Factors Affecting Online Attacks of Malicious Code among University Students in Khyber Pakhtunkhwa Province of Pakistan

This paper focused to measure the relationship of online target suitability with the chances of encountering malicious code i.e. hacking and viruses. Particularly, young students are prone to online attacks due to their excessive use of online spaces. The concept of target suitability was adopted from Routine Activity Theory (RAT). The study is a descriptive survey in nature. The population of the study was all university students of KP. 800 students were selected from the six top-ranked universities of KP. Multiple regression analysis was used to analyze the data. The findings of the study revealed that the target suitability in online activities of young adults increases the likelihood to face attacks in form of hacking and viruses. More careful use of the internet is recommended to avoid hacking and virus attacks during online communication.
 
 


Introduction
In contemporary world, with wide spread accessibility to smart phones and internet, malicious software are becoming major threat during online communication (Qbeitah & Aldwairi, 2018). Malicious code are software with harmful effects particularly designed to meet the desires of online offenders (Egele, et al., 2012). It can be transferred in different types of computer files like PDF, macros or document files, which then spread across the online world using online means of communication like emails (Palmer, 2018). These malicious codes are programs which cause harmful changes, delete or destroy files in computer or the whole system, which is one of the major online criminal activity where data files are destroyed using these programs (Qbeitah & Aldwairi, 2018). Through the uses of these malicious code, online attackers hack e-mail accounts, disrupt networks, gain access to and delete or corrupt valuable files, and can also be used to damage software and hardware (Taylor, et al., 2014). In most cases victims of such attacks remain unaware of the attack which poses even bigger problem (Palmer, 2018). These viruses and hacking software are intended to interrupt modern communication technologies, access and stealing private data without victim's knowledge, which threaten users privacy, and the integrity of hosting sites (Sikorski & Honig, 2012). Malicious codes or programs includes "worms, Trojan horses, viruses, backdoors, time-bombs etc." (Kienzle & Elder, 2003;McGraw & Morrisett, 2000). In light of the previous studies, the researcher divided all these forms of malicious codes into two categories of hacking and viruses. Previous studies applied Routine Activity Theory (RAT) to study hacking (Wilsem, 2013) and computer viruses (Holt & Bossler, 2013), but with limited scope. Due to the pervasive nature, and widespread effects, it is important to study how these hacking and viruses' software affect the young users of internet; particularly this study focuses on the conditions which makes young university students suitable targets for such attacks. Findings of the study hopefully could lead to better understanding of the danger posed by these software as well as finding ways to counter the threat. In this regard, some understanding of hacking and viruses is beneficial for the study. This study focused on the objective, "To measure the relationship of online openness (target suitability) with the chances of malicious code i.e., hacking and viruses that students face". Hacking Hacking is unauthorized access to online accounts, data, computer network with malicious intent (Mshana, 2015). Through hacking, online offenders bypass the security systems security systems and gain access to victim's computer, Smartphone of a whole online network (Marcum, et al., 2014;Wilsem, 2013). Usually, users of internet, particularly of Social Networking Sites do not take adequate measures to protect their data and valuable personal information from hacking (Martens & De Wolf, 2018). One study shows that about 1.2 to 5.8% of the world population fall victim to hacking every year (Reep-van den Bergh & Junger, 2018). Study also shows that hacking is major problem in Pakistan as well, and one such study identified that 42.5% of university going students fall prey to hacking with criminal intent from the offender (Manzar, et al., 2016). Viruses Computer Virus has become major threat to computer systems and online communications of individuals (Chauhan, 2013). Virus is a kind of malicious software that causes disruption in normal functioning of computer system (Martens & De Wolf, 2018). These viruses commonly attack the data files and corrupt them by making alterations or sometimes completely delete important files (Chauhan, 2013). A study showed that 82.20% of the participants were attacked through viruses, 58.47% of them realized the risk of that virus attack, 71.18% of them were victimized repeatedly, at least twice, 62.25% were attacked thrice and 56.77% of participants were attacked through viruses for more than three times (Kamruzzaman et al., 2016). Viruses are more frequently transmitted through downloading games online (51.55%) and by clicking fake online ads(19.59%) (Kamruzzaman et al., 2016). The phenomenon of virus attacks is global in nature. Symantec in 2010 reported that globally, 51% of adult internet users face the effects of Computer viruses and malwares, while in New Zealand the rate is even higher at 61%, in Brazil it is 62% and in China 65% feel the effects of virus attacks (Symantec, 2010).

Theoretical Framework
Routine Activity Theory (RAT) developed by Cohen and Felson (1979) identified that presence of motivated offender, a suitable target and the lack of a capable guardian increases the chances of victimization. The present study focuses on suitable target which means in this case, the online users who use internet and social media carelessly and do not adopt security measures. Such users use internet with their real identities or do not object in providing or discussing personal information with other online users. Over the years, scholars have used RAT theory to explain the factors behind online criminal activities; therefore, this theory provides theoretical ground for this study because the theory has proved as useful in explaining online victimization of various types. The theory suggests that there should be an opportunity of victimization as without presence of such opportunity it is less likely that people will be victimized (Felson & Clarke, 1998). Previous literature on online victimization suggests that certain online behavioural patterns are related with the chances of being victimized during online presence. Those behaviour patterns include a) the behaviour of clicking online links carelessly (Choi, 2008) amount of time spent on using social networking sites (Holt & Bossler, 2009;Wilsem, 2013), and sharing personal information online (Reyns & Henson, 2016). These studies showed that with increased exposure, chances of online victimization also increases and also the physical location where users use internet also have effects on being victimized (Marcum, et al., 2010). This study focuses on what are the traits of university students that make them suitable targets for online attacks through malicious codes of hacking and viruses. Methodology This study utilizes the cross-sectional survey research design for collecting fresh data for the study. Students enrolled in the six leading universities of Khyber Pakhtunkhwa province of Pakistan makes the population of the present study, and the individual student is the unit of analysis for this study. Student data was obtained from their respective universities. A closed-ended questionnaire was used to collect relevant data from the university students. Items and questions for the questionnaire were selected as a result of rigorous literature review on the subject. At the time of data collection, the information collected from the respected universities revealed that in total there were 51887 students enrolled in the six leading universities of KPK, with 38991 male students and 12896 female students. The sample of 800 students was selected using stratified sampling method. To ensure that respondents fill the questionnaire appropriately, each questionnaire was administered separately and the respondent was requested to fill the questionnaire at spot so that if any problem they face during the process, the researcher will help them to sort it out. The variable of malicious code was operationalized by distributing various types of malicious software into two categories of hacking and viruses. For hacking, seven (7) statements were formulated, while for measuring of virus attack six (6) statements were deduced from literature. A likert scale with five categories was provided for each statement of both the sub-constructs of malicious code. The five categories were labeled as; 1 means never, 2 means rarely, 3 means sometimes, 4 means often and 5 means very often. Answers for both the sub-constructs were separately calculated and the cumulative mean score of each was treated as individual's score of how often they were victimized through hacking or virus threats. Hypothesis Students who provide more information in online communication are suitable targets and are likely to face significantly higher rate of malicious code.

Results
Multiple regression tests are used to analyse the data. There was no collinearity between the independent variables. The alpha level was set at .05. In total, four tables were generated using SPSS. The first two tables present the results of multiple regression tests for predicting chances of hacking viruses respectively from posting personal information on social media. The last two tables predict chances of online hacking and facing viruses respectively sharing personal information online contacts during interaction. According to table no 1, multiple regression test was used to predict the effect of posting personal information in social media sites on hacking. F (12, 787), = 9.562, p= .000 predicts statistically significant relationship between different types of Adjusted R 2 = 0.114 suggested that the overall model explains 11.4% of the variation in the hacking due to age, phone number, family conflicts and audio. While gender, picture, school information, extracurricular activities, goals, emotional distresses, description of your-self, and video variables in the model has insignificant relationship with hacking. One unit increase in using to age, will increase hacking by 0.12 unit, phone number will increase hacking by 0.22 unit, family conflicts will increase hacking by .14 unit, and audio will increase hacking by 0.09 unit. According to table no 2, multiple regression was performed to predict the effect of sharing personal information in social media sites on viruses. F (12, 787), = 12.888, p= .000 shows significant relationship between the variables. Adjusted R 2 = .151 suggested that the overall model explains 15.1% of the variation in the viruses due to emotional distresses, description of yourself and video.
While age, gender, picture, and school information, extracurricular activities, goals, family conflicts and audio variables in the model have insignificant relationship with viruses. One unit increase in using to emotional distresses will increase viruses by .17 unit, description of yourself will increase viruses by .13 unit and video will increase viruses by .18 unit. According to table no 3, multiple regression was performed to predict the effect of providing personal information to online contact on hacking. F (12, 787), = 10.445, p= .000 shows significant relationship between the variables. Adjusted R 2 = .124 suggested that the overall model explains 12.4% of the variation in the hacking due to gender, phone number, family conflicts and description of yourself. While age, picture, school information, extracurricular activities, goals, emotional distresses, audio and video variables in the model have insignificant relationship with hacking. One unit increase in using to gender, will increase hacking by .16 unit, phone number will increase hacking by .15 unit, family conflicts will increase hacking by .25 unit and description of yourself will increase hacking by .14 unit.
According to table no 4, Multiple regression was performed to predict the effect of providing personal information to online contact on viruses. F (12, 787), = 11.989, p= .000 shows significant relationship between the variables. Adjusted R 2 = .142 suggested that the overall model explains 14.2% of the variation in the viruses due to emotional distresses, description of yourself, audio and video. While age, gender, picture, phone number, school information, extracurricular activities, goals and family conflicts variables in the model has insignificant relationship with viruses. One unit increase in using to emotional distresses, will increase viruses by .12 unit, description of yourself will increase viruses by .23 unit, audio will increase viruses by .12 unit and video will increase viruses by .12 unit.

Discussion and Conclusion
Literature on Routine Activity theory suggests that using internet excessively could lead to higher levels of online victimization in form of hacking and virus attacks (Bossler, et al., 2012;Hinduja & Patchin, 2008;Marcum et al., 2010).This study supports the findings of these previous studies and findings revealed that while communicating online, providing personal information increases chances of facing malicious codes in form of hacking and virus software. Result accepted the research hypothesis, "Students who provide more information in online communication are suitable targets and are likely to face significantly higher rate of malicious code i.e., hacking and viruses". Findings of this study also provided support to the previous study of Peluchette et al. (2015) and suggests that posting careless SNS content is an important determinant of making students suitable targets for hacking and virus attacks. Another study by Avais et al. in (2014) revealed that half of the respondents have faced hacking in different ways like, hacking of email id, facebook account etc. Study conducted by Kamruzzaman et al. (2016) showed that more than eighty percent respondents were victimized by virus attack and approximately seventy percent respondents were victimized for second or third time (Kamruzzaman et al., 2016). As RAT theory suggests and supported by findings of this study, careless use of internet makes individuals attractive target, and may provide an opportunity for online offenders to attack through hacking and virus software. Also as previous studies (Staksrud, Ólafsson, & Livingstone, 2013)found, this study suggests that as the number of friends in online social spaces increases, the risk of online victimization also increases as there may be more potential perpetrators among the friends list.
Other studies found self-disclosure as a significant predictor of online victimization (Dredge, et al., 2014;Kokkinos & Saripanidis, 2017). Findings of this study support these findings, which highlights that pattern of using online spaces could attract potential offenders which is also consistent with the Routine Activity Theory.

Policy implications and research suggestions
From the knowledge gained through this study, hopefully more effective policies and programs can be introduced to educate internet user about protecting themselves while online. Internet is often used for educational, information, entertainment purposes, and many young people use the Internet to socialize and connect with others. It would be more effective to educate adolescents on the threats present online so they are aware of the potential victimization. Awareness raising seminars should be held on a regular basis to inform internet users about what is available for them to deal with malicious code and how they can access it. For future researchers, it is suggested that causes and prevention mechanisms of other types of malicious code should also be investigated. As this study was limited to few universities of KP Province of Pakistan, studies with same variables can be carried out in different geographical areas, which would add to the knowledge base. Research is necessary to identify the prevalence of malicious code in other age groups. Studies among even younger students of schools and colleges could add new information in our knowledge of the phenomenon that how this age group is impacted by malicious code, and what coping strategies could be utilized.
Note: This research paper is part of Ph.D. thesis of Dr. Asghar Ullah Khan.