A General Theory of Cybercrime

I was recently involved in a conversation with colleagues where we marveled over the abundance of suitable victims that perpetuate cyber-criminality. Police agencies around the country receive daily calls from people who wish to self-report their technology-enabled victimization. I am cautious to not engage in victim shaming but the majority of these reports leave investigators speechless. Literally, head shaking and speechless.

Our conversation begged the question: Why do we even show up to work anymore? We could be sitting on a sunny beach, drinking pina-colada’s, and running Craigslist frauds from our prepaid cellphones!

The conversation was obviously in jest, but the underlying questions have stuck with me. Internet-facilitated crimes are fairly easy to conduct, remain a relatively low risk, and are very profitable. So what keeps those of us who understand the methods and mechanics of cyber-fraud from committing them ourselves? There are thousands of law enforcement and private security practitioners all around the world that have a deep understanding of how, and why these fraud techniques work. They know the capabilities of law enforcement and are aware of what gets investigated and what does not. And yet, they continue to show up every day to fight the good fight and never engage in any criminality. Even when crime is the easier and much more profitable choice.


Criminologists Michael Gottfredson and Travis Hirschi believe the answer is self-control. The opportunities for crime are so prevalent, the lack of self-control is the main cause of crime.

Gottfredson and Hirschi published the book “A General Theory of Crime” in 1990 and loudly claimed that their propositions apply to all forms of crime. They stated crime can only occur when someone with the propensity to commit a crime has the opportunity to commit a crime. Many people have the opportunity to engage in criminal activity but not the mentality, while those with the mentality don’t always have the opportunity. Crime only occurs when the person with the criminally agreeable mind meets in time and space with the opportunity.

The couple proposed that engaging in criminal behavior is the consequence of low self-control. People who have healthy self-control can resist the impulse to engage in criminal behavior when presented with the opportunity.

I am also a strong adherent to the Routine Activity Theory as proposed by Marcus Felson and Lawrence Cohen. The criminologists asserted that crime occurs when the motivated offender meets the suitable target at the same time and place that lacks a capable guardian. Crime will not occur if any one of those elements is removed from the setting. The motivated offender must have the mental capacity to engage in anti-social behavior and carry out the criminal act. The criminal lacks the self-control to stop himself from offending. The healthy individual may find themselves in the same place as the suitable target, in the absence of a capable guardian, but has the self-control to not take advantage of the situation and engage in criminality.

Of course in the realm of Internet-facilitated fraud, time and place are fluid. The suitable target and willing offender can be individually anywhere in the world and still meet in time and place. And chances are, there will not be a capable guardian present.

The opportunity to commit cybercrime is extremely prevalent so the only reason the thousands of law enforcement officers, security investigators, penetration testers, and intelligence analysts, don’t engage in the practice themselves is their own self-control.

Congratulations my fellow investigators and security practitioners, you have the honorable distinction of extremely high self-control. Now get back to work because there are just as many who don’t!

In the meantime, I’ll be working on gaining the same self-control when confronted with sugary cinnamon pastry products.

#cybercrime #policing #criminology #cinnamon_buns