Cyber Crime Offender Profiling: The Human Factor



The process of offender profiling draws on the human factor of the cyber Crime Offender profiling both the nonphysical and physical information. This includes evidence on what the offender did to the victim, the offender’s behavior before and after the offence, the sequence of events, and the layout of the crime and crime scene in relation to the absence or presence of significant items or the disposition of the victim. From these data, one can draw inferences about the possible motivation and meaning of the particular action (Kirwan, & Power, 2013). For instance, tying up the victim may suggest the necessity for control. Location of crime, characteristics of the victim, and use of vehicles may suggest demographic and social feature of the criminal offender, such as age, occupation, or race. The goal of criminal profiling is to try and narrow the area of investigation with the basic assumptions being that the behavior of the offender at the crime scene reflects the method of committing crime and consistencies in personality of the offender.

In majority of criminal cases, criminal profiling is useful in sexual assaults and serial crimes and in crime scenes that reflect psychopathology including rapes, cut and satanic killings and sadistic assaults (Kirwan & Power, 2013). Worth noting is that the human factor of cyber crime offender profiling draws on the offender’s characteristics. Human factor means the impact of background and personal characteristics of the offender/perpetrator in commissioning crimes and the internal and environmental factors that shape the criminal careers of the perpetrators (Aebi, et al., 2016).

In a nutshell the human factor addresses the human or social aspect of cybercrime. It focuses on exploring the perpetrators of cybercrimes, their criminal careers, their modus operandi, how criminal hackers pick or select their vulnerable targets, and how they can effectively be deterred. This paper explores these features.

In the era where computer criminals are becoming increasing difficult to combat, law enforcement specialists are increasingly becoming interested in the offenders themselves, their personalities, as well as traits existing in their actions in the broadest sense. The special role of identifying the human factor of cyber crime offender profiling is often played by a psychological profiler professional. Psychological profiling involves utilizing a method to map the psychological description of the unknown offender (Kirwan, & Power, 2013). The result of the process is the creation of the offender’s short, concise and dynamic profile describing the most important manifestations of behavior and characteristics of the unknown perpetrator. As observed by Tompsett, Marshall, & Semmens (2005) psychological experience and knowledge allows the security specialists to interpret the pieces of information and evidence found at the scene of the crime and enables them to further determine the personality type of the perpetrator.

The basic rules of offender profiling state that there is a correlation between the act committed by the offender and his or her personality (Tompsett, Marshall, & Semmens, 2005). As a result, one may infer about the offender’s psychophysical characteristics including his or her behavior and motivation based on the traces left by the offender and the modus operandi (the method of operating). Identical relations concerns hacks or network attacks. As suggested by Lickiewicz (2011), computer crime perpetrators count on internet anonymity. However, the anonymity of the internet does concern their signatures they leave, their motivation, and modus operandi.

According to Lickiewicz (2011) each cyber criminal is his unique way of doing thing with own software and techniques which he/she utilizes for break-ins. Generally, compute crimes are of the serial nature. As such, it is possible for the security specialists to determine the profile of the offender. Lickiewicz (2011) holds that it is important to prepare the profiles of the internet criminals since they are considered a threat to the network security. Of great importance when creating the perpetrator’s profile is the database. If properly prepared, database on offender profiling can enable the security specialists to accumulate information on perpetrators of crimes of similar nature. It also enables investigators and scientists to search for information and analogies in other future cases.

There are two types of investigations in computer crime related cases. First, a situation involving the occurrence of the network incidences in which the identity of the offender is unknown such as the network break-in cases. The second computer crime case involves a situation in which both the offender and crime are known. Sahito, and Slany (2013) emphasizes that in these types of investigations, deductive profiling is useful. However, it is somewhat difficult talking about offender profiling in the second case of computer crime. In investigative psychology, profiling is understood as involving the creation of the psychological profile of the unknown offender but not the individual who has been already arrested by security agencies. Sahito, and Slany (2012) suggest that when creating the offender profile, data should be analyzed in such as way that the analysts can narrow down the search process to a certain group. This way, one may define the offender’s motivation and his or her skills. The offender profile also includes information the area of the internet that should be searched for a given criminal.

Again, one should thoroughly analyze actions of the victim on the internet to establish the reason that may have compelled the offender to attack the victim. From this, one can draw up a detailed offender’s profile and set up a honeypot (future trap) for the offender. When creating the profile of the offender, assumptions should be made regarding the offender’s maturity and age. This allows the security agency to gain information on the offender’s aims, culture she/he grew up and the offender’s motivation. The culture in which the perpetrator grew up may condition his or her behavior. This will allow the use of psycholinguistic methods, which enables identification of offenders in future cases.

Profiling helps explain the behavior of the offender and the need for it to be fulfilled. Profiling also enable an investigator to determine the place where the offender committed the operation. A whole team consisting of internet technology specialists, lawyers, and security specialists are required to conduct offender profiling.

A cyber criminal possesses the following characteristics: at least certain minimal technical skills; a feeling that they are outside the reach of legal norms, and disrespect for legal norms; rich fantasy; a strong motivation of various types including the need for entertainment, motives of a political character, and the need to gain material goods (Lickiewicz, 2011). Computer criminals are also reported to have high technical abilities and skills to solve problems and higher than average IQ (intelligence quotient); are brilliant adolescents bore by poorly prepared teachers and an appropriate school system; they rebel against all authorities and symbols.

Technical skills are general knowledge regarding computer systems, programming languages, network security and functioning and have knowledge about applications used for data base development. Hackers also know the operating system and principles of sensing data (Kirwan, & Power, 2013). Having knowledge in these areas enables hackers to make use of the system weaknesses of the system when breaking in. hackers are identified with certain personality traits. They have crucial characteristics that are effective for attacks. They use social influence or technical methods to obtain information directly from the user. They also demonstrate a high degree of openness to new experiences and neuroticism. These features strongly motivate them to aspire and act to break in the system. A high degree of neuroticism conditions them to abuse the communication using the network. It also makes them to have strong want to maintain anonymity. Also, openness to new experiences determines the offenders’ desire to learn need systems; and the unconventionality and creativity to break the security measures (Kirwan, & Power, 2013). They are known to have the high tendency to violate rules being enforced at the workplace, coming into conflict with superiors and ignoring them.

The offender’s social skills constitute a dimension that determine their functioning in a group and how the internalize social norms and use them in professional and private life. Social skills of the offender remain in relation to technical and intelligence skills. It is emphasized in the literature that hackers often demonstrate low social skills. These skills consist of difficulties in relating with colleagues ad family, the inability to establish strong and close interpersonal relations, and a sense of alienation. Computer criminals are also associated with internet addiction. This element makes them to be effective in their attacks on the system. The time they devote to computers translate into knowledge and skills to use them (Lickiewicz, 2011). These characteristics form the human aspect of computer crime and form the basis for creating the hacker’s psychological profile.

It is also worth noting that there is relationship between these human factor elements. For example, the cyber criminals’ method of attack is influence by their personality, and intelligence, technical and social skills. Social skills influence the decision they make with regard to the social techniques used during the attack. Technical skills possessed by offenders help them to master the system and influence the method used.

The success or effectiveness of an attack is determined by the criminal’s level of intelligence. The offender’s indigence and his or her ability to successful conceal traces at the crime scene condition his or her way of behavior while at the scene of the attack. Social skills are useful when utilizing other hackers’ help (Lickiewicz, 2011). Technical skills is related to the understanding the weak side of the system. They also determine the how the offender deals with the data obtained and determine the effectiveness of tasks executed. Methods used by hackers are largely conditioned by technical skills, personality and intelligence. The offender’s personality influences the break-in failure, and determines method used to deal with the broken system.


When profiling a person’s characteristics, the profiler of the offender assumes that the behavior of the offender is directed by his or her characteristics and the way he or she thinks. It is the work of the offender profiler to infiltrate the behavior of the person that is indicating of his characteristics rather the prevailing situation.


Aebi, M., Bijleveld, C., Estrada, F., Getos, A., Kleemans, E., Levi, M., et al. (2016). Terrorism and Cybercrime: the Human Factor. The Position Paper. Retrieved July 5, 2016, from http//

Alison, L., Goodwill, A., Almond, L., Heuvel, C. v., & Winter, J. (2010). Pragmatic solutions to offender profiling and behavior investigative advice. Legal and criminological psychology , 15, 115-132.

Kirwan, G., & Power, A. (2013). Cybercrime: Psychology of cybercrime. Dun Laoghaire Institute of Art, Design and Technology, Dublin.

Lickiewicz, J. (2011). Cyber Crime psychology-proposal of an offender psychological profile. Problems of forensic sciences , 2 (3), 239-252.

Sahito, F. H., & Slany, W. (2013). Advanced Personnel Vetting Techniques in Critical Multi-Tennant Hosted Computing Environments. International Journal of Advanced Computer Science and Applications , 4 (5), 11-19.

Sahito, F. H., & Slany, W. (2012). Functional Magnetic Resonance Imaging and the Challenge of Balancing Human Security with State Security. Human Security Perspectives , 1, 38–66.

Tompsett, E. C., Marshall, A. M., & Semmens, C. N. (2005). Cyberprofiling: Offender Profiling and Geographic Profiling of Crime on the Internet. Computer Network Forensics Research Workshop.

Cyber Profiling: Benefits And Pitfalls



Vetting employees by conducting traditional background checks helps minimize insider risks. This practice helps employers to unknowingly hire cybercriminals or convicted persons. However, non-traditional vetting practices have emerged. These practices take advantage of the increase in the number of candidates who build online profiles. These vetting practices are collectively referred to cyber-vetting or cyber profiling.

Organizations using cyber-profiling understand that today’s employees spend much of their time on surfing the web. They visit and contribute to social networking sites including Twitter, Facebook, LinkedIn, MySpace and others. These sites offer services that allow them to link up and enable them to communicate with others. They also record information that can be used by potential employees to assess the potential candidate’s cultural fit, character, and other characteristics and attributes (Rose, Timm, Pogson, Gonzalez, Appel, & Kolb, 2011). Organizations obtain information from these social media sites to help them understand whether a potential job candidate may be fit for the job or present a risk to their organization once hired. There are many examples that demonstrate this. First, the candidate harbors views about religion, race and other sensitive social domains on his social networking site that are considered to be potentially inflammatory. For example, a man in the UK was not interviewed by an employer because he had indicated in his Facebook personal profile that he did not like and was against people who are religious and anybody who believed in religion. Secondly, the job candidate’s views on a given topic that makes the employee to see him/her as being culturally unfit for the business. Thirdly, the job candidate’s participation or involvement in political or activist action group may pose a threat to the organization because his action would conflict with the business agendas.

Again, the number of firms using social media sites to screen employee varies by country. These examples demonstrate that cyber-profiling enables employees to understand their prospective candidates’ character. It provides a deeper insight in the candidates’ character. For this reasons, many firms are increasingly turning to cyber-profiling. The number of firms using social media sites for cyber-profiling has been growing and varies by country. About 77% of the firms in the U.S use cyber-profiling and 20% in the UK (Kirwan & Power, 2013). Worth noting is that cyber-profiling have potential negative social pitfalls and positive business benefits


Cyber-vetting enables businesses to look for red flags that suggest potential incompatibility with the firm or position. This way, a firm can ostensibly screen candidates more comprehensively before scheduling the interview, thus saving money and time.

Through cyber-vetting, the organization can ensure employees managing critical systems or handling sensitive information present low to the business (Saroha, 2014). Cyber-profiling provides deeper insights into a prospective candidate’s character. In today’s world, conducting internet business assessment enables organizations to ensure the candidates selected reflect the organization’s values, whether acting during personal time or on behalf of the organization. Again, since insiders are responsible for 80% of the security incidents of all organizations, it is important for an organization to employ candidates who are trusted. Background checks into the candidates profile provide employees with vital information about their involvement in civil action, criminal investigations, or financial problems. However, these checks are not enough because they do not report about the candidate’s with clean history, his general behavior and character.

It has also been argued that methods of cyber profiling are useful to some kind of crimes. For examples, the crimes where the offenders shows the essential psychopathology signs, crimes which are related to the pattern, cycle of crimes and sequence, sadistic or brutal, victimization of strangers and assaulting of unfamiliar persons, and the crimes with huge dialogues and exchanges with the victims. In this case, the methods of cyber profiling have the ability of assisting and enriching further the manner and progress of investigation for many violent crimes and other related crimes that need immediate resolution and special attention. Appropriate interrogation requires an appropriate interrogation that requires appropriate emotional approach and passion with good application of principles and methods of psychology together with the suspect psyche so as to generate positive results (Abu Zuhri, 2012).

In this case, four benefits of cyber profiling include, easy of identifying and recognizing physical evidence, existence of the profile on the motivation and source desire of the offender, existence of a profile about the mentality or psyche of the offender and the existence of the profile about behavior functioning patters like the behavioral signature. These four merits provide appropriate direction in performing the traditional methods like work surveillance, appraisal and relentless follow-up, making sure that precise and suitable intelligence network is provided, and implementation and creation of tactics and strategies that are valuable (Abu Zuhri, 2012).

Cyber profiling methods offer huge benefits than the traditional detection methods (Mikkelson, 2010). All the methods of cyber profiling act as tools used in crime control measures designed for unlicking the missing puzzle that may give a lead into arresting the suspected criminal. In addition to physical evidence like DNA, geospatial information happens to hold the merits for a successful process of linking. This is so because the serial offenders offer a reflection of some degree of behavior consistency even though certain behavior appears being less stable and susceptible to influence mostly in sexual offences (Alison, Goodwill, Almond, Heuvel, & Winter, 2010). The other methods of profile do not replace traditional methods but act as a supplement in enriching the traditional methods and are suitable for specific types of crimes. Each method is effective but has its own limitation as per the professional levels of quality and technical competency, commitment, and character of users.

The evidence gathered during profiling is valuable in the sense that it helps in strengthening the aspect of prosecution of the case under a criminal system of justice so as to ensure that the conviction of the suspected offender or avoiding the chance of acquittal as a result of some technicalities and weakened evidences. In addition the result of the applied methods of profiling are as proficient and the hard work and the process involved in traditional investigation (Abu Zuhri, 2012).


Trying to investigate and understand people’s character by looking at their online persona or profiles presents several challenges. First, cyber-profiling is restricted only to the person’s online persona. However, many social networkers tend to create digital identities that completely differ from their actual belief system or personality (Berger, 2015). Many do this to try and fit into certain groups. However, employers do not separate between the digital and the real person. They do not distinguish between the professional comportment and social networking personas. This way, they evaluate candidates using a western perception of a unified and singular identity. In doing this, employers end up using whatever they get from the internet regarding the person irrespective of whether the agenda or intent of the individual posting the information is evaluated or known or whether it is vetted or not. Such oversights may cause the organization to unfairly tag a candidate as unfit during the hiring process. Secondly, using cyber-profiling, employers can see the candidates’ education highlighted on their social media profiles. However, they cannot perform document authentication and verification for education background checks. Also, employers can see the candidates’ dates and past employment but cannot verify the records of the employment they possess. It is not also possible for employers to reference-check the candidate and cannot judge candidates for their criminals’ acts as it is impossible to use cyber vetting to perform a criminal background checks.

It has also been argued that there are some cases where the investigators would fail to provide physical evidence when they fall short of identifying the physical evidence as a result of not being equipped for the process. The possible blinders and weaknesses of criminal investigation is one reason why the experts of crime profiling act as separate auxiliary service and as a section of competent handling team for the investigation. This has helped the team to work as a team in observing and following the protocol and standard of each method of profiling. In this case, the whole process is an evidence-based approach that has no room for shortcut methods. These realities show the reinforcement of the strategic values and the relevance of the methods of offender profiling in offering technical help to the traditional criminal investigation methods (Abu Zuhri, 2012).

The other weakness of cyber profiling is the internal barrier that influences the process of decision and discernments to the possible professional competition and jealousy among the experts having unique personalities (Tompsett, Marshall, & Semmens, 2005). This weakness needs to be reduced to levels considered being manageable. The merit of having the benefits harnessed is the completion and teamwork spirit and rather not competition.


Cyber-profiling has potential negative social pitfalls and positive business. Some of the benefits include (1) enabling businesses to look for red flags that suggest potential incompatibility with the firm or position; (2) enables organization to ensure employees manage critical systems or handling sensitive information present low risk to the business; (3) provides deeper insights into a prospective candidate’s character. Some of the pitfalls include: (1) it is restricted only to the person’s online persona; (2) it does not enable employers perform document authentication and verification for education background checks; and (3) it does possible to reference-check the candidate and it is impossible to use cyber vetting to perform a criminal background checks.


Abu Zuhri, F. (2012). Dynamics of Emotional Quotient (EQ) in IT Auditing Practice: Are the Dynamics Limiting or Empowering? University of Portsmouth.

Alison, L., Goodwill, A., Almond, L., Heuvel, C. v., & Winter, J. (2010). Pragmatic solutions to offender profiling and behavior investigative advice. Legal and criminological psychology , 15, 115-132.

Berger, J. L. (2015). Cyber-vetting: A common Antecedents Model. Doctorate Dissertation, Green State University, Graduate College of Bowling.

Kirwan, G., & Power, A. (2013). Cybercrime: Psychology of cybercrime. Dun Laoghaire Institute of Art, Design and Technology, Dublin.

Mikkelson, K. (2010). Cyber-vetting and Monitoring Employees’ Online Activities: Assessing the Legal Risks for Employers. American Bar Association , 18 (2), 124-146.

Rose, A. G., Timm, H., Pogson, C., Gonzalez, J., Appel, E., & Kolb, N. (2011). Developing a cybervetting strategy for law enforcement. International Association of Chiefs of Defense Personnel Security Research Center.

Saroha, R. (2014). Profiling a Cyber Criminal. International Journal of Information and Computation Technology , 4 (3), 253-258.

Tompsett, E. C., Marshall, A. M., & Semmens, C. N. (2005). Cyberprofiling: Offender Profiling and Geographic Profiling of Crime on the Internet. Computer Network Forensics Research Workshop.

Translate »