There is something liberating and reckless about Halloween: donning the guise of a superhero, villain, celebrity or historical figure and parading about for an evening in an act of impersonation and mimicry. The pretense also includes snatching the occasional glimpse into other lives as kids and adults knock on doors canvassing neighboring homes in search of treats (there are few tricks given out these days). 

It is oddly fitting, then, that October 31 marks the end of cybersecurity awareness month. Halloween and cybercrime are both ritualized acts of deception — one playful and permitted, the other predatory and criminal.

In the Celtic antecedents to Halloween, for example, people masked themselves to blend in with spirits and protect themselves against harm while crossing boundaries between worlds. In our digital age, criminals and users mask themselves through avatars, VPNs, and usernames to likewise traverse the boundaries between real and virtual worlds.

The doorway during Halloween is the point of exchange: the place where contact is made, trust is extended and treats are given out. In cybercrime, there is both a metaphorical and literal doorway: the inbox, text message, login portal, or chat window where the greeting, solicitation or email lands.

Halloween and cybercrime are both rooted in identity as performance: someone pretending to be something they’re not. On Halloween, we expect disguises and the ritual is enhanced when we participate in and enjoy the deception. Cybercrime represents a more insidious manipulation of trust based on a disguised identity, however.

At 221B Partners, we merge our experience as veteran public records researchers with modern technology and tools to identify, forensically capture and preserve information from our surface, deep and dark web research supporting in the following scenarios:

  • Social media and online account discovery and attribution (221B identified an individual who forged a title in an attempt to transfer ownership of a property to himself)
  • Sextortion and publication of non-consensual content (221B identified the real person who posted intimate images of the victim publicly online without consent) 
  • Online stalking and harassment (221B found evidence depicting this stalking and in a preserved the content in a forensically sound way, ready to be used in court)
  • Online romance and crypto scams (221B matched up social media activity showing luxurious travel by the fraudsters on the victim’s dime with other evidence in the case).

So, as the holiday passes, it’s worth thinking about the ways that cybercrime exploits some of the features of Halloween:

  • Cybercrime breaks the compact that disguises are temporary and deception is harmless. The mask stays on and the intent is not to play but to harm;
  • Halloween tests our imagination but cybercrime preys on it;
  • The Halloween costume is reinvented in cybercrime as a fake email, brand cloning or fictional persona