David Maimon

Cyber Criminologist

U.S.A. based Projects

Pocket Security - Smartphone Cybercrime in the Wild

Most of the world's internet access occurs through mobile devices such as smart phones and tablets. While these devices are convenient, they also enable crimes that intersect the physical world and cyberspace. This research examines how, when, and where people use smartphones and the relationship between these usage patterns and the likelihood of being a victim of cybercrime. This research is the first step to a better scientific understanding of how the physical world surrounding smartphone use enables cybercrime.  Once these unsafe patterns of behavior are identified, new techniques, tools, and training can be developed to help prevent smartphone users from becoming victims of cybercrime. This study is supported by the National Science Foundation. For more details about this study see the University of MD press release here https://www.youtube.com/watch?v=BgovWJHDRb4 , and the project website www.pocket-security.org.

 

Offending and Victimization of Corporate America: A Blueprint for Estimating the Prevalence of Known White Collar and Cybercrime Incidents in the U.S.

Due to the challenges experienced by formal justice agencies when recording white collar offenses by business and cybercrime incidents against U.S. corporations, our goals in this proposed research are two folded. First, we develop an open source data set that is able to support analyses of trends of cybercrime and white-collar crime in large corporations. And Second, we link the new data set with existing “business” data sets in order to allow the development of predictive models regarding U.S. corporations susceptibility to white collar and cybercrime. This project is supported by the College of Behavioral and Social Sciences at the University of Maryland.  

 

Physical, Social and Situational Factors as Determents of Public WiFi Users Online Behaviors

This study gathers data from public WiFi networks across the state of Maryland, and explores whether public WiFi users' online behaviors (both legitimate and illegitimate) and vulnerabilities to cybercrime victimization are shaped by (1) time of day; (2) the speed and level of security of the WiFi connection; (3) the socio-economic characteristics of the neighborhood within which the WiFi network is located; (4) the type of business operating the public WiFi; (5) the physical arrangement and number of individuals present in the location; and (6) the presence of cyber-security awareness cues in the physical environment. This project enables the development of strategies, policies, and best practices for encouraging safe use of public WiFi networks. This study is supported by the National Science Foundation (for more details see http://www.nsf.gov/awardsearch/showAward?AWD_ID=1444633).

 

Does the Presence of Legitimate Users Deter System Trespassers’  Online Activities?

This research applies sociological, psychological and criminological models in effort to better understand the effect of system configuration and situational stimuli in an attacked computer system on the progression and development of a system trespassing incident. Our randomized filed experiments allow the collection of data on system trespassers who gain illegitimate access to computers (by finding the correct combination username/password on SSH to a computer running Unix), and observe the presence of legitimate users on the system. This project is supported by a grant from the National Security Agency. You can see me discuss some of our findings from this project here https://www.youtube.com/watch?v=JEd125h5K_Y ). 

 

Protecting the Bazaar: The Ecology of Cybersecurity in Weakly Fortified Networks

This research focuses on a bazaar computing environment (i.e. weakly fortified computer networks where a wide variety of users engage in a range of activities with minimal security in largely unregulated settings) and seek to answer three broad research questions: (1) can users within bazaar environments be educated to engage in less risky on-line behavior? (2) can hackers within bazaar environments be deterred through available options? and (3) if users can be educated and hackers can be deterred what is the optimal environment in which IT management can maximize education of users and deterrence of hackers within weakly fortified environments? This study evaluates criminological theories within cyberspace using, in addition to survey data and experimental design, detailed network and target computer data drawn from the real time operation of an organization network ((for more details see http://nsf.gov/awardsearch/showAward?AWD_ID=1223634)

International Projects

Prevention and Mitigation of Computer-Focused Crimes: An Evidence-Based Human-Focused Approach

This project seeks to determine how prevalent are vulnerable private WIFI networks across different residential environments in two major cities in Israel, and whether illegitimate users of these private networks could be deterred from infiltrating them. To assess the volume of vulnerable private WIFI networks in large urban metropolitan we drive a vehicle around street segments in neighborhoods in Tel-Aviv and Jerusalem and listen to WIFI networks signals using a portable computer and a GPS device. We also conduct a randomized field trial to assess whether private WIFI trespassers could be deterred from login and using private WIFI networks. This project is funded by the Hebrew University Cyber Security Research Center.

 

Deterrence, Prevention and Regulation of Computer Crimes:  Human Focused Policy Study

Three major research questions are addressed in this project: First, how do we prevent legitimate computer users from engaging in online risky behaviors (involvement in deviant behavior and/or exposure to it)? Second, how deterrable are hackers and how can we modify their behavior in different stages of the offence? And finally, how does knowledge on the human players composing the victims-offenders-gatekeepers triangle is channeled and challenge the institutional practices that govern public policy responses to cybercrime? The Israeli Ministry of Science, Technology and Space funds the project. You can read more about this project here http://www.cybernudge.com ).