Fight cybercrime by understanding a hacker's mind and attack motive

Computer crime laws and security policies aren't enough to combat increasingly sophisticated cybercrime. Understanding the criminal mind and a hacker's motive can help an organization determine what assets are most valuable and better distribute security resources.

This article can also be found in the Premium Editorial Download: Information Security magazine: Nine tips to guarding your intellectual property:

While studying the air map on a recent flight, I started wondering whether this so-called small world -- which really doesn't appear to be so small from 38,000 feet -- can effectively deal with the growing problem of data theft and successfully fight sophisticated cybercrime through legal tools alone.

There's little doubt laws are essential to fight cybercrime -- especially laws that are user-friendly enough for application and are dusted off occasionally to ensure continued usefulness. Such a dusting was done last year with the U.K.'s Computer Misuse Act, which now broadens "unauthorized misuse" and revamps definitions of computer abuse to apply to DDoS attacks. Policies are also necessary crime-fighting tools. For example, more organizations will make laptop encryption mandatory this year, according to SANS. But are legal tools enough?

One of my students once argued, "Even the best laws and policies aren't going to stop people from computer abuse -- you've got to change people if you really want to see an impact." I agree. Attacks, breaches and fraud happen because the people behind those activities, hackers, have an attack motive for what they do. Simply put, human behavior underlies wrong-doing. Understanding a person or hacker's attack motive for engaging in unwanted behavior has a definite place in shaping crime response. Perhaps even a bigger place than we think.

Our standard cybercrime response embodies Criminology 101: Prevent and deter crime by making it harder to do wrong by reducing opportunities to commit crime, and diminishing the allure of wrongdoing by imposing consequences for behavior (jail or employment termination). But when was the last time we stopped to ask why a hacker or employee did what he did? What was his/her attack motive? How does a hacker's mind work? Motivations are as relevant to cybercrime response as they are to traditional crime response. Many of our strategic efforts consider means and opportunity of unwanted behavior, but neglect or merely give cursory thought to motive.

Understanding a hacker's mind and motive can help detect attacks
Legal tools have limits. Mandatory laptop encryption policies aren't going to remedy insider abuse. But when an employee turns bad, we can learn something by asking why. If he was disgruntled with work, then understanding the cause of that frustration has value. Asking why an employee is motivated to engage in wrongdoing can reveal how we can better distribute our security resources. Asking why a hacker wants access -- motives may include economics, politics or vanity -- can help determine what assets are most vulnerable.

By including attack motive in the strategic equation, we can detect precursors to crime. Clues as to why an employee might commit wrongdoing can be uncovered through:

  • Good background checks and screening of employment history for red flags, such as lawsuits against former employers, indications of violence or restraining orders.


  • Documented performance problems by HR or managers.


  • Patterns in non-work related Web browsing while at work, such as search engine research that warns of impending trouble, or heavy use of outside email.
One caveat is that the practical value of motive can easily become lost if an organization lacks consistent interdepartmental communication on threats.

Legal tools alone bring hope to fighting cybercrime, but unless we understand why people behave the way they do, there is still much to fear in this so-called small world.

This was first published in May 2007

Dig deeper on Information Security Laws, Investigations and Ethics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close