Hi there
I am a student currently working on a research based dissertation entitled "Computer Criminal Profiling". It is my aim to research and explain how I believe that profiling methods used in forensic science and in profiling criminals and their behaviour could be applied and used to help benefit computer forensic investigations…
I realise some of you have discussed this before but I was hoping for some opinions or advice on the matter?
I am currently referencing the work of Markus Rogers and much of his literature; in particular "profiling cyber criminals a promising but mature science".
If anyone has any opinions or sources they would like to share it would be greatly appreciated. I have a good understanding of my project aim but other views would be very helpful.
Many thanks
Aine D
First I must say very interesting subject, second sorry for my bad English! )
As a starting point I can aim you to criminal age determining.
If site is DoS, DDos or defaced it's great chance that criminal is younger (14, 15, 16 or even 13) and if we are talking about school site I may say that is almost certain. Same age group can also be connect with, online game accounts stealing, email bomb and OS crashing.
Elder age criminals usually use they knowledge to earn money. Attacks such as server rooting, phishing, keylogging, botnet, social engineering is their "weapon".
Hope I help you a bit…
Cheess!
I'm not so sure that for general DoS, DDoS or defacement that so young is true - http//
Relatively high profile prosecutions for Computer Misuse
Gary Mckinnon - 44
Kevin Mitnick - 25 ( at age of first prosecution )
I suspect that there may be a general bias towards lower ages, not owing to the levels of criminal activity, rather to do with the skill sets increasing fairly rapidly with age … But at the same time, I'd suggest that perhaps with this the attacks are going to become more sophisticated. Malware creation in the modern world is going to be nearer the top of the age bracket as it has become considerably more complicated than it was under DOS (when I started learning about it ! 😉 ).
Moving on from age, if you've not read the Cuckoo's Egg by Cliff Stohl, I'd recomend that you zip through it now - it covers off the profiling of their hacker through command set familiarity ( he was a UNIX not a VAX user ), through the choice of usernames and passwords ( a smoker - Benson & Hedges, and a German - specific German words were used - in context ) and through the level of methodical behaviour ( clearly taking notes, following procedures repeatedly and consistently ).
In the modern world you might even be able to make generalisations about a person with regard to their typing patterns - e.g. a person with larger hands might be able to reach the number keys quicker than another, or a QUERTY keyboard may present differently to AZERTY etc. You could also probably pull quite a lot of research from the existing language studies on written criminal notes, documents etc. ( SeND the RANsom MoNeY to Me OR ELSE ! )
Sounds like a lot of fun - please would you keep us updated as to how it goes ? I'd love to see how your paper turns out !
I think that criminal profiling is an awesome topic and I enjoy reading up on it. I believe we all would love to see your final paper here.
In my opinion any "computer criminal profiling" requires the review of the methodology, and context.
Context can be broken down into, amongst many other things - target content, target type, geographic location, political affiliation, religious affiliation, monetary influence, monetary access, asset value, opportunity review, review of known and perceived risks associated with the malfeasance, and so on.
DDoS may have been script kiddies domain decades ago, but today organized crime (for money, politics or religion) uses it as much and much more effectively, for example for extortion.
Thank you for your suggestions )
The aim of my paper is to focus on profiling the computer criminal based on the information on the, for example seized hard drive and USBs we find.
I'm trying to find make a methodology for when analysing the content from the seized material you start to build a picture of the kind of things the person has been viewing, has stored on thier computer, etc….and from this apply the recommendations under the personality types.
I am however mentioning how they have a methodology for "online" personalaties, describing this, but suggesting that the profiling methods used by the police and as well as investagative psychology could be applied to profiling computer criminals.