyber extortionists. According to the KLPD there appears to be cooperation between
computer criminals from Western European countries and organised groups of criminals from
Russia and Eastern Europe. Hackers are recruited and engaged via the Internet on the basis of
their skills. The KLPD refers to the extortion of companies. This was not evident in the file
study. The suspects in our study operate alone, and there are no criminal collaborations. A
remarkably finding is that often the suspects are young (under 21 years).They do not use any
criminal techniques. Collecting sensitive information about the victim is a reparatory act. The
victim is always an individual, not a company. We do not have sufficient information to be
able to carry out victim profiling. Victim research among companies in the United States and
Australia indicates that a substantial percentage of the companies (16 to 33%) has been the
victim of cyber extortion. We have not found any information in literature about victims
among citizens. The 13 cyber extortion files we found for the period 2003-2007 all relate to
individual victims, not companies. We know that cyber extortion is not unheard of in the
Netherlands because we have found one such case among the hacking files. In this particular
case a DDoS attack was deployed to blackmail a company. A study into the caseload of
cybercrimes in two police forces did not yield any report of cyber extortion in 2007. A
conclusion with regard to the scope of cyber extortion should therefore be that it is not very
common and/or that the readiness to report it is very low. Due to the limited number of
reports, cyber extortion, specifically in combination with a DDoS attack, is not viewed as a
concrete threat in the Dutch National Threat Assessment. According to other sources, the
number of cyber extortions will increase in the future because more and more companies are
dependent on the internet, and the techniques required for extortion are easily available. Any
empirical foundation for this claim is however not evident.
Child pornography is a punishable offence in the Netherlands according to article 240b of the
Criminal Code, which defines child pornography as the depiction of a sexual act, in which
someone who apparently has not yet reached the age of eighteen years, is involved or
seemingly involved. The rationale of article 240b is that young people should be protected
against actions and expressions that may encourage or seduce them to participate in sexual
intercourse. It is also against actions and expressions that contribute to a subculture that
promotes the sexual abuse of children.
From figures of the Meldpunt Kinderporno (Centre for Reporting Child Pornography),
combined with earlier research into child pornography on the Internet, we can deduce that
child pornography on the Internet is distributed in different ways: through spam, websites,
peer-to-peer networks, virtual hard disks, news groups and chat. The method of distribution is
changes constantly, partly because new techniques are created continually, and partly because
the suppliers of child pornography change their tactics in response to repressive measures.
In literature two clear groups can be discerned among the adults who participate in the
distribution of child pornography: the commercial group who aims at financial profit and the
‘enthusiasts’ whose primary motivation is to obtain more child pornographic material. Some
sources claim that the trade and production of child pornography is becoming increasingly the
domain of organised groups. Child pornography is a lucrative business involving huge sums
of money. In literature we see five categories of offenders: producers and dealers, collectors,
travellers, groomers/chatters and minor perpetrators (as sex offender).
Our file study shows that Dutch suspects are not part of a professional criminal
operation. In the files there are a few large-scale international studies into websites that are
managed professionally. The Dutch suspects are customers who download from these
websites. Of the five categories that appeared in literature, in the files we found the categories
collectors and groomers/chatters. We also see in the files that dealers are active, but they are
not a subject of research by the Dutch police.
The cybercrime child pornography has few connections with other cybercrimes or
crime in general. If any, other sex offences, especially the possession of child pornography
other than by IT and sometimes producing of child pornography, seem to be the only other
types of crime involved. Suspects also try to groom minors, for instance, or to bribe victims
by threatening to publicise sensitive information (e.g. nude photos).
In most files there is only one suspect. These are mostly indigenous men, mainly in the
age group 18-55 years. Curiosity is the primary motive mentioned most frequently. Suspects
who mentioned curiosity as their motive say they are not searching because of an established
paedophile inclination, but they want to explore their boundaries. Further research into
backgrounds, circumstances and motives should focus on whether the offences of this sightseeing group could be prevented with measures that confirm the norm or restrict
opportunities. More often than not, child pornography suspects do not live alone, but they do
tend to be unemployed more often than average. Most suspects either have MBO
(intermediate vocational education) or HBO (higher vocational education). So far, they do not
differ from the average Dutchman. There is also a group of young suspects who make child
pornographic pictures of other minors and distribute them.
Just over half of the suspects has committed one or more crimes. This is significantly
more than the average Dutchman has. Further research will have to show the extent to which
this difference is caused by the fact that child pornography suspects are nearly all men, and
that they are younger than the average Dutchman – and so belong to the group of persons
(young men) that commit more crimes than average. Relatively speaking, many suspects have
a record in the main categories ‘violent sexual offences’ and ‘other sexual offences’
(respectively 2.4 and 8.3%). Individuals suspected of possessing and/or distributing child
pornographic pictures also have a tendency to commit other sex offences more often than the
average person. Further research will have to show whether and how exactly offences against
article 240b of the Dutch Criminal Code are linked to committing other sex-related crimes, if
Our research indicates the existence of at least two discernable groups of suspects: a
large group of individuals (53.4%) who download child pornography without having (they
claim) an established paedophile inclination (exploratory behaviour, curiosity), and a
relatively small group of individuals who not only possess child pornography but also commit
other sex offences. Both groups should be investigated further so that a clearer insight into the
characteristics of these persons can be gained and possible measures to prevent this kind of
crime can be drawn up.
There is a new group of child pornography distributors: the minors. Almost a quarter
of the suspects in child pornography files is younger than 24 years (and of that group 35% is
younger than 18 years). This can be explained by the fact that minors, whether voluntarily or
not, take sexual photos and make videos of themselves and/or each other. When this material
is distributed via the internet (by the suspect him/herself, a classmate or acquaintance) it has
become a matter for the law according to article 240b: distribution of child pornography.
There is a trend that suggests that child pornography is disappearing to less
conspicuous parts of the Internet, where the information is more difficult to monitor, and
where it is also more difficult to collect evidence. It is also to be expected that new
technological developments (such as animation tools, encrypting techniques and payment
systems) will continue to change the production of child pornography.
There is no generally accepted definition of hate crime in the Netherlands. In this study,
‘cyber hate crime’ refers to deliberately insulting or discriminating against certain groups or
inciting others to do so, without contributing to the public debate, with ICT being essential for
the execution of these acts. Hate crimes are not mentioned as such in the Dutch Criminal
Code, but there are a number of articles that apply, such as article 147 and 147a (blasphemy)
and the discrimination articles (art. 137c, d, e, f and g). According to the Supreme Court,
discriminatory expressions are not punishable by law if they contribute to the social debate.
Article 131 (agitation) is another article that may also apply.
From the figures of the Meldpunt Discriminatie Internet (Centre for Reporting
Discrimination on the Internet) we can deduce that hate crime content is predominantly
distributed via spam (e-mail), websites, peer-2-peer networks, news groups and chat. We are
not certain which part of the hate crime content is distributed via which route, but we do know
that method of distribution do change. For instance, there are hardly any reports about news
groups any more, but there are reports of weblogs, websites and web forums.
According to literature, the majority of reports are about hate crime or discriminatory
expressions about Dutch sites. Offenders operate in groups that discriminate and call for
violence through websites and chat channels, and also in informal networks on the Internet.
They express their hate on discussion forums and weblogs. Four motives are discerned: fun
(boredom, suspense and excitement), giving a warning signal (suspects feel threatened by
newcomers and want to defend their territory), as act of retaliation (mostly in the context of
social tension) and as missions (by extremists that are convinced that their own views are
The majority of the hate crime files do not indicate that there are any connections with
other forms of crime, cyber or otherwise. Sometimes there is a connection with hacking or
slander, but on the whole suspects of hate crimes do not seem to be criminal generalists. The
file study confirms that the majority of the crimes are committed in the Netherlands. The files
also show that there is no question of organised crime. Suspects mainly operate alone. In a
number of files suspects posted messages on an extremist website, but they committed the
offence as individuals. Most suspects are male, young and born in the Netherlands. With
regard to age, the focus is on the group of 12-17 years. In case of minors suspects, we see that
it often concerns an impulsive reaction, in the form of a hate sowing post on a website.
Revenge, acquiring status or proving oneself are usually the primary motivations. We have
also seen ideological or nationalistic motives. Suspects of hate crimes are more likely to have
crime antecedents than the average Dutchman. This is probably because it is predominantly
young men who are involved – and relatively speaking they commit many offences. Further
research is needed to confirm this.
Police records do not contain many files regarding hate crimes as a cybercrime. We
have found 40 files over the period 2002-2007, nation wide. No hate crime files were found
during the cybercrime study in the files of two police forces. The MDI received 1,078 reports
in 2007, but the majority were never brought to court. Despite the limited number of charges,
Van Stokkom et al. (2007, p. 16) speak of a ‘hate epidemic’ on the Internet. According to
these authors, radicalism provokes counter-radicalism; Muslims and non-Muslims may end up
in a self-perpetuating spiral of mutual mistrust and hostility. However, there was no evidence
for this on the basis of the literature study. Hate crimes are simply not reported often enough.
With hate crime, it is socially relevant to know the lay of the land. We have not
systematically recorded which part of the population the suspects had been targeting (in other
words, whether suspects are mainly right-wing extremist or fundamentalist Muslims). We
have made a short summary of each file. These summaries show that most files deal with
suspects with right-wing extremist ideas, who mainly target ‘foreigners ’ and ‘immigrants’.
Suspects also make anti-Semitic remarks in a few files, and in some files homosexuals were
Cybercrime in the Netherlands: similarities and differences 1
Generally speaking, e-fraud, child pornography and hate sowing are crime categories with
few connections to other types of criminality. Only hacking seems to have clear links to other
crime forms. Hacking can be seen as a means to commit another crime.
The analyses indicate that we are not only dealing with various cybercrimes with
relatively few connections, but also with various groups of offenders that probably overlap
only minimally. The suspects can be outlined as follows:
− A suspect of cybercrime is likely to be male in the age group 12 to 45 years. Child
pornography is an exception: these suspects are almost invariably male and do not belong
to any particular age group.
− Cybercrime offenders rarely commit their crimes in an organised setting. However,
organised crime can be found in cases of e-fraud and child pornography.
− Suspect and victim are often known to each other in hacking files, but this is not the case
with e-fraud and child pornography.
− The motives of hacking suspects can often be found in relationships. The primary
motivation of e-frauds is usually financial profit, suspects in child pornography cases
more often than not have curiosity and addiction/sexual need as their motivation. The
motivation in hate crime files varies: it is usually revenge, or involves
We have not been able to find sufficient files on cyber extortion to be able to make a comparison with other
cybercrimes in the study, and so this category will be ignored.
On the total number of cybercrimes in the police files, organised crime hardly plays a role.
But that is also the case with offline crime: the majority of the offences are not part of
organised crime. But because organised crime can affect social structures (e.g. a merging of
law abiding society with the underworld, money laundering, possession of real estate,
corruption) it deserves special attention, just like research into crime outside cyberspace. And
so, research into organised cybercrime is required.
We cannot say anything definitive about the absolute scope of cybercrime in the
Netherlands. It is only a small part (0.3-0.9%) of the criminality registered with the police.
The results from a victim study in Friesland indicate a substantial dark number. A national
victim study will be necessary in order to fill this knowledge gap.
The most important conclusion from this research is that cybercrime is about ordinary people.
When we started this study, the literature, media and policy documents gave us a picture of
high-tech cyber criminals who operate from abroad in organised groups, making victims on a
large-scale. But this image was soon modified. Our files show that many ‘minor offences ’ are
committed by more or less ordinary people that operate individually. The fact that we found
hardly any organised crime does not prove that this type of crime does not exist. Our study
does not deny the existence of organised criminals who commit crimes of skimming or
advanced fee fraud for example – our study shows that there is considerably more to it than
that. It shows that it is plausible to assume that cybercrime has the same structure as
traditional, non-ICT crime. After all, among traditional criminals there is also a large group of
offenders who commit relatively minor offences (like burglary and theft) on a more or less
individual basis, and there are a few groups that commit organised crime. So, organised
groups do not monopolise cybercrime. Cybercrime belongs to everybody.
The fact that cybercrime is about ordinary people does have implications for police
policy. It will lead to the conclusion that knowledge about the field of cybercrime should be
widely available in the force: every police officer should have some basic knowledge of
cybercrime. After all, the chances are growing that officers will have to deal with a
cybercrime aspect in traditional cases, e.g. someone is stalked and his/her e-mail account is
hacked. In addition, there is evidence to suggest that cybercrime is committed not only by
organised groups abroad. That is why the fight of cybercrime should not only be the domain
of specialist teams (as has been the case up until now).
Another conclusion that has implications for police policy is that almost a quarter of
the hacking suspects, and almost fifteen per cent of the e-fraud suspects, operate from abroad.
This is not surprising, in literature cybercrime is also regarded a global problem. So,
cybercrime is a problem that does not always stop at the border. This internationalises the
work of the police. Traditionally, internationally operating offenders were usually part of an
organised group (for example, drug smuggling and cross-border offences). Specialist police
teams would be set up to deal with internationally operating offenders. In the case of
cybercrimes, serious minor criminals now also cooperate internationally. Non-specialist teams
in all police districts will now also have to deal with internationally operating offenders.
The cybercrimes e-fraud, child pornography and hate crime are isolated, and have few
connections with other forms of criminality. Suspects of these cybercrimes are not criminal
generalists, but limit themselves to their type of cybercrime, although they do sometimes
commit related crimes (for example, those who own digital child pornography also produce
child pornography). Contrary to the other cybercrimes in our study, hacking is not done in
isolation. Hacking is linked to a wide range of other crime forms, and it is usually a means to
commit other crimes. The file study shows that hacking cases are a combination of
cybercrime in the restricted sense (computers or computer data are the target), offences
against property and inter-personal conflicts.
In the literature it is often claimed that the motives of hackers shifted from ‘hacking
for fame’ to ‘hacking for fortune’. Cyber criminals became more interested in financial profit.
However, we have not been able to find empirical evidence for these statements. The
motivations of the hackers in our files varied, for example: revenge, curiosity and financial
profit. So, there is a group of hackers that commits offences for money, but another
development seems to be more dominant: the democratisation of hacking (hacking is no
longer the reserve of highly skilled computer nerds) and the corresponding motives which are
related to relationships (we then see ex-lovers or youngsters targeting each other by
publicising sensitive information or attacking each others’ reputations). In short, in our study
there is no unilateral shift of hacking for fame to hacking for fortune: the shift is multilateral,
particularly since hacking has become more and more of the people. The rise of hacking for
revenge is significant in that respect.
Cybercrime suspects tend to be males born in the Netherlands and under 45 years of
age. The division between men and women in the cybercrime files is significantly different to
that of the Dutch population. This specifically applies to child pornography, which really is a
male offence. For two types of cybercrime the percentage of male suspects differs
significantly from the ‘average suspect’ in the Netherlands. Among child pornography
offenders, the percentage of men is larger. Among e-fraud offenders the percentage of men is
smaller (p<0,01). Relatively speaking, women commit more fraud relating to adverts on
online auction sites: over a quarter of the e-fraud suspects is female.
We do not know how many citizens and companies have been victims of cybercrime.
There is no victim survey. Our file study shows that it is mainly individuals who report crimes
to the police. Men and women from all age groups may become the victim (it should be noted
that men are generally more likely to be victims, and that the age category 55+ is
underrepresented). We only found a few companies that had been targeted and had reported
Of all registered reports and charges in 2007 made by the police in Hollands-Midden
and Zuid-Holland-Zuid, less than 1% involved cybercrime. But figures on police reports do
not say much about the actual number of victims. Only a small part of all offences are
reported or charged. The readiness to report crimes is lower for cybercrime than for traditional
crime. To be able to comment on the dark number we carried out a survey among 1,246
Internet users living in Friesland. We found a readiness to report of 3.6%, among 56 victims
of various types of cybercrime. This is significantly lower than the average of 36% in 2008
for all offences in the Integrale Veiligheidsmonitor (IVM, Integral Safety Monitor) (p<0,01).
The readiness to report is low for victims of cybercrime, the dark number is high. We do not
know the extent of readiness to report among companies.
Towards a cybercrime research programme
Our study of police files provides us with additional empirical based knowledge about the
nature and scope of cybercrime. Perhaps more important is that our study of literature and
police files shows that there are many facets of cybercrime that we do not know much about,
since there is a lack of empirical research on this field. We briefly outline the subjects for
future research that arise from our study:
1. Very little is known about the scope of cybercrime. The registered number of reports and
records seems very low. Companies in particular do not report cybercrime. We hardly
know anything about the readiness to report nor about the extent of victimhood. Victim
surveys are required to gain better insight into the nature, scope and readiness to report
cybercrime. Subject of a victim survey should be individual citizens as well as companies.
2. We can deduce little about the offenders from the police files, yet knowledge about the
offenders may give important clues for detection (offender profiling), which in turn may
give indicators for possible prevention measures and for early signalling options. More
knowledge about offenders requires offender research, for example:
a. Individuals suspected of possessing and/or distributing child pornographic pictures
also have a tendency to commit other sex offences more often than the average
person. Further research will have to show whether and how exactly offences against
article 240b of the Dutch Criminal Code are linked to committing other sex-related
crimes, if any.
b. Suspects of hate crimes (and other cyber crimes) are more likely to have crime
antecedents than the average Dutchman. This is probably because it is predominantly
young men who are involved – and relatively speaking they commit many offences.
Further research is needed to confirm this.
c. Our study suggests that cyber extortion is related to sex crimes and/or sex offenders.
The limited number of files does not allow for any bold conclusions, but this
indication of a connection between youth, sex crimes and extortion is an area that
would benefit from further investigation.
3. From our file study, a picture emerges that cybercrime is usually committed by suspects
that operate relatively independently and who have few if any connections with organised
crime. Like crime in the offline world, most (minor) offences are committed by a large
group of suspects and a small part of the crime is systematically committed by organised
groups. There is no information in the police files about organised cybercrime. In order to
obtain more information about that, special targeted research is needed.
4. We analysed 665 police files. But we do not know which of these files were sent to the
public prosecutor, nor whether the suspects were eventually prosecuted. Additional
research is needed to gain insight into that process in the chain of criminal justice, and
where the bottlenecks may be occurring.
5. There is a trend that suggests that because of repressive measures child pornography is
disappearing to less conspicuous parts of the internet. For the remainder we do not know
much about the effect of measures against cybercrime, for example:
a. In child pornography cases, curiosity is the primary motive mentioned most frequently.
Suspects who mentioned curiosity as their motive say they are not searching because
of an established paedophile inclination, but they want to explore their boundaries.
Further research into backgrounds, circumstances and motives should focus on
whether the offences of this sight-seeing group could be prevented with measures that
confirm the norm or restrict opportunities.