Assessing nation‐state‐sponsored cyberattacks using aspects of Situational Crime Prevention

• Published date: 01 November 2023
• Author: Thomas J. Holt,Mae Griffith,Noah Turner,Emily Greene‐Colozzi,Steven Chermak,Joshua D. Freilich
• Date: 01 November 2023
• DOI: http://doi.org/10.1111/1745-9133.12646

DOI: ./- .

SPECIAL ISSUE ARTICLE

CYBERCRIME AND CYBERSECURITY

Assessing nation-state-sponsored cyberattacks

using aspects of Situational Crime Prevention

Thomas J. Holt1Mae Griffith1Noah Turner1

Emily Greene-Colozzi2Steven Chermak1Joshua D. Freilich3

School of Criminal Justice, Michigan

State University, East Lansing, Michigan,

USA

School of Criminology and Justice

Studies, University of Massachusetts

Lowell, Lowell, Massachusetts, USA

Department of Criminal Justice, John Jay

College of Criminal Justice, New York,

New York,USA

Correspondence

Thomas J. Holt, School of Criminal

Justice, Michigan State University,

Auditorium Road,  Baker Hall, East

Lansing, MI , USA.

Email: holtt@msu.edu

Funding information

Science and Technology Directorate,

Grant/AwardNumbers: ASUB,

STTPC--

Abstract

Research Summary: This study utilized a quantita-

tive analysis of  cyberattack incidents reported in the

Extremist CyberCrime Database to identify significant

predictors of nation-state-sponsored cyberattacks rela-

tive to those performed by non-nation-state-sponsored

ideological actors. Clarke and Newman’s Situational

Crime Prevention framework for terrorism was used to

identify differential opportunities to successfully affect

targets on the basis of tools, weapons, and the ability

to access targets in online settings. The analysis noted

nation-state-sponsored attacks were less likely to use

high-visibility attack methods and more likely to utilize

attack methods leading to data breaches. In addition,

they were more likely to target state governments and

military entities relative to ideological actors.

Policy Implications: Nation-state attacks are more dif-

ficult to identify or mitigate while in process, requiring

a more robust national cybersecurity policy framework

to be implemented that moves beyond current practices.

There is a need to better utilize all aspects of govern-

ment, from legislation to grant funding, in order to deter

cyberattacks from continuing into the future.

This is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits

use and distribution in any medium, provided the original work is properly cited, the use is non-commercial and no modifications or

adaptations are made.

©  The Authors. Criminology & Public Policypublished by Wiley Periodicals LLC on behalf of American Society of Criminology.

Criminology & Public Policy. ;:–. wileyonlinelibrary.com/journal/capp 825

826 HOLT  .

KEYWORDS

cybercrime, cybersecurity, extremism, nation-state-sponsored

cyberattacks, terrorism

Cybercrime has become a global problem, with estimates of the economic harm caused by these

offenses totaling in billions or trillions of dollars per year depending on the source (Anderson et al.,

;Morgan,;U.S.GAO,). One of the most persistent forms of cybercrime involves

the use of computer hacking, where individuals utilize knowledge of computer hardware and

software in order to gain unauthorized access to sensitive data and networks(Holt, ; Schlackl

et al., ). Hacking incidents are often attributed to individuals with instrumental motivations,

namely, economic gain, whether through the sale of information that they obtain or leasing out

access to affected systems (e.g., Collier et al., ; Leukfeldt et al., ; Lusthaus et al., ).

There are also a number of hacks that are performed for cause-based motives, which may

involve ideological extremist views associated with animal or earth liberation (Holt, Stonhouse,

et al., ), religious beliefs (Holt et al., ; Holt, Turner, et al., ; Lee et al., ), or other

political perspectives (Jordan & Taylor, ). Many of these individuals operate individually or

in small groups using hacking as a means to express their views or damage targets that oper-

ate in opposition to their beliefs. These hacks may also be performed by nation-state-sponsored

actors, who may be associated with military,intelligence, or other government-supported entities

(Andress & Winterfeld, ; Geers et al., ; Rid, ).

Nation-state hacks are often thought to be more sophisticated relative to those performed by

individuals and ideological groups. Evidence suggests nation-state-sponsored hacking incidents

frequently involvethe use of phishing emails, unique forms of malicious software, and other meth-

ods that minimize the likelihood an attack is detected (Izycki, ; Prasad & Rohokale,). In

some cases, these attacks lead to the direct acquisition of funds from victims, as with the 

WannaCry ransomware attack attributed to North Korean state-sponsored hackers (Turneret al.,

). The attackers spread a form of malicious softwarethat infected systems and encrypted their

contents, requiring payment in order to be decrypted (Turner et al., ).

The larger majority of nation-state cyberattacks appear focused on the acqui-

sition of sensitive personal information and intellectual property from targets,

along with indirect harm to individual victims as well as the costs associated

with mitigation and repairs related to the attack (Andress & Winterfeld, ;

Rid, ; Valeriano & Maness, ). For example, the U.S. Office of Personnel Manage-

ment (OPM) was compromised by Chinese-state-sponsored hackers leading to the loss of more

than  million individuals’ data during  and  (Fruhlinger, ). The data captured by

hackers included sensitive information included in the background check records required by

the federal government to obtain security clearances, creating a massive threat to the security of

government employees (Fruhlinger, ).

Though research examining ideologically motivated cybercrime is on the rise, much of this

work is based on qualitative examinations of specific ideological beliefs (Holt et al., ; Jordan

&Taylor,) and limited quantitative studies that explore ideological web defacements and

specific forms of attack (Holt, Turner, et al., ; Holt, Lee, et al., ; Lee et al., ). There

is far less research examining nation-state attacks and the degree to which they differ from those

performed by nonaffiliated ideological actors (see Valeriano & Maness, ). This is likely due to

the hidden nature of these incidents, as they are largely made known to the public by the media