Share this article on:
A new study into gender and cyber crime has found that the criminal underground may be more accepting of women than the wider industry.
Trend Micro’s report, The Gender-equal Cybercriminal Underground, reveals how the company analysed posts from a range of both English- and Russian-speaking hacker forums, and compared the data to more legitimate online communities.
The numbers show an impressive gap between legal and illegal communities. In English-language hacker forums, such as Cracked or Hack Forums, 40 per cent of visitors were women, while on Russian forums, that average figure climbed a little to 42.6 per cent.
One forum, Sinister, had the highest amount of female posters, at 61 per cent. This is in stark contrast to aboveboard forums.
“When compared to Stack Overflow, a developer and programming forum, only 12 per cent of visitors were female,” Trend Micro’s researchers revealed.
The research also tracked the ages of the women visiting these forums, with the largest age group in the 25–34 bracket on both English- and Russian-speaking sites.
This data was compiled using Semrush, a machine-learning tool that can compare census data and information from social media to analyse content to identify gender online. Trend Micro does admit the process may be a little ropey, however.
“While the exact methodology used is proprietary,” the report says, “the company claims to draw on data from web traffic of over 200 million real internet users in 190 countries.”
Trend also used another machine-learning tool, Gender Analyzer V5, which can supposedly analyse text to uncover the gender of the writer. Here, the stats skew a little lower, with around 30 per cent of posters suggested to be women.
The report also looks at some criminal areas where women are specifically sought after. Many hacking groups look for women to work in call centres “supporting” fake software, or to take part in romance scams where voice and video communication is called for to sell the con. They’re also often hired as mules to move money around.
Otherwise, though, Trend Micro has found the cyber criminal community to be largely merit-based. Skills matter, not gender, though in some communities, there remains some level of distrust towards women — but by and large, it’s not an issue.
Based on this, Trend Micro has one important piece of advice for researchers and investigators: don’t assume that the person you are looking into is a male. Referring to threat actors using male pronouns as default introduces an element of gender bias, which could blind investigators.
Referring to actors as they/them is a more useful option, as it removes that bias, and also helps investigators as they may be pursuing a group of people, not just one individual.
“It is generally accepted that most cyber criminals are likely male. However, gender bias — whether explicit or implicit — can severely undermine a criminal investigation,” the report concludes.
“Law enforcement and other investigators should not automatically assume the actor’s gender to be one or the other.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.