This study examines how courts differentiate offender roles in Trojan malware–related cybercrime through an analysis of 165 Chinese criminal judgments issued between 2012 and 2024. Rather than treating Trojan malware offenses as a uniform category, judicial offense descriptions are coded at the offense level and organized into role-based structures. At the case level, two core structural dimensions are identified: conduct involving system access and conduct involving escalation-related activities. Combining these dimensions yields four analytically distinct role types: Tech-only, Access-only, Escalation-only, and Access-and-Escalation. To assess whether these role distinctions correspond to differentiated judicial outcomes, sentence length, illegal gain (log-transformed), and offender count are compared across the four role types using non-parametric methods. Kruskal–Wallis tests indicate significant overall differences across roles for all three outcomes (sentence length: p < .001; illegal gain: p < .01; offender count: p < .01). Using Access-only cases as the baseline for post hoc pairwise comparisons, Mann–Whitney U tests with Holm correction show that Access-and-Escalation cases are associated with longer sentences, higher illegal gains, and larger offender groups (p < .05). By contrast, Escalation-only cases do not exhibit stable differences from the baseline across outcomes, while Tech-only cases receive longer sentences without corresponding increases in criminal scale or economic gain. Empirical cumulative distribution function (ECDF) analyses further indicate that these differences are concentrated in the upper tails of the outcome distributions rather than reflecting uniform shifts across cases. Substantively, the results suggest that judicial assessments of Trojan malware crime severity are structured neither by technical access alone nor by escalation in isolation, but by their intersection. A role-based perspective centered on system access and escalation may help clarify how courts reason about responsibility and severity in technologically complex cybercrime.

Authors:
Feng-Shuo Chang, Guangdong University of Petrochemical Technology, China
Jingying Liang, Guangdong University of Petrochemical Technology, China

About the Presenter(s)
Dr FENG-SHUO CHANG is a University Associate Professor/Senior Lecturer at Guangdong University of Petrochemical Technology in China

See this presentation on the full schedule – Monday Schedule

Bookmark