The Need For A Comprehensive Methodology For Profiling Cyber-Criminals



Since the middle ages era, the definition of crime has been limited to types of crimes committed in the physical world. In the same way, theories aimed at explaining crime including the Conflict Theory, the Theory of Social Control among others have defined crime within the confines of the physical world. Strategies aimed at dealing with criminal activities have also been limited in their scope when defining crime within the context of the physical world. However, the growth of information systems, ICT, mass media, and increased interconnectivity facilitated by the internet has revealed a new and unique form of crime: the digital world crime. These types of crimes present several challenges including legal, geographic, and Web barriers as well as the anonymity of the internet. The environment in which these crimes occur also pose a create challenge to crime specialists. These challenges have created the need to identify and modify techniques used to combat crime committed in the physical world such as criminal profiling with a view to make them applicable to e-crimes. This paper discusses the possibility of penetrating these barriers by applying the modified version of criminal profiling techniques to e-crimes.


Since 1970s, experts within the Behavioral Science Unit (BSU) of the FBI have been helping Federal, local and state law enforcement agencies in investigating violent crimes. This practice was initiated the idea of offender profiling with a view to providing personality and behavioral traits of the perpetrator. It started as an analytical technique for identifying the characteristics of the offender based on the examination of the crime scene and crime dynamics and continued developing over years as a tool for investigation aimed at aiding security officers to advance their casework and narrow down a suspect pool (Alison et al., 2010). The offender profiling was offered within the BSU as analytical tool and a product of training programs.

Currently, forensic psychologists often employ deductive or inductive profiling in dealing with crimes committed in the physical world. They often apply these techniques to ascertain the characteristics of criminals in the physical world. Deductive profiling techniques involve the use of data including crime scene evidence, forensic evidence, offender characteristics and victimology. In deductive profiling, the available information is processed by applying personal experiences with the profiler assuming one or more facts of a case as self-evident about an offender or crime and then following hunches and work experience, arrives at conclusions. The “truth” of facts or conclusions arrived at using deductive profiling is depends upon the truth (i.e., contingent truth). Also, in deductive profiling method, the conclusions are true if the hypothesis and the premises are true and valid. On the other hand, inductive criminal profiles are created by studying statistical data including studying the demographic characteristics and behavioral patterns shared by criminals. Inductive profiling is also theory-driven and based on the available cases of crime. The inductive profiling relies on information collected through interviews with offenders and this forms the foundation for investigators’ profiles. Again, the inductive profile technique involves hypothesis (formalized operational definitions) for testing, the coding of data to allow for statistical analysis.

The applicable of these techniques has been possible in crimes committed in the physical world. However, the applicability of these techniques to deal with crimes committed in the digital world is still debatable. It has been argued that criminal profiling is an immature but promising science. Perhaps this may explain the little attention given to the technique by both the academicians and practitioners. In the digital world, forensic psychologists have the knowledge about the law, criminology and psychology and understand the technological aspects relating to the scene of crime in order to develop cyber-criminal profiles. As such, they are required to take an interdisciplinary approach when dealing with cyber crimes. Unfortunately, highlighted issues of tractability, geography, law and anonymity makes it difficult for forensic psychologists to collect any information about criminals and cyber-crimes (Tompsett, Marshall, & Semmens, 2005). Again, most cyber-crimes go either unnoticed or unreported and hence go unpunished. Importantly, it is possible to draw some parallels between non-cyber-crimes and cyber crimes. It is also possible to develop a profile from the existing techniques that can be used for law enforcement.


From the perspective of the deductive profiling methods, cyber-criminal profile should be developed in a four-step process. The first step of the four-step process is the victomology. This stage involves understanding the aspects of organization and individuals attract cyber-criminals. Today, criminals victimize both organizations and individuals. This stage leads to and is associated with motive identification, which is the next step. Victimology helps the security specialists to understand the offender’s motive behind the crime. Victomology include the following: (1) politically motivated crimes (i.e., cyber-terrorists); (2) crimes committed driven by emotional reasons (i.e., cyber-stalking); (3) crimes committed and driven by sexual impulses (i.e., paedophiles); and (4) crimes known to be less dangerous such as sharing software by individuals, sharing copyrighted movies (Shinder, 2010).

The motives and victimology leads to the identification of offender characteristics, which is the third stage. Several topologies and ways to classify cyber criminals based on offenders’ motives have been introduced (Rogers, 2006). However, changes in the criminal behavior changes with the changing technological environment necessitating modification and reclassification of existing schemes. Other studies, have suggested that crime can be addictive and that in the cyber world, criminals become addicted to the internet and computers (Nykodym et al., 2008). It is also argued that this addiction, aided by various opportunities including the access and availability of the internet and computers, and fueled by criminal’s motives, could facilitate the making of the cyber-criminal. This understanding may be used in analyzing the modus operandi of cyber-criminal. Modulus operandi reflects cybercriminal’s character (Lickiewicz, 2011). For instance, a cyber-criminal may destroy information by using a virus that is attached to the e-mail while another may hack into a computer system by attacking the server with a view to steal information. This suggests that one’s technical expertise helps him or her to understand the behavior of cyber-criminal. A cybercriminal may be required to have level of technical efficacy in order to successfully penetrate a highly sophisticated and secure network (Kirwan, & Power, 2013). On the other hand, “script kiddie” may use an already developed program to attack a computer system. It is worth noting that human elements such as social engineering skills possessed by some professional cyber-criminals should not be disregarded. This is because cyber-criminals with average technical skills can participate in a crime by simply employing simple techniques of subtle psychological manipulations and friendly persuasion. Kirwan, and Power (2013) affirm that indeed technical skills and other skills including social skills and motives determine the modus operandi of cyber-offender.

The stage four of the deductive cyber-profiling technique involves analyzing digital forensic evidence. Digital forensic is important because it is the means through which the cyber-criminal profiler can trace the offender in the event there is no physical evidence (Kwan, Ray, & Stephens, 2008). In view of Lickiewicz (2011) not all criminals are traceable as one out of three cyber-criminals manages to remove or modify the audit trail by wiping off their traceable digital footprints. The four-stage approach that has been suggested is an iterative process. The new information regarding the offender, motive, victim, the victim and forensic evidence could be revealed while in the process of investigation.

As for inductive profiling methods, they can be applied alongside the deductive techniques described above to help deal with the cyber-crimes. For example, the statistical analysis data technique that involve studying the demographic characteristics and behavioral patterns shared by criminals and breaches in cyber-security could be employed to identify trends in criminal attacks such as the motive for attack, the type of victims who are likely to be targeted by criminals, and the most common mode of attack used by cyber-criminals. This may help in identify serial offenders and other cases with similar modus operandi.


The techniques and tools discussed in this paper are worth testing in practical scenario. It is believed that if cyber-criminal profiling would be used effectively, the issue of cyber-crime in cyberspace would be a forgotten issue. Considering the current trend of increasing rates of cyber-crimes, it would be important for academic and practitioners to collaborate. These practices may be useful for law enforcement officers as it may help them gather legally valid and binding evidence from cyber-criminals in order to take appropriate actions against these criminals.


Alison, L., Goodwill, A., Almond, Louise, Heuvel, C. & Winter, J. (2010) Pragmatic solutions to offender profiling and behavior investigative advice. Legal and criminological psychology, 15, 115-132.

Kirwan, G., & Power, A. (2013). Cybercrime: Psychology of cybercrime. Dublin: Dun Laoghaire Institute of Art, Design and Technology.

Kwan, L., Ray, P. and Stephens, G. (2008). Towards a Methodology for Profiling Cyber Criminals. IEEE Computer Society. Proceedings of the 41st Hawaii International Conference on System Sciences.

Lickiewicz, J. (2011). Cyber Crime psychology-proposal of an offender psychological profile. Problems of forensic sciences, 2(3): 239-252.

Nykodym, N., Ariss, S. and Kurtz, K. (2008) ‘Computer addiction and cyber crime’. Journal of Leadership, Accountability and Ethics, 35: 55-59.

Rogers, M. K. (2006) ‘A two-dimensional circumplex approach to the development of a hacker taxonomy’. Digital Investigation, 3 (2): 97-102.

Shinder, D. (2010) Profiling and categorizing cybercriminals. Retrieved on 6th July 2016 from

Tompsett, E.C., Marshall, A.M., & Semmens, C.N. (2005). Cyberprofiling: Offender Profiling and Geographic Profiling of Crime on the Internet. Computer Network Forensics Research Workshop.

Translate »