Special Reports
A special report is content that is edited and produced by the special reports unit within The Irish Times Content Studio. It is supported by advertisers who may contribute to the report but do not have editorial control.

Profiling the cyber criminals

Is there a typical cybercriminal profile or do multiple profiles exist?

The loner in the bedroom or the teenage geek is an outdated perception of a cybercriminal
The loner in the bedroom or the teenage geek is an outdated perception of a cybercriminal

People have different perceptions of the typical cybercriminal — the disturbed teenage computer geek taking revenge on an uncomprehending world from their bedroom; a low-paid but highly skilled coder who lends their skills to criminal gangs or bad state actors; criminal gangs who have added another string to their lawbreaking bows; or bad state actors determined to disrupt rival states.

The varying motivating factors for the criminals need to be considered. Three of the most common motivating factors are hackers and mafias motivated by financial gain and quick profits, ‘hacktivists’ who have strong political convictions, and cyber criminals or networks of government-sponsored hackers who carry out cyber warfare.

“When we think of hackers, we tend to think of hooded individuals in dark rooms, but that is just a small percentage,” says Marc Roche, associate director with Accenture in Ireland’s security practice. “The anonymity tied to being able to attack an organisation 6,000km away, and the lax laws of certain countries, means that people can make this a day job. There is even an industry of cybercrime-as-a-service that individuals can utilise to attack organisations.”

Unfortunately, there is no unique profile, he adds. “A cybercriminal can work remotely, mask themselves as someone you might know by taking over an account, and even understand and learn about your previous interactions. This is why everyone needs to be cyber aware when dealing with any strange or out of the ordinary requests, even from people you know and trust.”

READ MORE

The cybercrime world is made up of a mix of organised and federated groups working together, says BDO director Eoghan Daly. “There has been an increase in cybercrime as a service where criminals can rent or subcontract some more technical elements to other criminal groups. The ‘loner in the bedroom’ still exists but is an outmoded way of thinking about cybercrime. Most of our lives, business and personal, have moved online and criminal activity has done the same. Cybercrime has exploded in prevalence as there is little chance the criminals will be caught, and even if they are caught, vanishingly small chance they will receive any sort of sanction. In practice, this means that cybercrime is in effect unpoliced. Any rational criminal with the means to do so will commit their crime online. It is less effort, and there is almost no chance of getting caught.”

Grant Thornton director of Cybersecurity and Forensics Rida Villanueva agrees that there is no typical profile for hackers or cybercriminals. “You never can tell. It can just be a guy who wants to do some damage, or it can be a highly sophisticated criminal gang.

This points to the case of Onel de Guzman, a dropout from the Philippines who created the highly dangerous “I Love You” computer virus in August 2000. This resulted in billions of dollars of damage to companies, governments and individuals around the world and he did it for no other reason than gaining personal notoriety.

“Cybercriminals are typically based in countries with lax policing of these things,” says Sean Morris, chief technical officer at Galway-based cybersecurity firm TitanHQ. “These include countries like Russia, Iran, North Korea, and Colombia. Even Turkey is part of the equation now. They can be part of organised crime gangs or nation-state actors with their own agendas. In some cases, they are engaged in espionage, but North Korea seems more interested in getting hard currency. They tend to operate in countries where it is more successful than any other line of business. It’s a very lucrative business.”

In short, there is no typical profile for a cybercriminal, and indeed no typical cybercriminal. And with their chameleon-like ability to take on fake identities, the best advice is to treat everything and everyone as suspect until proven otherwise.

Barry McCall

Barry McCall is a contributor to The Irish Times