Women in cybercrime are more common than you think. The Infosecurity world moves at a glacial pace toward gender equity. A new study into gender and cybercrime has found that the criminal underground may be more accepting of women than the wider industry.
According to a recently published Trend Micro’s study, at least 30% – if not more – of cybercriminal forum users are women.
Trend Micro’s report, The Gender-equal Cybercriminal Underground, reveals how the company analyzed posts from a range of both English- and Russian-speaking hacker forums, and compared the data to more legitimate online communities.
The numbers show an impressive gap between legal and illegal communities. The researchers analyzed five English-speaking cybercrime forums: Sinister, Cracked, Breached, Hack Forums, and (now defunct) Raidforum. And they also inspected five Russian-language sites: XSS, Exploit, Vavilon, BHF, and WWH-Club. Users on these forums are largely anonymous.
Particularly, Trend Micro analyzed posts and traffic on these forums and found that, for English-speaking sites, some 40% of users appear to be women, and 42.6% of Russian cybercrime forum users were women, or at least write like them.
One forum, Sinister, had the highest number of female posters, at 61%. This is in stark contrast to the aboveboard forums.
“When compared to Stack Overflow, a developer and programming forum, only 12% of visitors were female,” Trend Micro’s experts revealed
The research also tracked the ages of the women visiting these forums, with the largest age group in the 25–34 bracket on both English- and Russian-speaking sites.
This data was compiled using Semrush, a machine-learning tool that can compare census data and information from social media to analyze content to identify gender online. Trend Micro does admit the process may be a little ropey, however.
“While the exact methodology used is proprietary,” the report says, “the company claims to draw on data from web traffic of over 200 million real internet users in 190 countries.”
The trend also used another machine-learning tool, Gender Analyzer V5, which can supposedly analyze text to uncover the gender of the writer. Here, the stats skew a little lower, with around 30% of posters suggested to be women.
The report also looks at some criminal areas where women are specifically sought after. Many hacking groups look for women to work in call centers “supporting” fake software, or to take part in romance scams where voice and video communication is called for to sell the con. They’re also often hired as mules to move money around.
Otherwise, though, Trend Micro has found the cybercriminal community to be largely merit-based. Skills matter, not gender, though in some communities, there remains some level of distrust towards women — but by and large, it’s not an issue.
Based on this, Trend Micro has one important advice for researchers and investigators: don’t assume that the person you are looking into is a male. Referring to threat actors using male pronouns as default introduces an element of gender bias, which could blind investigators.
“It is generally accepted that most cyber criminals are likely male. However, gender bias — whether explicit or implicit — can severely undermine a criminal investigation,” the report concludes.
“It is our recommendation for all investigators to avoid assumptions of male personas while carrying out their work (such as referring to a suspect as “he” or “his”) as this creates an inherent bias as they progress their case. We suggest instead to use “they,” which will not only cover any gender involved, but also force investigators to factor in that more than one person may be behind a single nickname under investigation.”