Computer Crime Psychological Essay, Research Paper
Psychological Profiling of Computer Crime
The psychological analysis of computer criminals is a start for preventing further computer crime related activity. Learning to identify personal characteristics of hackers will help to measure the threat they’ll have on a computers security software. There are many classifications which hackers fit into that define their capabilities. With this data computer security experts will know how and where to apply the most effective type of firewall. The main goal of sub-grouping hackers is to broaden the public understanding of what hackers are able to accomplish and how some can be more dangerous than others. Public opinion defines hackers as young males who want to destroy every last bit of recorded data the victim has. They are known as social losers who do nothing but program and surf the internet all day. The only problem with popular opinion is that it seeps into the judicial area and makes stiffer penalties for harmless crimes. Criminologists and Psychologists have tried to define sub-groups of hackers by their ability and method for the past decade. Either though no set standard has been established the efforts have become greatly improved over the last 3-4 years.
This paper will first focus on different sub-groups of hackers defined by criminologist and psychologists analysis of computer criminals is a start for preventing further computer crime related activity. Learning to identify personal characteristics of hackers will help to measure the threat they’ll have on a computers security software. There are many classifications which hackers fit into that define their capabilities. With this data computer security experts will know how and where to apply the most effective type of firewall. The main goal of sub-grouping hackers is to broaden the public understanding of what hackers are able to accomplish and how some can be more dangerous than others. Public opinion defines hackers as young males who want to destroy every last bit of recorded data the victim has. They are known as social losers who do nothing but program and surf the internet all day. The only problem with popular opinion is that it seeps into the judicial area and makes stiffer penalties for harmless crimes. Criminologists and Psychologists have tried to define sub-groups of hackers by their ability and method for the past decade. Either though no set standard has been established the efforts have become greatly improved over the last 3-4 years.
This paper will first focus on different sub-groups of hackers defined by criminologist and psychologists. Sub-groups can be split into several areas for example, mental traits, personal ability, motivation to learn and in what direction they apply their motivation. After establishing a rough profile a physiological profile of criminals will be developed and how computer criminals fit into a psychological profile. Popular opinion has to change in order to define what type of hackers are considered dangerous and those that aren’t dangerous. People who become convicted of computer crime need to have some sort of division between what the courts perceive them as and what they actually are.
Not understanding the nature of the problem makes reducing computer crime increasingly difficult. Popular opinion is misconceived by the media on what hacking is and what hackers are able to do. Computer hacking is not a entity of itself. Lets say you walk into a store and decide not to pay for that CD, instead you just stick it in your jacket pocket and leave. Well if you get caught you become a shop-lifter. What if you steal a brand new car from a new car lot and are caught it’s now concerned a case of vehicle larceny. In each case you can face a different set of charges with a different price to pay (jail, prison, fines). Hackers are stereotyped all under one roof with one price to pay. If a thief steals a car and is caught he will do time in jail. If a thief browses a car lot he’ll have nothing to worry about because he is just browsing? Computer thieves style data and sell it to foreign countries or business competitors; these thieves goto jail. However if they are caught just browsing a network not altering, stealing or even looking at information chances are they will do the same time as the hacker that was spying. The term hacker needs to be clearly identified into areas that describe more of the crime being committed so that a measurably fair punishment my be dealt.
Becoming educated with the different types of information trespassing is to identify the threat in order to administer the appropriate level of security. Studies compiled through various government law enforcement agencies have stated that over 70% of all computer related crime has been internal. The remaining 30% were outside intrusions. These outside intrusions could have been prevented from the inside by setting up policies for employees on how to use the companies information resources and heavily monitoring user access. When the media states that hackers cost tax payers 58 million dollars, studies from the FBI/CSI have stated that 95% of that 58 million dollars was actually done from within the company and not the stereo-typical teenager living with his parents. Inside threats usually spawn for a number of reasons such as, generating promotions. An employee who plants a bug into the companies data base only to be called on for his technical genius becomes a possible candidate for that promotion. Revenge is another factor an employee who wanted a raise but never got one destroys all the companies network drives. Personal wealth can be gained by stealing information and either holding it hostage for a price, selling it to other governments or selling it to competing companies.
The internal threat can be attacked throughout a number of methods. Companies should invest in more computer monitoring software to watch suspects or high access level type employees. Software implementation that will restrict a employees user writes rights but not to attract attention so employees will want to crack the security. Administering pre-employment screening to center in on potential personalities that are deemed a security risk. Define a clear set of regulations for the use of a companies computer system. Enforce the set of rules set up by the company for use of these information systems. Last, doing regular checks and maintaining the security of the companies network so that any bugs can be eliminated.
There are several hacking categories that inside security threats cover. These categories include explorers, good samaritans, hackers, golden parachuter’s, Machiavellians, exceptions, proprietors, avengers, career thieves and moles. Explorers are those employees that have lots of time to do nothing more than surf the local network and get into other peoples shared files or run networking scanning packet retrieval software. Explorers are dangerous because they see files over the network that should be for other eyes only. The second type of insider is the good samaritans who generally likes to clean up or download software onto there system. If a networks has no security to establish permissions in preventing files from deletion or downloading, a good Samaritans can bring down a terminal or network through the introduction of a virus or deleting a registry file. Avengers are the most feared because everyone has something they don’t like about where they work and want to feel free to express that at the cost of others. Avengers tend to be very destructive not taking into consideration of how or why they shouldn’t get caught while creating the most damage. Last and less common is the career thief which is mostly considered an outside threat but becomes a inside issue when users are able to understand how a companies information can be sold at a profit either to the company or other entities.
Despite what media will have anyone to believe the major concern should be concentrated towards the inside threat and less towards the outside threat. However popular opinion drives security companies to concentrate their advertising in security platforms and experts that prevent young adults from all over the world from trying to penetrate a business or governments firewall. Companies need to spend more time locking down and monitoring there own terminals from disgruntled employees and good samaritans. Software for reconfiguring OS’s to only let users into job related runs fairly cheap if not free in some cases. Over half of computer crime is within the company and should attract more attention than does outside threats.
In order to resolve a conflict or prevent any future problems one has to have a clear understanding of what exactly the problem is. In computer security issue of “Hacking” is a very broad term covering many ends a fraudulence and trespassing type behavior on many types of user levels. But in the abusive light of this meaning the term “Hacking” still pops up on the nightly news and on the front page of local and national news headlines. The effect that this term “Hacker” has on the general public is stereotypical negative and attracts serious attention to the security of the United States. On a technical stand point it should attract much attention from national security experts. Hacking must not be a commonly refereed to entity to define computer crime because of it’s inability to attach itself to any one of several areas of computer related mischief. Lets say your 7 years old, you go into a store to steal a candy bar, you get caught; now what do you think the store owner will do press charges against you or your parents? The store owner probably won’t because it takes to much time and money to justify what had been stolen. What if your 7 year old commits murder this will attract more attention and a greater penalty because it’s under the watchful eye of millions of TV viewers. In computer fraud cases no matter what instance of that crime actually existed it will attract equal attention. People or hackers must be made an example of and if your business becomes breached by hackers a business must set a example and press charges no matter how severe the crime. Unfortunately because this attention it will also attract equal punishment on all levels like mentioned earlier in the paper.
In a different light society has known to give convicted hackers a fare amount of attention. Many hackers who have managed to work themselves into a companies heavily secured network have found job offers, reduced sentences and have been the guest attraction at public seminars on computer security not to mention speaking in front of congress. But then again how can society even offer that individual the proper reward when even it has trouble defining what hacking is made up of. And in some respects society should not offer a reward to criminals in so willingly wants to group and persecute. Rewarding those criminals from criminal acts violates basic principles of trying to prevent or deter crime by punishment.
Criminologists have studied computer related crime for the past couple decades and have derived many classifications of the types of hackers that exist in society. Landreth a University professor from WofU theorized six types of computer criminals which are novice, student, tourist, crasher and thief. The novice type of hacker were those who basically experiment with different programs only at there own expense no one else’s for example scanning networks pulling pranks on fellow employees or friends but only those that the novice knew well. A student level hacker was the next level up usually found in colleges and thought to be slightly dangerous because of the complexity of tools they have and the lack of understanding to use them safely. The great lack of understanding on system security also was a disadvantage because of the risks taken which possibly lead to getting into trouble with the school. The tourist type of hacker hack’s for the thrill of it and to see if it could be done. These tourists are also a bit dangerous because of there lack of understanding about system security and how not to become detected. Thieves are a the most feared type of hackers because of there experience and motive which is usually concerning some monetary amount.
Dr Hollinger has studied computer related deviance at the University level and has derived his own version of the different levels of hackers that plague our universities. The different levels that Dr. Hollinger identified are as fellows; pirates, browsers and crackers. Pirates are those computer criminals that are confined to breaking copy write laws and working some warez type cracking applications. Pirates possess a very limited amount of knowledge concerning other areas of hacking. The next level is the browser this type exhibits understanding of Trojan type software and basic network understanding. Browser are able to roam through people’s personal files and are able to surf the network looking for potential host. The last type of hacker is the crackers who are extremely advanced in computer security. Crackers roam networks in order to destroy, alter or copy files of a victims system.
Chantler who is a professor at a large known University did studies on computer crime over large ethnographic areas. He basically observed many facets of hackers themselves such as motivation, prowess, activities, knowledge and how long they have been computer criminals. He then took each of these personal observation and developed 3 main categories to rate them in, elite, neophytes, losers and lamers. He had observed that the elite group had a high level of understanding which drove them to achieve and learn more. Neophytes were just as knowledgeable but had less motivation to learn new material. Neophytes typically used code that the elite hackers had already used. The last division losers and lamers were the least knowledgeable and less motivated to learn new material. There ambition was mainly for stealing or had some motive of revenge (disgruntled employee). Chatler had concluded that about 32% of the total sample population fell into the upper elite bracket while 60% were neophytes and the remaining 10% were losers and lamers.
Other recent types of profiles hackers have inherited came from a criminologist named Power. Power had split hackers into 3 groups sport intruders, competitive intelligence and foreign intelligence. Sport intruders break into systems using programs that someone else has written, deface web pages or play pranks on fellow co-workers or friends. The competitive Intelligence profile fits with those hackers that avoid breaking the law and usually try to write there own code but are just starting to learn how to program. Hackers that attack other systems on foreign soil from their home are known as foreign intelligence.
Studies that have come out with in the past year (1998-1999) have indicated that there are a total of 7 different types of computer criminals that exist. Parker a criminologist at UofC, has identified these seven as pranksters, hackers, violent hackers, personal problem solver, computer-criminals, extreme advocates and malcontents. Pranksters play tricks on others only to gain attention from users that don’t understand. Violent hackers hack only to destroy the persons system or delete their files. Personal problem solver programs only for his own benefit and not to hurt or harm any other persons system. Computer-criminals are individuals that commit crime for their own profit or at the expense of another user. Extreme advocates usually have a statement to make about some political or moral issue, these type of advocates are most noted in their defacement of Web Pages and full scale attacks (group of people) on system networks. Malcontents are hackers that have some unrelated addiction such as drugs or alcohol plus suffer from some mental illness.
The real motive behind why anyone does what they do will never be entirely known. People are a product of there own environment and even in the case when both individuals grow up together their environments will still be a little different. Criminologists and psychologists study behavior of criminals and their backgrounds leading up to their criminal acts. So to better profile those individuals that will become computer criminals a psychological profile must be found.
Mr Chantler observed the difference in intellectual capability to the type of life style lead by the computer-criminal. The novice type hackers were unmotivated and only fed off of only other hackers discoveries and programs. These individuals showed a extreme lack of understanding which was exhibited through their low self confidence. A positive aspect of this type of computer criminal was they were more social with other people outside of their group. The novice type hacker fit into a younger age group out of the hacker community.
The next group called the neophytes were a moderate type of computer thief. These individuals became much more social with other fellow computer-thieves but tended to lose contact with other people outside of their inner circle. They generally felt as if they were on a different level than most of the general public. Neophytes exhibited a need to brag and boast about what they had done even if they knew that they didn’t understand completely. This group also felt as though they were invincible and could be caught for their illegal activities..
Last are the elite type hackers who spend a great deal of time away from normal social interaction. The elite are those who spend most of their time writing their own code or ready networking type books. These individuals have some sort of job that pertains to computer networking, programming or security position. They spend most of there time locked away from the rest of the world. Like the neophytes the elite type hacker has no fear of being detected by security.