This study maps what is known about the criminal profiles of perpetrators of large-scale high-impact cybercrime attacks from Eastern Europe and Russia, including their background characteristics, motivations and recruitment. The evidence was collected through an expert workshop ('kennistafel'), identifying the main gaps in knowledge as well as avenues for future research.

Daderprofielen van cybercriminelen uit Oost-Europa en Rusland

[Profiling cybercrime perpetrators from Eastern Europe and Russia]

Fook Nederveen, Erik Silfversten, Rick Slootweg, Stijn Hoorens

ResearchPublished Jun 26, 2024

Cover: Daderprofielen van cybercriminelen uit Oost-Europa en Rusland
Download PDF

Dutch

Additional Downloads

Includes Translations; Samenvatting

Note: This report is in Dutch. An English-language summary is available.

Large-scale high-impact cybercrime attacks pose a serious threat to governments, companies and individuals. In recent years, many incidents in the Netherlands originated from Eastern Europe and Russia. Geopolitical tensions with Russia have added fuel to the fire, blurring the lines between criminal and state-sponsored cyber threats and complicating international efforts to apprehend cybercriminal actors and dismantle their organisations. The cyber threat from this region may become even greater if the war in Ukraine escalates further.

While much research has been done on the activities of organised cybercrime and the tactics, techniques and procedures used to carry out illegal activities, much less is known about the profiles of the cybercriminals involved. Against this backdrop, the Research and Data Centre (WODC) of the Dutch government asked RAND Europe to organise a workshop ('kennistafel') to collect existing knowledge on the background characteristics, motivations and recruitment of this group of cybercriminals. The objective of the study was to identify knowledge gaps and avenues for future research. An improved knowledge position in this area could contribute to the efforts of the Dutch Ministry of Justice and Security, the Public Prosecutor's Office and the police to combat and prevent cybercrime in the Netherlands.

Key Findings

  • RAND Europe organised a workshop ('kennistafel') with academics, law enforcement agencies and cybersecurity professionals operating on the frontlines of the fight against cybercrime to identify and synthesise all available information on the criminal profiles of cybercrime actors in Eastern Europe and Russia.
  • We found that there are insights regarding all aspects of the offender profiles of this group of criminals that we focused on in the workshop, even though the evidence base and the degree of knowledge varies. There is generally more known about the motives and recruitment than about the background characteristics of these cybercriminals. Knowledge also tends to be more extensive and stronger when it is less necessary to be able to link information to the identity of specific individuals (so-called pre-attribution data).
  • Future research should focus on serving the specific needs of law enforcement agencies, including prevention, detection and prosecution. The experts indicated that additional insights and a strengthened knowledge base would be especially useful in relation to the cybercriminals' 1) criminal history, 2) social and psychological drivers, 3) channels of operation and communication, 4) collaboration and rivalries, 5) relationships with politics and ideological motivations, 6) cooperation with intelligence agencies, and 7) money laundering strategies. Research based on primary data, such as police data or leaked chat logs, would be especially valuable in these areas.
  • In addition, future research could provide more direction on what evidence would be most useful for which purposes (e.g. for prevention or detection); how cybercriminals can best be profiled by extension; and how acquired knowledge on offender profiles of cybercriminals can be integrated into technical and digital forensics research.

Topics

Document Details

Citation

RAND Style Manual

Nederveen, Fook, Erik Silfversten, Rick Slootweg, and Stijn Hoorens, Daderprofielen van cybercriminelen uit Oost-Europa en Rusland: [Profiling cybercrime perpetrators from Eastern Europe and Russia], RAND Corporation, RR-A3346-1, 2024. As of April 8, 2025: https://www.rand.org/pubs/research_reports/RRA3346-1.html

Chicago Manual of Style

Nederveen, Fook, Erik Silfversten, Rick Slootweg, and Stijn Hoorens, Daderprofielen van cybercriminelen uit Oost-Europa en Rusland: [Profiling cybercrime perpetrators from Eastern Europe and Russia]. Santa Monica, CA: RAND Corporation, 2024. https://www.rand.org/pubs/research_reports/RRA3346-1.html.
BibTeX RIS

Research conducted by

The research described in this report was prepared for the Wetenschappelijk Onderzoek- en Documentatiecentrum [the Dutch Research and Documentation Centre] (WODC) and conducted by RAND Europe.

This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.