390 likes | 625 Views
THE CRIMINOLOGICAL PROFILE & A POSSIBLE SOLUTION THE CRIMINOLOGICAL PROFILE OF THE E-CRIME CRIMINAL AND EMERGING OPPORTUNITIES: DR ALICE MAREE A TASK TEAM E-CRIME COUNTERING STRATEGY: JAC SPIES. THE CRIMINOLOGICAL PROFILE OF THE E-CRIME CRIMINAL & EMERGING OPPORTUNITIES Dr Alice MAREE
E N D
THE CRIMINOLOGICAL PROFILE & A POSSIBLE SOLUTION • THE CRIMINOLOGICAL PROFILE OF THE E-CRIME CRIMINAL AND EMERGING OPPORTUNITIES: DR ALICE MAREE • A TASK TEAM E-CRIME COUNTERING STRATEGY: JAC SPIES
THE CRIMINOLOGICAL PROFILE OF THE E-CRIME CRIMINAL & EMERGING OPPORTUNITIES Dr Alice MAREE 011 8473159 alicem@sabric.co.za
STRUCTURE OF PRESENTATION • Historical background of criminological profiling • Different types of profiles • A criminological profile of the e-crime criminal • Emerging opportunities for E-crime
HISTORICAL BACKGROUND • Lombroso - He compared information such as race, age, sex, physical characteristics, education and geographic region about similar offenders. • Kretschmer - He classified and labeled criminals according to body type, personality type and criminal potential. • Taylor - The earliest hacker profiles was compiled before 1990
DIFFERENT TYPES OF PROFILES THE CRIMINAL OR PSYCHOLOGICAL PROFILE (FBI BEHAVIORAL LABORATORY AT QUANTICO) • Soft-evidence profiling • Hard-evidence profiling CRIMINOLOGICAL PROFILE • Individual perspective • Social context • Criminal event
CRIMINOLOGICAL PROFILING This profile is developed by criminologists. The following skills are needed: • sound knowledge of criminology • knowledge of psychology such as issues of personality traits and temperament • knowledge of sociology focusing on relevant social issues such as poverty, unemployment, collective and deviant behaviour • intensive research on crime and criminal behaviour
A CRIMINOLOGICAL PROFILE OF THE E-CRIME OFFENDER
INDIVIDUAL CONTEXT Biological: • There is no indication of biogenetic or psychological deviancies • Normal personality type • More skinny than fat • Tans are rare
INDIVIDUAL CONTEXT Psychodynamic: • Crave attention and peer recognition from other hackers or friends • Low self-esteem (self assurance surfaces only when with other (hackers/crackers) talking about computers
INDIVIDUAL CONTEXT Cognitive: • They perceive themselves to be intelligent, but poor achievers in school. • Tend to be easily frustrated by their school or work situation if it is not challenging enough for them • Technically skilled • Fairly clever • Reasonably to highly skilled in computers
INDIVIDUAL CONTEXT Rational decision making: • They do not consider themselves as offenders but “borrowers” or electronic freedom fighters • Want to punish administrators that are not security-conscious • Creative in rationalising their own behaviour. • Their guilt feelings are therefore rather easily neutralised
INDIVIDUAL CONTEXT: HARD CHARACTERISTICS • Age: 15 and 45 (peak 14 and 25) • Sex: mainly male although women are becoming increasingly involved • Marital status: Mostly young teenage boys – obviously unmarried due to their age • Education: high school level; degree level or self-educated to an equivalent level • Employment: School level, a variety of occupations • Criminal record: No previous criminal records
INDIVIDUAL CONTEXT: SOFT CHARACTERISTICS • Problem solvers • Creative • Individualistic • Arrogant • Obsessed by and addicted to computers • Passion for programming • Sense of power or influence • Control freaks in the sense that they love making complicated things such as computers do effective stuff for them
SOCIAL CONTEXT Socioeconomic status: • Middle and upper class families • Do have affordable or rather relatively inexpensive internet access Social problems: • Limited use of non-addictive psychedelic drugs such as cannabis, LSD. • Seems to be in general dislike of drugs that make them stupid
SOCIAL CONTEXT Interpersonal relationships: • Loner except when communicating online • Comes from troubled or dysfunctional homes • Fears of being humiliated, unmasked or losing respect • Generally works alone but does socialize normally • Not socially integrated with age-peer group • Tend not to engage in peer group behaviours such as dating school activities
SOCIAL CONTEXT Dress and appearance: • Casual with the emphasis on comfortable, functional, and minimal maintenance. • Very low tolerance of suits and other ‘business’ attire; • Not uncommon for hackers to quit a job rather than conform to a dress code. • When they are somehow backed into conforming to a dress code, they will find ways to subvert it, for example by wearing absurd novelty ties. • Appearrance: Long hair, beards, and moustaches are common.
SOCIAL CONTEXT Communication style: • Poor person-to-person communication skills • Sensitive to nuances of language and precise in their use of it (eg the distinction between hackers and crackers) • Often better at writing than at speaking
CRIMINAL EVENT Precursors (motives): • Motivated and prepared to accept challenges • Excitement and intellectual satisfaction of hacking • Have plenty of relatively inexpensive time to hone hacking skills • Play on one’s fears of the unknown • Using their superior knowledge to infiltrate an individual’s or a businesses personal security • Financial distress as some does have a history of bad debt • See it as an opportunity to increase self-esteem
CRIMINAL EVENT Predisposing factors: • A relationship between an e-criminal and victim/business is not required, so therefore the offender does not have to be an employee or ex employee of any business/bank • Do not have any real understanding of the damage the activities might be causing • Doing it in part to boost their own egos • Views his/her criminal activities as a game
CRIMINAL EVENT Characteristics of organizations at risk: • Companies with administrators who are not security-conscious • Companies with vulnerable servers • Companies with sites housed in hosted environments in which a single break-in would make multiple Web sites vulnerable • Not necessarily local Web sites but sites with vulnerabilities irrespective of where the site is located, it may range across a wide spectrum of countries • Business systems and government agency systems • Frequent users of Internet for electronic related commerce • Universities as a computing environment
CRIMINAL EVENT Characteristics of individuals at risk: • Individuals using electronic banking privately on their personal computers • Limited/not secured in accordance with the information security measures
CRIMINAL EVENT Precipitating factors • Deficiencies of the administration of criminal justice • Increasing sophistication and skills of offenders
CRIMINAL EVENT Triggering factors: • Rationalisation/ neutralisation • Denial of responsibility • Denial of injury • Denial of victim • Condemnation of the condemners • Appeal to higher loyalties
CRIMINAL EVENT Opportunity for E-crime (Will be addressed in more detail) based on Routine activity theory • The availability of suitable targets or opportunities: Exploit common weaknesses in the security or target system; Cheap internet access at homes; Information technology offer incredible new opportunities for crime • Absence of capable guardians • The presence of motivated offenders
CRIMINAL EVENT The Crime: • Context specific particulars of the individual criminal cases • The criminals scan the information and delivery systems • Identify vulnerabilities • Find means to exploit them.
THE CRIME Groups (r00t3rs) • used automated searches to scan wide ranges of IP addresses • searched for vulnerable servers • used standard exploits and tools downloaded from the Internet • hacked vulnerable servers Crime syndicates • Hiring kids - to do hacking • Why? • Prosecution - Dolus capax (age); financial implications Individuals (aKt0r) • Modus operandi – individual victims: • Send programs to victims or users as e-mail messages • Once those messages are opened, • their identities are stolen (spy ware)
CRIMINAL EVENT Aftermath: The consequences and implications of the conviction of a E-crime offender: Sentences: Imprisonment 2 – 7 years Restitution $64 900 – $94 000; Probation (2 years) Suspended sentence (4 years); Fine ($100) • Suffering of disgrace • Humiliation • The conviction is a personal calamity • Prison sentencing is regarded as a sever punishment
EMERGING OPPORTUNITIES IN E-CRIME Three kinds of crime-prone features of e-crime can be identified: • The Internet as wild frontier (lawlessness) • Information systems provide opportunities for crime • Information as crime target of e-crime
The Internet as wild frontier (lawlessness) • The popular view of the Internet as wild frontier where there is little order, no law, all are or ought to be free to do and say what they want – promotes values that cherish an antagonism to any authority
Information systems provide opportunities to • Stealth • Challenge • Anonymity • Reconnaissance • Escape • Multiplied (SCAREM Newman & Clarke)
Stealth sneak completely invisible into the databases of a bank take what they want leave no or little trace of their entry Challenge motive to beat the system so much so for theft but being able to brag that they brought down or broke into the system
Anonymity • Internet provides • a degree of privacy in communications and purchases • to criminals means of exploiting the system • by enabling them to • carry out crimes eg bank transfer fraud that require • intrusions into a system over a long period of time
Reconnaissance • to the offender to identify suitable targets • availability of computer programmes • on the web for download can be employed • to scan the web for individual computers that are vulnerable to attack
Escape • Kind of guaranteed: • Criminal exploits the characteristics of the Internet • e.g. use others Internet address/computer/ computer environment
Multiplied a single crime • Additional crimes of more cash or other benefits • e.g. cracking into corporate or government databases - possibility of crimes such as terrorism, blackmail, credit card fraud as a result of the value embedded in those databases
Information as crime target of e-crime Kinds of information • Intellectual property (books, CD, DVD software) • Intelligence (database, credit information, id of clients • Systems (information systems) • Services (telephone,banking, medical advice)
Kinds of targets • Operational (provide object - money & access -password ATM card) • Transitional (Plan to steal money, target network to gain access to bank accounts) • Proximate (Scan for vulnerable target) • Convertible (steal cell phone to use phone services; steal credit card to purchase goods) • Attractive (High-profile business websites) • Incidental (virus/worms, more websites, more users) • Undifferentiated (disrupt network –no specific object/person)
Elements of consumer products that made them vulnerable to theft: • concealable (move files and hide anywhere on the Internet), • removable (copy files, leave original but similar), • available (all info are available on the Internet), • valuable (data bases of personal information of customers are valuable to merchants) • enjoyable (music and video’s) • disposable (anything can be sold on the Internet)
Hacker’s ethic • Access to computers should be unlimited and total • All information should be free • Mistrust authority – promote decentralization • Hackers should be judged by their hacking not bogus criteria such as degrees, age, race or position • You create art and beauty on a computer • Computers can change your life for the better Levy (Newman & Clarke 2003:71