Cybercrime in the netherlands 2009


Published on

Cybercrime in The Netherlands 2009
a picture on the basis of police files
an emperical study resulting in a draft cybercrime research programme

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cybercrime in the netherlands 2009

  1. 1. Cybercrime in The Netherlands 2009 a picture on the basis of police files an emperical study resulting in a draft cybercrime research programme paper for the third Giganet workshop Montreal, Canada, 30-31 May 2010 W.Ph. Stol, E.R. Leukfeldt, M.M.L. Domenie Introduction and research questions This study is about cybercrime in The Netherlnds. We use the term cybercrime as the umbrella concept for all crimes in which ICT plays an essential role. Not every form of cybercrime can be included in the study, the list of cybercrimes is simply too long. The following cybercrimes are addressed: hacking, e-fraud, cyber extortion, child pornography and hate crimes. These five were selected because, of all cybercrimes, they constitute the most serious social problems in The Netherlands, and as such they receive the most attention from police and judiciary. The three main questions in our study are: (1) what is the nature of the cybercrimes? (2) what do we know about the offenders? (3) what is the scope of the cybercrimes? Methods of research In order to answer these research questions, we first performed an international literature study, a media analysis, as well as a web research and document analysis. For the international literature study, we consulted multimedia centres, and looked for books, articles, reports and other relevant publications. The media analysis consisted of an analysis of reports about cybercrime in the Dutch daily newspapers from 2006 and 2007. This yielded information, not only about cybercrimes, but also for example about research reports, police actions and key persons. The web research consisted of an internet search for information about cybercrime, research reports and key persons. The document analysis meant that we studied policy documents on the subject of combating cybercrime. The main part of the study however, consisted of an analysis of police files. In total, we analyzed 665 files, comprising 139 hacking files, 314 e-fraud files, 13 cyber extortion files, 159 child pornography files and 40 hate crime files. Our analysis of police files improved our insight into cybercrime, but this research method also has its limitations. The police files that we studied only shed light on crimes that have been reported to the police and that the police recorded in their computer system. Police files from the regular police computer systems (such as the ones we consulted) do not give us much information about organized crime, for example. Additional research is needed to complete the picture. Hacking 1
  2. 2. Hacking, according to Dutch law, is the deliberate and illegal entering into a computerised work, and is an offence according to article 138a paragraph 1 of the Dutch Criminal Code (electronic break-in). Hacking-related offences are: copying, tapping or recording of data after entering (article 138a paragraph 2), the intentional or inadvertent causing of a disruption in the system (articles 161 under paragraph 6 and 161 under paragraph 7, respectively), the intentional or inadvertent destruction of data (article 350a and 350b respectively), tapping and/or recording of data (article 139c) and installing of recording, tapping and/or monitoring equipment (article 139d). In literature, hackers are categorised in various ways including on the basis of their primary motivations, such as acquiring knowledge, personal challenge, power and financial profit. However, there does not seem to be any empirical foundation for the categories used. The image of various different categories of hackers does not emerge from our file study. Rather than clear-cut categories, the picture of a varied group of people emerges, although a few salient characteristics did emerge. The police files show that Dutch hackers are primarily men under the age 45 who were born in the Netherlands. They seldom commit their crimes in an organised setting, the majority of the cases only involve one suspect. Hacking is often done in connection with relationships: suspect and victim are for instance ex-lovers, jealous spouses or school friends, but former business associates may also be involved. The primary motivation of the suspect is often revenge, but we have also seen other motives, such as curiosity and financial profit. Suspects use various criminal techniques. Although most police files are unclear about the precise techniques used, suspects in hacking cases definitely deface websites, install keyloggers, make phishing websites and do social engineering. Botnets, DDoS-attacks, sniffing and spoofing are seldom found in police files. The fact that in 20 to 25% of the police files the hack is performed from abroad, within as well as outside Europe, is the most important finding with regard to police investigation. Hacking is usually not an isolated offence. All in all, hacking is found to be connected with: (1) cybercrime in the narrow sense (copying or destroying data or destroying or disturbing a computer system); (2) crimes against property (swindling, fraud, theft, extortion, embezzlement); (3) inter-personal conflicts (slander, threat, libel, stalking, assault). Hacking is primarily aimed at personal interests (financial profit, settling a conflict) and not at social disruption or general menacing. The issues are normally quite mundane, involving ordinary people who are frustrated with each other. Up to a point, hacking has become democratised: it is no longer the exclusive domain of whizz kids, instead it is also committed by people who are less well-versed in the technical ins and outs. It is impossible to be precise about the exact extent of hacking. It is only a very small part of the crime registered by the police. The results from a victim study in Friesland, a Dutch province, show a substantial number of unreported crimes (dark number) of this nature. From both local and international literature about cybercrime and information security we know that companies in particular are frequently victims of attempts, successful and otherwise, to hack into computer systems. Victims among individuals are less common. E-fraud Fraud is not listed as such in the Dutch Criminal Code: usually swindling (art. 326) and/or forgery are involved (art.225). E-fraud is fraud aimed at financial profit and for the execution of which ICT is essential. The manifestations of e-fraud we encountered in literature are: trade in false goods, false financial transactions (including auction and deposit fraud), and market 2
  3. 3. manipulation. E-fraud can be committed with or without identity abuse. Identity abuse is assuming an identity other than one’s own digital identity, with the intent of making dishonest financial profit. The making of the false identity precedes the identity abuse. This can be done by identity theft (stealing the identity of an existing person), identity creation (creating a fictitious identity) and identity delegation (assuming the identity of an existing person with his/her permission). In literature, the expectation is that in the coming years many will fall victim to e-fraud with identity abuse and causing much financial harm. In addition, deposit fraud is also seen as a threat. In various aspects, analysis of the police files shows a different picture to that of literature. Most files from the file study do not deal with Nigerian Scams (419 fraud) and identity theft but with swindle through sales sites. E-fraud generally does not have connections with other crimes, cyber or otherwise. And where it does, there are connections with the theft of identity data (especially digital, but also non-digital) and sometimes also with hacking. These offences are then a means to commit the e-fraud. E-fraudsters usually work alone, and there is no organised crime involved, with the exception of a few files. According to the files, financial profit is the central motive. In general, e-fraud concerns fairly simple cases: the perpetrator places an advert or makes a website or presents information in other ways to seduce the victim into paying for goods or services that never materialise. In short, most e-fraud cases are not technical fireworks. Perpetrators of e-fraud draw from a limited stock of techniques. There is social engineering in nearly every case. In some cases, phishing is used. The files with e-fraud frequently involve identity abuse. Although in literature attention is often drawn to cooperating fraud gangs (Nigerian scams, skimming), the major part of the frauds we found in our files was the work of swindlers that operate fairly simply. The image that literature paints of e-fraud requiring above-average technical insights and skills was not substantiated at all by our study. The suspects we know are generally born in the Netherlands, operate from the Netherlands, and are usually men aged between 18 and 35 years. Generally speaking, e-fraud is not something for the age group of 12-18 years, nor for persons older than 35. Apparently, persons between 18 and 34 years old have the optimal e-fraud equipment: they are old enough to have sufficient social skills for social engineering and young enough to be able to move about nimbly in cyberspace. Suspects are more likely to be unemployed, but they are less likely than average to live alone. So, with regard to their living arrangements they are not socially isolated, as they are with regard to their employment position. Their lack of income from working could go some way to explaining their main motive: financial profit. An analysis of legal antecedents shows that e-fraud suspects are likely to also commit other offences, and so they have a more extensive criminal repertoire than just fraud. This can also be explained by the fact that most suspects are male and relatively young - and so they belong to a group of persons that is likely to commit offences relatively often. E-fraud features ten times more frequently in police files than hacking. From our own research we know that 25 (2.2%) of the 1,246 inhabitants of Friesland that we interviewed have been the victim of e-fraud in the past two years. Only one victim pressed charges. This indicates a high dark number. Cyber extortion Extortion means obtaining unlawful advantage due to threat or violence. We use the term cyber extortion when ICT is essential for the execution of the crime. Various manifestations are mentioned in literature: (1) threat: threatening to paralyse websites or networks; (2) damage and disruption: damaging essential data and disrupting industrial production systems; 3
  4. 4. (3) shaming: publicising sensitive information; (4) protection: offering ‘protection ’ from for instance DDoS-attacks. These four manifestations can occur in combination with each other. In the Dutch Criminal Code extortion is a criminal offence according to article 317 (extortion). Also, articles 318 (threatening) and 285 (menacing) may apply. These criminal techniques usually require breaking into computer systems, which is punishable according to article 138a. In instances where computerised work is deliberately or inadvertently destroyed, the articles 161 under paragraph 6 and 161 under paragraph 7 of the Dutch Criminal Code apply. Articles 350a and 350b apply in cases of data destruction. We only found 13 files about cyber extortion for the period 2003-2007, nation wide. Where links with other crimes could be established, cyber extortion seems to be a continuation of earlier threats. Suspects commit extortion by threatening to publicise sensitive information about the victim. The sensitive information is usually related to child pornography. Victims have child pornography on their computers and are blackmailed because of it, or suspects pressure minors into sending nude photos of themselves (and these are then used to blackmail the victim). At various points during the analysis we detected a connection between cyber extortion and offences related to relationships and/or sexuality. Apart from child pornography, relational problems, stalking and assault were also found. Together these aspects imply that cyber extortion is related to sex crimes and/or sex offenders. The limited number of files does not allow for any bold conclusions, but this indication of a connection between youth, sex crimes and extortion is an area that would benefit from further investigation. Literature does not give us much information about the offender characteristics of cyber extortionists. According to the KLPD there appears to be cooperation between computer criminals from Western European countries and organised groups of criminals from Russia and Eastern Europe. Hackers are recruited and engaged via the Internet on the basis of their skills. The KLPD refers to the extortion of companies. This was not evident in the file study. The suspects in our study operate alone, and there are no criminal collaborations. A remarkably finding is that often the suspects are young (under 21 years).They do not use any criminal techniques. Collecting sensitive information about the victim is a reparatory act. The victim is always an individual, not a company. We do not have sufficient information to be able to carry out victim profiling. Victim research among companies in the United States and Australia indicates that a substantial percentage of the companies (16 to 33%) has been the victim of cyber extortion. We have not found any information in literature about victims among citizens. The 13 cyber extortion files we found for the period 2003-2007 all relate to individual victims, not companies. We know that cyber extortion is not unheard of in the Netherlands because we have found one such case among the hacking files. In this particular case a DDoS attack was deployed to blackmail a company. A study into the caseload of cybercrimes in two police forces did not yield any report of cyber extortion in 2007. A conclusion with regard to the scope of cyber extortion should therefore be that it is not very common and/or that the readiness to report it is very low. Due to the limited number of reports, cyber extortion, specifically in combination with a DDoS attack, is not viewed as a concrete threat in the Dutch National Threat Assessment. According to other sources, the number of cyber extortions will increase in the future because more and more companies are dependent on the internet, and the techniques required for extortion are easily available. Any empirical foundation for this claim is however not evident. Child pornography 4
  5. 5. Child pornography is a punishable offence in the Netherlands according to article 240b of the Criminal Code, which defines child pornography as the depiction of a sexual act, in which someone who apparently has not yet reached the age of eighteen years, is involved or seemingly involved. The rationale of article 240b is that young people should be protected against actions and expressions that may encourage or seduce them to participate in sexual intercourse. It is also against actions and expressions that contribute to a subculture that promotes the sexual abuse of children. From figures of the Meldpunt Kinderporno (Centre for Reporting Child Pornography), combined with earlier research into child pornography on the Internet, we can deduce that child pornography on the Internet is distributed in different ways: through spam, websites, peer-to-peer networks, virtual hard disks, news groups and chat. The method of distribution is changes constantly, partly because new techniques are created continually, and partly because the suppliers of child pornography change their tactics in response to repressive measures. In literature two clear groups can be discerned among the adults who participate in the distribution of child pornography: the commercial group who aims at financial profit and the ‘enthusiasts’ whose primary motivation is to obtain more child pornographic material. Some sources claim that the trade and production of child pornography is becoming increasingly the domain of organised groups. Child pornography is a lucrative business involving huge sums of money. In literature we see five categories of offenders: producers and dealers, collectors, travellers, groomers/chatters and minor perpetrators (as sex offender). Our file study shows that Dutch suspects are not part of a professional criminal operation. In the files there are a few large-scale international studies into websites that are managed professionally. The Dutch suspects are customers who download from these websites. Of the five categories that appeared in literature, in the files we found the categories collectors and groomers/chatters. We also see in the files that dealers are active, but they are not a subject of research by the Dutch police. The cybercrime child pornography has few connections with other cybercrimes or crime in general. If any, other sex offences, especially the possession of child pornography other than by IT and sometimes producing of child pornography, seem to be the only other types of crime involved. Suspects also try to groom minors, for instance, or to bribe victims by threatening to publicise sensitive information (e.g. nude photos). In most files there is only one suspect. These are mostly indigenous men, mainly in the age group 18-55 years. Curiosity is the primary motive mentioned most frequently. Suspects who mentioned curiosity as their motive say they are not searching because of an established paedophile inclination, but they want to explore their boundaries. Further research into backgrounds, circumstances and motives should focus on whether the offences of this sightseeing group could be prevented with measures that confirm the norm or restrict opportunities. More often than not, child pornography suspects do not live alone, but they do tend to be unemployed more often than average. Most suspects either have MBO (intermediate vocational education) or HBO (higher vocational education). So far, they do not differ from the average Dutchman. There is also a group of young suspects who make child pornographic pictures of other minors and distribute them. Just over half of the suspects has committed one or more crimes. This is significantly more than the average Dutchman has. Further research will have to show the extent to which this difference is caused by the fact that child pornography suspects are nearly all men, and that they are younger than the average Dutchman – and so belong to the group of persons (young men) that commit more crimes than average. Relatively speaking, many suspects have a record in the main categories ‘violent sexual offences’ and ‘other sexual offences’ (respectively 2.4 and 8.3%). Individuals suspected of possessing and/or distributing child pornographic pictures also have a tendency to commit other sex offences more often than the 5
  6. 6. average person. Further research will have to show whether and how exactly offences against article 240b of the Dutch Criminal Code are linked to committing other sex-related crimes, if any. Our research indicates the existence of at least two discernable groups of suspects: a large group of individuals (53.4%) who download child pornography without having (they claim) an established paedophile inclination (exploratory behaviour, curiosity), and a relatively small group of individuals who not only possess child pornography but also commit other sex offences. Both groups should be investigated further so that a clearer insight into the characteristics of these persons can be gained and possible measures to prevent this kind of crime can be drawn up. There is a new group of child pornography distributors: the minors. Almost a quarter of the suspects in child pornography files is younger than 24 years (and of that group 35% is younger than 18 years). This can be explained by the fact that minors, whether voluntarily or not, take sexual photos and make videos of themselves and/or each other. When this material is distributed via the internet (by the suspect him/herself, a classmate or acquaintance) it has become a matter for the law according to article 240b: distribution of child pornography. There is a trend that suggests that child pornography is disappearing to less conspicuous parts of the Internet, where the information is more difficult to monitor, and where it is also more difficult to collect evidence. It is also to be expected that new technological developments (such as animation tools, encrypting techniques and payment systems) will continue to change the production of child pornography. Hate crime There is no generally accepted definition of hate crime in the Netherlands. In this study, ‘cyber hate crime’ refers to deliberately insulting or discriminating against certain groups or inciting others to do so, without contributing to the public debate, with ICT being essential for the execution of these acts. Hate crimes are not mentioned as such in the Dutch Criminal Code, but there are a number of articles that apply, such as article 147 and 147a (blasphemy) and the discrimination articles (art. 137c, d, e, f and g). According to the Supreme Court, discriminatory expressions are not punishable by law if they contribute to the social debate. Article 131 (agitation) is another article that may also apply. From the figures of the Meldpunt Discriminatie Internet (Centre for Reporting Discrimination on the Internet) we can deduce that hate crime content is predominantly distributed via spam (e-mail), websites, peer-2-peer networks, news groups and chat. We are not certain which part of the hate crime content is distributed via which route, but we do know that method of distribution do change. For instance, there are hardly any reports about news groups any more, but there are reports of weblogs, websites and web forums. According to literature, the majority of reports are about hate crime or discriminatory expressions about Dutch sites. Offenders operate in groups that discriminate and call for violence through websites and chat channels, and also in informal networks on the Internet. They express their hate on discussion forums and weblogs. Four motives are discerned: fun (boredom, suspense and excitement), giving a warning signal (suspects feel threatened by newcomers and want to defend their territory), as act of retaliation (mostly in the context of social tension) and as missions (by extremists that are convinced that their own views are justified). The majority of the hate crime files do not indicate that there are any connections with other forms of crime, cyber or otherwise. Sometimes there is a connection with hacking or slander, but on the whole suspects of hate crimes do not seem to be criminal generalists. The file study confirms that the majority of the crimes are committed in the Netherlands. The files also show that there is no question of organised crime. Suspects mainly operate alone. In a 6
  7. 7. number of files suspects posted messages on an extremist website, but they committed the offence as individuals. Most suspects are male, young and born in the Netherlands. With regard to age, the focus is on the group of 12-17 years. In case of minors suspects, we see that it often concerns an impulsive reaction, in the form of a hate sowing post on a website. Revenge, acquiring status or proving oneself are usually the primary motivations. We have also seen ideological or nationalistic motives. Suspects of hate crimes are more likely to have crime antecedents than the average Dutchman. This is probably because it is predominantly young men who are involved – and relatively speaking they commit many offences. Further research is needed to confirm this. Police records do not contain many files regarding hate crimes as a cybercrime. We have found 40 files over the period 2002-2007, nation wide. No hate crime files were found during the cybercrime study in the files of two police forces. The MDI received 1,078 reports in 2007, but the majority were never brought to court. Despite the limited number of charges, Van Stokkom et al. (2007, p. 16) speak of a ‘hate epidemic’ on the Internet. According to these authors, radicalism provokes counter-radicalism; Muslims and non-Muslims may end up in a self-perpetuating spiral of mutual mistrust and hostility. However, there was no evidence for this on the basis of the literature study. Hate crimes are simply not reported often enough. With hate crime, it is socially relevant to know the lay of the land. We have not systematically recorded which part of the population the suspects had been targeting (in other words, whether suspects are mainly right-wing extremist or fundamentalist Muslims). We have made a short summary of each file. These summaries show that most files deal with suspects with right-wing extremist ideas, who mainly target ‘foreigners ’ and ‘immigrants’. Suspects also make anti-Semitic remarks in a few files, and in some files homosexuals were discriminated against. Cybercrime in the Netherlands: similarities and differences 1 Generally speaking, e-fraud, child pornography and hate sowing are crime categories with few connections to other types of criminality. Only hacking seems to have clear links to other crime forms. Hacking can be seen as a means to commit another crime. The analyses indicate that we are not only dealing with various cybercrimes with relatively few connections, but also with various groups of offenders that probably overlap only minimally. The suspects can be outlined as follows: − A suspect of cybercrime is likely to be male in the age group 12 to 45 years. Child pornography is an exception: these suspects are almost invariably male and do not belong to any particular age group. − Cybercrime offenders rarely commit their crimes in an organised setting. However, organised crime can be found in cases of e-fraud and child pornography. − Suspect and victim are often known to each other in hacking files, but this is not the case with e-fraud and child pornography. − The motives of hacking suspects can often be found in relationships. The primary motivation of e-frauds is usually financial profit, suspects in child pornography cases more often than not have curiosity and addiction/sexual need as their motivation. The motivation in hate crime files varies: it is usually revenge, or involves ideological/nationalist motives. 1 We have not been able to find sufficient files on cyber extortion to be able to make a comparison with other cybercrimes in the study, and so this category will be ignored. 7
  8. 8. On the total number of cybercrimes in the police files, organised crime hardly plays a role. But that is also the case with offline crime: the majority of the offences are not part of organised crime. But because organised crime can affect social structures (e.g. a merging of law abiding society with the underworld, money laundering, possession of real estate, corruption) it deserves special attention, just like research into crime outside cyberspace. And so, research into organised cybercrime is required. We cannot say anything definitive about the absolute scope of cybercrime in the Netherlands. It is only a small part (0.3-0.9%) of the criminality registered with the police. The results from a victim study in Friesland indicate a substantial dark number. A national victim study will be necessary in order to fill this knowledge gap. Conclusions The most important conclusion from this research is that cybercrime is about ordinary people. When we started this study, the literature, media and policy documents gave us a picture of high-tech cyber criminals who operate from abroad in organised groups, making victims on a large-scale. But this image was soon modified. Our files show that many ‘minor offences ’ are committed by more or less ordinary people that operate individually. The fact that we found hardly any organised crime does not prove that this type of crime does not exist. Our study does not deny the existence of organised criminals who commit crimes of skimming or advanced fee fraud for example – our study shows that there is considerably more to it than that. It shows that it is plausible to assume that cybercrime has the same structure as traditional, non-ICT crime. After all, among traditional criminals there is also a large group of offenders who commit relatively minor offences (like burglary and theft) on a more or less individual basis, and there are a few groups that commit organised crime. So, organised groups do not monopolise cybercrime. Cybercrime belongs to everybody. The fact that cybercrime is about ordinary people does have implications for police policy. It will lead to the conclusion that knowledge about the field of cybercrime should be widely available in the force: every police officer should have some basic knowledge of cybercrime. After all, the chances are growing that officers will have to deal with a cybercrime aspect in traditional cases, e.g. someone is stalked and his/her e-mail account is hacked. In addition, there is evidence to suggest that cybercrime is committed not only by organised groups abroad. That is why the fight of cybercrime should not only be the domain of specialist teams (as has been the case up until now). Another conclusion that has implications for police policy is that almost a quarter of the hacking suspects, and almost fifteen per cent of the e-fraud suspects, operate from abroad. This is not surprising, in literature cybercrime is also regarded a global problem. So, cybercrime is a problem that does not always stop at the border. This internationalises the work of the police. Traditionally, internationally operating offenders were usually part of an organised group (for example, drug smuggling and cross-border offences). Specialist police teams would be set up to deal with internationally operating offenders. In the case of cybercrimes, serious minor criminals now also cooperate internationally. Non-specialist teams in all police districts will now also have to deal with internationally operating offenders. The cybercrimes e-fraud, child pornography and hate crime are isolated, and have few connections with other forms of criminality. Suspects of these cybercrimes are not criminal generalists, but limit themselves to their type of cybercrime, although they do sometimes commit related crimes (for example, those who own digital child pornography also produce child pornography). Contrary to the other cybercrimes in our study, hacking is not done in isolation. Hacking is linked to a wide range of other crime forms, and it is usually a means to commit other crimes. The file study shows that hacking cases are a combination of 8
  9. 9. cybercrime in the restricted sense (computers or computer data are the target), offences against property and inter-personal conflicts. In the literature it is often claimed that the motives of hackers shifted from ‘hacking for fame’ to ‘hacking for fortune’. Cyber criminals became more interested in financial profit. However, we have not been able to find empirical evidence for these statements. The motivations of the hackers in our files varied, for example: revenge, curiosity and financial profit. So, there is a group of hackers that commits offences for money, but another development seems to be more dominant: the democratisation of hacking (hacking is no longer the reserve of highly skilled computer nerds) and the corresponding motives which are related to relationships (we then see ex-lovers or youngsters targeting each other by publicising sensitive information or attacking each others’ reputations). In short, in our study there is no unilateral shift of hacking for fame to hacking for fortune: the shift is multilateral, particularly since hacking has become more and more of the people. The rise of hacking for revenge is significant in that respect. Cybercrime suspects tend to be males born in the Netherlands and under 45 years of age. The division between men and women in the cybercrime files is significantly different to that of the Dutch population. This specifically applies to child pornography, which really is a male offence. For two types of cybercrime the percentage of male suspects differs significantly from the ‘average suspect’ in the Netherlands. Among child pornography offenders, the percentage of men is larger. Among e-fraud offenders the percentage of men is smaller (p<0,01). Relatively speaking, women commit more fraud relating to adverts on online auction sites: over a quarter of the e-fraud suspects is female. We do not know how many citizens and companies have been victims of cybercrime. There is no victim survey. Our file study shows that it is mainly individuals who report crimes to the police. Men and women from all age groups may become the victim (it should be noted that men are generally more likely to be victims, and that the age category 55+ is underrepresented). We only found a few companies that had been targeted and had reported the crime. Of all registered reports and charges in 2007 made by the police in Hollands-Midden and Zuid-Holland-Zuid, less than 1% involved cybercrime. But figures on police reports do not say much about the actual number of victims. Only a small part of all offences are reported or charged. The readiness to report crimes is lower for cybercrime than for traditional crime. To be able to comment on the dark number we carried out a survey among 1,246 Internet users living in Friesland. We found a readiness to report of 3.6%, among 56 victims of various types of cybercrime. This is significantly lower than the average of 36% in 2008 for all offences in the Integrale Veiligheidsmonitor (IVM, Integral Safety Monitor) (p<0,01). The readiness to report is low for victims of cybercrime, the dark number is high. We do not know the extent of readiness to report among companies. Towards a cybercrime research programme Our study of police files provides us with additional empirical based knowledge about the nature and scope of cybercrime. Perhaps more important is that our study of literature and police files shows that there are many facets of cybercrime that we do not know much about, since there is a lack of empirical research on this field. We briefly outline the subjects for future research that arise from our study: 1. Very little is known about the scope of cybercrime. The registered number of reports and records seems very low. Companies in particular do not report cybercrime. We hardly know anything about the readiness to report nor about the extent of victimhood. Victim surveys are required to gain better insight into the nature, scope and readiness to report cybercrime. Subject of a victim survey should be individual citizens as well as companies. 9
  10. 10. 2. We can deduce little about the offenders from the police files, yet knowledge about the offenders may give important clues for detection (offender profiling), which in turn may give indicators for possible prevention measures and for early signalling options. More knowledge about offenders requires offender research, for example: a. Individuals suspected of possessing and/or distributing child pornographic pictures also have a tendency to commit other sex offences more often than the average person. Further research will have to show whether and how exactly offences against article 240b of the Dutch Criminal Code are linked to committing other sex-related crimes, if any. b. Suspects of hate crimes (and other cyber crimes) are more likely to have crime antecedents than the average Dutchman. This is probably because it is predominantly young men who are involved – and relatively speaking they commit many offences. Further research is needed to confirm this. c. Our study suggests that cyber extortion is related to sex crimes and/or sex offenders. The limited number of files does not allow for any bold conclusions, but this indication of a connection between youth, sex crimes and extortion is an area that would benefit from further investigation. 3. From our file study, a picture emerges that cybercrime is usually committed by suspects that operate relatively independently and who have few if any connections with organised crime. Like crime in the offline world, most (minor) offences are committed by a large group of suspects and a small part of the crime is systematically committed by organised groups. There is no information in the police files about organised cybercrime. In order to obtain more information about that, special targeted research is needed. 4. We analysed 665 police files. But we do not know which of these files were sent to the public prosecutor, nor whether the suspects were eventually prosecuted. Additional research is needed to gain insight into that process in the chain of criminal justice, and where the bottlenecks may be occurring. 5. There is a trend that suggests that because of repressive measures child pornography is disappearing to less conspicuous parts of the internet. For the remainder we do not know much about the effect of measures against cybercrime, for example: a. In child pornography cases, curiosity is the primary motive mentioned most frequently. Suspects who mentioned curiosity as their motive say they are not searching because of an established paedophile inclination, but they want to explore their boundaries. Further research into backgrounds, circumstances and motives should focus on whether the offences of this sight-seeing group could be prevented with measures that confirm the norm or restrict opportunities. 10