Professor of the Practice Director, Cybercrime & Cybersecurity
Dr. Choi designed and oversees Metropolitan College’s programs in Cybercrime Investigation & Cybersecurity, offered jointly by the Department of Applied Social Sciences and Department of Computer Science. These programs comprise a graduate certificate and an MS in Criminal Justice degree concentration.
Choi has an established track record in designing and delivering law enforcement training programs in cybercrime investigation, including computer forensics and child exploitation investigation. He is a founder of the Cybercrime Division at the American Society of Criminology (ASC) and the vice president of the Korean Society of Criminology in America (KOSCA). He facilitated the Korean Institute of Criminology global cybercrime project, Virtual Forum Against Cybercrime (VFAC), in cooperation with the United Nations, and also served as an instructor and consultant. He has been invited to deliver lectures at the INTERPOL and the AMERIPOL summits and has also testified as a cybercrime expert in support of a cybersecurity bill (No. H2814) for the Massachusetts Statehouse.
Choi is founding editor and editor-in-chief of the International Journal of Cybercrime and Cybersecurity Intelligence. He also conducts his own academic research, focusing on the intersection of human behavior and technology, and how criminal justice organizations can respond effectively to the challenges of cybercrime. In 2008, he proposed the Cyber-Routine Activities Theory (Cyber-RAT), which has become a predominant theory of computer-crime victimization. Choi’s work has appeared in numerous peer-reviewed journals, and his books include Digital Forensics and Cyber Investigation (2022); The Foundations of Statistics in Criminology and Criminal Justice (2020); Cibercriminología: Guía para la Investigación del Cibercrimen y Mejores Prácticas en Securidad Digital [Cybercriminology: Guide for Cybercrime Investigation and Best Practices in Digital Security] (2017); Cybercriminology and Digital Investigation (2015); and Risk Factors in Computer Crime (2010). Choi is currently working on federally funded cybercrime- and cybersecurity-related projects with the National Institute of Justice (NIJ), the Office of Juvenile Justice and Delinquency Prevention (OJJDP), and the Bureau of Justice Assistance (BJA).
What is your area of expertise?
My area of expertise is cybercriminology, cybercrime investigation, and cybersecurity.
Please tell us about your work. Can you share any current research or recent publications?
My substantive area of study is cybercriminology, which focuses on how cybercriminal behavior and technology interact with the criminal justice system. I recently published three peer-reviewed journal articles—“Theoretical Analysis of Cyber-interpersonal Violence Victimization and Offending using Cyber-routine Activities Theory,” in Computers in Human Behavior; “Mobile Phone Technology and Online Sexual Harassment among Juveniles in South Korea: Effects of Self-control and Social Learning,” in the International Journal of Cyber Criminology; and “Applying Routine Activities Theory to Understand Physical and Nonphysical Peer Victimization,” in the Journal of Aggression, Maltreatment & Trauma. Additionally, with the help of co-author Major Marlon Mike Toro-Alvarez—a MET cybercrime investigation master’s concentration graduate and member of the Colombia National Police—a Spanish translation of my work was published in November 2017, entitled Cibercriminología: Guía para la investigación del cibercrimen y mejores prácticas en seguridad digital, or, Cybercriminology: Guide for Cybercrime Investigation and Best Practices in Digital Security.
In the summer of 2017, I was invited by the Massachusetts government to give testimony regarding the latest efforts to reduce the risk of cybercrime facing the Commonwealth. At the Massachusetts State House, I discussed a bill which would create a special commission tasked with assessing the cybersecurity threats Massachusetts faces and advising on viable solutions. I continue to be involved with cybercrime policy advocacy in any way I can.
I am currently at work on Darknet- and Bitcoin-related projects. My latest study examines the characteristics and operations of online gambling websites which allow Bitcoin payments on both the Darknet and surface web. I will also soon conduct research analyzing known Distributed Denial of Service (DDoS) attacks, which have occurred more frequently than ever before of late.
How does the subject you work in apply in practice? What is its application?
As a teacher-scholar, I am actively engaged in cybercrime and cybersecurity research, with the goal of becoming a better and more confident educator and mentor for our students. My career goal is to teach cybercrime and cybersecurity subjects and educate professionals and academics in this emerging field. Moreover, I believe that education in the cybercrime and cybersecurity field can facilitate rapid social welfare changes and establish social justice in our contemporary society. In order to accomplish my ambitions of becoming as refined a teacher-scholar as possible, I constantly work toward building the strongest possible scholarship so that I can effectively deliver and share what knowledge and skills I gain with students.
What courses do you teach in the program?
I mainly teach the Cybercrime (MET CJ 610) and Applied Digital Forensic Investigation (MET CJ 710) courses. I am also developing the Foundation of Cybersecurity course, in order to assist students who do not bring a technical background to their studies.
Can you highlight a particular project within these courses that most interests your students? What “real-life” exercises do you bring to classes?
As a “Virtual Forum Against Cybercrime” instructor under the United Nations Office on Drugs and Crime, I was very fortunate to work with many talented international cybercrime scholars and field investigators. I am dedicated to transforming my earned, practical knowledge into material with which to build core course contents and lab exercises.
To offer one example, the Cybercrime (MET CJ 610) course includes a case study project in which the students pick a case relevant to their field. Throughout the coursework, students craft a final paper that comprehensively reflects criminological perspective, victimization, legal and sanction issues, and criminal justice policy. In this way, students are able to easily build up their expertise and can then apply their gained knowledge to current or future professions.
In addition, the Applied Digital Forensic Investigation (MET CJ 710) course is comprised of the most fundamentally practical cybercrime investigation lab exercises, ranging from drafting a federal search warrant based on real cybercrime cases to conducing successful forensic examinations of digital devices and computer networks with hands-on experience within the Virtual Security Lab. The final project fully reflects the essential practical knowledge needed to simulate the digital forensic examiner’s field examinations.
Faculty’s White Hat Conference Address 2021
Leadership in Cybersecurity at BU MET in Focus at Faculty’s White Hat Conference Address
Dr. Tanya Zlateva
Dean, Metropolitan College & Extended Education; Professor of the Practice, Computer Science and Education; Director, Information Security
PhD, MS, BS, Dresden University of Technology
Dr. Lou Chitkushev
Associate Dean for Academic Affairs; Associate Professor, Computer Science; Director, Health Informatics and Health Sciences
PhD, Boston University; MS, Medical College of Virginia; MS, BS, University of Belgrade
Dr. Kyung-shick Choi
Professor of the Practice; Director, Cybercrime and Cybersecurity
PhD, Indiana University of Pennsylvania; MS, Boston University; BS, Northeastern University
The following comments are excerpted, with light edits, from the addresses of Metropolitan College Dean Tanya Zlateva, Associate Dean Lou Chitkushev, and Cybercrime & Cybersecurity Director Kyung-shick Choi to the attendees of the 2021 International White Hat Conference, held virtually June 1–2, 2021.
Dean Zlateva: Distinguished guests and colleagues from here and around the world, thank you for joining us for the 2021 International White Hat Conference. It gives me great pleasure to welcome you to Boston University Metropolitan College, in the city of Boston. I wish we were physically here, but we will connect virtually. And hopefully in the years ahead, we will [meet] together physically as well.
Director Choi: It is my absolute honor to be a part of this meaningful event as an organizer and speaker. Launching this White Hat Conference was one of my dreams as a cyber criminologist.
A question I have asked myself for years now is, why, as the good guys, are we continuously reluctant to share our knowledge? And yet the bad guys are constantly communicating and sharing their wealth of knowledge.
Dean Zlateva: The previous 18 months have been unlike any before. We learned to work and to learn with COVID in our midst. We realized keenly, clearly, and sometimes painfully, how closely connected we are with any corner of this planet. We also learned how critical trust and working together are for our survival, but how difficult they are to achieve. History tells us that in times of trouble and danger, the social fabric wears thin, and also gives way to tension, unrests, and confrontations. The last year-and-a-half was, unfortunately, no exception.
The impact of the pandemic on crime patterns appears to be, in many aspects, similar to what we observed in the past. However, there is an important, I would say crucial, difference. The computing and data revolution of the last 40 years that brought computational power to our fingertips and allowed us instant connection to remote locations thousands of miles away also opened new opportunities and paths for attack to criminals.
As company transitions to remote work were reliant on fast networks and cloud-based platforms, the large number of remote workers became targets for attacks and increased the vulnerability of the entire enterprise. So did the heavy reliance on cloud-based platforms.
According to a report by McAfee from last December, global losses from cybercrime hit close to $1 trillion in 2020, and the predictions are dire. This number is expected to grow rapidly. This is why [exploring] the theme of this conference, The Future of Cybercrime and Its Challenges: Innovative Solutions Against Cybercrime, is so important and timely.
Director Choi: I can vividly remember the first White Hat Conference in Bogota, Colombia. With the full support of the Colombian National Police and private sectors, the first White Hat Conference was facilitated to promote effective cybercrime investigation and training.
This year’s White Hat Conference is fully sponsored by the US Department of Justices’ Bureau of Justice Assistance (BJA). In 2019, the BJA awarded MET a federal grant to support the Student Computer Forensics and Digital Evidence Educational Opportunities program. Its goal is to develop effective cybercrime investigation training [and] test the best practices, reflecting the needs of all levels of law enforcement, and establish a training guideline in computer forensics and digital evidence.
Our research team from Boston University and our research partner, Utica College, have gathered input from federal as well as local and state law enforcement agencies to improve [academic approaches] to better serve agency needs.
Dean Zlateva: That cybersecurity is essential is now a fact that everybody knows, everybody accepts. [But] it is difficult to master. This audience of cybercrime professionals knows best that the one crime category that has skyrocketed across the world is cybercrime. In some countries, by double-digit [percentages] and climbing. Some of the attacks, such as the SolarWinds hack and the Colonial Pipeline ransomware attack, became very famous. But in parallel, a large and growing, steady stream of smaller exploits continually drains the resources of small- and medium-sized companies that are ill-equipped to defend themselves.
The development of effective criminal justice policies and preventive measures against cybercrime globally, in a highly-interconnected world, is a very complex interdisciplinary international endeavor. And we are only beginning to understand it. In addition, we need a large-scale, multifaceted education effort at multiple levels; from building awareness and dedication in the public, to developing a professional cybercrime force—which is a precondition for the world economy to prosper.
Director Choi: Students often expect government agencies, private sector [stakeholders], and academics to guide and expose them to the field of cybercrime and cybersecurity, hoping for us to open the door to success. Unfortunately, many of us do not know the shape of the door and its color, because the field is not only fairly new to us as well, but it is also incredibly broad at the same time.
The overarching goal of this year’s conference is to discuss important drivers and disruptors of change in cybercrime and to address the importance of technology-related issues in this area, in particular the global challenges related to developing effective criminal justice policies and preventive measures against cybercrime.
Over the last few years, the development of technology and information has dramatically increased within nations located all around the world. This in turn has had a massive influence on the issue of cybercrime that society must face daily. Interestingly, current innovations are already being utilized to commit cybercrimes, and the merging of traditional crimes with various novel types of cybercrimes essentially formulate hybrid criminal methods.
Some of the future challenges that cybercrime research and practices will most likely face often involve effects such as novel social systems, cyber-physical infrastructure, novel virtual technologies, as well as law enforcement proficiencies. Due to the lack of awareness, the probability of falling victim to these new types of cybercrime will inevitably increase.
Associate Dean Chitkushev: As we know, computers are increasingly becoming an inseparable part of social activities. We expect, over the next 10 years, the trend that we have been seeing over the last 20 years to continue. We will continue to see, in my opinion, the increased accessibility to internet, [and we expect] the predatory personal crimes to increase.
More people will continuously be connected to the internet, and I think [that] will increase the computer-related crimes, and crimes in a cashless economy. So, we are going to see a lot of challenges to enforcing these policies in the digital space. At the same time, we are going to continue to deal with legacy internet problems.
I expect that we will see much more Byzantine type of attacks of people; entities within the network who are in dormant cells, or those that have been authenticated at the time, and after that they have compromised their security issues. All these things will present extreme challenges to the cybersecurity identification and investigation [concurrently].
Another big concern is obviously the Internet of Things (IoT)—the “smart environments” that are going to be created—as well as electronic health records, Smart Grid nanotechnologies, blockchain-based digital forensics chains of custody, and the evolution of wireless to higher frequencies with larger data.
In general, all these things are putting tremendous pressure on cybersecurity. They’re increasing the amount of data [used], they’re increasing the size of devices. And all the seamless human-to-computer communication—where now we don’t have to type or we can just talk or discuss with the computer, and computers are more and more verbally and visually communicated and recorded—will represent another major challenge for the cybercrime investigation.
We will need global, worldwide cybersecurity units that can look into that. But there is one thing for sure, the need for learning new hardware and systems will be more than ever present. We’ll have various operating systems that people will need to be trained on software techniques.
So, a steady demand of qualified experts who can identify, investigate, collect, and analyze digital evidence, both in public and private sector, will be present. And the demand is likely to exceed the supply. Conferences like [this] one are extremely important. As a global event, it gathers researchers and collaborators from all over together to exchange and work together on techniques and find new possibilities in how to fight any crime. The importance of a conference like [this] will continue.
Director Choi: Science fiction writer William Gibson states that the future is already here, it’s just not evenly distributed. Perhaps this means that it is important to explore all current and new technology to gain better understanding of the nature of cybercrime issues so that we can eventually scientifically predict those cybercrime phenomena.
Expertise, contribution, and commitment to the field of cybercrime and cybersecurity are needed more than ever. And I could not be prouder to be part of a White Hat Conference as one of the conference committee members.
I truly believe education is the most empowering force in the world and education can make a difference. Again, we are joining the White Hat Conference to strengthen our capability of handling cybercrime issues through our various sessions.
It is my utmost hope that this White Hat Conference facilitates a positive outcome, such as minimizing potential cyber-threats in both our society and the global community at large. I also hope this event helps to reveal the true shape and color of the door to reach success within the field of cybercrime and cybersecurity in criminal justice. It is time to release our secret recipes for our optimal cybercrime investigation practice.