If pathways into cybercrime are social and developmental, effective responses should be, too. This section focuses on identifying intervention points across the recruitment cycle and reviewing programmatic responses, from diversion and skills-redirection to structured rehabilitation.
The cases mentioned at the beginning of this brief—Ansari, Kurtaj, and members of Scattered Spider—show a range of responses from different regions and distinct intervention points. Organizations have attempted to formally lay out different intervention points for cybercriminals; CREST, for example, considers a spectrum of legality from legal general digital interest to illegal serious cybercrime. Points of intervention range from raising awareness of online social responsibilities to developing resources such as coding clubs, positive marketing activities within hacking forums, and advocates’ demonstration of skills in the community.
As CREST stated in a presentation about cybercrime prevention: “A criminal justice system should be able to provide exit routes from a cyber criminal pathway, particularly if an individual has been identified as suitable for an offender prevention intervention after they have been arrested, prosecuted, and/or imprisoned.”
Punishment alone does not stop reoffending, nor the often lifelong cycle of offense, prosecution, punishment, and recidivism. While there is a recognized need for rehabilitation options, online offenses generally lack this across regions, particularly in the case of cyber-dependent crimes that do not have a non-technical counterpart. One key historical difference for cyber-dependent crimes compared with other types of crime is that they traditionally required strong technical skills. The evolution of cyber-dependent crimes that can be attained with lower technical skills now creates a self-reinforcing effect: The pool of youth offenders is widening at the same time that opportunities for redirection into legitimate work and workforce training remain inaccessible. Reintegration into society through legitimate employment after rehabilitation has also historically been challenged by the existence of a criminal record. In some countries, such as the United States, a number of employers exclude individuals with criminal records from their hiring processes.
Some countries, however, have launched initiatives that aim to divert potential or caught cybercriminals. Ian Glover, then-president of CREST, stated that “these initiatives work best when they are integrated with those that demonstrate proper career paths, and that you can earn as much, if not more, on the right side of the law.”
Authorities in the Netherlands have developed the Hack_Right program, an alternative criminal justice program for young first offenders of cyber-dependent crimes. The project was planned in 2018, and shortly after, began a pilot implementation targeting young offenders between the ages of 12 and 23. In an evaluation of the program, researchers at the Netherlands Institute for the Study of Crime and Law Enforcement noted: “The police and Public Prosecution Service saw a large influx of (young) computer crime suspects and noticed that these suspects had a different profile than usual crime suspects. Cybercrime suspects were suggested to be younger, not aware of the consequences of their behavior, and to have more intrinsic motives.”
The program contains four components: recovery, training, coaching, and alternatives. Despite high levels of satisfaction reported from the implementers themselves, the satisfaction of offenders varied, with the key complaint being that assignments were too easy and that the overall objectives were unclear. Implementers also noted that participants were not initially open to supervisors or that supervisors found it difficult to “move into [the offenders’] world of experience.” In the worst cases, participants were critical of supervisors and saw them as annoying because of their lack of understanding. Yet despite these reviews, only one participant out of 18 claimed to not have benefited from the program.
In the United Kingdom, intervention panels are now being piloted for cyber-dependent criminals specifically. The targets are those who have been assessed as capable of causing significant harm, and they have to be referred to the program by a parent or guardian, an educator, an officer, or a judge. A panel of professionals then reviews the individual’s personal circumstances and helps determine what intervention is appropriate, contrasting with the Dutch approach, which strives to create a more universal pathway that can be followed by offenders. U.K. intervention may consist of mental health support, social skills development, further education, and access to an online portal where participants can develop their technical skills and directly connect with potential employers. More so than the Dutch approach, the United Kingdom aims to address the underlying causes of criminal intent and preserve talent for future redirection.
In the nongovernmental and private sectors, projects such as Immersive Labs’ Cyber Million or Virtue and HaptAI (Hacking Aptitude AI recruitment platform) from The Hacking Games are attempting to address the issue before a crime is committed, connecting young hackers-to-be with clear pathways to mentorship and employment. Although these programs have attracted investment and involvement from the community (and in the case of The Hacking Games, partnerships with large companies and public or regional organizations like ECSO), their tangible impact has yet to be comprehensively measured.
Overall, public or public partnership programs that pair accountability with capability-building and prosocial belonging show great promise.
Click Here For The Original Source.
