Predicting new hackers’ criminal careers: A group-based trajectory approach

Abstract

The current study employs group-based trajectory modeling to assess the longitudinal attack patterns of new hackers involved in website defacement. Specifically, we track the activity of 241 emergent hackers for one year following their first verified website defacement. In doing so, we find four distinct criminal trajectories: low threat (29.0%), naturally desisting (26.5%), increasingly prolific (22.3%), and persistent threat (22.1%). Hackers classified as low threats engage in few defacements, whereas persistent threats engage in high-frequency attacks. Those labeled as naturally desisting begin their careers with velocity but become less prolific with time. Conversely, those classified as increasingly prolific engage in more attacks as they advance in their criminal careers. Using a series of regression models, we find that digital artifacts and open-source intelligence are predictive of group involvement. The findings presented in this study contribute to our theoretical understanding of the developmental trajectories of hackers, while providing valuable insights in fostering targeted intervention strategies aimed at effectively mitigating and preventing cyber-attacks.