by Sifra Matthijsse
Co-authors: Wytske van der Wagen, Elina van ‘t Zand and Tamar Fischer



“A man has been jailed for two years for setting up a computer hacking business that caused chaos worldwide […] Ben Cooper, defending, appealed for his client to be given a suspended sentence. He said Mudd had been sucked into the cyber world of online gaming and was “lost in an alternate reality” after withdrawing from school because of bullying. […] Cooper said: “This was an unhappy period for Mr. Mudd, during which he suffered greatly. This is someone seeking friendship and status within the gaming community.” (The Guardian, 2017)


The above-mentioned news item illustrates how the desire to make friends or build a reputation online can lead to the start of a cybercriminal career. This raises the question of how the online environment affects the decision of cyber offenders to get involved in these offences. This blog post discusses a few criminogenic factors that are unique to the online context, and the implications of these factors for appropriate and effective interventions for cyber offenders.
The information is based on research that we conducted to generate more systematic knowledge about the characteristics of juvenile and adult offenders of computer-focused crime [1]. This research involved a systematic review of 99 studies and interviews with experts from governmental and private organizations [2] (29 interviews, 2 focus groups, 1 expert meeting and 1 round table). In addition, 14 in-depth interviews were carried out with offenders inquiring about their involvement in cybercrime. The majority was convicted of one or more computer-focused offences (such as hacking, DDoS attacks [3] and virtual theft). The minority was also involved with these offences but was never apprehended or convicted.


Are criminogenic factors different in the online context?

The research reveals that multiple criminogenic factors contribute to both traditional and cyber offending. However, due to the online environment and (technical) nature of the offences, the criminogenic factors that are relevant to cyber offending differ from traditional offending in a number of important ways:


Influence of (delinquent) peers
Having delinquent peers is considered an important criminogenic factor for traditional types of crime, because individuals learn behaviour through the observation and imitation of others (Weerman, 2011; Paternoster, McGloin, Nguyen & Thomas, 2012). Many cyber offenders lack a large social network in the offline world, but have an extensive social network online that gives them a sense of belonging. Our research suggests that the influence of peers could be even stronger in the online context due to a higher level of exposure to pro-criminal attitudes as the following case illustrates:

Consider the case of X, one of the interviewed offenders. His interest in hacking started while playing a virtual game as a child. Hacking, DDoS-attacks, gambling and scamming were common in this particular game (X actually referred to them as mafia-practices for children). He discovered that other players were scamming people by asking for a password in exchange for credits. After being scammed himself, he decided to give it a try as well, first by employing the same social engineering technique, and later by hacking. X mentioned that he learned to hack by doing research (watching tutorials, reading posts on forums) but that he also learned from other hackers playing the game. He exchanged techniques with them and they worked together as a team to commit the hacks. At first, they only hacked players in the game itself, but later moved on to other systems outside of the game. X mentions that the hacks and the fact that it made him rich in the game gave him status, recognition and a reputation within his peer group and outside of it.

The online world allows users such as X to interact 24/7 on a wide variety of platforms, which in turn generates ample exposure to delinquent peers [4] and pro-criminal ideas and behavior. As the example shows, committing cybercrime is normalized and encouraged in online communities such as gaming and hacking forums. In these virtual peer groups it is important to demonstrate your skills (your technical abilities, innovative methods and achievements) in order to get accepted and to gain respect, as was the case for X. Particularly for cyber offenders who seek recognition and feel the urge to prove themselves, these online social platforms play a role in the start-up as well as the development of a cybercriminal career.


Neutralization techniques and online disinhibition
A lot is written in criminology about the use of neutralization techniques by traditional offenders, referring to techniques that offenders can use to legitimize and rationalize deviant behavior (Sykes & Matza, 1957). Like traditional offenders, cyber offenders downplay the seriousness of the crime and regularly use neutralizations such as the denial of a victim or the denial of injury. For example, offenders refer to the weak passwords that victims use (stating that they bring the hack upon themselves) or point out that they merely copied data from the hacked server and did not destroy anything. However, our research suggests that these rationalizations can be amplified in the online context by two factors.

Cyber offences take place in a so-called ‘hyperreality’, which means that committing a cyber offence can feel like playing a game in which an offender can completely lose himself. The offender may experience that his actions do not have real or severe consequences. X described that the hacks felt like a game in and of itself.

Moreover, the distance between the offender and the victim is more substantial in the online context. In most cases, the victim is anonymous, abstract and random and there is no direct confrontation, which makes it easier for the offender to (emotionally) distance himself from the victim. At the same time, the offender cannot completely oversee the damage caused. In the case of X, he expressed that he often did not notice who he was targeting since he hacked thousands of accounts randomly and was simply logging in, taking the data, logging out and moving onto the next target. As stated in his own words: “It’s just one big ocean and I’m just taking out some fish”. X mentioned that he did not really think about possible damages to the victim.

These aspects are related to the so-called online disinhibition effect. This concept refers to the idea that an anonymous online environment removes inhibitions or reservations, which causes individuals to behave differently online (Suler, 2004). It follows from our research that as a result of online anonymity, offenders are more likely to act deviant than they would offline, where they would experience judgment from others or other feared consequences.
In addition, the online context and the anonymity can generate a feeling of inviolability (feeling untouchable). This is also related to the idea that the chance of being caught is relatively low for cybercrime [5]. As X described, it seems easier to commit cybercrime rather than crimes like burglary or robbery, because you can do it at home behind your computer, more easily hide your identity or tracks, and the chances of getting caught are lower.

Implications for interventions

Our research concludes that the online context plays an important role in both the start and the development of a cybercriminal career. This can have implications for interventions, both in terms of identifying the involved criminogenic factors (which can help determine which interventions are suitable for the offender in question) and to what extent the interventions themselves take the role of the online environment into account.
Firstly, risk-assessment tools that are used to identify criminogenic- and protective factors do not take the online context into account sufficiently. In order to make decisions about interventions for cyber offenders, these instruments must be ‘upgraded’ to capture factors related to the online environment and online disinhibition.
Secondly, even though new interventions are being developed that are tailored to the unique features of cyber offenders, traditional interventions such as learning social skills or tackling a pro-criminal attitude can also be potentially suitable. However, these interventions do not yet consider the challenges of the online context, so they will probably be less effective for this target group. For instance, an intervention based on creating awareness for the damage and victim will be less effective if the hyperreality and distance between victim and offender is not taken into account. Our recommendation is therefore to find out what adjustments are needed in these existing interventions. This requires further research.


[1] Computer-focused crimes can only be committed by using a computer, computer network or other form of ICT.
[2] Among others: Police, public prosecution service, judiciary, (youth) probation service and Halt as well as industry experts, researchers and freelancers with knowledge about cyber offenders.
[3] A Distributed Denial-of-Service (DDoS) attack is an attempt to make an online service such as a website unavailable by overwhelming it with traffic from multiple sources.
[4] The term ‘peers’ is quite broad in the online context and can refer to friendships, student-mentor relations or criminal partnerships.
[5] A suspect was identified in 4.6% of all computer trespassing cases in 2015, compared to 26% for all crimes (including non-cyber offences) in 2017. Between 2007-2016, only 4.3% of the reported cybercrimes were prosecuted (CPB, 2018).