Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 4: Is The Research To Date On Ha... > Motives For Hacking - Pg. 59

Is the Research to Date on Hackers Sufficient? Finally, `physical entry' is just that ­ where the hacker manages to enter a building directly and carry out the hack from the inside. Sometimes, this could be as simple as getting through a lax security system, and finding a vacant computer terminal which has been left logged on. These methods indicate that the hacker does not necessarily need to have advanced technical skills in order to complete a successful attack. Social engineering and physical entry tactics do not require any specific computer skills, and can be some of the most effective means of accom- plishing a task. However, Calcutt (1999) suggests that the descriptions of the activities of malicious hackers are regularly over-hyped, fuelling fear and confusion. He indicates that "reports of the threat to society posed by Mitnick and others have been hyped out of all proportion" (p. 57). MOTIVES FOR HACKING Lafrance (2004) proposes that understanding cybercriminals' motivation can help to improve security measures. Unfortunately, Voiskounsky and Smyslova (2003) indicate that although there is a great deal of discussion regarding the psychology of hackers in the media, there has been little work carried out by psychologists in this area. Nevertheless, some theories have been put forward to suggest the reasons why hackers do what they do. Zager (2002, as cited in Lafrance, 2004) indi- cates that there are three different types of hackers, depending on their motivations. These are `casual hackers', `political hackers', and `organised crime hackers'. `Casual.hackers' form the biggest group, and most are not very skilled. They are frequently motivated by curiosity, or by the thrill of success. They may hope to gain financially from their hacking. Many `script-kiddies' would fall under this category, and their inexperience can make them relatively easy to track. They may also be motivated by the wish to be accepted by other hackers, or to gain notoriety. `Political.hackers' have specific targets, and are pursuing a specific cause. These may also be called `cyber-activists', and their knowledge and skill-sets can vary greatly. Their activities can include website defacements and Denial of Service attacks. `Organised.crime. hackers' are primarily motivated by financial gain. This may include obtaining bank details, credit card numbers or confidential information. These hackers target their victims very carefully, and spend a lot of time gathering information before they attack. They commonly use social engineering in their approach, and are very careful to avoid detection. Taylor (1999) discusses the motivations that hackers sometimes give for their actions. These include feelings of addiction, the urge of curios- ity, boredom with the educational system, enjoy- ment of feelings of power, peer recognition in the hacking culture and political acts. Kabay (1998) indicates that there may be personality differ- ences between American and European hackers, with European hackers being more politically motivated, although there appear to be no defini- tive studies in this area. Max Kilger (as cited in Spitzner, 2003) suggests that hackers have six main motivations, which he has compiled into the acronym MEECES ­ Money, Ego, Entertain- ment, Cause (basic ideology), Entrance to a social group and Status. Lafrance (2004) describes the motivations that could underlie attacks by insiders in organisa- tions. These include economical profit, revenge, personal interest in a specific file, and external pressure from people or organisations outside of the company (such as organised crime or a family member). Fötinger and Ziegler (2004) also propose that the hacker may be experiencing a deep sense of inferiority, and that the power they achieve through their hacking activities may increase their self-esteem. Schneier (2003) suggests that hackers do not break into systems for profit, but simply to satisfy their intellectual curiosity, for the thrill, and to `see if they can'. He verifies that the 59