This chapter will focus on the causes of digital crime. There are several theories that have been postulated over the past 100 years to explain crime, and there is an emerging body of research attempting to apply these concepts to digital crimes. A theory is an attempt to answer the question “Why?” In this chapter, theories will be presented that attempt to answer the question “Why do individuals commit digital crime?” This chapter will review crimino- logical theories that can explain digital crime, though it is important to note that these theo- retical frameworks were developed to explain crime in general, not digital crime specifically. As a result, support for some of these theories is mixed and require a great deal of investiga- tion. The discussion presented here will present the existing body of criminological research with a variety of offending and victimization practices, as well as examples to demonstrate how a particular theory can explain digital crime.
According to choice theory, an individual commits a crime because he or she makes a ratio- nal choice to do so by weighing the risks and benefits of committing the act. If the risks (e.g., apprehension and punishment) outweigh the benefits, then the person will not commit the act. The opposite is also true. Choice theory became popular among criminologists in the late 1970s for three reasons. First, the positive school began to be questioned. The positive school was based on the belief that crime-producing traits and factors could be isolated, and treatment could be administered to eliminate or control the trait/factor. However, it was
3 The Criminology of
▪ ▪ ▪ ▪ ▪
CHAPTER OBJECTIVES After completing this chapter, you should be able to ■ Discuss the tenets of choice theory, including routine activities theory, and its
applicability to digital crimes. ■ Describe the assumptions of deterrence theory and its utility. ■ Discuss the impact of personality disorders on digital crime. ■ Discuss the major social structure theories that apply to digital crime. ■ Discuss the learning and social control theories that apply to digital crime. ■ Describe the relationship between terrorism and political theory.
Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.
44 Chapter 3 • The Criminology of Computer Crime
being argued at the time that these factors and traits had failed to be identified and iso- lated after almost 100 years of effort. Individuals became dissatisfied with the positive school and began to offer alternative reasons for why people commit crime.
Second, the reported crime rate in the 1960s and 1970s increased significantly. This was evidence to some that what was currently being done to control crime was not working. Therefore, some began to look for other means to control the crime rate besides treatment and rehabilitation. Third, the practice of rehabilitation came under attack. 1 In 1974, Robert Martinson wrote an article reviewing 231 studies of prison programs aimed at rehabilitating inmates. Martinson concluded that “with few and isolated exceptions, the rehabilitative efforts that have been reported so far have had no appreciable effect on recidivism.” 2 This finding, which was picked up by the mass media, was used by critics of prison programs to argue against rehabilitation as a pri- mary justification for incarceration. The results of the article are commonly referred to as “nothing works.” Since it appeared that the current efforts had failed, many started to call for a change in judicial policy. Many started to emphasize the need for punishment, not rehabilitation, as the primary reason for incarceration.
Based on these reasons, choice theory and its policy implications became popular. Judicial policy started to change focus, on the offense and not the offender. Choice the- ory argues that since the offender has made a rational choice to commit the offense, the focus should be on the offense committed, not the offender. Policies such as mandatory sentencing and “three strikes and you’re out laws” have become popular in recent years and are based on choice theory. The idea is that the way to control crime, including digital crime, is to have offenders fear the punishment and be deterred from committing the act. Since humans are hedonistic, efforts should be placed on making the risks of committing digital crime higher than any benefit derived from committing the offenses. Those who support the use of punishment to control crime assume that the offender is making a choice to commit the act and can be deterred if the risks outweigh the benefits.
Routine activities theory is based on rational choice. Routine activities theory was developed by Lawrence Cohen and Marcus Felson. Cohen and Felson argue that the motivation to commit crime and the supply of offenders are constant. 3 Many would argue that changes in the crime rates are due to changes in the number of motivated offenders. However, Cohen and Felson argue that there is always a steady supply of offenders who are motivated to commit crime: Changes in crime rates are due to changes in the availability of targets and the absence of capable guardians. 4
According to Cohen and Felson, crime occurs when there is a convergence in time and space of three factors:
1. A motivated offender (e.g., a hacker) 2. A suitable target (e.g., a vulnerable computer system) 3. The absence of a capable guardian (e.g., inadequate software protection) 5
All three factors must be present in order for a crime to occur. In sum, when motivated offenders are present, they make rational choices by selecting suitable targets that lack capable guardianship.
This theory can also account for victimization, as they are the other player in a criminal event. Victimization is most likely when individuals are placed in high-risk
Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.
Chapter 3 • The Criminology of Computer Crime 45
situations, are in close proximity to motivated offenders, appear to be attractive targets to criminals, and lack a capable guardian. 6 In addition, victims report higher levels of deviant behavior than non-victims and share demographic characteristics with offend- ers. 7 Similarly, individuals who engage in criminal and deviant behavior are at an increased risk of victimization. 8
This theory is applicable to digital crime because the rapid expansion of the use of computers and the Internet has increased the number of available targets. The millions of computers online at any point in time are all potential targets for hackers or mali- cious software writers. In addition, the global nature of the Internet means that an offender in Egypt, for example, could hack into hundreds of computer in the United States without ever leaving home.
In addition, without adequate software protection, there is frequently a lack of capable guardians to protect people from digital crime. Physical guardians are readily available on computer systems through antivirus software and similar programs. 9 These programs are expressly designed to reduce the likelihood of attacks from viruses, worms, and data loss by either scanning and preventing infected files from being intro- duced to the system or identifying and removing malicious software if it already has infected the system. Thus, physical guardians in cyberspace work similarly to physical guardians in the real world.
One of the first empirical studies testing this theory conducted by Holt and Bossler found that postulates of routine activities theory can be used to account for online harassment. 10 Specifically, routine computer use, including spending more time in online chat rooms, increased the odds of online harassment. Physical guardianship measures, through antivirus programs and other software, had little influence on the likelihood of being harassed while chatting online. There was also a significant influ- ence that personal and peer involvement in deviance had on the risk of online harass- ment. Engaging in digital crime can expose individuals to offenders, thereby increasing their risk of victimization.
A similar test of malicious software infection found that spending more time online engaging in shopping, e-mailing, and chatting did not affect the likelihood of receiving a virus or worm. 11 Individuals engaging in media piracy and viewing pornog- raphy were at an increased risk of malware infection, largely because these files are attractive packages that many individuals would want to open. Thus, the findings sug- gest that the relationship between crime and victimization in the real world may be replicated in online environments. Additionally, computer software that has been cre- ated specifically to decrease malware victimization had no significant impact in this study. These initial findings suggest that there may be some considerable utility in the routine activities framework, though greater research is needed to better understand and assess its applicability to digital crime.
Deterrence theory flows directly from choice theory. The idea is that offenders, includ- ing digital criminals, commit crime because they make a choice to do so. This choice is based on the perceived risks and benefits of committing the criminal act. If the risks (e.g., apprehension and punishment) outweigh the benefits, then the person will not commit the act. The offender will be deterred from committing the criminal act because of the threat of punishment. There are two types of deterrence: general and specific.
Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.
46 Chapter 3 • The Criminology of Computer Crime
General deterrence seeks to discourage would-be offenders from committing criminal acts because of the threat of punishment. Therefore, general deterrence occurs when would-be offenders choose not to commit a certain act because they fear the sanction that may be imposed. Sometimes offenders are made an example of in order to keep others from committing the same act. For example, an eighteenth-century judge report- edly told a defendant, “You are to be hanged not because you have stolen a sheep but in order that others may not steal sheep.” 12 This is an example of general deterrence. Sp ecific deterrence is designed to impose a sanction on a convicted offender in order to prevent him or her from continuing to commit criminal acts in the future. In other words, the sanction should be distasteful to the offender so that he or she does not want to commit any more offenses.
There are several assumptions of deterrence theory. First and perhaps the most important assumption is that individuals are rational actors. 13 In other words, offend- ers weigh the potential risks and benefits of committing a criminal act and then make a conscious decision about whether to commit the offense. As it applies to digital crime, it can be argued that many digital criminals are rational actors, making rational choices to commit a computer crime. Second, offenders must be aware of the penalty for par- ticular crimes. 14 As it applies to computer crime, it is argued that many computer crim- inals do not know the potential penalties they face for particular crimes. Third, they must view the risks as unpleasant. 15 If a computer criminal does not think apprehen- sion and incarceration is unpleasant, then the criminal will not be deterred. Fourth, in order for deterrence to be effective, it is assumed that the sanction is swift, certain, and severe. The sanction must be imposed quickly to have the greatest deterrent effect, and there must be a high probability that a sanction will be imposed.
It is important to keep in mind that it is not the actual certainty, severity, and swiftness of the sanction that serve as a deterrent but the criminal’s perception of the certainty, severity, and swiftness of the sanction. If potential computer criminals believe that the certainty of arrest is high for computer crime, then they will be deterred from committing the offense even if there is little chance of arrest in reality. Likewise, if potential computer criminals perceive prison as a terrible place that they do not want to go to, then they may be deterred from committing offenses. On the other hand, if a computer criminal does not believe that being incarcerated is anything to fear, then the individual is less likely to be deterred. Therefore, if offenders do not believe that the sanctions in court are severe, then they are unlikely to be deterred from committing criminal acts. Likewise, if they do not believe they will be caught, then they perceive a lack of certainty of punishment and thus are likely to commit the crime. The lack of certainty of arrest and punishment is particularly pronounced when it comes to com- puter crime. There is generally a low risk of apprehension and punishment.
There is minimal evidence to support the argument that the threat of arrest and pun- ishment deters criminals. 16 In fact, evidence supports the contention that informal sanc- tions from parents and friends serve as more of a deterrent than legal sanctions. 17 In other words, fearing disapproval from your parents and peers for your actions is more likely to keep individuals from committing those acts than the fear of arrest and punishment.
A limited body of research has considered the applicability of deterrence for soft- ware and music piracy. Research using samples of college students suggests that the certainty of being caught by an IT administrator or fellow student did not reduce the likelihood of hacking systems without authorization. 18 Severity of punishment, however, helped to reduce the likelihood of hacking activity. 19 The relationship between
Chapter 3 • The Criminology of Computer Crime 47
detection and software piracy is also mixed. For example, one study found that when the certainty of being caught was high, software piracy declined. 20 Though there is not much research in this area, deterrence may have some success in accounting for digital crimes. Further research is needed to better understand this relationship.
There are several psychological theories that have been applied to criminal activity. This section will explore the impact of moral development and personality disorders on crime. Moral development theories support the contention that there are differences between the moral beliefs of criminals and noncriminals, while personality disorders argue that there are certain personality characteristics that are predictive of crime.
Moral Development and Crime
The relationship between moral development and crime focuses on cognitive develop- ment. Cognitive development theory assumes that individuals develop in a sequential
Hijacking the Al Jazeera Web Site
John William Racine II, a Web site designer from Norco, California, pleaded guilty to felony charges after admit- ting to federal authorities that he was responsible for the hijacking of Arabic-language news station Al Jazeera’s Web site during the war in Iraq. He was charged with wire fraud and unlawful interception of an electronic commu- nication. Al Jazeera Space Channel, based in Doha, Qatar, is an Arabic-language media organization that had regis- tered the domain name www.Aljazeera.net through Net- work Solutions, Inc., in Dulles, Virginia. In addition to its satellite television news service, Al Jazeera provides English- and Arabic-language news through its www. Aljazeera.net Web site. Racine diverted the Web site and e-mail traffic for www.Aljazeera.net after learning in March 2003 that the Web site contained images of cap- tured American prisoners of war and soldiers killed in action during Operation Iraqi Freedom.
Racine gained control of the www.Aljazeera.net domain name by defrauding Network Solutions, where Al Jazeera maintained an account for its domain name and e-mail services. Racine then diverted the Web site traffic to another Web site he had designed featuring an American flag in the shape of the continental United States and the words “Let Freedom Ring.” Racine also intercepted approximately 300 e-mail messages destined for the www.Aljazeera.net domain and diverted the mes- sages to an e-mail account under his control.
Racine admitted to FBI agents that he had con- tacted Network Solutions by telephone and e-mail in an
attempt to gain control of the www.Aljazeera.net domain name. He ultimately created a false photo identification card to impersonate an Al Jazeera systems administrator and forged the systems administrator’s signature on a Network Solutions “Statement of Authorization” form. Racine then sent the fraudulent documents to Network Solutions by facsimile and induced Network Solutions to give him control of the Al Jazeera account.
Racine subsequently changed the www.Aljazeera. net account settings and redirected all Web traffic through a dynamic domain name service and ultimately to his Web site containing the American flag. In addition, he rerouted all e-mail traffic to an account he had created on MSN Hotmail using the name of the Al Jazeera systems administrator. While Racine maintained control of Al Jazeera’s domain name, Internet users were unable to access the Al Jazeera news Web sites and Al Jazeera was unable to receive e-mails sent to the domain. Soon there- after, Racine contacted agents of the FBI and admitted that he was responsible for hijacking the Web site and intercepting the e-mails sent to www.Aljazeera.net .
The plea agreement includes a sentence of three years’ probation along with 1,000 hours of community service. Additionally, Racine agreed to pay a fine of $1,500 and full restitution to the victims of the offenses.
Which theory do you think applies best to this case?
48 Chapter 3 • The Criminology of Computer Crime
manner. The individual passes through one step in development, then another step, then another, and so on. Kohlberg argues that there are sequential stages in moral rea- soning that individuals pass through as they develop. At each stage, the decision of what is right and what is wrong is made for different reasons. Crime, including com- puter crime, can be explained by arrested development of moral reasoning at certain stages. People stop at a certain stage and do not progress any further.
Kohlberg stated that there are six stages of moral development. They are as follows:
Stage 1: Punishment and obedience orientation stage—what is right is obedience to power and rules and avoiding punishment Stage 2: Hedonistic orientation stage—right corresponds to seeing one’s own needs met, taking responsibility for oneself, and allowing others to do the same Stage 3: Interpersonal concordance stage—right is having good intentions and motives and being concerned for others Stage 4: Law and order orientation stage—right is doing one’s duty to society and others and maintaining the rules of society Stage 5: Social contract, legalistic orientation stage—right is based on upholding the rules and values agreed upon by society; a social contract Stage 6: Orientation to universal ethical principles stage—right is an assumed obli- gation to principles such as justice and equality, which apply to all individuals; the individual recognizes the moral rightness of behavior 21
The first two stages are usually completed by age 7. Stages 3 and 4 are passed through and completed from preadolescence through adolescence, while the last two stages begin in early adulthood. Where do criminals stop in moral development in com- parison to noncriminals? Research has found that criminals frequently fall into stage 1 or 2 of moral development, while noncriminals frequently fall into stage 3 or 4. 22 In stage 1, children comply with authority out of fear. Something is viewed as morally right if punishment is avoided. Individuals who did not progress through this stage will think that their criminal behavior is permissible as long as they are not punished for it. Obvi- ously, this stage of moral development does not take into account other people or an obligation to society. In stage 2, children define what is right as that which satisfies their needs. That is why it is referred to as the hedonistic orientation stage. At this stage, chil- dren define something as right if they are not punished for it (i.e., stage 1) and it satisfies their needs. It is easy to see why it is argued that many criminals have stopped their moral development at stage 1 or 2. Their only concern with whether something is right or wrong is whether they get punished and satisfy their needs. It is not until stage 3 that children begin to take into account the feelings of others. Development to stage 3 insu- lates people from crime because they have become concerned about others, not just their own needs. Therefore, it is clear to see that individuals who proceed to stage 3 and perhaps beyond are far less likely to commit criminal acts.
Psychologists argue that certain personality characteristics of an individual may influ- ence crime. Personality refers to the emotional and behavioral attributes of an individ- ual. Attempts have been made to provide support for the belief that individuals with
Chapter 3 • The Criminology of Computer Crime 49
certain personality types are much more likely to commit criminal acts. These attempts have focused on identifying differences in the personalities of criminals and noncrimi- nals. One attempt at identifying these personality characteristics was completed by Sheldon and Eleanor Glueck after they compared 500 delinquent and nondelinquent boys. Personality characteristics that were conducive to crime included extroversion, impulsivity, lack of self-control, hostility, resentment, suspicion of others, destructive- ness, less fearful of failure, ambivalence toward authority, assertiveness, and feeling unappreciated. 23
Frequently the term “psychopath” or “sociopath” is used in describing some offenders. These terms technically refer to a condition known as antisocial personality disorder. According to the Diagnostic and Statistical Manual of the American Psychiatric Association, “the essential feature of antisocial personality disorder is a pervasive pat- tern of disregard for, and violation of, the rights of others that begins in childhood or early adolescence and continues into adulthood.” 24 Some of the characteristics of anti- social personality disorder are (1) repeatedly performing acts that are grounds for arrest, (2) deceitfulness, (3) impulsivity, (4) irritability and aggressiveness, (5) reckless disregard for safety of self or others, (6) consistent irresponsibility, and (7) lack of remorse. 25 Although no research to date has been conducted that analyzes the person- ality characteristics of computer criminals, it can be argued that certain computer criminals may satisfy the criteria of antisocial personality disorder. However, it is argued that the prevalence of antisocial personality disorder is lower among computer criminals than among other criminals.
Pedophiles and Psychological Theory
Many people wonder why pedophiles commit the crimes that they do; what combina- tion of factors leads a person to want to commit sexual offenses against a child? Unfor- tunately, there are no easy answers. As discussed in Chapter 8 , pedophiles commit their crimes for a variety of reasons and go on committing their crimes, with little hope of rehabilitation. Most experts agree that pedophiles develop a sexual interest over a long period of time. Furthermore, there is a variety of reasons and factors that relate to developing pedophilia, none of which fully cause or explain the crime. Most commonly, pedophiles are exposed to some type of sexual abuse or trauma during their childhood. Another common factor is that they have had some type of abuse or other related prob- lem during their sexual development and, as a result, develop an interest in children as sexual objects. Interestingly, the advent of the Internet has led to numerous problems in dealing with and detecting pedophiles.
The Internet serves many purposes for the pedophile of today, the least of which is the dissemination of child pornography. This poses a conundrum for theorists: Which comes first—an interest in computers due to existing pedophiliac interests or an interest in pedophilia as a result of viewing these types of images on the Internet? Some of the pedophiles arrested state that they developed an interest in children as sexual objects as the result of seeing such images on the Internet. Others clearly were pedophiles prior to the advent of the Internet and simply learned another technique for obtaining child por- nography. In short, the specific reasons why a person becomes a pedophile are not immediately or clearly understood. Nonetheless, psychological theories posit that a per- son’s sexual interests and sexual paraphilias develop in much the same way as other interests and our personalities—through a process of learning, cognitive reinforcement,
50 Chapter 3 • The Criminology of Computer Crime
and psychological development. Thus, the specific reasons why a person becomes a pedophile are different from case to case, but the process is relatively common. The best explanation for this interest is psychological and cognitive in nature.
SOCIAL STRUCTURE THEORIES
The first set of social theories that will be discussed in this chapter can be classified as social structure theories. When originally developed, social structure theories focused on why lower-class individuals are more likely to commit crime than middle- and upper-class individuals. However, modifications and expansions of the original theo- ries have moved away from this distinction and have attempted to explain criminal behavior by all social classes (e.g., general strain theory). This is important in the study of digital crime because many offenders come from the middle and upper classes. Tra- ditionally, these theories focus on socioeconomic conditions and cultural values as two prominent factors that impact crime. In this section, two major subtypes of social structure theory will be discussed: strain theory and subculture theory.
One major type of social structure theory is strain theory. Originally, strain theorists saw crime as a result of a lack of opportunity, in particular economic opportunity. Today, modern-day strain theories are much broader than the original theories. At the time of the development of strain theory, it was argued that U.S. society instills in citi- zens a desire for financial success but does not provide all individuals equal opportu- nity to achieve that success. Those who do not have an equal opportunity are strained and thus more likely to be criminal. The most prominent strain theory is the one pre- sented by Robert Merton.
MERTON: STRAIN THEORY There is a unique combination of cultural goals and the means to obtain them in every society. According to Merton, the cultural goal of American society is economic success. 26 It is argued that the primary goal of citizens in the United States is material wealth. This goal is promulgated through a variety of
Massive Data Theft and Fraud
In 2003, Scott Levine was the controlling owner of a com- pany called Snipermail, Inc., which distributed advertise- ments via e-mail. He was able to steal more than one billion records containing names, addresses, phone num- bers, and other personal information from clients of Acx- iom Corporation, which is a repository for personal, financial, and company data, including customer infor- mation for other companies. Levine used sophisticated decryption software to illegally obtain passwords and exceed his authorized access to Acxiom databases, which contained information belonging to Acxiom’s clients. He also concealed physical evidence relating to the intru- sions and thefts of data.
The U.S. attorney for this case, Bud Cummins, said, “At first blush, downloading computer files in the privacy of your office may not seem so terribly serious. But, if you are stealing propriety information worth tens of millions of dollars from a well-established and reputable company, you can expect to be punished accordingly.” Levine was found guilty of 120 counts of unauthorized access of a protected computer, two counts of access device fraud, and one count of obstruction of justice in a federal court on August 12, 2005, and received 96 months in prison.
Which theory do you think applies best to this case?
Chapter 3 • The Criminology of Computer Crime 51
mechanisms, including the media, cultural transmission, and other mechanisms. Along with the goal, there are institutionalized means to obtain the goal, such as education, occupation, and deferral of gratification. However, not everyone has equal access to the institutionalized means to obtain financial success. Members of the lower class have less access to education and good jobs than members of the middle and upper class. Strain theory is sometimes referred to as blocked opportunity theory. In other words, people are blocked in their ability to access education and a good job. Therefore, there is a discrepancy between a person’s desire to obtain economic success and their ability to do so. These individuals suffer from strain.
If an individual is strained, how do they adapt to the strain? Merton developed five modes of adaptation. 27 The modes of adaptation vary in their acceptance or rejec- tion of the cultural goal of economic success and the institutionalized means to obtain the goal. They also vary in the propensity for criminal behavior. The first mode of adaptation is conformity. A conformist both accepts the cultural goal of economic suc- cess and accepts the institutionalized means to obtain it. A conformist is highly unlikely to commit criminal acts. It is also the most common mode of adaptation.
The second mode of adaptation is ritualism. A ritualist rejects the cultural goal of economic success but accepts the institutionalized means to obtain the cultural goal. One response to strain is to lower your aspirations. This is what a ritualist does. They have lowered their aspiration for financial success but still abide by the means to obtain it, such as employment and education. It is unlikely that a ritualist will commit criminal acts as well.
The third mode of adaptation is innovation. An innovator accepts the goal of economic success but rejects the institutionalized means to obtain it. In this instance, the individual engages in innovation to find new means to obtain economic success besides education and employment. One such means is likely to be criminal activity. The innovator may commit such offenses as computer crime, fraud, drug dealing, rob- bery, burglary, auto theft, bribery, and prostitution, among others in an effort to obtain financial success. This is the mode of adaptation that is most likely to lead to criminal activity and to include computer criminals. Basically, the person wants to be financially successful and will commit criminal acts that help to obtain this goal.
The fourth mode of adaptation is retreatism. A retreatist rejects both the cultural goal of economic success and institutionalized means to obtain it. These individuals do not aspire to financial success, nor are they concerned with getting an education and employment. These individuals frequently escape into drug addiction and may commit crimes to support their drug use, but they do not aspire to financial success. Therefore, their strain is reduced by abandoning both the goal and the means to obtain it.
The fifth mode of adaptation is rebellion. A rebel rejects both the cultural goal and means but substitutes new goals and means to obtain them. This adaptation is likely to lead to crime and can be represented by some gangs, militias, cults, and coun- tercultures. Criminality is likely to occur with this mode of adaptation, but it will not be as prevalent as criminal activity among innovators.
White-Collar Crime and Strain Theory
White-collar crimes such as money laundering, corporate espionage, and the numer- ous varieties of Internet fraud schemes described in Chapter 6 fit neatly into the strain theory school of criminology, which suggests that crime and deviance is largely the
52 Chapter 3 • The Criminology of Computer Crime
result of blocked legitimate opportunities. In this sense, individuals who engage in such schemes can be viewed as “innovators” who pursue illegitimate means in order to achieve the conventional goal of material success.
While Merton’s original formulation of the theory focused on the blockage of legitimate opportunities experienced predominantly by those in the lower economic classes, contemporary strain theorists have sought to extend strain theory in order to explain the instrumental crimes of middle- and high-class individuals by defining what they have termed the “relative deprivation” experienced by persons of higher economic status. That is, individuals who already enjoy a certain degree of monetary success may engage in instrumental crimes such as money laundering, espionage, or fraud simply because they perceive goal blockage in their attempt to secure ever-increasing wealth. From this perspective, “relative deprivation” offers an explanation as to why crimes such as money laundering and/or corporate espionage are primarily committed by individuals who may already be materially successful.
AGNEW: GENERAL STRAIN THEORY A more modern version of strain theory is gen- eral strain theory. General strain theory was developed by Robert Agnew and tries to explain why individuals who feel stress and strain in their lives are more likely to com- mit crimes. Agnew’s theory does not focus on economic success as the prominent goal in U.S. society, but instead offers a broader explanation of crime than focusing exclu- sively on the lower class. Agnew argues the crime is due to negative affective states. Negative affective states can include anger, frustration, disappointment, depression, and fear, which are obviously experienced by all classes. 28
According to Agnew, these negative affective states are caused by several different sources of strain. First, strain can be caused by the failure to achieve positively valued goals. This is similar to the strain discussed by Merton in that it is the result of a dis- junction between aspirations (i.e., what one aspires to) and expectations (i.e., what one can expect to achieve). Second, strain can be caused by the disjunction between expec- tations and achievements. This is different than the first source of strain because it does not focus on aspirations, but on expectations. This disjunction between expectations and achievements frequently occurs when people compare themselves to peers who seem to be doing better than they (e.g., financially or socially). Based on this disjunc- tion, individuals may feel a sense of inequity. Third, strain can be caused by the removal of positively valued stimuli from the individual. This can include the loss of a boyfriend or girlfriend, the death of a relative, the loss of a job, or the divorce of parents, to name a few. Fourth, strain may be due to the presentation of negative stimuli. Examples of negative stimuli include family conflict, school failure, child abuse, and stressful life events. These sources of strain may have a cumulative effect on people in reality. The greater the intensity and frequency strain experiences become for an individual, the more likely the person is to turn to crime. 29
There are no real empirical assessments of the ways that general strain theory may work to explain digital crimes; there are several offenses where it could fit, especially cyberbullying and stalking. Middle and high school students who feel that they are not as popular or pretty as their peers may choose to gossip or make fun of them through social networking sites like Facebook as a means of dealing with the frustration they experience. For example, a young girl named Piper Smith, in Spanaway, Washington, was horrified to learn that her sixth-grade classmates posted a cartoon on the video- sharing site YouTube titled “Top Six Ways to Kill Piper.” 30 The video featured animated
Chapter 3 • The Criminology of Computer Crime 53
images of girls shooting her and poisoning her, although it is unclear why these girls posted the video. This sort of behavior from Piper’s classmates is extreme, but could be a direct response to feelings of anger or frustration toward her.
Individuals who are rejected or jilted by a close friend or romantic partner can feel anger over this and find that the way to cope with this strain is to begin to send mean or threatening messages to get back at this person. For example, a young girl in Mis- souri named Megan Meier committed suicide as a consequence of receiving hurtful instant messages from a young man she met on the social networking site MySpace. They developed a relationship online, and he terminated it by sending Megan a hurtful message stating that the “world would be a better place without you in it.” 31 These mes- sages were actually sent by the mother of Megan’s friend named Lori Drew, who created the fraudulent account as a means of getting retribution for slights against her child. This sort of behavior is another extreme example, but demonstrates that cyberstalking and harassment could be a result of strains.
SOCIAL PROCESS THEORIES
Social process theories focus on the relationship between socialization and crime. In particular, social process theories analyze the impact of certain factors such as peer group relationships, family relationships, and failure in school on crime. All of these fac- tors are related to crime. Individuals who associate with criminal peers are at significant risk of committing crime themselves. Likewise, individuals who were brought up in an unnurturing, dysfunctional family are at greater risk of committing crime. Finally, indi- viduals who drop out of school are also at risk for committing crime. Two branches of social process theory will be discussed in this section: learning theory and the social control theory of low self-control.
According to learning theory, individuals commit crime, including computer crime, because they learn the attitudes, skills, and rationalizations necessary to commit these
Ordering Attacks against Computer Systems
Jason Salah Arabo, aged 19, owned a sportswear company with two Web sites and was convicted of conspiring to conduct attacks against his competitors’ Web sites. Arabo met an individual named Jasmine Singh, aged 16, through online communications and found that Singh had covertly infected over 2,000 computers with programs that enabled him to control them remotely. Singh demon- strated that he could use these compromised computers to engage in distributed denial-of-service (DDoS) attacks. Arabo asked Singh to attack his competitors’ Web sites to reduce their online sales operations, for which Singh would be compensated with merchandise, including designer sneakers. Singh used his infected machines to crash one of Arabo’s competitors’ Web sites and the serv-
ers hosting the page, leading to unrelated businesses around the globe to be harmed by the attack.
In August 2005, Singh pleaded guilty as an adult to two counts of computer theft and was sentenced to five years in prison and ordered to pay $35,000 in restitution for damage. Arabo pled guilty to one count of conspiracy to cause the transmission of a command that would intentionally cause damage without authorization to a protected computer. Arabo received 30 months in prison for conspiring to con- duct highly destructive computer attacks on competitors and was required to make restitution of $504,495 to his victims.
Which theory do you think applies best to this case?
54 Chapter 3 • The Criminology of Computer Crime
acts. Many times this learning takes place in interaction with parents and peers. Crimi- nals are different from noncriminals in the extent to which they have been exposed to definitions and situations that portray criminal acts as appropriate. There are four interrelated learning theories that will be discussed: Sutherland’s differential associa- tion theory, Akers’ social learning theory, Sykes and Matza’s techniques of neutraliza- tion/drift theory, and subcultural theories.
SUTHERLAND: DIFFERENTIAL ASSOCIATION THEORY The first learning theory to be presented is Sutherland’s differential association theory. At the time of Sutherland’s work, social structure theories such as strain were popular. However, he argued that criminal behavior is a function of learning, not the inability to obtain economic suc- cess. He presented nine formal propositions that demonstrate that social interaction and learning leads to criminal activity: 32
1. Criminal behavior is learned. 33 Sutherland argued that criminality is not a function of a biological or psychological malady or a function of the social structure, but learning.
2. Criminal behavior is learned in interaction with other persons in a process of communication. 34 This communication is verbal and involves interaction with others.
3. The principal part of the learning of criminal behavior occurs with intimate personal groups. 35 Learning involves interaction with significant others, such as par- ents, siblings, and peers. Therefore, families and peers have the greatest influence on learning criminal behavior and attitudes. Sutherland did not see much of a role for movies and newspapers to serve as a medium to learn criminal behavior. However, Sutherland developed his theory prior to the development of television and video games.
4. When criminal behavior is learned, the learning includes (1) techniques of committing the crime, which are sometimes very complicated, sometimes very simple, and (2) the specific directions of motives, drives, rationalizations, and attitudes. 36 In the process of learning criminal behavior, an individual will learn how to commit the offense. The individual also learns the attitudes necessary to commit crimes as well as appropriate rationalizations that may justify his or her behavior.
Russian Organized Hacking
On July 25, 2003, Alexei V. Ivanov was sentenced to 48 months of imprisonment to be followed by three years of supervised release. Ivanov had pled guilty to numerous charges of conspiracy, computer intrusion (i.e., “hack- ing”), computer fraud, credit card fraud, wire fraud, and extortion. The charges stemmed from the activities of Ivanov and others who operated from Russia and hacked into dozens of computers throughout the United States, stealing usernames, passwords, credit card information, and other financial data, and then extorting those victims with the threat of deleting their data and destroying their computer systems. In sentencing Ivanov, the district judge
described his participation as a “manager or supervisor” in an “unprecedented, wide-ranging, organized criminal enterprise” that “engaged in numerous acts of fraud, extortion, and intentional damage to the property of oth- ers, involving the sophisticated manipulation of computer data, financial information, and credit card numbers.” The district judge found that Ivanov was responsible for an aggregate loss of approximately $25 million.
Which theory do you think applies best to this case?
Chapter 3 • The Criminology of Computer Crime 55
5. The specific direction of motives and drives is learned from definitions of the legal codes as favorable or unfavorable. 37 Sutherland argued that an individual may be surrounded by persons who define the legal codes as rules to be observed. In this case, crime is unlikely because the individual believes the law is something to be followed. However, some individuals associate with people whose definitions of the legal code are favorable to the violation of the legal codes. Obviously, crime is much more likely in the latter situation.
6. A person becomes criminal because of an excess of definitions favorable to viola- tion of the law over definitions unfavorable to violation of the law. 38 This is the principle of differential association. Sutherland argued that people learn definitions favorable and unfavorable to the violation of the law. When an individual, through association with oth- ers, has obtained more definitions that are favorable to the violation of the law than unfa- vorable, then crime is likely to occur. In other words, the individual has learned to commit certain crimes. This principle is important because it can help to explain why criminals may think that some crimes are appropriate while others are not. For example, an indi- vidual may think that committing fraud via the Internet is appropriate, but robbery is wrong. How can this be justified? According to Sutherland, the individual has received enough definitions in interaction with others to believe that committing fraud via the Internet is appropriate. On the other hand, the same individual has not received enough definitions to believe that committing robbery is appropriate as well. Think of definitions favorable to violation of the law on one side of a scale while definitions unfavorable to vio- lation of the law are on the other side. If an individual receives enough definitions favor- able to the violation of the law, then the balance will be tipped in favor of committing the crime. The balance can vary from offense to offense and action to action, however.
7. Differential associations may vary in frequency, duration, priority, and intensity. 39 Differential association varies on the quality and quantity of social interac- tions. Therefore, associations with criminal and noncriminal behavior vary in those respects. Frequency and duration mean that more attention will be paid by an individual to definitions obtained in interaction with those with whom they have frequent contact and have had contact with for a long period of time. Priority involves the importance of the relationship to the individual and the importance of criminal or noncriminal behav- ior to the individual. Intensity involves the prestige of the source of a criminal or non- criminal pattern and the emotional reactions related to the associations. 40
8. The process of learning criminal behavior by association with criminal and anticriminal patterns involves all of the mechanisms that are involved in any other learning. 41 In other words, learning criminal behavior is not different from learning any other behavior.
9. While criminal behavior is an expression of general needs and values, it is not explained by those, since noncriminal behavior is an expression of the same needs and values. 42 Sutherland argued that thieves steal in order to obtain money, but workers work to obtain money as well. Therefore, one cannot say that an individual committed a criminal act in order to get money, because that is the same reason why another indi- vidual works at a restaurant. In other words, the need for money explains lawful as well as unlawful behavior.
Therefore, Sutherland argued that the accumulation of an excess of definitions obtained in interaction with intimate social groups which say it is OK to commit cer- tain criminal acts leads to criminality.
56 Chapter 3 • The Criminology of Computer Crime
AKERS: SOCIAL LEARNING THEORY The second learning theory to be presented is Akers’ differential reinforcement theory. Sutherland did not apply a learning theory to his theory of differential association. Instead, he stated that criminal behavior is learned like any other behavior. He did not explain how other behavior or criminal behavior is learned.
Akers’ social learning model is grounded in four principal components: differen- tial association, definitions, differential reinforcement, and imitation. 43 These concepts are part of a dynamic and interactive process in which the components have effects on each other and reciprocal effects with behavior. The social learning process begins with the relationships individuals have with deviants and nondeviants. Akers defines differ- ential association as, “the process whereby one is exposed to normative definitions that are relatively more favorable or unfavorable to illegal or law-abiding behavior.” 44 These interactions with others vary in frequency, duration, priority, and intensity, and are the context in which the other elements play a role. The most essential interactions are those involving intimate personal groups, such as family and friends. Secondary and distant reference groups also affect individual behavior by providing context. Individu- als are more likely to commit deviant behavior if their patterns of differential associa- tion with these groups are involved in deviant behavior. 45
As individuals are differentially exposed to others, they develop definitions that support or justify their behavior. Definitions are often viewed as an individual’s attitude toward and perception of certain behaviors as either acceptable or unacceptable. 46 Def- initions can be derived from moral or religious beliefs, from interaction and imitation of others, and through reinforcement of current beliefs. These definitions include justi- fications and excuses for deviant behavior that neutralize the potential negative ramifi- cations of deviance. In the context of social learning theory, the more neutralizing and positive definitions an individual has toward deviance, the more likely he or she will be to commit deviance when opportunity is provided. 47
While definitions support involvement in deviance, the balance between past, present, and expected future reinforcements and punishments shapes the likelihood of future deviant behavior. Specifically, behavior is more likely to occur when a reward is given (positive reinforcement) or an unpleasant stimulus is taken away (negative reinforcement). Individuals differentially experience multiple forms of reinforcement and punishment as a consequence of their behavior. 48 Social rein- forcements can reward deviance, such as praise and encouragement from peers or changes in social status as a consequence of individual action. Nonsocial reinforce- ments are also pertinent, encompassing financial gains or losses, legal consequences, and physical harm or gains. Differential reinforcement measures are not frequently included in tests of social learning, though they are related to repeated behavior when measured. 49
Finally, imitation refers to the commission of behavior after observing someone else committing similar behavior. Whether the person actually imitates a behavior depends on his or her peers, the behavior that he or she observes, and the differential reinforcements observed. 50 Imitation has its strongest role in the initiation stage of behavior and with younger samples. It becomes less influential as the behavior is repeated, as differential reinforcements and definitions play a more important role. Several studies have found strong effects for imitation, though this component is often absent in research to their narrow role in the learning process and empirical overlap with differential association. 51
Chapter 3 • The Criminology of Computer Crime 57
Scholars have applied social learning theory to cybercrime with some success in recent years, primarily explaining forms of music or media piracy, 52 as well as a range of offenses including hacking and guessing passwords. 53 In addition, multiple studies have found strong support for a link between having deviant friends, deviant definitions, and piracy. 54
The significance of differential reinforcement and imitation within the social learning model to account for cybercrime is limited. Research has found mixed results for imitation, as its effects vary based on the type of cybercrime committed. Imitation of family members influenced piracy, while teacher encouragement and electronic bul- letin boards increased the likelihood of guessing passwords and other deviant acts. 55 These findings suggest that there may be significant value in the social learning theo- ries to account for digital crime.
SYKES AND MATZA: TECHNIQUES OF NEUTRALIZATION/DRIFT THEORY The third learning theory to be presented is Sykes and Matza’s techniques of neutralization/drift theory. Sykes and Matza also argued that the process of becoming a criminal is a learn- ing experience. They posited that most criminals hold conventional values, norms, and beliefs, but must learn to neutralize the values before committing crimes. 56 Most crimi- nals are not committed to a criminal lifestyle and only commit criminal acts on rare occasions. However, these same criminals hold values and beliefs that state that criminal behavior is wrong. How can they commit criminal acts and still hold conventional val- ues? The individuals use techniques of neutralization, which shield them from any sense of guilt. These techniques of neutralization allow individuals to drift into criminality and then back into conventional behavior. That is why this theory is sometimes referred to as drift theory. Sykes and Matza argue that the techniques of neutralization are learned and come before the criminal act. There are five techniques of neutralization: 57
1. Denial of responsibility: This occurs when an individual states that his or her behavior was an accident or resulted from forces beyond his or her control, such as unloving parents, bad companions, or living in a criminogenic neighborhood. 58 Saying “I did not mean to do it” reflects denial of responsibility.
2. Denial of injury: This technique of neutralization occurs when an individual denies the wrongfulness of his or her action or believes the offense does not really cause any harm. 59 Saying “I did not really hurt anybody” reflects this technique of neutralization. This technique of neutralization can be applied to many instances of computer crime where the computer criminals do not feel that anybody is truly hurt by their criminal activity. An example can include the propagation of a worm that does not actually damage anything and is more of a nuisance than anything else. The computer criminal may argue that no one really got hurt.
3. Denial of victim: This occurs when an individual believes that the victim had it com- ing or the victim caused the offense to occur. 60 Saying “They had it coming to them” reflects denial of victim. This is certainly reflected in some computer crimes, espe- cially recent malicious attacks on several companies’ computers by ex-employees.
4. Condemnation of the condemners: This occurs when the individual shifts the blame to others by focusing attention on the motive and behavior of those who disapprove of his or her actions. 61 Basically, the individual is challenging those who are condemning the actions by arguing that the police are corrupt and par- ents take out their frustrations on their children. Asking “Why is everybody pick- ing on me?” reflects this technique of neutralization.
58 Chapter 3 • The Criminology of Computer Crime
5. Appeal to higher loyalties: This occurs when the individual’s peer group takes precedence over the rules of society. 62 Saying “I did not do it for myself, but for my friends” reflects appeal to higher loyalties. Cressey’s classic work, Other People’s Money, describing the cognitive processes
experienced by his sample of convicted embezzlers, compares favorably to Sykes and Matza’s attempt to explain youthful deviance in their techniques of neutralization/drift theory. Similar to the “techniques” employed by juveniles in order to escape or “drift” from the norms associated with conventional behavior, Cressey found that many of his sampled embezzlers had successfully “neutralized” their embezzlement prior to com- mitting the actual crime by convincing themselves that they were only temporarily “borrowing” the money, or that he or she was justifiably “owed” the money in exchange for years of underpaid, faithful service to the employer.
Recent research on digital piracy found that those who have developed definitions that support or neutralize responsibility for piracy behavior are more likely to illegally download media. 63 Data using college samples have found that those who engage in higher levels of piracy report greater acceptance of beliefs of neutralization focusing on denial of responsibility, injury, and victims. 64 For example, those who believe that it is okay to pirate music because they only want one or two songs from CDs (denial of respon- sibility) or believe that the creators of music are not going to lose any money (denial of victim) are more likely to engage in piracy. 65 Additionally, those who believe that law enforcement and universities do not care about piracy are also more likely to engage in piracy. Finally, those who strongly support the notion that it is acceptable to engage in piracy to provide materials to family or friends or use the resources to complete school- work or projects are much more likely to engage in piracy at extremely high levels. 66
Similar evidence appears to account for the creation of malicious software and virus writing. Once confronted or apprehended because of their virus-writing activity, virus writers use the same justifications and excuses consistent with techniques of neu- tralization theory. A common statement by virus writers is that it is the computer user’s or system’s fault that the viruses infected, not the virus writer’s (blaming the victim).
On May 16, 2002, Raymond Blum, the former chief tech- nology officer for Askit.com , a Manhattan-based computer consulting company, was arrested on charges of transmit- ting threats via the Internet to his former employer at Askit. As chief technology officer, Blum had access to all computer system passwords and information necessary to operate Askit’s computer networks. In February 2002, shortly after Blum’s departure from the company, Askit began to experi- ence computer and telephone voice mail problems. There was unusual network traffic on its computer system, which caused its computer network to fail. Askit’s e-mail servers were flooded with thousands of messages containing por- nographic images, and its voice mail system was altered so that certain customers calling the company were directed to a pornographic telephone service.
Following the intrusions directed against their computer and voice mail systems, Askit’s chief executive officer and its president began receiving threatening com- munications in various forms. For example, the president received an e-greeting card containing an image of a box, which, shortly after being displayed on the president’s computer screen and accompanied by a creaking sound, opened to display a voodoo doll with skeleton-like fea- tures. The doll had pins stuck through various parts of its body and was wearing a name tag that identified it as being the president.
Which theory do you think applies best to this case?
Chapter 3 • The Criminology of Computer Crime 59
They state that if the victims had their security up to par, they would not have become a victim in the first place. They also note that such neophytes have no business being online or using their computer if they do not know how to protect themselves. In fact, virus writers tend to show disdain for the average “Internet surfer.” Another common theme in the comments of virus writers is that they are not really doing any harm and, in fact, are performing a public service by pointing out the security holes in the soft- ware and computer systems (denial of injury/denial of the victim). Some claim that there are not really any victims of viruses, and that such users are simply ill-prepared to conduct commerce or surf online. Another typical justification is that they are really doing good by showing the greed and incompetence of software vendors (especially Microsoft) and other corporations (condemn the condemners). Finally, many virus writers claim that they really did not intend to cause any harm by writing their virus. These techniques of neutralization can be seen in several of the anecdotal items con- tained in Chapter 7 , especially the interview with the Dark Avenger. Taken as a whole, the techniques of neutralization may be significantly useful to account for cybercrimes.
A subculture is a set of values, norms, and beliefs that differ from the dominant cul- ture. The main tenet of subculture theory is that criminals, including computer crimi- nals, hold values, norms, and beliefs that are in opposition to those held in the dominant culture. These individuals behave in a manner that is consistent with their values, norms, and beliefs, which many times will bring them in conflict with the law. When originally developed, subculture theories attempted to explain gang formation and crime. However, certain types and examples of computer crime can be due to the exis- tence of subcultures. Since there is significant debate over what constitutes a subcul- ture, it may be best to approach the question by determining its main characteristics.
Defined from a broad sociological and criminological perspective, a subculture is any group having certain values, norms, traditions, and rituals that sets them apart from the dominant culture. This includes an emphasis on performing certain behaviors or developing skill sets, like confidence men learning to steal and bilk money from unsuspecting people. 67 Also, subcultural rules or codes of conduct exist that structure how individuals view and interact with different groups. A special argot or slang is present, as well as some outward symbols of membership like tattoos or informal uni- forms. 68 These all provide ways to measure an individual’s reputation, status, and adherence to the subculture.
This framework suggests membership in a subculture influences behavior by pro- viding individuals with beliefs, goals, and values that approve of and justify particular types of activities, including crime. In the case of offender subcultures, the transmis- sion of subcultural knowledge increases the likelihood of involvement in criminal behavior despite potential legal consequences for these actions. Thus, this is an impor- tant perspective to explain how the values and ideas espoused by members of a crimi- nal subculture affect the behavior of its members.
Different types of subcultural frameworks have been developed and vary based on assumptions about the members’ adherence to conventional norms and values. For example, Cohen used strain theory to explain the formation and persistence of gangs in the lower classes. 69 Males who could not achieve status through legitimate means in schools felt strained and rebelled against the middle-class values imposed on them.
60 Chapter 3 • The Criminology of Computer Crime
They established an alternative subculture allowing them to achieve status through the use of illegitimate means, including property and violent crime. Cohen’s framework suggests that this subculture held behaviors and values in direct opposition to the mid- dle-class values espoused by groups such as the school. As such, this perspective on subculture assumes an outright rejection of conventional norms and values.
Other frameworks do not require members of a subculture to perfectly adhere to its specific values. For instance, Wolfgang and Ferracuti 70 suggested a subculture of violence exists wherein individuals place great importance on their honor and use violence to defend it. According to their theory, this subculture does not require indi- viduals to accept or approve of its norms for their behaviors to be influenced. Anyone may use lethal violence at any time, so all must be willing to respond to this threat in kind.
A similar argument has been made by Elijah Anderson in the book Code of the Street. 71 He suggests a code exists in inner-city communities that lead individuals to conform to a pattern of violent behavior on the streets in response to slights against their honor. Regardless of one’s involvement in street life and its values, many conform to this code of behavior to navigate through their communities. Thus, a contrasting perspective indicates that subcultures can influence behavior without requiring indi- viduals to adhere to their values.
Hackers and Learning Theories
By rejecting the goals and opportunities of the dominant culture, the hacker subculture provides the context in which hackers situate their actions. It forms their ethics and laws distinct from those of the dominant culture. There is strong evidence of the pres- ence of a social scene, slang, and value system that defines boundaries between hackers and others. For example, the act of hacking is illegal under most conditions, yet the skill and ability needed to perform a hack is highly valued among hackers. 72 In addition, many hackers acknowledge their activities are illegal, but legitimize and justify the actions using various rationales, such as that their actions improve computer security. Thus, hackers place emphasis and value on activities directly contradicting the larger culture.
In addition, hackers have adapted the English language to create a unique slang. There also appears to be a hacker “scene,” composed of “inside jokes, real-world meet- ings (cons), and hacker magazines (‘zines).” 73 Understanding this “scene” is part of the enculturation process of hacker subculture, occurring through exchanges with other hackers either in person or online. Referencing these cultural elements permit indi- viduals to measure their status as a hacker against others. Status can also be deter- mined through a great deal of debate over what constitutes a “hacker” as well as motives for hacking, such as curiosity or revenge. 74 These debates create boundaries between hackers, as well as the general computer using public, based on knowledge, skill, and status. 75
Research on the hacker subculture has found that there are three consistent ideas or values that guide hacker behavior: technology, secrecy, and mastery. One of the most recognized elements of hacker subculture is its relationship to technology. Both the hack and hacker could not exist without technology, and an intimate connection between the individual and technology facilitates the ability to hack. 76 To generate such a connection, hackers must develop “an easy, if not all-consuming, relationship” with
Chapter 3 • The Criminology of Computer Crime 61
computer and communications technology and a willingness to explore and apply it in new ways. 77
The more closely an individual is connected to technology, the greater his or her ability to understand and perform hacks. Those who can perform “true hacks” have a deep comprehension of computers and programming, allowing them to identify and fix security flaws. 78 Conversely, “derivative hacks” involve the use of prewritten scripts or codes to access flaws without actually understanding how the technology works. Less-skilled hackers, especially those called script kiddies, are more likely to perform a “derivative hack.” Hence, the hacker’s relationship to technology can generate status: Those who complete “true hacks” are revered and praised, and the “derivative hack” user is often made fun of or rejected by others. 79
The importance of technology is also related to the significance of secrecy in hacker subculture. Secrecy is important for several reasons. First, it is a motive for hacking in that many hackers abhor keeping certain types of information private. 80 This fuels many attempts by hackers to remove barriers to certain kinds of information, such as government and technological data. Incidents involving Julian Assange, founder of WikiLeaks, and Edward Snowden, former National Security Agency contractor, are examples of this activity. Second, subcultural members place great emphasis on secrecy because hacking is an illegal act. Hacker activities are kept secret to avoid unwanted attention from various parts of the “establishment,” including the criminal justice sys- tem. 81 Thus, anonymity is indispensable to the subculture and is the reason hackers create virtual identities online via a screen name or “handle.” 82 This protects the hack- er’s actual identity while engaged in hacking.
However, there is also some ambivalence about secrecy in hacker subculture. Successful hacking creates a desire to brag and share accumulated hacking knowl- edge. This can help an individual gain status within the hacker community, but places them at risk for law enforcement detection. 83 Hackers tread a fine line between sharing information and keeping certain knowledge private. Those who can successfully navigate this line can also gain some status in the hacker commu- nity. Demonstrating a commitment to secrecy is a benchmark for how well one lives up to the image and nature of hacking. True hackers are capable of keeping secrets, creating an ideal for hackers to aspire to; thus, secrecy reinforces and maintains boundaries between hackers. 84
Status is also tied to another important element of the culture: the idea of mas- tery. Mastery is a complex element that involves continual learning of new skills that individuals demonstrate to their peers. 85 For example, hackers taunt and challenge the ability of others while online. This frequently leads hackers to use their knowl- edge and skill to gain control over another individual’s system, or take “root” in a system. 86
Such a demonstration of mastery can increase a hacker’s status, as can displays of knowledge of hacker subculture. When communicating with other hackers, especially through Web forums, individuals may refer to the history of hacking, use slang, or ref- erence other important parts of the hacking scene. 87 These references appear to illus- trate the intensity of individual connections to hacker subculture and their relative status. The agreed-upon values of the hacker community provide the social context for the hacking activities that violate the standards of the normative culture. The disjunc- tion between the morals of the hacker subculture and the morals of normative society helps to define the activities of “criminal hackers.”
62 Chapter 3 • The Criminology of Computer Crime
Virus Writers and Learning Theories
Social process theories are probably best when used to explain the crimes committed by virus writers and those who propagate and spread viruses. The first empirical obser- vation to take into account when examining the phenomenon of why people engage in virus writing is that there is no common profile of a “typical” virus writer. As discussed in Chapter 7 , a common misperception is that virus writers are 13-year-old brainiacs who unleash their wrath on society for no apparent reason. In reality, a virus writer could be that kid or a 35-year-old computer programmer looking to increase his or her salary. This tends to limit the explanatory power of social structure theories, because virus writers can come from many walks of life and are typically wealthy enough to afford the computer machinery necessary to practice their trade. Furthermore, not all virus writers are in it for the money or for the fame. The reasons why virus writers write and propagate viruses can be for money, fame, attention, competition, and simply for a perverse sense of fun.
What is undeniable in the development of a virus writer is that a certain level of technical competency is required. While it is true that virus creation tools exist that make it easier to write viruses, one does not become a virus writer overnight. As such, all virus writers must learn how to write and propagate viruses. The learning process that they go through is similar to any other learning process. The learning includes learning how to write the code necessary to create a virus, but as important is learning how to become a good virus writer. In the world of virus writers, competition and bra- vado play an important role in conditioning the person, as does learning the tools and tactics of the trade. Some writers do so to prove their computer programming capabil- ity. Anecdotal, yet unproven, stories of virus writers who have programmed a “quality” virus and found fame and fortune as the result of their prowess abound. Other virus writers achieve fame because their virus infects a large number of computers and makes it into the media spotlight. However, prior to the fame and supposed fortune of the virus writer, the person goes through a learning and social conditioning process.
When the writer first enters the world of the virus writers, they are treated with disdain and as the newcomer that they are. If they enter chat rooms and exchange infor- mation and curiosity about virus writing, they are often ridiculed and subjected to a social conditioning process where they learn the practice through trial and error, and also learn how to be a better virus writer or face ridicule from their peers. Once they have established their reputation, they often engage in banter with other self-pro- claimed virus writers. They learn to show their accomplishments and show others how successful their virus is “in the wild.” Others receive financial rewards and eventually develop into for-profit virus writers. Still others enjoy the thrill of infecting other peo- ple’s machines, hacking into secure systems via their Trojan horses, and enjoy reading about their exploits online and in the media.
Nonetheless, they all share a common learning experience in order to ply their trade. This learning experience is unique compared to other forms of criminal learning in that the significant peers who teach them will likely never see them face to face. Most of the learning takes place in chat rooms, on bulletin boards, and via distance learning. As social learning theory posits, the learning is reinforced both positively and nega- tively over its course, which serves to reinforce the technical competency of the virus writers. Positive reinforcement includes the thrill experienced by propagating the virus and infecting systems; it can also include notoriety and kudos received from their peer
Chapter 3 • The Criminology of Computer Crime 63
group—like graffiti writers, they also love to see their moniker appearing with their work—and, finally, there can be financial rewards. Negative reinforcements include receiving hostility from other virus writers (eventually ending up with an online com- petition to hack the other’s system), receiving ridicule and disdain for their viruses and exploits online, and being sought out by law enforcement. If caught, they may discon- tinue their activity, but the other forms of negative reinforcement they receive may serve to make them want to become more proficient.
Social Control Theory
Social control theory seeks to answer the question, “Why don’t individuals commit crime?” Social control theory assumes that people will violate the law. So why don’t they? The answer to this question, according to social control theorists, lies in the strength of an individual’s ties to conventional individuals and society. Those who have close ties with their families and noncriminal friends as well as those who possess high self-esteem are unlikely to commit criminal acts. These individuals are bonded to the larger society. Individuals who are not bonded to the larger social order are free from constraints to violate the law.
GOTTFREDSON AND HIRSCHI: SELF-CONTROL THEORY In a later control theory, Gottfredson and Hirschi argue that a person’s tendency to commit crime can be found in his or her level of self-control. 88 Self-control involves a person’s ability to control his or her own behavior. Basically, they proposed that individuals who commit crime have limited self-control. These people have a tendency to be impulsive, insensitive, and focused on immediate gratification.
What causes people to have limited self-control? Gottfredson and Hirschi argue that lack of self-control is caused by inadequate child rearing. 89 Self-control, according to Gottfredson and Hirschi, is instilled in people by age eight and is relatively constant thereafter. They suggested that parents must be willing to monitor their child’s behav- ior, to recognize inappropriate behavior when it occurs, and to punish the inappropri- ate behavior. 90 If this occurs consistently, the child will develop a high level of self-control. Over time, the child will internalize the monitoring by the parents. If the parents are unwilling or unable to do this, then it is likely that their children will lack self-control. When this occurs, criminal activity is likely—however, not guaranteed.
Gottfredson and Hirschi also integrated elements of rational choice theory into the development of their theory. Individuals with low self-control must be presented with the opportunities to commit criminal acts in order for crime to occur. If an indi- vidual has low self-control but there is no criminal opportunity, then crime will not take place. On the other hand, if criminal opportunity presents itself to an individual with low self-control, then crime is likely to occur.
Recent cybercrime scholarship has found that individuals with low levels of self- control are more likely to view online pornography. 91 Additionally, researchers have found a significant relationship between low self-control and digital piracy in college student populations. 92 This evidence suggests that college students with low self- control cannot resist the temptation of pirating software and music that they are interested in due to the fact that they do not see the consequences of their behavior.
Preliminary research on self-control in the hacker community finds that this theory may have limited applicability. A study using a sample of active hackers at
64 Chapter 3 • The Criminology of Computer Crime
mu ltiple computer security conferences and in a university setting found that both groups had high levels of self-control. 93 In addition, the active hackers had higher lev- els of self-control than those inside the university. This may be a reflection of the gen- eral traits required to become a skilled hacker, including a capacity to learn, diligence, and forethought as discussed in Chapter 4 . In turn, their hacks may be more complex, utilizing persistent and unique attacks against specific targets. As a consequence, it may be that computer hackers have higher levels of self-control than both street and digital criminals.
TERRORISM AND POLITICAL THEORY
The term “terrorism” has been defined in a number of ways by a variety of scholars. For the most part, each definition has yielded a limited understanding of the actual phe- nomenon. This is particularly true when analyzing the current wave of international and technological situations in contemporary global affairs, such as those occurring in the Middle East and those involving digital crime and digital terrorism. In the popular mind, terrorism is viewed as the illegitimate and violent actions of specific groups that violate the authority of rightfully established political entities. 94 Terrorism, in general, always has a political agenda. This agenda may be motivated by various political ideol- ogies, separatist ethnic movements, or radical religious philosophies, but always the purpose of achievement is a specific set of political objectives. Although vague, as to explaining who terrorists are, this definition does provide a conceptual framework con- cerning what terrorism is. 95 It can be reduced, simply to a choice among violent means—not a choice between violence and nonviolence, but a manifestation of vio- lence against people to achieve a goal.
By extension, terrorists often apply extreme, random acts of violence against the innocent (e.g., attacks on symbolic institutions, such as schools, churches, and syna- gogues; bombings of common gathering places, such as cafes, shopping malls, and office buildings; and the killing of individuals who represent legitimate governments such as soldiers, police officers, and political leaders), in an attempt to instill fear in the general population. Thus, terrorism is used as a methodology for political action. As Hoffman argues, terrorism is fundamentally and inherently “political.” Terrorism is “ineluctably about power: the pursuit of power, the acquisition of power, and the use of power to
Time Bomb Attacks by an Insider
William Carl Shea, aged 39, was hired around August 2001 as a programmer and manager for Bay Area Credit Services, Inc., in San Jose, California. Shea’s position gave him administrative access to and familiarity with the company’s computer systems, including the database server. He was notified of poor job performance in 2002 and was given an improvement plan in 2003. He was fired on January 17, 2003, when he failed to show up at work. Around this period, a malicious code “time bomb” was placed on the company network that was set to delete and change data at the end of the month. This
malicious software caused financial records to be altered and removed and disrupted the computer networks within the company, affecting more than 50,000 debtor accounts. Shea was sentenced to 12 months and 1 day in prison, 6 months of home confinement with electronic monitoring, and 3 years of supervised release for his jury conviction.
Which theory do you think applies best to this case?
Chapter 3 • The Criminology of Computer Crime 65
achieve political change. Terrorism is thus violence—or, equally important, the threat of violence—used and directed in pursuit of, or in service of, a political aim. ” 96
The psychological, economic, strategic, and political consequences of violence associated with terrorism are often much more prominent than the attack itself. Short- term effects of terrorism involve an immediate psychological effect on society, but are relatively benign compared to the long-term impact, which includes a widespread real- ization of vulnerability. In fact, the consequences of terrorism tend to have a higher value as time goes on. 97 For instance, the economic impact of the September 11, 2001, attack on the World Trade Center Buildings was first estimated at a real cost of just over $10 billion. However, looking at the much more involved secondary costs—such as loss of service, impact on the stock market, declining investor sentiment, economic failure of the airline industry, rebuilding of structures, and loss in tourism dollars to the world and, specifically, New York—the estimated cost exceeds $2 trillion. 98 Essentially, the real impact of terrorist events can be measured in the creation of an atmosphere of chaos, fear, and panic in the target population.
No one understood this phenomenon better than Karl Marx. His early work (in 1887) argued that political change could not be achieved without conflict. 99 Indeed, he believed that epochs of history changed as groups of people bound by loss of status and class revolted against ruling elites. In Marxist thought, successful revolutionary strategy began with a core group of leading individuals dedicated to the cause. This group, the vanguard, represented the frontlines of violent activity. It was the express purpose of the vanguard to violently confront private property owners and wealthy elites with the opposite elements that maintained their ruling status—replace trust, order, and secu- rity with chaos, fear, and panic. To the dedicated Marxist, the vanguard represented contemporary terrorist groups.
Interestingly, a century and a half later, Franz Fanon argued that no government would willingly give up power and wealth; therefore, this power and wealth had to be taken violently. Fanon suggested that the international act of colonization was in itself an act of violence and thus had to be confronted with violence. 100 Accordingly, govern- ments under attack must respond with stricter measures against the general public (the masses). Since there is no clearly identifiable enemy, governments must resort to more harsh and brutal treatment of the indigenous population in order to ferret out the hard- core vanguard members. Constitutional rights become suspended, unwarranted searches become commonplace, torture replaces interrogation, and innocence gives way to presumption of guilt. At the point when the rule of law erodes and the masses react against the ruling government, revolution begins, spurring yet another epoch in human history. To Marx, contemporary terrorists represent the vanguard. 101
The acts of terrorism aimed at critical information infrastructure (what we call cyberterrorism or digital terrorism) are simply new tactics to accomplish the same end. The modern and complex societies of today are built on information exchange, global processing, and reliance on computerization and telecommunication. What were sup- posed to be the hallmarks of advanced societies to increase democratic and free thought have now become huge vulnerabilities. Government and business depend on these crit- ically vital systems, making them prize targets for individuals aimed at destroying nor- malcy. To compound the problem, these systems have been built by information elites that control them. Government and society have been more than happy to place the burden of development and maintenance of computer systems with a few individuals having narrow educational fields and a keen understanding of complex information
66 Chapter 3 • The Criminology of Computer Crime
systems. Indeed, there has been safety in the fact that few of the masses actually under- stood much of the critical infrastructure on which our society depended upon for vital existence.
All of that changed, however, as the interconnectivity of systems became com- monplace through the marvels of the World Wide Web and the Internet. Heretofore closed and secured systems became vulnerable to outside attack, relatively unsophisti- cated juvenile hackers could close down business enterprise with seeming ease, and the “experts” were mystified in ways to prevent such attacks. Digital terrorism has become a reality as sophisticated terrorists understand new tactics that can render airplanes helpless to navigate, force railroads and commuter trains to stop, make electric and water plants idle, and stop local and global communication. In the past, having a tactic that could do so much damage was relatively closed to terrorist groups. Today, they provide some of the most frightful and devastating scenarios relating not only to spe- cific violent actions but also to the extreme vulnerability of our country and our world. Terrorism that attacks our critical information infrastructure may not only attack our country but also attack the world in one massive strike. Retrospectively, Karl Marx may well have been correct. It will be through force that revolution is sparked and accom- plished; it is specific acts of violence (and terrorism) that will erode safety, security, and peace and substitute chaos, fear, and panic. 102
In this chapter, the major criminological theories that can or have been used to explain digital crime have been presented. Several different areas of criminologi- cal thought can be used to explain digital crime. First, it can be argued that some computer criminals commit their offenses due to rational choice and a lack of fear of apprehension. Second, it can be argued that restricted moral development and the presentation of a personality disorder may lead a person to commit
digital crime. Third, strain and subculture theories can be applied to digital crime. Fourth, learning and social control theories can explain some types of digital crime as well. Fifth, political theory can be used to explain acts of terrorism. Although little theoretical develop- ment has occurred in the area of digital crime, several current criminological theories have been applied with some success to this phenomenon, including piracy, hacking, cyberstalking, and harassment.
1. According to choice theory, why do individuals com- mit digital crime?
2. What are the major assumptions of deterrence theory? 3. Which psychological theories can be applied to digital
crime? 4. What are the five modes of adaptation? Which is most
likely to lead to the commission of digital crime?
5. What are the nine propositions presented by Sutherland? 6. What are the four elements of Akers’ social learning
theory? 7. How does self-control affect digital crime?
Endnotes 1. S iegel , L arry J. (1992). Criminology: Theories, Patterns, and
Typologies, 4th ed. St. Paul, MN: West. 2. M artinson , R obert. (1974). “What Works? Questions and
Answers About Prison Reform.” The Public Interest 35: 22–54.
3. C ohen , L awrence , and F elson , M arcus. (1979). “Social Change and Crime Rate Trends: A Routine Activities Approach.” American Sociological Review 44: 588–608.
Chapter 3 • The Criminology of Computer Crime 67
5. Ibid. 6. Ibid. 7. S ampson , R obert J., and L auritsen , J anet L. (1990).
“ Deviant Lifestyles, Proximity to Crime, and the Offender- Victim Link in Personal Violence.” Journal of Research in Crime and Delinquency 27: 110–139.
8. L auritsen , J anet L., L aub , J ohn H., and S ampson , R obert J. (1992). “Conventional and Delinquent Activities: Implica- tions for the Prevention of Violent Victimization Among Adolescents.” Violence and Victims 7: 91–108; Z hang , L en- ing , W elte , J ohn W., and W iecxorek , W illiam F. (2001). “Deviant Lifestyle and Crime Victimization.” Journal of Crim- inal Justice 29: 133–143.
9. M ell , P., K ent , K., and N usbaum , J. (2005). Guide to Mal- ware Incident Prevention and Handling: Recommendations of the National Institute of Standards and Technology. Washing- ton, DC: National Institute of Standards and Technology.
10. H olt , T.J., and B ossler , A.M. (2009). “Examining the Appli- cability of Lifestyle-Routine Activities Theory for Cybercrime Victimization.” Deviant Behavior 30(1): 1–25.
11. B ossler , A.M., and Holt, T.J. (2008). “Examining the Utility of Routine Activities Theory for Cybercrime.” Paper pre- sented at the American Society of Criminology meetings, Atlanta, GA.
12. K adish , S anford H., and P aulsen , M onrad G. (1969). Crim- inal Law and Its Processes. Boston, MA: Little, Brown, p. 85 .
13. W alker , S amuel. (1998). Sense and Nonsense About Crime and Drugs: A Policy Guide, 4th ed. Belmont, CA: West/Wad- sworth.
14. Ibid. 15. Ibid. 16. P aternoster , R aymond. (1987). “The Deterrent Effect of
Perceived and Severity of Punishment: A Review of the Evi- dence and Issues.” Justice Quarterly 42: 173–217.
17. G reen , D onald. (1989). “Measures of Illegal Behavior in Individual-Level Deterrence Research.” Journal of Research in Crime and Delinquency 26: 253–275.
18. H ollinger , R ichard C. (1992). “Crime by Computer: Cor- relates of Software Piracy and Unauthorized Account Access.” Security Journal 2(1): 2–12; S kinner , W illiam F., and F ream , A nne M. (1997). “A Social Learning Theory Analysis of Computer Crime Among College Students.” Journal of Research in Crime and Delinquency 34(4): 495–518.
19. Ibid. 20. Ibid. 21. K ohlberg , L awrence. (1969). Stages in the Development of
Moral Thought and Action. New York: Holt, Rinehart and Winston.
22. H enggeler , S cott. (1989). Delinquency in Adolescence. Newbury Park, CA: Sage.
23. G lueck , S heldon , and G lueck , E leanor. (1950). Unravel- ing Juvenile Delinquency. New York: Commonwealth Fund.
24. America Psychiatric Association (2000). Diagnostic and Sta- tistical Manual of Mental Disorders, DSM-IV-TR, 4th ed. New York: American Psychiatric Publishing, p. 645 .
26. M erton , R obert K. (1968). Social Theory and Social Struc- ture. Glencoe, IL: The Free Press.
27. Ibid. 28. A gnew , R obert. (1992). “Foundation for a General Strain
Theory of Crime and Delinquency.” Criminology 30: 47–87. 29. Ibid. 30. H ahn , E. (2009). “Girls Post Online Cartoon on How to Kill
Classmate.” MSNBC. Retrieved June 1, 2009, from http:// www.msnbc.msn.com/id/30881980/
31. C athcart , R. (2008). “MySpace Is Said to Draw Subpoena in Hoax Case.” New York Times.
32. S utherland , E dwin H., and C ressey , D onald R. (1978). Criminology, 10th ed. Philadelphia, PA: J.B. Lippincott Co., pp. 77 – 83 .
33. Ibid. 34. Ibid. 35. Ibid. 36. Ibid. 37. Ibid. 38. Ibid. 39. Ibid. 40. Ibid. 41. Ibid. 42. Ibid. 43. A kers , R onald L. (1998). Social Learning and Social Struc-
ture: A General Theory of Crime and Deviance. Boston, MA: Northeastern University Press.
44. A kers , R onald L. (2001). “Social Learning Theory.” In R aymond P atternoster and R onet B achman (eds.), Explaining Criminals and Crime: Essays in Contemporary Criminological Theory. Los Angeles, CA: Roxbury.
45. A kers , R onald L., and J ensen , G ary F. (2006). “The Empir- ical Status of Social Learning Theory of Crime and Deviance: The Past, Present, and Future.” In F rancis T. C ullen , J ohn P aul W right , and K ristie R. B levins (eds.), Taking Stock: The Status of Criminological Theory. New Brunswick, NJ: Transaction Publishers.
46. Ibid. 47. Ibid. 48. Ibid. 49. Ibid. 50. Ibid. 51. Ibid. 52. H iggins , G eorge E. (2005). “Can Low Self-Control Help
with the Understanding of the Software Piracy Problem?” Deviant Behavior 26(1): 1–24; H iggins , G eorge E. (2006). “Gender Differences in Software Piracy: The Mediating Roles of Self-Control Theory and Social Learning Theory.” Journal of Economic Crime Management 4(1): 1–30; H iggins , G eorge E., F ell , B rian D., and A bby L. W ilson. (2006). “Digital Piracy: Assessing the Contributions of an Integrated Self-Control Theory and Social Learning Theory Using Structural Equation Modeling.” Criminal Justice Studies 19(1): 3–22; H iggins , G eorge E., F ell , B rian D., and W ilson , A bby L. (2007). “Low Self-Control and Social Learning in Understanding Students’ Intentions to Pirate Movies in the
68 Chapter 3 • The Criminology of Computer Crime
United States.” Social Science Computer Review 25(3): 339–357; H iggins , G eorge E., and D avid A. M akin. (2004a). “Self-Control, Deviant Peers, and Software Piracy.” Psychological Reports 95: 921–931; H iggins , G eorge E., and M akin , D avid A. (2004b). “Does Social Learning Theory Condition the Effects of Low Self-Control on College Stu- dents’ Software Piracy?” Journal of Economic Crime Manage- ment 2(2): 1–22; H iggins , G eorge E., and W ilson , A bby L. (2006). “Low Self-Control, Moral Beliefs, and Social Learning Theory in University Students’ Intentions to Pirate Software.” Security Journal 19: 75–92; H iggins and W ilson , “Low Self- Control and Social Learning in Understanding Students’ Intentions to Pirate Movies in the United States.”
53. Ibid. , p. 18 . 54. Ibid. 55. Ibid. 56. S ykes , G resham M., and M atza , D avid. (1957). “Techniques
of Neutralization: A Theory of Delinquency.” American Socio- logical Review 22: 664–670.
57. Ibid. 58. Ibid. 59. Ibid. 60. Ibid. 61. Ibid. 62. Ibid. 63. For example, see I ngram , J.R., and H induja , S. (2008).
“Neutralizing Music Piracy: An Empirical Examination.” Deviant Behavior 29: 334–366.
64. Ibid . 65. Ibid. 66. Ibid. 67. M aurer , D.W. (1974). The American Confidence Man.
Springfield, IL: Thomas. 68. S immons , J.L. (1985). “The Nature of Deviant Subcultures.”
In E. R ubington and M.S. W einberg (eds.), Deviance: The Interactionist Perspective. New York: Macmillan.
69. C ohen , A.K. (1955). Delinquent Boys: The Culture of the Gang. Glencoe, IL: Free Press.
70. W olfgang , M.E., and F erracuti , F. (1967). The Subculture of Violence: Towards an Integrated Theory in Criminology. London: Tavistock Publications.
71. A nderson , E. (1999). Code of the Street. Philadephia, PA: W. W. Norton.
72. T homas , D. (2002). Hacker Culture. Minneapolis, MN: Uni- versity of Minnesota Press; H olt , T.J. (2007). “Subcultural Evolution? Examining the Influence of On- and Off-Line Experiences on Deviant Subcultures.” Deviant Behavior 28(2): 171–198.
73. L oper , D.K. (2000). “The Criminology of Computer Hack- ers: A Qualitative and Quantitative Qnalysis.” (Doctoral Dis- sertation, Michigan State University, 2000) Dissertation Abstracts International 61-08, Section: A, p. 3362 .
74. J ordan , T., and T aylor , P. (1998). A Sociology of Hackers. The Sociological Review 46(4): 757–780.
75. H olt , “Subcultural Evolution?” 76. Ibid. 77. Ibid. , p. 93 . 78. Ibid. , p. 91 . 79. Ibid. 80. Ibid. 81. Ibid. , p. 93 . 82. Ibid. 83. Ibid. 84. Ibid. 85. Ibid. 86. Ibid. , p. 91 . 87. Ibid. 88. G ottfredson , M ichael , and H irschi , T ravis. (1990). A
General Theory of Crime. Stanford, CA: Stanford University Press.
89. Ibid. 90. Ibid. 91. B uzzell , B., F oss , D., and M iddleton , Z. (2006). “Explain-
ing Use of Online Pornography: A Test of Self-Control The- ory and Opportunities for Deviance.” Journal of Criminal Justice and Popular Culture 13: 96–116.
92. H iggins , “Can Low Self-Control Help with the Understand- ing of the Software Piracy Problem?”; H iggins , F ell , and W ilson , “Digital Piracy”; H iggins and M akin “Self-Control, Deviant Peers, and Software Piracy.”
93. H olt , T.J., and K ilger , M. (2008). “Techcrafters and Make- crafters: A Comparison of Two Populations of Hackers.” Information Security Threats Data Collection and Sharing 2008. WISTDCS ‘08.
94. T aylor , R obert W., and V anden , H arry E. (September 1982). “Defining Terrorism in El Salvador: La Matanza.” The Annals of the American Academy of Political and Social Sci- ences 463: 1.
95. See S chulz , R ichard. (Spring/Summer 1978). “Conceptual- izing Political Terrorism: A Typology.” Journal of Interna- tional Affairs 4: 8; H offman , B ruce. (1998). Inside Terrorism. New York: Columbia University Press.
96. H offman , Inside Terrorism , p. 2 . 97. See C renshaw , M artha. (1998). “The Logic of Terrorism:
Terrorist Behavior as a Product of Strategic Choice.” In W alter R eich (ed.), Origins of Terrorism: Psychologies, The- ologies, and States of Mind. Princeton, NJ: The Woodrow Wilson International Center for Scholars.
98. Institute for the Analysis of Global Security-IAGS, 2004. 99. M arx , K arl. (1887). Das Capital. Moscow: Progress Pub-
lishers. 100. See F anon , F ranz. (1963). The Wretched of the Earth.
New York: Grove Press; F anon , F ranz. (1965). A Dying Colonialism. New York: Grove Press.
101. C ohen -A magor , R aphel. (Summer 1991). “Foundations of Violence, Terror and War in the Writings of Marx, Engels, and Lenin.” Terrorism and Political Violence 1(2): 1–24.
102. M arx , K arl. From his speech at Amsterdam in 1872. IS B