Profiling cybercriminals: A promising but immature science

The original hacker stereotype is a smart, lonely deviant - a teenage or adult male who's long on computer smarts but short on social skills. But like most stereotypes, it doesn't begin to tell the whole story.

Some computer criminals are techie mavericks who take pleasure in writing and releasing destructive viruses. Others are suit-wearing professionals who steal copies of their employers' customer databases to take with them when they quit. Some are con artists with plans to scam personal information from consumers and use it for financial gain.

Experts agree knowing more about the different skills, personality traits and methods of operation of computer criminals could help the folks pursuing these criminals. But a lack of information hinders efforts to create substantive, reliable profiles of the people behind today's computer crimes.

"Like in traditional crimes, it's important to try to understand what motivates these people to get involved in computer crimes in the first place, how they choose their targets and what keeps them in this deviant behavior after the first initial thrill," says Marcus Rogers, an associate professor at Purdue University in West Lafayette, Ind., where he heads cyberforensics research in the university's department of computer technology.

Rogers' expertise spans technology and behavioral sciences. He has identified eight types of cybercriminals, ranging from "newbies" with limited programming skills who rely on pre-written scripts to conduct their attacks, to well-trained professional criminals and cyberterrorists with state-of-the-art gear (see graphic, below).

In addition to skill, these criminals differ in their motivations. Some computer criminals are motivated by status or money, others by revenge, says Rogers, who worked as a detective in a computer crimes unit in Canada and earned his doctorate in forensic psychology at the University of Manitoba.

"The kid who's running pre-written scripts, his motivation is not to collapse the American economy. He's usually driven by experimentation, looking for a thrill. It's like cyberjoyriding." Whereas for a professional criminal, the motivation is income, Rogers says. "He doesn't want to brag or be all over the press. He wants to be very quiet and fly under the radar as long as possible."

Companies aren't going to solve computer security issues just by throwing technology at the problem, agrees Steven Branigan, president of security company CyanLine and author of High-Tech Crimes Revealed: Cyberwar Stories from the Digital Front. "It's about understating where the risks are and understanding how people behave," he says.

Hackers are motivated to do what they do for different reasons, such as money, ego, revenge and curiosity, says Branigan, a founding member of the New York Electronic Crimes Task Force. "My experience has been that those who get into computers first, and then start hacking, are more motivated by curiosity," he says. "Those who have criminal tendencies to begin with, when they learn about using computers, they then figure out how to apply that to their trade."

Some wind up being more destructive than others. Script kiddies aren't generally driven to be destructive, but they'll take advantage of some weakness that exists in an operating system, Branigan says. Cybercriminals looking to make money aren't bent on being destructive either, he says. "[Like] any parasite, they don't want to kill the host."

"The people I've found to be the most dangerous are the ones seeking revenge," Branigan says.

Insider criminals - those who go after things like customer and supplier databases, business pipeline information, future product prototypes and strategic business plans - are particularly good at exploiting companies' vulnerabilities. "They have the most access, they know how systems work, and they really know where to hit you," Branigan says.

Of course, not all experts view the hacker nation through the same discriminating lens. For Patrick Gray, there's really only one driver that matters today: Money.

Motivations have changed dramatically in the last decade, says Gray, who is director of X-Force operations at Internet Security Systems (ISS). X-Force is the R&D division of ISS, responsible for vulnerability and threat research.

"We've gone from five or 10 years ago, where hackers were dabbling in other people's systems to see how they were configured and really not doing anything wrong in those systems, to now where it's become incredibly malicious. We've come a full 180 degrees."

Instead of being driven by curiosity, hackers today are driven by money. "They're trying to get anything of value that they can market," Gray says. "The stereotypical image of the lone hacker sitting up in a loft somewhere, eating Ding Dongs, drinking Jolt cola until it comes out of his ears, and just hacking away, is gone."