The Profile of a Cyber CriminalAdded 24th Aug 2011
- Recent research points out that criminal profiling has a success rate of 77 percent in assisting traditional investigations.
Which of the following is most likely to get stopped and interrogated at the JFK International Airport?
a) An eccentric scientist carrying exotic species of insects?
b) Charlie Sheen?
c) A brown-skinned man wearing a robe?
If you’re thinking C then you’re probably aware that criminal profiling is a practice that law enforcement agencies around the world use. In fact, it’s being used so much that it’s given profiling a bad name. But the basic premise is sturdy: Bad guys are predictable because they are creatures of habit.
And that’s why criminal profiling is beginning to spread to the cyber world.
For years now, forensic psychologists and behavioral sciences have been working in collaboration with law enforcement agencies to integrate psychological science into criminal profiling.
The most popular method of criminal profiling, offender profiling, aims to identify criminals based on an analysis of their behavior while they engage in the crime. The underlying rational is simple: If behavior is common across crimes, it is probably the same criminal because behavior is related to the psycho-socio characteristics of an offender.
Behavior is revealed by the choices offenders make while committing a crime. This could include their modus operandi, the location of the crime, and the weapon of choice among others. This information is then combined with other pieces of physical evidence, and compared with the characteristics of known personality types and mental abnormalities to develop a practical working description of an offender. This study of the psyche of a criminal is considered ‘the third wave’ of investigative science.
Criminal profiling began being used as a tool for investigation as far back as the beginning of the 20th century. The role of profiling first garnered interest following the infamous Jack, the Ripper killings in England. “Traditional policing systems like the Kotwali system, too, had a system of recording behavioral traits of criminals to arrive at some sort of a profile of a criminal,” says S. Murugan, deputy inspector general of police, Cyber Cell, Bangalore.
But it’s only recently that the science has really caught the fancy of the public. TV shows including CSI, the Mentalist, and Castle have all gotten on the study-the-mind-of-a-killer bandwagon.
In reality though, much more ground needs to be covered. “The criminal profile practice in India is largely done by the police with the help of forensic experts. But there is not a great degree of psychoanalysis of offenders,” admits Murugan.
“The current practice of criminal profiling is based on crime scene characteristics and demographic details; it does not include much of behavioral tendencies and personality traits,” continues Dr. S.L. Vaya, director, Institute of Behavioral Science at the Gujarat Forensics Science University, which claims to be the first of its kind in India.
Part of the problem is the controversy surrounding the effectiveness of criminal profiling, along with lack of empirical evidence supporting its effectiveness. But recent research points that criminal profiling is estimated to have a success rate of 77 percent in assisting traditional investigations.
The world of cyber crime significantly reshuffles the rules of criminal investigation. Unlike traditional crime scenes, evidence often exists only in the cyber-world; in a computer, a network, or the Internet. The weapon of choice—also a computer, a network, or the Internet—is volatile and easily contaminated or destroyed. And that’s why CIOs and CISOs need to build robust ecosystems that can create accurate and reliable logs and audit trails.
But even that has its limitations. While log and audit trails could lead security analysts to a perpetrator, most often the trail ends at a computer, a server or a network —not the face behind it. As a result only five percent of cyber criminals are caught and prosecuted.
It is this faceless dimension of cyber crime that compounds its challenge. And that’s why the use of profiling will almost certainly grow over time.
“I think the concept of profiling is an excellent step. However, since most of cyber crimes are faceless attacks, what would be great is if we could extend the concept of profiling to websites or URLs that are most likely to send malicious content or associated with criminal activity,” says Manish Dave, CISO, Essar Group.
If cyber criminals rely on the pseudo-anonymous nature of the Internet and technology to camouflage their true identities, it is up to security leaders to use another method to locate them. Fortunately, a cyber criminal’s facelessness doesn’t extend to other telling signs of crime: Motivation, MO, and signature behaviors. And criminal profiling relies heavily on such clues.
“Criminal profiling can also be especially useful during the process of recruiting. As the trend of planting snitches in companies increases, it would be a great tool to keep in mind while conducting background checks of employees,” says Parag Deodhar, chief risk officer, and VP process excellence and program management, Bharti AXA General Insurance.
Robosoft Technologies, an Indian IT company founded in 1996 has been able to stay relevant for the last two decades because they continued to reinvent themselves constantly.
According to the State of the CIO 2015 Survey, a majority of CIOs who are considered competitive differentiators by businesses are more satisfied than those who are considered cost centers. But that’s just one of the many differences between the two.
Building a flexible, agile, and dynamic platform keeps Palo Alto Networks ahead in the fiercely competitive security market.
CIOs share their views on cyber security risks and the various strategies that can be applied to mitigate the threat.
Vadodara-based Indusface aspires to be a global market leader in the application security space with its integrated "Total Application Security” solution.
All CIOs should know where their company assets are located, says Greg Bryett, Sales Director, APAC and LAM, RF Code.
New technologies have forced organizations to rethink their security strategy. Three Indian CIOs debate the best way forward.
Intellinet Datasys creates a mobile application that allows the field staff, site engineer, and supervisor to solve customers’ problems faster.
By digitizing employee documents, Mindtree has successfully reduced its time to access information and increase customer satisfaction.
CIOs from some of India’s biggest organizations came together to exchange ideas and insights about the changing realities in the application landscape and how to cope with them.
New and sophisticated threats are giving organizations sleepless nights. But Scott Robertson, VP, Asia Pacific and Japan, WatchGuard Technologies, says that the company is at the forefront of innovative technology and is the perfect alibi for CIOs.
The modern day business environment is flipping the traditional BI model upside down, says Christof Majer, Vice President, Global Partner Sales, Qlik.
An in-depth conversation with Bill Hilf, Senior Vice President of Product and Service Management for HP Cloud, about where Helion fits in, cloud consumption models and coming change.
Mobility is taking business productivity and customer experience to new highs. That’s what a roundtable in Chennai, held in association with Airtel and the CIO magazine, uncovered.
Mobility is transforming businesses and changing how organizations work. CIOs from some of India’s most prestigious organizations gathered in Hyderabad to discuss how mobility is changing business realities.