Aperçu du fichier PDF deviantsecurityehavandesandt.pdf - page 4/311

Page 1 2 3 456311

Aperçu texte

The dominant academic and practitioners’ perspective on security evolves around
law-abiding referent objects of security who are under attack by law-breaking
threat agents. This study turns the current perspective around and presents a
new security paradigm. Suspects of crime have threat agents as well, and are
therefore in need of security. The study takes cyber criminals as referent objects
of security, and researches their technical computer security practices. While
their protective practices are not necessarily deemed criminal by law, security
policies and mechanisms of cyber criminals frequently deviate from prescribed
bonafide cyber security standards. As such, this study is the first to present a
full picture on these deviant security practices, based on unique access to public and confidential secondary data related to some of the world’s most serious
and organized cyber criminals. Besides describing the protection of crime and
the criminal, the observed practices are explained by the economics of deviant
security: a combination of technical computer security principles and microeconomic theory. The new security paradigm lets us realize that cyber criminals
have many countermeasures at their disposal in the preparation, pre-activity,
activity and post-activity phases of their modi operandi. Their controls are not
only driven by technical innovations, but also by cultural, economical, legal
and political dimensions on a micro, meso and macro level. Deviant security is
very much democratized, and indeed one of the prime causes of today’s efficiency
and effectiveness crisis in police investigations. Yet every modus operandi comes
with all kinds of minor, major and even unavoidable weaknesses, and therefore
suggestions are made how police investigations can exploit these vulnerabilities
and promote human security as a public good for all citizens. Ultimately, the
findings of this socio-technical-legal project prove that deviant security is an
academic field of study on its own with continually evolving research opportunities.