User:CrimBW

'

Profiling the Cyber-Criminal
Introduction Criminal profiling is not a new approach to the study of criminals and the motives behind their crimes. However, as society becomes more and more dependent upon technology and computers, a new breed of criminal has evolved. This type of criminal utilizes technology to help commit what are referred to as cyber-crimes. Previous methods and theories used to investigate more “common” crimes are falling short of providing an outline of what type of person commits cyber-crime. Criminal profiling can provide a useful framework in determining who these cyber criminals are and what can be done to prevent these types of crimes. Cyber-crime is quite similar to the more typical crime in that both seek out victims. This point is where the similarities end. Criminal groups and individual perpetrators no longer need to be close to each other or the crime scene as is the case with traditional crimes (Jahankhani & Al-Nemrat, 2010). Additionally, as the technology advances and evolves, so do the criminals themselves making it more difficult to create a profile of cyber criminals. Profiling in addition to other investigative techniques can give law enforcement a better picture of what types of persons would engage in this form of criminal behaviour. Profiling criminals dates back to the 15th Century as society attempted to understand the criminal mind and the motivations behind criminal behaviour (Nykodym et al., 2005). The goal was to learn what makes criminals differ from those of us who abide by society’s laws. Early successes include the profile created by Dr. Thomas Bond regarding “Jack the Ripper” and Dr. James Brussel and his profile on the “Mad Bomber” in which they were both able to give specific detail down to what investigators would find the perpetrators wearing at the time of arrest (Nykodym et al., 2005). Profiling as it exists today has been recognized as an official field of study by the FBI since the 1970’s. The process of profiling was divided into two models. The inductive model argues from general to specific in that it uses data for predictions of behaviours and personality traits of an offender for specific cases (Rogers, 2003). The deductive model argues from specific to general. This model uses evidence which is analysed and then used to create a behavioural profile of an offender (Rogers, 2003). The outcomes are then used to classify an offender as either “organized, non-social” or “disorganized, asocial”. Both methods are used not to identify a specific offender but to give investigators the ability to narrow down a suspect pool and utilize resources efficiently (Rogers, 2003). These models do, however, rely heavily on an existing database of information gathered from previous crimes. There are claims that the information does not apply effectively to cyber-criminals and may be culturally biased. There have been other disciplines which have contributed to criminal profiling in addition to the FBI. Canter (1995), uses an investigative psychology approach to profiling. This approach is similar to the FBI method but instead uses a Five Factor model. This model combines concepts from environmental psychology and also includes Circle Theory in its methods. This theory argues that an offender can be classed as either a “marauder” or “commuter” (Rogers, 2003). This typology states that a “marauder” tends to operate within a short distance from his or her “home-base”. Those who are classified as “commuter” offenders tend to engage in criminal activity only after travelling some distance from his or her “home-base” (Rogers, 2003). Once again, a criticism of this method stems from the heavy reliance upon previous information located in an offender database. As one can see, these approaches can be modified to the cyber-criminal but do contain some irrelevant concepts such as operating distance from the crime.

What is Cyber Crime? Although both of these approaches to criminal profiling have advantages as well shown to have successful results, when applied to the cyber-criminal, they leave much to be desired. Part of the problems surrounding the profiling of cyber-criminals is that there are many types of cyber-crimes and therefore many types of individuals who commit these crimes. According to Burden et al., there are two types of cyber-crimes, “true” cyber-crimes which would not exist without the internet, and “e-enabled” crimes which existed prior to, but are now perpetrated on the internet (2003). “True” cyber-crime includes acts such as hacking, cyber-vandalism, dissemination of viruses, domain name hacking, and denial of service attacks (Smyth, 2010). These acts, as stated earlier, did not exist prior to the worldwide web (Burden et al., 2003). Law enforcement must therefore create an entirely new framework from which to evaluate these types of crimes and those who perpetrate them. The second type of cyber-crime, “e-enabled” crimes, consist of acts such as misuse of credit cards, information theft, defamation (not criminal but is malicious), copyright infringement, hate sites, and more (Burden et al., 2003). Cyber-crime can affect both individuals and business. This can be both on a local and global level. Due to the fact that criminals can be located in countries outside of where the crime is committed, it is increasingly difficult for law enforcement to successfully bring perpetrators to justice for their crimes. International governments often have laws regarding internet crimes that are not compatible with other countries and more often than not directly conflict with each other (Smyth, 2010). This issue has been addressed by the Council of Europe’s Convention on Cyber-Crime which has created a treaty to combat cyber-crime through establishing international standards (Nykodym et al., 2005). Although the effort is being made, there is still difficulty regarding ratification and global acceptance of the treaty. There is also the issue of anonymity on the internet in terms of bringing a perpetrator of cyber-crime to justice regardless of global acceptance. Due to the anonymity of the internet, cyber-crimes are being committed more increasingly. The anonymity provides a cloak from under which perpetrators may exhibit impulses and behaviours they would otherwise refrain from (Rogers et al., 2006). Previous profiling techniques based on classical theoretic frameworks can still be utilized for these types of crimes but with limited success. Previous criminological theories regarding crime did not take into account the possibility of crimes being committed without the physical presence of a perpetrator. Thus the anonymity of the internet presents a significant problem to both researchers and law enforcement in terms of both investigation and prevention.

Approach to Profiling Cyber-Criminals In order to combat the arising issues in investigation and prevention of cyber-crimes, law enforcement and academics have implemented revised frameworks and theories to determine the types of persons who would commit these crimes. The FBI’s Behavioural Evidence Analysis (BEA), is one of the new approaches to investigation (Turvey, 2002). This approach is a two-phase, four-step analysis. The first phase is the investigative phase when the crime or event has taken place but there are no offenders in custody (Rogers, 2003). The second or trial phase consists of assessing a known event with a known offender. These phases look at the forensic evidence from an event or crime and use it to reconstruct the behaviour of the perpetrator (Rogers, 2003). The investigative steps which are part of the two phase approach are set up in four parts. The first step is referred to as the Equivocal Forensic Analysis. This consists of the gathering of as much information as possible from the event (crime) and evaluating the accumulated evidence. Step two deals with the Victimology of the crime. This step entails the assessing of the victim including an in-depth analysis of the victim. Step three is referred to as Crime Scene Characteristics which encompasses the location of the crime and the approach the perpetrator used toward the victim. The fourth and final step consists of the assumptions of an offender’s personality and behaviour.

Recent Research Due to the ever changing nature of the online environment, it is necessary to utilize whatever means necessary to determine the characteristics of a cyber-criminal. Recent research has implemented both the FBI approaches and the psychoanalytical approaches to profiling. Using the BEA analysis method certain characteristics have been uncovered regarding those who are considered “insider cyber-criminals” (Nykodym et al.. 2005) These criminals usually work within the targeted organization either as ordinary employees or in management positions. These insiders contribute to significant corporate losses whether it is due to lack of productivity from unauthorized net use while on the job, or due to unauthorized access to company files, customer information or monetary fraud. The higher the position within the company, the more financial loss is associated with the crime (Nykodym et al.,2005). “Insiders” may be experts in their respective fields such as hackers, programmers, and cyber-security professionals. Current legislation is seemingly inadequate when it comes to the tracking, apprehension and prosecution of these types of criminals. These individuals may act on their own or in groups. Typically, these individuals are between the ages of 30-60, are cautious of how they present themselves, and are adept at blending in (Nykodym et al., 2005). The types of cybercrimes they commit range from espionage, theft, to sabotage. Research has shown that those who commit sabotage are typically committing the crime as a means of revenge for a recent lay-off or are disgruntled due to being overlooked within the organization. The higher an “insider” is within the organization directly correlates to the amount of money stolen or embezzled. Theft less than $100,000 is usually attributed to someone lower in the hierarchy whereas theft greater than $1,000,000 is attributed to those in top management (Nykodym et al., 2005). These offenders have a distinct approach to their crimes. Their methods develop over time and range from running other’s attack scripts to the creation and implementation of their own malicious scripts (Rogers, 2003). They will also have behaviours which can be considered signatures. These signatures can be nicknames which are “signed” to the scripts they create. These signatures as with conventional criminals are unique to the individual and can help identify them to law enforcement (Rogers, 2003). Motivations behind cyber-crime can be examined more thoroughly by using the psychoanalytical approach to profiling. Research conducted by Bissett and Shipton assert that those who commit acts such as virus creation and infection have both conscious motives as well as unconscious psychodynamic motives for their crimes (2000). The conscious motives include non-specific malice, political motivations, commercial sabotage as well as revenge. The unconscious psychodynamic motivations include possible envy of those within the organization who perform better, have better ideas or do superior work. Additionally, they may be attempting to cope with their inability to maintain close relationships with others due to a need for control and find that the cyber-crimes fulfill these needs (Bisset & Shipton, 2000).

Conclusion Criminal profiling can be an extremely useful tool in the process of studying cyber-criminals. Although the approaches may differ, the information gleaned from such efforts can provide a clearer picture of who these criminals are and what their motivations are for the crimes they commit. Deductive profiling such as the BEA method can provide a means to effectively evaluate the criminals who choose to commit their crimes via the internet. Although cyber-crime is a relatively new phenomenon, the results of such approaches are promising. There is a need to further develop these approaches. The nature of the internet is not static and requires flexibility in the investigation of crimes committed within its non-existent boundaries.

References Jahankhani, H., Al-Nemrat, A., (2010). Examination of Cyber-Criminal Behaviour. International Journal of Information Science and Management, Special Issue: January/June 2010. Rogers, M., (2003). The role of criminal profiling in the computer forensics process. Computer & Society, 22(4), 292-298. Turvey, B., (2002). Criminal Profiling, An Introduction to Behavioural Evidence. UK, Elsvier. Burden, K., Palmer, C., (2003). Cyber Crime- A New Breed of Criminal? Computer Law & Society Report, 19(3), 222-227. Rogers, M., Seigfried, K., Tidke, K., (2006). Self-Reported Computer Criminal Behaviour: A Psychological Analysis. Digital Investigation, 3(s), 116-120. Rogers, M., Smoak, N.D., Liu, J., (2006). Self-Reported Deviant Computer Behaviour: A Big 5, Moral Choice, and Manipulative Exploitive Behaviour Analysis. Deviant Behaviour, 27, 245-268. Nykodym, N., Taylor, R., Vilela, J., (2005). Criminal Profiling and Insider Cyber Crime. Digital Investigation, 2, 261-267. Rogers, M., (2003). The Role of Criminal Profiling in the Computer Forensics Process. Center for Education and Research in Information Assurance and Security, Purdue University. Smyth, S. (2010). Cybercrime in Canadian Criminal Law. Carswell. ISBN: 978-0-7798-2889-0.