12.

Cybercrime

Criminology (3rd edn)

Chris Hale, Keith Hayward, Azrini Wahidin, and Emma Wincup

12. Cybercrime
Matthew Williams, and David Wall

https://doi.org/10.1093/he/9780199691296.003.0012
Published in print: 13 June 2013
Published online: June 2014

Abstract
This chapter examines the nature of cybercrime and its implications for criminology. It is organized as follows. The first part
traces the evolution of the Internet as an environment for the emergence of cybercrime. The second considers the various
conflicting definitional problems of cybercrime and offers a method of resolving them. The third part outlines the problems
with measuring cybercrime before providing an indication of the scale of the problem. The fourth part briefly explores how
those problems are being resolved. The fifth part looks at the governance and regulation of cybercrime, while the final part
provides an overview of the various theoretical explanations.

Keywords: criminal behaviour, crime, criminology, Internet

Introduction
The Office of Cyber Security and Detica reported in 2011 that the annual cost to the UK economy from
cybercrime was £27 billion (Detica and Cabinet Office, 2011). Regardless of the accuracy of this estimate the
British Crime Survey and Eurostat ICT survey evidence that cybercrime is now the typical volume property
crime in the UK, impacting on more of the public than traditional acquisitive crimes such as burglary and car
theft (Anderson et al., 2012). Because of its global nature similar estimates of the prevalence and losses of
cybercrime are found in most other countries. The big problem, however, with the subject of cybercrimes is
that whilst everyone agrees that they are one of the greatest crime challenges of modern times, few seem to
agree what they are, how many there are, how they actually impact upon society and what is to be done about
them (Wall, 2007).

This chapter examines cybercrime, its contemporary manifestations and what it means for criminology. Part
one maps the evolution of the Internet as an environment for the emergence of cybercrime. The second part
dwells upon the various conflicting definitional problems of cybercrime and offers a method of resolving

Page 1 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

them. The third part of the chapter outlines the problems with measuring cybercrime before providing an
indication of the scale of the problem. In the fourth part, we briefly explore how those problems are being
resolved. The fifth part looks at the governance and regulation of cybercrime, while the final section provides
an overview of the various theoretical explanations.

Background

The Internet, technological change and cybercrime: 1969–2012

The advent of networked computer technologies in the latter half of the twentieth century opened up new
deviant and criminal opportunities to both the classical offender and those previously ill-equipped potential
offenders. The specific characteristics of the Internet have opened up a new ‘virtual criminal field’ (Capeller,
2001). New technologies are both facilitating traditional criminal activities and creating avenues for new and
unprecedented forms of deviance; some still to be rationalized in legal discourse. The devolution of computer
network access to the domestic arena can be seen as a milestone in cyber criminal and cyber deviant
entrepreneurship. During the Cold War, in response to the launch of Sputnik in 1957, the US established the
Advanced Research Projects Agency (ARPA), the birthplace of what is know commonly known as the
Internet. ARPA’s remit was to develop a networked computer infrastructure for use by the military that could
survive a nuclear attack. The need to expand the network beyond the military and private sector to
universities was quickly realized resulting in the establishment of ARPANET in 1969. During the latter years
of the 1980s the Internet was slowly being devolved from the private and university sector to the domestic
arena. Since this time the Internet has experienced exponential growth. In 1997 only 2 per cent of the UK’s
population had access to the Internet compared to 84 per cent in 2012 (ONS, 2012).

In the infancy of the Internet, cyber criminal activity was the avocation of a small number of computer
programmers and others with similar technical expertise. These were the game hackers and hacker/crackers
of the 1980s (Taylor, 2001). The impetus behind cyber criminal activity was usually non-malignant and
based on a utopian idealism of non-centralized computer hardware and software access. The illicit activities
of these individuals were not widely detected or publicized. During this time law enforcement was far from
capable of either proactively or reactively tackling the problem. A decade on, the pervasiveness of
communications technology and the advancements in field of human computer interaction meant that the
network user no longer needed the esoteric knowledge of a computer programmer to become a cyber
criminal.

Cyber criminal activity was not considered a significant problem by statutory authorities until the
mid-1990s. As businesses and domestic users increasingly adopted the technology, reports of the misuse of
the Internet began to emerge. Online community members, newsgroup users and website owners began to
complain of online harassment and defamation, breaches of decency due to the online dissemination of
‘obscene’ materials, instances of vandalized web pages, and even cases of ‘virtual rape’ (Mackinnon, 1997). A
clear shift occurred from the relatively benign cyber deviant activity of the 1980s to the more Machiavellian
cyber criminal activity of the mid- to late 1990s.

Page 2 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

The turn of the millennium brought with it several technological and criminal transformations that re-
shaped the cybercrime landscape. These included the emergence of Web2.0 and social media networks, the
automation of malware and the increasing organization of cyber criminal entrepreneurship. These
transformations saw the beginning of ‘mass digital victimization’. While many of these cases are classed as
de minimis (too trivial for legal intervention), the potential for victimization at the scale of populations is
particularly characteristic of twenty-first century cybercrimes.

As data on cybercrimes became more readily collected and consumed in this period it became apparent that
criminals were targeting three distinct populations: the domestic population, the business population and the
State. In relation to the domestic population the proliferation of automated scam and scareware (for example,
adverts for anti-virus software that appear on a user’s computer warning them of a virus infection or the like
that is entirely fictional, which once downloaded delivers its own malware) has seen millions of domestic
Internet users victimized and financially and psychologically harmed by organized cyber criminals. Less
organized, but no less harmful are the opportunist ‘cyber-bullies’ and ‘cyber-haters’ of the twenty-first
century. The advent and exponential spread of social media has seen the unprecedented propagation of
harmful content on digital social networks. In particular, the practice of ‘trolling’ (the posting of defamatory
and antagonistic messages aimed at eliciting an emotional response) has resulted in several high-profile
arrests and the call for clear guidelines for prosecutors (BBC, 2012). The widespread uptake of social media
networking, which shows no sign of abating with Facebook’s members now amounting to over one billion
(Tate, 2012), has the potential to expose whole communities to harmful, antagonistic and potentially socially
disruptive content.

In relation to the business population, contemporary cyber-threats are no longer confined to hacking and
viruses. Criminals (both organized and opportunists) have also begun to make use of social media
technologies to command the crowd in processes known as ‘crime-sourcing’ and ‘flash-mobbing/robbing’.
As Goodman (2011) describes, ‘groups of individual criminals, who may or may not even know each other, are
organizing themselves online and suddenly descending into unsuspecting stores to steal all that they can in a
flash. The unsuspecting merchant has little he can do when 40 unruly strangers suddenly run into his shop
and run off with all his merchandise’. Similar problems also affect the State where social media has been
implicated in mass public unrest and protest. The HMIC (2011) report Policing Public Order highlighted how
mass public disorder had taken on a new dimension which involved the use of Internet communications on
fixed and mobile platforms. In particular social networking sites (such as Twitter and Facebook) were
implicated in the UK Uncut and university tuition fees protests in London in late 2011 and the August riots. At
the extreme end of the spectrum, social media use was also associated with the Tunisian and Egyptian
Revolutions (Lotan, 2011).

At the most grievous level, the development of ‘super-viruses’, such as Flame, Zeus and Spy-Eye (which
created botnets—large global networks of ‘zombified’ computers under the control of organized criminals)
and Stuxnet (a suspected State-sponsored virus designed to penetrate top secret computer systems that
control nuclear enrichment plants in Iran) evidence that cybercrime can cause significant harm to whole
populations, and to the extreme extent cause international conflicts and even cyberwar. The contemporary

Page 3 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

problem of cybercrime is now perceived to be so acute that governments are establishing contingency plans
in the event of cyber-terrorist attacks, and are creating specialized national and international law
enforcement agencies to tackle cyber criminal phenomena (Wall, 2007).

Review Questions

1 How were cybercrimes characterized during the infancy of the Internet?

2 How did cybercrimes change in the mid- to late 1990s?

3 To what extent have Web2.0 technologies such as social media changed cybercrimes?

Defining cybercrime
There is no common definition of cybercrime. Developing a fixed definition is difficult due to a combination
of factors including the technology neutral stance of many bodies of law and the rapidly changing
technological landscape. Furthermore, the various private and public actors involved in the regulation of
cybercrime produce divergent viewpoints. For example, computer security experts warn about potential and
actual risks to hardware and software and suggest a range of strategic and tactical solutions—often their own
products and services. Meanwhile, the legal/administrative community stresses the potential harms to
individuals and define what is (and is not) supposed to happen by establishing and clarifying the rules that
identify boundaries of acceptable and unacceptable Internet behaviour. The criminological and general
academic community endeavour to provide an informed analysis about the wider societal implications of
cybercrime in terms of aetiology, consequence and regulation. Concerns about cybercrime are therefore
expressed through a range of voices that do not articulate a common understanding of the phenomenon.

Yet this dilemma has not prevented the proliferation of terms for cybercrimes invented by Internet users and
professionals. Identity theft (phishing), cyberterrorism, information warfare, spams, denial of service
attacks, hacking and cracking, hacktivism, e-frauds, auction fraud, click fraud, scams, hate crime, cyber-
bullying, illegal online gambling, extreme pornography, viruses, worms and Trojans are just some of the
terms that now come under the umbrella of ‘cybercrime’ (Williams, 2010). While many of these terms are
entering the modern lexicon, there remains some confusion between those crimes that are wholly reliant
upon the Internet and those, such as the more traditional crimes, that merely use the Internet as a means to
target victims in new ways. Cybercrime can be understood more clearly if it is mapped out in terms of a)
whether the victim groups are individual users, corporate entities or nation-states; b) their level of mediation
by technology; and c) the type of offending behaviour (for example, crimes against system integrity, using
computers to commit crimes and crimes relating to computer content).

Page 4 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Defining cybercrime by victim

A particularly confusing aspect of the debate over cybercrime is that it is constituted of a combination of a
number of different deliberations that each relate to quite different victim groups. The debate over the
personal Internet security of individual users is very different in substance to the debate over corporate
victims of cybercrime in terms of risk of victimization and degree of loss, which in turn is different to the
debate over national security where the nation-state and its citizens are the victims. The manifestation of
cybercrimes varies by victim targets. Domestic users are most likely to be victims of more minor cybercrimes,
such as micro-frauds (via technologies that read keyboard strokes—keyloggers—delivered by malware) and
online harassment and bullying (via social media networks such as Facebook and Twitter). Corporate victims
tend to suffer more serious cybercrime, such as Denial of Service attacks (repeated requests made of a
computer server intended to slow down service or prevent service altogether) and insider misuse/proprietary
information theft, while the State may suffer life-threatening attacks against its critical national
infrastructure (for example, energy, water and emergency services). It is therefore analytically productive to
tease out these differences between victims when attempting to establish the contours of cybercrime.

Defining cybercrime by technological mediation

Cybercrimes have evolved alongside networked digital technology. If cybercrimes are understood as mediated
or shaped by networked technology, then they can be categorized in terms of these technologies. By applying
a ‘transformation test’—simply thinking about what happens if the Internet is removed from the activity—
three generational levels of cybercrime can be identified that each display different combinations of
informational, networked and global mediation by technology. At the first level are the traditional or ordinary
crimes that use computers. Initially they were crimes, such as banking frauds, that took place within discrete
(usually mainframe) computing systems, although they might now also include crimes that involve using
computers as a method of communication, such as drug trafficking, or to gather precursor information to
help commit or organize a crime, such as murder. The point is that, although they can be quite serious in
their impact, they are nevertheless low-end cybercrimes since the behaviour will persist if the Internet is
removed from them. Offenders will simply revert to other forms of dishonesty or using other forms of
available communication or information sources (Wall, 2007).

At the second level are the hybrid cybercrimes: ‘traditional’ or legislated crimes for which network technology
has created entirely new global opportunities. They are distinguished from the first level by the fact that they
are committed across networks (such as auction frauds). Take away the Internet and the behaviour will
continue by other means, but not on such a global scale or across such a wide span of jurisdictions and
cultures. At the third level are the true cybercrimes. Solely the product of the Internet, they are high-end
cybercrimes that are not possible without it. They include spamming, phishing (identity theft) and pharming
(hijacking browsers) and variations of online intellectual property piracy (see Table 12.1) (Wall, 2007).

Page 5 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Defining cybercrime by offending behaviour

In addition to generational levels of cybercrime, there are different types of substantive criminal behaviours
that fall under the cybercrime rubric. This behaviour falls into three basic categories that can also be linked to
existing bodies of law and associated professional experience: 1) Crimes against the machine/Computer integrity
crimes: these include hacking and cracking, cyber-vandalism, spying, DDOS (distributed denial of service)
attacks and viruses. Each crime assaults the integrity of computer network access mechanisms. Computer
integrity crimes often pave the way for more serious forms of offending, such as phishing. Crackers, for
example, may use Trojans or other malware to install ‘back doors’ that are later used to facilitate other
crimes, possibly by spammers who

Page 6 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
 12. Cybercrime

Table 12.1 Cybercrime matrix

Cybercrime matrix Crimes against the machine Crimes using machines Crimes in the machine

Level 1: Ordinary crimes (Assisting existing or E.g., Hacking within systems ALSO using internet to E.g., Fraud within banking E.g., Storing extreme
‘traditional’ crime) inform traditional crime (e.g. murder) systems pornography

Level 2: Hybrid cybercrimes (New global E.g., Hacking across networked computer systems E.g., Fraud across banking E.g., Distributing extreme
opportunities for existing or ‘traditional’ systems and Networks pornography/hate crime/
crimes)

Level 3: True cybercrimes (New opportunities E.g., Automated hacking across networks—Phishing/ E.g., Micro-frauds across E.g., Networked content delivery
for new types of crime) DDOSA/Spammed Viruses/Drive-by downloads/ networks/Theft of virtual of e. pornography/hate crime
Scareware artefacts

Source: adapted from Wall, D. S. (2005) ‘The internet as a conduit for criminals’ in A. Pattavina (ed) Information Technology and The Criminal Justice System Thousand Oaks,
CA: Sage.

Page 7 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

have bought lists of the infected addresses. 2) Crimes using machines/Computer-assisted (or related) crimes:
these include phishing or advanced fee frauds, a form of social engineering that uses networked computer
systems (often legitimately) to engage victims with the intention of dishonestly acquiring cash, goods or
services. 3) Crimes in the machine/Computer content crimes: these cybercrimes relate to the illegal content of
computer systems and include the trade and distribution of pornographic, hate crime materials or materials
that intend to deceive.

The distinctions made here between the level of technological mediation and type of criminal behaviour
provide important reference points for policy formation. When they are cross-tabulated against each other,
the resulting mental map or ‘matrix’ usefully demonstrates the differences between the types of cybercrime
that can be used for organizational or analytical purposes, for example, for collecting data, the assessment of
risk or allocation of resources. Remember that the implications will vary according to the intended victim
group (individual user, corporate entities, and nation-states) (Wall, 2005–10: 4).

Review Questions

1 What are the key problems with defining cybercrime?

2 How can we define cybercrime by technological mediation?

3 How can we define cybercrime by offending behaviour?

Counting cybercrime
A key problem to better understanding and controlling cybercrimes is the lack of reliable data on their
prevalence and impact upon individuals, businesses and nation-states. Several papers provide insightful
reasons why existing data are flawed (see Anderson et al., 2008; 2012; Casper, 2007; and Sommer and Brown,
2011). The data issues identified include information asymmetries, the lack of data sharing protocols,
confidentiality and anonymity of respondents, failure to adopt gold standard data collection practices, and
knowledge and perception of victimization.

Anderson et al. (2012) identified over 100 different attempts to collect data on cybercrime to date. The sources
of data include reports of attack trends (for example, from Symantec and McAfee); security breach disclosure
reports from the Information Commissioner’s Office; reports by trade bodies (for example, from the British
Chambers of Commerce, the Federation of Small Businesses, and banking trade associations), and surveys
(for example, British Crime Survey, Offending Crime and Justice Survey, Commercial Victimisation Survey,
Information Security Breaches Survey, Oxford internet Survey and Eurostat).

By far the most voluminous sources of data on cybercrimes are vendor databases of malicious code activity
(for example, Symantec’s Threat Assessment Report). For example, Sophos estimated that there were
approximately 10 million cybercrimes in 2011 (Sophos, 2012: 3). This estimation is in stark contrast to the
low levels of prosecutions: for example, the 300 or so successful prosecutions in the UK since the introduction

Page 8 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

of the Computer Misuse Act 1990 (also reflected in other jurisdictions) (Wall, 2007: 54). Vendor data
understandably focus on cybercrimes such as botnet activity and subsequent spam levels that are
technologically measurable by vendor specific software (that is, in the process of data generation, persons are
not asked if they experienced a breach). This approach, while valuable in identifying overall trends, does not
represent all the populations of interest (for example, the business community and domestic users).
Essentially they cannot provide the detail required on prevalence of cybercrimes within each sector or region
(where the unit of analysis is an organization or individual), the perceived or actual impact of cybercrimes,
and the reaction of business or individuals to attack. Furthermore, the origin of such statistics raises
important questions of perceived impartiality. In terrestrial terms, such sources of data would be comparable
to data produced by private security companies who provide services to local communities and businesses.
Objectivity suffers in the face of economic drivers inherent in such enterprises.

Police data on reported cybercrimes are potentially the most impoverished source. A review of police
cybercrime recording evidenced that the practices of individual police services varied enormously, with only a
few including computer crime markers on crimes committed via computer networks (Hyde-Bales et al.,
2004). More recent recording practices have been guided by the Association of Chief Police Officers’ (ACPO)
eCrime strategy (ACPO, 2009) which recommended that the National Fraud Reporting Centre become the
hub for all recorded cybercrimes. While this has the benefit of harmonizing recording practices across forces,
the criminal justice system as a whole is restrained by the criminal law which is largely technology neutral.
The detail required by analysts (for example, the nature of an electronic attack such as denial of service,
distributed denial of service, insider unauthorized access, etc.), common to other cybercrime sources, is often
missing in police data.

National surveys on cybercrime identify the organization or individual as the unit of analysis. That is to say
an employee (usually the person with responsibility for IT security) is asked about security issues and attacks
in relation to their organization, or a member of the general population is asked similar questions in relation
to the home. These surveys capture instances of ‘known’ victimization where the respondent directly
experiences a cybercrime or has been made aware of the attack by software (for example, virus checker) or by
another person. In contrast to vendor data, these surveys not only identify prevalence of ‘known’
cybercrimes, but also capture data on impact and response. Impact questions vary by survey, but often
include length of system downtime, financial losses, potential reputational damage and anxiety in relation to
possible future attack (in relation to surveys of the general public). Response questions include reporting and
system upgrade behaviour, among other topics.

The majority of the surveys on business cybercrimes adopt non-random sampling. The resulting data pool is
biased towards knowledgeable victims from sectors where IT security is well embedded (that is, there is an IT
security manager to answer the survey questions). Those respondents who are reluctant to respond, due to a
lack of knowledge or interest or fear of reputational damage from notification of a cybercrime, are absent
from the dataset, leaving a skewed picture of the cybercrime problem. Unlike in some American states, where
business cybercrime notification is required by law (see Anderson et al., 2008), the UK picture from the
perspective of surveys adopting non-random samples is partial and biased at best.

Page 9 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

While surveys that adopt random probability approaches to surveying cybercrimes produce the most
representative data, conceptual issues with question wording and with knowledge assumption can
undermine the reliability and validity of data produced. Such problems led the European Commission i2010
High Level Group to conclude many of the questions in the Community Surveys on ICT Usage relating to
business cybercrimes were unreliable. They also reported similar problems in relation to their domestic
surveys (i2010 High Level Group, 2006).

Large-scale random probability national surveys, such as the British Crime Survey, the Offending Crime and
Justice Survey, and the Commercial Victimisation Survey, have sometimes included questions on cybercrime
victimization and perpetration in their questionnaires. However, surprisingly few respondents reported
cybercrime experiences, and in the light of other data on anxiety about identity theft and the prevalence of
security breaches, response validity is open to question. Furthermore, questions on e-victimization are
sparse, often only focusing on a very limited range of completed e-fraud. Given the problems outlined, it is
apparent that the cybercrimes data pool is currently unfulfilled, both in terms of quality and quantity. The
largest databases produced by vendors are likely to be partial and biased, while the best quality data from
national surveys adopting random probability sampling techniques, suffer from poor conceptualization and a
paucity of detailed questions on the topic.

Cybercrime trends
The ‘best’ data on business cybercrime available in the UK prior to 2010 was the Information Security
Breaches Survey (ISBS). The ISBS adopted probability sampling and adhered to standardized and well-
conceptualized questions. In the domestic domain, the Oxford internet Survey (OIS) represents the gold
standard. The OIS adopts a random sampling technique and includes a good range of cybercrimes questions
that the general public understand. Figure 12.1 shows trends in business cybercrimes over the last decade in
the UK and the US. What is clear in the UK is that the trend in cybercrime has reversed from a general decline
since 2004 to a sharp increase from 2010. This is contrary to trends in the US where a general decline in
1
cybercrime has been recorded since 2000 by the CSI Computer Crime & Security Survey.

Figure 12.2 shows ISBS recorded breaches over time disaggregated by cybercrime type. Malware attacks show
the most marked decrease in breaches between 2004 and 2008, followed by theft and fraud, and insider
misuse. The reported prevalence of unauthorized access (including hacking) remained relatively stable in the
same period. Reports in 2010 indicate a sharp increase in prevalence for malware infection, insider misuse
and unauthorized access, and a slightly modest increase in reports of theft and fraud. Reports of insider
misuse and unauthorized access peak at new all-time highs (42 and 49 per cent, respectively), while malware
attacks return to near their peak prevalence in 2004.

Figure 12.3 details trends over time in domestic cybercrime collected by the OIS. Given the public’s limited
understanding of many e-crime types, this survey adopts more colloquial terms to ensure robust data
collection. Unfortunately this precludes

Page 10 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Figure 12.1 Organizations reporting e-crimes breaches in the UK & US (1998–2010)

Source: Compiled from the Information Security Breaches Survey 1998 to 2010, PriceWaterhouseCoopers, and the US Computer
Crime & Security Survey 1998–2010, Computer Security Institute.

a forensic comparison with business cybercrime trends. However, the pattern of those members of the public
experiencing virus attacks is similar to the patterns of business malware attacks. A decline is evident from
2005 to 2009, with a definite upward trend in 2011 (an increase of 7 per cent compared to 2009). Similarly,
there is an upward trend in recorded domestic phishing attempts, indicating, as with business recorded

Figure 12.2 UK organizations reporting breaches by e-crime type (2000–10)

Source: Compiled from Information Security Breaches Survey 2000 to 2010, PriceWaterhouseCoopers.

Page 11 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Figure 12.3 Domestic breaches by e-crime type (2003–11)

Source: Compiled from the Oxford Internet Survey 2003–11, Oxford Internet Institute.

cybercrime, that eFraud is on the increase (although domestic online credit card theft remains stable at 3 per
cent).

The British Crime Survey only routinely includes cybercrime questions relating to fraud. The last incarnation
showed 4 per cent had suffered from this type of victimization, twice that who experienced burglary or car
theft. The 2010 Eurostat ICT survey shows the 5 per cent of respondents from the UK suffered payment card
fraud, placing it first in rank compared to all other European countries in the survey. The UK placed second
for financial losses caused by phishing and pharming attacks (Anderson et al., 2012). These domestic
cybercrimes data add weight to the position that in general trends are on the rise in the UK and that online
property victimization is now overtaking its terrestrial counterparts. The next section addresses the
governance and regulation of cybercrime.

Review Questions

1 What are the problems with counting cybercrimes?

2 What are the various methods used to count cybercrime?

Page 12 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

3 Describe the cybercrime trends over the last decade.

Governance and regulation of cybercrime

Law and public policing

The use of existing laws to deal with cybercrime can be seen as a distal (offline) node of governance (Wall and
Williams, 2007). While law is generally slow to respond to escalating online threats it has been utilized in
several cases to prosecute cyber offenders. Yet law only serves the purpose up to a point. A key challenge is
the de minimis trap (Wall, 2007). A common characteristic of many cybercrimes is that they lead to low-
impact, bulk victimizations that cause large aggregated losses which are spread globally, potentially across all
known jurisdictions. This creates the problem of nullum crimen legal disparities in inter-jurisdictional cases.
Protocols, including the COE Cybercrime Convention and the establishment of multi-agency partnerships
and forums, assist in facilitating inter-force cooperation, but they rely upon the offence in question being
given similar priority in each jurisdiction. If, for example, a case is clearly a criminal offence for which the
investigation carries a strong mandate from the public, such as the investigation of online child pornography,
then resourcing its investigation is usually fairly unproblematic from a police point of view. However, where
there is not such an implied mandate, such as with offences other than child pornography, then resourcing
becomes more problematic, especially if the deviant behaviour in question is an offence in one jurisdiction
but not another. Of course, the other inter-jurisdictional problem is that there may be cultural differences in
defining the seriousness of specific forms of offending, or some offences may fall under civil law in one
jurisdiction and criminal law in another, as with the theft of trade secrets, which is a criminal offence in the
US, but a civil offence in the UK.

Cybercrime and the challenges for public policing

Dealing with cybercrime poses significant challenges to British policing. Police services have historically
suffered from insufficient technical and legal knowledge and a lack of investigative resources. Reports of
cybercrime to the police have been faced with inconsistent record keeping and recording practices, often
resulting in records that lack the electronic element in the modus operandi (Hyde-Bales et al., 2004). In an
attempt to combat this shortfall some local forces attach a computer crime marker to command and control
incident records, crime desk records and crime related intelligence logs. These practices however are far from
systematic and significant gaps still remain in the recording process. Therefore, denial of service attacks,
hacking, malware infection and the like, are unlikely to be easily identifiable from police data. Over time
however, police cybercrime recording may improve given the ACPO eCrime Strategy recommended that the
National Fraud Reporting Centre become the responsible authority for recording all cybercrimes reported to
the police (ACPO, 2009). This strategy is being reviewed in late 2012 and is likely to change in light of the
establishment of the National Crime Agency (late 2013) which will take a strategic lead on cybercrime.

Page 13 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Problems for criminal justice agencies also arise from the local, national and international political demands
placed upon them to respond to cybercrime. Such demands are regularly inflamed by the apparent disparity
between the cybercrime waves portrayed by the news media and the relatively few arrests and prosecutions
of so-called cybercriminals. One explanation for this disparity is the fact that local police forces in most
jurisdictions tend to work within tightly prescribed budgetary parameters defined by their routine activities
and therefore find it difficult to cope with demands to investigate the crimes arising from globalized
electronic networks. However, the disparity also arises because traditional law enforcement agencies only
play a very small part in the overall policing of cyberspace. Law enforcement agencies are understandably
focused on crimes posing a perceived greater level of threat, such as child pornographers, fraudsters and
those who threaten infrastructure, such as terrorists and the vengeful hacker.

However, this is not to say that cyberspace goes unpoliced, nor that police activity is either inefficient or
ineffective. Rather, law enforcement activity is carried out within the broader and largely informal networked
and nodal architecture of Internet policing. This is comprised of Internet users and user groups; digital
environment managers and moderators; network infrastructure providers; corporate security organizations;
non-governmental, non-police organizations; governmental non-police organizations and public police
organizations (see Wall, 2007: Chapter 8). Each of these regulatory groups uses different combinations of
moral, contractual (economic), technological and legal sanctions to maintain order online.

Technological regulation
While the same technology that creates cybercrimes can also be used to regulate them, the need to balance
security with privacy creates new legal and political challenges. Software technology can be far more potent
than law as a regulator of digital environments since it not only controls their architecture but can also shape
any behaviour that takes place within them. When applied to cybercrimes, this simply means that the more a
criminal behaviour is mediated by a new technology, the more it can be policed by that same technology.
However, since technological interventions tend to raise new sets of ethical and legal issues—for example,
whether they are legal or whether they infringe privacy—any successful interventions will have to be set
within acceptable moral, ethical, social, economic and technological frameworks.

Spam filters are a good example of a successful technological solution to a cybercrime problem. Yet there has
been very little critical discussion about the application of spam filters into the networked delivery
mechanisms, especially with regard to technological knock-on effects such as filtering out legitimate
information sources. Not only do spam filters restrict some communications (for example, some legitimate
emails from, for example, Nigeria or China), but they also can contravene the long-standing, although
changing, end-to-end principle of the Internet, which is freedom of movement across the network to its
nodes while leaving choice and mode of receipt to the end users. Of equal concern is the unbridled use of
software techniques designed to entrap criminals, such as ‘honeypots’ and ‘honeynets’. For example, false
hyperlinks purporting to lead to websites hosting pornographic images of children can be used to gather
intelligence regarding criminal Internet users. While they may be successful in their mission, they raise a
range of moral, ethical and legal concerns, including allegations of entrapment.

Page 14 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Social control
A range of social control mechanisms are currently being employed to govern online behaviour. For example,
virtual worlds such as Secondlife and online marketplaces such as Ebay and also Facebook, utilize reputation
management systems to tarnish the identities of those who break rules. Williams (2006) shows how these
social control systems can draw upon shaming as a form of regulation (Braithwaite, 1989). He argues that
there is little doubt that complex social relationships are played out within online spaces such as virtual
worlds and social media networks. Markham (1998) and Mnookin’s (1996) accounts of social interaction
online show how individuals developed complex interdependencies, characterized by social and emotional
bonds. These online interdependent social networks provide a fertile ground for the use of shaming in
Internet deviance reduction. While the constraining effects of the family are absent within virtual worlds
(unless family members are also present online), the bonds to other citizens and online community can be as
significant as offline ties. For example, strong relations within purely social worlds, such as SecondLife, are
important to sustaining positive reputation and status. Acts of shaming online invariably draw on these ties,
attempting to either humiliate the wrongdoer or draw upon their classical conditioning in an attempt to
induce feelings of guilt (Braithwaite, 1989). In a now classic example Mackinnon (1997) shows how a socially
disruptive and sexually aggressive character in the virtual world LambdaMOO was eventually controlled via
shaming techniques by online community members, following the failure of technological controls (eviction
from the virtual world, deletion of account, etc). Such findings evidence the need for a plural response to the
control of cybercrime and deviance, with misdemeanours being dealt with by proximal control mechanisms
(social and technological controls) and more serious transgressions dealt with by distal mechanisms (the law
and policing of a particular terrestrial jurisdiction) (Wall and Williams, 2007).

Review Questions

1 How does cybercrime challenge existing policing practices?

2 How can cybercrime be controlled via technology?

3 How can cybercrime be controlled socially?

Theoretical explanations
The small amount of factual knowledge currently available about virtual offenders comes from offender
surveys, such as the UK-based OCJS (Allen et al., 2005; Wilson et al., 2006). These sources suggest that
offender profiles are like those of most offenders—young and male—but they possess rather different, if not
opposing, characteristics found in the criminologies of street criminals. They are more likely to be
introverted and more likely to share a much broader range of social characteristics. Perhaps more significant
is that their use of the Internet enables them to commit crimes at a distance and also crimes that would

Page 15 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

previously have been beyond their means. Consequently, when combined with the offenders’ relative
isolation from others, these characteristics reduce the amount of available criminal intelligence about them
and makes the law enforcement job harder.

The generalizability of these observations will, of course, vary further according to the types of crime
involved and the available opportunities to offend. Such is the view of the situational crime prevention
theorists (see Newman and Clarke, 2003). However, while this may easily explain computer-mediated thefts,
it sits less comfortably with computer integrity and computer content crimes. McQuade (2006: 113–35) gives
a very useful overview of offender profiles, but acknowledges the problems in so doing because: ‘[i]n reality,
cybercriminals carry out different types and combinations of illicit actions in the course of committing abuse,
attacks and/or crimes, thus underscoring the difficulty and limitations of categorising offenders’.

If the construction of offender profiles is problematic, so too is the ability to isolate offender motivations.
Normally in criminology we may turn to the more complex theories of criminalization for some guidance
here. McQuade (2006), for example, applied six criminological theories to cybercrimes, which each outline
different motivational factors. They are classical choice theories, based upon rational decision-making; trait
theories, which focus upon psychological imperfections in the individual; social process theories, which
explore how individuals learn criminal behaviour; social structure theories, which consider the individual’s
social and economic position in society; conflict theories, based upon non-consensual, pluralistic and conflict
views of social organization. He also observed a sixth, integrated theories, which combine aspects of the
previous five. The problem McQuade identifies is that criminologists have long tended not to consider the
impacts of technology in the commission of crime. Furthermore, the field of study is currently unfolding—
especially where an act of cybercrime involves a number of forms of offending behaviour.

One powerful theory of motivation, which Wall (2007) builds upon and which begins to explain the
transformative impacts of the Internet is based upon social structure/alienation theory, but also integrates
themes from other criminological theories. Presdee’s ‘carnival of crime’ thesis expresses a broader concern
about the criminalization of everyday life in which: ‘everyday responses to modern, highly commodified
society become themselves defined as criminal’ (Presdee, 2000: 15). He argues that much of the crime
occurring in society, especially that relating to social disorder, is a product of the fact the existing
relationships of production encourage us to live two lives. Our ‘first life’ is our official life characterized by
work and imposed order, which sustains our physical existence. In contrast, our ‘second life’ is where we live
out our fantasies and obtain emotional fulfilment (not to be confused with the website of the same name). It
runs counter to the alienation caused by the ‘rhythms of production’ in the ‘first life’, by working to restore
some meaning to our lives and control over our existence (Presdee, 2000: 62). During the course of living out
this ‘second life’, which Presdee calls our ‘carnival of leisure’, the boundaries of order are frequently crossed.
We, in effect, consume crime, not just through our diet of entertainment, but also when the ‘commodification
of excitement’ that characterizes much of our leisure is taken that one step further.

Presdee’s main concern is that the ‘bulk of crime is created, through the criminalisation and policing of social
behaviour as against dishonest behaviour and that it is a crime to be many things including poor, young,
disadvantaged, to fail and even at times to be creative’ (Presdee, 2000: 162). This explanation of second-life
fulfilment can go a long way to explaining much of the Internet’s broader popularity but also offending and
victimization. In Presdee’s view, the Internet has become a ‘“safe site” of the second life of the

Page 16 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

people’ (Presdee, 2000: 54) and it certainly does provide an environment ‘where we can enjoy in private
immoral acts and emotions’ (Presdee, 2000: 64). But, he is also right when he states that the days when the
consumption of crime, as he puts it, has become ‘a blissful state of “non-responsibility”, a sort of never-
ending “moral holiday”, are long gone, if they ever existed, especially on the internet’.

Other scholars have also attempted to apply social theories designed for the terrestrial world to cyberspace.
Williams (2006) applied Social Control Theory (Hirschi, 1969) to cyberspace. He took the core concepts of
attachment, involvement, commitment and belief and tested them in the virtual environment Cyberworlds.
Attachment refers to the capacity of individuals to form effective relationships with other people and
institutions, for example, parents, peers and school. When attachments are strong, individuals are more likely
to be concerned with the opinions and expectations of others and thus more likely to behave in accordance
with them. Commitment relates to the amount and time invested into conventional lines of activity, such as
attaining an education, developing a career or simply building a reputation. ‘Rational’ deviants, who weigh up
the costs of committing crimes, risk losing these when they break from group norms. Involvement in
conventional acts and avocations is one of the more mundane elements of a social bond to society. The
assumption is that a person may simply be too busy to even consider committing a deviant act if they are
involved in conventional lines of activity. The final component of a control theory is one’s belief in the values,
norms and laws of society. Control theory assumes that there exists an accepted universal belief system at
work in society. The deviant rationalizes their behaviour so they can simultaneously still believe in its
wrongful nature while committing the act. Most notably Sykes and Matza (1957) term this process
‘techniques of neutralisation’. The individual drifts in and out of states of delinquency depending upon the
circumstances and requirements of the moment.

Williams found that a lack of attachment to other online community members, community founders, and
institutions, such as the Peacekeeper Core (the online community police service) was an important factor in
explaining anti-normative cyber behaviour. The application of commitment to the online setting was
relatively non-problematic given the similarities in social structure. At the simplest level individuals who
became citizens (paying members of the community) had more at stake (their citizenship) than tourists
(non-paying members) when they deviated from community rules. Aspirations to join the Peacekeeper Core
and the time invested in building virtual property were also identified as elements of commitment that
prevented individuals from committing deviant acts online. Similarly, those involved in building property (a
time intensive activity), organizing social events and volunteering for the Peacekeeper Core were less likely
to veer into antisocial activity than those who had no static online vocation or avocation. Finally, those that
shared the common value system of the online community were less likely to deviate than those who did not.
Williams noted however, that his successful application of Control Theory to cyberspace was only possible
because he examined an online community. While his findings might be replicated in other online
communities, it is doubtful that the components of Control Theory will be as analytically fruitful in an
explanation of cyber deviance outside of online community structures.

Yar (2005) applied routine activities theory to cybercrime. He found that with respect to the ‘central core of
three concepts’, ‘motivated offenders’ and ‘capable guardianship’ could be treated as largely similar between
cyber and terrestrial settings. However, the application of ‘suitable targets’ produced certain asymmetries,
with respect to the components of ‘inertia’, ‘visibility’ and ‘accessibility’. The complexities of applying this

Page 17 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

theory to cyberspace related largely to the distinctive spatial-temporal differences between online and
terrestrial spaces. Time-space distanciation (Giddens, 1990) is an acute characteristic of online spaces. In
relation to criminal activity this means that individuals are able to attack their victims at a distance and in
compressed and extended periods of time. For example, a fraudulent transaction can take place over
thousands of miles in milliseconds while a harasser can subject their victim to derisory discourse at great
distance in real time. This causes problems for routine activities as the theory holds that the ‘organization of
time and space is central for criminological explanation’ (Felson, 1998: 148), yet cyberspace is spatio-
temporally disorganized. Yar concluded routine activity theory (and other ecologically oriented theories of
crime causation) appears of limited utility in an environment that defies many of our taken-for-granted
assumptions about how the socio-interactional setting of routine activities is configured.

Joinson (2003) explored the application of the social psychological theory of deindividuation (Festinger at al.,
1952) to the Internet. The theory advances that anonymity and disinhibition within social situations can lead
to individuals acting in ways counter to conventional behaviour. Prentice-Dunn and Rogers (1982) suggest
that deindividuation results in a reduced awareness of the public component of one’s own behaviour and is
caused by a reduction in accountability cues (for example, anonymity and membership of a group) and
reduced private self-awareness. The power of the crowd has been used to show how an individual’s behaviour
can be shaped by these processes to produce anti-normative outcomes. Essentially people behaving in crowds
are less likely to feel individually judged by others and are hence more likely to break rules. The August 2011
London riots can be used as an example of deindividuation. Normally law-abiding individuals were
temporarily provided with a justification by the crowd to embark on looting sprees. When applied to the
Internet Kiesler at al. (1984) argue that the anonymity afforded to individuals online can result in
deindividuating effects, similar to the effect of the crowd. Other social psychological explanations of online
deviant activity include the Reduced Social Cues model, the Two-Component Self-Awareness model and the
Social Identity Explanation of Deindividuation Effects model (see Joinson, 2003).

Review Questions

1 What criminological/sociological theories can be used to explain cybercrime?

2 What psychological theories can be used to explain cybercrime?

3 Do we need a specific theory of cybercrime?

Conclusion
Cybercrime will continue to evolve, bringing fresh challenges for criminological understanding. The
emergence of the first generation of cybercrimes in the 1980s and 1990s was met with inadequate
criminological insight. Criminologists were simply not prepared for the digital re-engineering of terrestrial
crimes. The same can be said for the police, the legal system and victims. However, this is not an isolated
happening. Throughout history criminals have been the first to capitalize on opportunities when they arise,
often leaving institutions lagging behind. Yet this repeated pattern has been no more acute than with the

Page 18 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

development and proliferation of the Internet and associated cybercriminal activity. Our ability as
criminologists, with our terrestrial based methodological and theoretical tools, to understand this
phenomenon is complicated by the ways in which networked technology alters commonsense notions of
space and time, and in turn how offenders, victims, the police and the public interact in these new orderings.
Cybercrime definition, prevalence, regulation, and aetiology have all confounded the criminological
imagination, calling for a re-evaluation of how we conduct research and the bodies of disciplinary knowledge
we draw upon.

Questions for Discussion

1 To what extent are cybercrimes different from ‘terrestrial’ crimes?

2 Do the profiles of cyber criminals and cyber victims differ from their ‘terrestrial’ counterparts?

3 Does cyberspace need to be regulated?

4 What are the implications of regulation upon cyber rights and liberties?

5 How have criminologists attempted to explain cybercriminal behaviour?

Guide to Further Reading

Jewkes, Y. (ed) (2007) Crime Online. Cullompton: Willan.

This book provides an overview of the key issues drawing upon a range of internationally known experts in
the field of cybercrime. It includes chapters on cyber homicide, identity theft/duplication, child pornography,
piracy, football hooliganism and cyberstalking.

Joinson, A. N. (2003) Understanding the Psychology of the Internet. New York: Palgrave Macmillan, Chapter 3.

This is an excellent introductory chapter on the psychology of cyber criminality. It provides an overview of
the key psychological theories that attempt to explain why people are more likely to behave in deviant and
criminal ways online.

Wall, D. S. (2007) Cybercrime: The transformation of crime in the information age. Cambridge: Polity.

Wall draws on empirical research findings and multidisciplinary sources to argue that we are beginning to
experience a new generation of automated cybercrimes, which are almost completely mediated by networked
technologies that are themselves converging. An excellent book on the nature of cybercrime and its
regulation.

Williams, M. L. (2006) Virtually Criminal: Crime, Deviance and Regulation Online. London: Routledge.

Williams provides a criminological analysis of deviance and regulation within an online community. The
book explores the causes, impactions and regulation of deviance within virtual worlds through an application
of control theory, speech act theory and reintegrative shaming.

Yar, M. (2006) Cybercrime and Society (2nd edn, 2013) London: Sage.

Page 19 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Yar locates cybercrime in the wider contexts of social, political, cultural and economic change. The book
draws upon perspectives spanning criminology, sociology, law, politics and cultural studies. Chapter topics
include hacking, intellectual property theft, cyber fraud and scams, obscene materials and cyber stalking.

Web Links
http://www.cardiff.ac.uk/socsi/resources/
Levi%20Williams%20eCrime%20Reduction%20Partnership%20Mapping%20Study.pdf <http://
www.cardiff.ac.uk/socsi/resources/
Levi%20Williams%20eCrime%20Reduction%20Partnership%20Mapping%20Study.pdf>

Link to the findings from the Nominet Trust eCrime Reduction Partnership Mapping Study (2012) by Mike Levi
and Matthew Williams. The report is the first to attempt to map the cooperation of the wide array of internet
regulators.

http://www.homeoffice.gov.uk/publications/science-research-statistics/research-statistics/crime-research/
hosb0612/hosb0612?view=Binary <http://www.homeoffice.gov.uk/publications/science-research-statistics/
research-statistics/crime-research/hosb0612/hosb0612?view=Binary>

A link to the most recent (at time of press) Home Office/Office for National Statistics analysis of cybercrime
questions in the British Crime Survey/Crime Survey for England and Wales.

http://www.ukcert.org.uk/ <http://www.ukcert.org.uk/>

A link to the UK Computer Emergency Response Team webpage. Provides up-to-date information on
existing security threats to business, academia and government.

http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm <http://www.hmso.gov.uk/acts/acts1990/
Ukpga_19900018_en_1.htm>

Link to the Computer Misuse Act 1990.

http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm <http://conventions.coe.int/Treaty/en/Treaties/
Html/185.htm>

Link to the Council of Europe Convention on Cybercrime.

References
ACPO (2009) ACPO e-Crime Strategy. ACPO: London, http://www.acpo.police.uk/documents/crime/
2009/200908CRIECS01.pdf <http://www.acpo.police.uk/documents/crime/2009/200908CRIECS01.pdf> (accessed 9
October 2012).

Allen, J., Forrest, S., Levi, M., Roy, H., and Sutton, M. (2005) ‘Fraud and technology crimes: findings from the 2002/03
British Crime Survey and 2003 Offending, Crime and Justice Survey’, Home Office Online Report 34/05, http://

Page 20 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

www.homeoffice.gov.uk/rds/pdfs05/rdsolr3405.pdf <http://www.homeoffice.gov.uk/rds/pdfs05/rdsolr3405.pdf>
(accessed 9 October 2012).

Anderson, R., Boehme, R., Clayton, R., and Moore, T. (2008) Security Economics and the Internal Market. Crete: ENISA.

Anderson, R., Barton, C., Boehme, R., Clayton, R., Levi, M., Moore, T., and Savage, S. (2012) Measuring the Cost of
Cybercrime, paper presented at the WEIS Conference, Berlin.

British Broadcasting Corporation (BBC) (2012) Tom Daley ‘abuse’ tweet: Legal rethink on online rules. http://
www.bbc.co.uk/news/uk-19660415 <http://www.bbc.co.uk/news/uk-19660415> (accessed 20 Septembet 2012).

Braithwaite, J. (1989) Crime, Shame and Reintegration. Cambridge University Press: Cambridge.

Capeller, W. (2001) ‘Not Such a Neat Net: Some Comments on Virtual Criminality’, Social and Legal Studies Vol. 10, no.
2, 229–42.

Casper, C. (2007), Examining the Feasibility of a Data Collection Framework. Crete: ENISA.

Detica and Cabinet Office (2011) The Cost of Cyber Crime: A Detica and Cabinet Office Report In Partnership With The
Office Of Cyber Security And Information Assurance In The Cabinet Office. http://
www.baesystemsDeticaandCabinetOffice.com/uploads/resources/
THE_COST_OF_CYBER_CRIME_SUMMARY_FINAL_14_February_2011.pdf <http://
www.baesystemsDeticaandCabinetOffice.com/uploads/resources/
THE_COST_OF_CYBER_CRIME_SUMMARY_FINAL_14_February_2011.pdf> (accessed 9 October 2012).

Felson, M. (1998). Crime and everyday life (2nd edn) Thousand Oaks, CA: Pine Forge Press.

Festinger, L., Pepitone, A., and Newcomb, T. (1952) ‘Some consequences of deindividuation in a group’, Journal of
Social Psychology 47, 382–9.

Giddens, A. (1990) The Consequences of Modernity. Cambridge: Polity.

Goodman, M. (2011) ‘From crowdsourcing to crime-sourcing: The rise of distributed criminality: How criminals are
applying crowdsourcing techniques’, O’Reilly Radar. http://radar.oreilly.com/2011/09/crime-sourcing.html <http://
radar.oreilly.com/2011/09/crime-sourcing.html> (accessed on 21 September 2012).

Hirschi, T. (1969) Causes of Delinquency. Los Angeles: University of California Press.

HMIC (2011) Policing Public Order: An overview and review of progress against the recommendations of Adapting to
Protest and Nurturing the British Model of Policing. London: HMIC.

Hyde-Bales, K., Morris, S., and Charlton, A. (2004) The Police Recording of Computer Crime. London: The Stationery
Office.

i2010 High Level Group (2006), Benchmarking Framework. Brussels: European Commission.

Joinson, A. N. (2003) Understanding the Psychology of Internet Behaviour. London: Palgrave Macmillan.

Kiesler, S., Siegel, J., and McGuire, T. W. (1984) ‘Social Psychological Aspects of Computer-Mediated Communication’,
American Psychologist 39: 10, 356–70.
Page 21 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Lotan, G., Graeff, E., Ananny, M., Gaffney, D., Pearce, I., and Boyd, D. (2011) ‘The Revolutions Were Tweeted:
Information Flows During the 2011 Tunisian and Egyptian Revolutions’, International Journal of Communication (5)
Feature: 1375–405.

MacKinnon, R. (1997) ‘Virtual rape’, Journal of Computer Mediated Communication, 2 (4). http://www.ascusc.org/jcmc/
vol2/issue4/mackinnon.html <http://www.ascusc.org/jcmc/vol2/issue4/mackinnon.html> (accessed 9 October 2012).

Markham, A. (1998) Life Online: Researching Real Experience in Virtual Space. California: Sage.

McQuade, S. (2006) Understanding and Managing Cybercrime. Boston: Allyn & Bacon.

Mnookin, J. (1996) ‘Virtual(ly) Law: The Emergence of Law in LambdaMOO’, Journal of Computer-Mediated
Communication 2: 1. http://www.ascusc.org/jcmc/vol2/issue1/lambda.html <http://www.ascusc.org/jcmc/vol2/issue1/
lambda.html> (accessed 9 October 2012).

Newman, G. R. and Clarke, R. V. (2003) Superhighway Robbery: Preventing e-commerce crime. Cullompton: Willan.

Office for National Statistics (2012) Statistical bulletin: Internet Access - Households and Individuals, 2012. London: ONS
http://www.ons.gov.uk/ons/rel/rdit2/internet-access-households-and-individuals/2012/stb-internet-access-
households-and-individuals-2012.html <http://www.ons.gov.uk/ons/rel/rdit2/internet-access-households-and-
individuals/2012/stb-internet-access-households-and-individuals-2012.html> (accessed 9 October 2012).

Prentice-Dunn, S. and Rogers, R. (1982) ‘Effects of public and private self-awareness deindividuation and aggression’,
Journal of Personality and Social Psychology 43 (3), 503–13.

Presdee, M. (2000) Cultural Criminology and the Carnival of Crime. London: Routledge.

Sommer, P. and Brown, I. (2011) Reducing Systemic Cybersecurity Risk. London: OECD.

Sophos (2012) ‘Security Threat Report 2012’, Sophos. http://www.sophos.com/en-us/medialibrary/PDFs/other/

SophosSecurityThreatReport2012.pdf <http://www.sophos.com/en-us/medialibrary/PDFs/other/
SophosSecurityThreatReport2012.pdf>.

Sykes, G.M. and Matza, D. (1957) ‘Techniques of Neutralization: A Theory of Delinquency’, American Sociological Review
22, 664–70.

Tate, R. (2012), ‘Facebook Hits 1 Billion Users, Here’s How It Hits $141 Billion in Value’, Wired. http://www.wired.com/
business/2012/10/facebook-case-for-optimism/ <http://www.wired.com/business/2012/10/facebook-case-for-
optimism/> (accessed 5 October 2012).

Taylor, P. (2001) ‘Hacktivism: in search of lost ethics?’ in D.S. Wall (ed) Crime and the Internet. London: Routledge, 59–
73.

Wall, D.S. and Williams, M. (2007) ‘Policing diversity in the digital age: maintaining order in virtual communities’,
Criminology and Criminal Justice Vol. 7, no. 4, 391–415.

Wall, D.S. (2007) Cybercrimes: The Transformation of Crime in the Information Age. Cambridge: Polity.

Page 22 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025
12. Cybercrime

Wall, D.S. (2005–10) ‘The internet as a conduit for criminals’ in A. Pattavina (ed), Information Technology and The
Criminal Justice System. Thousand Oaks, CA: Sage, 77–98. Revised in 2010. http://papers.ssrn.com/sol3/papers.cfm?
abstract_id=740626 <http://papers.ssrn.com/sol3/papers.cfm?abstract_id=740626> (accessed 9 October 2012).

Williams, M. (2006) Virtually Criminal: Crime, Deviance and Regulation Online. London: Routledge.

Williams, M. (2010) ‘Cybercrime’ in F. Brookman, T. Bennett, M. Maguire, and H. Pierpoint (eds) Handbook of Crime.
Cullompton: Willan.

Wilson, D., Patterson, A., Powell, G., and Hembury, R. (2006) ‘Fraud and technology crimes: findings from the 2003/04
British Crime Survey, the 2004 Offending, Crime and Justice Survey and administrative sources,’ Home Office Online
Report 09/06. http://www.homeoffice.gov.uk/rds/pdfs06/rdsolr0906.pdf <http://www.homeoffice.gov.uk/rds/pdfs06/
rdsolr0906.pdf> (accessed 9 October 2012).

Yar, M. (2005) ‘The novelty of ‘cybercrime’: an assessment in light of routine activity theory’, European Journal of
Criminology 2: 407–27.

Notes

1. The data for the ISBS 2010 presented in Figure 12.1 is derived from the responses from small to medium-sized firms
as they represented the largest group of respondents. It is important to note reports of e-crimes breaches from large
firms were far in excess of those reported by SMEs, making the sharp increase in e-crimes attacks in Figure 12.1 a
conservative estimate.

© Oxford University Press 2013

Related Links
Visit the online resources for this title <http://global.oup.com/uk/orc/criminology/hale3e/>

Find This Title

In the OUP print catalogue <https://global.oup.com/academic/product/criminology-9780199691296?cc=gb&lang=en&>

Page 23 of 23

Printed from Oxford Law Trove. Under the terms of the licence agreement, an individual user may print out a single article for
personal use (for details see Privacy Policy and Legal Notice).
Subscriber: Staffordshire University; date: 26 April 2025