Journal article Open Access

From a Vulnerability Search to a Criminal Case: Script Analysis of an SQL Injection Attack

Anna Leppänen; Tero Toiviainen; Terhi Kankaanranta

This paper uses script analysis to model a low-skill-level SQL injection, a common form of website hacking. Its contribution is to identify crime facilitators and potential stakeholders who can participate in the prevention of these types of crime up to the point of the criminal investigation. The data consists of a real judiciary crime case. The implications of this research are: 1) The police should consider ways of increasing the likelihood of and shortening the time taken for organisations to report cybercrime; 2) It may be possible and beneficial to detect low skill level domestic offenders among the mass of website hacks, and to concentrate on cutting their criminal career short via co-operation between authorities, business and the non-governmental sector. Moreover, increasing the awareness of young people regarding cybercrimes could potentially prevent an interest in a vulnerability search that would turn into a criminal act from forming in the first place.  

Files (15.2 MB)
Name Size
15.2 MB Download
All versions This version
Views 7070
Downloads 2020
Data volume 304.0 MB304.0 MB
Unique views 6565
Unique downloads 1717


Cite as