Close panel

Close panel

Close panel

Close panel

Cybersecurity 28 Jul 2020

Inside the mind of a cybercriminal

How do cybercriminals think? What techniques do they use and how do they set up to implement them? What are their goals? There's nothing better than putting yourself inside the bad guy's mind so you will be ready to react. We tell you how these criminals behave.


To get inside the mind of a cybercriminal, you first need to understand his nature. A common mistake is to confuse the term “hacker” with “cybercriminal.” However, there is a key difference between the two: while a “hacker” seeks to know how things work and can break into other people's systems, a cybercriminal, also known as a “cracker” in the IT world, is a person who breaks into these systems for illegal purposes. Confusion between the two profiles is very common, and perfectly understandable considering that both act quite similarly and share a number of characteristics:

  • They are exposed to ICTs very early in life and therefore they have great technological skills.
  • They are intelligent and inquisitive.
  • They are especially good at adapting to all situations, which is closely linked to their ongoing need to overcome challenges.
  • They have an analytical mind, are able to analyze a great deal of information and draw very accurate conclusions.
  • They like to build things, it's often their hobby.
  • They don't tend to be very sociable.
  • And they usually have great self-control: they like to go unnoticed and are able to keep their true feelings under wraps.

These were the attributes listed by Alberto Cuesta, global co-lead for Red Team at BBVA, the unit that tests our systems as criminals would do to check for any security gaps. Cuesta shared his expertise at a talk within ‘Cybertraining Week’, a week of workshops and conferences for the BBVA Group's employees and their family members.


To understand the motives that lead a person to commit unethical or criminal acts, Marleen Weulen Kranenbarg, professor of criminology at the Free University of Amsterdam, spent 10 years interviewing convicted cybercriminals in the Netherlands. She found that the six main motives that drive these people to crime are: curiosity, a sense of challenge, anger, revenge, lust and greed.

To these motives we should add the anonymity that surrounds the cyberworld--a decisive factor when committing crimes of this nature. Remaining anonymous is a very powerful draw for these criminals who, when no one knows who they are, become increasingly emboldened to commit acts of all kinds.

What techniques do they use?

The goal of cybercriminals is to squeeze out the maximum benefit at the least risk. Therefore, once they have overcome the need to successfully face challenges, they are keenly aware that they do not want to be discovered or get into trouble with the law. For this reason, they always attack individuals, who for them are the weakest link in the security chain. To do so, they use social engineering, which is based on four very basic principles inherent in all human beings:

  • We all want to help
  • We tend to trust people
  • It’s hard to say no
  • We like to be flattered

Attackers exploit these weaknesses to get as much information from the victim as possible and create an environment of trust in which they can deceive the victim and then carry out the attack.

How do they organize?

One usually thinks of cybercriminals as individuals. However, the reality is that, nowadays, most of them act in groups. In fact, 50% of cybercrime gangs are made up of six or more people, 76% of whom are men with an average age of 35, Cuesta explained.

Within these groups there are distinct roles: bosses, thinkers or accountants. At all times they measure the risk of the actions they are about to commit to decide whether or not they are worthwhile. Moreover, 50% of these groups are active for more than six months. They do not carry out one-off attacks and disappear but specialize in staying for a long time within the system under attack to get as much information as possible and get the maximum benefit. Therefore, they are organized to such an extent that one could say that they operate as companies.

However, this pattern tends to be limited to attacks on organizations. Harassment and sex crimes are more commonly carried out by cybercriminals who act individually: often shy people who live in large cities, who act haphazardly and have no method of their own, and are angered when their attacks do not work.

Keep informed and don't let your guard down

Knowing how cybercriminals behave is essential and a step in the fight against cybercrime that brings us a great advantage: being aware of the risks, so that we can forestall them. Still, it is important to remember that on the Internet one must always be careful and wary. Anyone can easily become a victim of an online crime.