The hybrid victim: Re-conceptualizing high-tech cyber victimization through actor-network theory
| Author | Wytske van der Wagen,Wolter Pieters |
| DOI | 10.1177/1477370818812016 |
| Published date | 01 July 2020 |
| Date | 01 July 2020 |
| Subject Matter | Articles |
812016EUC0010.1177/1477370818812016European Journal of CriminologyWagen and Pieters
research-article2018
Article
European Journal of Criminology
2020, Vol. 17(4) 480 –497
The hybrid victim: Re-
© The Author(s) 2018
conceptualizing high-tech
Article reuse guidelines:
sagepub.com/journals-permissions
cyber victimization through
https://doi.org/10.1177/1477370818812016
DOI: 10.1177/1477370818812016
journals.sagepub.com/home/euc
actor-network theory
Wytske van der Wagen
Erasmus School of Law, The Netherlands
Wolter Pieters
Technical University Delft, The Netherlands
Abstract
Victims are often conceptualized as single, human and static entities with certain risk factors
that make them more vulnerable and attractive for offenders. This framework is challenged by
emerging forms of high-tech cybercrime, such as ransomware, botnets and virtual theft, in which
the offender targets a composite of human, technical and virtual entities. This study critically
assesses the current theorization of the cyber victim and offers an alternative approach. Drawing
on actor-network theory and three empirical case studies, it analyses the cyber victim as a
hybrid actor-network consisting of different entities that, together with the offender, make the
victimization possible. The proposed concepts of victim composition, delegation and translation
enable a more profound understanding of the hybrid and complex process of becoming a high-
tech cyber victim. Keywords: cybercrime, cyber victimization, actor-network theory, botnet,
ransomware, virtual theft
Keywords
Actor-network theory, botnet, cybercrime, cyber victimization, ransomware, virtual theft
Introduction
Although computer viruses have existed already for quite some time, today’s ‘digital
demons’ seem to take it even further. Nowadays our computers and devices can get infected
Corresponding author:
Wytske van der Wagen, Erasmus School of Law, Department of Criminology, PO Box 1738,
DR Rotterdam, 3000, The Netherlands.
Email: vanderwagen@law.eur.nl
Wagen and Pieters
481
with all kinds of advanced malicious software (malware1), enabling an offender to take
over computers and use them as ‘bots’ or ‘slaves’ in a cyber attack, or remotely take them
‘hostage’ by means of ‘ransomware’. In the latter case, the computers or computer files are
locked or encrypted, denying the victims access until the ransom has been paid (Gazet,
2010). Malware can also be used to steal personal credentials or to make fraudulent bank
transactions (Bossler and Holt, 2009). In other words, our offline, digitalized and virtual
lives can be targeted and harmed in multiple new, different and sophisticated ways.
These more technical forms of criminal victimization differ from traditional victimiza-
tion in various aspects. For instance, the interaction between the offender and victim is
much more indirect (Reyns, 2013), and the offensive actions are often directed not only
towards humans, but also towards vulnerable technical devices, which play a crucial role
in the victimization process. This poses the question whether victimologists and criminolo-
gists are confronted with a different type of victimization than they are familiar with, and
whether existing theories and concepts provide sufficient analytical power in this context.
This article critically assesses the current criminological theorization of the ‘cyber
victim’ in light of newly emerging forms of high-tech cyber victimization, and provides
an alternative conceptualization. In this context we adopt a problem-driven approach.
Based on the analysis of three empirical cases of cyber victimization, involving respec-
tively ransomware, botnets and virtual theft, we demonstrate that existing approaches
commonly used in cyber criminology (the lifestyle routine activity approach in particu-
lar) are too anthropocentric, reductionist and dualistic in nature for a type of victimiza-
tion in which there are no clear boundaries between the human and the technical, the
actual and the virtual, and the offending and the victimized (see also Brown, 2006;
Franko Aas, 2007).
We suggest an alternative conceptualization of the cyber victim through exploring the
theoretical potential of actor-network theory (ANT; Latour, 2005). In this context we
build on the ANT approach to cybercrime proposed by Van der Wagen and Pieters (2015),
but extend the framework to victims and victimization. ANT is a critical and constructiv-
ist approach that provides a conceptual framework in which entities, actors and actions
are understood in a networked, heterogeneous and complex fashion (Latour, 2005;
Verbeek, 2006). ANT does not differentiate a priori between entities in terms of their
essence, for example human versus non-human or victim versus offender. Rather it is
interested in what different entities (as a network) do and how they contribute to certain
actions or results, for example victimization (Latour, 2005; Law, 1992). Drawing on this
perspective, we propose to conceptualize the cyber victim as a heterogeneous network
consisting of interacting human, technical and/or virtual entities that has to be targeted,
deceived and/or controlled in a relational manner by the offender(s) – the latter also
being an actor-network (see Van der Wagen and Pieters, 2015). This alternative frame-
work consists of three interrelated concepts: ‘victim composition’, ‘victim delegation’
and ‘victim translation’, the combination of which enables a more nuanced understand-
ing of the hybrid and complex process of becoming a high-tech cyber victim.
The first section of this article takes a look at how the high-tech cyber victim is cur-
rently theorized in existing criminological research. We then present the three empirical
cases and point out different conceptual limitations of existing approaches in capturing
the features of these forms of cyber victimization. The article then discusses ANT’s
482
European Journal of Criminology 17(4)
conceptual framework and assesses its potential in relation to the cases, resulting in an
alternative conceptualization of the high-tech cyber victim. In the final discussion we
will touch upon the wider implications of the proposed hybrid victim approach and pro-
vide suggestions for further research.
The current theorization of the high-tech cyber victim
In recent years, cybercrime victimization has become an important and rapidly evolving
field for criminology (see Holt and Bossler, 2014). Although it is a rather specific sub-
field, it deals with a wide variety of criminal victimization. Cybercrimes can be targeted
against specific individuals (for example, online harassment, stalking), groups of indi-
viduals (for example, hate crimes), computer systems or networks (for example, hack-
ing), (large) populations of computer users (for example, virus infections), virtual entities
(for example, virtual rape), critical infrastructures (for example, cyber attacks against
power plants), and so on. The current study concentrates on the theorization of forms of
cybercrime that have a significant technical or ‘high-tech’ dimension, also referred to as
‘computer-focused crime’ (Maimon et al., 2015) or ‘true cybercrime’ (Wall, 2007). These
crimes differ from the more ‘low-tech’ cybercrimes (for example, cyber stalking) in the
sense that digital technology is not only a means to commit crime but a necessary condi-
tion for the type of crime committed (Koops, 2010). These crimes have gained relatively
little attention in criminology (see, for example, Bossler and Holt, 2009, 2011; Leukfeldt,
2015), and their technical nature may challenge existing theoretical frameworks more or
differently than so-called computer-enabled crimes such as cyber stalking.
Criminological studies that have been conducted on high-tech cyber victimization are
predominantly empirical tests of the lifestyle approach (Hindelang, Gottfredson and
Garofalo, 1978) and/or the routine activity theory (Cohen and Felson, 1979), theories
that are also most influential in traditional victim studies. The lifestyle model supposes
that certain behaviours (for example, related to work, school and leisure) expose certain
individuals with certain demographic features to certain risky (crime-prone) situations
(McNeeley, 2015). The Routine Activity Theory (RAT) on the other hand, focuses more
on crime and victimization as an event (Pratt and Turanovic, 2016). It considers victimi-
zation to be the result of the convergence in time and space of a motivated offender, a
vulnerable or suitable target/victim and the absence of capable guardianship. It assumes
that motivated offenders seek to find places where suitable targets are concentrated, but
also places where they can find an absence of capable guardianship, guardians being
humans or objects that can prevent crime from occurring (for example, a fence, a surveil-
lance camera or a police officer) (Yar, 2005). Although these theories are distinct
approaches, they lead to similar hypotheses and are often combined in one framework,
also denoted as general opportunity theory or lifestyle routine activity theory (see
McNeeley, 2015, for an overview).
Following this approach, studies on high-tech cyber victimization seek to unravel
which individual and situational factors put certain people at risk of cyber victimization.
Yet, instead of offline activities, these studies concentrate primarily on people’s online
routine activities such as how much time they spend on the Internet and...
To continue reading
Request your trial