MET Cybersecurity Maven Lends Expertise to Colombian Broadcast

in Criminal Justice, MET News
June 26th, 2018

Professor Choi with Colombian National Police Radio & TV

Dr. Kyung-shick Choi, faculty coordinator for the Metropolitan College Cybercrime Investigation & Cybersecurity master’s and graduate certificate criminal justice programs, was invited to speak with Colombian National Police Radio & Television to share his insights into the rising tide of online malfeasance.

“Cybercrime and information security breaches are growing transnational problems,” Dr. Choi explained during an interview. “Media reports of the increasingly frequent security breaches, ID theft, and internet fraud involving various businesses have made the business consumers more aware of, and concerned with, the security of their personal information,” he said.

Dr. Choi also discussed his aims for the treatise he wrote on the subject, Cybercriminology and Digital Investigation, which was recently translated into a Spanish-language edition with the help of coauthor and MET alum Major Toro Alvarez. “We hope this book is going to guide new researchers, scholarship, and investigators in Latin America and to improve the understanding of the cybercriminology disciplines,” Choi remarked, going on to say, “The additional hope is…  to promote greater global cybersecurity and educate [the] global law enforcement community.”

Why is it important to talk about cybercriminology nowadays?

It is more important than ever to talk about cybercriminology, [given] the growth and proliferation of digital and information technology. Issues of cybercrime and information security are now transnational concerns that affect people across conventional spatial and temporal boundaries in detrimental ways. In fact, the issue of cybercrime and cybersecurity is not a new concept any more—we have been fighting the rise of cybercrime for decades. As of late, the phenomena has become more prevalent, due to recent cases of severe security breaches, identity thefts, digital frauds, online drug-trafficking, cyber-bullying, and online interpersonal crimes, among many others. We now have heightened levels of awareness and concern for the role technology has in facilitating cybercrime and instances of online victimization.

Cybercriminology aims to bridge criminological perspective and cybersecurity-related disciplines. Cybercriminology is unique in that it provides potential benefits to a researcher and a practitioner to cross disciplinary boundaries and find solutions to modern cybercrime and cybersecurity issues via the application of criminological science.

What is cybercriminology?

Cybercriminology is the interdisciplinary study of the causes of cybercrime, which combines knowledge from criminology, psychology, sociology, computer science, and cybersecurity to deliver an in-depth understanding of the nature of cybercrime in the criminal justice field. Cybercriminology specifically explores and evaluates the causes, victimization, legal issues, ethics, control strategies, and societal costs regarding the cybercrime problem.

What are the developments related to this subject?

The criminal justice system focuses on the process of “making laws, breaking laws, and enforcing law.” The role of cybercriminology is to facilitate criminal justice policy and practices in the realm of cyberspace. Cybercriminology is strongly related to this process, especially the process of making and enforcing laws that follow the research in areas of criminal justice policy or law enforcement practices that can be improved.

For example, just last year I testified to support a cybersecurity bill (H.3618) in the Massachusetts State House. During my testimony, I discussed the chronic underreporting of cybercrimes to law enforcement, and also highlighted a number of police departments who’ve been successfully attacked with ransomware, using my empirical study. Today, thanks to the action of state lawmakers, Massachusetts is actively facilitating innovative and effective cybercrime prevention programs, and is one of the leading states in the U.S. for combating cybercrime issues.

What are the most important aspects that businesspeople and the private sector must seriously consider with regards to cybercriminology and cybercrime?

As previously mentioned, cybercrime and information security breaches are growing transnational problems. Media reports of increasingly frequent security breaches, ID theft, and internet fraud involving various businesses have made business consumers more aware of, and concerned with, the security of their personal information. Cybercrime and cybersecurity threats are also constantly changing, meaning new and innovative prevention strategies are always needed.

Some of the main goals businesses should consider are the need for sustainable sources of scholarship, training, and service in cybercrime and cybersecurity. In addition, studying cybercriminology can provide scientific guidance that allows business personnel to develop skills to prevent potential cybercrime incidents.

What is your Cyber-Routine Activities Theory about?

I proposed the Cyber-Routine Activities Theory in 2008, taking core concepts from the Lifestyle Exposure Theory by Hindelang et al. (1978) and the Routine Activities Theory (RAT) of Cohen and Felson (1979) and applying them to computer-crime victimization. My theory argues that digital capable guardianship (cybersecurity) and online lifestyles substantially influence computer-crime victimization.

The Cyber-RAT hypothesized that an individual’s computer-oriented lifestyle in cyberspace contributes to his or her potential computer-crime victimization. In other words, online users—who are willing to visit unknown websites or download unknown files in order to gain free MP3 files or free software programs, or who click on icons without precaution—are likely to be victimized by cybercriminals. The concept of interest is individuals’ daily patterns of routine activities—including vocational and leisure ones—in cyberspace that increase the potential for computer-crime victimization.

Also of importance is one of the three major tenets from routine activities theory: capable guardianship. The tenet of interest is how computer security, acting as a capable guardian in cyberspace, plays a major role against computer-crime victimization. The theory asserts that the presence of installed computer security in a computer is a significant factor that can prevent or minimize the occurrence of computer crime. The Cyber-RAT predicted and confirmed that variation of these two main factors, risky online lifestyle and cybersecurity, determines the level of an individual’s computer-crime victimization potential via the application of Structural Equation Modeling (SEM).

Why did you started to work on this theory?

As a cybercriminologist, I was seeking a clear answer for why people become a victim of computer crime such as hacking, virus intrusion, et cetera. I examined all the existing crime victimization literature and no empirical studies had been applied to explain computer-crime victimization.

Mustain and Tewksbury (1998) argued that people who engage in delinquent lifestyle activities are likely to become suitable targets “because of their anticipated lack of willingness to mobilize the legal system” (p. 836). More importantly, the victims tend to neglect their risk of victimization by failing to inspect themselves regarding “where you are, what your behaviors are, and what you are doing to protect yourself” (Mustain & Tewksbury, p. 852). My Cyber-RAT is designed to reflect Mustain and Tewksbury’s statement by combining the discussed two theories. In other words, the Cyber-RAT clearly indicates that the combination of human-errors (online lifestyle) and cybersecurity (digital guardianship) explain the causes of computer victimization.

Which is the biggest contribution of this theory to the world?

The Cyber-RAT is the first theory of its kind. No other empirical test focuses on individual computer-crime victimization via proposing a new theoretical model by illustrating an overall picture of the relationship among the causal factors in the proposed model. The Cyber-RAT has been applied to various forms of cybercrimes and gained empirical support for explaining causes of cybercrime victimization as a broad theoretical spectrum.

We know that you recently published a book, what can you tell us about it?

I was very fortunate to work with Major Toro Alvarez, my talented mentee and Boston University alum. We hope this book is going to guide new researchers, scholarships, and investigators in Latin America, as well as improve the understanding of the cybercriminology disciplines. The additional hope for this book is to promote greater global cybersecurity and educate global law enforcement community.

What can we expect to hear from you at the I Simposio de Cibercriminología y Ciberseguridad in Colombia?

Using BU’s Cybercrime Investigation & Cybersecurity (CIC) program model, the presentation will mainly highlight and discuss the importance of international cooperation and constant effort from government agencies, private sectors, and educational institutes. The BU CIC model aims to collaborate and work with a broad range of experts in the field of cybercrime and cybersecurity, while also providing training for law enforcement officers, business stakeholders, and/or computer science-related personnel. The goal is to be on the forefront of innovative cybercriminology research while simultaneously offering comprehensive modules that are both informative and pragmatic.