Advertisement

Situational Crime Prevention

  • Russell Brewer
  • Melissa de Vel-Palumbo
  • Alice Hutchings
  • Thomas Holt
  • Andrew Goldsmith
  • David Maimon
Chapter
Part of the Crime Prevention and Security Management book series (CPSM)

Abstract

This chapter examines a broad range of techniques known as situational crime prevention (SCP). This form of intervention takes cues from a host of theoretical perspectives and involves the design and manipulation of the environment to make offenders’ decisions to become involved in crime less attractive. The use of SCP is widespread in traditional contexts and is by far the most commonly deployed form of intervention in the prevention of cybercrime. Though extensive criminological research has found that SCP techniques can be successfully applied in traditional settings, it is still unclear whether SCP interventions can effectively prevent cybercrime. This chapter scrutinises available empirical evidence regarding the potential effect of SCP approaches (e.g. target hardening, surveillance, posting instructions) in deterring offenders from engaging in and escalating cybercrimes. It concludes by revealing the limitations of SCP in preventing cybercrime, as well as by elucidating the most promising configurations of SCP interventions in digital contexts moving forward.

Keywords

Antivirus software Computer monitoring Computer surveillance Malicious software Situational crime prevention Warning messages 

References

  1. Algaith, A., Gashi, I., Sobesto, B., Cukier, M., Haxhijaha, S., & Bajrami, G. (2016, June 28–July 1). Comparing detection capabilities of antivirus products: An empirical study with different versions of products from the same vendors. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W) (pp. 48–53). IEEE.  https://doi.org/10.1109/DSN-W.2016.45.
  2. Atzeni, A., & Lioy, A. (2006). Why to adopt a security metric? A brief survey. In D. Gollmann, F. Massacci, & A. Yautsiukhin (Eds.), Quality of protection: Advances in information security (Vol. 23, pp. 1–12). Boston, MA: Springer.  https://doi.org/10.1007/978-0-387-36584-8_1.Google Scholar
  3. AV Comparatives. (2011). On demand detection of malicious software. Available at https://www.av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf. Accessed 15 June 2019.
  4. Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection systems. Retrieved from the Defense Technical Information Center (ADA393326).Google Scholar
  5. Bell, J., & Burke, B. (1992). Cruising Cooper Street situational crime prevention: Successful case studies (2nd ed.). Guilderland, NY: Harrow and Heston.Google Scholar
  6. Bennett, T., Holloway, K., & Farrington, D. P. (2009). A review of the effectiveness of neighbourhood watch. Security Journal, 22(2), 143–155.  https://doi.org/10.1057/palgrave.sj.8350076.CrossRefGoogle Scholar
  7. Berlin, K., Slater, D., & Saxe, J. (2015). Malicious behavior detection using windows audit logs. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security (pp. 35–44). New York, NY: ACM.  https://doi.org/10.1145/2808769.2808773.
  8. Bishop, P., Bloomfield, R., Gashi, I., & Stankovic, V. (2011, November 29–December 2). Diversity for security: A study with off-the-shelf antivirus engines. In 2011 IEEE 22nd International Symposium on Software Reliability Engineering (pp. 11–19). IEEE.  https://doi.org/10.1109/ISSRE.2011.15.
  9. Blais, E., & Bacher, J.-L. (2007). Situational deterrence and claim padding: Results from a randomized field experiment. Journal of Experimental Criminology, 3(4), 337–352.  https://doi.org/10.1007/s11292-007-9043-z.CrossRefGoogle Scholar
  10. Blakley, B. (2002, May 16–17). The measure of information security is dollars. In Proceedings (online) of the First Annual Workshop on Economics and Information Security (WEIS ’02) (pp. 1–4). Berkeley, CA.Google Scholar
  11. Bonneau, J. (2012, May 20–23). The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In 2012 IEEE Symposium on Security and Privacy (pp. 538–552). IEEE.  https://doi.org/10.1109/SP.2012.49.
  12. Cazier, J. A., & Medlin, B. D. (2006). Password security: An empirical investigation into e-commerce passwords and their crack times. Information Systems Security, 15(6), 45–55.  https://doi.org/10.1080/10658980601051318.CrossRefGoogle Scholar
  13. Ciocchetti, C. A. (2011). The eavesdropping employer: A twenty-first century framework for employee monitoring. American Business Law Journal, 48(2), 285–369.  https://doi.org/10.1111/j.1744-1714.2011.01116.x.CrossRefGoogle Scholar
  14. Clarke, R. V. (1995). Situational crime prevention. Crime and Justice, 19, 91–150.  https://doi.org/10.1086/449230.CrossRefGoogle Scholar
  15. Cornish, D. B., & Clarke, R. V. (2003). Opportunities, precipitators and criminal decisions: A reply to Wortley’s critique of situational crime prevention. Crime Prevention Studies, 16, 41–96.Google Scholar
  16. Cozens, P. M., Saville, G., & Hillier, D. (2005). Crime prevention through environmental design (CPTED): A review and modern bibliography. Property Management, 23(5), 328–356.  https://doi.org/10.1108/02637470510631483.CrossRefGoogle Scholar
  17. Crawford, A., & Evans, K. (2017). Crime prevention and community safety. In A. Leibling, S. Maruna, & L. McAra (Eds.), The Oxford handbook of criminology (6th ed., pp. 797–824). Oxford, UK: Oxford University Press.  https://doi.org/10.1093/he/9780198719441.001.0001.Google Scholar
  18. Crow, W. J., & Bull, J. L. (1975) Robbery deterrence: An applied behavioral science demonstration—Final report. La Jolla, CA: Western Behavioral Sciences Institute.Google Scholar
  19. Dacey, R. F. (2003). Information security: Effective patch management is critical to mitigating software vulnerabilities. Washington, DC: General Accounting Office.Google Scholar
  20. D’Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20(6), 643–658.  https://doi.org/10.1057/ejis.2011.23.CrossRefGoogle Scholar
  21. Décary-Hétu, D., & Giommoni, L. (2017). Do police crackdowns disrupt drug cryptomarkets? A longitudinal analysis of the effects of Operation Onymous. Crime, Law and Social Change, 67(1), 55–75.  https://doi.org/10.1007/s10611-016-9644-4.CrossRefGoogle Scholar
  22. Eivazi, K. (2011). Computer use monitoring and privacy at work. Computer Law and Security Review, 27(5), 516–523.  https://doi.org/10.1016/j.clsr.2011.07.003.CrossRefGoogle Scholar
  23. Eurostat. (2011). Nearly one third of internet users in the EU27 caught a computer virus. Available at https://ec.europa.eu/eurostat/documents/2995521/5028026/4-07022011-AP-EN.PDF/22c742a6-9a3d-456d-bedc-f91deb15481b. Accessed 15 June 2019.
  24. Farrington, D. P. (1993). Understanding and preventing bullying. In M. Tonry (Ed.), Crime and justice: A review of research (Vol. 17, pp. 381–458). Chicago, IL: University of Chicago.Google Scholar
  25. Faysel, M. A., & Haque, S. S. (2010). Towards cyber defense: Research in intrusion detection and intrusion prevention systems. IJCSNS International Journal of Computer Science and Network Security, 10(7), 316–325.Google Scholar
  26. Florêncio, D., Herley, C., & van Oorschot, P. C. (2016). Pushing on string: The ‘don’t care’ region of password strength. Communications of the ACM, 59(11), 66–74.  https://doi.org/10.1145/2934663.CrossRefGoogle Scholar
  27. Garg, A., Vidyaraman, S., Upadhyaya, S., & Kwiat, K. (2006, April 2–6). USim: A user behavior simulation framework for training and testing IDSes in GUI based systems. In Proceedings of the 39th Annual Symposium on Simulation (ANSS ’06) (pp. 196–203). Washington, DC: IEEE Computer Society. https://doi.org/10.1109-ANSS.2006.45.
  28. Gerace, T., & Cavusoglu, H. (2009). The critical elements of the patch management process. Communications of the ACM, 52(8), 117–121.  https://doi.org/10.1145/1536616.1536646.CrossRefGoogle Scholar
  29. Guerette, R. T., & Bowers, K. J. (2009). Assessing the extent of crime displacement and diffusion of benefits: A review of situational crime prevention evaluations. Criminology, 47(4), 1331–1368.  https://doi.org/10.1111/j.1745-9125.2009.00177.x.CrossRefGoogle Scholar
  30. Guttman, B., & Roback, E. A. (1995). An introduction to computer security: The NIST handbook. Gaithersburg, MD: U.S. Department of Commerce.CrossRefGoogle Scholar
  31. Hassan, H. M., Reza, D. M., & Farkhad, M. A.-A. (2015). An experimental study of influential elements on cyberloafing from general deterrence theory perspective case study: Tehran subway organization. International Business Research, 8(3), 91.  https://doi.org/10.5539/ibr.v8n3p91.CrossRefGoogle Scholar
  32. Homel, R., & Clarke, R. (1997). A revised classification of situational crime prevention techniques. In S. P. Lab (Ed.), Crime prevention at a crossroads (pp. 17–27). Cincinnati, OH: Anderson.Google Scholar
  33. Howell, C. J., Cochran, J. K., Powers, R. A., Maimon, D., & Jones, H. M. (2017). System trespasser behavior after exposure to warning messages at a Chinese computer network: An examination. International Journal of Cyber Criminology, 11(1).  https://doi.org/10.5281/zenodo.495772.
  34. Hsiao, D. K., Kerr, D. S., & Madnick, S. E. (1979). Computer security. New York, NY: Academic Press.Google Scholar
  35. Hutchings, A., Clayton, R., & Anderson, R. (2016, June 1–3). Taking down websites to prevent crime. In 2016 APWG Symposium on Electronic Crime Research (eCrime) (pp. 1–10).  https://doi.org/10.1109/ECRIME.2016.7487947.
  36. Hutchings, A., Pastrana, S., & Clayton, R. (2019). Displacing big data: How criminals cheat the system. In E. R. Leukfeldt & T. J. Holt (Eds.), Cybercrime: The human factor. Oxon, UK: Routledge.Google Scholar
  37. Jeffrey, C. R., Hunter, R. D., & Griswold, J. (1987). Crime prevention and computer analysis of convenience store robberies in Tallahassee. Florida Police Journal, 34, 65–69.Google Scholar
  38. Jones, H., Maimon, D., & Ren, W. (2016). Sanction threat and friendly persuasion effects on system trespassers’ behaviors during a system trespassing event. In T. Holt (Ed.), Cybercrime through an interdisciplinary lens (pp. 150–166). London, UK: Routledge.  https://doi.org/10.4324/9781315618456.
  39. Kambow, N., & Passi, L. K. (2014). Honeypots: The need of network security. International Journal of Computer Science and Information Technologies, 5(5), 6098–6101.Google Scholar
  40. Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A., & Lagerström, R. (2017). Analyzing the effectiveness of attack countermeasures in a SCADA system. In Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids (pp. 73–78). New York, NY: ACM.  https://doi.org/10.1145/3055386.3055393.
  41. Lévesque, F. L., & Fernandez, J. M. (2014, August). Computer security clinical trials: Lessons learned from a 4-month pilot study. Paper presented at CSET ’14 7th Workshop on Cyber Security Exoerueetation and Test, San Diego, CA.Google Scholar
  42. Lévesque, F. L., Fernandez, J. M., & Batchelder, D., & Young, G. (2016). Are they real? Real-life comparative tests of antivirus products. In Virus Bulletin Conference (pp. 1–11).Google Scholar
  43. Lévesque, F., Nsiempba, J., Fernandez, J. M., Chiasson, S., & Somayaji, A. (2013). A clinical study of risk factors related to malware infections. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 97–108). New York, NY: ACM.  https://doi.org/10.1145/2508859.2516747.
  44. Lyu, M. R., & Lau, L. K. (2000). Firewall security: Policies, testing and performance evaluation. In Proceedings 24th Annual International Computer Software and Applications Conference (COMPSAC 2000) (pp. 116–121). IEEE.Google Scholar
  45. Maimon, D., Alper, M., Sobesto, B., & Cukier, M. (2014). Restrictive deterrent effect of a warning banner in an attacked computer system. Criminology, 52, 33–59.  https://doi.org/10.1111/1745-9125.12028.CrossRefGoogle Scholar
  46. Moore, A. D. (2000). Employee monitoring and computer technology: Evaluative surveillance v. privacy. Business Ethics Quarterly, 10(3), 697–709.  https://doi.org/10.2307/3857899.CrossRefGoogle Scholar
  47. Nayak, K., Marino, D., Efstathopoulos, P., & Dumitraş, T. (2014). Some vulnerabilities are different than others. In A. Stavrou, H. Bos, & C. Portokalidis (Eds.), Research in Attacks, Intrusions and Defences (RAID 2014) (LNCS, Vol. 8688, pp. 426–446). Springer.  https://doi.org/10.1007/978-3-319-11379-1_21.CrossRefGoogle Scholar
  48. PC Security Labs. (2013). Security solution review on Windows 8 platform. Technical report. PC Security Labs.Google Scholar
  49. Rama, P., & Kulmala, R. (2000). Effects of variable message signs for slippery road conditions on driving speed and headways. Transportation Research, 3, 85–94.  https://doi.org/10.1016/S1369-8478(00)00018-8.CrossRefGoogle Scholar
  50. Ramsbrock, D., Berthier, R., & Cukier, M. (2007, June 25–28). Profiling attacker behavior following SSH compromises. In 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’07) (pp. 119–124). IEEE.  https://doi.org/10.1109/DSN.2007.76.
  51. Scott, L., Crow, W. J., & Erickson, R. (1985). Robbery as robbers see it. Dallas, TX: Southland Corporation.Google Scholar
  52. Seeberg, V. E., & Petrovic, S. (2007). A new classification scheme for anonymization of real data used in IDS benchmarking. In The Second International Conference on Availability, Reliability and Security (ARES 2007) (pp. 385–390). IEEE.  https://doi.org/10.1109/ARES.2007.9.
  53. Siponen, M., & Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5), 267–270.  https://doi.org/10.1016/j.im.2008.12.007.CrossRefGoogle Scholar
  54. Sloan-Howitt, M., & Kelling, G. (1990). Subway graffiti in New York City: ‘Getting up’ vs. ‘meaning’ it and ‘cleaning’ it. Security Journal, 1(3), 131–136.Google Scholar
  55. Stockman, M., Heile, R., & Rein, A. (2015). An open-source honeynet system to study system banner message effects on hackers. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology (pp. 19–22). New York, NY: ACM.  https://doi.org/10.1145/2808062.2808069.
  56. Sukwong, O., Kim, H. S., & Hoe, J. C. (2011). Commercial antivirus software effectiveness: An empirical study. Computer, 44(3), 63–70.  https://doi.org/10.1109/MC.2010.187.CrossRefGoogle Scholar
  57. Surisetty, S., & Kumar, S. (2010). Is McAfee securitycenter/firewall software providing complete security for your computer? In 2010 Fourth International Conference on Digital Society (pp. 178–181). IEEE.Google Scholar
  58. Testa, A., Maimon, D., Sobesto, B., & Cukier, M. (2017). Illegal roaming and file manipulation on target computers: Assessing the effect of sanction threats on system trespassers’ online behaviors. Criminology and Public Policy, 16(3), 689–726.  https://doi.org/10.1111/1745-9133.12312.CrossRefGoogle Scholar
  59. Torres, J. M., Sarriegi, J. M., Santos, J., & Serrano, N. (2006). Managing information systems security: Critical success factors and indicators to measure effectiveness. In S. K. Katsikas, J. López, M. Backes, & S. Gritzalis (Eds.), Information security: ISC 2006 (Lecture Notes in Computer Science, Vol. 4176, pp. 530–545). Berlin, Germany: Springer.  https://doi.org/10.1007/11836810_38.Google Scholar
  60. Welsh, B. C., & Farrington, D. P. (2008a). Effects of closed circuit television surveillance on crime. Campbell Systematic Reviews, 17, 2–73.  https://doi.org/10.4073/csr.2008.17.CrossRefGoogle Scholar
  61. Welsh, B. C., & Farrington, D. P. (2008b). Effects of improved street lighting on crime. Campbell Systematic Reviews, 13, 1–51.  https://doi.org/10.4073/csr.2008.13.CrossRefGoogle Scholar
  62. Welsh, B. C., & Farrington, D. P. (2009). Making public places safer: Surveillance and crime prevention. New York, NY: Oxford University Press.  https://doi.org/10.1093/acprof:oso/9780195326215.001.0001.CrossRefGoogle Scholar
  63. Wilson, T., Maimon, D., Sobesto, B., & Cukier, M. (2015). The effect of a surveillance banner in an attacked computer system: Additional evidence for the relevance of restrictive deterrence in cyberspace. Journal of Research in Crime and Delinquency, 52(6), 829–855.  https://doi.org/10.1177/0022427815587761.CrossRefGoogle Scholar
  64. Wogalter, M. (2006). Purposes and scope of warnings. In M. Wogalter (Ed.), Handbook of warnings (pp. 3–10). Boca Raton: CRC Press.Google Scholar

Copyright information

© The Author(s) 2019

Authors and Affiliations

  • Russell Brewer
    • 1
  • Melissa de Vel-Palumbo
    • 2
  • Alice Hutchings
    • 3
  • Thomas Holt
    • 4
  • Andrew Goldsmith
    • 5
  • David Maimon
    • 6
  1. 1.School of Social SciencesUniversity of AdelaideAdelaideAustralia
  2. 2.Centre for Crime Policy and ResearchFlinders UniversityAdelaideAustralia
  3. 3.Department of Computer Science and TechnologyUniversity of CambridgeCambridgeUK
  4. 4.School of Criminal JusticeMichigan State UniversityEast LansingUSA
  5. 5.Centre for Crime Policy and ResearchFlinders UniversityAdelaideAustralia
  6. 6.Department of Criminal Justice and CriminologyGeorgia State UniversityAtlantaUSA

Personalised recommendations