Longitudinal criminological studies greatly improved our understanding of the longitudinal patterns of criminality. These studies, however, focused almost exclusively on traditional types of offending and it is therefore unclear whether results are generalizable to online types of offending. This study attempted to identify the developmental trajectories of active hackers who perform web defacements. The data for this study consisted of 2,745,311 attacks performed by 66,553 hackers and reported to Zone-H between January 2010 and March 2017. Semi-parametric group-based trajectory models were used to distinguish six different groups of hackers based on the timing and frequency of their defacements. The results demonstrated some common relationships to traditional types of crime, as a small population of defacers accounted for the majority of defacements against websites. Additionally, the methods and targeting practices of defacers differed based on the frequency with which they performed defacements generally.
In deze studie onderzoeken we de ontwikkelingstrajecten van hackers, op basis van zelfgerapporteerde web defacements. Tijdens een web defacement wordt ongewenst de inhoud van een website aangepast. In totaal hebben we 50.330 defacements van websites met een Nederlandse extensie (.nl websites) geanalyseerd, die door 3640 verschillende defacers zijn uitgevoerd tussen januari 2010 en maart 2017. Met behulp van trajectory-modellen kunnen er zes groepen defacers worden onderscheiden in de analyses: twee groepen chronische daders en vier groepen daders die slechts gedurende een korte periode defacements uitvoerden. Deze groepen verschillen ook van elkaar in hun motivaties en modus operandi. De groep hoogfrequente chronische daders bestaat uit minder dan 2% van de daders, maar is verantwoordelijk voor meer dan de helft van alle defacements. Het zou dan ook het meest efficiënt zijn wanneer toekomstige interventies zich met name richten op deze kleine groep chronische daders. Voor vervolgonderzoek zou het interessant zijn om de inhoudelijke boodschap van de web defacements te onderzoeken.
Repeat victimization has been widely studied from the perspective of environmental criminology for several decades. During this period, criminologists have identified a set of repeat victimization premises that are observed for many crimes; however, it is unknown whether these premises are also valid for cybercrime. In this study we rely on more than 9 million Zone-H data records from 2010 to 2017 to test whether these premises apply for the cybercrime of website defacement. We show that the phenomenon of repeat victimization is also observed in defaced cyber places (i.e. websites). In particular, we found that repeats contributed little to crime rates, that repeats occurred even several years after the original incident, that they were committed disproportionately by prolific offenders, and that few offenders returned to victimize previous targets. The results suggest that some traditional premises of repeat victimization may also be valid for understanding cybercrime events such as website defacement, implying that environmental criminology theories also constitute a useful framework for cybercrime analysis. The implications of these results in terms of criminological theory, cybercrime prevention, and the limitations derived from the use of Zone-H data are discussed.
