The Need For A Comprehensive Methodology For Profiling Cyber-Criminals



Since the middle ages era, the definition of crime has been limited to types of crimes committed in the physical world. In the same way, theories aimed at explaining crime including the Conflict Theory, the Theory of Social Control among others have defined crime within the confines of the physical world. Strategies aimed at dealing with criminal activities have also been limited in their scope when defining crime within the context of the physical world. However, the growth of information systems, ICT, mass media, and increased interconnectivity facilitated by the internet has revealed a new and unique form of crime: the digital world crime. These types of crimes present several challenges including legal, geographic, and Web barriers as well as the anonymity of the internet. The environment in which these crimes occur also pose a create challenge to crime specialists. These challenges have created the need to identify and modify techniques used to combat crime committed in the physical world such as criminal profiling with a view to make them applicable to e-crimes. This paper discusses the possibility of penetrating these barriers by applying the modified version of criminal profiling techniques to e-crimes.


Since 1970s, experts within the Behavioral Science Unit (BSU) of the FBI have been helping Federal, local and state law enforcement agencies in investigating violent crimes. This practice was initiated the idea of offender profiling with a view to providing personality and behavioral traits of the perpetrator. It started as an analytical technique for identifying the characteristics of the offender based on the examination of the crime scene and crime dynamics and continued developing over years as a tool for investigation aimed at aiding security officers to advance their casework and narrow down a suspect pool (Alison et al., 2010). The offender profiling was offered within the BSU as analytical tool and a product of training programs.

Currently, forensic psychologists often employ deductive or inductive profiling in dealing with crimes committed in the physical world. They often apply these techniques to ascertain the characteristics of criminals in the physical world. Deductive profiling techniques involve the use of data including crime scene evidence, forensic evidence, offender characteristics and victimology. In deductive profiling, the available information is processed by applying personal experiences with the profiler assuming one or more facts of a case as self-evident about an offender or crime and then following hunches and work experience, arrives at conclusions. The “truth” of facts or conclusions arrived at using deductive profiling is depends upon the truth (i.e., contingent truth). Also, in deductive profiling method, the conclusions are true if the hypothesis and the premises are true and valid. On the other hand, inductive criminal profiles are created by studying statistical data including studying the demographic characteristics and behavioral patterns shared by criminals. Inductive profiling is also theory-driven and based on the available cases of crime. The inductive profiling relies on information collected through interviews with offenders and this forms the foundation for investigators’ profiles. Again, the inductive profile technique involves hypothesis (formalized operational definitions) for testing, the coding of data to allow for statistical analysis.

The applicable of these techniques has been possible in crimes committed in the physical world. However, the applicability of these techniques to deal with crimes committed in the digital world is still debatable. It has been argued that criminal profiling is an immature but promising science. Perhaps this may explain the little attention given to the technique by both the academicians and practitioners. In the digital world, forensic psychologists have the knowledge about the law, criminology and psychology and understand the technological aspects relating to the scene of crime in order to develop cyber-criminal profiles. As such, they are required to take an interdisciplinary approach when dealing with cyber crimes. Unfortunately, highlighted issues of tractability, geography, law and anonymity makes it difficult for forensic psychologists to collect any information about criminals and cyber-crimes (Tompsett, Marshall, & Semmens, 2005). Again, most cyber-crimes go either unnoticed or unreported and hence go unpunished. Importantly, it is possible to draw some parallels between non-cyber-crimes and cyber crimes. It is also possible to develop a profile from the existing techniques that can be used for law enforcement.


From the perspective of the deductive profiling methods, cyber-criminal profile should be developed in a four-step process. The first step of the four-step process is the victomology. This stage involves understanding the aspects of organization and individuals attract cyber-criminals. Today, criminals victimize both organizations and individuals. This stage leads to and is associated with motive identification, which is the next step. Victimology helps the security specialists to understand the offender’s motive behind the crime. Victomology include the following: (1) politically motivated crimes (i.e., cyber-terrorists); (2) crimes committed driven by emotional reasons (i.e., cyber-stalking); (3) crimes committed and driven by sexual impulses (i.e., paedophiles); and (4) crimes known to be less dangerous such as sharing software by individuals, sharing copyrighted movies (Shinder, 2010).

The motives and victimology leads to the identification of offender characteristics, which is the third stage. Several topologies and ways to classify cyber criminals based on offenders’ motives have been introduced (Rogers, 2006). However, changes in the criminal behavior changes with the changing technological environment necessitating modification and reclassification of existing schemes. Other studies, have suggested that crime can be addictive and that in the cyber world, criminals become addicted to the internet and computers (Nykodym et al., 2008). It is also argued that this addiction, aided by various opportunities including the access and availability of the internet and computers, and fueled by criminal’s motives, could facilitate the making of the cyber-criminal. This understanding may be used in analyzing the modus operandi of cyber-criminal. Modulus operandi reflects cybercriminal’s character (Lickiewicz, 2011). For instance, a cyber-criminal may destroy information by using a virus that is attached to the e-mail while another may hack into a computer system by attacking the server with a view to steal information. This suggests that one’s technical expertise helps him or her to understand the behavior of cyber-criminal. A cybercriminal may be required to have level of technical efficacy in order to successfully penetrate a highly sophisticated and secure network (Kirwan, & Power, 2013). On the other hand, “script kiddie” may use an already developed program to attack a computer system. It is worth noting that human elements such as social engineering skills possessed by some professional cyber-criminals should not be disregarded. This is because cyber-criminals with average technical skills can participate in a crime by simply employing simple techniques of subtle psychological manipulations and friendly persuasion. Kirwan, and Power (2013) affirm that indeed technical skills and other skills including social skills and motives determine the modus operandi of cyber-offender.

The stage four of the deductive cyber-profiling technique involves analyzing digital forensic evidence. Digital forensic is important because it is the means through which the cyber-criminal profiler can trace the offender in the event there is no physical evidence (Kwan, Ray, & Stephens, 2008). In view of Lickiewicz (2011) not all criminals are traceable as one out of three cyber-criminals manages to remove or modify the audit trail by wiping off their traceable digital footprints. The four-stage approach that has been suggested is an iterative process. The new information regarding the offender, motive, victim, the victim and forensic evidence could be revealed while in the process of investigation.

As for inductive profiling methods, they can be applied alongside the deductive techniques described above to help deal with the cyber-crimes. For example, the statistical analysis data technique that involve studying the demographic characteristics and behavioral patterns shared by criminals and breaches in cyber-security could be employed to identify trends in criminal attacks such as the motive for attack, the type of victims who are likely to be targeted by criminals, and the most common mode of attack used by cyber-criminals. This may help in identify serial offenders and other cases with similar modus operandi.


The techniques and tools discussed in this paper are worth testing in practical scenario. It is believed that if cyber-criminal profiling would be used effectively, the issue of cyber-crime in cyberspace would be a forgotten issue. Considering the current trend of increasing rates of cyber-crimes, it would be important for academic and practitioners to collaborate. These practices may be useful for law enforcement officers as it may help them gather legally valid and binding evidence from cyber-criminals in order to take appropriate actions against these criminals.


Alison, L., Goodwill, A., Almond, Louise, Heuvel, C. & Winter, J. (2010) Pragmatic solutions to offender profiling and behavior investigative advice. Legal and criminological psychology, 15, 115-132.

Kirwan, G., & Power, A. (2013). Cybercrime: Psychology of cybercrime. Dublin: Dun Laoghaire Institute of Art, Design and Technology.

Kwan, L., Ray, P. and Stephens, G. (2008). Towards a Methodology for Profiling Cyber Criminals. IEEE Computer Society. Proceedings of the 41st Hawaii International Conference on System Sciences.

Lickiewicz, J. (2011). Cyber Crime psychology-proposal of an offender psychological profile. Problems of forensic sciences, 2(3): 239-252.

Nykodym, N., Ariss, S. and Kurtz, K. (2008) ‘Computer addiction and cyber crime’. Journal of Leadership, Accountability and Ethics, 35: 55-59.

Rogers, M. K. (2006) ‘A two-dimensional circumplex approach to the development of a hacker taxonomy’. Digital Investigation, 3 (2): 97-102.

Shinder, D. (2010) Profiling and categorizing cybercriminals. Retrieved on 6th July 2016 from

Tompsett, E.C., Marshall, A.M., & Semmens, C.N. (2005). Cyberprofiling: Offender Profiling and Geographic Profiling of Crime on the Internet. Computer Network Forensics Research Workshop.

Raising An Emotionally Intelligent Child The Heart of Parenting

Raising An Emotionally Intelligent Child The Heart of Parenting Paperback – August 12, 1998


Cyber Crime Offender Profiling: The Human Factor



The process of offender profiling draws on the human factor of the cyber Crime Offender profiling both the nonphysical and physical information. This includes evidence on what the offender did to the victim, the offender’s behavior before and after the offence, the sequence of events, and the layout of the crime and crime scene in relation to the absence or presence of significant items or the disposition of the victim. From these data, one can draw inferences about the possible motivation and meaning of the particular action (Kirwan, & Power, 2013). For instance, tying up the victim may suggest the necessity for control. Location of crime, characteristics of the victim, and use of vehicles may suggest demographic and social feature of the criminal offender, such as age, occupation, or race. The goal of criminal profiling is to try and narrow the area of investigation with the basic assumptions being that the behavior of the offender at the crime scene reflects the method of committing crime and consistencies in personality of the offender.

In majority of criminal cases, criminal profiling is useful in sexual assaults and serial crimes and in crime scenes that reflect psychopathology including rapes, cut and satanic killings and sadistic assaults (Kirwan & Power, 2013). Worth noting is that the human factor of cyber crime offender profiling draws on the offender’s characteristics. Human factor means the impact of background and personal characteristics of the offender/perpetrator in commissioning crimes and the internal and environmental factors that shape the criminal careers of the perpetrators (Aebi, et al., 2016).

In a nutshell the human factor addresses the human or social aspect of cybercrime. It focuses on exploring the perpetrators of cybercrimes, their criminal careers, their modus operandi, how criminal hackers pick or select their vulnerable targets, and how they can effectively be deterred. This paper explores these features.

In the era where computer criminals are becoming increasing difficult to combat, law enforcement specialists are increasingly becoming interested in the offenders themselves, their personalities, as well as traits existing in their actions in the broadest sense. The special role of identifying the human factor of cyber crime offender profiling is often played by a psychological profiler professional. Psychological profiling involves utilizing a method to map the psychological description of the unknown offender (Kirwan, & Power, 2013). The result of the process is the creation of the offender’s short, concise and dynamic profile describing the most important manifestations of behavior and characteristics of the unknown perpetrator. As observed by Tompsett, Marshall, & Semmens (2005) psychological experience and knowledge allows the security specialists to interpret the pieces of information and evidence found at the scene of the crime and enables them to further determine the personality type of the perpetrator.

The basic rules of offender profiling state that there is a correlation between the act committed by the offender and his or her personality (Tompsett, Marshall, & Semmens, 2005). As a result, one may infer about the offender’s psychophysical characteristics including his or her behavior and motivation based on the traces left by the offender and the modus operandi (the method of operating). Identical relations concerns hacks or network attacks. As suggested by Lickiewicz (2011), computer crime perpetrators count on internet anonymity. However, the anonymity of the internet does concern their signatures they leave, their motivation, and modus operandi.

According to Lickiewicz (2011) each cyber criminal is his unique way of doing thing with own software and techniques which he/she utilizes for break-ins. Generally, compute crimes are of the serial nature. As such, it is possible for the security specialists to determine the profile of the offender. Lickiewicz (2011) holds that it is important to prepare the profiles of the internet criminals since they are considered a threat to the network security. Of great importance when creating the perpetrator’s profile is the database. If properly prepared, database on offender profiling can enable the security specialists to accumulate information on perpetrators of crimes of similar nature. It also enables investigators and scientists to search for information and analogies in other future cases.

There are two types of investigations in computer crime related cases. First, a situation involving the occurrence of the network incidences in which the identity of the offender is unknown such as the network break-in cases. The second computer crime case involves a situation in which both the offender and crime are known. Sahito, and Slany (2013) emphasizes that in these types of investigations, deductive profiling is useful. However, it is somewhat difficult talking about offender profiling in the second case of computer crime. In investigative psychology, profiling is understood as involving the creation of the psychological profile of the unknown offender but not the individual who has been already arrested by security agencies. Sahito, and Slany (2012) suggest that when creating the offender profile, data should be analyzed in such as way that the analysts can narrow down the search process to a certain group. This way, one may define the offender’s motivation and his or her skills. The offender profile also includes information the area of the internet that should be searched for a given criminal.

Again, one should thoroughly analyze actions of the victim on the internet to establish the reason that may have compelled the offender to attack the victim. From this, one can draw up a detailed offender’s profile and set up a honeypot (future trap) for the offender. When creating the profile of the offender, assumptions should be made regarding the offender’s maturity and age. This allows the security agency to gain information on the offender’s aims, culture she/he grew up and the offender’s motivation. The culture in which the perpetrator grew up may condition his or her behavior. This will allow the use of psycholinguistic methods, which enables identification of offenders in future cases.

Profiling helps explain the behavior of the offender and the need for it to be fulfilled. Profiling also enable an investigator to determine the place where the offender committed the operation. A whole team consisting of internet technology specialists, lawyers, and security specialists are required to conduct offender profiling.

A cyber criminal possesses the following characteristics: at least certain minimal technical skills; a feeling that they are outside the reach of legal norms, and disrespect for legal norms; rich fantasy; a strong motivation of various types including the need for entertainment, motives of a political character, and the need to gain material goods (Lickiewicz, 2011). Computer criminals are also reported to have high technical abilities and skills to solve problems and higher than average IQ (intelligence quotient); are brilliant adolescents bore by poorly prepared teachers and an appropriate school system; they rebel against all authorities and symbols.

Technical skills are general knowledge regarding computer systems, programming languages, network security and functioning and have knowledge about applications used for data base development. Hackers also know the operating system and principles of sensing data (Kirwan, & Power, 2013). Having knowledge in these areas enables hackers to make use of the system weaknesses of the system when breaking in. hackers are identified with certain personality traits. They have crucial characteristics that are effective for attacks. They use social influence or technical methods to obtain information directly from the user. They also demonstrate a high degree of openness to new experiences and neuroticism. These features strongly motivate them to aspire and act to break in the system. A high degree of neuroticism conditions them to abuse the communication using the network. It also makes them to have strong want to maintain anonymity. Also, openness to new experiences determines the offenders’ desire to learn need systems; and the unconventionality and creativity to break the security measures (Kirwan, & Power, 2013). They are known to have the high tendency to violate rules being enforced at the workplace, coming into conflict with superiors and ignoring them.

The offender’s social skills constitute a dimension that determine their functioning in a group and how the internalize social norms and use them in professional and private life. Social skills of the offender remain in relation to technical and intelligence skills. It is emphasized in the literature that hackers often demonstrate low social skills. These skills consist of difficulties in relating with colleagues ad family, the inability to establish strong and close interpersonal relations, and a sense of alienation. Computer criminals are also associated with internet addiction. This element makes them to be effective in their attacks on the system. The time they devote to computers translate into knowledge and skills to use them (Lickiewicz, 2011). These characteristics form the human aspect of computer crime and form the basis for creating the hacker’s psychological profile.

It is also worth noting that there is relationship between these human factor elements. For example, the cyber criminals’ method of attack is influence by their personality, and intelligence, technical and social skills. Social skills influence the decision they make with regard to the social techniques used during the attack. Technical skills possessed by offenders help them to master the system and influence the method used.

The success or effectiveness of an attack is determined by the criminal’s level of intelligence. The offender’s indigence and his or her ability to successful conceal traces at the crime scene condition his or her way of behavior while at the scene of the attack. Social skills are useful when utilizing other hackers’ help (Lickiewicz, 2011). Technical skills is related to the understanding the weak side of the system. They also determine the how the offender deals with the data obtained and determine the effectiveness of tasks executed. Methods used by hackers are largely conditioned by technical skills, personality and intelligence. The offender’s personality influences the break-in failure, and determines method used to deal with the broken system.


When profiling a person’s characteristics, the profiler of the offender assumes that the behavior of the offender is directed by his or her characteristics and the way he or she thinks. It is the work of the offender profiler to infiltrate the behavior of the person that is indicating of his characteristics rather the prevailing situation.


Aebi, M., Bijleveld, C., Estrada, F., Getos, A., Kleemans, E., Levi, M., et al. (2016). Terrorism and Cybercrime: the Human Factor. The Position Paper. Retrieved July 5, 2016, from http//

Alison, L., Goodwill, A., Almond, L., Heuvel, C. v., & Winter, J. (2010). Pragmatic solutions to offender profiling and behavior investigative advice. Legal and criminological psychology , 15, 115-132.

Kirwan, G., & Power, A. (2013). Cybercrime: Psychology of cybercrime. Dun Laoghaire Institute of Art, Design and Technology, Dublin.

Lickiewicz, J. (2011). Cyber Crime psychology-proposal of an offender psychological profile. Problems of forensic sciences , 2 (3), 239-252.

Sahito, F. H., & Slany, W. (2013). Advanced Personnel Vetting Techniques in Critical Multi-Tennant Hosted Computing Environments. International Journal of Advanced Computer Science and Applications , 4 (5), 11-19.

Sahito, F. H., & Slany, W. (2012). Functional Magnetic Resonance Imaging and the Challenge of Balancing Human Security with State Security. Human Security Perspectives , 1, 38–66.

Tompsett, E. C., Marshall, A. M., & Semmens, C. N. (2005). Cyberprofiling: Offender Profiling and Geographic Profiling of Crime on the Internet. Computer Network Forensics Research Workshop.

The Complete Dictionary of Ailments and Diseases

The Complete Dictionary of Ailments and Diseases

Now Available: the English version of the Best-Seller “Le grand dictionnaire des malaises et des maladies (2nd Edition)” by Jacques Martel

The book entitled The complete dictionary of ailments and diseases, and such book is highly recommended be kept within anyone books collocation…

read more via

or buy it from


Translate »