Crimetech – It’s like fintech, but not as much of a scam

Crimetech is a catch all for the technology developed by criminal enterprises to further their aims. It is the set of botnets, hacking tools,  bulletproof hosting and interfaces that join up criminal intent with their victims. (There is a company selling various bits kit for forensics called ‘CrimeTech’. They are the go to if you need tape with ‘Evidence’ on it, or that thick chalk you draw round a body.) Crimetech is specific in its purpose. There is wider melange of technology used by criminals which is not crimetech – Tor, cryptocurrency and such are independent of it but we should be aware of how some technology articulates and gives affordance to hostile actors.

The prevailing framework is of technology and crime is of tech as a quality that enables or disables crime or security. Crime exists on a scale from cyber-enabled to cyber-dependent. A little less encryption here, a little more there. As technology is now so embedded and provided as a service to criminals we have to move past that and think of tech as part of the material matrix. So rather than this gradient from ‘lo tech’ to ‘full on tech’ we could see intersections between different kinds of technology and the material operation of crime, in some instances surrounding a hard core of dedicated, tech dominant crimetech operations. Really we are talking about the old classics: what is the division of labour, where are the command and control processes, how are criminal enterprises able to combine different data types and where are the critical points where harm happens. 

Consider a phone scam that’s highly centralised, which combines basic and simple technological platforms and user scripts, and a social engineering attack which used tested AI driven communication forms to ensare victims. The first is heavy on human labour, and can be undermined by time wasting tactics on the other end. The latter is less contact driven, more passive, highly failure tolerant and generates more data. A zero day exploit is of a different quality as it is likely to be valued in itself, traded and used by a range of individuals and enterprises, including state agencies.

As well as the organisation/complexity axis we should also consider hwo crimetech scales. Many crimes are low severity individually and hence tend to be unreported, but have an impact at scale which is what makes them hard to prosecute. This focus on a scalar threat is a recurring one in many documents now such as the Mills, Skodbo and Blyth (2013) which explicitly tackles it. To me we are facing two challenges: first, tools and exploitation modes are designed to scale up and down depending on opportunity. Second, distributed delivery means interventions tend to end up punching fog. In each case, my interest comes back to how crimetech reorganises and revalues criminal labour, just as other platforms do the same. The same problem can occur in both cases. In the world of venture capital the relentless focus on devaluing human labour means we miss how much labour goes into algorithmic control. In the world of crimetech the extensive labour behind scalar threats is also hidden.

Mills H, Skodbo S and Blyth P (2013) Understanding organised crime: estimating the scale and the social and economic costs. London: Home Office.



Who put the literacy in digital literacy: Why is voice messaging absent in digital sociology, why are we obsessed with text, and why is this title longer than the post below?

Voice messaging sends prerecorded audio messages via messaging apps. Users can mix and match audio messages with other media such as text or visual.  Voice messaging allows people to get around the flatness of textual communication, adding tone and nuance. It requires greater intensity of engagement at the other end. The receiver has to listen, not just glance. Zoomers have a reputation for fearing the phone call and voice message allows a less demanding but still personal way of interacting.

In every way voice messaging is its own communication media. It has specific interactional characteristics that set it apart qualitatively from text messaging, one to one calls, and other modes of communication. Yet almost every article I read on digital society namechecks textual, audio call and video communication. None mentions voice messaging, one of the most significant changes in communication media in recent years. It is completely under the radar of digital sociology even as part of our standard list everyone uses of ‘this is how folks interact now’.

Voice messaging has some fascinating characteristics. Zhang (2028) reports that in Chinese professionals consider it ‘obnoxious’ and only tolerate its use when it is sent from a senior to a junior person. The reasons are probably the same for both parties: it has limited information density and resists rapid, easy consumption. A voice message conversation appears just as a list of audio links. There is no simple way to parse or prioritise content without having to listen to the whole thing. It is a demanding medium for the receiver, but not the sender. In business/professional worlds it is a statement of who is time rich, who is time poor, and who matters more. Effectively, ‘I couldn’t be bothered to type this out’.

As well as shifting or exposing power relations in one set of communications, it may shift them in another direction in a different set of interactions. It opens up some possibilities for people who are unable to use text, or find it difficult. Its use can signal the presence of intimacy and care. It allows users to signal the content and intent of their communication. Here is a longer message I would like you to be more involved in listening to. It moves us away from a literal understanding of literacy as textual aptitude. As a mode it also highlights the attentional context of consumption. A voice message makes it harder to prioritise one’s attention in consuming communication, but on the other hand displays a greater commitment to the interaction.

On the next point, does our not bothering with voice messaging indicate we are too text focused in both method and critique? Textual sources and modes of analysis are simpler in many ways. There is a lot of textual data, and using text allows us to avoid or obfuscate some ethical questions around data reuse and anonymity. Voice messages tend to just be private so are not immediately accessible. There are practical reasons but also our theoretical tools are designed around the bloodless written word and we suffer for it.

Zhang, Zara. 2018. ‘Sending WeChat Voice Messages Is a Status Symbol in China’. Quartz.

Disinformation – you have no idea what it is so it beats me how you plan to fix it

Just adding to the rash of ‘stop thinking disinformation is the problem’ takes out there. The high cultural capital crew like to imagine that they would love there to be a bright line between illegal and illegal, organised and opportunistic, rational and emotional. And also that they know which side of the line they would be on. Likewise, information manipulation. Disinformation is the cost mug of horlicks that the information saturation set reach for to explain democratic events they do not like. Why, if only those damned twitter bots did not spin constant lies and rile up the little people then we wouldn’t have to deal with events, which are inherently tiresome. On the other hand, maybe lots of people just do not want to lie in the bed you have created for them. 

Challenge: what’s the difference between propaganda, political campaigning, advertising, and information operations, if there is one? Why is it okay when our side does it? There is a long history of fake news and election manipulation. In an early example of cancel culture. the ostrakon was used to expel citizens from Athens and was highly open to manipulation. The Soviet Union placed a fake news story in Indian newspaper about AIDS being a US developed bioweapon. Many governments engage in shaping public opinion, from the health (cigarettes be bad) to the attitudinal. Plenty of institutions engage in astroturfing, other manipulation of civil society. What is new in the current climate is the global reach of nationally motivated hacker groups, not all of which are or need to be centrally coordinated.

It is a powerful propaganda tool used by nationalist regimes to suppress civil liberties, undermine opposition and simply swamp out opposition or independent information and as a tool of international relations. But also itself become a go-to tool for strategic de-legitimation (you used the fakes!). There’s a fear of institutional fragility which speaks of a moral uncertainty in liberal elites. More neutrally, an information economy and polity is exposed to attempts to manipulate information for strategic ends as opposed to everyday annoyances.

The narrative around disinformation feeds into the narrative that certain choices can be objectively deemed false. Discussions of Brexit always implies there is something false to it: Cameron called the vote for cynical party management reasons and Johnson falsely posed as an anti-EU populist. Falsity lets us off the hook of doing proper material, historical analysis.

Disinformation strikes at a number of question at the intersection of information science, sociology of markets, sociology of technology and the philosophy of knowledge: how can disinformation be defined, recognised and how can systems be made resilient against it. There are several thorny ontological and epistemological questions between the politics of knowledge, preference falsification, technical and social verification and conceptual space theory. We don’t easily know what disinformation is when we see it so we need agreement that we are in fact talking about the same thing.

There are a number of developments in the organisation of information markets that are live right now and which mean the problem isn’t just open to immediate technical or oversight solutions: financialisation of disinformation, the vertical integration of political campaigns with new media, and the development of a distributed labour infrastructure which is agile and available. There is also a collective effervescence to disinformation action. When Russian hackers take out Estonia’s infrastructure or Chinese internet activists DDOS US government websites, this is partly for the joy. Therefore we should consider this as a type of national political action and participation, not just a wily propaganda ploy.

DeSombre, Winnona, and Dan Byrnes. 2018. Thieves and Geeks: Russian and Chinese Hacking Communities. Recorded Future.

You never had and will never have the right to repair, or any other rights for that matter

If you see the ‘No user serviceable parts inside’ notice as a challenge, I am with you. I am in the class of people most open to the right to repair movement so I want to introduce some reflection on what it means and whether it is the right way to frame what we want. And what we want is knowledge and control over the material technologies of our lives, and to resist the constant ramp towards platform lock in that now pervades the physical as well as the virtual realm.

A right is just a desire, along with the capacity and willingness to exercise it. You do not have the right to vote. You can vote if some conditions prevail (you are an adult citizen, mentally capable, not in prison, able to get to the polling station, give a toss etc). Likewise, the right to free speech, property, right to life etc. Any right you mention can be terminated. Please do tell the nurse switching off your ventilator about the European Convention on Human Rights Article 2. Trust me, she’ll do it just to save on the electricity. The whole thing is a massive scam, like dishwasher tablets. I’ve never bought them. It cleans just as well without them.

When we campaign for rights we really just mean: we want this not to be just the province of affluent, high cultural capital, centrally approved sort of folk.It just means nobody else will. Alcohol might be banned in Saudi Arabia but wealthy, male Saudis exercise their right to get merry very easily. A right to intoxication would mean allowing people the legal and actual capacity to buy and use alcohol or other drugs. Maybe the Saudis would have had more luck banning alcohol if they just let Apple sell the stuff but lock it to people who had phones running iOS 16.

Okay, I put that a bit strongly, naming rights helps organise and codify them. Right to repair is a set of requirements that are primarily about returning control of technology to users and the communities they belong to. This is a laudable goal, which will only be met in a very limited way with an actual right to repair. We should understand why this shift happened and why some technologies appear to be repairable in the first place. The reason I say this is that otherwise it is very easy for a company to throttle a right to repair just by ceasing to make the relevant parts. As someone who finally got the part they need for my 10 year old Canon EOS 5D (see picture) I know that it is easier to observe in theory than practice. And the Canon is super-repairable. I could get right into the guts of it but still need to replace the expensive shutter unit, rather than the cheap shutter itself. And I can afford the time to do all this.

The ability to repair old bangers exists only because: for many of us, we couldn’t afford new ones; and some are worth it to keep roadworthy but are essentially useless. Software locked tractors massively impinge on the ability to maintain a significant fixed capital investment but that is quite a specific type of use case. Can we analogise from that to Apple’s penchant for soldering everything onto the motherboard, and gluing everything that can be glued?  Likewise, PCs are not more popular than Macs because they are sometimes repairable and upgradable. They are more popular because they are more popular, they fit more use cases, and can do more stuff – especially but not only games. What the r2r movement is objecting to is the centralisation and concentration of the supply chain and the damage that does to communities’ ability to adapt technology to their needs. I believe that we need to expand this attitude to every technology where it has happened, which is most of them, from pharmaceuticals to bicycles. I also think this logic is tending towards each of these technologies acting as part of an integrated system – e-bikes, smart drugs, they all function as parts of an integrated whole. R2R is one way of pushing back against some of the more damaging elements of that. So my main angle is really that it is the starting point to go beyond the valuable use cases that it invokes to a broader take on the infiltration of technology into social life.


MIC drop: Beware the metaphor-industrial complex

US president Dwight Eisenhower warned in 1961 ‘we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military–industrial complex’ (MIC). The idea that there is a grouping of lobbyists and industry desperate to suborn public money for their agenda is persistent in Western political discourse. It is suspected that the MIC rigs public discourse and provokes the odd minor war or two. It is a handily portable quote, so we have references to the pharma-industrial complex, the trans-industrial complex, data-industrial complex, the woke-industrial complex and on and on. There is probably an industrial complex-industrial complex.

Though it captures some real dynamics – regulatory capture and so on – the specific claim is wrong in its context and more generally. Historically, most developments attributed to the MIC have come from political competition, external to the MIC itself. To take one core example, the ‘missile gap’ myth was promoted by president to be John F Kennedy. He used it to build his career as a US Senator and made the basis for a successful run for US President. Yes, lovely JFK was a total warmonger. Supposedly the Soviet Union had an edge in the effectiveness and quantity of their nuclear missiles and this needed to be matched by the USA. The missile gap did not in fact exist, and JFK probably knew that. He also knew that his opponent could not disprove it without looking weak and also sharing classified information. The MIC was the instrument, not the prime mover, of this particular addition to the arms race.

Coming back from that divergence, metaphors spread widely in social science, sometimes because they are more effective rhetorically than analytically. MIC succeeds because it is an effective metaphor. We see a lot of metaphorisation of our discourse. Type ‘uberisation’ into Google Scholar. Most of social life is being uberised apparently.  Before it was Googlization, and before that McDonaldization. I regret to inform you that Education 3.0 is now also a thing. The metaphors are handy but like any figure of speech might conceal as they reveal. For example, focusing on how work is being made casual and algorithmically governed is important but also tends towards presentism. We forget the tools that helped us in the past understand and sometimes fight against these tendencies.

Metaphors are useful little packages of meaning and I have used a few already (eg. ‘arms race’). They are different from reusable analytic concepts. In contrast, the concept of weapons of the weak is one that has been widely reapplied and while malleable is also coherent and internally consistent. It is also rhetorically powerful and persuasive. It is perhaps not possible to separate a concept’s rhetorical power from its empirical traction but the latter should lead. The nature of competition in social science means that we can end up pursuing beguiling rhetoric at the expense of the work needed to bring it down to earth.

If you want to read further the CIA (yes, THE C I A), has a great collection of documents on the missile gap. They are a fascinating study of evolving intelligence capabilities and concerns. Top marks if you write ‘weapons of the week’ like it’s an offer at Tesco.

Ritzer, George. The McDonaldization of Society. Sage, 2013.

Scott, James C. Weapons of the Weak. Yale university Press, 2008.

What’s the difference between description and analysis? The myth of the unfakeable banknote

I often say to students ‘describe, then analyse’. Well, how do you know which one you are doing and what the difference between them is? And while we’re about it, what’s the difference between method and methodology, hmmm? There is really no fundamental difference. Description always involves a choice of terms in which to describe, and these are analytical choices. Analysis is just being aware of those choices, understanding that some choices have been made for you before you even start, then deciding what elements to focus on, and drawing connections between cases in order to make inferences. Analysis is therefore that ability to connect the description to a category or process that tells you about it, and being aware of the context in which it is produced.

For example, I research banknote counterfeiting. One aspect of that is looking at how banks and tellers detect counterfeits. A start to that is by describing the equipment used (e.g. ultraviolet lamps) and then the process (the different kinds of examination notes undergo). Analysis is looking at what informs the design of those technologies and processes. One ground level assumption everyone works with is that there is an objective way to tell the difference once and for all. Analysis looks at what effect these assumptions have in the world. For example, if tellers are held responsible for accepting counterfeits then that shifts the responsibility from the designer to the lowest level human in the process. That tells us about who has power over money. We can then say a lot more about how cash notes fit into the economy as part of a whole process based on distributing trust and responsibility. We might also look at the changing design of notes as partly symbolic, incorporating banal nationalism at some stages, and also about shifting understandings of the role of cash and money in the economy.

The design of the Euro notes gives new meaning to both. The semiotics are significant. They are intentionally banal. Each country is only represented in the serial numbers of the notes, and the images uses are intended not to refer to anything real that might get people hot under the collar. You can compare those notes to others that intend to communicate stability and reliability, or seek to say something about the nation they represent. Finland’s markka notes designed by Eliel Saarinen are a lovely example of aspirational nationalist modernism at a time when Finnish national consciousness was starting to cohere around national independence. Scammers faked the Finnish markka and in one genius instance made a 20 markka note into a non existent 2000 mark note by the simple means of adding two zeros to the face number. While that wouldn’t have fooled a lot of Finns it might have worked when exchanging the notes abroad.

The security features also are semiotic: the signal trust, but also have to perform practically. They need to be readable to the human eye and sensitive to touch, to make them quickly recognisable. We can then ask what this tells us about the notes as circulating media or as stores of value, the intended rapidity of their circulation and how the designers understand where they will be exchanged.

Analysis then leads us to further questions. Do central banks plan there to be a perfectly unfakeable note? How do fake notes affect people’s faith in money? Do times of hyperinflation or deflation change this relationship? How does computer fraud change the faith people put in digital versus physical currency? How does the creation of automatic transaction terminals such as supermarket customer checkout systems shift the equation? Increasingly we look at currency and payment as a closed system, which alters what we understand cash to be. Cash can operate as something valued independently of its ‘face value’. For example, in Russia during 1992 there was a shortage of small value 15-kopek pieces used for payphones, so they began changing hands for much more (Lemon, 1998). Likewise, drug dealers in parts of the USA refused to accept one dollar bills, so local shops made a lively trade selling 10 dollar bills to drug users for 11 one dollar bills.

Analysis also helps us tell the difference between banally obvious statements that still need to be made (e.g. that every banknote is an act of faith) and propositions that can be tested (e.g. people automatically have more trust in higher value notes). Just in case anyone things I am ragging on cash, cryptocurrency is worse (Bratspies, 2018).

We often think of description as mundane and concrete and analysis as showy and abstract. The reverse is true. Every act of description is an act of creation, and every act of analysis brings that creation back to earth.

Bratspies, Rebecca M. 2018. Cryptocurrency and the Myth of the Trustless Transaction. SSRN Scholarly Paper. ID 3141605. Rochester, NY: Social Science Research Network.
Lemon, Alaina. ‘“Your Eyes Are Green like Dollars”: Counterfeit Cash, National Substance, and Currency Apartheid in 1990s Russia’. Cultural Anthropology 13, no. 1 (1998): 22–55.

Malware: proposal for a social history

Computer security is the culmination of a series of subversions. Just as policing evolves in response to crime, so computer systems evolve in response to threats. When it comes to malware, while the code is clever, the social engineering is more persistent, and more depressing. Malware designers evolve their products through testing and tooling to find out what works best. What wording will mean that more victims click on that ransomware link? Do people trust social media messages more than emails? More and more, malware evolves in response to human social and economic systems, and organisational/geo-political priorities, rather than to technical vulnerabilities.

Technological histories exist, recording major developments – the first Worm, the first RootKit, the first ransomware and so on. The social history is more dispersed and is yet to be written. Elements of a theory of malware could focus on: Where was it developed, for what purpose, who by, and how? How have victim and perpetrator characteristics evolved with the systems they use? What ethical and political questions are raised by it? For example, do we have the right to destroy self replicating computer programs, and how should malware be preserved for future study? My sense is malware history is somewhat separated from other kinds of crime historiography.

We would need to begin with a basic taxonomy. Here is my first sketch of the social history of malware: First stage: technically focused malware. Often created to prove a point, or by accident, like the first computer worm. Second stage: payload. Malware delivers a technical form that does something else, like modifies a computer system, or locks you out of it. Third stage: organisational. Malware becomes an object of economic and political activity. There is a high division of labour. Stuxnet and NotPetya encode geo-political priorities. Markets like Dark0de trade and systematise it.

Methods should set out the relevant fields. Studying evolving malware means studying the evolving computer security industry, its capacity for threat detection and horizon analysis, and the back and forth between malware operators and industry personnel. Constructs to be examined include changes in how costs are calculated and understood – from direct economic losses to reputation damage, lay perceptions of malware, and popular discourse and cultural representations of the topic. There is an opportunity for theoretical innovation here, for example considering QAnon as a mimetic virus.

Lessons to learn: total security is not possible (Aycock, 2006). We might end up with an understanding of malware as a varied sphere of illegitimacy, which is occupied in different ways by systems and people. The debate over disinformation could fit into this.  It is a powerful propaganda tool used by authoritarian regimes to suppress civil liberties, undermine opposition and simply swamp out opposition or independent information and as a tool of international relations. But also itself become a go-to tool for strategic de-legitimation of uncomfortable political positions (you used the fakes!). Likewise, malware is a purposeful set of technical instruments which share characteristics. There may be a myth of precision influencing discussion, that if only we get the right focus we can pre-cog malware and harden vulnerable targets – code for you dumb users. It is a dance that won’t stop.
To carry out this study we would have to be mindful of Inglis (2014) critique of presentism and simplistic periodisation in sociology and elsewhere, and develop an understanding of the sociological dynamics underpinning cybercrime that avoids simple periodisation and to which I would add social science’s tendency towards deletion of its recent past.
Aycock, John. 2006. Computer Viruses and Malware. Springer.
Inglis, David. 2014. ‘What Is Worth Defending in Sociology Today? Presentism, Historical Vision and the Uses of Sociology’. Cultural Sociology 8(1):99–118. doi: 10.1177/1749975512473288.

Aspirational illicit markets

Early in my career I researched smoking in areas of multiple deprivation in Scotland. At the time these were places where the social, economic and physical fabric had been severely weakened due to overlapping stressors. High crime, low income, low economic activity and widespread health problems were multiple challenges for people who lived there. That is what I think of as intersectionality. Smoking was often quoted by people I interviewed as being their one reliable pleasure. The rising cost of cigarettes and tobacco was an irritant but not often an incentive to quit. Though under strain at the time, there was a strong neighbourhood environment in many places.

One set of relationships that was sustained throughout was the illicit cigarette market. Taxes were spiking and there was a wide opportunity for people who wanted to import tobacco products cheaply. As with many illicit importing operations a tricky bit is the last retail step. Shipments need to be broken into units that will be affordable and available and this needs a staged operation with sometimes multiple ‘final miles’ involved. Several competing approaches were applied. Tobacco could be sold in pubs, under the counter of existing shops, or delivered directly. In the last case pizza companies were set up as fronts for tobacco delivery.

The level of entrepreneurial innovation going on here alerted me to the aspirational nature of illicit markets. Some illicit operations are attractive because they are the only game in town, sometimes participating in them offers purpose, income and aspiration and something resembling a career. While that was going on many others in the community rejected this as a route. They viewed illicit work as harmful to the community, attracting dangerous criminals and damaging its reputation. These markets were contested, and meaningful. Therefore when they are interdicted we should be aware of the fallout, positive and negative, and the absences left behind by them.

The long and short future

🎵 In the year 2525, if man is still alive, if woman can survive 🎵 

Projects such as the Clock of the Long Now, the Svalbard Global Seed Vault, and deep time Nuclear Semiotics work with time horizons of millenia. These are about changing our time perspective in response to challenges created by humanity such as environmental problems and the demands of long term nuclear waste storage. These come at a time when the tools humanity set up that institute a long term consciousness, religion and orthodoxy, have been swept aside by the Smiley People Who Know Everything. The moral obligations current humans have to future society are up for grabs. What costs might we be unknowingly or uncaringly imposing on them? Maybe the only obligation you have is to live your best life. In the Douglas Adams short story Young Zaphod Plays it Safe a way of mining the past for energy is discovered. Everyone is pretty pleased with themselves at this innovation: energy from the one place where no-one will kick up a fuss. Too late they discover that mining the past creates a problem for the present, as the future is doing the same thing to them. People will only really be motivated to act, he implies, if they have something at stake. 

So what can be employed to give us something to care about? One answer is the human delight in narrative, which explains why science fiction authors made such a contribution o the long term semiotics discussions that have come about as a result of the need to store long term nuclear waste, with a time horizon of about 10,000 years. Can a message be dispatched, interpreted, understood and acted on over a timescale greater than human civilisation? If we create a story of ourselves as heroically saving the future while also leaving a bloody big monument to it, we night be bothered to make an actual effort. The content is tricky however. It must convince the future people not to dig up this particular patch of ground and also convince the present people that it will do that. The paradox is that we might like to leave some monuments to ourselves, but any monument is attractive. Any warning sign looks like a treasure map, or just ceases to mean anything, given enough time. Gregory Benford points to problems of expert conformity and false certainty in deep time estimation, as in any enterprise.

The coming of the … society

The …isation hypothesis

That is certainly the case in future world talk in sociology. How good has sociology been at identifying valid future trends and self-correcting in the face of evidence? And can we not talk about this please? Let’s start with one of the worst charges on the docket, the secularisation hypothesis. Basically: as societies become modern, they become secular. It is pretty much not true and like most failed predictions extrapolates from a small set of cases in one moment to a general trend about societal evolution. Demographic transition is a more solid prediction, and is notable for largely existing outside mainstream sociology. Yup, everyone is getting older apart from the religo-crazies, a fact we would all just rather ignore thank you.

Lots of sociology futures now name a type of society coming into being – the metric society, the screen society, the network society, the algorithmic/platform society. Or they seek out an organising metaphor like fluidity or liquidity, using it a characteristic that in some way is central to the transformed social life and which people will have to live with. Usually the argument is presented in a motte and bailey style. It is asserted that such and such a characteristic is fluid, meaning without form or structure. Then it is pointed out that it does have form and structure, at which point the argument shifts to say that fluidity just means flexible or changing, network just means connected etc. No books have been titled ‘The Rigid Society’ or ‘Inflexible, Untroubled Gender’ or ‘The Coming Non-Crisis of Capitalism’. The traffic is all one way, which tells you how detached it is from empirical data but not from the incentives of academic publishing.

While sociology and future writing love their metaphors, they do not love their humans. Humans get a bad rep in sociology, behavioural economics and social psychology. They are usually criticised for their short termism,  various cognitive biases and a general inability to consider severe threats and fantastic opportunities that are not immediately apparent and the general set of cognitive limits I am confident nobody ever called ‘Gidden’s Paradox’. I am not sure humans suffer from the short term perspective often claimed. Giddens, the Nudgers and others speak confidently from a future that has not happened yet, and condemn humans for being insufficiently panicked at something which we have very little capacity to do much about. It is irksome because of the tendency for expert groups and elites to form their own consensus and anathematise any doubters, and the lack of humility when they turn out yet again to be wrong. 

“In the Year 2525 (Exordium & Terminus)” by Zager and Evans, RCA Victor, 1969.

Microsocial crime script in a meta criminal context: crime script analysis as applied to hybrid digital crime

This post is about crime script analysis as a method of bridging micro- and meta- analysis of criminal activity. It lays out what crime script is and how it can be used to understand the relationship between the material criminal context and the patterning of criminal action.

The origins and application of crime script analysis

Cohen and Felson (Cohen and Felson, 1979) analysed US crime rates following the Second World War. They suggested crime rates are not well correlated with socio-economic stressors such as unemployment, poverty and inequality. Crime incidence may increase in good times and slow in bad times. It does closely match opportunities. What is there matters more than what is not there. That is why crime can increase in good times. There is more stuff. As a material of theory of crime this works on a basic level. There is no car theft without cars to steal and a large enough market to sell into. That insight is the basis for Routine Activities Theory (RAT) which states that acquisitive crime is patterned and dependent on the existence of an opportunity, a motivated criminal and an absent guardian (Andersen and Farrell, 2015). It also explains some of the reduction of material crime as a result of the rise of the digital economy. As the economy becomes centred on virtual goods it becomes more difficult and less lucrative to traffic in stolen property. In this new environment criminal groups and methods either fall or adapt and exploit new opportunities presented by digital society.

An approach is needed to understand criminal innovation and the success or failure of specific criminal methods which are persistent, patterned and shared between criminals. One way of doing this is through Crime Script Analysis (CSA), developed by Cornish (Cornish, 1994). CSA characterises criminal activity as routine and purposive and identifies a criminal modus operandi. Much criminology and policing practice had focused on the crime event itself, hoping to catch criminals in the act. CSA puts the offending act itself in a context of preparation, commission, and leaving. By laying out the sequence like this the criminal act can be disrupted by situational crime prevention (SCP) measures which interfere with different stages of the script. For example a study of illicit opioid sales might identify lax or corruption prescription of painkillers as a source for drug dealers and reduce incentives for overprescribing (Moreto et al., 2020). Each stage in the script suggests a control intervention like target hardening, control of entry/exit routes, and limiting opportunities to profit from crime. Many of the steps identified might not in isolation constitute illegal acts. As a result CSA can be used to propose changes in the law, for example, criminalising ‘grooming’ by child sexual predators as a critical stage in the preparation of child abuse.

Target attraction is based on VIVA (value, inertia, visibility and accessibility). Felson (Felson, 2000) argues the theory helps avoid common mistakes which assume in a common-sense fashion that social disorder leads to more crime. He argues: “Shabby paint on buildings might be ugly, but it probably does not itself contribute to more crime. Graffiti in subways probably does not lead to more robberies. Extreme deterioration of a neighborhood might cause vice crimes to decline by scaring away customers”. These factors are likely to be correlated not causal. For instance, street drug markets operate in the absence of the guardian, not because the neighourhood lacks streetlighting. ‘Broken windows’ theory of crime might correlate to reality because it signals the absence of a guardian rather than indicating a generalised lawlessness which criminals take advantage of.

Crime script analysis in microsocial detail

CSA is a microsocial analysis of routine criminal activities which at its most basic level divides the crime sequence into three stages: precursors, commission and resolution/departure. Or Sue, Grabbit and Runne. Each stage can be further subdivided into more detailed stages, such as preparation, entry, precondition, instrumental initiation, instrumental actualisation, continuation, post-condition, exit/reset. Each element is required to complete the whole crime chain. Cases for the script are collected from various sources. These might be police investigation files, court transcripts, or raw accounts by those involved given to interviewers.

In order to compile the crime script, begin with a blank sheet of categories to be populated:

Table 1 Blank Crime Script  
          Scene Action Example of a house burglary Overall stage
Preparation Obtain necessary tools/precursors Obtain lockpicking tools, intelligence about opportunities, associate with accomplices Precusors
Entry Gain access to targeted space Find neighbourhood judged to be sufficiently undefended/lucrative
Precondition Condition necessary for target choice Choose time of day/night when residents out or asleep
Selection Identify specific opportunity Choose dwelling
Instrumental initiation Begin action sequence Approach entryway/other weak point Commission
Instrumental actualisation Initiate action Gain entry illegally
Continuation Carry out action Take value items/Remain on scene to conduct opportunistic criminal acts
Post condition Maintain role out of scene, getting away, extracting value, other necessary end states to reset the sequence. Leave, divide up and sell stolen goods Resolution/departure
Exit/reset Return to starting point/desist Cash out goods

The script can be adapted to a wide range of criminal activity. A study of illicit meth production might identify sources of precursor chemicals, spaces used for laboratories, and processes of integrating with cartel buyers or other distributors. Many non-or semi-criminal actors are involved in activities such as facilitating infrastructure, finding transport, security, and sorting out legal and administrative issues for example by creating front companies. Larger illicit operations use front entities like fake pharmaceutical buyers, requiring a greater degree of network extent and complexity. A point we learn from this is that there is no such actor as ‘the criminal’. The person running the lab may be a part time hire, they may be supplied by a knowing person in the chemical industry. One task assigned was popping Sudafed out of thousands of pill blisters (Chiu et al., 2011).

When we use the CSA method then we see that there may be no central criminal actor and guiding mind. Scripts then connect to further scripts, for example, one for drug distribution which might involve a different subset of actors. Scripts can also be incomplete. The hacking group LAPSUS$ was very successful in applying login credentials purchased in a criminal marketplace to access Electronic Arts’ internal systems – potentially a major breach. However it had no idea what to do after that and was reduced to begging a journalist for contact details for the company in order to make a failed attempt to blackmail them (Cox, 2022).

A reason for using CSA is it allows analysts to identify control conditions that can be applied at different stages. How might absent guardians be substituted? How might opportunities be reduced? How might motivated actors be demotivated? The script can be used to recommend actions at each stage and evaluate their potential cost effectiveness. For example, knowing that counterfeit cigarette manufactures buy second hand cigarette manufacturing machines and also draw on cash rich businesses as a ready source of capital, then manufacturers might be required to account for those sold into the second hand market and the accounts of nightclubs closely monitored (Antonopoulos and Hall, 2016). For that reason, each sequence stage must be necessary for completion of the whole script. The analysis must separate out extraneous activity and focus on those conditions without which the script would fail.

Applied to digital and hybrid crime

The digital sphere appears to lack some of the qualities involved in routine activities theory however, time-space stretching means co-presence in the same time and space are not needed but there does need to be some kind of shared networked connection. The digital environment may enable absent guardianship through anonymity and other features of distanced responsibility, de-personalisation and remoteness of consequences. As increasingly digital crime is hybridised scripts can usefully identified transition points between online and face to face action (Brown, 2006; Roks et al., 2020). Leukfeldt (Leukfeldt, 2014) describes a situation where a phishing network largely coordinates in person and uses social engineering rather than malware to suborn victims.

The lens might need to shift from capable guardianship to relative visibility (Leukfeldt and Yar, 2016). We also need to rethink motivation. A study of web defacement in the Netherlands showed that those motivated by fun, patriotism and revenge tended to stick to local websites and use known SQL vulnerabilities, and so were more easily deterred than those doing it to demonstrate skill (Holt et al., 2020).

Case: A Darknet Counterfeit Currency Vendor

I am using a case where I mapped counterfeit currency distributor and user crime scripts using a sales and discussion thread scraped from a darknet market. The distributor sold fake US Dollars in $20, $50 and $100 denominations. The discussion thread was extensive and took place over several years. The distributor ‘Benjamin’ and their customers discussed the quality of the notes and how to successfully use them. The thread was open coded using NVIVO and then recoded according to crime script stages for both distributor and user. Contextualisation codes were also used which identified the material and social context of the criminal community. For instance, one code which became important in relation to the users’ moral justification for what they were doing was ‘Politics’. Users justified their activity in relation to the US Federal Reserve’s degrading the currency.

Matrix coding was then conducted, cross tabulating the contextualizing codes with the CSA codes. These codes fed into the crime script coding, for example, technical features were coded and then distributed according to their function in the precondition/actualisation parts of the script. That exposed the technical, stealth, performative and organisational features at different stages of the script execution.

Cases were created for each contributor to the forum and the attribute function was used to record their role/stance. While some roles were immediately obvious, such as Benjamin, others emerged during the contextualising analysis. For example, some contributors took on the role of mediating the crime script, advising others on how to successfully use the notes in different contexts and de-risk their use.  The following crime script was developed:

Table 2 Crime Scripts for Benjamin and Users
Benjamin Users
Entry Bulk order from supplier Set up cryptomarket account Receive currency

Target scoping

Precondition Pricing and divide up note ‘packs’ Choose high traffic setting

Work notes


Selection Market/sales/advertise Select/stealth person/car

Select young cashier/busy time

Instrumental initiation Receive orders from buyers Identify high value/good return good
Instrumental actualisation Process orders, select consumer/delivery Buy goods/swap out cash
Continuation After sales support/manage reputation/expectations on forum Recycle bad product into good notes
Post condition Close the feedback loop with supplier Transfer legit cash
Exit/reset Cash out/repost Return to thread/leave

Distribution of counterfeit currency in this way is an example of a hybrid crime combining online distribution and offline actualisation. The script required understanding the meta-criminal context in which Benjamin and the users operated. Benjamin was a secondary distributor for the primary note producer. Therefore they had to manage both their supply and manage expectations within the darknet community about the effectiveness of the notes. Benjamin’s second stage role meant they could palm off some of the responsibility for poor quality product onto the supplier but still needed to maintain a reasonably high hit rate among their customers. It was vital in order to keep selling the notes that users reported success with them. So Benjamin and some key contributors maintained a modus operandi document, effectively their own crime script, to guide users through the process. This involved ensuring users did not try too high and invite suspicion, for example, by buying a one dollar item with a one hundred dollar note.

The discussion was open to different kinds of qualitative analysis. A narrative analysis was also conducted which showed the evolution of the community over time. It began well. Buyers expressed excitement at a new source of counterfeit notes which appeared to come directly from a well known producer. Initial batches were received well and were passed off successfully. The second batch had a noticeable drop in quality. Gradually the group turns against Benjamin and they withdraw from the forum. The narrative analysis also allowed me to understand much more about how the script was developed and finessed by the group. It showed how much criminal innovation is about learning and adapting in the moment.

Strengths and limits

CSA itself is scaleable. Examples of its application run from smash and grab robberies, interest rate market manipulation, polluting a river, the assault on the US Capitol Building in January 2021. This makes it eminently suitable for darknet and other digital crime research which uses a range of data covering for example drug dealing enforcement to cross-border ransomware activity. The offender themselves is less central to this theory and it therefore means we might miss significant demographic attributes such as sex, or assume they are irrelevant or not present. Sex is critical to many crimes, particularly those involving sexual predation. It does not  account for effervescence, feedback loops and the seductions of crime which may make digital offending more attractive in itself (Goldsmith and Wall, 2019; Katz, 1988). On the counterfeit currency thread it was questionable how profitable the activity really was, given the likely costs. One motive some users had was a political one, getting something for nothing and engaging in the thrill of purchase using counterfeit notes. These elements are likely to keep criminals involved and looking for opportunities even as some are closed off.


Crime Script Analysis can be used effectively with a large volume of qualitative data scraped from the Tor darknet. I used it to derive two distinct scripts for different criminal actor types. Further data would have allowed for further scripts to be developed, for example, coving the notes producer, or the supporting characters who guided others through their own scripts.