The dominant academic and practitioners' perspective on security evolves around law-abiding referent objects of security who are under attack by law-breaking threat agents. This presentation turns the current perspective around and presents a new security paradigm. Suspects of crime have threat agents as well, and are therefore in need of security. The study takes cyber criminals as referent objects of security, and researches their technical computer security practices. While their protective practices are not necessarily deemed criminal by law, security policies and mechanisms of cyber criminals frequently deviate from prescribed bonafide cyber security standards. As such, Erik’s study is the first to present a full picture on these deviant security practices, based on unique access to confidential secondary data related to some of the world's most serious and organized cyber criminals. Besides describing the protection of crime and the criminal, the observed practices are explained by the economics of deviant security: a combination of technical computer security principles and microeconomic theory. The new security paradigm lets us realize that cyber criminals have many countermeasures at their disposal in the preparation, pre-activity, activity and post-activity phases of their modi operandi. Their controls are not only driven by technical innovations, but also by cultural, economical, legal and political dimensions on a micro, meso and macro level. Deviant security is very much democratized, and indeed one of the prime causes of today's efficiency and effectiveness crisis in police investigations. Yet every modus operandi comes with all kinds of minor, major and even unavoidable weaknesses, and therefore suggestions are made how police investigations can exploit these vulnerabilities and promote human security as a public good for all citizens. Ultimately, the findings of Erik’s socio-technical-legal project prove that deviant security is an academic field of study on its own with continually evolving research opportunities.

Details

time: 11:30
speakers: Erik van de Sandt

Other sessions:

Fighting DDoS Attacks Together on a National Scale


Pragmatic Security in the DevOps World


Digital Service Providers and the NIS-Directive


The Five People You Meet in Cybercriminal Heaven


Hack_Right; How to Keep Hackers on the Right Track