Computer Crime Psychological Essay, Research Paper
Psychological Profiling of Computer Crime
The psychological analysis of computer criminals is a start for preventing further computer crime related activity. Learning to identify personal characteristics of hackers will help to measure the threat they’ll have on a computers security software. There are many classifications which hackers fit into that define their capabilities. With this data computer security experts will know how and where to apply the most effective type of firewall. The main goal of sub-grouping hackers is to broaden the public understanding of what hackers are able to accomplish and how some can be more dangerous than others. Public opinion defines hackers as young males who want to destroy every last bit of recorded data the victim has. They are known as social losers who do nothing but program and surf the internet all day. The only problem with popular opinion is that it seeps into the judicial area and makes stiffer penalties for harmless crimes. Criminologists and Psychologists have tried to define sub-groups of hackers by their ability and method for the past decade. Either though no set standard has been established the efforts have become greatly improved over the last 3-4 years.
This paper will first focus on different sub-groups of hackers defined by criminologist and psychologists analysis of computer criminals is a start for preventing further computer crime related activity. Learning to identify personal characteristics of hackers will help to measure the threat they’ll have on a computers security software. There are many classifications which hackers fit into that define their capabilities. With this data computer security experts will know how and where to apply the most effective type of firewall. The main goal of sub-grouping hackers is to broaden the public understanding of what hackers are able to accomplish and how some can be more dangerous than others. Public opinion defines hackers as young males who want to destroy every last bit of recorded data the victim has. They are known as social losers who do nothing but program and surf the internet all day. The only problem with popular opinion is that it seeps into the judicial area and makes stiffer penalties for harmless crimes. Criminologists and Psychologists have tried to define sub-groups of hackers by their ability and method for the past decade. Either though no set standard has been established the efforts have become greatly improved over the last 3-4 years.
This paper will first focus on different sub-groups of hackers defined by criminologist and psychologists. Sub-groups can be split into several areas for example, mental traits, personal ability, motivation to learn and in what direction they apply their motivation. After establishing a rough profile a physiological profile of criminals will be developed and how computer criminals fit into a psychological profile. Popular opinion has to change in order to define what type of hackers are considered dangerous and those that aren’t dangerous. People who become convicted of computer crime need to have some sort of division between what the courts perceive them as and what they actually are.
Not understanding the nature of the problem makes reducing computer crime increasingly difficult. Popular opinion is misconceived by the media on what hacking is and what hackers are able to do. Computer hacking is not a entity of itself. Lets say you walk into a store and decide not to pay for that CD, instead you just stick it in your jacket pocket and leave. Well if you get caught you become a shop-lifter. What if you steal a brand new car from a new car lot and are caught it’s now concerned a case of vehicle larceny. In each case you can face a different set of charges with a different price to pay (jail, prison, fines). Hackers are stereotyped all under one roof with one price to pay. If a thief steals a car and is caught he will do time in jail. If a thief browses a car lot he’ll have nothing to worry about because he is just browsing? Computer thieves style data and sell it to foreign countries or business competitors; these thieves goto jail. However if they are caught just browsing a network not altering, stealing or even looking at information chances are they will do the same time as the hacker that was spying. The term hacker needs to be clearly identified into areas that describe more of the crime being committed so that a measurably fair punishment my be dealt.
Becoming educated with the different types of information trespassing is to identify the threat in order to administer the appropriate level of security. Studies compiled through various government law enforcement agencies have stated that over 70% of all computer related crime has been internal. The remaining 30% were outside intrusions. These outside intrusions could have been prevented from the inside by setting up policies for employees on how to use the companies information resources and heavily monitoring user access. When the media states that hackers cost tax payers 58 million dollars, studies from the FBI/CSI have stated that 95% of that 58 million dollars was actually done from within the company and not the stereo-typical teenager living with his parents. Inside threats usually spawn for a number of reasons such as, generating promotions. An employee who plants a bug into the companies data base only to be called on for his technical genius becomes a possible candidate for that promotion. Revenge is another factor an employee who wanted a raise but never got one destroys all the companies network drives. Personal wealth can be gained by stealing information and either holding it hostage for a price, selling it to other governments or selling it to competing companies.
The internal threat can be attacked throughout a number of methods. Companies should invest in more computer monitoring software to watch suspects or high access level type employees. Software implementation that will restrict a employees user writes rights but not to attract attention so employees will want to crack the security. Administering pre-employment screening to center in on potential personalities that are deemed a security risk. Define a clear set of regulations for the use of a companies computer system. Enforce the set of rules set up by the company for use of these information systems. Last, doing regular checks and maintaining the security of the companies network so that any bugs can be eliminated.
There are several hacking categories that inside security threats cover. These categories include explorers, good samaritans, hackers, golden parachuter’s, Machiavellians, exceptions, proprietors, avengers, career thieves and moles. Explorers are those employees that have lots of time to do nothing more than surf the local network and get into other peoples shared files or run networking scanning packet retrieval software. Explorers are dangerous because they see files over the network that should be for other eyes only. The second type of insider is the good samaritans who generally likes to clean up or download software onto there system. If a networks has no security to establish permissions in preventing files from deletion or downloading, a good Samaritans can bring down a terminal or network through the introduction of a virus or deleting a registry file. Avengers are the most feared because everyone has something they don’t like about where they work and want to feel free to express that at the cost of others. Avengers tend to be very destructive not taking into consideration of how or why they shouldn’t get caught while creating the most damage. Last and less common is the career thief which is mostly considered an outside threat but becomes a inside issue when users are able to understand how a companies information can be sold at a profit either to the company or other entities.
Despite what media will have anyone to believe the major concern should be concentrated towards the inside threat and less towards the outside threat. However popular opinion drives security companies to concentrate their advertising in security platforms and experts that prevent young adults from all over the world from trying to penetrate a business or governments firewall. Companies need to spend more time locking down and monitoring there own terminals from disgruntled employees and good samaritans. Software for reconfiguring OS’s to only let users into job related runs fairly cheap if not free in some cases. Over half of computer crime is within the company and should attract more attention than does outside threats.
In order to resolve a conflict or prevent any future problems one has to have a clear understanding of what exactly the problem is. In computer security issue of “Hacking” is a very broad term covering many ends a fraudulence and trespassing type behavior on many types of user levels. But in the abusive light of this meaning the term “Hacking” still pops up on the nightly news and on the front page of local and national news headlines. The effect that this term “Hacker” has on the general public is stereotypical negative and attracts serious attention to the security of the United States. On a technical stand point it should attract much attention from national security experts. Hacking must not be a commonly refereed to entity to define computer crime because of it’s inability to attach itself to any one of several areas of computer related mischief. Lets say your 7 years old, you go into a store to steal a candy bar, you get caught; now what do you think the store owner will do press charges against you or your parents? The store owner probably won’t because it takes to much time and money to justify what had been stolen. What if your 7 year old commits murder this will attract more attention and a greater penalty because it’s under the watchful eye of millions of TV viewers. In computer fraud cases no matter what instance of that crime actually existed it will attract equal attention. People or hackers must be made an example of and if your business becomes breached by hackers a business must set a example and press charges no matter how severe the crime. Unfortunately because this attention it will also attract equal punishment on all levels like mentioned earlier in the paper.
In a different light society has known to give convicted hackers a fare amount of attention. Many hackers who have managed to work themselves into a companies heavily secured network have found job offers, reduced sentences and have been the guest attraction at public seminars on computer security not to mention speaking in front of congress. But then again how can society even offer that individual the proper reward when even it has trouble defining what hacking is made up of. And in some respects society should not offer a reward to criminals in so willingly wants to group and persecute. Rewarding those criminals from criminal acts violates basic principles of trying to prevent or deter crime by punishment.
Criminologists have studied computer related crime for the past couple decades and have derived many classifications of the types of hackers that exist in society. Landreth a University professor from WofU theorized six types of computer criminals which are novice, student, tourist, crasher and thief. The novice type of hacker were those who basically experiment with different programs only at there own expense no one else’s for example scanning networks pulling pranks on fellow employees or friends but only those that the novice knew well. A student level hacker was the next level up usually found in colleges and thought to be slightly dangerous because of the complexity of tools they have and the lack of understanding to use them safely. The great lack of understanding on system security also was a disadvantage because of the risks taken which possibly lead to getting into trouble with the school. The tourist type of hacker hack’s for the thrill of it and to see if it could be done. These tourists are also a bit dangerous because of there lack of understanding about system security and how not to become detected. Thieves are a the most feared type of hackers because of there experience and motive which is usually concerning some monetary amount.
Dr Hollinger has studied computer related deviance at the University level and has derived his own version of the different levels of hackers that plague our universities. The different levels that Dr. Hollinger identified are as fellows; pirates, browsers and crackers. Pirates are those computer criminals that are confined to breaking copy write laws and working some warez type cracking applications. Pirates possess a very limited amount of knowledge concerning other areas of hacking. The next level is the browser this type exhibits understanding of Trojan type software and basic network understanding. Browser are able to roam through people’s personal files and are able to surf the network looking for potential host. The last type of hacker is the crackers who are extremely advanced in computer security. Crackers roam networks in order to destroy, alter or copy files of a victims system.
Chantler who is a professor at a large known University did studies on computer crime over large ethnographic areas. He basically observed many facets of hackers themselves such as motivation, prowess, activities, knowledge and how long they have been computer criminals. He then took each of these personal observation and developed 3 main categories to rate them in, elite, neophytes, losers and lamers. He had observed that the elite group had a high level of understanding which drove them to achieve and learn more. Neophytes were just as knowledgeable but had less motivation to learn new material. Neophytes typically used code that the elite hackers had already used. The last division losers and lamers were the least knowledgeable and less motivated to learn new material. There ambition was mainly for stealing or had some motive of revenge (disgruntled employee). Chatler had concluded that about 32% of the total sample population fell into the upper elite bracket while 60% were neophytes and the remaining 10% were losers and lamers.
Other recent types of profiles hackers have inherited came from a criminologist named Power. Power had split hackers into 3 groups sport intruders, competitive intelligence and foreign intelligence. Sport intruders break into systems using programs that someone else has written, deface web pages or play pranks on fellow co-workers or friends. The competitive Intelligence profile fits with those hackers that avoid breaking the law and usually try to write there own code but are just starting to learn how to program. Hackers that attack other systems on foreign soil from their home are known as foreign intelligence.
Studies that have come out with in the past year (1998-1999) have indicated that there are a total of 7 different types of computer criminals that exist. Parker a criminologist at UofC, has identified these seven as pranksters, hackers, violent hackers, personal problem solver, computer-criminals, extreme advocates and malcontents. Pranksters play tricks on others only to gain attention from users that don’t understand. Violent hackers hack only to destroy the persons system or delete their files. Personal problem solver programs only for his own benefit and not to hurt or harm any other persons system. Computer-criminals are individuals that commit crime for their own profit or at the expense of another user. Extreme advocates usually have a statement to make about some political or moral issue, these type of advocates are most noted in their defacement of Web Pages and full scale attacks (group of people) on system networks. Malcontents are hackers that have some unrelated addiction such as drugs or alcohol plus suffer from some mental illness.
The real motive behind why anyone does what they do will never be entirely known. People are a product of there own environment and even in the case when both individuals grow up together their environments will still be a little different. Criminologists and psychologists study behavior of criminals and their backgrounds leading up to their criminal acts. So to better profile those individuals that will become computer criminals a psychological profile must be found.
Mr Chantler observed the difference in intellectual capability to the type of life style lead by the computer-criminal. The novice type hackers were unmotivated and only fed off of only other hackers discoveries and programs. These individuals showed a extreme lack of understanding which was exhibited through their low self confidence. A positive aspect of this type of computer criminal was they were more social with other people outside of their group. The novice type hacker fit into a younger age group out of the hacker community.
The next group called the neophytes were a moderate type of computer thief. These individuals became much more social with other fellow computer-thieves but tended to lose contact with other people outside of their inner circle. They generally felt as if they were on a different level than most of the general public. Neophytes exhibited a need to brag and boast about what they had done even if they knew that they didn’t understand completely. This group also felt as though they were invincible and could be caught for their illegal activities..
Last are the elite type hackers who spend a great deal of time away from normal social interaction. The elite are those who spend most of their time writing their own code or ready networking type books. These individuals have some sort of job that pertains to computer networking, programming or security position. They spend most of there time locked away from the rest of the world. Like the neophytes the elite type hacker has no fear of being detected by security.
Scientist and psychology have gone beyond just trying to understand the type of person and there level of expertise. Three types of criminal theory have been developed to better understand criminal behavior from a computer-thief point of view. The three theories are psychoanalytic theory, learning theory and control theory. These three basically support that man is not responsible for his actions most of the time this is known as positivist. The classical theorist stand point is that man is responsible for his actions 100% of the time. The psychoanalytic theory is more of a broad based theory of why criminal acts are committed in general. When this theory was first brought to light it encompassed all criminal activity including computer crime. This theory generally states that criminals are the result of an unhappy childhood. When siblings have a distant relationship with their parents they tend to exhibit a more anti-social behavior which is what they were initially brought in this world having in the first place. Since we are born we work towards being more social with our peers. Most computer criminals spend hours in front of the computer locked away from normal communication this could obviously be a direct result from there childhood
The second type of criminal theory is the learning theory which again can be subdivided into several other divisions. Operant conditioning is a type of learning theory that deals with the self gratification one has in committing crime. Computer-thieves are usually gratified because of accomplishment or being able to venture places they haven’t been and then brag about it. Differential Reinforcement is a theory based on the level of negative impact one receives from breaking the law. If the level of punishment is by far less than that of reward then the computer-thief will keep on attacking. In most cases if the thief is arrested and jailed then of course the person will have no choice to stop. But in some cases prestige rains in over the circumstances and will make it difficult to stop even after incarceration.
Last, is the social learning theory which was derived and worked on by ALbert Bandura. The Social learning Theory postulates that behavior can be learned at the cognitive level through observing other peoples actions. This theory states that criminal activity is derived from other sources like family, culture or environment in general. This theory is relevant by means of understanding how computer-criminals evolve but was intended for describing criminals who assault or steal.
The control theory concerning computer crime does not discuss why individuals commit crimes but why isn’t everyone a criminal. The first Sub-theory of Control Theory is Moral Development (Kolberg). Kohlberg believed that socializing is linked to moral development. Moral Development basically assumes that development is done in three stages as the person grows up. If one is stage does not become fully developed then later the individual might exhibit a deficiency in justice, rights or principles. The second sub control theory is Eysenck’s theory which basically states that by heredity some individuals have some biological difference that prevent them from becoming part of their environment. This means that the individual is incapable of following rules and norms set up by society. There are three different dimensions concerning Eysenck’s theory psychoticism, extraversion (E) and neuroticism (N). Every person exhibits both dimensions at one time or another and typically fall in the middle. Criminals have a high rating in (E) and (N) fall off the lower end of (P) this relates to there character as poor socialization skills and wanting to avoid confrontation or human contact at any point.
Do to the direct lack that computer criminals have with the outside world it is increasingly hard for physiologists to define what group hackers fit into. Since there are many different types of criminals hackers in general don’t fit under any one physiological profile. How computer criminals interact with society seems more dependant on what level there knowledge of hacking is than anything else.
The accurate profile of the computer-criminal is dependent on the understanding of the psychological profile. You must also properly identify what the computer-criminal is able to do in respect to his knowledge and motivation. Corporations should become familiar of the inside threat more than the outside. Both of these points must be made before defining how dangerous the computer criminal exactly is. Those hackers that are not that dangerous towards society should not be condemned for meaningless browsing the network. Hackers that vandalize sites or destroy computer software and equipment can be dealt with more harshly.
by. Greg Conklin