Theorizing Cybercrime: Applying Routine Activities Theory

Theorizing Cybercrime: Applying Routine Activities Theory

CJ 801

Spring 2014

Micah-Sage Bolden

A49092301

Mahesh Nalla

Theorizing Cybercrime: Testing the Applicability of Routine Activities Theory

2

Abstract: Driven by constant and remarkable technological innovation, the Internet has increasingly changed the

routine activities of Americans. Connecting with friends and family, shopping, banking, media consumption, and

other daily activities of individuals have migrated to the web, leaving ample opportunities for victimization online.

Routine activities theory (RAT), as initially proposed by Cohen and Felson (1979) holds that crime occurs at the

intersection of a motivated offender, a suitable target, and the lack of a capable guardian. This theory has been

demonstrated to adequately explain variation across several categories of crime, and continues to serve as the

philosophical base to a multitude of practical applications by law enforcement initiatives. Due to the novel nature of

cybercrime and the lack of spatio-temporal clarity online, the applicability of RAT to the study of cybercrime has

been questioned by scholars (Yar 2005). The current study provides an extensive and critical examination of the

current literature order to test the applicability of RAT to the study of cybercrime and to identify any theoretical

concerns in this application.


3

Over the past three decades, computers have become a central part of everyday life. They allow individuals

to instantaneously connect with friends and families across limitless distances, manage their finances through mobile

apps, and binge watch streaming television on a multitude of devices. The tandem development of intuitive software

and affordable devices have lead to a revolution in communications and business (Newman & Clarke 2003; Moore

2010). Mobile banking is an increasingly dominant way individuals manage their finances, and more than 60% of

Americans now make online purchases every quarter (Anderson 2010). Social networking sites now serve as central

hubs of activity where individuals chronicle their daily lives, opinions, and beliefs; in fact, according to a report

from the PewResearch Internet Project, around 73% of American adults now use a social networking site of some

kind (Duggan & Smith 2013). The Internet is cornerstone of essentially all government communications, the

electrical grid, and is a central tool in military and intelligence operations (Fitsanakis & Bolden 2012). Yet, as life

has migrated onto the web, so has the challenge of crime. Cybercrime grown exponentially over the last decade, and

this growth is not predicted to decline in the foreseeable future (Computer Security Institute 2008, 2012; Gordon et

al. 2005). The most recent estimates place the total reported financial loss to cybercrime at over $500, with a total of

289,874 people reporting complaints of online criminal activity to the Internet Crimes Complaint Center (ICCC)

(Kilger 2014; ICCC 2013). These statistics most likely represent only a fraction of the actual cybercrime, as most

cybercrime goes undetected by individual victims or might not be reported by businesses so as to save face (Holt &

Bossler 2014). The distending threat of cybercrime has been met by a confluence of interdisciplinary research aimed

at discovering correlates and predictors of online crime and victimization. Despite these advances, there remains a

dearth in the literature. Articles examining cybercrime can sometimes be marginalized by top tier academic journals,

which might focus on more traditional topics, and cybercrime researchers still only represent a small minority in the

overall criminologist community (Bossler 2014). One line of research that has blossomed since the onset of the new

millennium are continued attempts to apply traditional criminological theories to the study of cybercrime. Three

theories in particular have been tested extensively, producing mixed results: self-control theory, social learning

theory, and lifestyles-routine activities theory (Holt & Bossler 2014). While both self-control theory and social

learning theory have found some support in empirically explaining the underlying motivations of some types of

cybercrimes, routine activities theory has been advocated by some researchers as the most appropriate theory to

apply to the study of cybercrime (Holt, Bossler, & May 2010; Holt, Burruss, & Bossler 2010; Choi 2008). The

current study will seek to answer the following research question: Can routine activities theory aptly be applied to


4

understand variations in cybercrime and online victimization? In order to answer the research question, the

following examination will provide a five step analysis. First, the author will provide a concise review of routine

activities theory, examining the history of the theory, which scholars drove its development, major theoretical

advancements, the empirical findings of the theory’s testing, as well as the identification of potential weaknesses,

especially as applied to the study of cybercrime. Second, a theoretical framework by which to understand

cybercrime will be presented; definitions will be established, a potential theoretical issue regarding cybercrime will

be discussed, and Wall’s (2001) four category typology will be explicated. Third, a thorough examination of the

current state of literature applying RAT to the study of cybercrime will be analyzed, their findings will be

summarized, as well as the variety of methods through which concepts have been operationalized. Fourth, the

findings, strengths, and weaknesses of the extant literature will be critiqued in a discussion of the literature. Fifth,

the theoretical and policy implications of the current state of literature will be presented, as well as possible future

research avenues and strategies that could be leveraged. Finally, a conclusion summary will be supplied.

Theoretical Background – Routine Activities Theory

Routine activities theory was originally proposed by Cohen and Felson in 1979 and represented a shift from

criminological thought of the time. In contrast to its theoretical contemporaries, RAT was a situational theory; as

opposed to dispositional theories, which seek some causal mechanism that explain offending behavior, situational

theories take criminal activity as a given and assert that that the criminogenic social situations in which motivated

offenders find themselves in underline decisions to offend. The theory’s theoretical roots can be traced to the theory

of human ecology as presented by Hawley (1950), which pointed to three important temporal constructs of

community structure: rhythm, tempo, and timing. Their theoretical reformulation was also driven by the introduction

and analysis of self-report data, which revealed that the majority of crime was undertaken by people who are not

easily identified as criminals (Clarke 1980). In their seminal work, Cohen and Felson (1979) argued that changes in

everyday life that decreased time at home and increased the number of targets had driven increases in property

crime. The routine activities of individuals in a particular environment, they claimed, influenced offending behaviors

within that environment. They defined routine activities as “recurrent and prevalent activities which provide for

basic population and individual needs, whatever their biological or cultural origins,” (Cohen & Felson 1979: 593).

Cohen and Felson identified three key concepts that emerge as a result of routine activities that encourage or


5

discourage crime. Holding that a motivated offender was a natural component of the environment, Cohen and Felson

postulated that “criminal acts require the convergence in space and time of likely offenders, suitable targets, and the

absence of capable guardians,” (Cohen & Felson 1979: 588). Bennett (1991) argues that while there is great

variation in RAT’s conceptions and applications, as with other theories, the three key concepts originally presented

represent a commonality among all RAT variations. Time and space are also key to the explanatory power of RAT;

without a spatio-temporal convergence between the key three concepts, crime is hypothesized not to occur.

In the more than three decades since its conception, RAT has been theoretically and practically advanced

by a variety of scholars and practitioners. The theory has been empirically tested across numerous types of crime,

generally finding success as an explanatory model (Felson 1986, 1988; Osgood et al. 1996; Felson & Boba 2010;

Eck & Clarke 2003). One important advancement of RAT is the development of situational crime prevention (SCP).

SCP focuses on the ‘suitable target component of the crime triangle, promoting ‘target hardening’ in order to make a

viable target less attractive (Clarke 1980; Felson 1998). Manipulating the viability of the target is largely derived

from Felson’s (1998) VIVA (value, inertia, visibility, and accessibility) model of target attractiveness. The value a

motivated offender places on a given target depends on the social and economic valuations associated with the

target, and targets with higher value are more attractive to offenders (Felson 1998). Inertia refers to physical

properties of a target that result in more or less resistance to offending; smaller, easier to carry objects might be

more attractive to offenders, just as a smaller person might be more likely to be victimized when compared to a

larger, more muscular person (Felson 1996). Visibility influences an offending decision by allowing the offender to

know that a potential target is susceptible; in order for an object to be targeted, an offender must know it’s there

(Bennett 1991). Finally, accessibility plays a significant hand in determining offending; several studies have focused

on altering the physical landscape (i.e. building fences) in order to discourage offending and have found success in

decreasing crime (Brantingham et al. 2005; Brantingham & Brantingham 1998, 1999).1 By decreasing a target’s

value, visibility, and accessibility, and increasing a target’s inertia, researchers claim offending can be discouraged.

SCP has found empirical support as a preventative effort to reduce both property and personal victimization (Miethe

et al. 1987; Miethe & Meier 1990; Clarke 1999; Felson & Boba 2010). In recent years, significant strides have been

1 Another model of target attractiveness is the CRAVED, or ‘hot products’ model, presented by Clarke (1999) and Felson (1998). This model holds that targets that are concealable, removable, available, valuable, enjoyable, and disposable are more attractive to offenders.


6

made in advancing and clarifying the concept of guardianship. Although they emphasize the importance of

guardianship and differentiate between the formal and informal guardianship, Cohen and Felson (1979) fail to

provide a concise definition of the concept or what it might entail. Newman (1972) argues that different settings

exhibit varying levels of VIVA, differentiating between private, semi-private, semi-public, and fully public space.

Each type of space offers particular challenges in target hardening and the maintenance of guardianship. Drawing

from Newman’s distinctions, the concept of guardianship was broadened by Felson (1986) and Eck (1994) to

include ‘prime guardians’ or ‘controllers’ (i.e. handlers, place managers, and guardians). Handlers are those who

manage the activities of potential offenders so as to keep them from trouble, place managers look over places to

keep them secure from possible offending, and guardians manage particular crime targets (Felson 1986, 1995; Eck

1994; Sampson et al. 2010; Hollis et al. 2013). Sampson et al (2010) attempted to explore why certain controllers

might be more or less effective; they proposed the concept of ‘super controllers’, or individuals who somehow

influence the different types of guardians. Recent definitions of guardianship have clearly differentiated between

social controls, which is characterized by intent, from guardianship, which does not involve intention (Felson &

Boba 2010). Hollis and colleagues (2013, 2011) argue that conceptualizations of guardianship between 1994 and

2010 have led to definitional confusion with target hardening measures and have fallen short in their

operationalization of the concept due to the use of proxy measures. Following an extensive review of the empirical

literature Hollis et al. (2011) proposed a new definition of guardianship: a guardian is any person an every person on

the scene of a potential crime that may notice and intervene (whether they intend to or not). Reynald (2009, 2010)

introduced the first direct measurement of guardianship through the guardianship in action (GIA) instrument;

arguing that guardianship is directly observable through availability, supervision, monitoring, and intervention

activities, Reynald provided the first direct measure of a neighborhood’s level of guardianship and discovered that

guardians exercise their role though differential levels of intervention.. Intervention is increasingly pointed to as a

central component of guardianship, and intervention can take several forms; a person glancing out their windows

toward an unknown neighborhood visitor can have a discouraging effect to offenders in the same sense as directly

engaging said offenders (Hollis et al. 2013). From their discussions, the human element is seen as critical to the

guardianship concept, relegating previously utilized measures such as the presence of dogs or alarm systems to

target hardening measures (Hollis et al. 2011). The most recently posited definition of guardianship which reflects

these theoretical advancements can be attributed to Hollis et al. (2013), “Guardianship can be defined as the


7

presence of a human element which acts – whether intentionally or not – to deter the would-be offender from

committing a crime against an available target.” A final theoretical consideration that should be noted is the overlap

between RAT and lifestyle-exposure theory as presented by Hindelang and colleagues (1978). Hindelang and

colleagues (1978) asserted that certain vocational and leisure activities (lifestyle variables) exposed individuals to

more risk for victimization; an individual’s expected social roles and position influence their personal lifestyle

patterns, which contribute to decisions to offend and victimization rates. Demographic and economic status, alcohol

and drug use, association with deviant peers, and community structural variables are all hypothesized to have an

effect on the risk of victimization (Hindelang et al. 1978). Several scholars have asserted that there exists a clear

overlap between lifestyle-exposure theory and RAT, labelling the theory as lifestyles-routine activities theory

(LRAT) (Choi 2008; Moore et al. 2010; Pratt et al. 2010; Holt & Bossler 2009; Reyns et al. 2011; Stockman 2014).

This integrated theory utilizes lifestyle variables to clarify the three main concepts of RAT and to identify increased

risks for victimization.

RAT as an analytical framework provides researchers with a well-tested and innovative theory that allows

for practical application by law enforcement. By taking criminal motivation as a given, the theory bypasses the

problems faced by dispositional theories; criminal inclination is originated from a multitude of motivational

mechanisms, but despite this differentiation criminal activity remains a constant factor of every neighborhood in

some shape or form. RAT’s framework is sophisticated enough to adequately explain variation in crime, yet simple

enough for laypersons to adopt and apply in street-level law enforcement activities. In fact, a continually identified

strength of the model is the easy application of the theory to real life settings (Hollis et al. 2013). Despite these

advantages, there are some criticisms of the theory. Some have argued that RAT fails to address why crime occurs,

instead only identifying how a crime occurs (Jeffery 1993: 492). RAT’s assumption regarding a motivated offender

has also come under attack. By failing to provide falsifiable propositions regarding offender and victim conditions,

the theory weakens its validity and may suffer from inaccurate findings (Meier & Miethe 1993). Another potential

weakness of the theory is a chronic problem of mismeasurement; proxy measures are often utilized to measure the

three core concepts of RAT, and the theory’s dependence upon a time-space convergence make it difficult to apply

the theory to non-street crimes such as terrorism, white collar crime, or cybercrime (Hollis et al. 2014; Felson &

Boba 2010; Yar 2005).


8

When the applicability of RAT to the study of cybercrime is considered, several unique challenges are

clearly apparent. Yar’s (2005) critique is perhaps one of the mostly widely cited and analyzed theoretical discussions

of RAT’s applicability to cybercrime. Yar systematically analyzed the concepts as presented in the original

formulation of RAT and how they might be applied to cybercrime. He concluded that while the core concepts of

RAT have analogues in the digital world, the chronic spatio-temporal disorganization of cyberspace severely limited

the applicability of RAT (Yar 2005). There is possibility of criminal convergence in the cyberworld, but the spatio-

temporal nature of cyberspace is built on “shifting sands”, and this constant flux of the space and time spent on and

offline limits the applicability of the core concepts (Yar 2005: 417). Nonetheless, criminological scholars have aptly

applied the concepts of RAT to the study of cyberspace, utilizing both the original conception of the theory as well

as versions significantly revised to reflect the online environment (Holt 2013; Holt & Bossler 2009; Reyns et al.

2011. Despite the success of RAT in explaining variation in cybercrime, it is still difficult to directly translate real-

world concepts to the cyberrealm. While most of the concepts of RAT have counterparts in the cyberworld, many

times these counterparts are pale reflections of the original.

Theoretical Background – Cybercrime

Three key issues surrounding cybercrime will be addressed in the following section. First, a definition of

cybercrime will be presented. Second, an issue regarding the application of traditional criminological theories to the

study of cybercrime will be discussed. Third, Wall’s (2001) widely cited four-fold typology of cybercrime will be

explicated.

Although both are commonly referred to as cybercrime, there is a definitional difference between

cybercrime and computer crime. Whereas cybercrimes are crimes “in which the perpetrator uses special knowledge

of cyberspace,” computer crimes are crimes in which “the perpetrator uses special knowledge about computer

technology,” (Furnell 2002: 21).

There is contention in the scholarly community as to the applicability of traditional criminological theory to

the study of cybercrime. Grabosky (2001), in his well-known analogy, argued that cybercrime was ‘old wine in new

bottles’; in other words, although the environment of cyberspace was a new challenge to criminologists, the

underlying mechanisms of criminality on the net remained the same as in the real world. On the other hand, other

scholars have advocated the development of new criminological theories or major revision of old theories, arguing


9

that cybercrime represents a new criminality (Pease 2001; Yar 2005; Reyns et al. 2011). While these arguments are

valid, current literature to date has shown that RAT can readily predict some aspects of cybercrime, while producing

limited findings in other aspects (Holt 2013).

Finally, Wall’s (2001) four-fold typology of cybercrime represents one of the most widely cited

frameworks by which to analyze the phenomenon (Holt & Bossler 2014). Wall differentiates between four types of

cybercrime. First, cybertrespass involves gaining access to a computer, system, or network without the expressed

permission of the owner; this type of cybercrime is largely carried out by hackers, and only comprise a small

proportion of the offending population (five percent engage in advanced hacking, whereas around fifteen percent

engage in password guessing) (Wall 2001; Holt & Kilger 2013). The second typology is cyberdeception/theft, and

this “includes the use of the internet to steal information or illegally acquire items of value, whether from individuals

or corporations,” (Holt & Bossler 2014). This type of cybercrime has two basic components: a technical and

nontechnical component. Cybertheft may be innately connected to cybertrespass and involve siphoning data from

breached networks. Yet, it can also take the form of non-technical computer crimes which include fraud schemes

(such as the Nigerian scam, romance scams, and work-at-home schemes) as well as digital piracy (Wall 2001; Wolfe

et al. 2007; Pratt et al. 2010; Holt & Bossler 2014). The third typology, cyberporn/obscenity, has not been widely

researched using RAT, and mostly involves documenting deviant sexual subcultures or pedophilia and child porn

networks (Wall 2001). The final typology provided by Wall is cyberviolence. This involves all use of computers and

technology to inflict verbal, psychological, or physical violence against individuals (Holt & Bossler 2014). Two

threads are present within the study of cyberviolence. One thread of researchers examine networks of hate speech,

extremist groups, and cyberterrorism, and this thread of research severely suffers from under-research (Holt &

Bossler 2014; Brenner 2007). The second thread has been extensively examined by criminologists, and includes

cyberstalking, cyberbullying, and various forms of online harassment. The current study will utilize Wall’s (2001)

typology as a framework by which to examine findings from the extant literature applying RAT to the study of

cybercrime.


10

Literature Review – Cybercrime and Routine Activities Theory

The following section will provide a review of the extant literature applying RAT to the study of

cybercrime. Findings will be categorized according to Wall’s four-fold typology; it should be noted, though, that no

studies to date have utilized RAT in an examination of cyberporn/obscenity.

Cybertrespass

Because the majority of cybertrespass offenses are conducted by hackers, a wealth of research has been

produced examining hacker culture and evolution through a variety of dispositional frameworks (Jordan & Taylor

1998; Gordon & Qingxiong 2003; Holt 2007). RAT and LRAT have been mainly tested by researchers through the

examination of lifestyle correlates of cybervictimizaiton as well as the effect of digital guardianship on victimization

and malware infection. A preluding study to consider for a discussion on cybertrespass comes from Chu and

colleagues (2010). They discovered that hackers typically attack large populations of computers and networks rather

than targeted attacks against individuals, usually through the utilization of botnets. Bots are a type of malware that

allow an attacker to gain control over an infected computer (also called ‘zombies’ or ‘zombie computers’); once

more than one computer is overtaken by an attacker this network of zombies is called a botnet (Symantec

Corporation 2014). An attacker can leverage their botnet for a variety of illicit ends, including sending mass spam

emails, stealing the private info of the zombie computers, attacking websites or networks with DoS (Denial of

Service) attacks, or committing clickfraud (Symantec Corporation 2014; Chu et al. 2010). The implications of Chu

and colleague’s research are supportive of RAT. Botnets represent the ultimate rational actor, systematically

searching out any connected computer on the net for attack and exploitation of any available vulnerability. If the

majority of attacks are widespread and non-discriminatory, and all connected computers are potential targets, then it

would seem that the motivated offender and suitable target concepts are given within cyberspace. The natural

counter to cybercrime, then, would be the increase of guardianship; although this assertion is intuitive, the

translation of guardianship to cyberspace has been met with mixed results. Physical guardianship has a clear

counterpart in the form of anti-virus, anti-spyware, and adware programs (Kapersky 2003; Mell et al. 2005;

PandaLabs 2007). These programs utilize signature-based definitions that identify malicious files while they are

downloaded or isolate and remove infections and corrupted files after an infection has occurred (Symantec

Corporation 2012). Social guardianship, alternatively, denotes the presence of others who prevent crime by their


11

mere presence (Holt et al. 2013). This concept is more murkily translated to cyberspace, but has been measured in

the past by analyzing lifestyle behaviors online that lead to proximity to motivated offenders or greater exposure to

malware as well as target hardening behaviors such as the use of complicated passwords (Bossler & Holt 2009).

Studies examining the impact of physical guardians in cyberspace have been met with mixed results. Bossler and

Holt (2010) examined data from a self-report survey administered to 788 college students enrolled in ten courses in

a southeastern university; they operationalized physical guardianship through an additive scale asking respondents

whether they used protective software, updated their operating system, or used a firewall (all three were

dichotomous measures). Unfortunately, they found no significant relationship between physical guardianship online

and malware infection (Bossler & Holt 2010). Ngo and Pasternoster (2011) attempted to replicate the findings of

Bossler and Holt (2010). They utilized self-reports to analyze the applicability of both self-control theory ad LRAT,

and operationalized the presence of physical guardianship in a similar manner to the Bossler and Holt (2010) study.

They reported a surprising correlation, finding the use of physical guardian software to be strongly positively related

to virus infection (.74) and moderately strongly related to harassment by a stranger (.53). Holt and Bossler (2014)

suggest that this finding could be due to measurement error. Most people never discover that they have been a

victim of malware infection, and it is reasonable to conclude that individuals equipped with anti-virus software

would be more likely to identify a virus infection (Standler 2002; Holt & Bossler 2014). Choi (2008) found a strong

negative relationship between physical guardianship and victimization. Although he operationalized guardianship in

the same way as the aforementioned studies, his dependent measure of victimization was unique. He constructed a

scale of computer-crime victimization, mirroring the 2004 Australian Computer Crime and Security Survey, from

three distinct variables: total frequency of victimization, total number of hour loss, and total monetary loss (Choi

2008). In summary, measures of physical guardianship have been met with significantly mixed results, but these

results could be affected by mismeasurement and might be missing key elements of true physical guardianship

online.

Several studies have also utilized the LRAT framework to investigate the possible correlation between

online-lifestyle behaviors and cybertrespass. Traditional LRAT research has found that specific leisure activities are

strongly correlated to victimization, whereas simply leaving the home is not necessarily related to victimization

(Mustaine & Tewksbury 1998). So, in considering the influence of routine activities online upon victimization, it is

important to focus on specific, risky online behavior as opposed to general online activity (Bossler & Holt 2010).


12

This proposition has found widespread support in the literature, finding that online behaviors that encourage

proximity to offenders and malware increase risk of cybertrespass. Types of Internet access can increase chances of

cybertrespass, as access to high speed Internet can allow for greater and quicker access to data and file sharing, thus

increasing encounters with malware in cyberspace (Hinduja 2001). Risky online behaviors such as visiting

pornographic sites or downloading sexually explicit material has been demonstrated to lead to greater risk of

malware infection (Szor 2005; Bossler & Holt 2009, 2010; Choi 2008). Individuals who involve themselves in

hacker-like activities or frequent online centers of hacker activity can find themselves at greater risk of cybertrespass

(Holt 2007; Jordan & Taylor 1998). Even associating with peers who engage in deviant online activities can

significantly increase chances of cybertrespass or malware infection (Bossler & Holt 2009, 2010).

Cyberdeception/theft

Research investigating the applicability of RAT to explain cyberdeception/theft has largely focused on

examining how online lifestyles and activities increase the risk of online harassment and fraud attempts (Holt &

Bossler 2014). While demographic factors may be significant predictors of offline fraud victimization, cybercrime

researchers have noted that demographic predictors demonstrate little explanatory power in the online environment,

due to the mass fraud attempts by fraudsters online (Newman & Clarke 2003). Pratt and colleagues (2010) examined

a sample of 922 adults, drawn from a statewide telephone survey in Florida, finding support for the utility of LRAT

in explaining variation in victimization. In their initial model, which only included demographic predictors, younger

and more educated individuals were found to be significantly more likely to have experienced fraud attempts online

(Pratt et al. 2010). However, in their combined model that included measures on online activities demographic

prediction power was fully mediated by online activities; specifically, they found that individuals spending more

time and engaging in more risky activities online were significantly more likely to experience victimization (Pratt et

al. 2010). In fact, Pratt and colleagues (2010) found that making only one purchase online per quarter increased the

odds of online harassment by 290 percent. Hutchings and Hayes (2009) utilized a sample of 109 interviewees in an

attempt to correlate various measures of RAT to phishing victimization. They found that users exhibiting high

computer use were 4.79 times more at risk for phishing attempts when compared to the low use group. Additionally,

individuals who reported online banking were found to be 2.44 times more likely to experience phishing compared

to those who reported no online banking. Finally in examining the guardianship concept, they used similar


13

operationalization to Bossler and Holt (2010), and reported similar results, finding respondents using a firewall to be

17.15 times more likely to have experienced phishing (Hutchings & Hayes 2009). Hutchings and Hayes’ (2009)

results seem to support the proposition that increased time on cyberspace increases chances for victimization due to

increased exposure to motivated offenders. Regarding their findings regarding guardianship, similar

mismeasurement could be present as in other studies; individuals who maintain firewalls may simply be more likely

to identify a phishing attempt due to their more attuned sense of security. In contrast, Holt and Taylor (2012) found

that the utilization of protective software led to increased resistance to identity theft attempts in a sample of students,

faculty, and staff; this finding supports the assertion that increased diligence might decrease risk of victimization,

pointing to the utility of social guardianship online as a deterrent of online crime.

Cyberviolence

Overall, research investigating RAT’s utility in explaining variations in cyberviolence have found that

certain online behaviors that place individuals at greater proximity to motivated offenders increased chances for

harassment and victimization (Holt & Bossler 2014). Particular activities online might increase chances for

victimization online such as cyberbullying or harassment. For instance, Holt and Bossler (2009) found that spending

more time in online chatrooms or committing select acts of cyberdeviance (such as hacking behaviors) significantly

increased chances for harassment. These findings mirror a study conducted by Bossler (2009), which found that

higher levels of cyberdeviance were associated with increased odds for harassment online. Studies have consistently

discovered links between frequenting online places such as chatrooms or discussion boards increase chances for

targeting of online harassment (Hinduja & Patchin 2009; Bossler et al. 2012). Hinduja and Patchin (2009), in an

analysis of cyberbullying among adolescents, found that computer proficiency and increased time online were

positively related to cyberbullying. As opposed to the analysis of online routine activities, findings on

guardianship’s effect on harassment have produced mixed results. Marcum (2010) found that the use of protective

software had no effect on victimization, a finding mirrored in Holt and Bossler (2009). However, Bossler and

colleagues (2012) identified a weak negative relationship between social guardianship (measured by level of

computer skills) and victimization. In an interesting twist on the social guardianship concept, Moore and colleagues

(2010) examined whether parental supervision of activities online had any effect on victimization rates, but found no

connection. Reyns, Henson, and Fisher (2011) provided a valuable study in which they reformulated the LRAT


14

framework in order to analyze the theory’s predictive power in determining cyberstalking victimization. In order to

account for the difficulty of clearly identifying the spatio-temporal convergence of a motivated offender, suitable

target, and lack of guardianship online, they forwent considering the immediate convergence as vital to

victimization. Instead, they argued that the convergence occurs in particular systems, networks, and applications at

invariable times. Their example of fraudulent email serves to illustrate this concept:

“At the time, when the victim opened and read the e-mail, the cyberstalking victimization incident

transpired. This example involves the asynchronous intersection in time and space of the victim and the

offender; their convergence is contingent on (a) the network providing a conduit for interaction between

victim and offender, with cyberspace acting as a proxy for physical space, and (b) an eventual overlap in

time or a completed transaction across time.” (Reyns et al. 2011: 1152).

Their reformulation of the theory remediated the spatio-temporal concerns of applying LRAT to cyberspace. In

addition to theoretically advancing LRAT for application to cyberspace, Reyns and colleagues provided innovative

operationalization of LRAT’s concepts for application to cyberspace. For instance, they operationalized

guardianship using four variables: use of social network privacy settings, use of a profile tracker, and association

with deviant peers. In all, they provided measures of online exposure (i.e. number of social networks), proximity to

potential offenders (i.e. willingness to add a stranger as a friend on their social network), guardianship, target

attractiveness (i.e. gender, sexual orientation), and online deviance. In a binary logistic regression analysis nearly all

of their measures were found to be significantly related to cyberstalking (Reyns et al. 2011). Their findings indicated

that increased exposure, proximity, and target attractiveness was positively related to cyberstalking victimization (in

addition, they found that increased guardianship also indicated greater risk for cyberstalking) (Reyns et al. 2011). It

seems that in the study of cyberviolence, online routine activities may serve as reliable predictors of victimization,

whereas guardianship measures have fallen short in preventing victimization online.

Discussion of the Literature

As the analysis of the extant literature reveals, RAT and LRAT offer a valuable model by which to

understand variations in cybercrime. Cyberspace is a realm replete with motivated offenders, and any connected

computer serves as a potential target on the web. The routine activities of individuals online do play a role in

determining risk of victimization. Studies have consistently demonstrated that spending more time online, engaging

in risky online behaviors, participating in cyberdeviance, and associating with deviant peers increase the risk of


15

victimization in the form of cybertrespass, cyberdeception, and cyberviolence. As discussed in the theoretical

background of RAT, there remains some dysjunction between terrestrial and cyber concepts. A prime example of

this is the spatio-temporal convergence of a motivated offender, suitable target, and lack of a capable guardian in

cyberspace. Most of the extant research has ignored the theoretical difficulty in identifying a clear temporal or

spatial convergence in determining relationships between predictors and cybervictimization, although some

measures of guardianship have included temporal components. For example, Choi’s (2008) instrument included a

question asking respondents about their use of security software over the last ten months. Future testing should

include temporal measures of victimization in an attempt to triangulate how temporal progressions and cyber-spatial

locations converge in cyberspace. Findings surrounding both physical and social guardianship online have been met

with disappointing results. Most of the reviewed studies failed to demonstrate a relationship between use of security

programs and victimization or found that use of security programs actually increased chances for victimization.

These findings might be the result of mismeasurement issues. Individuals who equip their computers with security

programs are inherently more security conscious than individuals who do not. Most cybercrimes go undetected or

unreported by victims, and it is reasonable to assume that individuals equipped with the tools of guardianship would

be more able to detect attack. Future research should provide alternate measures of victimization in order to detect

symptoms of malware infection rather than directly asking respondents if they had been victimized (Holt & Bossler

2014). There is significant promise in research that builds upon reformulated theories of RAT to more aptly apply to

cybercrime, such as the study presented by Reyns et al. (2011). Future research should develop measures of

guardianship that diverges from simply measuring the presence of security software to include efforts to ensure

privacy, the frequency of security software and operating system updating, and the degree of vigilance in ensuring

computer security. The creative operationalization of measures found in Reyns et al. (2011) offer inspiration to

future researchers seeking to more clearly reflect the modern Internet landscape. There is significant need for future

research to investigate the creation and dissemination of malware and other forms of advanced cybertrespass.

Additionally, the dearth in literature examining hate speech, extremism, and terrorism online requires significant

scholarly effort. Finally, an important methodological need for the current literature is introduction of longitudinal

studies and more diversified samples. All the extant literature to date has been cross-sectional in nature; longitudinal

research could allow researchers to draw causation and more accurately examine the spatio-temporal convergence of

crime in cyberspace. Also, most research to date has been conducted using college student samples. While these the


16

findings of these studies are certainly valuable, there is a distinct need to diversify samples so as to improve

generalizability.

Theory and Policy Implications

The theory of RAT has proven to be valuable in discovering variation in cybercrime. The study of

cybercrime in the light of RAT has been tested moderately well, but does suffer from some mismeasurement and

methodological issues. These issues largely stem from the novelty of the subject, and the progression of research has

demonstrated increasing clarity, validity, and reliability. The community of cybercrime researchers is highly

collaborative and interdisciplinary (Bossler 2014). Studies have utilized largely similar operationalization of

concepts, increasing the validity and reliability of findings. Recent work has seen attempts to reformulate RAT to

more aptly apply to cyberspace but reforming the concept of spatio-temporal convergence. Although this work

represents advancement of the theory, further work is needed. Previous criticisms have argued that the lack of

falsifiability regarding the motivated offender weakens the predictive power of RAT. It can be argued that in

cyberspace, the mass target approach of offenders and the inherent suitability of targets remediate this problem;

although it is clear that it is the case that motivated offenders and suitable targets abound in cyberspace, this

assertion can certainly be falsified. The theory does offer significant promise in explaining crime causation in the

cyberworld by tracing what activities or tools might increase or decrease chances of victimization online.

In addition to theoretical considerations, there are several policy implication that can be drawn from this

research. First, partnerships between law enforcement and researchers prove to be invaluable in the study of

cybercrime (Chen 2014). By partnering with government and law enforcement bodies, researchers could widen the

scope of samples and work together to produce more accurate reports of cybercrime. Second, the findings regarding

online routine activities weigh heavily on policymakers. Educational programs should be initiated in order to

educate the public on risky behaviors online and how to improve their security. Thomas Holt (personal

communication, April 17, 2014) has remarked that there are currently programs under review that aim to encourage

the public to take ownership of cybersecurity much in the same way programs encourage daily hygiene. The sooner

laypersons can understand best practices in avoiding victimization online, the sooner the yearly bulge of

cybervictimization can subside.


17

Conclusion

RAT is a useful analytical tool in determining the underlying mechanisms of crime causation. It postulates

that a motivated offender, suitable target, and lack of a capable guardian converge at a particular time and place in

order for a crime to take place. It holds criminal inclination as a given, and asserts that the manipulation of a target’s

suitability or the presence of a guardian can work to discourage crime. Empirical research has found RAT to be

successful in predicting crime and victimization across a plethora of crime typologies. An increasingly important

field to which RAT has been applied is the study of cybercrime. Cybercrime is a looming threat to both the security

of individuals and national security. The current study sought to answer the following research question: Can

routine activities theory aptly be applied to understand variations in cybercrime and online victimization? In an

attempt to answer the research question, a thorough review of the extant literature was analyzed, their findings were

summarized, and potential strengths and weaknesses were discussed. Overall, there is strong evidence that online

routine activities play a role in determining risk for victimization. On the other hand, attempts at operationalizing the

guardianship concept has fallen short. Future research should focus on refining the theory to more appropriately

reflect the realities of cyberspace and develop more creative operationalizations of measures. Additionally, future

research should consider conducting a longitudinal study examining correlates of victimization with attempts to

triangulate the spatio-temporal convergence of crime in cyberspace. The findings of the extant literature point to a

distinct need for public education campaigns aimed at educating the public in risky practices online. Additionally,

the challenge of cybercrime requires widespread, interdisciplinary collaborative work to ensure individual and

collective safety online.


18

References

Anderson, J. (2010). Understanding the Changing Needs of the U.S. Online Consumer, 2010. An Empowered

Report: How Online and Mobile Behaviors Are Changing. Forrester Research. Retrieved from:

http://www.forrester.com/rb/Research/understanding_changing_needs_of_us_online_consumer%2C/q/id/5

7861/t/2.

Beavon, D., Brantingham, P. L., & Brantingham, P. J. (1994). The influence of street networks on the patterning of

property offenses. In R. V. Clarke (Ed.), Crime Prevention Studies, Vol. II (149-163). New York: Willow

Tree Press.

Bennett, R. (1991). Routine activities: A cross-national assessment of a criminological perspective. Social Forces,

70, 147-163.

Bossler, A. (2014). Implications of Criminological Research on Cybercrime Policies. 1st Annual Michigan State

University Interdisciplinary Conference on Cybercrime, East Lansing, MI.

Bossler, A. M., & Holt, T. J. (2009). On-line Activities, Guardianship, and Malware Infection: An Examination of

Routine Activities Theory. International Journal of Cyber Criminology, 3, 400-420.

Bossler, A. M., & Holt, T. J. (2010). The Effect of Self Control on Victimization in the Cyberworld. Journal of

Criminal Justice, 38, 227-236.

Bossler, A. M., Holt, T. J., & May, D. C. (2012). Predicting Online Harassment among a Juvenile Population. Youth

and Society, 44, 500-523.

Brantingham, P. J. & Brantingham, P. L. (1999). A theoretical model of crime hot spot generation. Studies on Crime

and Crime Prevention, 8, 7-26.

Brantingham, P. L. & Brantingham, P. J. (1998). Environmental criminology: From theory to urban planning

practice. Studies on Crime and Crime Prevention, 7, 31-60.

Brantingham, P. L., Brantingham, P. J., & Taylor, W. (2005). Situational Crime Prevention as a Key Component in

Embedded Crime Prevention. Canadian Journal of Criminology and Criminal Justice, 47, 271-293.

http://www.forrester.com/rb/Research/understanding_changing_needs_of_us_online_consumer%2C/q/id/57861/t/2

http://www.forrester.com/rb/Research/understanding_changing_needs_of_us_online_consumer%2C/q/id/57861/t/2


19

Brenner, S. W. (2007). At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare. Journal of

Criminal Law and Criminology, 97, 379-475.

Chen, H. (2014). COPLINK, Dark Web, and Hacker Web: A Research Path in Security Informatics. 1st Annual

Michigan State University Interdisciplinary Conference on Cybercrime, East Lansing, MI.

Choi, K. (2008). Computer crime victimization and integrated theory: An empirical assessment. International

Journal of Cyber Criminology, 2, 308-333.

Chu, B., Holt, T. J., & Ahn, G. J. (2010). Examining the Creation, Distribution, and Function of Malware On-line (NIJ

Grant No. 2007-IJ-CX-0018). Washington, DC: National Institute of Justice.

Clarke, R. V. (1999). Hot Products: Understanding and reducing demand for stolen goods. London, UK: Home

Office.

Clarke, R. V. (1980). “Situational” Crime Prevention: Theory and Practice. British Journal of Criminology,

Delinquency and Deviant Social Behavior, 20, 136-147.

Cohen, L. E. & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American

Sociological Review, 44, 588-608.

Computer Security Institute. (2008). Computer Crime and Security Survey. Retrieved from

http://www.cybercrime.gov/FBI2008.pdf

Computer Security Institute. (2012). Computer Crime and Security Survey. Retrieved from


Duggan, M. & Smith, A. (2013). Social Media Update. PewResearch Internet Project. Retrieved from

http://www.pewinternet.org/2013/12/30/social-media-update-2013/.

Eck, J. E., & Clarke, R. V. (2003). Classifying common problems: A routine activities approach (Crime Prevention

Studies, Vol. 16, pp. 7-39). Monsey, NY: Criminal Justice Press.

Felson, M. (2002). Crime and everyday life (3rd ed.). Thousand Oaks, CA: Sage.

Felson, M. (1998). Crime and Everyday Life (2nd Edition). Thousand Oaks, CA: Pine Forge.



http://www.pewinternet.org/2013/12/30/social-media-update-2013/


20

Felson, R. (1996). Big people hit little people: Sex differences in physical power and interpersonal violence.

Criminology, 34, 433-452.

Felson, M. & Boba, R. (2010). Crime and Everyday Life (4th Edition). Thousand Oak, CA: Sage.

Fitsanakis, J. & Bolden, M. (2012). Social Networking as a Paradigm Shift in Tactical Intelligence Collection.

Mediterranean Council for Intelligence Studies Yearbook 2012. Retrieved from:

http://www.rieas.gr/images/mcis2012.pdf.

Furnell, S. (2002). Cybercrime: Vandalizing the information society. London: Addison Wesley.

Grabosky, P. N. (2001). Virtual Criminality: Old Wine in New Bottles? Social and Legal Studies, 10, 243-249.

Hawley, A. (1950). Human Ecology: A Theory of Community Structure. New York: Ronald Press.

Hidelang, M. J., Gottfredson, M. R., & Gaffalo, J. (1978). Victims of personal crime: An empirical foundation for a

theory of personal victimization. Cambridge, MA: Ballinger.

Hinduja, G. E. (2001). Correlates of Internet software piracy. Journal of Contemporary Criminal Justice, 17, 369-

382.

Hinduja, S., & Patchin, J. W. (2009). Bullying beyond the Schoolyard: Preventing and Responding to Cyberbullying.

New York: Corwin Press.

Holfreter, K., Reisig, M. D., & Pratt, T. C. (2008). Low Self-Control, Routine Activities, and Fraud Victimization.

Criminology, 46, 189-220

Hollis, M. E., Felson, M., & Welsh, B. C. (2013). The capable guardian in routine activities theory: A theoretical

and conceptual reappraisal. Crime Prevention and Community Safety, 15, 69-79.

Hollis-Peel, M. E. & Welsh, B. C. (2012). What makes a capable guardian? A test of guardianship in action.

Security Journal, OnlineFirst Edition, DOI: 10.1057/sj.2012.32.

Hollis-Peel, M. E., Reynald, D. M., & Welsh, B. C. (2012). Guardianship and crime: An international comparative

study of guardianship in action. Crime, Law, and Social Change, 58, 1-14.

http://www.rieas.gr/images/mcis2012.pdf


21

Holt, T. J. (2014). Exploring the Risk Reduction Strategies of Data Thieves. 1st Annual Michigan State University

Interdisciplinary Conference on Cybercrime, East Lansing, MI.

Holt, T. J. (2007). Subcultural Evolution? Examining the Influence of On- and Off-line Experiences on Deviant

Subcultures. Deviant Behavior, 28, 171-198

Holt, T. J., & Bossler, A. M. (2014). An Assessment of the Current State of Cybercrime Scholarship. Deviant

Behavior, 35, 20-40.

Holt, T. J., & Bossler, A. M. (2009) Examining the Applicability of Lifestyle-Routine Activities Theory for Cybercrime

Victimization. Deviant Behavior, 30, 137-154.

Holt, T. J. & Kilger, M. (2012). Examining Willingness to Attack Critical Infrastructure On and Off-Line. Crime

and Delinquency, 58, 789-822.

Holt, T. J., & Turner, M. G. (2012). Examining Risks and Protective Factors of On Line Identity Theft. Deviant

Behavior, 33, 308-323.

Holt, T. J., Burruss, G. W., & Bossler, A. M. (2010). Social Learning and Cyber-Deviance: Examining the

Importance of a Full Social Learning Model in the Virtual World. Journal of Crime and Justice, 33, 31-61.

Holt, T. J., Bossler, A. M., & May, D. C. (2010). Low Self-Control, Deviant Peer Associations, and Juvenile

Cyberdeviance. American Journal of Criminal Justice, 37, 378-395.

Internet Crimes Complaint Center. (2013). Retrieved from:

http://www.ic3.gov/media/annualreport/2012_IC3Report.pdf.

Jaishankar, K. (2007). Establishing a Theory of Cyber Crimes. International Journal of Cyber Criminology, 1, 7-9.

Jeffery, C. R. (1993). Obstacles to the development of research in crime and delinquency. Journal of Research in

Crime and Delinquency, 30, 491-497.

Jordan, T. & Taylor, P. (1998). A Sociology of Hackers. The Sociological Review, 46, 757-780

Kapersky, E. V. (2003). The classification of computer viruses. Metropolitan Network BBS Inc., Bern Switzerland.

Retrieved from http://www.avp.ch/avpve/classes/classes.stm.

http://www.ic3.gov/media/annualreport/2012_IC3Report.pdf

http://www.avp.ch/avpve/classes/classes.stm


22

Kilger, M. (2014, March 20). Nation State Versus Kids Who Skate: The Role of Social Scientists in Identifying and

Understanding Emerging Cyberthreats. 1st Annual Michigan State University Interdisciplinary Conference

on Cybercrime, East Lansing, MI.

Marcum, C. D. (2010). Examining Cyberstalking and Bullying: Causes, Context, and Control. In T. J. Holt (Ed.),

Crime On-Line: Correlates, Causes, and Contexts (175-192). Raleigh, NC: Carolina Academic Press.

Meithe, T., & Meier, R. (1990). Opportunity, choice and criminal victimization: A test of a theoretical model.

Journal of Research in Crime and Delinquency, 27, 243-266.

Meithe, T., Stafford, M., & Long, J. S. (1987). Social differentiation in criminal victimization: A test of routine

activities/lifestyles theories. American Sociological Review, 52, 184-194.

Mell, P., Kent, K., & Nusbaum, J. (2005) Guide to malware incident prevention and handling: Recommendations of

the National Institute of Standards and Technology. Washington DC: National Institute of Standards and

Technology.

Moore, R., Naga, T. G., & Lee, T. (2010). Parental Regulation and Online Activities: Examining Factors That

Influence a Youth’s Potential to Become a Victim of Online Harassment. International Journal of Cyber

Criminology, 4, 685-698.

Mustaine, E. E., & Tewksbury, R. (1997). The risk of victimization in the workplace for men and women: An

analysis using routine activities/lifestyle theory. Humanity & Society, 21, 17-38.

Newman, G., & Clarke, R. (2002). Etailing: New opportunities for crime, new opportunities for prevention.

Produced for the Foresight Crime Prevention Panel by the Jill Dando Institute of Crime Science, UCL.

Retrieved from

http://www.foresight.gov.uk/Previous_Rounds/Foresight_1999_2002/Crime_Prevention/Reports/Etailing_

New_Opportunities_for_Crime_New_Opportunities_for_Prevention.html.

Ngo, F. T. & Pasternoster, R. (2011). Cybercrime Victimization: An Examination of Individual- and Situational-

Level Factors. International Journal of Cyber Criminology, 5, 773-793.

http://www.foresight.gov.uk/Previous_Rounds/Foresight_1999_2002/Crime_Prevention/Reports/Etailing_New_Opportunities_for_Crime_New_Opportunities_for_Prevention.html

http://www.foresight.gov.uk/Previous_Rounds/Foresight_1999_2002/Crime_Prevention/Reports/Etailing_New_Opportunities_for_Crime_New_Opportunities_for_Prevention.html


23

Osgood, D. W., Wilson, J. K., O’alley, P. M., & Bachman, J. G. (1996). Routine Activities and Individual Deviant

Behavior. American Sociological Review, 61, 635-655.

PandaLabs. (2007). Malware infections in protected systems. Retrieved from

http://resarch.pandasecurity.com/blogs/images/wp_pb_malware_infections_in_protected_systems.pdf.

Pease, K. (2001). Crime futures and foresight: Challenging criminal behavior in the information age. In D. Wall

(Ed.), Crime and the internet. London: Routledge.

Pratt, T. C., Holtreter, K., & Reisig, M. D. (2010). Routine activity online and Internet fraud targeting: Extending

the generality of routine activity theory. Journal of Research in Crime and Delinquency, 47, 267-296.

Reynald, D. M. (2009). Guardianship in action: Developing a new tool for measurement. Crime Prevention and

Community Safety, 1, 1-20.

Reynald, D. M. (2010). Guardians on guardianship: Factors affecting the willingness to supervise, the ability to

detect potential offenders, and the willingness to intervene. Journal of Research in Crime and Delinquency,

47, 358-390.

Reyns, B. W., Henson, B., Fisher, B. S. (2011). Applying Cyberlifestyle-Routine Activities Theory to Cyberstalking

Victimization. Criminal Justice and Behavior, 38, 1149-1169.

Sampson, R., Eck, J. E., & Dunham, J. (2010). Super controllers and crime prevention: A routine activity

explanation of crime prevention success and failure. Security Journal, 23, 37-51.

Stalder, F. (1998). The logic of networks: Social landscapes vis-à-vis the space of flows’. Ctheory, 46, Retrieved

from http://www.ctheory.net/ext_file.asp?pick-263.

Standler, B. R. (2002). Computer crime. Retrieved from: http://www.rb2.com/ccrime.htm.

Stockman, M. (2014). Cyberdeviance: who, when, why, and why not? A study in life-course Cybercriminology. 1st

Annual Michigan State University Interdisciplinary Conference on Cybercrime, East Lansing, MI.

Symantec Corporation. (2014). Bots and Botnets – A Growing Threat. Retrieved from

https://us.norton.com/botnet/promo.

http://resarch.pandasecurity.com/blogs/images/wp_pb_malware_infections_in_protected_systems.pdf

http://www.ctheory.net/ext_file.asp?pick-263

http://www.rb2.com/ccrime.htm

https://us.norton.com/botnet/promo


24

Szor, P. (2005). The art of computer virus research and defense. Upper Saddle River, NJ: Addison Wesley.

Waldner, L. K., & Berg, J. (2008). Explaining Antigay Violence Using Target Congruence: An Application of

Revised Routine Activities Theory. Violence and Victims, 23, 267-289.

Wall, D. S. (2001). Cybercrimes and the Internet. In D. S. Wall (Ed.) Crime and the Internet (1-17). New York:

Routledge.

Wolfe, S. E., Higgins, G. E., & Marcum, C. D. (2007). Deterrence and Digital Piracy: A Preliminary Examination of

the Role of Viruses. Social Science Computer Review, 26, 317-333.

Yar, M. (2005). The Novelty of Cybercrime. European Journal of Criminology, 2, 407-427.

Theorizing Cybercrime: Applying Routine Activities Theory

Documents

Transcript of Theorizing Cybercrime: Applying Routine Activities Theory