DEFEAT HACKERS THROUGH PSYCHOLOGY A journey in the mind of hackers guided by Dr. M. Weulen Kranenbarg
di Federico Casano
Quando parliamo di criminali, non dobbiamo dimenticare tematiche come social network, famiglia, lavoro. Analizzando la routine quotidiana dei criminali, possiamo identificare gli scenari che spingono le persone a commettere reati. Attraverso questa analisi sono emerse somiglianze tra autori di reati tradizionali e criminali informatici, ma anche differenze. Oltre alla facilità con cui è possibile scaricare strumenti per i crimini informatici, il numero di criminali informatici è in aumento, il che rappresenta una considerevole minaccia per i paesi. Mentre gli esperti di sicurezza cercano continuamente di migliorare tecnicamente i sistemi e le infrastrutture, forse la soluzione è di fronte a noi, nascosta nello studio delle personalità degli hacker. Solo dopo aver compreso i comportamenti degli hacker, potremmo iniziare a educare correttamente le persone, rimuovendo la minaccia dalla radice.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When we talk about criminals, we do not have to forget features like social network, family, job. Analysing the daily routine of the offenders, we can identify scenarios that push people to commit crimes. Through that analysis came out similarities between traditional offenders and cyber offenders, but also differences. Besides the ease with which you can download tools for cyber crimes, the number of cyber offenders is increasing which is a considerable threat to countries. While security experts continuously try to technically improve systems and infrastructures, maybe the solution is in front of us, concealed in the study of the hackers’ personalities. Only after understanding the hackers’ behaviours we could start to educate people properly, removing the threat from the source.
What are the similarities and differences between the traditional offender and cyber offender?
One of the main similarity is that both follow opportunities, of course in different areas; In contrast, where ordinary criminals commit a crime for money, cyber offenders do this not exclusively for financial gain, instead, they are driven by curiosity and satisfaction obtaining access into systems. Intrinsic motivations mostly drive them. The social network is another significant feature in which cyber criminals differ from traditional criminals. The behavior of people in the social network of common criminals is very similar while that is not the case for cybercriminals. That might be because cyber offenders can collect information easily online. Instead, if you are a traditional offender, you have to create a social network to achieve your goal.
Furthermore, there are life-aspects that traditionally prevent crimes: family and permanent employment. The family often prevents you from committing a crime. While having a job stops people from committing a traditional crime, it does not stop a cyber offense. In particular, if you have a job in IT industries (or basic education in IT sector), you tend to commit cybercrime more.
When would a standard offender commit computer crime?
We have to distinguish between two types of cyber crimes: “cyber dependent crimes” and “cyber enable types of crime.” The first type is basically “hacking”, usually carried out by people with technical skills. The second one instead concerns individuals who for example commit fraud online. They move from the offline to the online. “Cyber dependent types of crime” are frequently a barrier for criminals: typically, offenders do not switch to the digital world as they do not have the required skills. This is a reason why we have two types of offenders. People who commit traditional crimes do not perform the more sophisticated kind of cyber crimes.
Cyber offenders could also be cyber defenders, thanks to the knowledge learned.
It is not easy to distinguish who, with technical skills, works to make systems more secure and who misuse the acquired knowledge to break into systems.
It would be an interesting study in the future why people choose the “dark side,” and other prefer the legal path.
In other cases, someone could use tools developed to test your own security against others systems, without having the right.
One problem is that there is a large grey area in what is legal and illegal and it is difficult to distinguish between these two. As a consequence, it may be easier to commit a cybercrime because you are not aware of doing something illegal or you could gradually perpetrate something illegal.
By now, our society is always more digital, accordingly, the number of cyber criminals is continuously increasing. It represents a severe risk for governments, industries, and citizens. Would it be clever take into account the psychological aspects, often not considered in this evolution, as a response to this threat?
Everybody tries to improve their IT security, trying to prevent people hacking their systems, but that will still happen. Once patched a vulnerability, there will be another one to fix and so on.
The only way to actually defeat the “bad guys” is by trying to find ways to stop them from performing attacks. Therefore, it is really important to understand why people commit those crimes and how people find the illegal ways of using their IT skills. Especially now, for example, it is getting easier and easier to commit DDoS attacks (you can just rent it online). More and more people are capable of committing those crimes so is becoming crucial to find out why people commit these crimes instead of only trying to prevent the phenomenon on the victim side.
Studying the hackers’ behavior could remove the threat from the origin.
