Criminal profiling and insider cyber crime

doi:10.1016/j.diin.2005.11.004

Digital Investigation

Volume 2, Issue 4, December 2005, Pages 261-267

https://doi.org/10.1016/j.diin.2005.11.004 Get rights and content

Abstract

On a global scale, cyber crime has skyrocketed with the advancement of the electronic medium. While progress is being made in combating cyber crime (particularly with the Council of Europe's Convention on Cyber Crime), a large gap continues to exist in legislative compatibility across international borders. Often overlooked in regard to profiling is cyber crime. The idea that an individual committing crime in cyberspace can fit a certain outline (a profile) may seem far-fetched, but evidence suggests that certain distinguishing characteristics do regularly exist in cyber criminals. This can be particularly useful for companies (the most often hindered victims of cyber crime) attempting to do away with cyber criminals inside their own walls (the most common type of cyber criminals). Whether they are simply breaking company policy by browsing the Internet while on the clock or embezzling thousands of dollars through the company's network, insiders are a very real problem that companies spend millions of dollars annually to prevent. An accurate profile of an inside cyber criminal may help in identification both prospectively and retrospectively.

Section snippets

History of profiling

The profiling of criminals dates back to the 15th century. The investigative technique's path through history has been, at times, poorly documented and marred with occasional inaccurate findings and prejudices. As many adversaries as the method seems to have, however, there exists strong instances throughout history in which the process has produced incredible results that demand attention and consideration. Today, profiling takes a very different form than it did in the 1400s. Since the 1970s

Cyber crimes against business

Cyber crime is a hot topic of the 20th century. The world stands at a crossroads for developing defense mechanisms against it. Cyber crime by its most general definition can be any crime committed over a computer network.¹⁷ These crimes have been occurring since the creation of the Internet. If there is information to be shared, there is information to be sabotaged. The challenge is faced by every online individual, company or

Insider cyber crime and abuses

Insider abuse of Net access and unauthorized insider access are two concerns for employers. While insider abuse of net access went up to US$50,099,000 from US$35,001,650 in 2001, the unauthorized insider access decreased to US$4,503,000 from US$6,064,000 (Power, 2002).²⁵ Upwards of 70% of all computer crime directed toward companies is committed by insiders.²⁶ The insider abuse of

Profiles and cyber criminals

There are many differences between cyber crime and conventional crime both in committing the crime and in prosecuting it. All of which seem to favor the criminals. This makes it very difficult to track, catch, and prosecute cyber criminals within the current legal system. Many times, the cyber criminal may be far away from the place where the crime takes place. The attackers can choose the place they will be at the time that the crime is to be committed because cyber crime does not require a

Applying profiles to insiders

In order to make the most precise profile of an inside cyber criminal, the first step will be to divide the type of cyber crime into one of many possible subcategories. Insider cyber crime can be generalized in four main categories: espionage, theft, sabotage, and personal abuse of the organizational network.

A spy is: “a person who keeps close and secret watch on the activities and words of another or others” or “a person who seeks to obtain confidential information about the activities, plans,

References (0)

Cited by (26)

Andro-AutoPsy: Anti-malware system based on similarity matching of malware and malware creator-centric information
2015, Digital Investigation
Citation Excerpt :
Our proposed profiling system, which comprises mobile devices and a remote server, is analogous to criminal profiling. In the real world, criminal profiling, also known as offender profiling, is a methodology that is intended for helping investigators accurately predict and profile the characteristics of unknown criminal subjects or offenders (Kocsis, 2009; Nykodym et al., 2005; Rogers, 2003). We adopt criminal profiling methodology in the malware analysis domain.
Mobile security threats have recently emerged because of the fast growth in mobile technologies and the essential role that mobile devices play in our daily lives. For that, and to particularly address threats associated with malware, various techniques are developed in the literature, including ones that utilize static, dynamic, on-device, off-device, and hybrid approaches for identifying, classifying, and defend against mobile threats. Those techniques fail at times, and succeed at other times, while creating a trade-off of performance and operation. In this paper, we contribute to the mobile security defense posture by introducing Andro-AutoPsy, an anti-malware system based on similarity matching of malware-centric and malware creator-centric information. Using Andro-AutoPsy, we detect and classify malware samples into similar subgroups by exploiting the profiles extracted from integrated footprints, which are implicitly equivalent to distinct characteristics. The experimental results demonstrate that Andro-AutoPsy is scalable, performs precisely in detecting and classifying malware with low false positives and false negatives, and is capable of identifying zero-day mobile malware.
Impacts of increasing volume of digital forensic data: A survey and future research challenges
2014, Digital Investigation
Citation Excerpt :
Producing a profile of a suspect is another facet of criminal intelligence. Nykodym et al. (2005) discuss the application of psychological profiling techniques to create profiles in relation to cyber criminals and cyber-crimes. Abraham (2006) discusses the application of investigative or criminal profiling to identify the personality characteristics of a user, such as email authorship analysis.
A major challenge to digital forensic analysis is the ongoing growth in the volume of data seized and presented for analysis. This is a result of the continuing development of storage technology, including increased storage capacity in consumer devices and cloud storage services, and an increase in the number of devices seized per case. Consequently, this has led to increasing backlogs of evidence awaiting analysis, often many months to years, affecting even the largest digital forensic laboratories. Over the preceding years, there has been a variety of research undertaken in relation to the volume challenge. Solutions posed range from data mining, data reduction, increased processing power, distributed processing, artificial intelligence, and other innovative methods. This paper surveys the published research and the proposed solutions. It is concluded that there remains a need for further research with a focus on real world applicability of a method or methods to address the digital forensic data volume challenge.
Influencing factors identification in smart society for insider threat in law enforcement agency using a mixed method approach
2022, International Journal of System Assurance Engineering and Management
Informational Consciousness and cyber crimes: A study of a sample of social network users
2022, Journal of Faculty of Arts, Fayoum University
(De-)constructing attacker categorisations: A typology iteration for the case of digital banking
2020, Journal of Universal Computer Science
Examining and constructing attacker categorisations — An experimental typology for digital banking
2019, ACM International Conference Proceeding Series

View all citing articles on Scopus

View full text