Opportunity makes the cybercriminal

Just imagine that you are strolling down the street near a mailbox and a few feet away you see what appears to be a letter lying on the ground.

I am aware that nowadays we do not usually use letters, and mailboxes even less so, but do your best and envisage yourself bending down to pick it up and realizing, on peering through the envelope, that it seems to contain several €100 notes.

The stamped envelope has a mailing address and a sender and all you have to do is to approach the mailbox and drop it inside – or not.

This scenario was recreated by Farrington and Knight in 1980 in order to study the honesty of ordinary people and their temptation to commit crime. They placed hundreds of letters in this same situation, on the ground in the street a short distance away from a mailbox, and analyzed what happened to them depending on whether they had money inside or not.


As a general rule, the kind of people who were walking down the street were not exactly fraudsters, criminals or thieves, but ordinary folk like you and me. The results showed that the letters containing money were less likely to be dropped in the mailbox, in other words, when faced with the opportunity to pocket some money, the passersby succumbed to the temptation to engage in dishonest behavior.

This experiment is related to so-called crime opportunity theories, which attempt to explain how the opportunity for criminal behavior is a core component in the commission of a crime.

Compared to other criminological models that focused the crime on the offender and on his or her characteristics, these theories point to the fact that certain circumstances or situations can lead to the perpetration of a crime.

This means that someone does not need to be a ruthless criminal, an individual with serious mental or personal traumas, or a misfit, in order for them, on sauntering down the street one day minding their own business, to be presented with the perfect opportunity for committing a criminal act. As was said by two of the benchmark authors in this field, Clarke and Felson, Opportunity makes the thief.

In recent years, the issue of whether traditional criminological theories can be used to explain or analyze cybercrime has been widely debated. As a general rule, these theories have emerged in a physical and not a virtual context of crime. When criminological theories were discussed in the 80s and 90s, the criminal situations considered were ones where the victim and the victimizer shared a close physical space, where there was contact, where the object of the theft or the protection was something tangible or physical and could be touched.

Just imagine someone being mugged in the street or your house being burgled while you are at work. These components do not exist in cybercrime; here, there is no contact, no space, no tangible targets.

This is the new criminal context we have to get used to and which explains how it is quite normal for us to lock the door of our house to prevent a burglar from sneaking in, and yet we leave our Wi-Fi unsecured enabling hackers to gain access to our system.


The question is: should we create new criminological theories to explain cybercrime? Maybe what we should do is adapt those already in existence to this context and to its peculiarities.

In 1998, Felson presented his Routine Activities Theory, where he explains that, for a crime to occur, three basic elements have to converge in time and in space:

A potential offender, a suitable target and the absence of a capable guardian to protect the target. This is known as the crime triangle.



In other words, for a home to be burgled, not only does there have to be a burglar who is motivated to steal, but also a house containing valuable belongings and items that appeal to the thief, in conjunction with a favorable scenario where there are no physical elements or security or protection officers that may discourage them.

On referring to “capable guardianship”, we do not necessarily mean an alarm system or the police; a well-lit vicinity, large picture windows enabling you to see what is going on inside or nosy neighbors are all elements that can play the role of capable guardians.

The Rational Choice Theory in criminology tells us that offenders undertake cost-benefit analyses of their crimes, in an obvious attempt to reap the highest profit at the lowest possible cost. In this assessment, they analyze the benefits they are going to obtain from their victim/ target and they take into account the risks they are willing to assume in order to achieve them, bearing in mind that the ultimate price to pay will be their arrest, payment of a fine or eventual imprisonment.

Other interesting aspects raised by these theories describe how offenders measure the “appeal” of a specific target. To this end, they use 4 criteria grouped under the VIVA acronym:

  • Value: relates to what makes it worthwhile, usually an economic advantage that can be obtained from the target. Stealing an iPhone may be more profitable for a thief than taking a lesser-known smartphone brand.
  • Inertia: means the ease and convenience with which a target can be tampered with, moved or concealed. Hiding a smartphone in a coat and removing it from a store is much easier than walking off with a 40-inch flat screen.
  • Visibility: refers to the offender’s awareness of the target. Stealing a smartphone is easier if the person is holding it in their hand while they are walking down the street than if they are carrying it in their bag out of sight.
  • Accessibility: means the ease with which the offender is able to access and obtain the target. Stealing an iPhone from someone who is using it in the street may be easier than shoplifting it in a store fitted out with a security system and guards.

Changing these indicators in a target enables us to increase or decrease its appeal for an offender, which obviously impacts our ability to prevent a crime from being perpetrated.

All of these theories and elements of analysis can be extrapolated to cybercrime if we heed and adapt them to its peculiarities and specific features, since opportunity also makes the cybercriminal.

It is obvious that the abovementioned crime triangle is also present in cybercrime and, in order for a crime to be committed, it is necessary for these three elements to exist and converge. As occurs in the “analog” world, the virtual world is also rife with auspicious targets and victims: bank accounts, customer details, passwords, usernames, information, etc.

The virtual world is increasingly attracting targets and opportunities for criminals that were previously found in the analog context, such as financial transactions or payment methods. Furthermore, given the lack of awareness of the security we users deploy on the Internet, the shortage of checks and the absence of guardians make the virtual world a breeding ground for the emergence of criminal “temptations”.

This situation is compounded in today’s cybercriminals, who benefit from this low risk awareness (cost) in their online activities and, according to our comments on the Rational Choice Theory in criminology, facilitates the commission of unlawful acts. In keeping with this logic, if our intention is to curb or prevent cybercrime, we should cut the benefits of criminal activity and/or increase the costs of this activity for cybercriminals. To this end, we have several strategies up our sleeve:

Reducing the benefits

Increasing the costs





Reducing the anticipated reward of the crime

Setting a max amount for making online transfers

Increasing the perceived effort needed for crime

Using strong passwords

Removing excuses for crime

Messages relaying access to a restricted system

Increasing the perceived risks of committing the crime  

Creating international cybersecurity cooperation laws

Likewise, the VIVA criteria can also be used when it comes to analyzing the appeal of cyber-targets and, in addition, can offer information on how to prevent or check specific cybercrimes.


Value is probably the element we are less able to impact in terms of prevention as, on many occasions, it is one that is hardest to change in some targets.

For example, we cannot force a user to only keep a small amount of money in his or her bank account so that a lot does not get stolen or prevent a company from collecting its customers’ details so as to ensure that they are not misappropriated.

Nevertheless, we can always make an impact in some way to reduce the value of a target. For example, we can tell a user to split their financial assets into several bank accounts instead of having them all in one, we can set a maximum money transfer amount or ensure that the company uses an encrypted system when it comes to collecting and storing its customers’ details.


Inertia is an element that is also closely related to the analog world, as it refers to a target’s weight, bulk and physical properties, variables that do not exist in the virtual world.

Nevertheless, we can also adapt it to the characteristics of cyberspace, since we can impact the ability to conceal, share or transfer offenders’ details and information. One example of this could be the Blockchain systems applied to financial transfers or reducing the anonymity of users online.


In cyberspace, the visibility element is closely related to the concept of privacy and exposure that we usually control on the Internet. Cybercriminals often select victims who are highly exposed online and who have low privacy levels, enabling them to obtain large amounts of quality information which they can use for possible fraud or blackmail at a later date.

This element can also be difficult to control in a context such as a virtual one, where it is precisely overexposure that is driven as a strategy for success and recognition. One example of this might be the spear-phishing phenomenon.


Accessibility is possibly the element that is most closely related and adapted to the cybernetic context and which has led to the development of most cybersecurity products.

Many cybercrimes are based on unlawful intrusion somewhere: into an account, a system, a server, a network… therefore, the ease with which this access is enabled is vital for creating an appealing target. Biometric systems, two-step verification and security keys are examples of ways to have an impact on this element.

The best prevention strategy is one that impacts several elements; hence, even though cybersecurity has mainly focused on access, the other three elements can also have an effect on a target’s appeal, reducing, therefore, the opportunities for crime.

Improving Internet security requires not only the development of technology, but also for cybersecurity experts to become familiar with crime theories and explanatory models and adopt them in their systems, products and strategies.

As we have seen, traditional theories can be applied in this field and, even though new models need building, knowledge of criminology can be extrapolated and shared with cybersecurity.

We are always going to come across offenders who are motivated to commit a crime, in the analog or in the virtual world; hence, the only thing left for us to do is to find out what they are like and how they operate and impact their targets and situations that generate crime-conducive opportunities.

Posted by Tim Ayling

Tim Ayling is currently the Vice-President EMEA at buguroo. With over 20 years' experience in the cybersecurity and anti-fraud industry, Ayling began his career in technical support, and moved on to System Engineering. He began his leadership career when he established Entrust Inc. in Australia in 2003 and was made Vice-President Asia Pacific in 2006. Ayling has held numerous leadership roles in large cybersecurity vendors, including serving as the Global Head of Fraud Prevention Solutions at Kaspersky Labs, as EMEA Director of Fraud & Risk Intelligence at RSA Security, as well as spending time in the cyber-security practice of KPMG.

Solicita una demo

Would you like to know how our solution protects your bank?

Check how our solution can help you to resolve your company's online fraud issues by requesting a free DEMO and we explain it to you in detail.

Watch video

Did you like it? Share in your social communities