Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Fight cybercrime by understanding a hacker's mind and attack motive

Computer crime laws and security policies aren't enough to combat increasingly sophisticated cybercrime. Understanding the criminal mind and a hacker's motive can help an organization determine what assets are most valuable and better distribute security resources.

This article can also be found in the Premium Editorial Download: Information Security magazine: Nine tips to guarding your intellectual property

While studying the air map on a recent flight, I started wondering whether this so-called small world -- which...

really doesn't appear to be so small from 38,000 feet -- can effectively deal with the growing problem of data theft and successfully fight sophisticated cybercrime through legal tools alone.

There's little doubt laws are essential to fight cybercrime -- especially laws that are user-friendly enough for application and are dusted off occasionally to ensure continued usefulness. Such a dusting was done last year with the U.K.'s Computer Misuse Act, which now broadens "unauthorized misuse" and revamps definitions of computer abuse to apply to DDoS attacks. Policies are also necessary crime-fighting tools. For example, more organizations will make laptop encryption mandatory this year, according to SANS. But are legal tools enough?

One of my students once argued, "Even the best laws and policies aren't going to stop people from computer abuse -- you've got to change people if you really want to see an impact." I agree. Attacks, breaches and fraud happen because the people behind those activities, hackers, have an attack motive for what they do. Simply put, human behavior underlies wrong-doing. Understanding a person or hacker's attack motive for engaging in unwanted behavior has a definite place in shaping crime response. Perhaps even a bigger place than we think.

Our standard cybercrime response embodies Criminology 101: Prevent and deter crime by making it harder to do wrong by reducing opportunities to commit crime, and diminishing the allure of wrongdoing by imposing consequences for behavior (jail or employment termination). But when was the last time we stopped to ask why a hacker or employee did what he did? What was his/her attack motive? How does a hacker's mind work? Motivations are as relevant to cybercrime response as they are to traditional crime response. Many of our strategic efforts consider means and opportunity of unwanted behavior, but neglect or merely give cursory thought to motive.

Understanding a hacker's mind and motive can help detect attacks
Legal tools have limits. Mandatory laptop encryption policies aren't going to remedy insider abuse. But when an employee turns bad, we can learn something by asking why. If he was disgruntled with work, then understanding the cause of that frustration has value. Asking why an employee is motivated to engage in wrongdoing can reveal how we can better distribute our security resources. Asking why a hacker wants access -- motives may include economics, politics or vanity -- can help determine what assets are most vulnerable.

By including attack motive in the strategic equation, we can detect precursors to crime. Clues as to why an employee might commit wrongdoing can be uncovered through:

    • Good background checks and screening of employment history for red flags, such as lawsuits against former employers, indications of violence or restraining orders.

    • Documented performance problems by HR or managers.

  • Patterns in non-work related Web browsing while at work, such as search engine research that warns of impending trouble, or heavy use of outside email.

One caveat is that the practical value of motive can easily become lost if an organization lacks consistent interdepartmental communication on threats.

Legal tools alone bring hope to fighting cybercrime, but unless we understand why people behave the way they do, there is still much to fear in this so-called small world.

This was last published in May 2007

Dig Deeper on Information security laws, investigations and ethics

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I agree, understanding the hacker will help you understand the compromises. We have to clearly understand their mindsets. Greed, anger, acknowledgement, immaturity, etc. education is the best medicine, but trust will be hard to gain. We also have to look at the severity of the attacks and and actual damage that has been done.
I always think of Sky Marshal Tehat Meru’s line from Starship Troopers - “To fight the bug, we must understand the bug.”