See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/303418684

Discovering credit card fraud methods in online tutorials

Conference Paper · May 2016

DOI: 10.1145/2915368.2915369

CITATIONS READS
5 6,291

3 authors, including:

Gert Jan van Hardeveld Craig Webber

University of Southampton University of Southampton
6 PUBLICATIONS   13 CITATIONS    29 PUBLICATIONS   220 CITATIONS   

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Gert Jan van Hardeveld on 23 May 2016.

The user has requested enhancement of the downloaded file.

 Discovering credit card fraud methods in online tutorials
Gert Jan van Hardeveld Craig Webber
University of Southampton University of Southampton
gjvh1g13@soton.ac.uk c.webber@soton.ac.uk
ABSTRACT
Online underground forums allow for the sharing of up-to-date
knowledge on how to optimally commit an online crime. Tutorials
focusing on specific online crimes are commonplace and provide
members of underground communities with all the information
needed to engage in illicit transactions. In this article, tutorials that
focus on the online process of cashing out stolen credit card
details, i.e. carding, will be analysed. A crime script analysis will
reveal the most common ways in which carding is executed. We
found that if these paths are meticulously followed, interceptive
opportunities are limited for law enforcement. Cases of deviation
from these paths are not uncommon, which renders situational
crime prevention measures less effective. As a potential solution,
we propose the uptake of prospect theory as an analytical tool to
account for deviations from the criminal optimal norm. In future
work, such a method could better account for all the various ways
in which fraudulent activity is committed and contribute to
thinking about new preventive measures.
Keywords
Carding; Cybercrime; Crime script analysis; Tutorials; Prospect
theory; Situational crime prevention; Underground markets; Tor.
1. INTRODUCTION
Online forums and marketplaces specialising in the sale of illicit
goods and services have risen exponentially in number over recent
years. Its members have evolved in ingenuity and have taken up
specialised roles. This has opened up opportunities for
cybercriminal labour division, as no one needs to own the entire
criminal value chain anymore [1]. Underground forums have
proven to be environments in which users can find efficient and
innovative methods to execute a cybercrime, exchange their own
knowledge on the topics and learn how to stay secure and thus out
of hands of law enforcement [2], [3], [4]. The crimes committed
generally yield relatively low gains, but occur in large quantities
[5]. A widespread example of this is the abuse of stolen credit
card details, also known as carding. On some underground
marketplaces hundreds of millions of dollars are illicitly earned
from exploiting such stolen credit card details [4]. With the spread
of tutorials in the online underground communities it can be found
out what the most common paths taken are in the process of
carding. In this work a crime script analysis will be created to
look at the carding process. An improvement of these methods
will be proposed by looking at prospect theory and in turn account
for anomalies from the most commonly taken criminal paths.
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page. Copyrights
for components of this work owned by others than ACM must be
honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior
specific permission and/or a fee. Request permissions from
Permissions@acm.org.
OnSt16, May 22 2016, Hannover, Germany
© 2016 ACM. ISBN 978-1-4503-4364-0/16/05…$15.00
DOI: http://dx.doi.org/10.1145/2915368.2915369
Kieron O’Hara
University of Southampton
kmo@ecs.soton.ac.uk
2. BACKGROUND
Transactions of illicit goods and services are often executed in
similar ways. Online criminal forums therefore exhibit learning
structures that are focused on providing members with the safest
methods to engage in illicit transactions. The steps that should be
taken are often similar and presented in tutorials. Such tutorials
can both focus on specialised knowledge or on more general
knowledge [3]. The former are particularly of interest to users
who want to do business on a larger scale and explore new
methods that can lead to a large income, while the latter are often
written for beginners and focus on the basic steps during a
transaction to ensure one’s security while carding. While some
tutorials are offered for free, the majority is not. Specialist
tutorials from which potentially enormous income can be obtained
are offered for large sums of money, sometimes several thousands
of dollars, and can even come with personal guidance and a
training process. Such tutorials will first be tested by a high-up,
trusted member of the community, to check whether the method is
as effective as advertised and once approved it will be possible for
‘normal’ members of the community to purchase it.
Beginner tutorials are offered for much lower prices, generally
less than a hundred dollars, and focus on basic steps that have to
be taken to cash out stolen credit card details. Some of such
tutorials communicate how one has to stay anonymous.
Encryption techniques and proxy servers, such as PGP and
SOCKS5 are for example explained, as these can make it much
harder for law enforcement to lead back to the IP addresses of
perpetrators involved. Sometimes, tutorials get leaked in the
community to provide members with free information on how to
become successful members. These free tutorials provide
researchers with a better understanding of the various steps
members of criminal communities are advised to follow. As the
steps that users of criminal marketplaces are advised to take are
thus repetitive, crime script analysis is a method that can grasp the
criminal process well and give insights into fraudulent activities.
3. CRIME SCRIPT ANALYSIS
3.1 Analysing carders common paths
Crime script analysis is described as a way of “highlighting the
procedural aspects of crimes” [6]. It outlines all the actions that
have to be performed in preparation, execution and completion of
an offence and can in this way help to understand crime types,
deconstruct a (complex) crime in its integral parts and contribute
to the development of crime prevention programs [7], [8]. The
goal of crime scripting is situational crime prevention (SCP),
which focuses on the creation of techniques for certain
environments to reduce the opportunities for specific kinds of
crime [9]. A script approach can enhance SCP, as it points to more
possible intervention points [6]. Crime scripts are written from an
offender’s perspective and were traditionally applied to street
crimes. However, over the years crime scripting has been used for
a wide range of more complex and international crimes [10].
Examples of these include money laundering [11], child sex
trafficking [7] and online drug trafficking [12]. As online criminal
forums have an international and anonymous nature, the
procedural aspects of those scripts should not be created for a
particular physical location, as is often done with the analysis of
street crimes, but should focus more on people, actions and tools
used. An in-depth analysis and modelling of how these elements
work can show weaknesses in the process. This can inform best
practices in detecting and preventing online fraudulent activity.
3.2 Finding points of prevention
To create the crime script, tutorials on carding found on forums on
anonymity network Tor, often referred to as ‘the dark web’, have
been analysed. The analysis of these tutorials shows the typical
ways in which stolen credit card details are cashed out and what
security measures perpetrators take to stay out of hands of law
enforcement. The crime script will not show all the possibilities in
which certain crimes can be committed. However, the scripting
approach is still useful as it can help in identifying the most
significant steps of criminal operations. Such findings can in turn
lead to an illumination of ‘structural choke points’ [13]. These are
parts of the criminal operation that are crucial for criminal profits
and can, once targeted properly, lead to a reduction in
opportunities and incentives to engage in such criminal operations
[14]. The removal of key brokers, such as for example illicit
marketplaces or abused online currencies, can lead to a major
disruption in online criminal environments. However, a major
issue is that not every crucial element for criminal operations is
illegal. This makes it questionable to what extent such choke
points can be targeted. Anonymity tools or cryptocurrencies have
for example importance outside of cybercriminal spheres.
  Check
  encrypted
  Mac
  DNS
 Security
  Socks5
  VPN
 
  VPS
Changes in the (criminal) environment will also cause scripts to
  disk
  spoofing
  leaks
that may not yet have been noticed. This anticipating approach of
our work presents new opportunities for crime prevention.
Hutchings and Holt [8] have already studied the stolen data
market with a crime script analysis. Their analysis is based on
forum threads discussions and broad in nature. Our research adds
to this by analysing tutorials and as such offering a more in-depth
overview of specific procedures in cashing out stolen card details.
3.3 Data
The script in this work will focus on the process of buying and
using stolen credit card details and will in this way show how
buyers use it for personal profit. To create the script that can be
seen below, 25 tutorials were analysed. These tutorials were found
on various forums on Tor. Often such tutorials are offered for a
price, but the 25 used were freely available. Some tutorial sharers
felt that the community should be maximally aware of how to
‘card’ in an optimal manner, without monetary restrictions, while
some posted someone else’s tutorial, which would normally only
be sold for a price, as retribution for overdue payment. Most
tutorials focus on the entire process of carding, from buying stolen
card details to cashing them out, but some only look at parts of the
criminal process, such as specific methods to cash out or ways to
obtain a drop address. From an analysis of the tutorials, the
following six-scene process below was derived as most commonly
advised optimal carding process.
3.4 Carding crime script
Set-­‐up
1.
Prepara)on
Obtain
cryptocurrency
pseudonymous
account
Virtual
Virtual
2.
RDP
machine

evolve. Scripts are thus always a snapshot in time, as the

3.  Buy  cards   Fullz   CVV  
continuous arms race between law enforcement and users of illicit
marketplaces will spark new innovations in criminal innovation to 4.  Find  
Find  website  with  bad   Register  as  cardholder  on   Create  email  address  with  
'cardable'  
ensure the strongest kind of security. However, there will always websites   security   website   cardholder's  name  

be best practices, which thus allows for temporal routinisation. 5.  Cash  out   Get  drop  to  get   Verify   Launder  money  with  
Use  gateways  
Such routinisation should nevertheless be complex and able to cards   products  delivered     accounts     middleman  accounts  

deal with uncertainty, to avoid law enforcement’s interference. 6.  Security   Wait  with  ordering   Leave  review  
Receive  product   Clean  cookies   Start  again  
Cornish [6] therefore included the concept of ‘permutations’ in aRer   new  product   on  forum  

the scripting approach, which are added paths in crime scripts that
can show alternative ways of carrying out actions in the criminal
process. His concept of the permutator “offers a heuristic device
for stimulating thinking about the range of possible, feasible, and
actual procedures, variations and innovations”, which shows the
“inherently dynamic quality of scripts” [6]. Listing the various
pathways that can be taken in the execution of a specific crime
also has the benefit that it may help clarify what types of
displacement can occur. An example of this in the online realm is
that when an online criminal market used to be shut down by law
enforcement agencies, users simply move to another similar kind
of market [8]. Such displacement thus needs to be anticipated.
Crime scripts can inform law enforcement about the practices of
cybercriminals, which presents more opportunities for prevention.
The script needs to be an accurate representation of an actual
crime-commission before such opportunities may arise. Scripts
are generally created from trustworthy sources, such as expert
interviews [12], offender interviews [15], analyses of court
transcripts [10], [16] and/or expert questionnaires [11]. While
these methods have all shown to be effective and in turn led to
good crime scripts, they purely base their content on past events.
In our work we intend to approach the problem in an anticipating
manner by looking at tutorials. In this manner, intelligence can be
offered to law enforcement and industry that anticipates offences
3.4.1 Preparation – Information gathering
The first step is the only essential part of the transaction process
that is not described in tutorials. When someone reads one of
these tutorials, he/she will already have gone through certain
steps. Potential carders will have to get familiar with the
environment they are entering. They will have to find the right
forums to buy card details, set-up a pseudonymous account, read
through significant amounts of posts and obtain the right
(crypto)currency to pay for a tutorial if it is not provided for free.
3.4.2 Pre-entry – Security
Throughout the process of carding there is one crucial element
that ties all the other steps together and can lead to an arrest of the
carder if executed wrongly: security. Generally, members of the
underground communities are strongly advised to have their
operational security in place before they begin the process of
obtaining cards. More specifically, it is advised to carders to
protect their physical computer by using a virtual machine for
anything carding related. By creating a virtual encrypted disk with
a virtual machine on it, everything is encrypted when the
computer is switched off. If law enforcement should then storms
one’s house, the plug can quickly be pulled on the computer and
there will be no simple way to access evidence on the computer
anymore, as it is all encrypted. Remote Desktop Computers
(RDP) and Virtual Private Servers (VPS) can also be used. It is
sometimes recommended to spoof the MAC address of one’s
computer, to pretend it belongs to another device on a network.
Furthermore, connecting to open Wi-Fi is advised. Finally, it is
advised to carders to clean cookies before becoming active.
Another important security step, which is mentioned in almost
every tutorial, is the use of a virtual private network (VPN). VPNs
are used to create private, encrypted and secure connections and
to protect against snooping into one’s Internet traffic. According
to some tutorials, a problem with VPN’s is that merchants can see
when someone using their services is using a VPN service.
However, it is still seen as an extra layer of protection and
recommended within the underground community. Some tutorials
recommended using a SOCKS5 proxy on top of a VPN to get
around merchants’ blacklisting. SOCKS5 proxies enable a user’s
location to appear to be somewhere else than it actually is.
Carders use SOCKS5 proxies in a later stage of the process to
impersonate cardholders by setting their location within a hundred
kilometers from the home location of the cardholders.
3.4.3 Entry – Buying stolen credit card details
Once a carder has obtained the right (crypto)currencies and
security measures are in place, stolen credit card details will be
bought as a next step in the process. Card details are often
acquired by sellers through data breaches at companies, key
loggers, phishing scams or by physically skimming ATMs [8].
They are then sold on carding forums, which can be found both on
the ‘regular’ web and on Tor. Cards are offered from a wide
variety of countries and will be priced based on their ‘freshness’,
i.e. how recently they have been illegally acquired by the seller.
The most commonly offered products are CVV and Fullz, the first
specifically focusing on all the details on a credit card, such as the
card number, expiration date and cardholder’s name, while the
latter generally includes the information of an individual needed
for fraudulent purposes, such as date of birth, mother’s maiden
name, home address, email address, phone number and so on.
3.4.4 Pre-activity – Finding ‘cardable’ websites
After stolen credit card details are obtained, carders will try to
generate as much profit from the cards as they possibly can before
they are ‘burned’. Cards are burned if the bank blocks them after
cardholder and/or the cardholder’s bank discovers the illicit use of
the card. The security measures of the websites where they try to
use the stolen card details are an important consideration for
carders, i.e. how ‘cardable’ they are. Some tutorials argue that it is
best to try and move away from large online retailers, as the
smaller ones will have less security procedures in place. For
example, they may not use ‘Verified by Visa’. On the other hand,
smaller businesses might contact law enforcement more quickly
after they notice a loss, whereas large retailers might just take the
loss as they might see such a process as too time-consuming.
3.4.5 Activity – Cashing out cards
Before the card gets ‘burned’, carders will try to obtain physical
goods, money, services or vouchers. Money, services and
vouchers can generally all be dealt with ‘virtually’, i.e. nothing
has to be dealt with in person. However, when ordering physical
goods, the carder will need a ‘drop’ in place. A drop is a place
where a carder can send the goods that were obtained with stolen
card details. It is stressed strongly in tutorials that the drop address
cannot have any links to the carder’s life. Drops should therefore
be far away from one’s home address. In some countries
abandoned houses are used. Another recommendation is to set-up
pick-up schemes, which involves the carder hiring someone to
pick-up packages and to drop them in yet another location where
the carder picks them up. This extra step can render the package,
and thus the carder, harder to trace as the drop address will also be
of no use to law enforcement.
Carders use stolen credit card details to obtain a wide variety of
goods. The most popular items according to one tutorial are
electronics, such as computers, laptops, tablets, televisions etc.
Because of this, it is advised to move away from those kinds of
items and to look at obtaining cheaper products as well, as the
chances of succeeding might then improve. It is also advised to
make orders look legitimate, i.e. for example by using gift-
wrapping and not spending too much on products in one go. To
order physical items from online retailers, it is often advised to
use PayPal for payment. Carders should first create email
addresses on the cardholder’s name, to open the PayPal account
with. To make the carder’s illicit transactions seem even more
legitimate, it is advised to ‘age’ their PayPal accounts. The
process of aging involves sending some legitimate funds through
the account to make it credible. The longer this goes on before
illicit transactions are made, the more amounts of dirty money can
be send through at a later stage.
Middlemen accounts are used on PayPal to launder money.
Tutorials advise the use of one IP-address per account. This
makes it seem more as if the accounts actually belong to different
people in different locations. If all the transactions are made from
and sent to the same location, the security algorithms might pick
this up, as PayPal payments normally come from all over the
world. SOCKS5 also has to be used by the ‘buyer’, as it has to
match the cardholder’s location. The multiple accounts can be
used to launder money in a wide variety of ways. Such methods
are not specific to PayPal, as they are also used with other
payment providers. Some examples of common ways in which
carders launder money from cardholder’s accounts can be seen in
table 1. Next to the most common methods, there are also
methods that are mentioned less often in the tutorials. Online
poker and the purchase and reselling of coins in MMORPG’s
were some of the examples found in the analysed tutorials. It must
be taken into consideration that this work is only an analysis of 25
tutorials and that there thus will be many other methods in place.
Table 1. Different methods by which carders launder money
Carding launder
Description
method
- Create event that will not actually
take place
Fake events - Set price of tickets to around $100
- Buy own tickets with card details
- Send money to own account
- Buy alternative cryptocurrency (i.e.
not Bitcoin) with stolen cards
- Transfer alternative coins to Bitcoin
Cryptocurrencies - Optional: use Bitcoin mixer to
make origin of coins harder to trace
- Optional: transfer Bitcoin to regular
currency and into carder’s bank.
-­‐ Create several accounts on
freelancing website
-­‐ Use different IP’s and email
Freelancing
addresses per account
websites
-­‐ Create job with one account
-­‐ Fill the ‘vacancy’ (other account)
-­‐ Pay ‘freelancer’ with PayPal or
 wire transfer from one another to optimise their security measures. Systematic
overconfidence in risk judgements may play a big role in potential
-­‐ Create, verify and ‘age’ PayPal opportunities for law enforcement in addressing online crime.
account on cardholder’s details This theory presupposes that people generally believe that risk is
-­‐ Buy gift cards on gift card websites less likely to happen to them than to others [20]. Users of
Gift cards
-­‐ Resell gift cards underground forums may thus for various reasons, for example
-­‐ Receive money on bank or PayPal lack in technical skills or time-pressure, abstain from applying
account certain security measures as they believe it will not affect them.
In one of the tutorials it was for example stated that there are
3.4.6 Post-activity – Security and reputation after hundreds of possible ways to cash-out stolen credit card details.
After the carder has successfully transferred products to a drop or This is hard to present in a clear way. Cornish however argues
money into an account owned by him/her, a last couple of security that permutations can be useful when thinking about how to use
steps have to be taken. For example, after every transaction a situational prevention strategies and also to anticipate which kinds
carder should clear cookies. Next to security steps carders may of displacement might occur after implementing such strategies.
also go back to the forum where they bought the stolen card In future work, next to the observed most common paths, it needs
details from and leave a review for the user from which they to be shown what the most common anomalies are and how they
bought the card details. Thereafter, a carder might decide to never can be addressed. Below we will discuss situational crime
do it again or to start the process all over again prevention measures if users follow optimal paths from tutorials.
4. PROSPECT THEORY 5. PREVENTION AND DISPLACEMENT
While this script gives us interesting insights into carding, the Situational crime prevention is an approach to crime reduction
origins of the method need to be kept in mind to determine its that does not try to change offenders or solve underlying societal
validity in this context. The origin of crime script analysis lies in issues. Instead, it tries to find measures for specific crimes by
the area of rational choice theory and thus presupposes that altering the design or management of the immediate environment
criminals, depending on their available resources, will make in which the crime gets committed [21]. The great difficulty with
optimal decisions. However, users of underground marketplaces putting effective preventive measures in place is that, as shown in
are making decisions under risk and will have different opinions the script analysis, people who try to cash out stolen credit card
on how to stay out of hands of law enforcement. Therefore, they details mainly use tools, such as Tor, proxy servers and remote
will not all follow the same paths, as some will deviate from the desktop computers, that are also widely used among audiences
norms within the community. In contrast to rational choice theory, with legitimate purposes. Structural choke points need to be
prospect theory argues that people perceive outcomes as gains and identified in an online criminal environment before potential SCP
losses, not as a final state of wealth [17]. Such gains and losses measures can be put into place [13]. In table 2, we have gathered
are held against a neutral reference point, which mainly depends some potential measures in response to common paths found in
on the current asset position of the decision maker, but also tutorials. If effective, these can reduce the abuse of stolen credit
depends on the formulation of prospects and expectations of the card details. The measures are based upon sixteen opportunity-
decision maker whether outcomes are seen as gains or losses. reducing techniques [21], which can be seen in the last column.
Loss aversion is seen as an integral part of prospect theory. Table 2. Potential measures against carding
Responses to losses are more extreme than responses to gains.
This can for example negatively affect negotiations, as one’s own Opportunity
Structural choke
losses always seem larger than similar gains obtained from Potential measure reducing
point
another party [18]. However, there does not only lie importance in technique
the fact that people dislike losses, but the main interesting aspect Illicit forums Seize illicit forums Access control
of prospect theory is that losses can cause greater psychological Make agreements with Controlling
harm than gains can manage to yield [19]. Law enforcement and Use of VPN’s
providers facilitators
security companies should keep this in mind while thinking of Make agreements with Controlling
prevention measures. Their final goal should be that the carding Use of SOCKS5
providers facilitators
communities’ perception sees carding as just as risky as the gains Pressure companies to Target hardening
are appealing. This would enhance loss aversion, change Obtaining cards increase security
perceptions of profitability and in turn reduce credit card fraud. measures
On underground forums at least one reference point applies to all: Get involved in Stimulating
the importance of staying out of hands of law enforcement. Users Criminal communities and talk conscience
will have different understandings on how to do this. Still, there conscience about how carding
will be some ground rules that almost every member will know. It affects people
is for example a very clear prescription that one can never use
Motivate online Target hardening
one’s real name on underground forums. However, there are also
Website security retailers to increase
other, more vague, steps in decision processes of a user. Decisions
security
on how to cash-out a credit card can depend on the current
Promote taking up of Denying benefits
popularity of a method on forums and on previous success or
Usability of cards extra security steps on
failure in trying a method.
retailer’s sites
The fact that the perception of the safest path may alter over time Increase surveillance at Surveillance by
Drops
and that it may depend on vague formulations could offer drop addresses employees
opportunities to law enforcement in addressing online crime. Motivate event and Deflect offenders
Gateways
Different choices will be made by users of underground forums freelancer websites to
 verify events and jobs
Leave negative reviews Deflect offenders
to scare away potential
Reviews
buyers (i.e. slander
attack)
Plant tutorials with Deflect offenders
Tutorials
wrong information
From the table it seems that there are many opportunities to
reduce the abuse of stolen credit card details. Some of these
measurements might have some effect, but most will not have
lasting impacts. If not executed on a mass scale, most users will
simply evade the taken measures. Displacement will occur as
there are many alternatives to benefit from stolen credit card
details. Situational crime prevention methods will not be
maximally effective if the online perpetrator is seen as a rational
agent, because such an agent will always know how to stay secure
and how to displace. If users of underground forums are not
perceived as fully rational, situational crime prevention techniques
may work. Prospect theory should be used in future work to map
effective opportunities for preventive and interceptive methods.
6. CONCLUSION
This study has conducted a crime script analysis of the abuse of
stolen credit card details, created from tutorials found on
underground forums. As such, it offers intelligence into various
ways how stolen credit card details are being cashed out.
However, it has been stressed in this paper that crime script
analysis only finds the most common paths taken, but fails to spot
anomalies. Therefore, prospect theory has been proposed as a
method that can complement crime script analysis in future work,
as it better accounts for the various ways in which online crimes
are committed. Then, a wider variety of potential paths taken can
be addressed, which can decrease options for displacement and
thus reduce the profitability of stolen credit card details.
7. ACKNOWLEDGMENTS
This work was supported by the EPSRC, grant number
EP/G036926/1. The Digital Economy Theme is a Research
Councils UK cross council initiative led by EPSRC and
contributed to by AHRC, ESRC, and MRC. Kieron O’Hara was
partly supported by EPSRC project SOCIAM, grant number
EP/J017728/2. The sponsors do not necessarily hold findings,
opinions and conclusions in this article.
8. REFERENCES
[1] Thomas, K., Yuxing, H., Holt, T.J., Kruegel, C., McCoy, D.,
Bursztein, E., Grier, C., Savage, S., and Vigna, G. 2015.
Framing Dependencies Introduced by Underground
Commoditization. Workshop on the Economics of
Information Security. 1-24.
[2] Afroz, S., Caliskan-Islam, A., Stolerman, A., Greenstadt, R.,
and McCoy, D. 2014. Doppelgänger Finder: Taking
Stylometry to the Underground. In Proceedings of the 35rd
Conference IEEE Symp. Secur. Priv. 212-226.
[3] Yip, M., Webber, C. and Shadbolt., N. 2013. Trust among
cybercriminals? Carding forums, uncertainty and
implications for policing. Policing and Society: An
International Journal of Research and Policy, 23(4). 1-39.
[4] Ablon, L., Libicki, M and Golay, A. 2014. Markets for
Cybercrime Tools and Stolen Information: Hackers’ Bazaar.
View publication stats
The Rand Corperation.Retrieved 19 March, 2016 from:
http://www.rand.org/content/dam/rand/pubs/research_reports
/RR600/RR610/RAND_RR610.pdf.
[5] Moore, T., Clayton, R. and Anderson, R. 2009. The
Economics of Online Crime. Journal of Economic
Perspectives, 23(3). 3-20.
[6] Cornish, D.B. The Procedural Analysis of Offending and its
Relevance for Situational Crime Prevention. In R.V. Clarke,
Crime Prevention Studies, Volume 3, Monsey, NY: Criminal
Justice Press, 1994, 151-196.
[7] Brayley, H., Cockbain, E. and Laycock, G. 2011. The Value
of Crime Scripting. Deconstructing Internal Child Sex
Trafficking. Policing: A Journal of Policy and Practice, 5(2).
132-143.
[8] Hutchings, A. and Holt, T.J. 2014. A Crime Script Analysis
of the Online Stolen Data Market. British Journal of
Criminology, 55(3). 596-614.
[9] Willison, R. 2006. Understanding the perpetration of
employee computer crime in the organizational context.
Information and Organization, 16(4). 304-324.
[10] Lavorgna, A. 2013. Transit crimes in the Internet age: How
new online criminal opportunities affect the organization of
offline transit crimes. Ph.D. Dissertation. University of
Trento, Italy.
[11] Gilmour, N. 2014. Understanding Money Laundering – A
Crime Script Approach. The European Review of Organised
Crime, 1(2). 35-56.
[12] Lavorgna, A. 2014. Internet-mediated drug trafficking:
towards a better understanding of new criminal dynamics.
Trends in Organized Crime, 17(4). 250-270.
[13] Leontiadis, N. and Hutchings, A. 2015. Scripting the crime
commission process in the illicit online prescription drug
trade. Journal of Cybersecurity.
[14] Leontiadis, N. 2014. Structuring disincentives for online
criminal. Ph.D. Dissertation. Carnegie Mellon University,
USA.
[15] Tompson, L. and Chainey, S. 2011. Profiling Illegal Waste
Activity: Using Crime Scripts as a Data Collection and
Analytical Strategy. European Journal on Criminal Policy
and Research, 17. 179-201.
[16] Chiu, Y.N., Leclerc, B. and Townsley, M. 2011. Crime
Script Analysis of Drug Manufacturing in Clandestine
Laboratories: Implications for Prevention. British Journal of
Criminology, 51(2). 355-374.
[17] Kahneman, D. and Tversky, A. 1979. Prospect Theory: An
Analysis of Decision under Risk. Econometrica, 47(2). 263-
292.
[18] Tversky, A. and Kahneman, D. 1986. Rational Choice and
the Framing of Decisions. The Journal of Business, 59(4).
251-278.
[19] Jervis, R. 2004. The Implications of Prospect Theory for
Human Nature and Values. Political Psychology, 25(2). 163-
176.
[20] Sunstein, C. 1997 Behavioural Analysis of Law. University
of Chicago Law Review, 64. 1175-1197.
[21] Clarke, R.V. Situational Crime Prevention. 1997. Successful
Case Studies (2nd ed.). Albany, N.Y.: Harrow and Heston.