Shaping cyber security decisions through cybercriminal operations.