Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
Bongardt states that the first step in the CIA procedure follows the logic of
Cyber Adversary Characterization
(Parker et al, 2004) by selecting a taxonomy system and identifying the classes within that taxonomy that most closely match the attributes of the offender and the offender’s motivation. He also observes that one of the important elements of the profile is establishing whether the attack was likely perpetrated by a person outside or inside the organization that was attacked. Bongardt suggests that depending on the magnitude of behavioral evidence, one may attribute some of the characteristics highlighted by
Cyber Adversary Characterization
, including self-control, need for achievement, risk tolerance, and skill.
Finally, Eric Shaw and his colleagues have conducted a significant amount of research on a specific type of threat to computer networks and systems. This is the insider threat, which comes from individuals who work within or for a specific organization and have access to at least an initial entry point into information systems from which they can commit malicious acts. Shaw and his fellow researchers explore some of the personality characteristics that are hypothesized to be linked with an increased threat of malicious behavior using computer systems (Shaw et al, 1998). These behaviors include the following:
Introversion
Social and personal frustrations
Computer dependency
Ethical flexibility
Reduced loyalty
Entitlement
Lack of empathy
Shaw later reduced this list into four broad traits: history of negative social and personal experiences, lack of social skills and a propensity for social isolation, a sense of entitlement, and ethical flexibility (Shaw, 2004). Shaw suggests that there is a critical pathway of personal and professional stressors, followed by maladaptive emotional and behavioral reactions to those stressors, that results in an insider attack against the individual’s employer or host organization.
In summary, I think it would be fair to say that if you looked at the history of computer crime early on, there was a true lack of interest in the area and a lot of simplistic, atheroretical analysis regarding the nature and motivations of perpetrators. Fortunately, there has been some significant progress in gaining a better understanding of the elements of online criminal behavior, and these advancements provide important guidance for the area of cyber profiling. I suggest that you use this discussion of theoretical and applied understanding of cyber offenders as a reference point from which to broaden your understanding of the psychological and behavioral foundations behind computer crime.
There is still a long road ahead. As more interest builds in this area, we may be able to acquire even better comprehension of the behavioral elements of computer crime.
The Objectives of Profiling
One of the common misconceptions of profiling disseminated by the popular media is that after the crime is committed, the criminal profiler arrives on the crime scene, uncovers evidence and clues (often with an appropriate quip), produces a detailed psychological and behavioral profile of the criminal, and then proceeds to race off with his or her fellow law enforcement officers to capture the offender. This “scientific” action is often compressed into both a physically short period (60 minutes) and a fictionally short period of time according to the actual storyline.
Nothing could further from the truth. The duration of an assignment can often extend to many months, and there may be multiple profiles constructed and eventually discarded. The profiler often examines scarce pieces of evidence that frequently are highly ambiguous in nature or whose associations are so common as to render the evidence nearly useless. Profilers almost never work alone, but nearly always in concert with an investigative team to whom they provide advice about characteristics, personality, and motivations of the offender.
The utilization of offender profiling assists an investigation in three important ways:
A physical and/or behavioral profile provides the investigator with a filter in which to bring into focus important details of the crime and attenuate those details that are not likely to be relevant. Filtering helps provide investigators with selective vision; it gives them a tool that tells them where to look and what to look for in a crime scene. A crime scene can have an overwhelming number of details, and a good profile can help the investigator separate details of the crime that are important from the clutter of irrelevant details within the crime scene and its surrounding environment.
A good profile can provide a rich fabric of interlocking details that allows the investigator to look for correlates that build the pathway to finding the offender; that is, an offender’s purposeful behavior often will leave markers behind at the crime scene. For example, a knife might be found at the scene of a murder by stabbing. An examination of the knife shows that there are no visible traces of blood on the knife. An inspection of the victim’s clothing and personal effects does not reveal any evidence of an object having been used to clean the knife. An examination of the immediate area around the victim also fails to turn up foliage or any other object that might have been used to clean the knife. This probably means that the perpetrator took the knife-cleaning object with him or that the knife at the scene was not the one used on the victim.