The International Interdisciplinary Research Consortium on Cybercrime

The International Interdisciplinary Research Consortium on Cybercrime (IIRCC) is the premier organization that links the fields of social and technical science together with practitioners and law enforcement to research and understand cybercrime and cybersecurity and promote a safer Internet.

The IIRCC is currently housed in the School of Criminal Justice at Michigan State University. Our members include renowned scholars and organizations around the globe, and we are actively seeking partners across the world. Please contact us to join the IIRCC!

Follow Us:

Icon for Twitter Icon for Facebook linkedin logo

 

Mr. Potato Head! Computer data are not secrets!
George Burruss, Associate Professor, University of South Florida

For several years, I have begged industry and three-lettered agency reps for a peek at their data. They always answer no. I often think of the scene from War Games where computer guru Jim Sting berates his colleague Malvin who becomes anxious when Jim divulges back doors exist to high schoolers David and Jennifer. Channeling my inner Jim, I want to shout at the rep, “Mr. Potato Head; Mr. Potato Head! Computer data are not secrets!” But they are secret: proprietary, confidential, and classified. They need not be. For my effort, I get plenty of nods about needing better data in cybersecurity research and another business card for my collection, but zilch for access.

Criminologists routinely get access to or generate sensitive data. Three examples are criminal case files, juvenile records, and qualitative interviews of offenders. We anonymize, aggregate, or otherwise make the data safe for academic use. Criminologists could easily do the same with computer and network data, which generate an untold trove of data useful in criminological research. Yet, industry and agencies are unwilling to part with it, even when scholars ask for aggregated data. I can understand the reluctance for security; but, I'm trying to do research, not play thermo global nuclear war. Despite this innate reluctance to share, industry has disseminated findings on cybercrime activity.

For example, Verizon publishes its annual breach report that does a terrific job a cataloging various kinds of cyber attacks. Its report now includes many contributing organizations, including CERTs, U.S. Secret Service, and Kaspersky Lab. The reports are full of charts, tables, and figures for counts and distributions across cybersecurity issues. While valuable information, the report's authors missed opportunities to explain variation in cyber-attacks. Social scientists can contribute to these analyses.

For example, the Verizon 2015 breach report revealed the chart below for the weekly count of all detected mobile malware infections in 2014 (see figure 14, page 18). The authors of the report do not discuss what this figure tells us about mobile malware. From a social scientist’s perspective, plenty is going on here that we should investigate. For instance, mobile malware infections appear to be declining in 2014. Why? Is mobile malware losing its utility or are cybercriminals getting better at evasion? Did the companies generating the data change something that deterred malware infections over time? Does this trend repeat itself in 2015? (I could not find the same data in the 2016 breach report). Finally, a slight oscillating pattern exists within the data; is there a seasonal component like in traditional crime trends? A social scientist could use a time series analysis to answer these questions.

Social scientists and scholars from other disciplines (e.g., computer science, engineering, or data science) offer a useful partnership for industry and law enforcement agencies. We are generally interested in testing theories of criminal behavior and opportunity; but, we can also provide complex statistical analyses of trends and correlates that industry can use for cybersecurity. Without access to their data, however, we are like young hacker David Lightman, curious about access but unable to do anything without a back door (or front door for that matter).

With War Games on our minds, we launched this blog, COPR, touching on various aspects of cybercrime through opinions, perspectives, and research. COPR is a tribute to the VW Bug sized computer, WOPR, that almost launches World War Three in War Games. WOPR appealed to us because it (1) is an acronym, ubiquitous in criminal justice; (2) a laughably archaic computer; and (3) a reminder for what interested us in computers as kids: science fiction movies, gaming, and the promise of changing our grades via dial-up modem. With this blog, we hope to broaden our discussion of cybercrime issues beyond peer-reviewed journals and books.

Given the breadth of IIRCC researcher interests, there are ample opportunities to collaborate on new projects. Some of our researchers have also graciously volunteered to provide older data sets to anyone who may want to work with the files. Whether you're interested in developing new papers or are in need of a data set to work with for a graduate class, we can help!
A brief description of each data file is provided below, including codebooks when possible. While we cannot make the data available for direct download, we have provided the email address for the owner so reach out to them directly and make sure you reference the data file you're interested in acquiring. That being said, make sure you have IRB approval for any project that you may want to do.

Conference:

The 5th Annual MSU Interdisciplinary Conference on Cybercrime, April 19-20th, 2018, Kellogg Center, Michigan State University, East Lansing, MI

Roundtable:

Meeting the International Interdisciplinary Research Consortium on Cybercrime, American Society of Criminology Meetings, Philadelphia, PA, Thursday November 16, 2017, 500pm-620pm, Marriott, Room 401, 4rd Floor

Roundtable:

Understanding Cyber-Offenders and Pathways into Cyber Crime: Current Evidence and Future Directions, American Society of Criminology Meetings, Philadelphia, PA, Wednesday November 15, 2017, 1100am-1220pm, Marriott, Room 310, 3rd Floor

Roundtable:

Discussing Next Steps of the International Interdisciplinary Research Consortium on Cybercrime, American Society of Criminology Meetings, Philadelphia, PA, Wednesday November 15, 2017, 930am-1050am, Marriott, Room 301, 3rd Floor

IIRCC research collaborators have secured external funding to support the following research projects:

2017-2018

Cross, Cassandra, Anastasia Powell, and Thomas J. Holt. "Responding to cybercrime: Perceptions and needs of Australian police and the general community. " Criminology Research Grant, Australian Institute of Criminology.

2017-2020

Goldsmith Andrew, Russell Brewer, Jessie Cale, and Thomas J. Holt. "Adolescents becoming delinquent online." Australian Research Council.

2017- 2019

Chen, Betty, Thomas J. Holt, and Jay P. Kennedy. "Situational Crime Prevention Framework for Automotive Cybersecurity" Ford Motor Company.

Please contact the respective PIs for information on the projects.

The International Interdisciplinary Research Consortium on Cybercrime includes researchers at major institutions across the globe, including:

We also have partnerships with various agencies and research groups:

Teaching courses in cybercrime, cybersecurity, cyberterrorism and IPV can be difficult, especially if you are not familiar with these concepts. The traditional core CJ texts don't do much more than a chapter, and even then it is not always up-to-date. There are also a lot of cybercrime-specific textbooks and readers, but it is hard to know what may be a good fit for you. The diversity of knowledge and expertise across the IIRCC means we can help you assemble syllabi and teaching materials, whether at the undergraduate or graduate level.