UNIT-2 NOTES

Cybercrime has become a significant concern for individuals and businesses alike. With the rise of
technology, hackers have become increasingly sophisticated in their methods. To understand how to
protect against cybercrime, it's essential to understand the psychology of cybercriminals. In this article,
we will explore the mind of a hacker and the motivations behind their actions.

What Drives Cybercriminals?

Cybercriminals are motivated by a variety of factors, including financial gain, personal satisfaction, and
even political or ideological beliefs. Financial gain is a significant motivator, as many hackers engage in
cybercrime as a means of making money. This can include stealing financial information, selling stolen
data on the dark web, or even holding data for ransom.

Personal satisfaction is another motivator, as many hackers are driven by the challenge of breaking
into secure systems. These hackers often see themselves as skilled and knowledgeable, and the
successful exploitation of a system can bring a sense of achievement and self-esteem.

Hacktivism is another motivation for some cybercriminals. These hackers may be motivated by political
or ideological beliefs and may use their skills to attack websites and systems associated with
organizations or individuals they oppose.

The Psychology of Cybercriminals

Cybercriminals often exhibit certain psychological traits, such as impulsivity, thrill-seeking, and a lack
of empathy. These traits can lead to a lack of concern for the consequences of their actions, including
the harm they may cause to individuals or businesses.

Many cybercriminals also exhibit a high degree of intelligence and creativity, which they use to find
vulnerabilities in security systems and develop sophisticated methods of exploitation.

Cybercrime is taken very seriously by law enforcement. In the early long periods of the cyber security
world, the standard cyber criminals were teenagers or hobbyists in operation from a home laptop,
with attacks principally restricted to pranks and malicious mischief. Today, the planet of the cyber
criminals has become a lot of dangerous. Attackers are individuals or teams who attempt to exploit
vulnerabilities for personal or financial gain.

Types of Cyber Criminals:

1. Hackers: The term hacker may refer to anyone with technical skills, however, it typically refers to an
individual who uses his or her skills to achieve unauthorized access to systems or networks so as to
commit crimes. The intent of the burglary determines the classification of those attackers as white,
grey, or black hats. White hat attackers burgled networks or PC systems to get weaknesses so as to
boost the protection of those systems. The owners of the system offer permission to perform the
burglary, and they receive the results of the take a look at. On the opposite hand, black hat attackers
make the most of any vulnerability for embezzled personal, monetary or political gain. Grey hat
attackers are somewhere between white and black hat attackers. Grey hat attackers could notice a
vulnerability and report it to the owners of the system if that action coincides with their agenda.
(a). White Hat Hackers – These hackers utilize their programming aptitudes for a good and lawful
reason. These hackers may perform network penetration tests in an attempt to compromise networks
to discover network vulnerabilities. Security vulnerabilities are then reported to developers to fix them
and these hackers can also work together as a blue team. They always use the limited number of
resources which are ethical and provided by the company, they basically perform pentesting only to
check the security of the company from external sources.

(b). Gray Hat Hackers – These hackers carry out violations and do seemingly deceptive things however
not for individual addition or to cause harm. These hackers may disclose a vulnerability to the affected
organization after having compromised their network and they may exploit it.

(c). Black Hat Hackers – These hackers are unethical criminals who violate network security for personal
gain. They misuse vulnerabilities to bargain PC frameworks. theses hackers always exploit the
information or any data they got from the unethical pentesting of the network.

2. Organized Hackers: These criminals embody organizations of cyber criminals, hacktivists, terrorists,
and state-sponsored hackers. Cyber criminals are typically teams of skilled criminals targeted on
control, power, and wealth. These criminals are extremely subtle and organized, and should even give
crime as a service. These attackers are usually profoundly prepared and well-funded.

3. Internet stalkers: Internet stalkers are people who maliciously monitor the web activity of their
victims to acquire personal data. This type of cyber-crime is conducted through the use of social
networking platforms and malware, that are able to track an individual’s PC activity with little or no
detection.

4. Disgruntled Employees: Disgruntled employees become hackers with a particular motive and also
commit cyber-crimes. It is hard to believe that dissatisfied employees can become such malicious
hackers. In the previous time, they had the only option of going on strike against employers. But with
the advancement of technology there is increased in work on computers and the automation of
processes, it is simple for disgruntled employees to do more damage to their employers and
organization by committing cyber-crimes. The attacks by such employees brings the entire system
down.

Modus Operandi of Cyber Criminals:

Cybercriminals employ various tactics, techniques, and procedures (TTPs) to carry out their illicit
activities. While their specific modus operandi can vary depending on their goals and expertise, here
are some common methods and strategies used by cybercriminals:

1. Phishing: Cybercriminals send deceptive emails, messages, or websites to trick individuals into
revealing sensitive information, such as login credentials, credit card details, or personal
information. Phishing can also involve social engineering techniques to manipulate victims into
taking specific actions.
2. Malware: Malicious software, such as viruses, worms, Trojans, ransomware, and spyware, is
used to compromise computer systems and steal data or disrupt operations. Cybercriminals
may distribute malware through infected attachments, downloads, or compromised websites.
3. Exploiting Software Vulnerabilities: Cybercriminals search for and exploit security flaws in
software and operating systems to gain unauthorized access to systems or networks. They
often use automated tools to scan for vulnerabilities.
 4. Distributed Denial of Service (DDoS) Attacks: In DDoS attacks, cybercriminals flood a target
server or network with a massive volume of traffic, overwhelming it and causing service
disruptions. This can be used to extort money or disrupt online services.
5. Ransomware: Cybercriminals use ransomware to encrypt a victim's files or entire systems and
demand a ransom for the decryption key. This type of attack has been particularly lucrative
and damaging in recent years.
6. Data Breaches: Cybercriminals target organizations to steal sensitive data, including customer
information, intellectual property, or financial records. They may sell the stolen data on the
dark web or use it for various malicious purposes.
7. Credential Stuffing: This involves using stolen username and password combinations from one
breach to gain unauthorized access to other accounts or services where individuals have
reused the same login credentials.
8. Business Email Compromise (BEC): Cybercriminals compromise email accounts of employees
or executives to impersonate them and deceive others into transferring funds or sensitive
information to fraudulent accounts.
9. Social Engineering: This involves manipulating individuals through psychological manipulation
or deception. Cybercriminals may impersonate trusted entities, use pretexting, baiting, or
tailgating to gain access to secure areas or sensitive information.
10. Identity Theft: Cybercriminals steal personal information to impersonate victims for financial
gain, committing fraud, opening lines of credit, or conducting other illegal activities in the
victim's name.
11. Insider Threats: Cybercriminals can be insiders with legitimate access to an organization's
systems and data. They may abuse their privileges to commit fraud or steal sensitive
information.

Profiling of Cyber Criminals:

Cyber security deals with the safety of technology on computer systems. It is a branch of computers
that regulate security measures to prevent risk and threats to cause any kind of harm to the system.
There are third-party invaders or intruders who carry out malicious activities of stealing private,
business or organisational information for their own benefit/ gains. Knowing about who are the
intruders that carry out this activity and what are the motivates behind carrying out such activities will
indeed help the individuals/ organisations in reducing the risk to their information.

Psychological profiling in cyber security is one such intruder identity tool that helps to gather
information about the intruder. Profiling in cyber security does the job of finding the person
responsible for the malicious activity by gathering the psychological traits and characteristics of the
person. Through psychological profiling, it is possible to identify the behaviour/ nature/ thought
process of individuals which in turn help us to find intruders and the motive of intruders.

Profiling of a cybercriminal may include several criminological and criminal-law-based key elements:

Personal characteristics/traits that are specific to a particular person and which predispose a person
to commit a cybercrime. Criminal professionalism by understanding the personality traits that
contribute to safe and effective cybercrime.

Social characteristics define demographic features, socio-economic status, sociopsychological and

moral qualities.
Motivation characteristics is a system of human activity orientation that prompts people to act, the
activity type of cybercriminals, and the way a cybercriminal has identified or contacted the victim.

The Psychological Profiling of Cyber Criminals involve below traits:

Cyber Technology Professionals

Well versed with the knowledge of scripting.

Professionals who misuse the gathered knowledge.

Goal-oriented Individuals

Motivated individuals to commit malicious crimes/ fraud.

Their goal is to involve in stealing information/ fraud-related activities.

Greedy Individuals

Individuals always looking for monetary gains by unethically stealing data.

Greed for money drives individuals to get involved in fraud.

Manipulative Individuals

Individuals with Manipulating and controlling nature.

The power centric and controlling nature governs them to be the owner of the unethical job.

Risk Takers

Individuals with the tendency to look for situations that are risky and dangerous.

The thrill and risk-taking nature drive them to be the extreme risk-taking work of stealing data/
committing frauds.

Opportunist

Opportunist people looking for potential threats of which they can take advantage.

Individuals that don’t leave any opportunity for blackmailing by having control over the original
content/ information.

Rule Breakers

Individuals who are disbelievers of law and ethical rules.

They don’t believe in following the laws of the right to privacy.

Daring Individuals

Individuals with the trait of exploring daring activities.

They tend to challenge individuals and organisations with their hacking skills.
Tools and techniques used by Cyber Criminals
Cybercriminals use a wide range of tools and techniques to carry out their illicit activities. Here are
some of the tools and techniques commonly adopted by cybercriminals:

1. Malware: Malicious software is a fundamental tool for cybercriminals. This category includes various
types of malwares, such as:

Viruses: Programs that infect other software and spread when the infected software is executed.

Worms: Self-replicating programs that spread across networks and systems.

Trojans: Malware disguised as legitimate software, designed to deceive users into running it.

Ransomware: Software that encrypts a victim's data and demands a ransom for decryption.

Spyware: Software designed to collect information from a user's device without their knowledge.

Keyloggers: Tools that record keystrokes, often used to capture login credentials.

2. Exploit Kits: Cybercriminals use exploit kits to automate the process of finding and exploiting
vulnerabilities in software or web applications. These kits contain pre-packaged exploits for known
vulnerabilities.

3. Phishing Kits: Phishing kits are sets of tools that help cybercriminals create convincing phishing
websites or emails to trick individuals into revealing sensitive information or downloading malware.

4. Botnets: Cybercriminals create networks of compromised computers, known as botnets, which can
be remotely controlled. These botnets are used for various purposes, including launching DDoS
attacks, sending spam, or distributing malware.

5. Remote Access Trojans (RATs): RATs are malware that provide cybercriminals with remote control
over a victim's computer. This control can be used to steal data, log keystrokes, or spy on the victim.

6. Credential Cracking Tools: Tools and techniques for cracking passwords, such as password hash
cracking or dictionary attacks, are used to gain unauthorized access to accounts.

7. SQL Injection: Cybercriminals use SQL injection attacks to exploit vulnerabilities in web applications
and gain unauthorized access to databases. This can result in data theft or manipulation.

8. Dark Web Marketplaces: Cybercriminals often use dark web marketplaces to buy and sell stolen
data, hacking tools, and services, making it harder to trace their activities.

9. Social Engineering: Techniques such as phishing, pretexting, and baiting exploit human psychology
to manipulate individuals into divulging confidential information or taking specific actions.

10. Stenography: Cybercriminals can hide malicious code or data within images, audio files, or other
digital media using steganography techniques.
ROUTINE ACTIVITY THEORY:

Routine Activity Theory is a criminological theory developed by Lawrence E. Cohen and Marcus Felson
in 1979. This theory is used to explain the occurrence of crime and why some individuals become
victims of criminal activities. It focuses on the convergence of three elements: a motivated offender, a
suitable target, and a lack of capable guardianship. When these three elements come together,
criminal opportunities arise.

Here are the key concepts of Routine Activity Theory:

Motivated Offender: This refers to a person who has the desire or motivation to commit a crime.
Motivations can include financial gain, personal satisfaction, or other reasons that drive an individual
to engage in criminal behavior.

Suitable Target: A suitable target is an object, place, or person that is vulnerable to criminal
victimization. Vulnerability can arise from factors like lack of security measures, valuable possessions,
or physical characteristics that make the target attractive to potential offenders.

Lack of Capable Guardianship: Capable guardianship refers to the presence of individuals or measures
that can deter or prevent a crime from occurring. This can include security personnel, surveillance
systems, locked doors, or even the presence of potential witnesses.

The Routine Activity Theory argues that when these three elements intersect, it creates an opportunity
for crime to occur. For instance, a motivated offender (such as a thief) may target a suitable victim (an
unlocked car with valuable items inside) in the absence of capable guardianship (no one around to
witness or intervene). In such a scenario, the risk of a crime taking place is heightened.

The theory also suggests that changes in any of these elements can influence crime rates. For example,
improved security measures or increased police presence can serve as capable guardianship, making
it more difficult for motivated offenders to target suitable victims. Conversely, changes in lifestyle or
social patterns can also affect the routine activities of individuals and alter their vulnerability to crime.
Routine Activity Theory has been influential in criminology and has contributed to the understanding
of crime prevention strategies. It emphasizes the importance of situational crime prevention, which
focuses on altering the immediate environment to reduce criminal opportunities. By addressing the
factors that contribute to crime opportunities, this theory provides insights into how to reduce crime
rates and protect potential victims.

CASE STUDY:

https://www.scirp.org/journal/paperinformation.aspx?paperid=112578

SOCIAL LEARNING THEORY:

The Social Learning Theory, developed by Albert Bandura, provides insights into how individuals learn
and engage in behavior, including criminal activities, within the context of social influences. This theory
can also be applied to understand cybercrime and the factors that contribute to individuals becoming
cybercriminals. Here's how Social Learning Theory can be applied to the realm of cybercrime:

Observational Learning: Social Learning Theory posits that individuals learn by observing and
modeling the behavior of others. In the context of cybercrime, individuals may learn about hacking
techniques, phishing strategies, or other cybercriminal activities by observing or interacting with other
cybercriminals online. This observational learning can occur through various online forums, chat
rooms, or underground communities where cybercriminals share their knowledge and experiences.

Imitation: Once individuals have observed cybercriminal behaviors and techniques, they may imitate
or replicate these actions. This can involve attempting to hack into computer systems, launch phishing
campaigns, or engage in other cybercriminal activities they have learned about. The ease of access to
hacking tools and tutorials on the internet can facilitate this imitation process.

Reinforcement and Punishment: Social Learning Theory suggests that individuals are more likely to
engage in behaviors that are reinforced or rewarded and less likely to engage in behaviors that are
punished. In the context of cybercrime, individuals may be reinforced by financial gains, social status
among their peers, or the thrill of successfully carrying out cyberattacks. Conversely, the fear of legal
consequences and punishment may deter some individuals from engaging in cybercrime.

Associations and Peer Influence: Social Learning Theory highlights the role of social associations and
peer groups in shaping an individual's behavior. In the cybercriminal world, individuals may become
involved in cybercrime through connections with like-minded individuals or online communities that
promote and encourage such activities. Peer pressure and the desire for acceptance within these
groups can influence individuals to engage in cybercriminal behavior.

Self-Efficacy: Bandura's theory emphasizes self-efficacy, which is an individual's belief in their ability to
perform a specific behavior successfully. In the context of cybercrime, individuals who believe they
have the technical skills and knowledge necessary to carry out cyberattacks may be more likely to
engage in such activities.

Modeling of High-Profile Cybercriminals: Some high-profile cybercriminals who have gained notoriety
in the media may serve as role models or sources of inspiration for others interested in cybercrime.
Individuals may be influenced by the perceived success and notoriety of these cybercriminals and seek
to emulate their actions.

DIFFERENTIAL ASSOCIATION THEORY

Organized crime, crime ghettoes, and public corruption can each be explained by and are examples of
differential association theory in action. There are two keywords in the term that make its meaning
clearer- differential and association. Let’s look at each in turn.

Association

Association simply implies being in contact with other people. Most kinds of behavioral traits in life
are acquired through association with or being in contact with other people. In the same way, criminal
behavior is also learned by association with other people who are criminals.

However, is mere association with a criminal enough to turn a person into one?

Most of us at some points of time in our lives come into contact with people who have transgressed
the law in one form or the other. Can such association potentially transform us into criminals as well?
The second term answers this question.

Differential

The word ‘differential’ implies that different kinds of associations will yield different behavioral
outcomes. In other words, the frequency, intensity, and duration of association plays a defining role in
shaping behavior.

So criminal behavior is learned not just by mere association with other criminals- it needs frequent,
long duration association in close, intimate groups. In other words, the more you are in contact with
criminal people, the more likely you will become a criminal yourself.

Sutherland further explained that there are 9 principles of the differential association theory:

1. Criminal behavior is learned.

2. Criminal behavior is learned from others who may be engaged in such behavior.
3. This process of learning criminal behavior occurs in small, intimate groups.
4. The learning process has two key components: a) Learning the techniques of criminal behavior,
which may sometimes be very complicated. b) Learning how to rationalize or justify these acts
to the self and to others.
5. The act of rationalizing criminal behavior to the self (what Sutherland termed “specific
direction of motives”) first involves having an awareness of the law. It is only when individuals
understand that certain acts transgress the law, that they then begin to justify such
transgression to themselves. (for instance, by thinking that the act is a minor transgression or
it is a victimless crime, and so on)
6. When the balance of such justifications to the self of transgressions of the law (or legal code)
exceeds instances when one chooses to follow the law, a person becomes delinquent.
7. Learning by association is differential in nature, which is to say, the frequency, intensity,
duration, etc. of such association varies, and is the deciding factor in the eventual influence of
such association on a person.
8. Such learning of criminal behavior by association with others is no different than the manner
in which we learn all other patterns of behavior in life. Which is to say, there is no special
manner in which criminal behaviour is imbibed.
9. It is true that criminal behavior is driven by motives such as the need to fulfil certain desires
and the cultural values one imbibes. However, this alone is not justification enough as others
with similar needs and values may not engage in criminal behavior.
CASE STUDY:

https://www.ukessays.com/essays/psychology/differential-association-theory-case-study.php

DIFFERENTIAL OPPORTUNITY THEORY

In the study of criminology, there are multiple different theories that attempt to explain why young
people turn to crime. During the 1960s, two criminologists known as Richard Cloward and Lloyd Ohlin
developed the theory of differential opportunity. Differential opportunity theory is a sociological
theory that posits that juveniles and young adults may turn to deviant activity because they are unable
to become financially and socially successful via means that society deems legitimate. Differential
opportunity theorists believe that those individuals who are unable to accomplish goals in ways are
more likely to attempt to acquire capital and status via illegitimate or deviant means.

While some people in lower socioeconomic classes are able to achieve status via higher education,
others may be unaware of potential opportunities that schools may offer them or do not have the
means to educate themselves, for many different reasons. Differential opportunity theory states that
in these cases, people are more likely to engage in subcultures or different groups of criminal activities.
Another assumption of differential opportunity theory is that young people who are given more
chances at success through legitimate pathways will be less likely to engage with deviant subcultures.
There are three main subcultures that differential opportunity theorists hypothesize that people may
fall into if they fail to attain success via conventional means.

Differential Opportunity Theory Subcultures

The opportunity theory of sociology postulates that there are three main paths or subcultures that
individuals with limited access to opportunities may utilize in an attempt to achieve success or
perceived success. Cloward and Ohlin believed that subcultures exist as a tier system or hierarchy.
These paths, or subcultures, consist of, in order of highest to lowest status:
Crime: The path of crime, considering its definition in differential opportunity theory, entails the use
of property crime predominately, which is mostly nonviolent in nature. Crime is the preferred
subculture for those who live in relatively stable localities and where there are locally available
connections to more organized forms of crime. When referencing the differential opportunity theory,
a stable neighborhood is one where organized crime exists and the individual is able to move into
higher forms of criminality within the group or gang. Crime, therefore, is the first or highest level in
the subculture tier system. Individuals who engage in this type of deviant subculture may have
attempted to — and failed at — achieving success through legitimate means.

Conflict: The path of conflict is the second or middle portion of the tier system. In this subculture,
young individuals take part in violence to control and manipulate others in hopes of achieving a certain
level of status. Individuals who resort to conflict subculture possibly could have attempted to engage
in both legitimate endeavors as well as the illegitimate subculture of crime, but they failed at both
attempts. Cloward and Ohlin's theory assumes that those from lower socioeconomic groups are more
likely to participate in the disorganized subculture of conflict.

Retreatist: The retreatist subculture consists of a path where the young person engages in substance
use in order to attempt to escape societal pressures altogether. Retreatism is the third and lowest level
in the subculture hierarchy. During their research, Cloward and Ohlin found that many of the teens
and young adults who gravitated toward the subculture of retreatism had attempted to succeed in life
via the use of legitimate and illegitimate means but had failed at finding success through legitimate
means as well as through the first and second tier subcultures of crime and conflict, respectively. It is
also possible that an individual who moves toward the retreatist lifestyle may become a member of a
group or gang that holds antisocial or anarchist ideals.

GRC
What is GRC?
GRC (for governance, risk, and compliance) is an organizational strategy for managing governance, risk
management, and compliance with industry and government regulations. GRC also refers to an
integrated suite of software capabilities for implementing and managing an enterprise GRC program.
GRC’s set of practices and processes provides a structured approach to aligning IT with business
objectives. GRC helps companies effectively manage IT and security risks, reduce costs, and meet
compliance requirements. It also helps improve decision-making and performance through an
integrated view of how well an organization manages its risks.
Governance

At its basic level, governance is the set of rules, policies, and processes that ensures corporate activities
are aligned to support business goals. It encompasses ethics, resource management, accountability,
and management controls. Governance also ensures top management can direct and influence what
is happening at all levels of the corporation and that business units are aligned with customers’ needs
and overall corporate goals.

Effective governance creates an environment where employees feel empowered and behaviors and
resources are controlled and well-coordinated. One goal of governance is to balance the interests of
the many corporate stakeholders, including top management, employees, suppliers, and investors.

To maintain this balance, governance can help ensure, for example, that contracts between the
company’s internal and external stakeholders are in place for the fair distribution of responsibilities,
rights, and rewards. This also includes procedures for reconciling conflicting interests among
stakeholders and processes ensuring that supervision, control, and data flows function as a system of
checks and balances.

Governance provides control over facilities and infrastructures, such as data centers, as well as
oversight of applications at the portfolio level. Above all, governance is implemented to provide
accountability for conduct and results. Conduct can be managed through enforcement of ethical
business practices and corporate citizenship rules. Good governance defines jobs based on lines of
business and evaluates employees based on results achieved rather than based on responsibilities.

Risk management

Risk management is the process of identifying, assessing, and controlling financial, legal, strategic, and
security risks to an organization. To reduce risk, an organization needs to apply resources to minimize,
monitor, and control the impact of negative events while maximizing positive events.

At the broadest level, risk management is a system of people, processes, and technology that enables
an organization to establish objectives in line with values and risks. The goal of an enterprise risk
management program is to achieve corporate objectives while optimizing risk profile and securing
value. Part of that task is prioritizing stakeholder expectations and delivering reliable information to
those stakeholders. A risk management program also applies to identifying cybersecurity and
information security threats and risks—such as software vulnerabilities and poor employee password
practices—and implementing plans to reduce them.

The program should assess system performance and effectiveness, assess legacy technology, identify
operational and technology failures that could impact the core business, and monitor infrastructure
risk and potential failure of networks and computing resources. A risk assessment program must meet
legal, contractual, internal, social, and ethical goals, as well as monitor new technology-related
regulations. By focusing attention on risk and committing the necessary resources to control and
mitigate risk, a business will protect itself from uncertainty, reduce costs, and increase the likelihood
of business continuity and success.

Compliance

Compliance involves adhering to rules, policies, standards, and laws set forth by industries and/or
government agencies. Failing to do so could cost an organization in terms of poor performance, costly
mistakes, fines, penalties, and lawsuits. Regulatory compliance covers external laws, regulations, and
industry standards that apply to the company. Corporate or internal compliance deals with rules,
regulations, and internal controls set by an individual company. It is important for the internal
compliance management program to be integrated with external compliance requirements. The
integrated compliance program should be based on a process of creating, updating, distributing, and
tracking compliance policies and training employees on those policies.

To create an effective compliance program, organizations need to understand what areas pose the
greatest risk and focus resources on those areas. Then, policies should be developed, implemented,
and communicated to employees in order to address those areas of risk. Guidance should be
developed to make it easier for employees and vendors to follow compliance policies.