Sage Journals: Discover world-class research

Abstract

Drawing on rational choice and social learning theories, this study examines how social networks, subcultural immersion, and specific activities shape dark web actors’ perceptions of risks and rewards. Using original 2024 survey data from 123 active dark web users recruited across English- and Russian-language forums and Telegram channels, we analyze how peer involvement, sustained participation in deviant subcultures, and interest in particular illicit activities influence perceived risks of detection and perceived benefits. Findings suggest that larger peer networks and deeper subcultural immersion may lower perceived risks and heighten perceived rewards. We also find important activity differences: interest in malware correlates with lower perceived risks, ransomware with higher perceived risks, and selling illicit goods with particularly high perceived rewards. These results underscore the fluid, socially constructed nature of risk and reward perceptions in clandestine spaces, offering rare empirical insight into the subjective mechanisms underlying cybercriminal choices and informing targeted prevention strategies.

Keywords

dark web hacking rationality cybercrime subculture learning

Introduction

In recent years, the dark web, part of the unindexed “deep web,” has emerged as a central hub for cybercriminals. It hosts a myriad of anonymous marketplaces and forums that foster the development of increasingly sophisticated forms of cybercrime (Kaur & Randhawa, 2020; Ngo et al., 2023), including the distribution of illicit materials and stolen data, creation of malicious software, human trafficking, and other offenses. Given the role of the dark web in facilitating cybercrime, understanding how individuals navigate and operate within these clandestine digital environments to engage in criminal activities is crucial for developing targeted strategies to combat them.

Whereas research seeking to unveil how cybercriminals operate has flourished in recent years (e.g., Leukfeldt & Holt, 2019; Weulen Kranenbarg et al., 2023; Woodhams et al., 2021), direct assessments based on self-reported data from individuals active on the dark web remain rare (Mirea et al., 2019; Partin, 2025). Likewise, the degree to which various factors influence how users interact with these systems and perceive the risks and rewards of cybercriminal activities remains insufficiently understood (cf. Ahmead et al., 2024; Bossler, 2021; Décary-Hétu et al., 2023; Hsieh et al., 2023; see also Holt & Lee, 2023).

This study advances the literature by (a) employing survey data collected from 123 active users of the dark web, and (b) analyzing how personal characteristics and behaviors, including peer involvement, subcultural immersion, and illicit activity preferences, influence dark web actors’ perceptions of cybercrime risks and rewards. By examining self-reported perceptions of crime risks and benefits and computer-mediated interactions within the anonymous environment of the dark web, this research provides rare insight into illicit online behavior that observational data may not capture.

Cybercrime on and off the Dark Web

Illicit surface and dark web forums and marketplaces have attracted considerable scholarly attention, with researchers advancing our understanding of the operational dynamics of these digital environments (Copeland et al., 2019; Décary-Hétu et al., 2023; Holt & Lee, 2023; Kloess & van der Bruggen, 2023; Laferrière & Décary-Hétu, 2023; Leclerc et al., 2021; Lee et al., 2022; Ouellet et al., 2022; Pete et al., 2020; Smirnova et al., 2024; Woodhams et al., 2021). While understanding the role of these platforms in facilitating and advancing criminal supply chains is crucial for developing effective interventions, gaining insight into the individuals who inhabit these spaces, including their characteristics, thoughts, and behaviors, is equally important.

Recent years have seen flourishing research examining the characteristics, behaviors, and motivations of those engaged in illicit online activities. This growing body of work has explored cybercriminals through multiple lenses, including personality traits (Weulen Kranenbarg et al., 2023), peer influences and co-offending patterns (Weulen Kranenbarg et al., 2019; Weulen Kranenbarg et al., 2022), the structure of criminal networks (Bekkers et al., 2024; Leukfeldt & Holt, 2019), the impact of life circumstances (Weulen Kranenbarg et al., 2021), motivations for dark web use (Woodhams et al., 2021), pathways into cybercrime (Loggen et al., 2024), and the range of offenses committed (Burruss et al., 2021; O'Malley & Holt, 2020).

Researchers have also examined offending trajectories (Hoffman et al., 2024; van der Bruggen & Blokland, 2021), attitudes toward cybercrime (Holt, Leukfeldt, & van de Weijer, 2020), reactions to law enforcement and policy interventions (Chopin & Décary-Hétu, 2023; Décary-Hétu et al., 2023), and risk management strategies among vendors selling illicit goods online (Laferrière & Décary-Hétu, 2023; Roddy & Holt, 2022). Much of this research draws on data scraped from forums, marketplaces, and archives of defaced websites. Complementing these approaches, studies using self-reported data have also proliferated, though they remain largely focused on student and general population samples. These studies often examine the role of theoretically significant predictors of cybercrime involvement (Burruss et al., 2021; Fox & Holt, 2021; Holt et al., 2021, 2024; Holt & Steinmetz, 2020; Hsieh et al., 2023; Kim et al., 2024; Louderback & Antonaccio, 2017; Partin, 2025; Weulen Kranenbarg et al., 2022).

A smaller but important body of work has employed surveys and qualitative interviews with known or suspected cybercriminals to shed light on their motives, behaviors, and networks. For example, Mirea et al. (2019) interviewed 17 dark web forum participants about the criminogenic nature of the dark web; Steinmetz (2014) conducted an ethnographic study of a hacker group to examine their backgrounds and demographics; Romagna and Leukfeldt (2024) explored the emergence and development of 21 hacktivist networks through interviews with 30 self-identified hacktivists; and Collier and coauthors (2021) interviewed 11 providers of “booter” services to investigate their work strategies. In turn, Weulen Kranenbarg (2022) surveyed traditional and cyber-offenders to compare co-offending patterns. While these studies offer valuable insights, they have not explicitly examined precursors to the decision-making processes of individuals who operate in illicit online environments.

This is not to say that cybercrime decision-making has been entirely overlooked. Scholars have examined how actors weigh risks and rewards and employ risk-avoidance strategies, using data from forum posts, vendor advertisements and activities (e.g., Décary-Hétu et al., 2023; Holt et al., 2023; Smirnova & Holt, 2024), as well as survey research with college student samples (Bossler, 2021; Partin, 2025). Yet these approaches have important limitations. College students and general-population respondents may not capture the lived experience of those embedded in the unique social, technical, and normative environment of the dark web. Likewise, observational data from forums and markets illuminate expressed attitudes and behaviors, but they cannot fully reveal how actors themselves perceive and evaluate the risks and rewards of their participation.

This study addresses a critical gap in research by examining the precursors to the decision-making of dark web users—a population distinct from typical cybercrime research samples. Active in clandestine, anonymized online spaces, these individuals operate under unique opportunities, constraints, and norms where behavioral modeling and peer reinforcement mechanisms fundamentally shape the perceptions of risks and rewards associated with cybercrime (e.g., Collier et al., 2021; Holt, 2010, 2019; Stalans & Donner, 2018). Interactions with experienced actors and exposure to subcultural narratives that normalize illicit activities socialize users into these communities, influencing their cost-benefit calculations (Akers, 1998; see also Holt et al., 2017). Understanding how dark web users perceive the risks and rewards of engaging in cybercrime is crucial to capturing offender choice processes in their real context. By eliciting self-reported data from this group, the study deepens understanding of the cognitive and situational factors shaping behavior in one of the most consequential domains of cybercrime—the dark web.

Deciding to Commit a (Cyber)crime

Rational Choice and Social Learning

Due to its premeditated nature and perceptibly low probability of detection, cybercrime is often regarded by scholars as a product of rational choice. Rational Choice Theory (RCT), originating from the works of Beccaria, 1764/1983) and Bentham (1789/1948), gained prominence with Becker’s (1968) argument that individuals weigh potential benefits and costs (sanction risks and severity) before deciding whether to engage in a particular behavior. In contemporary criminology, sanction risks primarily refer to the perceived certainty of formal (e.g., arrest) or informal (e.g., shaming by friends) punishment, although other risks associated with crime involvement, such as the risk of victimization by other crime actors (McCarthy & Hagan, 2005), are also considered. Crime costs are conceptualized as the anticipated severity of punitive outcomes or prospective systemic losses, while crime rewards can be multidimensional, spanning material (i.e., financial), psychological (e.g., emotional stimulation), and social (e.g., status-related) domains (Hoeben & Thomas, 2019; Thomas, 2024). Individuals are thus expected to engage in crime when the perceived rewards of criminal involvement outweigh their risks and costs.

The framework of rational choice has also been expanded to include a number of psychological, social, and contextual factors that may influence the choice process by calibrating the perceptions of risks, costs, and rewards associated with criminal activity. For instance, while personal experiences with crime and punishment matter for shaping personal perceptions of the sanctions and rewards associated with criminal behavior, so do the experiences of one’s peers (Stafford & Warr, 1993). On the one hand, this influence may be normative (Akers, 1998; Sutherland, 1947), as peers communicate information about the risks and rewards of criminal activities based on their own experiences. For example, an individual with no prior knowledge of credit card fraud may befriend a skilled carder¹ who boasts the illicit income they have earned while downplaying the likelihood of punishment. Through this interaction, the individual adopts definitions that frame carding as a high-gain/low-risk activity. These normative perceptions, reinforced by peer approval and success stories, serve as a basis for the positive reinforcement of involvement in carding (Akers, 1998). On the other hand, peer influence can also be situational, shaping opportunities for criminal involvement, such as enabling someone to join a group of professional hackers (Haynie & Osgood, 2005), and altering a person’s perceived balance of benefits and risks. This shift may result, for example, from the erosion of personal responsibility occurring when crimes are committed within a group (e.g., McGloin & Thomas, 2016).

Recent accounts of rational choice have extended these arguments to theorize about the effects of subcultural immersion on rational calculus, highlighting the importance of normative processes within the criminal group (e.g., circulating definitions conducive to crime and socializing with people who see crime as highly rewarding and less risky), as well as exposure to a large number of people who have successfully avoided punishment (Matsueda & Lanfear, 2020; Thomas, 2024), in shaping individual perceptions of risks and rewards associated with crime. It would be reasonable to expect, then, that dark web forums and markets could serve as subcultural settings that shape individual perceptions of such risks and rewards associated with cybercrime involvement. The networks formed on these platforms often allow those boasting high yields and low risks associated with their activities to be more visible and, thus, more influential in shaping the perceptions of other actors.

Social Learning and Subcultural Influences on Cybercrime

Recent empirical research substantiates the salience of social learning mechanisms and subcultural dynamics in cybercrime engagement (Holt, 2007; Miller & Morris, 2016; Stalans & Donner, 2018). For example, Holt et al. (2010) demonstrate the applicability of social learning theory’s core constructs (Akers, 1998) to cyber-deviance, finding that differential association with deviant peers and favorable definitional orientations toward cybercrime significantly predict offending among college students (see also Hutchings & Clayton, 2016). Complementing these findings, Dearden and Parti’s analysis of 1,109 online participants corroborates the predictive validity of social learning processes in cyber-offending trajectories (Dearden & Parti, 2021). Extending this theoretical framework to predict attitudes, Holt and colleagues (2017) document the influence of subcultural value systems on the motivational structures of ideological hackers (see also Holt, 2007), whereas Chua (2025) shows that differential association and differential reinforcement affect expressed extremist ideology among users of online forums. Furthermore, ethnographic and network analyses of hacker communities (Steinmetz, 2014) and dark web social structures (Décary-Hétu & Dupont, 2013) reveal organized collectives characterized by normative frameworks, status hierarchies, and systematic socialization processes that facilitate cybercrime involvement.

In sum, the convergent evidence from multiple methodological approaches establishes that participation in cybercrime, as well as the decision-making processes and perceptual factors underlying such involvement, may be fundamentally shaped by social learning dynamics and subcultural immersion rather than solely individual-level factors.

Current Study and Hypotheses Development

Drawing on rational choice theory and social learning perspective, we argue that individuals’ perceptions of risks and rewards in clandestine digital environments are shaped by peer involvement, immersion in the cybercriminal subculture, and specialization in specific forms of cybercrime. First, the behavior of peers plays an important role in such perceptual shifts. When individuals observe their peers successfully engage in cybercrimes, the rewards of such activities may seem more attainable, while the risks are likely to appear less pronounced (Stafford & Warr, 1993). This dynamic may be further reinforced when peers openly share their successes or provide guidance on mitigating risks. Moreover, the presence of cybercrime-active peers increases opportunities for collaboration in illegal ventures, such as establishing Malware-as-a-Service² operations or participating in organized hacking groups. These collaborative efforts may possibly not only enhance the perceived rewards by helping pool individual resources and expertise to be more productive, but also diffuse the sense of individual accountability, further diminishing the perceived risks associated with this crime (Matthews & Agnew, 2008). Taken together, these mechanisms lead us to expect that:

Hypothesis 1

Greater peer involvement in cybercrime-related activities will be associated with lower perceived risks and larger perceived rewards related to cybercrime.

We also rely on the arguments of social learning theory (Akers, 1998; Sutherland, 1947) to argue that deep immersion into the dark web subculture may affect how actors perceive risks and benefits of the dark web. Personal or vicarious exposure to forums, marketplaces, and communities where illicit activities are glorified pushes a person to redefine acceptable behavior and re-gauge the costs and rewards associated with it. In addition, significant engagement in the dark web subculture may be also facilitated by acquiring more cybercrime-involved friends through the dark web communities. Within this environment, the premium is placed on seemingly unpunishable risk-taking activities, while success in cybercrime is celebrated. This creates a feedback loop that lowers perceived risks and emphasizes the benefits of being active in cybercrime, thus producing definitions conducive to involvement in these activities (Sutherland, 1947; Akers, 1998; see also Stafford & Warr, 1993). In this situation, exposure to dark web subcultures functions to lower perceived risks while amplifying perceived rewards.

Hypothesis 2

Stronger immersion in dark web subcultures will be associated with lower perceived risks and higher perceived rewards of engaging in cybercrime.

Finally, we propose that another factor, specialization in dark web activities, likely recalibrates one’s perception of the risks and rewards associated with criminal behavior. It is reasonable to assume that, in many forms of cybercrime, individuals who have acquired the necessary skills and insider knowledge begin to perceive their activities less as risky ventures and more as professional challenges (e.g., Bada & Chua, 2024). The presence of like-minded peers in online communities can reinforce this perception, while observing personal or vicarious gains may further underscore the perceived rewards of such activities (e.g., Stafford & Warr, 1993). As a result, certain forms of cybercrime, such as carding or malware development, can come to be viewed as both rewarding and relatively low risk, which may normalize or even glamorize participation. For instance, a producer of some malware might see their work as low risk because their involvement is limited to writing malicious software leaving it to others to deploy it and infect targeted computers. Similarly, a carder could feel insulated from the risk of punishment by purchasing sensitive data from other parties and operating through intermediaries (e.g., the so-called “drops”). Finally, individuals with focused skill sets allowing them to engage in specific types of cybercrime may become more embedded in niche dark web networks that celebrate their successes causing them to overestimate their ability to control the risks associated with their activities. To summarize, we propose that:

Hypothesis 3

Specialized interests in dark web activities, such as carding, malware development, illicit goods trading, hacking, or ransomware, will be associated with lower perceived risks and higher perceived rewards of cybercrime.

Overall, our study seeks to make several important contributions to the literature on decision-making and its precursors in the context of the dark web. First, it draws on recently collected unique self-reported survey data from 123 active users of the dark web, offering a rare and direct perspective on the subjective experiences and attitudes of individuals operating within these hidden online spaces. Such data provide valuable insight into how actors themselves perceive their actions and their consequences that are shaped by computer-mediated interactions. Second, the study sheds light on the sociocultural process that influences the precursors to cybercriminal decision-making by examining how peer behaviors, subcultural immersion, and specialization in dark web activities shape actors’ perceptions of risks and rewards. In particular, it investigates whether engagement with like-minded peers, sustained participation in deviant subcultures, and the development of specialized skills can normalize and even glamorize illicit online activities, while also reinforcing the sense of control over potential risks. Third, the study shows that risk and benefit perceptions in clandestine digital spaces are not static but are shaped and adjusted through social interactions in online environments and participation in specific digital subcultures.

Methods

Data

In this study, we draw on survey data collected in 2024 from a sample of 123 individuals, aged 18 and older, who were active on the dark web. The study protocol, including all recruitment and data collection procedures, was reviewed and approved by the first author’s Institutional Review Board (protocol #22-10-17, approved 06/02/2023). Respondents were recruited through a multi-platform strategy that included dark web forums, surface web forums dedicated to dark web discussions, and Telegram channels popular among dark web users. The platforms we approached varied in focus, including hacking, fraud, and general dark web discussion communities. At the outset, we contacted the administrators of 63 platforms, with 54 declining to respond, 4 responding to refuse participation, and 5 platforms granting permission to post recruitment messages. As part of these negotiations, we entered into a nondisclosure agreement with participating platform administrators to ensure that the identities of the platforms and their users would not be revealed. This agreement was an additional safeguard designed to protect participant privacy and prevent any inadvertent disclosure of sensitive community information. Platform inclusion criteria required active communities with regular posting activity related to hacking, digital fraud, and broader dark web activities (e.g. chatter about dark web forums and markets as communities), with English or Russian as primary languages, and public accessibility without special vetting requirements.

Recruitment was conducted in both English and Russian, with identical recruitment messages, consent screens, and survey instruments provided in each language. Initial translations of the recruitment messages, consent screen, and questionnaire from English into Russian were completed by linguists with the knowledge of both languages and cybersecurity terminology expertise, followed by back-translation conducted by independent translators to ensure accuracy. The final versions were pilot tested with native Russian speakers familiar with online community terminology.

The posted message invited users to participate in a brief, anonymous survey about their interests and preferences related to dark web activities. The message emphasized that the questionnaire would take no more than five to 7 minutes to complete and contained a link directing users to the consent screen. The consent screen outlined the purpose of the study, the risks and benefits of participation, and the voluntary nature of involvement. Participants were required to confirm that they were at least 18 years old and to indicate their consent by clicking the “I agree” button before proceeding to the survey. To protect anonymity, no personally identifiable information was collected at any stage. Although we did not ask respondents to share which activities they were involved in on the dark web, we asked them to report specific areas of interest related to cybercrime (e.g., carding, malware development, illicit goods trading, hacking, and ransomware). Notably, all participants reported at least one specific area of interest related to cybercrime, suggesting that the sample comprised individuals with direct involvement or engagement in illicit online spaces. Respondents were asked to report their age using predefined categories; the average age of the sample fell between the 20–24 and 25–29 years old groups (Table 1), indicating that the majority were young adults.

Table 1.

Sample descriptive statistics (N = 123)

Variable	Mean	SD	Range
Dependent variables
Low risk dark web	2.74	1.32	1-5
Low risk scam	4.29	1.63	2-10
Low legal risk	3.87	2.10	2-10
Perceived rewards	5.31	2.44	2-10
Peer behavior
Peers in cybercrime	5.46	1.93	3-9
Peers on dark web	1.29	.61	1-3
Illicit activities
Malware production	.18	-	0-1
Hacking	.41	-	0-1
Ransomware	.15	-	0-1
Carding	.20	-	0-1
Selling goods	.38	-	0-1
Something else	.47	-	0-1
Age	2.52	1.93	1-7

In sum, our recruitment strategy enabled access to a diverse cross-section of individuals embedded in distinct dark web subcultures and activities and provided a rare empirical basis for examining how these actors perceive the risks and rewards of their activities.

Measures

Dependent Variables

Perceptions of Risks

In this study, we examine three types of risk perceptions: (a) personal perceptions of the safety of the dark web, (b) perceived risks of being scammed, and (c) perceived legal risks. While the items measuring scam and legal risks are not as broad as the question about the perceived safety of the dark web, they provide insight into the level of caution respondents exercise in precarious situations, helping us understand how risky they perceive dark web platforms to be in practice.³

Risks of the Dark Web. The perceived safety of the dark web was operationalized with one survey item. Respondents were asked to indicate their level of agreement with the question “I feel safe engaging in online transactions on the dark web.” Response options ranged from 1 (“Strongly disagree”) to 5 (“Strongly agree”). Therefore, higher scores corresponded to lower perceived risks associated with the dark web. We recognize that quasi-continuous response formats (e.g., 0–10 scales) could have increased measurement sensitivity. However, we used concise Likert-type scales to reduce respondent burden in the dark-web environment and to maintain consistency with established criminological research on risk and reward perceptions (Antonaccio et al., 2011; Neissl et al., 2019; Tittle et al., 2010).

Risks of Scam. The perceived economic risks associated with dark web activities were tapped by the following two vignettes involving decision-making in economically risky situations: (1) “Let us talk about your experiences on the dark web marketplaces. It is your first time dealing with a seller who is selling something you badly need. There has been talk on the forum, however, that this seller is a likely scammer. How likely would you be to purchase from this seller if their goods are attractive to you?” and (2) “You have previously engaged in a transaction with a seller, and it went without a hitch. There has been talk on the forum, however, that this seller is a likely scammer. How likely would you be to purchase from the same seller if their goods are attractive to you?” The responses ranged from 1 (“Very unlikely”) to 5 (“Very likely”). We produced a summative scale comprised of the two items where higher scores indicated higher perceived safety (i.e., lower risks) associated with these activities.

Legal Risks. The perceived risks of legal sanctions associated with dark web activities were assessed through a vignette involving decision-making in legally risky situations: “There is a rumor that the administration of the (dark web) forum/market XYZ may now be cooperating with law enforcement.” Respondents were then asked to evaluate how likely they would be to: (a) create posts and (b) to buy or sell items on that forum. The responses ranged from 1 (“Very unlikely”) to (5) (“Very likely”). We produced a summative scale comprised of the two items where higher scores indicated higher perceived safety (i.e., lower risks) associated with these activities.

Perceived Rewards were assessed using two items that measured excitement and profitability of dark web activities. The first item asked respondents to indicate their agreement with the statement: “Illicit dark web activities are exciting to me.” The second item focused on profitability, stating: “I engage in some illicit dark web activities because they are profitable.” Responses were measured on a 5-point Likert scale, ranging from 1 (“Strongly disagree”) to 5 (“Strongly agree”). The items were then summed to produce a scale where higher scores indicated higher perceived rewards.

Independent Variables

Peer Cybercrime Involvement

To measure peer cybercrime involvement, respondents were asked “Think about your friends. In your opinion, how many of your friends have ever done one of the following?” Respondents were then presented with three peer behaviors: “Used computer software to access another person’s computer account or files,” “Sold or bought illicit goods online (data, software, etc.),”and “Did something else on a computer that is “against the rules.” For each of these three behaviors, respondents could select 1 “None,” 2 “A few,” and 3 “Many.” Responses were then summed into an index, with higher scores indicating higher levels of peer cybercrime involvement. The scale reliability coefficient for the index is .79.

Involvement in the Dark Web Subculture

Friends on the Dark Web: To gauge the extent to which the respondents’ peer networks involved friends gained through the dark web, the respondents were asked the following question: “How many of these friends did you first meet on the dark web?” Response options included 1 “None,” 2 “A few,” and 3 “Many.” Because those with a greater number of such friends are likely to spend more time communicating on the dark web, we consider this measure a way to assess respondents’ involvement in the dark web subculture.

Interesting Dark Web Activities: To gauge the types of behaviors respondents themselves engage in, respondents we asked, “Which activities on the Dark web do you personally find most interesting?” Framing the question around personal interests rather than activities allowed respondents to answer without a concern about self-implication. While this measure does not directly tap one’s personal involvement in specific activities, it is reasonable to assume that personal interests are a close match to the types of activities respondents engage in on the dark web. Response options included “malware production,” “hacking,” “ransomware,” “carding,” “selling goods,” or “something else.” While there is potential for some overlap between these categories—given the multifaceted nature of dark web activities—these options were designed to capture distinct and prominent behaviors commonly associated with the dark web engagement. This approach also allowed for a better understanding of the specific individual interests driving dark web interactions. Respondents could select as many activities as they wished. This item was then recoded into six binary variables (one for each behavior) where 0 indicated no interest in the dark web activity and 1 indicated interest in the dark web activity. We also experimented with a summative versatility scale but found it to have no statistically significant effects on any of our dependent variables.

Age

The respondents were also asked about their age with the option of placing themselves in the following age categories: 1. 18–19, 2. 20–24, 3. 25–29, 4. 30–34, 5. 35–39, 6. 40–44, and 7. over 45.

Analytic Strategy

To assess the direct effects of peer activities and personal interests related to the dark web activities on individual perceptions of their risks and benefits, we employed Ordinary Least Squares (OLS) regression. Before estimation, we examined the distribution of the dependent variables and found minimal skewness, eliminating the need for log transformation. To ensure the validity of the regression results, we also checked for multicollinearity among the independent variables. The Variance Inflation Factor (VIF) values for all predictors were below 2, indicating no significant multicollinearity concerns.

We addressed missing data using listwise deletion. Across the variables included in the models, missingness ranged from 0% to 4.88%. As a result, the final analytic samples varied from 114 to 119 cases across models. To assess whether missing data introduced bias, we conducted a series of t-tests comparing the means of included and excluded cases on all analysis variables for which complete data were available. These comparisons revealed no significant differences, suggesting that missing data patterns did not systematically bias the results.

Results

Table 1 shows descriptive statistics for the variables used in the analyses. Our sample is skewed toward younger respondents (cf. Holt & Kilger, 2008), with the average age ranging between 20 and 29. Participants also expressed interest in various dark web activities such as hacking (41%), selling goods (38%), carding (20%), malware production (18%), and ransomware (15%). Additionally, a significant number of respondents indicated interest in activities not explicitly listed in the response options, selecting “something else” to describe their interests on the dark web (47%).

Table 2 presents the bivariate correlations between the variables included in the models. We note that low perceived risks of the dark web are positively correlated with low perceived risks of being scammed (r = .227, P < .05) and high perceived rewards (r = .422, P < .001). Low perceived risks of being scammed, in turn, are positively correlated with low risks of facing legal punishment (r = .384, P < .01). However, the perceptions of low risks of being scammed or facing legal punishment are not significantly correlated with high perceived rewards. Furthermore, individuals who report greater peer involvement in illicit activities may perceive lower risks of the dark web and of being scammed (r = .258, P < .01 and r = .314, P < .001, respectively), as well as have more friends on the dark web (r = .359, P < .001). These patterns provide preliminary support for Hypothesis 1, which suggests that greater peer involvement in cybercrime is associated with lower perceived risks and higher perceived rewards. Next, those with more deviant friends on the dark web report lower risks of the dark web (r = .395, P < .001). This finding provides preliminary support for Hypothesis 2, which anticipates that stronger immersion in dark-web subcultures is associated with diminished perceptions of risk. Finally, whereas the age of respondents is not significantly correlated with any types of perceived risks, younger respondents appear to be more likely to think of dark web activities as rewarding (r = −.186, P < .05).

Table 2.

Bivariate correlation matrix

	1	2	3	4	5	6	7	8	9	10	11	12
1. Low risk dark web	1
2. Low risk scam	.227*	1
3. Low legal risk	.124	.384**	1
4. High perceived rewards	.422***	.154	.011	1
5. Peers on dark web	.258**	.314***	.112	.216*	1
6. Peers in cybercrime	.395***	.114	.008	.354***	.359***	1
7. Malware	.174	.179*	.007	.110	.094	.065	1
8. Hacking	.096	.112	.041	−.001	.155	.056	.391***	1
9. Ransomware	−.133	.054	.036	.063	.132	.044	.329***	.287**	1
10. Carding	−.047	.064	.045	.057	.128	.173	.081	.158	.287**	1
11. Selling goods	.054	−.032	−.035	.293	.078	.164	.165	.113	.228*	.278**	1
12. Something else	−.076	−.045	−.102	−.086	−.091	−.160	−.271**	−.351***	−.133	−.194*	−.394***	1
13. Age	−.066	−.057	−.069	−.186*	−.052	−.019	−.093	−.128	−.232*	−.111	−.126	0.196*

*P < 0.05.

**P < .01.

***P < .001.

Table 3 reveals the results of the OLS regression analyses examining the effects of peer cybercrime involvement, personal involvement in the dark web subculture, and specific dark web activities on the perceptions of risks and benefits associated with engagement in illicit activities on the dark web. Model 1 in Table 3 examines whether the independent variables are associated with perceived risks on the dark web. Figures from Model 1 show that individuals who have more friends engaging in illicit online activities tend to perceive fewer risks on the dark web. In particular, the unstandardized regression coefficient indicates that a one-unit increase in peers engaged in cybercrime is associated with a .231-unit increase in low perceived risks on the dark web (b = .231, P < .001). This finding provides some support for Hypothesis 1. Further, focusing on the dark web individual activities, estimates from Model 1 demonstrate that dark web actors who find malware-related activities interesting are expected to perceive fewer risks associated with the dark web. Specifically, the unstandardized regression coefficient indicates that having such interest is associated with a .666-unit increase in low risks related to the dark web (b = .666, P < .05). This finding provides partial support for Hypothesis 3 suggesting that those with specialized interests would perceive fewer risks and greater rewards associated with cybercrime.

Table 3.

OLS regression analyses of peer behavior and online activities on perceptions of risk and rewards associated with engaging in illicit online activities

	(1)		(2)		(3)		(4)
	Low risk dark web		Low legal risk		Low risk scam		High perceived rewards
	b	β	b	β	b	β	b	β
Peers on dark web	.340	.155	.558	.157	.784^**	.286	.252	.062
	(.199)		(.358)		(.267)		(.375)
Peers in cybercrime	.231^***	.340	−.079	−.071	.010	.011	.392^**	.313
	(.062)		(.112)		(.084)		(.118)
Malware	.666^*	.198	−.271	−.050	.626	.149	.737	.120
	(.324)		(.583)		(.434)		(.610)
Hacking	.142	.053	−.027	−.006	−.037	−.011	−.428	−.087
	(0.265)		(.465)		(.346)		(.490)
Ransomware	−.889^*	−.239	.323	.053	−.074	−.015	−.436	−.064
	(.356)		(.640)		(.477)		(.668)
Carding	−.306	−.092	.219	.040	.204	.040	−.470	−.070
	(.294)		(.528)		(.393)		(.552)
Selling goods	.054	.019	−.468	−.107	−.355	−.105	1.323^**	.265
	(.261)		(.459)		(.342)		(.482)
Something else	.093	.035	−.728	−.173	−.111	−.034	.457	.090
	(.267)		(.472)		(.352)		(.499)
Age	−.062	−.091	.109	.100	−.032	−.037	−0.206	−.163
	(.059)		(0.106)		(.079)		(0.113)
_cons	4.823^***		3.829^***		3.407^***		2.818^**
	(.447)		(.799)		(.595)		(.840)
N	116		118		118		114
R ²	.255		.056		.125		.229
Adj. R²	0.192		.023		.052		.162

b-unstandardized coefficients, β-standardized coefficients, standard errors in parentheses.

*P < 0.05.

**P < .01.

***P < .001.

In contrast, figures from Model 1 reveal that individuals interested in ransomware-related activities may be less likely to perceive the dark web as safe. In particular, the unstandardized regression coefficient indicates that having such interest is associated with a .889-unit decrease in low risks on the dark web (b = −.889, p < .05). This runs counter to the expectations outlined in Hypothesis 3, which suggests the opposite direction of the relationship. Finally, standardized regression coefficients from Model 1 demonstrate that the predictor with the largest effect in this model is having peers engaged in illicit online activities (β = .340), followed by interest in ransomware-related activities (β = −.239). The graphic summative presentation of these findings is shown in Figure 1(A).

Figure 1.

Regression coefficient plots with 95% confidence intervals around four outcomes*. *Horizontal lines represent 95% confidence intervals

Further, Model 2 in Table 3 assesses whether the independent variables are statistically correlated with perceived legal risks. However, contrary to Hypotheses 1–3, none of the predictors included in this model are significantly associated with the outcome, as confirmed by Figure 1(B).

Next, Model 3 in Table 3 examines whether the independent variables are associated with perceived risks of being scammed. The findings from Model 3 show that the number of peers on the dark web is positively associated with perceived low risks of scam, suggesting that individuals with more friends on the dark web are less likely to perceive the risks of scam as high. In particular, the unstandardized regression coefficient indicates that a one-unit increase in friends on the dark web is associated with a .784-unit increase in low risks of being scammed (b = .784, P < .05).

This finding provides some support for Hypothesis 2. Yet, contrary to Hypotheses 1 and 3, no other predictors reach statistical significance in this model. Overall, the standardized regression coefficient confirms that having peers on the dark web is the predictor with the largest effect in the model (β = .286). The graphic summative presentation of these findings is shown in Figure 1(C).

Finally, Model 4 in Table 3 assesses whether the independent variables are statistically associated with perceived rewards of the dark web activities. Figures from Model 4 reveal that individuals who have more friends engaged in cybercrime are expected to perceive more rewards of the dark web activities. In particular, the unstandardized regression coefficient indicates that a one-unit increase in peers engaged in cybercrime is associated with a .392-unit increase in perceived rewards of the dark web activities (b = .392, P < .01), which provides some support for Hypothesis 1. Further, estimates from Model 4 demonstrate that individuals interested in selling goods may be more likely to perceive higher rewards of the dark web activities. Specifically, the unstandardized regression coefficient indicates that having such interest is associated with a 1.323-unit increase in perceived rewards of the dark web activities (b = 1.323, P < .01). This finding partially supports Hypothesis 3, suggesting that specialized activity interests may heighten perceived rewards. Furthermore, standardized regression coefficients from Model 4 demonstrate that the predictor with the largest effect in this model is having peers engaged in cybercrime (β = .313), followed by interest in selling goods (β = .265). The graphic summative presentation of these findings is shown in Figure 1(D).

Finally, adjusted R² values for Models 1–4 shown in Table 3 indicate that Model 1 has the largest explanatory power, with the predictors under consideration accounting for 19.2% of the variation in the outcome, perceived low risks of the dark web. It is followed by Model 4, in which the same predictors explain 16.2% of the variation in the dependent variable, perceived rewards.

Sensitivity Analyses

To examine whether different factors explain psychic (excitement-based) versus material (profitability-based) rewards from dark web activities, we analyzed each reward type separately (Table 4). Results show that peers’ dark web involvement is linked to higher perceived material benefits, while psychic rewards are associated with friends’ cybercrime involvement. These findings continue to provide some support Hypotheses 1 and 2. The psychic rewards model aligns more closely with the main results using the overall rewards measure. Beyond the “something else” category, no specialized activities were statistically associated with psychic rewards, and none were associated with material rewards. Overall, these results provide limited evidence for Hypothesis 3.

Table 4.

OLS regression analyses of peer behavior and online activities on perceptions of material and psychic rewards associated with engaging in illicit online activities

	(1)		(2)
	Profitable		Exciting
	b	β	b	β
Peers on dark web	.281^*	.195	−.055	−.037
	(.139)		(.141)
Peers in cybercrime	.070	.056	.135^**	.295
	(.044)		(.044)
Malware	.170	.077	.165	.073
	(.226)		(.230)
Hacking	−.091	−.052	−.063	−.035
	(.181)		(.184)
Ransomware	−.215	−.088	−.041	−.016
	(.248)		(.252)
Carding	−.214	−.099	−.028	−.012
	(.205)		(.208)
Selling goods	.342	.192	.343	.188
	(.179)		(.181)
Something else	−.087	−.050	.424^*	.239
	(.184)		(.187)
Age	−.003	−.008	−.103^*	−.225
	(.041)		(.042)
_cons	.862^**		1.266^***
	(.310)		(.317)
N	117		115
R ²	.149		.179
Adj. R²	.077		.108

b-unstandardized coefficients, β-standardized coefficients, standard errors in parentheses.

*P < 0.05.

**P < .01.

***P < .001.

Discussion

Our study sought to understand how various factors associated with the social circles and specific activities of dark web actors affect the precursors to offender choices by shaping perceptions of the risks and rewards associated with dark web activities. The unique technological characteristics of dark web platforms, including anonymity tools, encrypted communications, and specialized interfaces, create distinct conditions that fundamentally shape how users form social networks, assess risks, and make decisions within these digital environments. We proposed that having friends on the dark web and a larger number of friends involved in cybercrime would be associated with higher perceived rewards and lower perceived risks related to cybercrime on the dark web. We also expected that those involved in specific cybercrime activities would similarly gauge the risks and rewards of cybercrime. We found mixed support for our hypotheses.

On one hand, we found that peer involvement in cybercrime tended to lower perceived risks of being active on the dark web—this finding aligns with Hypothesis 1. Several explanations, consistent with social learning perspective, may account for this. First, learning about cybercrime from peers engaged in illicit activities can foster a false sense of security, particularly among less experienced users, making the dark web appear safer than it is. Second, deeper integration into cybercrime communities may enhance users’ technological expertise and increase their participation in complex virtual networks that cultivate trust among participants (Aldridge & Décary-Hétu, 2015; Décary-Hétu & Laferrière, 2015). This trust, in turn, reinforces perceptions of safety. At the same time, our findings suggest that perceptions of specific risks, such as being scammed or facing legal consequences, remain unaffected by peers’ cybercrime involvement, which does not support the broad expectations of Hypothesis 1. It is possible that these activity-specific risk perceptions may stem more from direct, personal experience than from vicarious learning (Stafford & Warr, 1993; see also Collier et al., 2019).

In addition, providing support for Hypothesis 1, friends’ involvement in cybercrime led users in our study to view dark web activities as more rewarding (specifically, exciting). These findings align with prior research showing that peers and criminal subcultures can shape decision-making and reinforce illicit activity (Hoeben & Thomas, 2019; Neissl et al., 2019). Peer experiences likely facilitate information sharing about illicit opportunities (Holt, Bossler, & May, 2012; cf., Holt et al., 2021), build trust in online networks (Lusthaus, 2012), enhance technical confidence, and normalize extremist behaviors (e.g., Chua, 2025)—all of which contribute to lowering perceived risks and heightening perceived rewards.

On the other hand, having a larger number of peers on the dark web, the second factor we hypothesized to be associated with personal involvement in the dark web subculture, was associated with lower perceived risks of being scammed. This result is aligned with Hypothesis 2, and it may be because greater peer presence fosters deeper immersion in the illicit subculture and associated cybercriminal networks, giving users more experience with its norms and practices and, in turn, reducing their perceived vulnerability to scams. It should be noted that there may be no real “safety in numbers,” and the perceived invulnerability to scams among these users may be illusory. However, having more peers engaged in similar illicit activities likely reassures actors that they can also succeed without being defrauded (McCuddy & Vogel, 2015; see also Brinck et al., 2023).

Another factor we hypothesized to be linked with involvement in the dark web subculture, focus on specific activities on the dark web, was found to be associated with the precursors to offender decision-making for only three kinds of the dark web activities. First, as expected, we found that malware interests were associated with lower perceived risks of the dark web, the result aligned with Hypothesis 3. This may indicate that individuals interested in malware possess higher technical expertise, treating the dark web as their regular “work environment.” Moreover, those involved in creating and distributing malware typically have advanced skills that help minimize their chances of detection. Alternatively, even minimal knowledge of malware production or use may give dark web users a false sense of invulnerability, making them feel immune to risks (e.g., Jacobs, 2010). Finally, because law enforcement efforts often focus on high-profile financial crimes and large-scale cyberattacks, many smaller-scale malware actors may believe they are unlikely to be actively targeted.

Contrary to our expectations, we found that interests in ransomware were associated with higher perceived risks associated with the dark web. This finding is contrary to Hypothesis 3, and it may indicate that those distributing ransomware on the dark web are more likely to interact directly with victims and, as a result, may be more easily detected and draw the attention of law enforcement. Furthermore, ransomware actors may be generally more aware of the increased attention of law enforcement to ransomware attacks (Meurs et al., 2025). Although ransomware actors tend to operate in large networks that provide resources for laundering illicit proceeds and evading detection (Whelan et al., 2024), these arrangements do not appear to fully erase a concern about the risks of detection.

Yet another notable finding providing some support for Hypothesis 3 is that selling goods on the dark web may heighten the perceived rewards of dark web activities. This finding could be due to the immediacy of the often-significant profits associated with selling illicit goods (e.g., inauthentic documents, drugs, or weapons), with instant gratification positively reinforcing this behavior, particularly among those with low self-control (e.g., Holt, Bossler, & May, 2012) and thus heightening its perceived attractiveness.

Our findings have important implications for cybercrime prevention, underscoring the influence of peer networks, subcultural immersion, and specific activities and experiences on the processes pertinent to decision-making in the dark web environment. In particular, the observation that peer networks and specific illicit activities reduce perceived risks and increase perceived rewards supports the idea that clandestine digital platforms function as “offender convergence settings” (Felson, 2003), fostering trust, information sharing, and social reinforcement (Garkava et al., 2024). Therefore, interventions that disrupt peer reinforcement mechanisms should be a priority for prevention efforts. An example of such interventions is the publicizing of arrests and prosecutions, which can weaken peer ties and erode the illusion of safety.

The results also highlight the value of tailoring interventions to activity profiles. For malware actors, whose technical expertise lowers perceived risks, strategies that inject doubt, such as disinformation about vulnerabilities and detection, may raise risk perceptions. For ransomware actors, who already recognize elevated risks, visible enforcement actions, including arrests, prosecutions, and asset seizures, can strengthen deterrence. For illicit sellers, who perceive high rewards, interventions that destabilize profits through artificial volatility, fake transactions, and supply disruptions can reduce the gratification that sustains engagement. More broadly, warning banners from internet service providers (Holt & Lee, 2023) that emphasize the risks of engaging on dark web platforms could discourage novices.

Market-oriented measures can complement these targeted strategies. Strategic “lemonizing” (Holt et al., 2016; Howell et al., 2022), which infiltrates marketplaces with controlled accounts and deceptive reviews, can undermine trust in market mechanisms. By degrading reliability and profitability, such tactics exploit market dynamics to raise the perceived costs of illicit activity (e.g., Collier et al., 2021; Lusthaus, 2018).

While our study offers valuable insights into the motivations and choices of dark web actors, several limitations merit consideration. Although our sample is larger than in many prior studies based on self-report data from cyber-offenders, it remains modest and drawn from five platforms, which limits generalizability to the wider population of dark web forum users. Representativeness is further constrained by our inability to assess nonresponse bias, since we could not compare participants with those who viewed but did not respond to recruitment, nor determine whether users of responding platforms differ from those of nonresponding ones.

Our recruitment strategy, consistent with comparable studies (e.g., Collier et al., 2021), did not specifically target known cyber-offenders and did not distinguish between highly active and more sporadic participants. Users from groups whose administrators permitted recruitment may have been less involved in serious crime, potentially biasing the sample toward lower-level offenders. The brief survey format may also have attracted casual users, while more embedded actors may have been less willing to participate.

The study was additionally constrained by language and platform restrictions. Recruitment limited to English- and Russian-speaking forums and Telegram channels where posting was permitted means our findings may not capture perspectives from other linguistic, cultural, or more exclusive networks. Finally, as with all self-report surveys, responses may reflect withholding, exaggeration, or social desirability bias despite efforts to design non-implicating questions.

In conclusion, our study shows that reported perceptions of risks and rewards on the dark web may be shaped by a combination of peer dynamics, subcultural immersion, and, to some extent, activity-specific experiences. Peer involvement in cybercrime was associated with lower perceived risks and heightened perceived rewards, while the presence of more peers on the dark web was associated with reduced perceived vulnerability to scams. Specialized activities were associated with differentiated effects, with malware interests linked to lower perceived risks, ransomware interests linked to heightened perceived risks, and illicit selling interests linked to increased perceived rewards. Together, these findings illustrate that offender decision-making on the dark web likely reflects an interplay of social learning processes, rational choice considerations, and the unique effects of technologically mediated environments. Understanding how these factors jointly shape risk–reward perceptions can inform more targeted and effective cybercrime prevention strategies. Future research would benefit from larger, more targeted samples, greater linguistic and cultural diversity, and mixed designs that combine nuanced questioning with qualitative approaches—as well as methods that move beyond self-reported perceptions to capture verified behavioral outcomes—to reduce bias and capture richer detail about actors’ roles, activities, and stated perceptions of risk and reward.

Footnotes

ORCID iD

Ekaterina Botchkovar

Funding

The authors disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: this research was supported by DHS/CINA under the award #E205949B.⁴ The content is solely the responsibility of the authors and does not necessarily represent the official views of the DHS/CINA.

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data Availability Statement

The authors do not have sponsors’ permission to share data.*

Notes

Author Biographies

Ekaterina Botchkovar is a Professor of Criminology and Criminal Justice at Northeastern University. Her research focuses on offender decision-making, cybercrime, and crime in conflict-affected societies.

Olena Antonaccio is a Professor of Sociology and Criminology at the University of Miami. Her interests include theory testing and development, survey research, comparative criminology, and the application of sociological and criminological theories to cybercrime and to the study of war and trauma.

Abigail Ballou is a Visiting Assistant Professor in the Department of Applied Social Sciences at Boston University's Metropolitan College and the director of the Boston University Prison Education Program. Her research interests include correctional education, reentry, and labor market outcomes for formerly incarcerated individuals.

Dr. David Maimon is a Professor in the Department of Criminal Justice and Criminology at Georgia State University (GSU) and serves as the director of the Evidence-Based Cybersecurity Research Group.

References

Ahmead

El Sharif

Abuiram

(2024). Risky online behaviors and cybercrime awareness among undergraduate students at Al Quds University: A cross-sectional study. Crime Science, 13(29). https://doi.org/10.1186/s40163-024-00230-w

Akers

R. L.

(1998). Social learning and social structure: A general theory of crime and deviance. Northeastern University Press.

Aldridge

Décary-Hétu

(2015). Cryptomarkets and the future of illicit drug markets. In Mounteney

Oteo

(Eds.), The internet and drug markets (pp. 23–32). Publications Office of the European Union.

Antonaccio

Botchkovar

E. V.

Tittle

C. R.

(2011). Attracted to crime: Exploration of criminal motivation among respondents in three European cities: Exploration of criminal motivation among respondents in three European cities. Criminal Justice and Behavior, 38(12), 1200–1221. https://doi.org/10.1177/0093854811423347

Bada

Chua

Y. T.

(2024). Examining risk and risk perception on LSD and MDMA in online marketplaces. Journal of Crime and Justice, 47(4), 456–471. https://doi.org/10.1080/0735648X.2023.2267035

Beccaria

(1764/1964). On crimes and punishments. In Trans. Jane Grigson. Milan, Italy: Oxford University Press.

Becker

G. S.

(1968). Crime and punishment: An economic approach. Journal of Political Economy, 76(2), 169–217. https://doi.org/10.1086/259394

Bekkers

Leukfeldt

Kleemans

(2024). Recruiting co-offenders for financial cybercrime: An analysis of police investigations into cybercriminal networks. Trends in Organized Crime. https://doi.org/10.1007/s12117-024-09556-y

Bentham

(1789). An Introduction to the Principles of Morals. Athlone.

10.

Bossler

A. M.

(2021). Perceived formal and informal sanctions in deterring cybercrime in a college sample. Journal of Contemporary Criminal Justice, 37(3), 452–470. https://doi.org/10.1177/10439862211001630

11.

Botchkovar

Kafafian

Timmer

Antonaccio

Hughes

Johnson

(2024). When the world falls apart: How people make decisions in the times of war. Crime and Delinquency, 71(9), 2993–3031. https://doi.org/10.1177/00111287241268371

12.

Brinck

Nodeland

Belshaw

(2023). The “Yelp-ification” of the dark web: An exploration of the use of consumer feedback in dark web markets. Journal of Contemporary Criminal Justice, 39(2), 185–200. https://doi.org/10.1177/10439862231157519

13.

Burruss

G. W.

Howell

C. J.

Maimon

Wang

(2021). Website defacer classification: A finite mixture model approach. Social Science Computer Review, 40(3), 775–787. https://doi.org/10.1177/0894439321994232

14.

Chopin

Décary-Hétu

(2023). Dark web pedophile site users’ cybersecurity concerns: A lifespan and survival analysis. Journal of Criminal Justice, 86, 102060. https://doi.org/10.1016/j.jcrimjus.2023.102060

15.

Chua

Y. T.

(2025). “We want you!” Applying social network analysis to online extremist communities. Terrorism and Political Violence, 37(3), 409–423. https://doi.org/10.1080/09546553.2024.2304800

16.

Collier

Clayton

Hutchings

Thomas

(2021). Cybercrime is (often) boring: Infrastructure and alienation in a deviant subculture. The British Journal of Criminology, 61(5), 1407–1423. https://doi.org/10.1093/bjc/azab026

17.

Collier

Thomas

D. R.

Clayton

Hutchings

(2019). Booting the booters: Evaluating the effects of police interventions in the market for denial-of-service attacks. In Proceedings of the internet measurement conference, Amsterdam Netherlands, 21 - 23 October 2019, pp. 50–64. https://doi.org/10.1145/3355369.3355578

18.

Copeland

Wallin

Holt

T. J.

(2019). Assessing the practices and products of dark web firearm vendors. Deviant Behavior, 41(8), 949–968. https://doi.org/10.1080/01639625.2019.1596465

19.

Dearden

T. E.

Parti

(2021). Cybercrime, differential association, and self-control: Knowledge transmission through online social learning. American Journal of Criminal Justice, 46(6), 935–955. https://doi.org/10.1007/s12103-021-09655-4

20.

Décary-Hétu

Dupont

(2013). Reputation in a dark network of online criminals. Global Crime, 14(2–3), 175–196. https://doi.org/10.1080/17440572.2013.801015

21.

Décary-Hétu

Faubert

Chopin

Malm

Ratcliffe

Dupont

(2023). “Like aspirin for arthritis”: A qualitative study of conditional cyber-deterrence associated with police crackdowns on the dark web. Criminology & Public Policy, 22(4), 639–664. https://doi.org/10.1111/1745-9133.12642

22.

Décary-Hétu

Laferrière

(2015). Discrediting vendors in online criminal markets. In Morselli

(Ed.), Crime prevention studies: Disrupting criminal networks: Network analysis in crime prevention (28, pp. 129–152). Routledge.

23.

Felson

(2003). The process of co-offending. In Smith

M. J.

Cornish

D. B.

(Eds.), Theory for practice in situational crime prevention (16, pp. 149–167). Criminal Justice Press.

24.

Fox

Holt

T. J.

(2021). Use of a multitheoretic model to understand and classify juvenile computer hacking behavior. Criminal Justice and Behavior, 48(7), 943–963. https://doi.org/10.1177/0093854820969754

25.

Garkava

Moneva

Leukfeldt

E. R.

(2024). Stolen data markets on telegram: A crime script analysis and situational crime prevention measures. Trends in Organized Crime. https://doi.org/10.1007/s12117-024-09532-6

26.

Haynie

D. L.

Osgood

D. W.

(2005). Reconsidering peers and delinquency: How do peers matter? Social Forces, 84(2), 1109–1130. https://doi.org/10.1353/sof.2006.0018

27.

Hoeben

E. M.

Thomas

K. J.

(2019). Peers and offender decision-making. Criminology & Public Policy, 18(4), 759–784. https://doi.org/10.1111/1745-9133.12462

28.

Hoffman

C. J.

Howell

C. J.

Perkins

R. C.

Maimon

Antonaccio

(2024). Predicting new hackers’ criminal careers: A group-based trajectory approach. Computers & Security, 137, Article 103649. https://doi.org/10.1016/j.cose.2023.103649

29.

Holt

K. M.

Holt

T. J.

Cale

Brewer

Goldsmith

(2021). Assessing the role of self-control and technology access on adolescent sexting and sext dissemination. Computers in Human Behavior, 125, Article 106952. https://doi.org/10.1016/j.chb.2021.106952

30.

Holt

T. J.

(2007). Subcultural evolution? Examining the influence of on- and off-line experiences on deviant subcultures. Deviant Behavior, 28(2), 171–198. https://doi.org/10.1080/01639620601131065

31.

Holt

T. J.

(2010). Examining the role of technology in the formation of deviant subcultures. Social Science Computer Review, 28(4), 466–481. https://doi.org/10.1177/0894439309351344

32.

Holt

T. J.

(2019). Cybercrime subcultures: Contextualizing offenders and the nature of the offence. In Leukfeldt

Holt

T. J.

(Eds.), The human factor of cybercrime (pp. 159–172). Routledge.

33.

Holt

T. J.

Bossler

A. M.

May

D. C.

(2012). Low self-control, deviant peer associations, and juvenile cyberdeviance. American Journal of Criminal Justice, 37(3), 378–395. https://doi.org/10.1007/s12103-011-9117-3

34.

Holt

T. J.

Burruss

G. W.

Bossler

A. M.

(2010). Social learning and cyber-deviance: Examining the importance of a full social learning model in the virtual world. Journal of Crime and Justice, 33(2), 31–61. https://doi.org/10.1080/0735648X.2010.9721287

35.

Holt

T. J.

Cross

Brewer

Cale

Logos

Goldsmith

(2024). Assessing the correlates of online fraud offending among juveniles. Crime & Delinquency. https://doi.org/10.1177/00111287241301006

36.

Holt

T. J.

Freilich

J. D.

Chermak

S. M.

(2017). Exploring the subculture of ideologically motivated cyber-attackers. Journal of Contemporary Criminal Justice, 33(3), 212–233. https://doi.org/10.1177/1043986217699100

37.

Holt

T. J.

Kilger

(2008). Techcrafters and makecrafters: A comparison of two populations of hackers . In Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing (pp. 67–78). IEEE. https://doi.org/10.1109/WISTDCS.2008.9

38.

Holt

T. J.

Lee

J. R.

(2023). A crime script model of dark web firearms purchasing. American Journal of Criminal Justice, 48(2), 509–528. https://doi.org/10.1007/s12103-022-09675-8

39.

Holt

T. J.

Lee

J. R.

Smirnova

(2023). Exploring risk avoidance practices among on-demand cybercrime-as-service operations. Crime & Delinquency, 69(2), 415–438. https://doi.org/10.1177/00111287221103753

40.

Holt

T. J.

Leukfeldt

van de Weijer

(2020). An examination of motivation and routine activity theory to account for cyberattacks against Dutch web sites. Criminal Justice and Behavior, 47(4), 487–505. https://doi.org/10.1177/0093854819900322

41.

Holt

T. J.

Smirnova

Hutchings

(2016). Examining signals of trust in criminal markets online. Journal of Cybersecurity, 2(2), 137–145.

42.

Holt

T. J.

Steinmetz

K. F.

(2020). Examining the role of power-control theory and self-control to account for computer hacking. Crime & Delinquency, 67(10), 1491–1512. https://doi.org/10.1177/0011128720981892

43.

Howell

C. J.

Maimon

Perkins

R. C.

Burruss

G. W.

Ouellet

(2022). Risk avoidance behavior on darknet marketplaces. Crime & Delinquency, 70(2), 519–538. https://doi.org/10.1177/00111287221092713

44.

Hsieh

M. L.

Wang

S. Y. K.

Lin

(2023). Perceptions of punishment risks among youth: Can cyberbullying be deterred? Journal of School Violence, 22(3), 307–321. https://doi.org/10.1080/15388220.2023.2183865

45.

Hutchings

Clayton

(2016). Exploring the provision of online booter services. Deviant Behavior, 37(10), 1163–1178. https://doi.org/10.1080/01639625.2016.1169829

46.

Jacobs

B. A.

(2010). Deterrence and deterrability. Criminology, 48(2), 417–441. https://doi.org/10.1111/j.1745-9125.2010.00191.x

47.

Karo-Karo

G. F.

Harumnanda

M. S.

Lim

(2023). Investigating multiple malware as a service (MaaS): Analysis and prevention techniques. In 2023 IEEE international conference on cryptography, informatics, and cybersecurity (ICoCICs), Bogor, Indonesia, 22-24 August 2023, pp. 270–274.

48.

Kaur

Randhawa

(2020). Dark web: A web of crimes. Wireless Personal Communications, 112(4), 2131–2158. https://doi.org/10.1007/s11277-020-07143-2

49.

Kim

Leban

Lee

(2024). Theoretical explanations of the development of youth hacking. Crime & Delinquency, 70(8), 1971–1992. https://doi.org/10.1177/00111287221115639

50.

Kloess

J. A.

van der Bruggen

(2023). Trust and relationship development among users in dark web child sexual exploitation and abuse networks: A literature review from a psychological and criminological perspective. Trauma, Violence, & Abuse, 24(3), 1220–1237. https://doi.org/10.1177/15248380211057274

51.

Laferrière

Décary-Hétu

(2023). Examining the uncharted dark web: Trust signalling on single vendor shops. Deviant Behavior, 44(1), 37–56. https://doi.org/10.1080/01639625.2021.2011479

52.

Leclerc

Drew

Holt

Cale

Singh

(2021). Child sexual abuse material on the darknet: A script analysis of how offenders operate. Trends and Issues in Crime and Criminal Justice, 16(4), 1–13. https://doi.org/10.1093/police/paac017

53.

Lee

J. R.

Holt

T. J.

Smirnova

(2022). An assessment of the state of firearm sales on the dark web. Journal of Crime and Justice, 47(1), 1–15. https://doi.org/10.1080/0735648x.2022.2058062

54.

Leukfeldt

E. R.

Holt

T. J.

(2019). Examining the social organization practices of cybercriminals in the Netherlands online and offline. International Journal of Offender Therapy and Comparative Criminology, 64(5), 522–538. https://doi.org/10.1177/0306624X19895886

55.

Loggen

Moneva

Leukfeldt

(2024). Pathways into, desistance from, and risk factors related to cyber-dependent crime: A systematic narrative review. Victims & Offenders, 1–32. https://doi.org/10.1080/15564886.2024.2370295

56.

Louderback

E. R.

Antonaccio

(2017). Exploring cognitive decision-making processes, computer-focused cyber deviance involvement and victimization: The role of thoughtfully reflective decision-making. Journal of Research in Crime and Delinquency, 54(5), 639–679. https://doi.org/10.1177/0022427817693036

57.

Lusthaus

(2012). Trust in the world of cybercrime. Global Crime, 13(2), 71–94. https://doi.org/10.1080/17440572.2012.674183

58.

Lusthaus

(2018). Industry of anonymity: Inside the business of cybercrime. Harvard University Press.

59.

Matsueda

Lanfear

C. C.

(2020). Collective action, rational choice, and gang delinquency: Appreciating Short and Strodtbeck ([1965] 1974). In Hughes

Broidy

(Eds.), Social bridges and contexts in criminology and sociology: Reflections on the intellectual legacy of James F. Short, Jr. Routledge.

60.

Matthews

S. K.

Agnew

(2008). Extending deterrence theory: Do delinquent peers condition the relationship between perceptions of getting caught and offending? Journal of Research in Crime and Delinquency, 45(2), 91–118. https://doi.org/10.1177/0022427807313702

61.

McCarthy

Hagan

(2005). Danger and the decision to offend. Social Forces, 83(3), 1065–1096. https://doi.org/10.1353/sof.2005.0040

62.

McCuddy

Vogel

(2015). More than just friends: Online social networks and offending. Criminal Justice Review, 40(2), 169–189. https://doi.org/10.1177/0734016814557010

63.

McGloin

J. M.

Thomas

K. J.

(2016). Incentives for collective deviance: Group size and changes in perceived risk, cost, and reward. Criminology, 54(3), 459–486. https://doi.org/10.1111/1745-9125.12111

64.

Meurs

Hoheisel

Junger

Abhishta

McCoy

(2025). What to do against ransomware? Evaluating law enforcement interventions. In Proceedings of the symposium on electronic crime research (eCrime 2024), Boston, MA, USA, 24-26 September 2024.

65.

Miller

Morris

R. G.

(2016). Virtual peer effects in social learning theory. Crime & Delinquency, 62(12), 1543–1569. https://doi.org/10.1177/0011128714526499

66.

Mirea

Wang

Jung

(2019). The not so dark side of the darknet: A qualitative study. Security Journal, 32(2), 102–118. https://doi.org/10.1057/s41284-018-0150-5

67.

Neissl

Botchkovar

E. V.

Antonaccio

Hughes

L. A.

(2019). Rational choice and the gender gap in crime: Establishing the generality of rational choice theory in Russia and Ukraine. Justice Quarterly, 36(6), 1096–1121. https://doi.org/10.1080/07418825.2018.1543723

68.

Ngo

F. T.

Marcum

Belshaw

(2023). The dark web: What is it, how to access it, and why we need to study it. Journal of Contemporary Criminal Justice, 39(2), 160–166. https://doi.org/10.1177/10439862231159774

69.

O'Malley

R. L.

Holt

K. M.

(2020). Cyber sextortion: An exploratory analysis of different perpetrators engaging in a similar crime. Journal of Interpersonal Violence, 37(1-2), 258–283. https://doi.org/10.1177/0886260520909186

70.

Ouellet

Maimon

Howell

J. C.

(2022). The network of online stolen data markets: How vendor flows connect digital marketplaces. British Journal of Criminology, 62(6), 1518–1536. https://doi.org/10.1093/bjc/azab116

71.

Partin

R. D.

(2025). Low self-control, the dark triad, and dark web use: An exploratory study. American Journal of Criminal Justice, 50(6), 1121–1148. https://doi.org/10.1007/s12103-025-09818-7

72.

Pete

Hughes

Chua

Y. T.

Bada

(2020). A social network analysis and comparison of six dark web forums. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy, 16-18 June 2020, pp. 484–493.

73.

Roddy

Holt

(2022). An assessment of hitmen and contracted violence providers operating online. Deviant Behavior, 43(2), 139–151. https://doi.org/10.1080/01639625.2020.1787763

74.

Romagna

Leukfeldt

R. E.

(2024). Social opportunity structures in hacktivism: Exploring online and offline social ties and the role of offender convergence settings in hacktivist networks. Victims & Offenders, 1–23. https://doi.org/10.1080/15564886.2024.2372054

75.

Smirnova

Holt

T. J.

(2024). Exploring and estimating the revenues of cybercrime-as-service providers: Analyzing booter and stresser services. Deviant Behavior, 46(10), 1300–1313. https://doi.org/10.1080/01639625.2024.2373346

76.

Smirnova

Hyslip

T. S.

Holt

T. J.

(2024). Are active users the most central to hacker social networks? A comparative analysis of public and private online network structures among hackers. Deviant Behavior, 46(7), 1–17. https://doi.org/10.1080/01639625.2024.2373356

77.

Stafford

M. C.

Warr

(1993). A reconceptualization of general and specific deterrence. Journal of Research in Crime and Delinquency, 30(2), 123–135. https://doi.org/10.1177/0022427893030002001

78.

Stalans

L. J.

Donner

C. M.

(2018). Explaining why cybercrime occurs: Criminological and psychological theories. In Jahankhani

(Ed.), Cyber criminology (pp. 25–45). Springer. https://doi.org/10.1007/978-3-319-97181-0_2

79.

Steinmetz

K. F.

(2014). Craft(y)ness: An ethnographic study of hacking. British Journal of Criminology, 55(1), 125–145. https://doi.org/10.1093/bjc/azu061

80.

Sutherland

E. H.

(1947). Principles of criminology (4th ed.). J. B. Lippincott.

81.

Thomas

K. J.

(2024). Rational choice, gang membership, and crime: Moving actors and choice to center stage. In Pyrooz

D. C.

Densley

J. A.

Leverso

(Eds.), The Oxford handbook of gangs and society. Oxford Academic.

82.

Tittle

C. R.

Antonaccio

Botchkovar

Kranidioti

(2010). Expected utility, self-control, morality, and criminal probability. Social Science Research, 39(6), 1029–1046. https://doi.org/10.1016/j.ssresearch.2010.08.007

83.

Tittle

C. R.

Botchkovar

E. V.

Antonaccio

(2011). Criminal contemplation, national context, and deterrence. Journal of Quantitative Criminology, 27(2), 225–249. https://doi.org/10.1007/s10940-010-9104-8

84.

van der Bruggen

Blokland

(2021). Profiling darkweb child sexual exploitation material forum members using longitudinal posting history data. Social Science Computer Review, 40(4), 865–891. https://doi.org/10.1177/0894439321994894

85.

Weulen Kranenbarg

(2022). When do they offend together? Comparing co-offending between different types of cyber-offenses and traditional offenses. Computers in Human Behavior, 130, 107186. https://doi.org/10.1016/j.chb.2022.107186

86.

Weulen Kranenbarg

Ruiter

Van Gelder

J.-L.

(2019). Do cyber-birds flock together? Comparing deviance among social network members of cyber-dependent offenders and traditional offenders. European Journal of Criminology, 18(3), 386–406. https://doi.org/10.1177/1477370819849677

87.

Weulen Kranenbarg

Ruiter

van Gelder

J.-L.

Bernasco

(2021). Cyber-offending and traditional offending over the life-course: An empirical comparison. Crime & Delinquency, 67(11), 1700–1728. https://doi.org/10.1177/0011128720915454

88.

Weulen Kranenbarg

van der Toolen

Weerman

(2022). Understanding cybercriminal behaviour among young people: Results from a longitudinal network study among a relatively high-risk sample. VU University Amsterdam/Netherlands Institute for the Study of Crime and Law Enforcement.

89.

Weulen Kranenbarg

van Gelder

J.-L.

Barends

A. J.

de Vries

R. E.

(2023). Is there a cybercriminal personality? Comparing cyber offenders and offline offenders on HEXACO personality domains and their underlying facets. Computers in Human Behavior, 140, 107576. https://doi.org/10.1016/j.chb.2022.107576

90.

Whelan

Bright

Martin

(2024). Reconceptualising organised (cyber)crime: The case of ransomware. Journal of Criminology, 57(1), 45–61. https://doi.org/10.1177/26338076231199793

91.

Woodhams

Kloess

J. A.

Jose

Hamilton-Giachritsis

C. E.

(2021). Characteristics and behaviors of anonymous users of dark web platforms suspected of child sexual offenses. Frontiers in Psychology, 12, 623668. https://doi.org/10.3389/fpsyg.2021.623668

Crime and Calculation: The Decision-Making of Dark Web Actors

Abstract

Keywords

Introduction

Cybercrime on and off the Dark Web

Deciding to Commit a (Cyber)crime

Rational Choice and Social Learning

Social Learning and Subcultural Influences on Cybercrime

Current Study and Hypotheses Development

Methods

Data

Measures

Dependent Variables

Perceptions of Risks

Independent Variables

Peer Cybercrime Involvement

Involvement in the Dark Web Subculture

Age

Analytic Strategy

Results

Sensitivity Analyses

Discussion

Footnotes

ORCID iD

Funding

Declaration of conflicting interests

Data Availability Statement

Notes

Author Biographies

References