Story

START researchers fight cybercrime with old school criminology

As the world’s dependency on the Internet grows, so too does the collection of cybersecurity threats our nation faces—but a landmark study conducted by researchers from the National Consortium for the Study of Terrorism and Responses to Terrorism (START) and the University of Maryland aims to develop strategies to reduce and prevent cyberattacks.

Criminologists, psychologists and computer security experts collaborate to improve the security of computer systems

The project, “Protecting the Bazaar: The Ecology of Cybersecurity in Weakly Fortified Networks,” marks the first active collaboration between computer security experts and social and behavioral scientists on the study of cybercrime.

Under the direction of principal investigator David Maimon, START researcher and assistant professor of criminology and criminal justice, the team will evaluate criminological theories within cyberspace using survey data and experimental design, in addition to detailed network and target computer data.

“Essentially, we are testing how real world crime prevention strategies can be implemented in the context of cyberspace,” Maimon said. “For instance, we know that increasing the effort or risk of criminal behavior reduces the probability that a motivated offender will act – it’s like putting a lock on a door. Similarly, reducing the anticipated reward from a criminal act also decreases the likelihood that a motivated offender will act. But we want to know whether these real-world strategies can be used online to reduce and prevent attacks against our systems and network users.

The project, which builds on a series of earlier studies conducted by Maimon and senior researcher Michel Cukier, will also examine the characteristics of user-victims, offender-hackers and the bazaar computing environment—a weakly fortified system where a wide variety of users engage in a range of activities with minimal security in largely unregulated settings. Information on hackers and attacks will be collected using a large set of target computers called “honeypots” built for the sole purpose of being attacked.

“By identifying specific system configurations that deter computer hackers from malicious activities, as well as particular behaviors that cyber-attack victims exhibit, we believe that we can increase the security of computer systems,” Cukier said.

With support from Maryland’s Office of Information Technology (OIT), the team will conduct its research within the context of the university’s bazaar computing system, which includes more than 130,000 IP addresses and 45,000 computers.

The project’s ecological approach fills a critical gap in cybersecurity research, Maimon explained. Although cyberattacks have been occurring for more than a decade, prior studies have ignored the human element of the hacker as it relates to the attacks themselves.