An Examination of Motivation and Routine Activity Theory to Account for Cyberattacks Against Dutch Web Sites

• Published date: 01 April 2020
• Author: Steve van de Weijer,Thomas J. Holt,Rutger Leukfeldt
• Date: 01 April 2020
• DOI: 10.1177/0093854819900322
• Subject Matter: Articles

CRIMINAL JUSTICE AND BEHAVIOR, 2020, Vol. 47, No. 4, April 2020, 487 –505.

DOI: https://doi.org/10.1177/0093854819900322

Article reuse guidelines: sagepub.com/journals-permissions

© 2020 International Association for Correctional and Forensic Psychology

487

AN EXAMINATION OF MOTIVATION AND

ROUTINE ACTIVITY THEORY TO ACCOUNT

FOR CYBERATTACKS AGAINST DUTCH

WEB SITES

THOMAS J. HOLT

Michigan State University

RUTGER LEUKFELDT

Netherlands Institute for the Study of Crime and Law Enforcement

The Hague University of Applied Sciences

STEVE VAN DE WEIJER

Netherlands Institute for the Study of Crime and Law Enforcement

This study provides a partial test of the relationship between actor motivations and target suitability using a routine activity

framework to understand a form of cybercrime called web defacements. Specifically, the relationships between the visibility,

inertia, value, and accessibility of the target in online spaces relative to the unique nonmonetary motivations of the attacker

were examined. This study utilized a sample of 138,361 web defacements performed against websites hosted within the

Netherlands IP space from January 2011 to April 2017. Seven multinomial logistic regression models were conducted for

each self-identified motive for the attack, clustered by attacker to minimize the size of standard errors. The findings demon-

strated partial support for aspects of routine activity theory to account for differences in offender motivation, suggesting web

defacements are similar to other forms of cybercrime. At the same time, motivations differentially shape target selection.

Keywords: routine activity theory; motivation; hacking; cybercrime; decision-making

Criminological inquiry over the last 40 years has been defined in part by examinations

of routine activity theory, which argues that for crime to occur, a motivated actor, suit-

able target, and an absence of guardian must converge in time and space (Cohen & Felson,

1979). This theory has found substantial empirical support to account for various forms of

person-based (Fisher et al., 2002; Groff, 2007; Lauritsen et al., 1991; Mustaine & Tewksbury,

1999), as well as property crime victimization (Jensen & Brownfield, 1986; Pratt et al.,

2010). Recently, researchers applied this theory to cybercrime victimization, or acts involv-

ing technology as either the target of or tool to facilitate the offense (Holt & Bossler, 2008;

Leukfeldt, 2014; Maimon et al., 2013; Reyns, 2013).

AUTHORS’ NOTE: Correspondence concerning this article should be addressed to Thomas J. Holt,

Professor, School of Criminal Justice, Michigan State University, 434 Baker Hall, 655 Auditorium Road, East

Lansing, MI 48824; e-mail: holtt@msu.edu.

900322CJBXXX10.1177/0093854819900322Criminal Justice and BehaviorHolt et al. / Expressive Motives to Engage in Cyberattacks

research-article2020

488 CRIMINAL JUSTICE AND BEHAVIOR

Although these studies demonstrate the use of routine activity theory to account for

victimization, they frequently exclude assessments of motivation where it is largely

treated as a constant (Sasse, 2005; Schwartz et al., 2001). This is particularly evident in

cybercrime scholarship (Holt & Bossler, 2013; Leukfeldt & Yar, 2016; Maimon et al.,

2013). Motivation is not, however, a static characteristic and may reflect variations in

opportunities and guardianship relative to target selection (Parkin & Freilich, 2015;

Sasse, 2005). In online spaces, researchers argue that targets should be plentiful online

due to the spatially and temporally disconnected nature of the internet (Yar, 2005).

Individuals interested in committing a crime have greater proximity to potential targets

around the world due to the lack of physical geographic distances. In addition, targets

may be more visible online as most online services, such as retailers and financial insti-

tution websites, are active at all times (Yar, 2005).

There are also myriad motivations for cybercrimes, ranging from instrumental (Hutchings

& Clayton, 2016; Leukfeldt, 2014) to expressive reasons (Holt et al., 2017; Jordan & Taylor,

2004). This is particularly true for acts of hacking, where individuals target computer sys-

tems based on an individual’s interests, geographic location, and overall knowledge of tech-

nology (Holt & Bossler, 2015; Kilger, 2011). For instance, individuals may attempt to

compromise computer systems to demonstrate their capabilities (Jordan & Taylor, 1998;

Steinmetz, 2016). Others may target systems out of ideological causes, such as the percep-

tion that a government or enterprise has acted inappropriately or has harmed a population

(Denning, 2011; Holt et al., 2017; Jordan & Taylor, 2004). The methods of the attacker may

also vary based on their motivation as those seeking to demonstrate technical mastery may

employ more sophisticated techniques to affect their target.

The range of possible motives presents a challenge for our understanding of hacking as

the outcome of an attack may be the same, regardless of the expressive or instrumental rea-

sons of the attacker (Holt et al., 2017; Kirwan & Power, 2013; Woo et al., 2004). At present,

most academic research and criminal justice policy is focused on profit-driven hacking,

such as data breaches and malware (Holt & Bossler, 2015; Hutchings & Clayton, 2016;

Leukfeldt, 2014). This calls to question our understanding of the practices and range of

expressive motives reported by hackers generally. Examining these issues can improve our

capability to not only defend against future attacks but also deter hackers through criminal

justice processes in the event they transition to more instrumental attacks (Holt & Bossler,

2015; NCA, 2017).

This study attempted to address this gap in the literature through a quantitative assess-

ment of routine activity theory to a specific form of hacking, called web defacements.

These attacks involve using various techniques to change the original content of a target

website to images, text, and sound files of their choice (Holt et al., 2017; Jordan &

Taylor, 2004). Web defacements are an extremely common hack that can be performed

for multiple expressive motives, making them ideal to assess the characteristics of tar-

gets that may be associated with distinct motivations. Seven multinomial logistic regres-

sion models were conducted using a sample of defacements targeting websites ending in

the country code extension, .nl for the Netherlands, between 2010 and 2017. The find-

ings demonstrate differences in the targets and practices of web defacers on the basis of

their motivation. The implications for criminological theory, as well as cybersecurity

and criminal justice practice are discussed in depth.