Inside the Mind of a Cybercriminal: Facts and Fiction

Have you ever wondered what motivates some people to commit cybercrimes targeting personal and corporate victims? Who are these twisted people? How do you recognize them? Is it possible there’s a cybercriminal lurking in your book group or sitting down at your holiday dinner table?

Law enforcement agencies have been researching the backgrounds, personal qualities, and patterns of behavior exhibited by persons engaged in data ransoming, identity theft, and a host of other cybercrimes with the aim of developing a criminal profile of the typical hacker.

You may have seen fictional accounts of criminal profiling in action on TV. The TV series Criminal Minds, which ran for 15 years, first exposed many viewers to the concept of profiling. Shows like Mindhunter, which chronicled the FBI agents who first introduced the concept of criminal profiling, followed on its heels.

But these dramatizations, while undoubtedly entertaining, didn’t always provide the most accurate information about how profiling works. So, let’s dig a little deeper into the mechanics of profiling and what profiling has revealed about cybercriminals.

What Is Profiling Exactly?

Let’s start with what it’s not. In the world of criminal justice, profilers aren’t psychics. “Profiler” is not an actual job title. There’s no one person who possesses extraordinary intuition and solves crimes through purely psychological insights. No single person employed by a law enforcement organization owns that moniker.

Rather, criminal profiling is a strategic process that’s cooperatively undertaken by a wide range of law enforcement employees. It’s a blend of forensics—a hard science—and psychology, which, after all these years, is still considered a soft science

Forensic science involves examining physical crime scene evidence, like DNA, fingerprints, blood patterns, bullets, and the like. According to the American Psychological Association, “forensic psychology emphasizes the application of research and experimentation in other areas of psychology (e.g., cognitive psychology, social psychology) to the legal arena.”

In other words, it’s a blend of psychology and law. Forensic psychologists use the vast body of psychological data to cross-reference patterns of criminal behavior. Investigators are able to make inferences and predictions based on these patterns. That’s how forensic psychology is used to solve crimes.

The Birth of Digital Forensics

Since cyberattacks are digital by definition, physical evidence of the crimes is hard to come by. According to the FBI, the first major computer crime—the Morris Worm—was perpetrated in 1988. But it took until the late 1990s for a new field of criminal investigation to emerge: digital forensics. Digital forensics is the process of gathering, analyzing, and preserving digital evidence for future use in solving cybercrimes.

Like serial killers and bank robbers, cybercriminals follow certain patterns of behavior and may leave “digital signatures” in the wake of their crimes. They may also share some demographic traits, experiences, interests, habits, and psychological traits. Digital forensic psychologists create profiles of cybercriminals based on these shared characteristics. These profiles help investigators narrow the field of suspects and identify perpetrators. To simplify the method they use, you could say, “Why plus How equals Who.”

The State of Cybercriminal Profiling

To be sure, cybercriminals are a diversified cast of characters and can’t be painted with too wide a brush. Over the years, forensic psychologists have been able to identify certain traits that criminal hackers have in common. But scientists admit that the relatively short history of cybercrime, a lack of abundant data, and the subjects studied—who were not always perpetrators of serious crime but rather dabblers—means there’s lots more evidence to be gathered in support of the profiles they’ve developed. But let’s take a look at what the research reveals so far.

Demographic Identifiers

One of the more comprehensive studies of cybercriminals was launched in 2018 by Hyslip and Holt. It involved 821 respondents, all of whom self-identified as cybercriminals. The data gathered by the study was all self-reported by survey participants, which scientists caution may impart a certain amount of bias. For example, when asked to assess their own levels of skill on a scale of 1 to 10, most survey respondents gave themselves a 10, but the second most common answer was 1.

The truth probably lies somewhere in between. But in terms of basic demographics, the survey found that respondents were predominantly male (88%), white (63%), and young. The majority of respondents had also attended college. Smaller studies found that 68.6% of respondents were single. The majority were employed and had no criminal record.

Are Cybercriminals Anti-Social Introverts?

The lone-wolf theory of cybercriminals has been largely debunked. Cybercriminals often work in small groups. That’s particularly true of hacktivists, a subset of cyber offenders who are united by common beliefs, often political in nature. But group affiliation isn’t limited to hacktivists. A significant portion of cybercriminals belong to cybercrime gangs. Gangs facilitate a wide range of crimes, from extortion to credit card fraud to money laundering.

But fraternity has further penetrated the digital underworld. Arguably, one of the reasons cybercrime is on the rise is that there is an established business community dedicated to providing cybercriminals tools they can use to commit crimes. These businesses, sometimes known as “booters” or “stressers,” offer a wide range of products, such as ready-made Distributed Denial of Service bots, ransomware-as-a-service, and platforms hackers use to test their attacks prior to launch. Many are as organized as any other SSaS corporation and have familiar executive hierarchies, profit goals, and the like.

The Hyslip and Holt research project found that 89% of cybercriminals interviewed had purchased services from one or more cybercrime companies. And they’re largely satisfied customers, with 74% reporting that the services they purchased worked as advertised.

What Motivates Cybercriminals?

Profilers not only study “whats”—the type of crime, victims, and technical means used to commit cybercrimes—but also the “whys”:

  • Not surprisingly, financial gain is the most common motivator for cybercriminals. There are millions of dollars to be gained through cybercrime, as witnessed by such infamous ransomware attacks as the one perpetrated against the travel services company CWT. The company set a record when it paid over $4.5 million in Bitcoin to a group known as the Ragnar Locker gang. Cryptocurrency thefts typically net much larger sums of money. In November 2022, hackers stole cryptocurrency worth $600 million from the cryptocurrency exchange FTX.
  • Some cybercriminals are motivated by the desire to be recognized for their achievements. The hacker community is particularly competitive. Members compete in a global game, trying to one-up each other and create more havoc than their cohorts.
  • Cybercrimes are often perpetrated by organizational insiders. Some are employees, some are vendors, and some are trusted partners. These crimes may be financially motivated. But they’re just as often perpetrated by people who have a personal beef with the companies they attack. One study estimates that 75% of insider attacks are executed by disgruntled employees.
  • Hacktivism is a type of cybercrime defined by the misuse of computers to achieve social and political ends. Early hacktivists were largely focused on human rights and sought to undermine censorship. They sought to publicize private information held by governments and corporations, believing that the truth would inspire protests and widespread political movements. Patriotic hacktivism increased in 2022, with many actors motivated by the war waged by Russia on Ukraine.
  • Some cybercrimes are state-sponsored. Hackers receive government funding to further the political aims of a government against its enemies. State-sponsored cyberattacks are often the digital extension of larger espionage efforts. They focus on critical government infrastructure and companies that serve government interests. State-sponsored cyberattacks may seek to undermine defense capabilities, create fear amidst the population, or spread disinformation that can affect a nation’s elections and culture.
  • Some companies will stop at nothing to beat the competition. In some industries, corporate espionage represents an overwhelming percentage of cyberattacks perpetrated against commercial organizations. These crimes target highly sensitive data, including trade secrets, product blueprints and formulae, and other intellectual property. They’re executed purely for financial gain. Corporate cyber-spies may also target documents containing research and development goals, marketing plans, and overall business strategy. Many of these attacks are advanced persistent threats (APTs) that go undetected for long periods and have a devastating effect on targeted businesses.

Where to Next? The Future of Cybercrime Profiling

Between 2020 and 2021, the number of cyberattacks globally increased by over 15%. Organizations struggled with the challenge of protecting data, given the new work-from-home culture that the global pandemic created. During the first half of 2022, the statistics were even more alarming. Globally, we saw a 42% increase in cyberattacks.

Certainly, the data suggests that the world is largely unprepared for the frequency, size, and sophistication of today’s cyberattacks. By some estimates, cybercriminals are capable of breaching over 90% of internal business networks. And that doesn’t account for the millions of personal computers in our homes.

But organizations and individuals are responding to the growing threat. The global cybersecurity market grew from $181.12 billion in 2021 to $201.33 billion in 2022, with the greatest increase in spending attributed to small-to-midsize businesses. Individuals are stepping up their security game, too. The value of the global identity theft protection market was valued at $10.07 billion in 2021 and rose to $11.39 billion in 2022. About 80 million households in the U.S. use some kind of anti-virus software.

The vast majority of cybercriminals today are never caught. Knowing they can escape detection may further embolden bad actors. Ultimately, the aim of profiling is to identify cybercriminals and bring them to justice. Organizations such as the National Cyber Forensics and Training Alliance, the Anti-Phishing Working Group, the U.S. Secret Service’s Electronic Crimes Task Force, and the FBI’s Cyber Action Team are working to raise up the art and science of profiling. Cooperation among the public, private, government, and academic sectors will be key to learning what makes cybercriminals tick and bringing the cybercrime epidemic we’re currently facing under control.

Susan Doktor is a veteran journalist and brand strategist with more than 30 years of writing experience. She writes about a wide range of topics, including personal and B2B finance and the cybersecurity market. Her contribution comes to us courtesy of