Mag. Dr. Edith Huber was born in Vienna in 1975. There she lives and works as an author, researcher and head of the staff unit for research and international affairs at the Danube University Krems
You work at the University of Krems and also as a reviewer for the EU, what exactly do you do there?
As an EU reviewer, I evaluate research and technology projects that apply for funding from the European Commission. At the Danube University Krems I am head of the Research and International Office and deal scientifically with security research, cybersecurity, information security cybercrime, computer crime, stalking, cyberstalking, cyberbullying, new media, sociology of crime and profiling of offenders.
You analyzed court records on cybercrime? What was this project?
Within the framework of the research project CERT-Komm II, we investigated 5,474 cybercrime cases from the years 2006-2016.
What were you looking for? What were your questions?
We wanted questions like: Who are the perpetrators and the victims? Which strategies for initiating and implementing cybercrime can be identified? Which perpetrator structures are to be found? Which police investigation methods have proven to be helpful and what can be said about the further prosecution of the identified perpetrators?
What have been the findings of this project?
We have essentially come to the conclusion that only a few offences that have been reported will be brought to court.
For the most part, the perpetrators are not caught. This makes it difficult to speak of offender profiles. Many investigations are unsuccessful because the perpetrators are acting from abroad or may conceal their identity due to technical possibilities.
The development of the past ten years is always interesting. Most of the perpetrators could be convicted in the field of identity theft. A clear pattern is that more and more offences of the classical petty crime are being charged under the paragraphs of “computer crime”.
The decisive factor is that more and more criminals are moving away from the classic “purse-snatching” to the theft of payment data on the Internet. They enrich themselves on the net: No special computer science or IT security knowledge is required to perform these crimes. The penetration of digitalization in all areas of life makes it possible to carry out identity theft with just a few steps.
What exactly is identity theft?
The cases of identity theft are complex. The most common type of fraud is the classic credit card or bank card fraud, i.e. payment data is stolen from the victim in order to go shopping. In very many cases, card fraud is used to finance addictions – e.g. drugs, gambling addiction and the like.
In addition, there are also variations of the identity theft steel. For example, stealing account information, like someone else’s Facebook profile and so on. There are no limits to the creativity of the perpetrators.
You advocate measures of behaviour-oriented resilience – What is that? Why is that relevant to you?
Essentially, the aim is to better cope with cybercrime attacks. It is important to broaden media literacy and not only among children and young people.
The Internet pervades our everyday life, there are hardly any people who do not have a smartphone or a PC. A critical consideration of which data and information I pass on to third parties is therefore indispensable. In the course of a study carried out on this subject, we were able to establish that more and more private crises are also being conducted online.
Can you give me an example of such a privately fought crisis?
An example – A woman leaves her husband and the husband logs into her Facebook profile to upload nude pictures to the portal out of revenge. Or, if the abandoned person deletes the Google Account – so that the victim no longer has access to various services – which can be accessed via Google.
One must assume that this kind of revenge will become more and more frequent. You can only protect yourself from this if you as a private person take sufficient security measures and do not save your access data online.
What measures do you suggest to better cope with cyber attacks and to protect yourself against attacks?
It is very difficult to bring general measures among the population. The reason for this is that most people want to use the technology, but do not want to deal with security.
Education must take place bottom-up, for example in schools. Although we only reach one specific target group, namely the pupils.
Another major problem is the 30+ society that uses the Internet intensively. Resilience can only take place if you do not have all your data online and protect your online payment system with various security measures, such as password, fingerprint, tan. Generally speaking, you should not let anyone communicate your access data or leave it lying around in public. It always applies that you have to be aware that the Internet is not safe per se and that you have to take all technical precautions to be protected, e.g. virus scanner also on the smartphone.
What do you think politicians could do to protect citizens from cyber attacks?
A legal framework must be created here to ensure that these offences are not trivialised. Unfortunately, one always lags a little bit behind. No sooner has a legal solution been found than there are already dozens of new attacks of a completely different kind. International agreements that facilitate the fight against crime would be important.
What do you think about the use of artificial intelligence and smart data in the fight against crime? Should Europe follow China’s example and use these resources to fight crime?
I’m a little critical of the whole thing. It is of course possible to develop tools that automatically aggregate user behavioral data.
Pattern recognition can be used to try to predict criminal behaviour. At this point it is important to me to always question the ethical aspect of such applications. Just because a machine, according to its own analysis, recognizes a pattern that it classifies as potential criminal behavior, does not mean that you are or will be a criminal. The control by the person in the background must never be missing here.
You said: “Every technical development is a loss of data protection” – which solution do you suggest?
This is a well-known dilemma of digital transformation. I don’t want to appear hostile to technology, because technology has brought us much progress and prosperity. Nevertheless, it must be clear to everyone that any kind of digital footprint you leave behind increases the risk that this data will be misused. This begins with the digital medical file, tax file and all the personal data you leave behind on the net. Now new laws are being made and guidelines are being enacted to put a stop to all this, e.g. DSGVO. There is currently no viable solution except the legal correction.
One of your main areas of work is offender profiling – what are the top 3 motivations for committing cybercrime crimes?
Financial enrichment, revenge and the spontaneous opportunity to commit a cyber crime.
What is the greatest danger that digitization brings for our social life?
I see the complete dependence on the Internet as the biggest problem. Imagine a crisis situation in which all critical infrastructures – such as telephony, electricity, water, local supply operators, etc. – have to be shut down. – …fail. And that’s only because the Internet doesn’t work. There must be alternative technologies that function independently of the grid. Because otherwise we are all very vulnerable. A terrorist attack on these infrastructures would result in chaos and emergency.
What are the great possibilities and opportunities of digitisation for our society?
I see the greatest opportunity in the formation of new working worlds and forms of work. The Internet will make it even more possible to work flexibly in the future. Be it as a freelancer or in the form of a salaried employment relationship. This can also bring prosperity to poorer regions.
What is your vision for the future? What does your better world look like?
My vision? That people act more together, instead of focusing only on singular individual interests. This would allow a better distribution of resources. But – since this will probably not come – we are here in the realm of utopia.
So – in my blog! Thank you very much for the interview!