About

Kyung-shick Choi is a Professor of the Practice and the Director of Cybercrime and Cybersecurity at Boston University Metropolitan College. He holds a PhD from Indiana University of Pennsylvania, an MS from Boston University, and a BS from Northeastern University. Dr. Choi has designed and oversees programs in Cybercrime Investigation and Cybersecurity, including graduate certificates and MS degrees in Criminal Justice. His expertise encompasses cybercriminology, cybercrime investigation, and cybersecurity, with a focus on how cybercriminal behavior interacts with technology and the criminal justice system. Dr. Choi has an established track record in law enforcement training, computer forensics, and child exploitation investigation. He is a founder of the Cybercrime Division at the American Society of Criminology and has served as president of the Korean Society of Criminology in America. His work includes facilitating international projects such as the Virtual Forum Against Cybercrime in cooperation with the United Nations, and he has delivered lectures at INTERPOL, AMERIPOL, and Spain's ENISE conferences. He has testified before the Massachusetts Statehouse on cybersecurity issues and is an invited lecturer for the UNICRI–UPEACE LLM program. As an academic researcher, Dr. Choi focuses on the intersection of human behavior and technology, particularly in the context of cybercrime. He proposed the Cyber-Routine Activities Theory (Cyber-RAT) in 2008, which has become influential in the field of computer-crime victimization. His publications include books on cybercriminology and digital forensics, and his research has been published in numerous peer-reviewed journals. He has led federally funded projects aimed at strengthening national capacity in cybercrime investigation and digital forensics. Dr. Choi is also the founding editor and editor-in-chief of the International Journal of Cybercrime and Cybersecurity Intelligence, and he actively contributes to policy advocacy and international collaboration in cybercrime prevention and investigation.

Research topics

• Computer Security
• Computer Science
• Political Science
• Sociology
• Law
• World Wide Web
• Criminology
• Political economy
• Psychology
• Geography
• Medicine
• Social psychology
• Medical education
• Engineering
• Public relations
• Human–computer interaction

Selected publications

• Forensic Output Scale (FOS): Dataset of 79 Deepfake Detection Methods Classified by Forensic Output Type

  Zenodo (CERN European Organization for Nuclear Research) · 2026-05-15

  datasetOpen access

  This dataset accompanies the paper "Detecting Deepfakes for the Courtroom: A Multi-Modal Forensic Output Framework" (EAI CSECS 2026). It catalogs 79 deepfake detection methods across image, video, audio-visual, and audio modalities, classified by the Forensic Output Scale (FOS), a five-level taxonomy of detector output types: L0 Detection (score/probability), L1 Localization (where), L2 Attribution (what generator/method), L3 Narration (natural-language explanation), and L4 Verification (a specific, juror-checkable factual claim). The dataset reveals that 57% of surveyed methods (45/79) ship only L0 outputs, while no method currently produces L4 verification output. Seven methods compute L4-capable internal signals (mouth temporal anomalies, action unit relationships, blood-flow rPPG, lip-audio alignment, pupil geometry, etc.) but collapse them to scalar scores at inference — a gap we term the "L4 readiness gap." Contents (10 sheets): README — taxonomy definitions and dataset documentation Methods — master catalog of all 79 methods with year, venue, modality, FOS level, output type, internal signal (if L4-capable), notes, and Chicago author-date reference L0 Detection / L1 Localization / L2 Attribution / L3 Narration / L4 Verification — methods split by FOS level L4-Capable (ships L0) — the seven detectors with internal verifiable signals plus the L4 claim each would produce if surfaced and how a juror could verify it Datasets — 21 evaluation datasets supporting explainable deepfake detection Summary — distribution statistics across FOS levels and modalities Intended use: Forensic practitioners selecting court-admissible detectors, researchers identifying gaps in explainability, and policy/legal scholars assessing detector suitability under Daubert and analogous evidence standards.

  PublisherDOI

• Operationalizing Cyber-Routine Activities Theory for Senior Cybercrime Prevention: An Evaluation of the SHIELD Training-the-Trainer Program

  International Journal of Cybersecurity Intelligence and Cybercrime · 2026-01-01 · 1 citations

  article1st authorCorresponding

  Older adults face growing risks of cyber-enabled fraud, yet scalable, evidence-based prevention programs remain limited. Guided by Cyber-Routine Activities Theory (Cyber-RAT), this study evaluates the pilot implementation of the Seniors Harnessing Internet Education for Lasting Defense (SHIELD) Training-the-Trainer program, designed to prepare law enforcement officers and community leaders to deliver cybercrime prevention education to older adults. A key innovation of SHIELD is its integration of interactive game-based simulations, which allow participants to practice verification, refusal, and reporting behaviors in realistic cybercrime scenarios. Following the December 2025 pilot session in Boston, semi-structured interviews were conducted with 12 participants from law enforcement, community organizations, and program staff. Thematic analysis examined perceptions of training quality, instructional design, technology use, and preparedness to implement the curriculum. Participants reported strong alignment between SHIELD and community needs and viewed the curriculum’s practical guidance and real-world examples as immediately usable. The gaming component was perceived as innovative and potentially effective for increasing engagement and experiential learning, though participants noted that initial technical complexity and navigation demands could increase cognitive load and require additional onboarding and support for senior learners. Overall, findings suggest SHIELD represents a promising, theory-driven, community-based model for strengthening digital guardianship among older adults. The study highlights both the potential and implementation requirements of game-based experiential learning in cybercrime prevention and identifies priorities for future community-level evaluation.

  PublisherDOI

• Forensic Output Scale (FOS): Dataset of 79 Deepfake Detection Methods Classified by Forensic Output Type

  Zenodo (CERN European Organization for Nuclear Research) · 2026-05-14

  datasetOpen access

  This dataset accompanies the paper "Detecting Deepfakes for the Courtroom: A Multi-Modal Forensic Output Framework" (EAI CSECS 2026). It catalogs 79 deepfake detection methods across image, video, audio-visual, and audio modalities, classified by the Forensic Output Scale (FOS), a five-level taxonomy of detector output types: L0 Detection (score/probability), L1 Localization (where), L2 Attribution (what generator/method), L3 Narration (natural-language explanation), and L4 Verification (a specific, juror-checkable factual claim). The dataset reveals that 57% of surveyed methods (45/79) ship only L0 outputs, while no method currently produces L4 verification output. Seven methods compute L4-capable internal signals (mouth temporal anomalies, action unit relationships, blood-flow rPPG, lip-audio alignment, pupil geometry, etc.) but collapse them to scalar scores at inference — a gap we term the "L4 readiness gap." Contents (10 sheets): README — taxonomy definitions and dataset documentation Methods — master catalog of all 79 methods with year, venue, modality, FOS level, output type, internal signal (if L4-capable), notes, and Chicago author-date reference L0 Detection / L1 Localization / L2 Attribution / L3 Narration / L4 Verification — methods split by FOS level L4-Capable (ships L0) — the seven detectors with internal verifiable signals plus the L4 claim each would produce if surfaced and how a juror could verify it Datasets — 21 evaluation datasets supporting explainable deepfake detection Summary — distribution statistics across FOS levels and modalities Intended use: Forensic practitioners selecting court-admissible detectors, researchers identifying gaps in explainability, and policy/legal scholars assessing detector suitability under Daubert and analogous evidence standards.

  PublisherDOI

• Global Insights and Collaborative Frameworks: Advancing International Security Through the Boston University-Korean National Police University Summer Study Abroad Program

  2026-03-31

  book-chapter1st authorCorresponding

  The Intelligence and National Security Focused Summer Study Abroad Program is a collaboration between Boston University Metropolitan College (BU MET) and the Korean National Police (KNP). Held in July 2024 in Boston, this two-week program aimed to enhance expertise in global law enforcement and intelligence operations among six KNP professionals. Participants engaged in a curriculum designed to deepen their understanding of both theoretical and practical aspects, focusing on threat assessments, intelligence tactics, cyber intelligence, and cryptocurrency investigations. The program’s objectives were to provide practical insights into complex security operations, bridge theoretical constructs with real-world applications, and promote international cooperation to address global security challenges. This paper examines the program’s structured approach, the challenges encountered—such as aligning objectives, handling sensitive information, logistical barriers, cultural differences, and time constraints—and explores future directions to enhance the program’s impact and sustainability. Through this initiative, BU MET and KNP underscore their commitment to advancing global security expertise and strengthening international relationships through academic and professional collaborations.

  PublisherDOI

• Uncovering Cryptocurrency-Enabled Sextortion: A Blockchain Forensic Analysis of Transactions and Offender Laundering Tactics

  Information · 2026-03-01

  articleOpen access1st author

  Sextortion has rapidly expanded into a global cyber-enabled crime that leverages anonymous digital communication and decentralized payment systems. This study examines the financial infrastructures underlying contemporary sextortion by conducting a two-phase analysis of 87 confirmed cases involving cryptocurrency payments. Using blockchain forensic tools and open-source intelligence, the research traces fund movements across perpetrator-controlled wallets, identifies laundering techniques such as mixers, peel-chain transfers, and exchange-based cash-outs, and links these behaviors to narrative patterns within victim reports. The results reveal a dual-tier ecosystem in which mass-produced, multilingual extortion scripts coexist with divergent laundering typologies that differentiate lower-value, high-volume scams from more organized and higher-yield operations. By integrating qualitative and quantitative evidence, this study provides a forensic framework for detecting illicit cryptocurrency activity, improving threat classification, and strengthening investigative and regulatory responses to sextortion and related crypto-enabled interpersonal crimes.

  PublisherOA PDFDOI

• Deepfake Sextortion in England, Wales and Northern Ireland: A Doctrinal and Regulatory Analysis

  Laws · 2026-02-10 · 1 citations

  articleOpen accessSenior author

  Existing law provides no settled account of how deepfake sextortion should be characterised and regulated in England, Wales and Northern Ireland, creating uncertainty for charging, adjudication and platform compliance at the point when the Online Safety Act 2023 allocates duties to regulated services under Ofcom oversight. This article responds by analysing and synthesising the Online Safety Act 2023 with the Sexual Offences Act 2003 and residual harassment and communications offences, using doctrinal analysis and normative evaluation to identify points of alignment and misfit. It establishes criteria for identifying synthetic sexual coercion, including the elements that mark threat-stage conduct, the role of fabrication in the wrong, and the conditions under which epistemic harms should be treated as legally relevant within ordinary doctrine. It rejects three propositions: that intimate-image abuse is primarily a publication-based wrong; that an authentic image is a precondition for liability; and that content-led platform duties adequately address coercion before dissemination. This analysis specifies how courts and prosecutors should classify conduct and select offences, how services should operationalise risk assessment and mitigation for threat-stage harms, and which targeted reforms to offence design, platform duties and victim-facing procedures are required to secure predictable protection and effective redress.

  PublisherOA PDFDOI

• Forensic Output Scale (FOS): Dataset of 79 Deepfake Detection Methods Classified by Forensic Output Type

  Zenodo (CERN European Organization for Nuclear Research) · 2026-05-14

  datasetOpen access

  This dataset accompanies the paper "Detecting Deepfakes for the Courtroom: A Multi-Modal Forensic Output Framework" (EAI CSECS 2026). It catalogs 79 deepfake detection methods across image, video, audio-visual, and audio modalities, classified by the Forensic Output Scale (FOS), a five-level taxonomy of detector output types: L0 Detection (score/probability), L1 Localization (where), L2 Attribution (what generator/method), L3 Narration (natural-language explanation), and L4 Verification (a specific, juror-checkable factual claim). The dataset reveals that 57% of surveyed methods (45/79) ship only L0 outputs, while no method currently produces L4 verification output. Seven methods compute L4-capable internal signals (mouth temporal anomalies, action unit relationships, blood-flow rPPG, lip-audio alignment, pupil geometry, etc.) but collapse them to scalar scores at inference — a gap we term the "L4 readiness gap." Contents (10 sheets): README — taxonomy definitions and dataset documentation Methods — master catalog of all 79 methods with year, venue, modality, FOS level, output type, internal signal (if L4-capable), notes, and Chicago author-date reference L0 Detection / L1 Localization / L2 Attribution / L3 Narration / L4 Verification — methods split by FOS level L4-Capable (ships L0) — the seven detectors with internal verifiable signals plus the L4 claim each would produce if surfaced and how a juror could verify it Datasets — 21 evaluation datasets supporting explainable deepfake detection Summary — distribution statistics across FOS levels and modalities Intended use: Forensic practitioners selecting court-admissible detectors, researchers identifying gaps in explainability, and policy/legal scholars assessing detector suitability under Daubert and analogous evidence standards.

  PublisherDOI

• Global Crossroads of Cybercrime: Youth, Enterprise and State Vulnerabilities in the Digital Age

  International Journal of Cybersecurity Intelligence and Cybercrime · 2025-04-01

  articleOpen accessSenior author

  Cybercrime events continue to escalate globally, impacting individuals, private and public organizations, and government agencies alike.The articles in this issue address four critical areas that demand increased attention if cyber-victimization is to be reduced.The first study examines online offending among Israeli adolescents, linking it to cognitive decision-making and prior victimization.The second highlights the vulnerabilities within Bangladesh's banking sector, where weak governance and limited cybersecurity measures have left institutions exposed.The final study focuses on the global threat to Small and Medium Enterprises (SMEs), revealing how generic cybersecurity frameworks fail to meet their unique needs.Together, these articles raise awareness of key challenges in the fight against cybercrime and offer informed, practical solutions to help individuals and organizations reduce the risk and impact of cyberattacks.

  PublisherOA PDFDOI

• Global Insights and Collaborative Frameworks: Advancing International Security Through the Boston University-Korean National Police University Summer Study Abroad Program

  Journal of Criminal Justice Education · 2025-07-03

  article1st authorCorresponding
  PublisherDOI

• Modus Operandi and Blockchain Analysis of Romance Scams: Cryptocurrency-Driven Victimization

  International Journal of Cybersecurity Intelligence and Cybercrime · 2025-01-01

  articleOpen accessSenior author

  Romance scams are financially driven crimes that exploit emotional manipulation to deceive victims.Scammers gain trust, then request funds under false pretenses, frequently laundering the proceeds through cryptocurrency.Using self-reported data from Chainabuse.com (May 2022 to October 2024), 107 verified cases were analyzed using descriptive statistics, ordinary least squares (OLS) regression, and blockchain forensic analysis to examine three components: (1) the modus operandi of romance scams, (2) the financial deception strategies used to defraud victims, and (3) cryptocurrency laundering patterns.Findings reveal that Bitcoin and Ethereum are the most frequently used cryptocurrencies and are strongly associated with to monetary losses.Tinder emerged as the most common platform for initiating contact, with WhatsApp used for continued communication.Most cases involved fake investments schemes and emergency scenarios.Laundering techniques included mixers, self-funding, swapping, and peel chains.Use of mixers was linked to higher individual losses, while frequent swaps were negatively correlated with losses at the cluster level.Tools like MetaMask and exchanges such as OKX showed varying financial impacts, and direct deposits were associated with lower losses.These findings underscore the evolving sophistication of crypto-involved scams and highlight the need for advanced blockchain investigation tools, riskbased case prioritization, and public education to enhance prevention and enforcement.

  PublisherOA PDFDOI

Frequent coauthors

• Claire Seungeun Lee

  University of Massachusetts Lowell

  45 shared

• Sinyong Choi

  18 shared

• Robert Cadigan

  18 shared

• Elizabeth K. Englander

  18 shared

• Seong-Sik Lee

  Soongsil University

  16 shared

• Jeeseon Hwang

  Seoul National University

  9 shared

• Bo Ra Jung

  Boston University

  8 shared

• Jin Ree Lee

  George Mason University

  7 shared

Education

• Ph.D. , Criminology

  Indiana University of Pennsylvania

  2008

• MS, Criminal Justice

  Boston University

  2002

• BS, Criminal Justice

  Northeastern University

  2000

Awards & honors

• Cyber-Routine Activities Theory (Cyber-RAT) (2008)
• Founder of the Cybercrime Division at the American Society o…
• President of the Korean Society of Criminology in America (K…
• Invited lecturer for the UNICRI–UPEACE LLM in cybercrime, cy…
• Founding editor and editor-in-chief of the International Jou…