table of contents

Vervuiling in Digitale Wijken.

This is my MSc thesis. Dutch ICT infrastructure - the 'hosting provider world' as you will - is under control of very different organisations. There are several indications that this infrastructure is 'digitally polluted'. I have researched which factors possibly influence this pollution. To this end, I conducted an anonymous internet survey amongst 370 organisations that manage an autonomous system with IP addresses geolocated in the Netherlands. In addition, I measured the effect of conducting this survey on the level of 'digital pollution' of the autonomous systems of these organisations. Interviews were conducted - apart from this study - with the ten organisations that manage the most polluted autonomous systems. These interviews, known as the 'Nederland Schoon'-project, were meant to nudge these organisations in to tackling the level of pollution in their autonomous systems.

It is argued that these interviews fit in a way of fighting crime that is nowadays very popular in the Netherlands: situational crime prevention. The concept of the 'virtual neighbourhood' is introduced. The study shows that the release of the survey and the interviews as yet have had no significant contribution on the reduction of the digital pollution among organizations that manage autonomous sytem with IP addresses Netherlands. However, the study does provide some pointers for further research and for a number of factors found a significant correlation with the level of 'digital pollution' in an AS.

White Pride Online: White Pride Wereldwijd?

This is my BSc thesis: a systematical review of the academic literature available within Web of Science on the role of the internet recruitment for radical extreme-right groups. The review analyzes ten studies on a variety of subjects: online organization of right-wing extremist groups, persistence of right-wing extremist web sites and their propaganda, the influence of participation in online right-wing extremist groups (among others) ideological extremism and self-reports about the radicalization of right-wing extremists.

Abstract: Despite some methodological and statistical weaknesses, it is evident from most studies that the internet is an important recruiting tool for radical right-wing extremist groups. The use of online social network analysis as academic research method is, while promising, not yet fully developed. No explicit theoretical or criminological frameworks are present within the studies. It is advisable to develop those.

Please keep the imposed limitations of this systematic review (eg. limited number of studies, one online source) in mind when reading the results. It is not a *complete* systematical review, for that would possibly mean analyzing hundreds of studies.

S.A.V.Eing the World.

While exploring the status on the implementation of ingress and egress filtering at the largest Autonomous Systems worldwide, I found that only a handful responded personally. This could be due to several reasons and maybe I was barking up the wrong tree, but at least it is a tree that is available for anyone since it relied on public WHOIS data. It was specifically chosen because of this property.

Source address validation is a key technical measure to prevent disruptive attacks on internet infrastructure. Some academics pose that a coordinated effort by a small portion of the internet community will significantly mitigate these attacks. However, this explorative study finds that either the status of the implementation of these measures is terribly lagging, or the community that was surveyed is irresponsive to requests from the outside. Especially worrying is the significant absence of abuse contact information in public WHOIS: over 23% of the population did not have an abuse address listed.

Explorative as it may be, the (absence of) results from this survey should give rise to discussion. How, if ever, are these measures going to be implemented on an effective scale? Will self regulation work, or is it time, as some experts say, to make source address validation required by law?

Time will tell.

On saving the community 1.01 Billion pounds.

Disclaimer: I will not in any way criticize the fabulous fieldwork done by the Metropolitan Police Central e-Crime Unit (PCeU). Every now and then they tell of cases they have had under investigation and where they pulled off a conviction or an arrest. Along with the FBI, their case rate on e-crime is high. Furthermore, I think the effort of calculating your organizations worth 'for society' is something far more public bodies should pursue.

But, reports like these tend to be heavily biased towards the writers. 'Cyber' is hot. 'Cyber' means budget. Reports like these (and the commercial variants) are what policy makers use to distribute budget.

Again, I am in no way saying that this is the PCeU mindset. But their report is however clearly biased towards maximum perceived outcome. The open invitation here is: please prove me wrong.

Of course, it's an awesome figure to present. 1.01 BILLION UK Pound in harm reduction over the last 2.5 years. But the methodology behind the calculations begs some obvious questions.


Modeling Internet-scale Policies for Cleaning up Malware

...or how coordinating the efforts of 90 ASes could change the world...

Hofmeyr et al published a very interesting article early 2012 which has probably not received the attention it deserved, given that it has been cited only eight times. Using a modified version of ASIM, they brought the metric 'Cybersecurity' into the economic and technical Autonomous System sIMulation software.

The authors try to empirically determine the effect of several different anti-malware policies on the global rate of 'wicked traffic'. They model the implementation on the AS level. The policies they put to the test are the obvious five that have been implemented to some degree over the last years:

  1. do nothing
  2. egress filtering
  3. ingress filtering
  4. egress and ingress filtering
  5. de-peering

Their results are in some cases surprising. They lead to the conclusion that malware policies now implemented and pursued by heavily funded public-private projects are not optimific.

Policy makers however need to be careful evaluating these existing projects, because these do serve a very important cause, even if they might in the end not prove to be as effective as hoped or assumed at their start.

But evidently, there's much more to be gained by a relatively small coordinated effort than suspected.


Reliability, Validity, Comparability and Practical Utility of Cybercrime-Related Data, Metrics, and Information

With an increasing pervasiveness, prevalence and severity of cybercrimes, various metrics, measures and statistics have been developed and used to measure various aspects of this phenomenon.

Cybercrime-related data, metrics, and information, however, pose important and difficult dilemmas regarding the issues of reliability, validity, comparability and practical utility. While many of the issues of the cybercrime economy are similar to other underground and underworld industries, this economy also has various unique aspects. For one thing, this industry also suffers from a problem partly rooted in the incredibly broad definition of the term “cybercrime”.

Nir Kshetri's article on cybercrime reports seeks to provide insights and analysis into this phenomenon, which is expected to advance our understanding into cybercrime-related information.

Although this short article has only been downloaded approximately 600 times, it is well worth the read. In fact, it should be prescribed literature for anyone involved in cybercrime decision making.


nederland aantrekkelijk voor cybercriminelen

This opening item of Sunday's prime time national news was quite frankly too horrific to ignore. In short, it states that the Netherlands are too attractive for cybercriminals because of our stable and fast internet infrastructure. After this true statement, our 'strict privacy laws' are named as a cause of the small chance to get caught. From there, things get really ugly really fast.

News items like these, broadcast at prime time, have a major influence on public opinion. So, unfortunately, do confusing and hardly nuanced news items. And public opinion, wrong as it may be, strongly influences policy makers. And policy makers rushing to address the emotional needs of the public can make very wrong and ineffective policies based on very wrong assumptions which are, in turn, based on very wrong figures and 'factfinding'.

This holds especially true for the technically complicated cybercrime field - and is therefor a dangerous development.


cybercrime and virtual offender convergence settings

Soudijn and Zegers provide an interesting look into the world of the (semi)organized online carding scene, based on a case with multiple Dutch money mules in 2008. The case was picked up by the press and some money mules were convicted of laundering. The Dutch police secured an online forum which ran for years, containting 150.000+ 'public' posts and 60.000+ 'private' ones.

Earlier research referenced by the authors showed that "The network didn’t have a typical core-periphery structure. Central network positions were not scarce but cooperation seemed to be self organized without central direction.. Basically, this means that criminal cooperation networks form naturally and successfully on these types of fora.

The authors conclude with policy recommendations for disturbing these online criminal convergence settings based on the criminological theories of situational crime prevention. However, their recommendations should be critically reviewed.


zicht op high tech crime

The paper concludes that based on the answers received, how official registration of crime as cybercrime is done through Statistics Netherlands and the non-uniformity in cybercrime definition, the risk of a very high dark number in criminal statistics regarding cybercrime is very realistic.

The main reasons for this are that different operational levels at the police force and the prosecutor's office adhere to different definitions of cybercrime and that none of the two most common definitions are reflected by categories in the official crime statistics.


the stakes are high (tech)

The thesis focuses on the problems around cybercrime targeting financial institutions. Three noteworthy results, in my opinion, stand out:

First of all, she uses the stakeholder-model in a different perspective (problem-oriented instead of organization-oriented). This approach seems to work well for these complex problems, although problems of definition and the attribution of responsibility are persistent across stakeholders.



Cybercrime Journal