Situational Crime Prevention
This chapter examines a broad range of techniques known as situational crime prevention (SCP). This form of intervention takes cues from a host of theoretical perspectives and involves the design and manipulation of the environment to make offenders’ decisions to become involved in crime less attractive. The use of SCP is widespread in traditional contexts and is by far the most commonly deployed form of intervention in the prevention of cybercrime. Though extensive criminological research has found that SCP techniques can be successfully applied in traditional settings, it is still unclear whether SCP interventions can effectively prevent cybercrime. This chapter scrutinises available empirical evidence regarding the potential effect of SCP approaches (e.g. target hardening, surveillance, posting instructions) in deterring offenders from engaging in and escalating cybercrimes. It concludes by revealing the limitations of SCP in preventing cybercrime, as well as by elucidating the most promising configurations of SCP interventions in digital contexts moving forward.
KeywordsAntivirus software Computer monitoring Computer surveillance Malicious software Situational crime prevention Warning messages
- Algaith, A., Gashi, I., Sobesto, B., Cukier, M., Haxhijaha, S., & Bajrami, G. (2016, June 28–July 1). Comparing detection capabilities of antivirus products: An empirical study with different versions of products from the same vendors. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W) (pp. 48–53). IEEE. https://doi.org/10.1109/DSN-W.2016.45.
- AV Comparatives. (2011). On demand detection of malicious software. Available at https://www.av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf. Accessed 15 June 2019.
- Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection systems. Retrieved from the Defense Technical Information Center (ADA393326).Google Scholar
- Bell, J., & Burke, B. (1992). Cruising Cooper Street situational crime prevention: Successful case studies (2nd ed.). Guilderland, NY: Harrow and Heston.Google Scholar
- Berlin, K., Slater, D., & Saxe, J. (2015). Malicious behavior detection using windows audit logs. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security (pp. 35–44). New York, NY: ACM. https://doi.org/10.1145/2808769.2808773.
- Bishop, P., Bloomfield, R., Gashi, I., & Stankovic, V. (2011, November 29–December 2). Diversity for security: A study with off-the-shelf antivirus engines. In 2011 IEEE 22nd International Symposium on Software Reliability Engineering (pp. 11–19). IEEE. https://doi.org/10.1109/ISSRE.2011.15.
- Blakley, B. (2002, May 16–17). The measure of information security is dollars. In Proceedings (online) of the First Annual Workshop on Economics and Information Security (WEIS ’02) (pp. 1–4). Berkeley, CA.Google Scholar
- Bonneau, J. (2012, May 20–23). The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In 2012 IEEE Symposium on Security and Privacy (pp. 538–552). IEEE. https://doi.org/10.1109/SP.2012.49.
- Cornish, D. B., & Clarke, R. V. (2003). Opportunities, precipitators and criminal decisions: A reply to Wortley’s critique of situational crime prevention. Crime Prevention Studies, 16, 41–96.Google Scholar
- Crow, W. J., & Bull, J. L. (1975) Robbery deterrence: An applied behavioral science demonstration—Final report. La Jolla, CA: Western Behavioral Sciences Institute.Google Scholar
- Dacey, R. F. (2003). Information security: Effective patch management is critical to mitigating software vulnerabilities. Washington, DC: General Accounting Office.Google Scholar
- Eurostat. (2011). Nearly one third of internet users in the EU27 caught a computer virus. Available at https://ec.europa.eu/eurostat/documents/2995521/5028026/4-07022011-AP-EN.PDF/22c742a6-9a3d-456d-bedc-f91deb15481b. Accessed 15 June 2019.
- Farrington, D. P. (1993). Understanding and preventing bullying. In M. Tonry (Ed.), Crime and justice: A review of research (Vol. 17, pp. 381–458). Chicago, IL: University of Chicago.Google Scholar
- Faysel, M. A., & Haque, S. S. (2010). Towards cyber defense: Research in intrusion detection and intrusion prevention systems. IJCSNS International Journal of Computer Science and Network Security, 10(7), 316–325.Google Scholar
- Garg, A., Vidyaraman, S., Upadhyaya, S., & Kwiat, K. (2006, April 2–6). USim: A user behavior simulation framework for training and testing IDSes in GUI based systems. In Proceedings of the 39th Annual Symposium on Simulation (ANSS ’06) (pp. 196–203). Washington, DC: IEEE Computer Society. https://doi.org/10.1109-ANSS.2006.45.
- Hassan, H. M., Reza, D. M., & Farkhad, M. A.-A. (2015). An experimental study of influential elements on cyberloafing from general deterrence theory perspective case study: Tehran subway organization. International Business Research, 8(3), 91. https://doi.org/10.5539/ibr.v8n3p91.CrossRefGoogle Scholar
- Homel, R., & Clarke, R. (1997). A revised classification of situational crime prevention techniques. In S. P. Lab (Ed.), Crime prevention at a crossroads (pp. 17–27). Cincinnati, OH: Anderson.Google Scholar
- Howell, C. J., Cochran, J. K., Powers, R. A., Maimon, D., & Jones, H. M. (2017). System trespasser behavior after exposure to warning messages at a Chinese computer network: An examination. International Journal of Cyber Criminology, 11(1). https://doi.org/10.5281/zenodo.495772.
- Hsiao, D. K., Kerr, D. S., & Madnick, S. E. (1979). Computer security. New York, NY: Academic Press.Google Scholar
- Hutchings, A., Clayton, R., & Anderson, R. (2016, June 1–3). Taking down websites to prevent crime. In 2016 APWG Symposium on Electronic Crime Research (eCrime) (pp. 1–10). https://doi.org/10.1109/ECRIME.2016.7487947.
- Hutchings, A., Pastrana, S., & Clayton, R. (2019). Displacing big data: How criminals cheat the system. In E. R. Leukfeldt & T. J. Holt (Eds.), Cybercrime: The human factor. Oxon, UK: Routledge.Google Scholar
- Jeffrey, C. R., Hunter, R. D., & Griswold, J. (1987). Crime prevention and computer analysis of convenience store robberies in Tallahassee. Florida Police Journal, 34, 65–69.Google Scholar
- Jones, H., Maimon, D., & Ren, W. (2016). Sanction threat and friendly persuasion effects on system trespassers’ behaviors during a system trespassing event. In T. Holt (Ed.), Cybercrime through an interdisciplinary lens (pp. 150–166). London, UK: Routledge. https://doi.org/10.4324/9781315618456.
- Kambow, N., & Passi, L. K. (2014). Honeypots: The need of network security. International Journal of Computer Science and Information Technologies, 5(5), 6098–6101.Google Scholar
- Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A., & Lagerström, R. (2017). Analyzing the effectiveness of attack countermeasures in a SCADA system. In Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids (pp. 73–78). New York, NY: ACM. https://doi.org/10.1145/3055386.3055393.
- Lévesque, F. L., & Fernandez, J. M. (2014, August). Computer security clinical trials: Lessons learned from a 4-month pilot study. Paper presented at CSET ’14 7th Workshop on Cyber Security Exoerueetation and Test, San Diego, CA.Google Scholar
- Lévesque, F. L., Fernandez, J. M., & Batchelder, D., & Young, G. (2016). Are they real? Real-life comparative tests of antivirus products. In Virus Bulletin Conference (pp. 1–11).Google Scholar
- Lévesque, F., Nsiempba, J., Fernandez, J. M., Chiasson, S., & Somayaji, A. (2013). A clinical study of risk factors related to malware infections. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 97–108). New York, NY: ACM. https://doi.org/10.1145/2508859.2516747.
- Lyu, M. R., & Lau, L. K. (2000). Firewall security: Policies, testing and performance evaluation. In Proceedings 24th Annual International Computer Software and Applications Conference (COMPSAC 2000) (pp. 116–121). IEEE.Google Scholar
- Nayak, K., Marino, D., Efstathopoulos, P., & Dumitraş, T. (2014). Some vulnerabilities are different than others. In A. Stavrou, H. Bos, & C. Portokalidis (Eds.), Research in Attacks, Intrusions and Defences (RAID 2014) (LNCS, Vol. 8688, pp. 426–446). Springer. https://doi.org/10.1007/978-3-319-11379-1_21.CrossRefGoogle Scholar
- PC Security Labs. (2013). Security solution review on Windows 8 platform. Technical report. PC Security Labs.Google Scholar
- Ramsbrock, D., Berthier, R., & Cukier, M. (2007, June 25–28). Profiling attacker behavior following SSH compromises. In 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’07) (pp. 119–124). IEEE. https://doi.org/10.1109/DSN.2007.76.
- Scott, L., Crow, W. J., & Erickson, R. (1985). Robbery as robbers see it. Dallas, TX: Southland Corporation.Google Scholar
- Seeberg, V. E., & Petrovic, S. (2007). A new classification scheme for anonymization of real data used in IDS benchmarking. In The Second International Conference on Availability, Reliability and Security (ARES 2007) (pp. 385–390). IEEE. https://doi.org/10.1109/ARES.2007.9.
- Sloan-Howitt, M., & Kelling, G. (1990). Subway graffiti in New York City: ‘Getting up’ vs. ‘meaning’ it and ‘cleaning’ it. Security Journal, 1(3), 131–136.Google Scholar
- Stockman, M., Heile, R., & Rein, A. (2015). An open-source honeynet system to study system banner message effects on hackers. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology (pp. 19–22). New York, NY: ACM. https://doi.org/10.1145/2808062.2808069.
- Surisetty, S., & Kumar, S. (2010). Is McAfee securitycenter/firewall software providing complete security for your computer? In 2010 Fourth International Conference on Digital Society (pp. 178–181). IEEE.Google Scholar
- Testa, A., Maimon, D., Sobesto, B., & Cukier, M. (2017). Illegal roaming and file manipulation on target computers: Assessing the effect of sanction threats on system trespassers’ online behaviors. Criminology and Public Policy, 16(3), 689–726. https://doi.org/10.1111/1745-9133.12312.CrossRefGoogle Scholar
- Torres, J. M., Sarriegi, J. M., Santos, J., & Serrano, N. (2006). Managing information systems security: Critical success factors and indicators to measure effectiveness. In S. K. Katsikas, J. López, M. Backes, & S. Gritzalis (Eds.), Information security: ISC 2006 (Lecture Notes in Computer Science, Vol. 4176, pp. 530–545). Berlin, Germany: Springer. https://doi.org/10.1007/11836810_38.Google Scholar
- Welsh, B. C., & Farrington, D. P. (2009). Making public places safer: Surveillance and crime prevention. New York, NY: Oxford University Press. https://doi.org/10.1093/acprof:oso/9780195326215.001.0001.CrossRefGoogle Scholar
- Wilson, T., Maimon, D., Sobesto, B., & Cukier, M. (2015). The effect of a surveillance banner in an attacked computer system: Additional evidence for the relevance of restrictive deterrence in cyberspace. Journal of Research in Crime and Delinquency, 52(6), 829–855. https://doi.org/10.1177/0022427815587761.CrossRefGoogle Scholar
- Wogalter, M. (2006). Purposes and scope of warnings. In M. Wogalter (Ed.), Handbook of warnings (pp. 3–10). Boca Raton: CRC Press.Google Scholar