IT Security Outsourced IT

Threat Actor Profiling

What is Threat Actor Profiling?

Cyberattackers are constantly and aggressively working to find new ways to carry out malicious activities. Psychological profiling in cybersecurity is an intruder identity tool that helps to gather information about these threat actors in order to reveal their identities through the analysis of their psychological traits and characteristics. Through psychological profiling, it is possible to identify the nature, behavior, and thought processes of individuals, which can be applied to threat actors to help reveal their motives and identities. Profiling of a threat actors may include several elements including1:

  • Characteristics/traits of personality. Characteristics of personality refer to the differences in individual thoughts, feelings, and behaviors. The personality of a cybercriminal is closely linked to the enhanced internal need to take risks, in violation of the law, and to achieve some personal or material benefit.
  • Criminal professionalism. Certain personality characteristics lead to a stable and successful approach to cybercrime. Criminal professionalism characteristics include specific personality qualities; expertise and skills; fearlessness, bravery, and self-confidence; efficacy and feasibility of criminal action; and a sense of accomplishment associated with achieving a specified goal.
  • Technical knowledge. Advanced technical knowledge and technical abilities can reveal high levels of intelligence and/or education.
  • Social Characteristics. Social characteristics include demographic features, socioeconomic status, and sociopsychological and moral qualities.
  • Characteristics of motivation. Motives are developed and created under the control of individual thoughts and emotions; they may be internal or driven by the influence of others.

Criminologists have developed several theories to explain why individuals engage in cybercrime including2:

  • Rational Choice Theory. This theory suggests that individuals engage in cybercrime because they believe it is a profitable and low-risk activity. In other words, they weigh the potential benefits of committing a crime against the potential risks of getting caught and punished.
  • Social Learning Theory. This theory argues that individuals learn to engage in cybercrime through observing the behaviors of others, particularly those who are close to them. They may also be influenced by media portrayals of hackers as glamorous and successful.
  • Strain Theory. This theory posits that individuals engage in cybercrime when they experience strain or pressure in their lives, such as economic hardship or social exclusion. Cybercrime may provide a way for them to alleviate their stress or gain a sense of power and control.
  • Routine Activities Theory. This theory suggests that cybercrime occurs when there is a convergence of three factors: a motivated offender, a suitable target (such as a vulnerable computer system), and the absence of capable guardians (such as effective cybersecurity measures).
  • Self-Control Theory. This theory proposes that individuals who engage in cybercrime have low levels of self-control, which makes them more likely to act impulsively and make decisions without considering the consequences.

1 Texial, 2021, “What makes a Cybercriminal? Understanding the profiling of a Cybercriminal”

2 Ramirez-Thompson, 2023, “Criminological Explanations of Cybercrime”