Total Security Advisor
Practical Security Tips, News & Advice.
Updated: Jan 4, 2023
Have you ever wondered what motivates some people to commit cybercrimes targeting personal and corporate victims? Who are these twisted people? How do you recognize them? Is it possible there’s a cybercriminal lurking in your book group or sitting down at your holiday dinner table?
Law enforcement agencies have been researching the backgrounds, personal qualities, and patterns of behavior exhibited by persons engaged in data ransoming, identity theft, and a host of other cybercrimes with the aim of developing a criminal profile of the typical hacker.
You may have seen fictional accounts of criminal profiling in action on TV. The TV series Criminal Minds, which ran for 15 years, first exposed many viewers to the concept of profiling. Shows like Mindhunter, which chronicled the FBI agents who first introduced the concept of criminal profiling, followed on its heels.
But these dramatizations, while undoubtedly entertaining, didn’t always provide the most accurate information about how profiling works. So, let’s dig a little deeper into the mechanics of profiling and what profiling has revealed about cybercriminals.
Let’s start with what it’s not. In the world of criminal justice, profilers aren’t psychics. “Profiler” is not an actual job title. There’s no one person who possesses extraordinary intuition and solves crimes through purely psychological insights. No single person employed by a law enforcement organization owns that moniker.
Rather, criminal profiling is a strategic process that’s cooperatively undertaken by a wide range of law enforcement employees. It’s a blend of forensics—a hard science—and psychology, which, after all these years, is still considered a soft science
Forensic science involves examining physical crime scene evidence, like DNA, fingerprints, blood patterns, bullets, and the like. According to the American Psychological Association, “forensic psychology emphasizes the application of research and experimentation in other areas of psychology (e.g., cognitive psychology, social psychology) to the legal arena.”
In other words, it’s a blend of psychology and law. Forensic psychologists use the vast body of psychological data to cross-reference patterns of criminal behavior. Investigators are able to make inferences and predictions based on these patterns. That’s how forensic psychology is used to solve crimes.
Since cyberattacks are digital by definition, physical evidence of the crimes is hard to come by. According to the FBI, the first major computer crime—the Morris Worm—was perpetrated in 1988. But it took until the late 1990s for a new field of criminal investigation to emerge: digital forensics. Digital forensics is the process of gathering, analyzing, and preserving digital evidence for future use in solving cybercrimes.
Like serial killers and bank robbers, cybercriminals follow certain patterns of behavior and may leave “digital signatures” in the wake of their crimes. They may also share some demographic traits, experiences, interests, habits, and psychological traits. Digital forensic psychologists create profiles of cybercriminals based on these shared characteristics. These profiles help investigators narrow the field of suspects and identify perpetrators. To simplify the method they use, you could say, “Why plus How equals Who.”
To be sure, cybercriminals are a diversified cast of characters and can’t be painted with too wide a brush. Over the years, forensic psychologists have been able to identify certain traits that criminal hackers have in common. But scientists admit that the relatively short history of cybercrime, a lack of abundant data, and the subjects studied—who were not always perpetrators of serious crime but rather dabblers—means there’s lots more evidence to be gathered in support of the profiles they’ve developed. But let’s take a look at what the research reveals so far.
One of the more comprehensive studies of cybercriminals was launched in 2018 by Hyslip and Holt. It involved 821 respondents, all of whom self-identified as cybercriminals. The data gathered by the study was all self-reported by survey participants, which scientists caution may impart a certain amount of bias. For example, when asked to assess their own levels of skill on a scale of 1 to 10, most survey respondents gave themselves a 10, but the second most common answer was 1.
The truth probably lies somewhere in between. But in terms of basic demographics, the survey found that respondents were predominantly male (88%), white (63%), and young. The majority of respondents had also attended college. Smaller studies found that 68.6% of respondents were single. The majority were employed and had no criminal record.
The lone-wolf theory of cybercriminals has been largely debunked. Cybercriminals often work in small groups. That’s particularly true of hacktivists, a subset of cyber offenders who are united by common beliefs, often political in nature. But group affiliation isn’t limited to hacktivists. A significant portion of cybercriminals belong to cybercrime gangs. Gangs facilitate a wide range of crimes, from extortion to credit card fraud to money laundering.
But fraternity has further penetrated the digital underworld. Arguably, one of the reasons cybercrime is on the rise is that there is an established business community dedicated to providing cybercriminals tools they can use to commit crimes. These businesses, sometimes known as “booters” or “stressers,” offer a wide range of products, such as ready-made Distributed Denial of Service bots, ransomware-as-a-service, and platforms hackers use to test their attacks prior to launch. Many are as organized as any other SSaS corporation and have familiar executive hierarchies, profit goals, and the like.
The Hyslip and Holt research project found that 89% of cybercriminals interviewed had purchased services from one or more cybercrime companies. And they’re largely satisfied customers, with 74% reporting that the services they purchased worked as advertised.
Profilers not only study “whats”—the type of crime, victims, and technical means used to commit cybercrimes—but also the “whys”:
Between 2020 and 2021, the number of cyberattacks globally increased by over 15%. Organizations struggled with the challenge of protecting data, given the new work-from-home culture that the global pandemic created. During the first half of 2022, the statistics were even more alarming. Globally, we saw a 42% increase in cyberattacks.
Certainly, the data suggests that the world is largely unprepared for the frequency, size, and sophistication of today’s cyberattacks. By some estimates, cybercriminals are capable of breaching over 90% of internal business networks. And that doesn’t account for the millions of personal computers in our homes.
But organizations and individuals are responding to the growing threat. The global cybersecurity market grew from $181.12 billion in 2021 to $201.33 billion in 2022, with the greatest increase in spending attributed to small-to-midsize businesses. Individuals are stepping up their security game, too. The value of the global identity theft protection market was valued at $10.07 billion in 2021 and rose to $11.39 billion in 2022. About 80 million households in the U.S. use some kind of anti-virus software.
The vast majority of cybercriminals today are never caught. Knowing they can escape detection may further embolden bad actors. Ultimately, the aim of profiling is to identify cybercriminals and bring them to justice. Organizations such as the National Cyber Forensics and Training Alliance, the Anti-Phishing Working Group, the U.S. Secret Service’s Electronic Crimes Task Force, and the FBI’s Cyber Action Team are working to raise up the art and science of profiling. Cooperation among the public, private, government, and academic sectors will be key to learning what makes cybercriminals tick and bringing the cybercrime epidemic we’re currently facing under control.
Susan Doktor is a veteran journalist and brand strategist with more than 30 years of writing experience. She writes about a wide range of topics, including personal and B2B finance and the cybersecurity market. Her contribution comes to us courtesy of Money.com.
Download this free report to learn seven steps to protect your facility from workplace violence.
This report is sponsored by the Total Security Summit, an event specifically organized for VPs, Directors, and Managers of Security who are directly concerned with their facility’s security and safety operations.
The Security Industry Association (SIA) announced a major milestone in its SIA OSDP Verified initiative – that over 100 device models have been named OSDP Verified through the comprehensive program, which validates device conformance to the SIA Open Supervised Device Protocol (OSDP) standard. SIA OSDP standard is an access control communications protocol standard maintained by SIA to improve interoperability, add […]
GXO Logistics, Inc., the world’s largest pure-play contract logistics provider, announced that it has deployed advanced air and ground security robotics at one of its major distribution centers in Clayton, Ind., and plans to significantly increase deployment of automated security systems across other sites within the next year. This would be the largest air and […]
The Security Industry Association (SIA) is pleased to announce the first members of its Utilities Advisory Board Steering Committee. SIA created the Utilities Advisory Board to offer insight and education to security practitioners, members of the security industry and other stakeholders about emerging security trends, regulatory compliance issues, and recommended practices for protecting utility infrastructure. The steering committee members, […]
SILVER SPRING, Md. – The Security Industry Association (SIA) has named Alice DiSanto the 2022 recipient of the SIA Committee Chair of the Year Award, which recognizes individuals for excellence in leading SIA committees and advancing member objectives. SIA will present DiSanto with the award at The Advance, SIA’s annual membership meeting, which will be held March 22 during […]
ISC West, in collaboration with premier sponsor Security Industry Association (SIA), continues to experience steady growth for the upcoming event, and will be taking place just less than two months away on March 22-25, 2022 at the Venetian Expo in Las Vegas (SIA Education@ISC: March 22-24 | Exhibit Hall: March 23-25). After initial reports of […]
Our world is full of threats both external and internal. This whitepaper encourages looking at life safety and security measures on your campus from another perspective. Most facilities have addressed access control and the securing of main doors, but those should be measures of last resort. There are steps you can take — some that you may not have considered — to mitigate the threat before it arrives at your front door.
The 2019 Total Security Salary Guide is here to help physical and technical security employers and employees understand where they stand in today’s security job market. This Salary Guide includes not only salary and wage data from 2017 to 2018, but also certification information as it applies to 20 benchmarked exempt and nonexempt security positions.
A proliferation of cameras has resulted in an overwhelming amount of video available to security operators, analysts and investigators. Technology that used to be prohibitively priced, is now cheap and readily accessible.
Learn how to protect your people, assets and physical spaces better with AI-powered solutions that deliver whole-building security.
