Framing the Attacker in Organized Cybercrime

When large values are at stake, the attacker and the attacker´s motives cannot be easily modeled, since both the organization at stake and the possible attackers are unique and have complex motives. Hence, rather than using stereotypical attacker models, recent work proposes realistic profiling of the opponent by the use of user-centered design principles in form of the persona methodology. Today, cyber crime is often organized, i.e., attacks are planned and executed by an organization that has put together a tailor made team consisting of the necessary skills for the task. The actual individuals taking part in the attack might not be aware of or interested in the overall organizational motives. Rather, taking motives behind espionage, fraud, etc., into account requires consideration of the attacking organization rather than the individuals. In this paper, based on interviews with IT security experts, we build on the attacker persona methodology and extend it with methodology to also handle organizational motives in order to tackle organized cyber crime. The resulting framework presented in the paper extends the attacker persona methodology by also using narratives in order to assess the own organization´s security. These narratives give rise to intrigue sketches involving any number of attacker personas which, hence, make it possible to take organized cyber crime into account.