The Psychology of Hackers: Steps Toward a New Taxonomy Marc Rogers Dept. of Psychology University of Manitoba Senior Security Technical Architect EDS Systemhouse Canada UofM SHL Systemhouse

Agenda Introduction Evolution of the Term Theories of Deviance A New Taxonomy Demographics Psychological Profiles Conclusion UofM SHL Systemhouse

Introduction Criminal Hackers current “enemy” to IT/IS Security Research their targets $124 Million lost in 1999 (CSI/FBI) Intelligence gathering Information sharing What do we know about them? UofM

Evolution of the Term 4 Generations of the term Hacker 1st Generation: Creative Programmer: MIT/Stanford (1960’s) 2nd Generation: Computer Evolutionaries (1970’s) 3rd Generation: Games & Copyright breaking (1980’s) *4th Generation: Criminals & Cyberpunks (1990’s) UofM SHL Systemhouse

1st Generation Creative Programmers & Scientists Novel methods for programming (code bumming) Hacker Ethic (The Right Thing.) Very respected (Gurus) MIT (TMRC) & Stanford (SAIL) UofM SHL Systemhouse

2nd Generation Computer Evolutionary Hardware Hackers Mainframe to personal systems Computer Kits (Altair, Apple) Founders of Major Computer Companies Minor criminal activity: Phreaking/Blue Boxing Software Piracy UofM SHL Systemhouse

3rd Generation Computer Games & Copyrights Game Hackers Personal PC Computer for entertainment Methods for protecting and breaking copyright codes on games Minor criminal activity UofM SHL Systemhouse

4th Generation Criminals Cyber-punks Not respected Rarely technically elite Motivated primarily by greed, power, revenge, malicious intent Not respected UofM SHL Systemhouse

Theories of Deviance Traditional theories of deviance Why individuals become involved in delinquent behavior? How do they justify the behaviors engaged in? UofM

Theories of Deviance Differential Association: Delinquency based on normative conflict Conflicting definitions of appropriate behavior Differential association - communication with intimate groups (peer pressure) UofM SHL Systemhouse

Theories of Deviance Conflicting norms and definitions Almost a sub-culture Strong hacker peer pressure Reinforcement: Internal/External/Vicarious Complex schedule of Reinforcement UofM SHL Systemhouse

Moral Disengagement Social Learning Theory (Bandura) Moral standards Avoid Self-Censure Rightness of their actions Valued social or moral purposes UofM

Moral Disengagement Mechanisms : Moral justification, Minimizing, ignoring or misconstruing the consequences, Dehumanizing, Attribution of blame on victims. UofM

A New Taxonomy Hackers, Phreakers, Crackers (Moot) Generic Term Research on Generic Criminals? Wide Range of activities What groups? Operational Definition UofM

A New Taxonomy Proposed: Novice (newbies\script kiddies) Cyber-punks Insiders Coders Old Guard Professionals Cyber-Terrorists Political Activists? UofM

A New Taxonomy Hacker Continuum UofM

Novice (Newbie/Script Kiddies) Limited computer skills New to the activity Rely on software available on the Internet Nuisance attacks: Denial of Service (DOS) Can cause extensive damage to systems as they don’t understand how the attack works Media attention UofM SHL Systemhouse

Cyber-punks Better computer skills Limited programming knowledge Better understanding of how the attack works Criminal intent, malicious behavior, credit card frauds, etc. Media attention UofM SHL Systemhouse

Insiders Computer literate Technology/Information Fields Disgruntled, Ex-employee Able to carry out attack due to privileges inherent in position Largest security problem: 70-80% of all computer security breaches UofM SHL Systemhouse

Coders Technically skilled Writes the scripts and automated tools Acts as a mentor to the newbies Motivated by a sense of power and prestige Revered Dangerous (hidden agendas, trojans etc) UofM

Old Guard No criminal intent Values similar to 1st generation Disturbing lack of regard for private property Mentoring Very defensive and limited view of hacker community. UofM

Professional Criminals Thieves Corporate Espionage Guns for Hire Highly motivated, highly trained, state of the art equipment Very little known of this group UofM SHL Systemhouse

Cyber-Terrorists Increase in activity since the fall of many Eastern Bloc intelligence agencies Well funded Very motivated Mixing political rhetoric with criminal activity Information Warfare: Rand Corp. Day after scenario Very little known in this area UofM

Personality Profiles & Demographics Limited “true” empirical research Self report based Several “documentary” books written (objectivity is questionable) Findings not generalizable to other subgroups Criminal Activities UofM SHL Systemhouse

Demographics Current Research: Caucasian Male 12-28 years old Middle Class Limited Social Skills Perform poorly in school: aptitude for computers & technology Dysfunctional families UofM SHL Systemhouse

Personality Profiles Socially Inept Obsessive Loners yet appear to crave membership Inferiority Complex Escapism Motivation Computer Addictive Disorder? UofM SHL Systemhouse

Conclusion New breed of criminals (specific sub-groups) Non homogeneous classification Little known about the true problem groups Responsible for over $124 Million dollars in 1998-99 (CSI-FBI Study). As the Internet grows so to does the rate of criminal activity (Howard, 1997) Obvious need for a new taxonomy & more research No Generic Hacker Profile UofM

The Psychology of Hackers: Steps Toward a New Taxonomy "..If you know yourself but not the enemy, for every victory gained you will also suffer a defeat". Sun TZU UofM