The Profile of a Cyber CriminalAdded 24th Aug 2011
- Recent research points out that criminal profiling has a success rate of 77 percent in assisting traditional investigations.
Which of the following is most likely to get stopped and interrogated at the JFK International Airport?
a) An eccentric scientist carrying exotic species of insects?
b) Charlie Sheen?
c) A brown-skinned man wearing a robe?
If you’re thinking C then you’re probably aware that criminal profiling is a practice that law enforcement agencies around the world use. In fact, it’s being used so much that it’s given profiling a bad name. But the basic premise is sturdy: Bad guys are predictable because they are creatures of habit.
And that’s why criminal profiling is beginning to spread to the cyber world.
For years now, forensic psychologists and behavioral sciences have been working in collaboration with law enforcement agencies to integrate psychological science into criminal profiling.
The most popular method of criminal profiling, offender profiling, aims to identify criminals based on an analysis of their behavior while they engage in the crime. The underlying rational is simple: If behavior is common across crimes, it is probably the same criminal because behavior is related to the psycho-socio characteristics of an offender.
Behavior is revealed by the choices offenders make while committing a crime. This could include their modus operandi, the location of the crime, and the weapon of choice among others. This information is then combined with other pieces of physical evidence, and compared with the characteristics of known personality types and mental abnormalities to develop a practical working description of an offender. This study of the psyche of a criminal is considered ‘the third wave’ of investigative science.
Criminal profiling began being used as a tool for investigation as far back as the beginning of the 20th century. The role of profiling first garnered interest following the infamous Jack, the Ripper killings in England. “Traditional policing systems like the Kotwali system, too, had a system of recording behavioral traits of criminals to arrive at some sort of a profile of a criminal,” says S. Murugan, deputy inspector general of police, Cyber Cell, Bangalore.
But it’s only recently that the science has really caught the fancy of the public. TV shows including CSI, the Mentalist, and Castle have all gotten on the study-the-mind-of-a-killer bandwagon.
In reality though, much more ground needs to be covered. “The criminal profile practice in India is largely done by the police with the help of forensic experts. But there is not a great degree of psychoanalysis of offenders,” admits Murugan.
“The current practice of criminal profiling is based on crime scene characteristics and demographic details; it does not include much of behavioral tendencies and personality traits,” continues Dr. S.L. Vaya, director, Institute of Behavioral Science at the Gujarat Forensics Science University, which claims to be the first of its kind in India.
Part of the problem is the controversy surrounding the effectiveness of criminal profiling, along with lack of empirical evidence supporting its effectiveness. But recent research points that criminal profiling is estimated to have a success rate of 77 percent in assisting traditional investigations.
The world of cyber crime significantly reshuffles the rules of criminal investigation. Unlike traditional crime scenes, evidence often exists only in the cyber-world; in a computer, a network, or the Internet. The weapon of choice—also a computer, a network, or the Internet—is volatile and easily contaminated or destroyed. And that’s why CIOs and CISOs need to build robust ecosystems that can create accurate and reliable logs and audit trails.
But even that has its limitations. While log and audit trails could lead security analysts to a perpetrator, most often the trail ends at a computer, a server or a network —not the face behind it. As a result only five percent of cyber criminals are caught and prosecuted.
It is this faceless dimension of cyber crime that compounds its challenge. And that’s why the use of profiling will almost certainly grow over time.
“I think the concept of profiling is an excellent step. However, since most of cyber crimes are faceless attacks, what would be great is if we could extend the concept of profiling to websites or URLs that are most likely to send malicious content or associated with criminal activity,” says Manish Dave, CISO, Essar Group.
If cyber criminals rely on the pseudo-anonymous nature of the Internet and technology to camouflage their true identities, it is up to security leaders to use another method to locate them. Fortunately, a cyber criminal’s facelessness doesn’t extend to other telling signs of crime: Motivation, MO, and signature behaviors. And criminal profiling relies heavily on such clues.
“Criminal profiling can also be especially useful during the process of recruiting. As the trend of planting snitches in companies increases, it would be a great tool to keep in mind while conducting background checks of employees,” says Parag Deodhar, chief risk officer, and VP process excellence and program management, Bharti AXA General Insurance.
Named Bot-SO, this robot acts as a remote home surveillance system and communicates with users through twitter to alert them about intruders.
Compared to their peers who got a hike, these Indian CIOs are doing the right things but aren’t getting paid for it.
A recent report from the Security for Business Innovation Council (SBIC) states that technology and security teams can work independently and still ensure minimal risks within their organizations.
According to CIO India’s Mid-Year Review 2014, increase in IT spend, focus on strategic and customer impact, and business readiness to clear IT projects, are three factors that Indian CIOs say will enable business growth.
Crowdsourcing is gaining traction in the IT industry and is applauded for its advantages, but it can be secure too with a managed and private crowd.
The solution helps defend against known intrusions, protection from unknown attacks and guard against advanced persistent threats.
According to the CIO Mid-Year Review 2014, Indian CIOs are troubled by the paucity of skills in emerging technologies like cloud computing, mobility, BI and analytics.
An overwhelming 78.1 percent CIOs stated that they would spend more than the previous year on security management and planning in the current year.
Despite lapses in data security, corporate executives of Asian companies are not blaming their own IT departments, an Economist survey reveals.
While everyone talks about social, mobile, analytics, and cloud, our focus is to weave new technologies into the next generation business strategies, says Sudhir Kanvinde, CIO, IL&FS.
According to CIO Mid-Year Survey 2014, Indian CIOs are placing big bets on the SMAC stack to stay ahead of the curve.
A big chunk of buyers for IBM’s SoftLayer SaaS offerings comes from Line of Business, signaling a change in SaaS buyers in enterprises.
Mindtree, with its ‘I Got Garbage’ initiative, aims to integrate rag pickers into the main stream economy and help channelize proper waste disposal.
As the enterprise IT trends of mobility, analytics, and cloud computing gain steam, they mark a significant change in the role of a CIO.
IT leaders need to understand that today users have a greater influence on IT strategy and that organizations need to frame policies around creating digital workplaces, says a Gartner report.