The Psychology of Hackers Steps Toward a New

The Psychology of Hackers: Steps Toward a New Taxonomy Marc Rogers Dept. of Psychology University of Manitoba Senior Security Technical Architect EDS Systemhouse Canada Uof. M 1

Agenda n n n n Introduction Evolution of the Term Theories of Deviance A New Taxonomy Demographics Psychological Profiles Conclusion Uof. M 2

Introduction Criminal Hackers current “enemy” to IT/IS Security n Research their targets n $124 Million lost in 1999 (CSI/FBI) n Intelligence gathering n Information sharing n What do we know about them? n Uof. M 3

Evolution of the Term n 4 Generations of the term Hacker – 1 st Generation: Creative Programmer: MIT/Stanford (1960’s) – 2 nd Generation: Computer Evolutionaries (1970’s) – 3 rd Generation: Games & Copyright breaking (1980’s) – *4 th Generation: Criminals & Cyberpunks (1990’s) Uof. M 4

1 st Generation Creative Programmers & Scientists n Novel methods for programming (code bumming) n Hacker Ethic (The Right Thing. ) n Very respected (Gurus) n MIT (TMRC) & Stanford (SAIL) n Uof. M 5

2 nd Generation n Computer Evolutionary n Hardware Hackers – Mainframe to personal systems – Computer Kits (Altair, Apple) n Founders of Major Computer Companies – Minor criminal activity: Phreaking/Blue Boxing – Software Piracy Uof. M 6

3 rd Generation n Computer Games & Copyrights – Game Hackers – Personal PC – Computer for entertainment – Methods for protecting and breaking copyright codes on games – Minor criminal activity Uof. M 7

4 th Generation n Criminals n Cyber-punks – Rarely technically elite – Motivated primarily by greed, power, revenge, malicious intent n Not respected Uof. M 8

Theories of Deviance n Traditional theories of deviance n Why individuals become involved in delinquent behavior? n How do they justify the behaviors engaged in? Uof. M 9

Theories of Deviance Differential Association: Delinquency based on normative conflict n Conflicting definitions of appropriate behavior n Differential association - communication with intimate groups (peer pressure) n Uof. M 10

Theories of Deviance n Conflicting norms and definitions n Almost a sub-culture n Strong hacker peer pressure n Reinforcement: Internal/External/Vicarious n Complex schedule of Reinforcement Uof. M 11

Moral Disengagement Social Learning Theory (Bandura) Moral standards n Avoid Self-Censure n Rightness of their actions n Valued social or moral purposes n Uof. M 12

Moral Disengagement Mechanisms : Moral justification, n Minimizing, ignoring or misconstruing the consequences, n Dehumanizing, n Attribution of blame on victims. n Uof. M 13

A New Taxonomy n Hackers, Phreakers, Crackers (Moot) n Generic Term n Research on Generic Criminals? n Wide Range of activities n What groups? n Operational Definition Uof. M 14

A New Taxonomy Proposed: n n n n Novice (newbiesscript kiddies) Cyber-punks Insiders Coders Old Guard Professionals Cyber-Terrorists Political Activists? Uof. M 15

A New Taxonomy n Hacker Continuum Uof. M 16

Novice (Newbie/Script Kiddies) Limited computer skills n New to the activity n Rely on software available on the Internet n Nuisance attacks: Denial of Service (DOS) n Can cause extensive damage to systems as they don’t understand how the attack works n Media attention n Uof. M 17

Cyber-punks Better computer skills n Limited programming knowledge n Better understanding of how the attack works n Criminal intent, malicious behavior, credit card frauds, etc. n Media attention n Uof. M 18

Insiders Computer literate n Technology/Information Fields n Disgruntled, Ex-employee n Able to carry out attack due to privileges inherent in position n Largest security problem: 70 -80% of all computer security breaches n Uof. M 19

Coders Technically skilled n Writes the scripts and automated tools n Acts as a mentor to the newbies n Motivated by a sense of power and prestige n Revered n Dangerous (hidden agendas, trojans etc) n Uof. M 20

Old Guard No criminal intent n Values similar to 1 st generation n Disturbing lack of regard for private property n Mentoring n Very defensive and limited view of hacker community. n Uof. M 21

Professional Criminals n Thieves n Corporate Espionage n Guns for Hire n Highly motivated, highly trained, state of the art equipment n Very little known of this group n Uof. M 22

Cyber-Terrorists Increase in activity since the fall of many Eastern Bloc intelligence agencies n Well funded n Very motivated n Mixing political rhetoric with criminal activity n Information Warfare: Rand Corp. Day after scenario n Very little known in this area n Uof. M 23

Personality Profiles & Demographics Limited “true” empirical research n Self report based n Several “documentary” books written (objectivity is questionable) n Findings not generalizable to other subgroups n Criminal Activities n Uof. M 24

Demographics n Current Research: – Caucasian – Male – 12 -28 years old – Middle Class – Limited Social Skills – Perform poorly in school: aptitude for computers & technology – Dysfunctional families Uof. M 25

Personality Profiles Socially Inept n Obsessive n Loners yet appear to crave membership n Inferiority Complex n Escapism n Motivation n Computer Addictive Disorder? n Uof. M 26

Conclusion n n n New breed of criminals (specific sub-groups) Non homogeneous classification Little known about the true problem groups Responsible for over $124 Million dollars in 1998 -99 (CSI-FBI Study). As the Internet grows so to does the rate of criminal activity (Howard, 1997) Obvious need for a new taxonomy & more research No Generic Hacker Profile Uof. M 27

The Psychology of Hackers: Steps Toward a New Taxonomy ". . If you know yourself but not the enemy, for every victory gained you will also suffer a defeat". Sun TZU Uof. M 28