Cyber Criminology


Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them.

As Cyber Defenders, we have heard about Cybercrime for quite some time but what is it actually?

Routine Activities Theory (Cohen and Felson, 1979) can be used to explain the motive behind the occurrence of cybercrime events such as BEC scam, phishing/vishing attacks etc.

For instance, why such theme or campaign exists and how certain group became the targeted victim?

The mean belief of the Routine Activities Theory is that crimes are likely to be committed by motivated offender when there is a suitable target in the absence of capable guardians.

It is suggested that the organization of routine activities in our society such as the place people work or groups they socialize with often create opportunities for crime related event to happen.

Applying this theory to the cyber world, we can easily explain that the daily routines of how people frequent online (i.e. the site they visit or the activities they participate online over time could influence the likelihood of the occurrence of cybercrime events.

There are three (3) major elements primarily affect criminal victimization:

  1. Likely offender - Capable and motivated to commit cybercriminal activity (i.e. from APT for financial gain to Script Kiddies for bragging right)

  2. Suitable Target - Value, visibility or accessibility of a target (i.e. the accessibility of exploiting a CVE by the offender & the value gained by exploiting the CVE)

  3. Absence of Capable Guardian - Formal Control such as law & regulation or Informal Control such as the formation of a Cyber Security Team


According to the Routine Activity Theory, a cybercrime can be committed by anyone when there is an opportunity. More importantly, victims are often given the choice to place themselves in situations or not where a crime can be committed against them.

As such, we recommend Cyber Defenders to adapt this theory to guide us during investigation or assessment of any cyber events. For instance: Would a specific CVE makes us a suitable target (i.e. Log4Shell), and if so do we have sufficient security controls to protect ourselves?

We have the choice to avoid putting ourselves in the situation of being a target/victim.

The lesson learned here is that as Cyber Defender, we can protect our cybersecurity landscape by limiting our visibility or accessibility (i.e. aggressive patching of CVE) as being a target along with strengthening our capability of our security controls (firewall policy, aggressive IPS/IDS tunings etc.)

Last updated