Tallinn University of Technology

How can we fight the growing threat of cyber crime? Tiia Sõmer was looking for answers to this question in her doctoral thesis, which she recently defended at Tallinn University of Technology, because in 2021 alone, the total damage caused by cyber crime worldwide amounted to $1.5 trillion. 

küberkuritegevus internet

"Think about this for a moment. That’s more than the entire GDP of Spain, and 1.5 trillion is a conservative estimate," the fresh PhD graduate said, hinting at the reality being even darker. It is precisely for this reason that Sõmer chose to focus on modelling cyber crime in her thesis: as a way to help reduce the huge losses caused by cyber crime – firstly, by identifying the true extent of the problem of cyber crime, and, secondly, by seeking a model that could be used to investigate and prevent cyber crime, as well as to develop so-called countermeasures.

The internet attracts criminals

According to Tiia Sõmer, knowledge of the background data can help understand the full extent of cyber crime. "There are 7.9 billion people alive in the world today. Around 60% of them and over 90% of the population of the European Union use the internet on a daily basis. E-commerce accounts for 20% of total business turnover in the European Union." 

In Estonia, she remarked, the numbers are even higher: 99% of Estonians use online banking, and 92% file their tax returns electronically. A whole lot of vital things are done online, including the sharing of personal data. "We have a state web portal, digital identity verification, and online voting. In conjunction with all of the positive aspects of the cyber realm, however, this also offers a lot of opportunities for those with malicious intent," noted Tiia Sõmer, who said that tackling the topic proved quite challenging. 

Data were not easy to come by

The title of Sõmer’s thesis was ‘Modelling Financially Motivated Cyber Crime’, i.e. the paper explored how criminals operate at every stage from preparation to crime monetisation. "The biggest challenge, however, proved to be obtaining detailed information about cyber crimes that had actually taken place," Sõmer reported. As no cyber criminal would probably be willing to reveal how they operate, Sõmer had to meet with and speak to law enforcement agents and crime analysts to conduct her research. 

"Originally, I had planned to write about the use of models in digital forensics, but during the course of writing the thesis, it became clear that the development of such a model would be an extremely laborious process, which forced me to narrow the topic to modelling. While my dissertation focused on the behaviour of criminals, subsequent research can now focus on modelling victim behaviour, the business models of criminals, and the use of the model in the development of countermeasures and in forensics," she explained.

Alongside the difficulties, the fresh PhD graduate also found a number of positive aspects. For example, the interest shown in the subject by the law enforcement authorities of Estonia, Germany, and the UK, who were kind enough to share their knowledge with Tiia and to give her the opportunity to validate the model. "Since I could not use detailed information, I developed a series of training modules for cyber police officers in these countries, where they were able to use more detailed information, and gave feedback on how to improve the model."

Tiia Sõmer also took the topic of cyber crime to the contest ‘Science in 3 Minutes’, which she said was extremely helpful, because the preparation she had to do for it taught her how to communicate these issues to people who have zero previous knowledge of the topic. 

How to nip cyber crime in the bud?

For the thesis, she employed methods from the fields of economics, military science, and forensics. "I looked at cyber crime as an economic activity, because I discovered that cyber criminals – whether consciously or unconsciously – use techniques that are quite similar to those of modern businesses. They weigh the risks, analyse the customer base and the cost/benefit ratio, and decide on the next steps based on a risk–reward analysis." In other words, cyber criminals try to present themselves to customers as regular businesses. 

Meanwhile, the criminological method, according to Tiia Sõmer, made it possible to break the crimes down into pieces, so to speak. "By mapping the customer journey, on one hand, and using a step-by-step approach, on the other, I put the pieces back together and mapped the cyber crime as a process." It’s important to add that cyber crime is not just limited to writing and distributing malware for easy profit. 

Cyber crime consists of three principal phases: preparation, execution, and exiting from the crime cycle. "The first phase involves preparation: finding a victim and identifying their weaknesses, searching for the appropriate means of attack and how to use them. In the second phase, the attack is carried out and the crime is committed, several times if possible, or further opportunities for crime are identified. This phase can involve stealing data, blocking access to devices, carrying out denial of service attacks, or simply stealing money. In the third phase, the crime cycle is exited, which means both covering one’s tracks as well as monetising the gains."

A new definition was needed

In addition to everything else, Sõmer’s analysis showed that cyber crime as a term covers a wide range of issues and is based on a variety of aspects. "Academically, politically, legally, and practically, there is no agreed definition of cyber crime more broadly, or financially motivated cyber crime more narrowly," Sõmer explained. Thus, she proposed a new definition and taxonomy to serve as the basis for developing a JMAP model of financially motivated cyber crime.

"The need for a taxonomy is important and practical – without an understanding and definition of cyber crime, it is impossible to develop relevant investigative measures or countermeasures. Modelling, meanwhile, makes it possible to identify weaknesses and decision points in an integrated process, to carry out investigations more effectively, to find various countermeasures, and to develop novel political, investigative, or technical solutions to combat cyber crime," stated Tiia Sõmer, who also pointed out that, interestingly, the model was seen as having wider applications than she herself had originally imagined: from the administration of justice in the court system to the use of big data in analytics. 

Tiia Sõmer’s research also has a wider societal impact, as she recently took up a position at the Ministry of Defence. "Regardless, I still want to continue my research," Sõmer said, implying that there is a lot of work to be done in the fight against cyber crime. And science can help tackle it much more effectively. 

Tiia Sõmer’s doctoral thesis ‘Modelling Financially Motivated Cyber Crime’ can be read here.