What makes a cybercriminal? – Jake Moore, Cyber Security Specialist for ESET

Forget balaclavas or hoodies; these cybercriminals are hiding in plain sight

In my days when I worked for the police, we would constantly try to profile criminals because it made our investigations easier. We would even regularly use specialist criminal profilers and psychologists to help with slow cases in order to gather additional clues, which at the very least would indicate a direction in determining “whodunnit.”

While I worked in the digital forensics unit, in which I spent nearly a decade, the profiling of a computer criminal became increasingly more difficult to decipher as time went by. However, around 60% of the crimes we reactively investigated were to do with paedophiles, which is a dark part of society to try to reconcile.

Nevertheless, profiling a paedophile in the early days was easier to categorise than, say, a fraudster, as they would usually fall into a small number of predetermined profiled groups. This was more straightforward as we would be told about the offence and then given full access into their computers and phones to look for evidence that would naturally give us an insight into their lives, families and hobbies. Most interesting would be that some would look “normal” on the outside but once you delve into the hard drive and search history, you would start to unravel a darker side.

At its worst, I started to think everyone could potentially be a criminal but I soon realised that if I carried on with that attitude I would simply never have faith in society again. However, the lives into which I would delve, searching for evidence to submit to court, shocked me: to think these people were up until now hidden in plain sight, masquerading as upstanding citizens. My investigations “hit list” of convicted paedophiles included a teacher, a scout leader, a police officer, and even the head of children services from a local council.

In my personal view from meeting these individuals and researching their lives prior to charge and conviction, I would only be able to sum these people up by calling them sociopaths. They were able to convince society that they were respectable and decent human beings, yet able to hide something so dark and sinister behind closed doors.

How does this relate to all cybercriminals? Are they sociopaths too? Well: sadly, it’s not as easy to profile and not that easy to get hold of a series of results to create a synopsis such as when I was in the Digital Forensics Unit with the ability to analyse all those computers from people on bail.

Researching criminals such as murderers, paedophiles, fraudsters and drug dealers all leave evidence on their computers for the digital forensics investigators to locate because of one flaw – they usually aren’t technical. Or at least not technical enough to even think how to mitigate the chance of capture. Yes, they can learn it, but they are usually late to the game when swotting up on forensic traces and hence leave a plethora of evidence leading an investigator back to the perpetrator. Moreover, crimes such as murder are usually in the heat of the moment or derived from passion, which leaves little time to open a TOR browser and buy a weapon with a digital currency.

The face of today’s cybercriminal is relatively unknown (and that’s nothing to do with the fact he/she is usually in a hoodie). The number of arrested cybercriminals is miniscule in comparison to the amount of cybercrimes that take place each year. When someone is arrested for murder or fraud etc., the suspect has phone, tablet and laptop etc. seized in order to search for evidence that may support the case. In more occasions than not, these were needle-in-a-haystack exercises, but at least there was information to go on. On the other hand, those who choose to become cybercriminals often meticulously learn the right skills before striking and learn how to cover their tracks.

In fact, when someone can download an anonymous browser, search in minutes for malware-as-a-service fully equipped with a service hotline and full money back guarantee, then the demographic of someone following simple procedure steps suddenly becomes even harder to predict and profile. In simple terms, anyone can be a cybercriminal. Anyone can learn how to do it in a lunch hour and, with little evidence left behind, it can be argued that it is quite attractive to even the less experienced wannabe “hacker”.

Criminals are still lazy, it’s just they are cleverer nowadays. That’s probably why they don’t walk into banks with a balaclava in a good old fashioned “stick ’em up” anymore. It’s easier to steal stuff online without leaving a ton of evidence behind and – to some – slightly more satisfying.

The problem is, the police get a tough time for “not doing enough” when it comes to combatting cybercrime, yet they are playing a huge cat-and-mouse game with the gap widening by the day. Funding will always be an issue, but that just seems like a quick way of the police saying they can’t do it so they go back to investigating “real world” crimes where DNA and fingerprints lead them to suspects.

Criminals no longer wear balaclavas or hoodies. They are amongst us and hidden in plain sight, which makes understanding them increasingly difficult. Law enforcement are struggling, but just as it may sound like all doom and gloom, there is one small glimpse of a win: prevention. If we all simply up our own game and awareness on security, we all stand a better chance on outing the scams, making them pointless so let’s all take a moment to rethink our awareness. Training and education is a key defence in the war on cybercrime and by working together we will beat the cybercriminals!