Reverse Deception: Organized Cyber Threat Counter-Exploitation (42 page)

Criminal profiling also emerged in the United Kingdom around 1985 when a British psychologist named David Canter was approached by Scotland Yard about the infamous Railway Murderer.
³
Canter went on to develop the field of Investigative Psychology through which he hoped to bring a more scientific rigor to the then fledgling practices of British law enforcement in the area of offender profiling.

In examining the area of profiling, Canter discusses three relevant areas (Canter, 2004):

Salience
This refers to the process by which the investigator must decide which pieces of physical evidence are behaviorally important.

Consistency
This is the degree to which these behaviorally important clues are consistent from crime to crime. Canter points out, however, that there “… will be criminals who are consistently variable or whose behavioral trajectories demonstrate some form of career development, as well as those whose criminal behaviour will remain relatively stable over time.”

Differentiation
This refers to the degree to which offenders can be differentiated from each other through patterns of offending and evidence. Being able to differentiate which crimes were committed by which offenders, whether or not their exact identity is known, is also important in being able to sort out which physical and psychological clues belong to which offender.

In time, Canter’s work caught on with law enforcement agencies in the United Kingdom. Eventually, there emerged a new type of officer—the Behavioral Investigative Advisor—who was to assist regular British law enforcement officers with the investigation of certain crimes in the United Kingdom.

The Emergence of Cyber Profiling

Cyber profiling is a relatively new area of expertise, especially compared to the historical timeline of traditional criminal profiling. There are a number of likely reasons for this. The most obvious, of course, is that traditional crime has been around for a very long time, while computer crime is a much more recent phenomenon.

Traditional criminal profiling has often focused on high-profile, sensational physical crimes—such as murder, serial killing, and serial rape—that invoke substantial violence and public outcry. In contrast, until very recently, computer crime has not attracted much public attention, and the pressure on law enforcement to pursue computer criminals was at a much more modest level. It’s only in the past few years that the magnitude of the general level of computer crime, as well as the magnitude of the consequences of these criminal events, has elevated cyber profiling into playing a more substantial role in computer crime investigations.

Another crucial reason why cyber profiling is a relatively new phenomenon is that until very recently, the behavioral aspects of computer crime and cyber terrorism were almost completely ignored. Since the beginnings of the modern-day version of information security, the focus of security professionals has been on the technical aspects of network and information security. Kilger remembers giving a briefing on the behavioral aspects of digital threats to a group of defense officials more than ten years ago, where it was quite clear that no one in the audience had ever given the idea any thought. Even today, the physical and software components of security—including but not limited to firewalls, intrusion detection systems, antivirus software, data encryption, and authentication schemas—receive almost all of the attention of security specialists, while research into gaining a better understanding of the behavioral aspects of the threat matrix remains largely untouched.

Yet another potential reason for the late emergence of cyber profiling has to do with the nature of the gradual evolution of computer crime. In his “Computer Crime” article in the
Encyclopedia of Crime and Delinquency
, Richard Hollinger suggests that there have been four epochs in computer crime (Hollinger, 2001):

Discovery period (1946–1976)
During this epoch, the concept of using computers for unethical
⁴
acts first emerged. One of the earliest researchers to explore the area of computer crime was Donn Parker. His first book,
Crime by Computer
, focused almost entirely on the misuse of mainframe computers because personal computers had not yet been truly invented (Parker, 1976). While mostly anecdotal, his book did much to bring attention to the freshly minted concept of computer crime.

Criminalization period (1977–1987)
During this time, lawmakers realized that there were essentially almost no laws on the books that covered unethical acts committed on computers or computer networks. While the number of computer crimes committed was still quite small, many states, as well as the federal government, passed a number of computer crime laws.

Demonization of the computer hacker (1988–1992)
During this time, a number of larger-scale computer crimes were perpetrated, including the Internet Worm created by Robert Morris, the break-in of computers at Lawrence Livermore Labs Berkeley by a group of German teenagers, and the exploits of hacking various corporate and university computers by Kevin Mitnick, among many others. This era began the emergence of computer hacking and computer crime into the consciousness of the American public. Computer hackers, whether they were involved in legitimate research in the name of computer science or perpetrating computer crimes, were demonized by the public and seen as a threat to the common social good. This demonization brought some of the first real research attention to the question of why individuals would seek to commit malicious acts using computers and computer networks. The idea that it would be beneficial to better understand the motivations and behaviors of this demonized subculture began to take hold.

Censorship period (1993–present)
During this epoch, authorities realized that information was a key differentiating element in computer crime. Some perpetrators produced and collected data files containing illegal pornographic images of children. Other individuals stole data files containing thousands or even millions of credit card numbers or other financial records. More recently, the theft of secret government documents has led to yet another type of computer criminal. In each of these cases, lawmakers, law enforcement, and other state and federal entities have focused their efforts on preventing these types of stolen information from circulating among all or a portion of the population. The differentiation and seriousness of the types of information and data being exchanged and/or stolen has encouraged researchers to further explore the nature of why certain types of individuals commit different types of computer crime and online malicious behavior.