Alán Alcoverro May 20, 2021 15 min read

Cybercrime and the Broken Windows Theory

It seems pretty obvious to say that cybercrime has its own characteristics that make it very different from "analog" crime, or crime that occurs in the physical world.

We've already talked a bit about this in another post. One of the main differences is space, the physical environment where interactions are generated, in our case the crime, which we have conceived as a three-dimensional space with surfaces, objects, places, boundaries, obstacles...

This concept of space is totally different in the virtual world and conditions the opportunities for cybercrime and its development, affecting cybersecurity as well. In our physical world, people have learned a series of spatial/situational indicators related to the assessment of safety or risk in a particular location.

Thus, for example, if we suddenly enter an area of the city where we see that the buildings are run down, where it's dirty and dark with a lot of graffiti... our brain interprets all of these spatial signals as indicators that we may be in a dangerous place. We are all familiar with these places, neighborhoods, streets or certain areas of the city where we don't feel so safe. Think about cities like Sao Paulo, New York or Amsterdam - even if we've never visited them before, we would definitely be able to recognize the "dangerous" places in these cities by simply picking up on these spatial indicators that we relate to "danger".


But how does this work in cyberspace? Can I identify a website as being dangerous?

In the 1980s, the New York subway was one of the most unsafe places in the city. Robberies, fights, drug trafficking... it was a place that citizens feared and where they risked their lives every day when going to or coming back from work. The city council hired George L. Kelling as a consultant to the Department of Transportation with the hope that he'd do something to solve this problem of insecurity.

Many people were surprised by the decisions that were made in this regard because, far from flooding the subway with police and surveillance cameras, what Kelling and his team came up with was to clean the subway. They removed graffiti off the walls and the subway cars, cleaned the trains and platforms one by one and installed a more powerful and effective cleaning system.


The subway became a cleaner, better cared for and more comfortable place to be, which, to people's great surprise, generated a considerable drop in crime. The "good" people felt more at ease in that space and it was no longer a breeding ground for the "bad" people.

Kelling was using the findings of an experiment by Phillip Zimbardo from 1969 in which 2 identical cars were placed in two very different neighborhoods to test what would happen to them. One car was parked in Palo Alto, an area of California with high purchasing power and minimal crime. The other vehicle was parked in the middle of the Bronx, in New York, where residents with few resources lived and where the crime rate was one of the highest in the US. A few days later, the experimenters visited the cars and found that the car in Palo Alto was spotless and in the same place where it had been left, unlike the Bronx car, which appeared to be completely beaten up, broken and ransacked.

A priori, the most simplistic explanation could be that the different economic levels of the neighborhoods made one more prone to vandalism and crime than the other. Therefore, inequalities and economic resources were the cause of the crime.

However, a researcher came up with a change in the experiment. He went to the car in Palo Alto and broke a window. After a few days, the researchers returned and found that the car had been damaged just the same as the Bronx car. How could this be explained? The feeling of the cars being abandoned, neglected and that nobody cared about them was what had triggered these behaviors of vandalism. Therefore, crime was more related to the situational perception of space than exclusively to economic factors.

Going back to the initial example regarding areas of the city that "attract" crime, our spatial indicators tell us that dirtiness, neglect, the absence of landscaped spaces, good lighting, along with urban furniture and poorly maintained buildings are indicators that increase our sense of insecurity.

Criminals are attracted to abandoned and neglected places and situations since they are contexts where the understanding is that it's easier to commit crimes without "being disturbed".

Something like, "nobody cares about this house or this car... so it'll be easier for me to steal." Since this attractiveness of the space occurs on a general level, it's easy for more than one criminal to appear, making that space even more unsafe. When it starts to become more and more unsafe, "normal people" start to leave it, which further closes the cycle of neglect and abandonment.


But if we're talking about cybercrime, how can these analyzes be applied in cyberspace?

Earlier we said that virtual space is very different from physical space, so the indicators we must look for and the situations that attract criminals won't be the same. However, can we use the Broken Windows Theory for the context of cybercrime? Possibly yes, although it needs to be adapted to the cybersecurity criteria of virtual space.

When we browse the internet and visit different websites to look for information or buy a service, we as users must learn to detect these indicators that we have acquired in our physical world to alert us to the dangerousness of a place. Obviously, these indicators will not have anything to do with cleanliness or physical damage such as a broken window, but with the care and attention, we find on the website.

This care and attention must be understood in "digital" terms and refers mainly to cybersecurity accessories. In other words, care and attention in the virtual world are interpreted in the form of spaces that are up to date on a technical level, with good security protocols, powerful verification systems, guarantees of authenticity, compliance with the rules that regulate their activity, and those that provide a comfortable and transparent user experience. These are indicators of safe virtual spaces, meaning their absence is the equivalent of broken windows that we must be on the lookout for.

The problem is that citizens of the virtual world still aren't used to internalizing these security alerts and it's difficult for us to distinguish what is safe from what is unsafe in the virtual space.

It's like if we let a small child move around a city, it's likely that they would also be unable to identify unsafe spaces, possibly due to their immaturity. But since we can't wait until we become adults in the digital realm, we have to accelerate this learning process through training, teaching users to look for and detect the indicators that make a web space secure or insecure.

The first starting point is to use a browser that offers its own levels of security. This would be the equivalent of getting around the city in a vehicle that offers us extra safety features and that allows us to get where we're going without breaking down when driving through the more conflictive neighborhoods.

Nowadays, the main browsers have built-in tools that allow you to block pop-up windows, avoid tracking, prevent background downloads or unauthorized connection to the webcam and microphone.

Once on the website, the user must know where to look and what to pay attention to in order to check the security of the site. However, you have to be careful. If in the physical world criminals prefer everything to be broken, dirty, and neglected, in the virtual world cybercriminals worry about the opposite, about making users believe that they are on a legal, authentic and trustworthy site.

For this reason, the bad guys usually copy these security indicators perfectly so that users have to do a really thorough analysis.

We can start by doing a good job of analyzing the URL, we must make sure that the direction is correct and that it's an authentic website. Some cybercriminals use similar domains by changing a letter or simply cloning the original website so that the user believes they're on the real one.


We must check that the communication between the browser and the web is secure through HTTPS, which is the basic protocol for data transmission. If we only find "HTTP" (without the S), communication is not secure. In turn, we must check whether the padlock symbol appears, which indicates that this site has received an SSL certificate and is encrypting the data it sends and the data it receives back. This is useful when we enter our personal data or bank details.

However, this only tells us that we have a secure connection, it doesn't mean we're in a secure place. That is, we may be on a fraudulent ecommerce page that uses a secure connection. Therefore, we must make sure that the URL of the site is correct when we click on a link that is sent to us through an email or similar channel. We need to verify where this link is really taking us.

That's why it's also important to analyze the behavior of the web. Just like in the physical world, "strange" things happen in "strange" places. If we see that pop-up windows begin to appear everywhere when entering a website or that it begins to redirect us to other domains, this site should sound the alarm bells.

In this case, in addition to having a reliable browser that can detect this anomalous behavior, the use of an antivirus and a firewall that blocks this malicious activity is also important. Just like in the physical world, it is better to have a building with a physical doorman or use an alarm system to prevent someone from sneaking into our house.

The most difficult problem on the internet is being able to differentiate what's real from what's not, which is why our eye as a digital user must always be alert and just like in the physical world when we see that the place makes us feel unsafe, it's best to leave it.


Alán Alcoverro

Alán is a Solutions Architect at Revelock. With over 12 years of professional experience acting as a Solutions Engineer / PreSales in companies such as IBM, SCC, Allot Communications and Riverbed, he owns a transversal and integrated view of the IT world and all the digital challenges this implies for any company size, being Cybersecurity his main focus along the way. He is the main contact person for all technical items related with our Revelock online fraud prevention solution, for both current and future customers, generating at the same time new business opportunities within the EMEA region whilst offering highly efficient solutions for all challenges we face every single day related with cybercrime.