The Profile of a Cyber CriminalAdded 24th Aug 2011
- Recent research points out that criminal profiling has a success rate of 77 percent in assisting traditional investigations.
Which of the following is most likely to get stopped and interrogated at the JFK International Airport?
a) An eccentric scientist carrying exotic species of insects?
b) Charlie Sheen?
c) A brown-skinned man wearing a robe?
If you’re thinking C then you’re probably aware that criminal profiling is a practice that law enforcement agencies around the world use. In fact, it’s being used so much that it’s given profiling a bad name. But the basic premise is sturdy: Bad guys are predictable because they are creatures of habit.
And that’s why criminal profiling is beginning to spread to the cyber world.
For years now, forensic psychologists and behavioral sciences have been working in collaboration with law enforcement agencies to integrate psychological science into criminal profiling.
The most popular method of criminal profiling, offender profiling, aims to identify criminals based on an analysis of their behavior while they engage in the crime. The underlying rational is simple: If behavior is common across crimes, it is probably the same criminal because behavior is related to the psycho-socio characteristics of an offender.
Behavior is revealed by the choices offenders make while committing a crime. This could include their modus operandi, the location of the crime, and the weapon of choice among others. This information is then combined with other pieces of physical evidence, and compared with the characteristics of known personality types and mental abnormalities to develop a practical working description of an offender. This study of the psyche of a criminal is considered ‘the third wave’ of investigative science.
Criminal profiling began being used as a tool for investigation as far back as the beginning of the 20th century. The role of profiling first garnered interest following the infamous Jack, the Ripper killings in England. “Traditional policing systems like the Kotwali system, too, had a system of recording behavioral traits of criminals to arrive at some sort of a profile of a criminal,” says S. Murugan, deputy inspector general of police, Cyber Cell, Bangalore.
But it’s only recently that the science has really caught the fancy of the public. TV shows including CSI, the Mentalist, and Castle have all gotten on the study-the-mind-of-a-killer bandwagon.
In reality though, much more ground needs to be covered. “The criminal profile practice in India is largely done by the police with the help of forensic experts. But there is not a great degree of psychoanalysis of offenders,” admits Murugan.
“The current practice of criminal profiling is based on crime scene characteristics and demographic details; it does not include much of behavioral tendencies and personality traits,” continues Dr. S.L. Vaya, director, Institute of Behavioral Science at the Gujarat Forensics Science University, which claims to be the first of its kind in India.
Part of the problem is the controversy surrounding the effectiveness of criminal profiling, along with lack of empirical evidence supporting its effectiveness. But recent research points that criminal profiling is estimated to have a success rate of 77 percent in assisting traditional investigations.
The world of cyber crime significantly reshuffles the rules of criminal investigation. Unlike traditional crime scenes, evidence often exists only in the cyber-world; in a computer, a network, or the Internet. The weapon of choice—also a computer, a network, or the Internet—is volatile and easily contaminated or destroyed. And that’s why CIOs and CISOs need to build robust ecosystems that can create accurate and reliable logs and audit trails.
But even that has its limitations. While log and audit trails could lead security analysts to a perpetrator, most often the trail ends at a computer, a server or a network —not the face behind it. As a result only five percent of cyber criminals are caught and prosecuted.
It is this faceless dimension of cyber crime that compounds its challenge. And that’s why the use of profiling will almost certainly grow over time.
“I think the concept of profiling is an excellent step. However, since most of cyber crimes are faceless attacks, what would be great is if we could extend the concept of profiling to websites or URLs that are most likely to send malicious content or associated with criminal activity,” says Manish Dave, CISO, Essar Group.
If cyber criminals rely on the pseudo-anonymous nature of the Internet and technology to camouflage their true identities, it is up to security leaders to use another method to locate them. Fortunately, a cyber criminal’s facelessness doesn’t extend to other telling signs of crime: Motivation, MO, and signature behaviors. And criminal profiling relies heavily on such clues.
“Criminal profiling can also be especially useful during the process of recruiting. As the trend of planting snitches in companies increases, it would be a great tool to keep in mind while conducting background checks of employees,” says Parag Deodhar, chief risk officer, and VP process excellence and program management, Bharti AXA General Insurance.
Kotak Mahindra Bank creates a Facebook app that allows users to send money to friends while on Facebook—without needing to know their account number.
Integration of legacy systems discourages Indian firms from adopting new tech. Top CIOs share their views.
Bharat Goenka, Co-founder and MD of Tally, shares why the company is one of the biggest success stories in the Indian software product space.
For a CCOO, there is already a shift from being a house-keeper to managing customer experience as a holistic strategy, says Kamal Bajwa, chief customer operations officer at Tata Sky.
Kokilaben Dhirubhai Ambani Hospitals is leveraging modern IT systems for its patients, staff, and doctors to ensure patient safety by cutting down manual intervention to a minimum.
Sharat Sinha, VP, APAC, Palo Alto Networks on a India visit spoke about why India Inc. is warming up to the company’s next gen firewall pitch.
Informatica World Tour 2014 is all about the essential role of data in shaping our businesses and lives.
To further the cause of IOT in India, Prateek Pashine, head- Enterprise Business, Tata Teleservices throws light on what IoT is and how its sensors work.
Connected TV is becoming a mainstream concept–and both, consumers and the industry, are aware of the impact it will have on the future of television in India, says Jutla, CTO, Tata Elxsi.
During his recent visit to India, Alan Perkins, former Rackspace Asia Pacific CTO, shared his thoughts on the future of OpenStack, new generation cloud computing technologies and responded to a recent statement by a Gartner analyst that made light of OpenStack.
Analytics and Mobility solutions to monitor water distribution and prevent water loss from leakages.
Adrian Jones, President, Asia Pacific & Japan, Symantec, on why the company still remains a titanic force in the fast-changing security world.
Microsoft estimates that server migration will take at least 200 days and application migration may take more than 300 days.
By setting up a new data centre, which is also the 44th overall, Tata Communications is set to take its service capabilities to a whole new level. This new facility is sure to cement the company’s position as a leader in the ICT market.
Heading an enterprise’s IT means answering thousands of questions every day. From business impacting decisions like how much to charge a customer for a service, to in-house daily process hold ups like whether to deny or approve an insurance claim. CIO Magazine, in association with Airtel, hosted a roundtable to discuss with CIOs and IT heads from various industries to discuss the latest thinking around managed IT services and how do they think it potentially benefits their IT.