Cybersecurity and the Social Sciences
Journal Entries
The NICE Workforce Framework contains two categories that match my professional goals which are “Protect and Defend” and “Investigate.” The two cybersecurity roles that interest me most are Cyber Defense Incident Responder and Cyber Crime Investigator. The ability to work directly with threats by defending networks while performing threat analysis and digital forensic work attracts me deeply to this field. The analytical and hands-on nature of these responsibilities makes cybersecurity the most exciting field for me.
The “Oversight and Governance” category does not match my professional interests. My interest in security protocols technical execution exceeds my understanding of the administrative and strategic planning aspects which are essential for risk management and policy creation.
Empiricism in cybersecurity practice results in evidence-based security methods which eliminate theoretical assumptions. Security professionals can obtain precise threat landscape knowledge through organized data collection and analysis of network traffic and intrusion attempts and vulnerability scan results. The collected empirical data enables researchers to detect new attack methods and live malware versions which target computer systems. The system produces numerical data which evaluates security system operational effectiveness through performance measurements against real-world threats that firewalls and intrusion detection systems encounter. The data-driven method functions as a core instrument to develop security strategies and identify defense sectors that require maximum resource investment. Organizations can use predictive analytics and machine learning to process this data for future attack prediction and system security improvement. Incident data serves as a tool for organizations to maintain continuous improvement because it delivers critical information which helps them enhance their security position.
The researchers can use PrivacyRights.org data to study data breaches by identifying patterns and trends. The “Data Breach Chronology” enables them to track which organizations experience the most attacks as well as the methods hackers employ to penetrate systems and the types of data that get compromised (Social Security numbers, medical records, passwords).
The data contains critical information which enables experts to forecast upcoming data breach occurrences. The analysis of attack vectors and their corresponding industry targets becomes possible through statistical modeling and predictive analytics which reveal patterns between different variables. The healthcare sector faces an increasing number of ransomware attacks which suggest a possible future direction for the industry. The developed forecasting system enables organizations to create enhanced security protocols and distribute resources more effectively and design specific security plans for upcoming threats. Security research and policy development that depends on data needs the publicly available data as its fundamental foundation.
Maslow’s Hierarchy of Needs connects closely to my experiences with technology in many ways. The technology operating at my physiological level helps me meet my fundamental requirements through sleep pattern tracking applications and hydration level monitoring tools which promote healthy behaviors for maintaining my general health. My safety depends on password managers and antivirus software and two-factor authentication systems which protect my accounts and personal information. Navigation apps and emergency alerts through technology enable me to stay informed which creates a sense of security. The social needs of my life are fulfilled through messaging apps and video calls and social media platforms which enable me to stay in touch with friends and family and join communities. I achieve my esteem needs through social media posting of my accomplishments which generates positive feedback from others and I build my professional reputation on LinkedIn. Through its learning platforms and coding tutorials and AI tools technology allows me to achieve self-actualization by fostering creativity and discovering new interests while continuously learning and innovating.
Individual Cybercrime Motives Ranking
1. Money
• Reason: Financial gain is the main and most rational motive for cybercrime therefore it is prevalent. Criminals who use ransomware or cryptocurrencies to steal from others always aim for a profit. The BitMart hack case for instance indicates how groups, using programming, take advantage of loopholes to earn money. Money is a compensatory factor and it is easily understood by all.
2. Political (Hacktivism, State Influence, Ideology)
• Reason: Political motives are one of the strong social influences. By hacktivists or state-sponsored teams’ disruption of a city’s infrastructure, influencing elections, or making ideological statements the aim is reached. It is a commonly cited major driver of cyber terrorism even though it is non-selfserving on the part of the hacker. The CSIS report and the Eurojust report strengthen its position as global issues.
3. Recognition
• Reason: A lot of hackers, especially the under-age ones wish to be recognized or promoted by their peers, companies, or even the media. A recognition from prominent organizations such as NASA is a guarantee and also an asset to hacker communities. It is less tangible than money, however, it appeals strongly to the ego and the career.
4. Revenge
• Reason: Having personal disputes can be the motivation for the destructive actions like doxing, revenge porn, or sabotage. Disputes of this kind of motive are narrower because of their personal nature but they have strength as when emotions such as anger make critical decisions.
5. Curiosity
• Reason: Curiosity is a major reason young and unskilled hackers get into hacking (e.g., the 15-year-old who hacked NASA). It often comes from the natural instinct of exploration, which later leads to serious damage unintentionally but in other cases they only act out of curiosity. It is more logical than anything else, but it lacks a broader goal for further insights.
6. Entertainment
• Reason: Some people hack or scrape data just for the sake of fun or as a challenge (like in the LinkedIn scraping case). While it is a possible explanation to certain cases, this one does not feel as serious with the other motives (like financial gain or having a political agenda). Still, in some cases, it is just the fun of it that makes it a prolongation of their work.
7. Boredom
• Reason: Boredom, though it is not productive, is a real motive. Teenagers or novice hackers sometimes go through hacking, cyberbullying, trolling, or petty criminal acts only because they simply lacked a productive activity. In spite of causing harm, it has no deep intent and is thus less justifiable than other more serious ones.
8. Multiple Reasons
• Reason: It is quite rational for motivations to overlap (for example, money plus recognition); however, “multiple reasons” cannot stand alone as a motive. It is rather a combination of those functions above. Thus, it becomes more difficult to rank it on its own when it lacks a specific explanation for a case of hacking without specifying the prevailing reasons.
1) Government impostor site: fake FBI IC3 portal vs the real
ic3.gov
What the fake websites look like:
• Makes use of a domain that is similar to the correct one but has small errors (such as tiny
spelling changes or a different top-level domain), at times displayed in sponsorship ads. The
main goal is to collect identifiers, addresses, contact numbers, emails, and even banking
information. (Internet Crime Complaint Center)
• The PSA warns people to directly type ic3.gov, stay away from sponsored results and check
if the URL ends in .gov. (Internet Crime Complaint Center)
Real .gov domain behaves like this:
• No requests for any type of payment or “refund recovery fees,” and permanent federal
branding/content. The FBI stresses that the staff of IC3/FBI do not seek payments through
unofficial channels. (Internet Crime Complaint Center)
Cues that make the fakes easy to get (compared to the real one):
• Domain integrity: Check for perfect spelling and .gov. All others (strange TLDs, additional
letters) are dubious. (Internet Crime Complaint Center)
• Collection overreach: Counterfeit sites request information involving sensitive/banking data
that are not required by IC3 to file a complaint. (Internet Crime Complaint Center)
• Paid search placement: Criminals purchase “sponsored” places such that their fake website
ranks the genuine URL; the FBI suggests people to refrain from such scams. (Internet Crime
Complaint Center)
2) Delivery parcel deception: fake USPS/ Royal Mail tracking
page against real usps.com/ royalmail.com
The scam appears as (from public-awareness advisories):
• A smishing text regarding a missed/undeliverable package is sent; a link is directed to a
duplicate USPS site that requests personal and payment information or “a small redelivery
fee.” (United States Postal Service)
• UK brands show very convincing Royal Mail look-alikes, some hidden behind services to
mask the origin; the aim is credential/identity or card theft. (NCSC)
• Postal authorities are raising commitment to emails/texts that include fake USPS linking to
non-USPS domains. (United States Postal Service)
What are the characteristics of the sites that are really legitimate:
• The only tracking pages that can be trusted are those that are located on the official domains
(usps.com, royalmail.com) and will never ask for card details to “free” a parcel that you did
not schedule. Royal Mail shows direct scam page URLs and teaches clients about the
official methods. (Royal Mail)
Things to look out for (to distinguish between a fake and a real one):
• Unsolicited urgency and extra fees: “Pay a fee now to deliver” is a sure sign; the FTC and
USPS recommend against it. (Consumer Advice)
• Link hygiene: A single tracking link that isn’t found on usps.com or royalmail.com (or
clearly branded official subdomains) is a big red flag. (United States Postal Service)
• Step one data submission: Fake pages require full personal details or upfront card info;
official trackers do not. (United States Postal Service)
3) Shop visit look-alike: masquerade brand outlet (e.g.,
“LEGO/Dyson super-sale”) vs original brand site
The scam often appears as (from consumer-safety resources):
• The use of incredible sales (50–80% on all products), items that are hard to get but always in
stock, and “closing/clearance” language. These are the main patterns highlighted by the
Better Business Bureau (BBB) and government warning sites. (BBB)
• The addition of the brand with a TLD or expression: a fake domain name that uses the brand
name plus an extra word such as will not be (-shop) or random prefixes. This exact trick is
flagged by media and guidance pieces. (Newsweek)
• Pretty packaging, but inside there is nothing: The logos/images are copied, but the contact
details are thin, there is no physical address, there are vague returns, or they only mention
irreversible payments. Brand warnings (e.g., LEGO, Dyson) and national campaigns call
these out. (LEGO)
The real sites behave like this (brand homepages):
• They use the official brand domain (e,g., lego.com, dyson.com), provide full company
contact/returns information, and offer mainstream, secure payment methods. Brands
recommend checking several sites and clearly suggest avoiding third-party “too good to be
true” shops. (LEGO)
The signs that distinguish the fake from the real one:
• Price checking: Huge, deep, site-wide discounts that are far below normal market rates are
one major negative indication that BBB/GetCyberSafe/consumer orgs mention. (BBB)
• Domain reviews: Check the exact brand domain and find out about independent reviews or
scam alerts about a retailer before making any purchase. (LEGO)
• Policy transparency: Authentic retailers give straightforward returns/warranties; and their
contact details include full name, whereas fakes are often unclear or totally without them.
(Get Cyber Safe)
Checklist of what you can do
• Confirm the domain is 100% accurate (put utmost regard to typographical errors or TLD
swapping; it is advisable to enter the URL manually or use bookmarks that are trusted). For
instance, government/brand sites are very critical. (Internet Crime Complaint Center)
• Take care regarding the fact that there may be paid search results for sensitive sites (such as
reporting portals, banks, and parcels tracking). (Internet Crime Complaint Center)
• Be circumspect about the urgency, fees, and the over-collection of data on the first point of
contact. (Consumer Advice)
• Verify the mention of prices and stocks to be real by checking them against the price levels
on market and the authorizing stores of the brand. (BBB)
Sources
• FBI IC3 Public Service Announcement – Threat Actors Spoofing the FBI IC3 Website (Sept.
19, 2025). (Internet Crime Complaint Center)
• Tom’s Guide coverage summarizing the FBI’s IC3-spoofing PSA and examples (Sept.
2025). (Tom’s Guide)
• USPS Inspection Service – Smishing: Package Tracking Text Scams and Fake USPS Emails.
(United States Postal Service)
• UK NCSC – Scam “missed parcel” SMS messages guidance. (NCSC)
• Royal Mail – Scam examples, including fake websites. (Royal Mail)
• GetCyberSafe (Government of Canada) – Real examples of fake online stores. (Get Cyber
Safe)
• Better Business Bureau (BBB) – Impostor websites targeting luxury/high-end brands. (BBB)
• LEGO – How to spot a fake LEGO webstore (brand guidance). (LEGO)
• Dyson – Stay alert to scams (brand guidance). (Dyson)
Photo 1 choice: The Collaborative “Shortcut”
Meme:
“Me showing my coworker the production server password because using the company’s secure vault is too many clicks.”
This meme highlights the fissure between our security protocol and our undeniable social nature. When we work, especially in collaborative environments, we’re primed to find the path of least resistance that enables us to solve problems. And because we usually work with a team, we trust our social “circle” enough to feel confident that we can share what we need to share in order to work together efficiently. Securely working with someone who is not your personal buddy requires a vault, a password manager, or some other barrier. It doesn’t feel good; it feels clunky and asocial and slows you down. A well-designed system allows users to work efficiently with their teams without compromising security – sadly, this is not currently part of our human-centered design philosophy in cybersecurity.
Photo 2 choice: The Coffee Shop Conundrum
Meme:
“Me, feeling like a main character working at a coffee shop, blissfully unaware that my data is traveling through the public Wi-Fi on a wing and a prayer.”
How this relates to human-centered cybersecurity: Optimism bias is real. The user’s immediate productivity goal makes cafe work a blissful experience. The threat of a man-in-the-middle attack on a public Wi-Fi network is invisible and easily dismissed as abstract and improbable. “It won’t happen to me.” There’s no way to do security without the user being a part of the process. A human-centered approach acknowledges the user’s ambivalence toward being part of a process that makes them feel like they are not the main character in their own productivity story.
Photo 3 choice: The “I Am Secure” Button
Meme:
“Clicks ‘Connect’ on the VPN. My digital footprint has vanished. I am now a ghost.”
How It Relates to My Argument: Just as with any tool, a VPN can only serve its intended purpose when the user leverages it – that is, if the user even sees it as a worthwhile first step toward digital privacy. And this is all the more true when it comes to tools designed for the end users of secure systems. My VPN allows me to connect to the internet securely, and I experience this secure connection in a very user-friendly way. But if my VPN isn’t also my gateway to a usable internet, then it’s a failed security system.
Journal Entry – Media and Cybersecurity
Having just watched a Hollywood portrayal of hackers, I’m struck by the media’s ability to completely reshape perceptions of cybersecurity. The reality of hacking is already so dramatic that the extraordinary appearance of methodical yet complex work in this field is lost. Instead, the media depict hackers as performing the equivalent of high-speed magic and nervous breakdowns while attempting the impossible. It’s hard to tell if this “betrayal of the mundane” really fuels fear or the opposite, since audiences also see “cyber attacks” as something that’s gonna happen anyway. And if there’s anything that’s finally getting into the public consciousness, it’s that we need to get narratives back in the hands of security specialists who can see the past, present, and future in 3D and work well with the story.
Social Media Disorder Scale (SMD Scale)
Please answer the question by thinking of your experience with using social media (e.g., WhatsApp,
Snapchat, Instagram, Twitter, Facebook, Google+, Pinterest, forums, weblogs) in past year. Answer
the questions as honestly as possible. According to DSM, at least five (out of the nine) criteria must
be met for a formal diagnosis of “disordered social media user”. This is designed for personal
insight and is not a substitute for professional diagnosis or advice.
For each statement below, answer “Yes” or “No” based on your experiences over the past 12
months.
1. Preoccupation: – Do you frequently find yourself thinking about social media or planning to use
it? Yes/No
2. Tolerance: – Have you felt dissatisfied because you want to spend more time on social media?
Yes/No.
3. Withdrawal: – Do you feel restless, irritable, felt bad or upset when you are unable to use social
media? Yes/No.
4. Persistence: – Have you tried to spend less time on social media, but failed? Yes/No.
5. Displacement: – Regularly neglected other activities (i.e. hobbies, sports, homework) because
you wanted to use social media? Yes/No.
6. Problems: – Regularly had arguments with others because of your social media use? Yes/No.
7. Deception: – Regularly lied to your parents or friends about the amount of time you spend on
social media? Yes/No.
8. Escape: – Do you use social media to forget about personal problems or to relieve negative
feelings such as guilt or anxiety? Yes/No.
9. Conflict: – Had serious conflict with parents, brother, sister (friends, relationships etc.) because
of your social media use? Yes/No.
My Score
My total score is 0 as I do not really use social media. The only time I spend online is restricted to 5-10 hours a week tops due to work and school and I mostly use that time to play Old School Runescape to wind down from the day.
Thoughts on the Items in the Scale
The items in this scale are similar to those that a psychiatrist would use to determine a diagnosis of someone. In this case, these are all related to social media “disorder” if that were a real diagnosis. It measure the nature of items that can be categorized as addiction, preoccupation, tolerance, withdrawal, and persistence to measure dependence, escape and deception.
Why Different Patterns Might Be Found Across the World
These can be found in multiple social media platforms exclusive to certain countries around the world such as WeChat is used in China and VK in Russia. The main reason some of these are “region-locked” is because some countries outright ban some platforms in order to restrict people from seeing the truth so they stay loyal to their country and are able to manipulate censorship so that the only content they see is pro-whatever their country is.
An article I read recently introduced me to a somewhat new field called “social cybersecurity.” And it is making me rethink some of my basic ideas about why and how we secure (“cyber”) social spaces. The core concept is that “we”-as in the U.S.-have moved beyond the need to protect our machines from other machines, at least to the extent that computers and networks can be made secure. Now, we need also to protect ourselves from the way other humans use our machines to subvert our social orders (“social cyber-insecurity”). This article outlines a protective strategy, and in doing so, provides for us “understandable” key terms to describe what is going on with the technologies we increasingly use to structure our social lives. To make sense of this and to get at why it matters, we can look at it bound up with the disciplinary fusions that inhere in the terms computational social science and (less formally) in the field of information science and technology studies.
The video “What does a Cybersecurity Analyst Do? Salaries, Skills & Job Outlook” presents a compelling portrait of the role of a cybersecurity analyst. Almost everything said about the job – who does it, what they do, how payscales and job outlooks shake out – seems intimately connected to the very social fabric of our lives. Both key responsibilities and important skills listed for the job point to a very penetrative role occupied by an analyst, who, in fact, seems to function more like a first responder for human versus machine threats. The job requires relatively few technical skills and an understanding of “the human firewall.” Yes, hard, tough-sounding stuff like “responding to phishing attacks” is real, but it’s by and large a very social and educational position requiring good communication skills and a way with people. At the same time, getting the job requires a lot of socially oriented activities and networking, too. The video is framing the analyst role as an entry point to a technically oriented job that is very much rooted in everyday human interactions and the community. Ultimately, one’s career unfolds in a larger social environment, which encompasses everything from the “pace of life” in a city to the personal and social vetting necessary for many career paths, particularly those in which “bad references” can lead to disqualification.
This letter also serves to show eleven social science theories. From an economic perspective, it presents an example of the principal-agent problem where the “principal” (Glasswasherparts.com) suffers the reputational and financial costs from a security failure perpetrated by its “agent” (the provider of the third-party platform) who carried out the operation of the respective site. The situation is aggravated by the factor of asymmetrical information, as the platform provider was privy to the breach in November, and only then did law enforcement notify them thus customers (the most uninformed party) did not even know they were at risk for many months. In terms of the psychological, the misses of the letter are linked with the loss of prospect theory (the avoidance of loss). The letter opens up with the sentence, “We are unaware of any actual misuse of your information”. This language is an effort to shift the situation from a very concrete and negative loss to a less acute possible risk-stress. This is a strategy of the rebuilding trust, a concept in social psychology. The shutdown fundamentally destroys the trusting social contracts that the customers have in a company. This hurt is being attempted to be mended through the letter by revealing events, providing the customer with an explanation of corrective actions (like hiring a cybersecurity firm) that the provider took, and, most importantly, the customer was given specific, actionable steps on how to move on and feel secure again such as contacting their card company and monitoring their statements.
This journal entry comments on the article “Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties.” This article corresponds perfectly with the module under debate, which sees “cybersecurity as a socio-economic issue.” The article’s literature review frames bug bounty policies (BBPs) as a market-based solution to the “acute worldwide shortage” of cybersecurity talent. It briefly mentions two rationales as to why BBPs might be good for business. First, they are part of the “gig economy,” allowing companies that can’t recruit top talent to access freelance hackers. And second, they invoke “Linus’s Law,” which suggests that the more diverse “eyeballs” looking at a problem, the more likely that problem is to be solved. In both instances, the review establishes that while BBPs are seen as a cost-effective way to find security vulnerabilities, a gap existed in large-scale empirical data to model their economics, which this study fills. This is a complicated complex – it’s like a huge puzzle that you have to understand before you can really understand the whole picture. The hacker community is mixed up with all kinds of different sorts of people. Algunos son just out for fun, you know, kind of juvenile delinquent fun. Others are actually quite serious and are acting politically. And then there are a lot of people who are economically motivated and have various different reasons for doing so.
Examining the five most serious violations on the internet from these articles, we’re looking at illegal searches, bullying and trolling, sharing someone else’s private information, faking one’s identity and collecting data on kids. Coming hotfooting around these areas can put people’s lives in danger, their mental well-being at risk and can completely ruin their right to a private life. Illegal searches for anything to do with child exploitation or using criminals are basically the worst of the lot, because they can lead to being watched all over the place and sent to prison. Bullying and trolling, though seemingly a nuisance, can turn into something far more serious. And very quickly, too, because of the emotional toll they take on their victims. When someone shares someone else’s passwords or home addresses, they’re crossing a huge line of privacy, and it can lead to stalking or physical violence. Faking one’s identity is fraud, and a single lie can send someone’s life into a tailspin financially. Collecting data on kids under thirteen is a serious breach of the Children’s Online Privacy Protection Act, and shows how determined we are to shield our children. I put these five at the top of the list because they pose a real and present danger to people’s lives, as opposed to copyright infringement, which is mostly about money.
“How Hackers use AI & Deepfakes” presentation, the problems with the decay of faith and the spreading of hazardous influences can’t be ignored, when Mark takes the stage in his “Dark Side of AI.” he poses the hardest question of all: how do we know what’s real when digital evidence isn’t reliable anymore.
Well-known deepfakes can mimic voices and faces with just a handful of seconds of audio or a single snap, which would completely shake the very foundations of our justice system, and poses a threat to people’s lives with scams such as CEO fraud and “grandparent scams”.
The ease of access is another area that Hofmann brings up, showing that it’s become incredibly simple for cybercriminals to get started, basically anyone can write malicious code or craft flawless phishing emails without any technical know-how, and when they do, society has to figure out how to make sure the good is used and not the bad.
The dual-use nature of AI, like a Swiss Army knife, makes it even more difficult, forcing us to ask who is responsible when the tool goes out of control.
We need a multi-layered plan that combines psychological warfare and technical defenses to combat the dangers. As Mark T. Hofmann explains, we can’t put all our faith in tech fixes. Hackers will always be one step ahead, much like WormGPT. We should also educate ourselves and normalise healthy skepticism towards digital communications, coming up with new ways to verify identities such as family codes and callback procedures.
The legal system requires a rapid update and education needs a lift.
Cybersecurity shouldn’t be dull and dry, it needs to be made more compelling.
Hofmann says that the developers of AI must continuously fine-tune the safety features so that ‘jailbreaks’ don’t happen and international cooperation is necessary to clean up the underbelly of the internet and get rid of dodgy AI models hosted on unregulated parts of the web.