Geographic profiling for serial cybercrime investigation

Abstract

Today’s cybercrimes are much more difficult to detect and prosecute than traditional crimes. In the investigation of cybercrimes, law enforcement agencies follow similar techniques to traditional crimes that, however, have to be modified to meet the unique conditions and requirements of virtual space. This paper examines cybercrime profiling techniques prevalent today, and focuses on the feasibility of applying geographic profiling technique to cyber offenders. The primary assumption of the research is that for most types of cybercrime, the steps during the procedure of committing criminal act are not random. For example, the choice of the victim, the choice of crime location, similar characteristics, follow a certain logic, which could provide information about the offender’s crime. Testing the utility of a geographical profiling has been carried out on real cybercrime samples obtained by law enforcement agencies. This paper aims to apply the concept of geographic profiling to the issue of cybercrime that involve a physical world, targeting two types of cybercrimes: credit card skimming and spear phishing. Specially developed GeoCrime geographic profiling software designed to assist in the mapping, spatial and statistical analysis of cybercrime patterns was used. The results of the study have shown the possibility of applying geographic profiling to certain types of cybercrimes and under the certain conditions. The importance of geographic profiling is also emphasized, especially in situations where little is known about the offender, such as in cybercrime, where offenders use the Internet to hide their identities and activities.

Introduction

Geographic representation and visualization of crime scenes have become very important in the collection of intelligence on crime. It provides a very dynamic and easy way to track crime patterns and analyze them. The analysis of trends within cybercrime have shown a consistent increase in the number and type of crimes, thanks primarily to the rising use of mobile devices and the increasing use of the Internet on such devices (Cyber et al., 2017). The problem of investigation in the cyberspace is that, it creates unique situations in which conventional investigative practice cannot be fully applied. First of all, the geographical distance between the victim and the attacker is greater (actual attackers can be on the other side of the planet when they commit a criminal offense). Second, the Internet contains a significant amount of personal information about individuals, gives offenders greater access to victims, allows offenders to hide their identity and enable a predator to search for particular types of potential victims. Due to this, the existing traditional investigative techniques have to adapt to new conditions, or use new research approaches. Criminal profiling is an investigative approach based on the assumption that the crime scene provides details about the offense and the offender (Fernando and Yukawa, 2014). The aim of criminal profiling is to prioritize suspects and provide investigators with important case information by identifying the offender’s characteristics. Criminal profiling can be broadly divided into two categories: geographic profiling and profiling personal characteristics of the offender (Flourish, 2012). Geographic profiling is a criminal investigative methodology based on the principles, theories and concepts of environmental criminology for analyzing the locations of a related series of crimes to determine the most probable area of offender residence (Rossmo, 2014). Cybercrime profiling is carried out with the same primary goal as for other criminal offenses and it is to make easier to find the offender of a particular criminal offense. Geographic profiling (GP) was originally developed for the investigation of a serial murder, although it was subsequently applied to numerous other serial crime types, such as rape, robbery, arson, burglary, kidnappings and auto theft. The present work explores the utility of proposed geographic profiling model where calibration of the model and testing the accuracy of the forecast of the geographic profile was performed using solved serial cybercrime cases, that included an interaction with a physical world. Before we explain how this is done, we first give a brief description background of the study and research problem.