Cybercrimeology

Follow the Honey: Experiments in Cybercriminal Decision-Making

Episode Summary

How do cybercriminals decide which targets to pursue, and how can researchers study these decisions in real time? In this episode, we talk with **Daniëlle Stibbe** a PhD Candidate and researcher at the Netherlands Institute for the Study of Crime and Law Enforcement (NSCR). Daniëlle shares her journey from psychology to criminology and explains her work using honeypots, leaked credentials, and online experiments to examine offender behaviour. We also discuss the challenges of running experiments in digital environments, and what her work on the impact of large-scale police operations like *Operation Cookie Monster* reveal about risk perception and adaptation in online criminal forums.

Episode Notes

Show Notes:

• Daniëlle began her academic path in psychology, later moving into criminology through her interest in decision making and online behaviour.
• Her PhD research at NSCR focuses on cybercriminal decision making, using honeypots and experiments in real online environments.
• Early experiments tested how different rewards affected access attempts on fake accounts.
• A major focus has been on the impact of Operation Cookie Monster (2023), which disrupted the Genesis Market. Danielle’s work examined how this law enforcement operation influenced behaviour and moderation practices on hacker forums.
• She emphasizes the value of experiments in the field, which allow researchers to test criminological theories with live offender behaviour, while balancing strict ethical and legal safeguards.

About our guest:

Danielle Stibbe

• NSCR Profile Page: https://nscr.nl/en/medewerker/danielle-stibbe-msc/
• Google Scholar: https://scholar.google.com/citations?user=1fsHJEgAAAAJ&hl=en
• LinkedIn: https://www.linkedin.com/in/danielle-stibbe/?originalSubdomain=nl

Papers or resources mentioned in this episode:

• Onaolapo, J., Mariconti, E., & Stringhini, G. (2016). What happens after you are pwnd: Understanding the use of leaked webmail credentials in the wild. Proceedings of the 2016 Internet Measurement Conference. https://doi.org/10.1145/2987443.2987475
• Europol (2023). Operation Cookie Monster: Genesis Market taken down in coordinated international action.https://www.europol.europa.eu/media-press/newsroom/news/operation-cookie-monster-genesis-market-taken-down-in-coordinated-international-action
• Oxford Handbook of Criminal Decision Making (2016). Eds. Bruinsma & Weisburd. Oxford University Press.

Other:

The open science framework https://osf.io