In modern society, it is virtually impossible to go through the day without using computers to assist us in our various tasks and roles. We use computers extensively in both our professional and personal lives. We rely on them to interact with coworkers and associates, to regulate the climate in our homes, to operate our automobiles, to update our finances, and even to monitor and protect our loved ones. However, this ever-increasing reliance on technology comes at a cost. As we become more dependent on information technology, we are also becoming increasingly vulnerable to attacks and exploitation by computer criminals.

The National Institute of Justice defines a computer criminal as any individual who uses computer or network technology to plan or perpetrate a violation of the law.¹ Although the term “computer hacker” is often used interchangeably with “computer criminal,” they are not synonymous. “Hacker” was originally used as an umbrella term to refer to a computer programmer who changes or alters code (i.e., hacks) in a unique or unorthodox fashion in order to solve a problem or to enhance its use. Computer criminals, sometimes referred to as malicious or criminal hackers or as crackers, do not fall under this definition, since they typically alter or exploit technology for destructive purposes or financial gain, rather than for benign or creative functions. Common examples of computer crimes include Web page defacements, promulgation of viruses, unauthorized access of technology, theft of information, denials of service (DoS), and so on. In recent years, computer security analysts have reported a disturbing trend whereby many computer programmers are moving away from the hacking for fun or enlightenment mind-set to the ideology of hacking for profit and notoreity.²

Computer crime is an obvious financial and societal problem that shows no signs of slowing. To the contrary researchers suggest that computer attacks will continue to grow in frequency and sophistication as the technology continues to evolve. More specialized threats concerning instant messaging, peer-to-peer networks (P2P), handheld mobile devices, and nontraditional hardware systems (e.g., networked gaming consoles) have been identified in the wild with increasing regularity.³ Douglas Campbell, president of the Syneca Research Group Inc., stated that “the dominant threat to the United States is not thermonuclear war, but the information war.”⁴

One solution that has been offered as an effort to slow down this disturbing trend is to examine the underlying motivations of computer criminals from a psychological perspective. Computer crime researchers suggest that understanding the psychological motivations behind cybercriminals would aid in both cybercrime prevention and protection.⁵ Generating psychological profiles of computer criminals would aid in creating preventive initiatives as well as more effective countermeasures in the fight against computer crime. Since computer crime is not solely a technological issue but one involving human agents, psychological theories regarding anonymity, aggression, social learning, and disinhibition may enable us to better understand the behaviors and motivations of the computer criminal.⁶

Information security consultant Donn Parker suggested in 1994 that the creation of an effective malicious hacker profile remained an elusive goal in the information security field.⁷ The purpose of this chapter is to survey past and current literature surrounding the psychological motivations of computer criminals. Theories from both social and personality perspectives are presented in an attempt to explain some of the possible motivations behind computer criminals. Finally, the chapter reviews classification theories of computer criminals and details the difficulty researchers have had when trying to develop a single all-encompassing theory to account for the behaviors of all computer criminals.

Although computer crime for financial gain is becoming prevalent, this chapter does not go further into the abnormal psychology of these criminals. The causes and motivations behind their illicit behaviors would be comparable to those of criminals who commit similar crimes without the aid of a computer. For example, an embezzler who uses a computer to steal money may be indistinguishable from an embezzler who steals by altering a handwritten ledger or a corporate checkbook. The focus in this Chapter is on individuals whose interest in computers has transformed their personality and state of mind, individuals for whom the computer represents an alternative way of life apart from social norms.

12.2 SELF-REPORTED MOTIVATIONS.

In an effort to gain a more complete understanding of computer criminals, researchers have asked the perpetrators to describe in their own words, their mind-sets and motivations. Using various self-reporting measures, including surveys, questionnaires, and first-person interviews, researchers have consistently found a number of common accounts used by computer criminals to explain and justify their illicit and sometimes damaging behaviors.⁸

According to sociologist Paul Taylor, computer criminals indicate that they are motivated by an interacting mix of six primary categories: addiction, curiosity, boredom, power, recognition, and politics.⁹ Using a phenomenological-interpretive interview approach that emphasizes the interviewee's perception of reality, sociologist Orly Turgeman-Goldschmidt similarly found that computer criminals reported curiosity, thrill seeking, the need for power, and the ideological opposition to information restrictions, among the motivations for their behaviors.¹⁰

Taylor suggests that the addictive characteristics of computer hacking may be a combination of compulsive behaviors and curiosity. From an outsider's perspective, an advanced computer user's need to meet the swiftly changing demands of the computer industry may appear to be a psychological disorder when in actuality it is a consequence of the medium. This relentless curiosity and desire for technological improvement is often used by computer criminals as a motivation for their behaviors.¹¹ Anecdotal evidence has also suggested that the frustrations that result from restrictive computing environments (e.g., formal educational environments) coupled with an overall lack of intellectual stimulation contribute to computer criminals' unauthorized access attempts. Some reformed computer criminals have indicated that once they were provided with more responsibility, they were able to focus their skills on practical endeavors instead of illicit undertakings.¹²

Contrary to their stereotypical portrayals in the media, computer criminals appear to have wide-ranging social networks that exist in both their online and offline environments.¹³ Taylor indicates that both the need for power and recognition by their peers may both be motivating factors for some cybervandals. Computer criminals report feelings of enjoyment and satisfaction when they prove themselves better than system administrators and their peers. In their analysis of Web page defacements, communications researchers Hyungjin Woo, Yeora Kim, and Joseph Dominick report that 37 percent of the prank-related defacements contained messages that bragged and/or taunted the system administrations. Twenty-four percent of these types of defacements contained statements aimed at obtaining peer recognition, while 8 percent contained boastful and self-aggrandizing verbiage.¹⁴

Following the September 11, 2001, attacks in the United States, there has been a renewed interest in the use of the Internet to commit acts of terrorism. According to computer crime researcher Marc Rogers, cyberterrorism is the use of “computer/network technology to control, dominate or coerce through the use of terror in furtherance of political or social objectives.”¹⁵ Theorists suggest that a new breed of computer criminals claims to be motivated by political or social ideologies regarding information freedom, encryption standards, nationalism, and ethnicity.¹⁶

12.3 PSYCHOLOGICAL PERSPECTIVES ON COMPUTER CRIME.

Although self-reporting analyses can give us some insight into the motivations behind computer criminals, these types of descriptive methodologies typically yield incomplete and sometimes inaccurate results. Unless the causes for our behaviors are obvious, often our explicit or consciously held explanations for our actions are incorrect. Research has found that our behaviors are frequently controlled by our gut-level or implicit attitudes, which we are not typically aware of and which may be distinctly different from our conscious mechanisms of explanation.¹⁷ Therefore, our conscious justifications for our actions may be inaccurate if we are ignorant of these implicit cognitive processes. We must look toward more empirically based psychological theories of aggression and deviance to gain a further understanding of the factors that may be influencing these implicit attitudes.

12.4 SOCIAL DISTANCE, ANONYMITY, AGGRESSION, AND COMPUTER CRIME.

Many acts of computer crime can be categorized as demonstrations of aggressive behaviors. For example, cracking into a company's Web server and defacing a Web page, and launching a denial-of-service (DoS) attack on an organization's computer network, thereby crippling its Internet connection, are common malicious and aggressive acts engaged in by computer criminals. Social psychological theories on hostility and violence suggest that people are more likely to commit acts of aggression when the perpetrator of these acts remains anonymous and the threat of retaliation is low.¹⁸ It is extremely difficult to identify the perpetrators of computer attacks. These cybervandals frequently use nicknames (“nicks” or “handles”), stolen accounts, and spoofed Internet Protocol (IP) addresses when they engage in illegal activities. Computer criminals who deface Web pages are so confident that they are anonymous that they regularly “tag” the hacked Web site by leaving their handles and the handles of their friends, and in some cases, even their Internet e-mail addresses.¹⁹ These Web vandals are confident that their crimes cannot and will not be traced back to their true identities.

Social psychological theories suggest that because current Internet technology and practices make it easy to remain anonymous, and because the technical abilities of cybercriminals allow them to further obfuscate their off-line identities, the resulting anonymity may be one factor that facilitates aggression on the Internet in the form of Web site defacement, DoS attacks, and other forms of computerized intrusions. For example, it is an extremely difficult and tedious task to identify computer criminals who launch Distributed DoS (DDoS) attacks against computer networks. The attacker plants DoS programs into “hacked” or compromised shell accounts controlled by a master client. The master client will instruct every “slave” DoS program to cooperatively launch an attack at the victim's host at a configurable time and date. Thus, the DDoS attacks are not launched by the criminal's own computer; rather, the attacks come from innocent networks that have been compromised by the cracker. This degree of indirection makes it all the more difficult to trace the original attacker. Much like the Web site vandals, DDoS attackers are also confident that the attacks will not be traced back to their actual identities. Frequently they will even brag on Internet Relay Chat (IRC) channels about how many host nodes they have compromised and against which domain they are planning to launch new attacks.²⁰

Social psychologist Stanley Milgram's research, examining obedience and conformity, illustrated how ordinary individuals are capable of committing egregious acts of cruelty and aggression against others, especially when they are distant from their victims.²¹ Milgram found that 63 percent of his participants would deliver shocks of increasing intensity (up to 450 volts), despite the screams and pleas of their helpless victims. Follow-up studies found that participants would deliver higher levels of shock when the victim was in a separate room than when the victim and participant were in the same room. Similar to the moral disengagement reported by many computer criminals,²² Milgram's subjects justified their actions by derogating the victims and blaming them for the painful shocks that they were receiving.²³

Situational influences on behaviors and attitudes work similarly on the Internet as they do in the real world. However, computer criminals who commit aggressive acts against their innocent victims do not see the immediate consequences of their actions. The computer screen and increased social distance that characterize interactions online can act as an electronic buffer between the attacker and victim. Like Milgram's participants who were visually separated from their victims, computer criminals do not witness firsthand the consequences of their actions. When these criminals release automated attacks against organizations, they are even further removed psychologically from their victims. Automated cracking and DoS scripts, coupled with a lack of social presence in computer-mediated interaction, may make it easier to attack an entity that is depersonalized and emotionally and physically distant. Also, like many of Milgram's participants, computer criminals may engage in victim blame in an attempt to justify their electronic aggressions.²⁴

Consistent with social psychologist Albert Bandura's theory of moral disengagement, individuals who engage in unscrupulous behaviors will often alter their thinking in order to justify their negative actions.²⁵ According to Bandura, most individuals will not commit cruel or illicit behaviors without first engaging in a series of cognitive justification strategies that allow them to view those actions as moral and just. Immoral behaviors can be justified by comparing them to more egregious acts, minimizing the consequences of the actions, displacing responsibility, and blaming the victim themselves. Rogers posits that computer criminals may rely on a number of these disengagement strategies in an attempt to reduce the dissonance associated with their activities.²⁶

Studies conducted by sociologists Paul Taylor and Orly Turgeman-Goldschmidt suggest that many computer criminals are, in fact, engaging in forms of moral disengagement. Their interviewees have indicated that computer hacking is driven by a search for answers and spurs the development of new technologies. They suggest that their electronic intrusions cause no real monetary harm or damage to the victims. The criminals suggest that larger corporations that can afford the loss, and not the smaller victims, are the ones who bear the loss.²⁷ Web page crackers will often criticize and publicly taunt system administrators for not properly securing their computers, suggesting that the victims deserved to be attacked.²⁸ Rogers suggests that this victim-blaming strategy is likely the most common form of moral disengagement employed by computer criminals.²⁹

12.4.1 Social Presence and Computer Crime.

Social psychologist Sara Kiesler and colleagues have examined social presence in computer-mediated interactions. In traditional face-to-face interactions, individuals cognitively attend to social context cues and use them to guide their behaviors.³⁰ The researchers suggest that the lack of social-context cues in computer-mediated communication due to reduced social presence may lead to antinormative and disinhibited behavior. Group members communicating via computer-mediated communications are more hostile toward one another, take longer to reach decisions, and rate group members less favorably than comparable face-to-face groups.³¹ Kiesler and Lee Sproull suggest that the absence of social-context cues in computer-mediated communication hinders the perception of, and adaptation to, social roles, structures, and norms.³² The reduction of social-context cues in computer-mediated communication can lead to deregulated behavior, decreased social inhibitions, and reduced concern with social evaluation. The most common variables examined in these experiments are hostile language in the form of “flaming” (aggressive, rude, and often ad hominem attacks) and post hoc perceptions of group members (i.e., opinions formed after interacting with members). The results of one experiment indicated that there were 102 instances of hostile flaming behavior in 24 computer-mediated groups, compared to only 12 instances of hostile commentary in the face-to-face groups.³³

According to some researchers, the lack of social context cues and social presence on the Internet leads to aggressive behaviors. Computer criminals may be engaging in hostile behaviors due to this reduction of available context cues. Crackers who harass and victimize system administrators and Internet users may be engaging in these antisocial activities due to their disinhibited state and reduced attention to, and concern with, social evaluations. There are numerous anecdotal accounts of computer criminals “taking over” IRC channels, harassing people online, deleting entire computer systems, and even taunting system administrators whose networks they have compromised.³⁴ Their criminal and aggressive behaviors may be partially attributed to the reduced social-context cues in computer-mediated communication and the resulting changes in their psychological states while online.

12.4.2 Deindividuation and Computer Crime.

Disinhibited behaviors have also been closely linked to the psychological state of deindividuation. Deindividuation is described as a loss of self-awareness that results in irrational, aggressive, antinormative, and antisocial behavior.³⁵ The deindividuated state traditionally was used to describe the mentality of individuals who comprised large riotous and hostile crowds (e.g., European soccer crowds, mob violence). Social psychologist Phillip Zimbardo suggested that a number of antecedent variables, often characteristic of large crowds, lead to the deindividuated state. The psychosocial factors associated with anonymity, arousal, sensory overload, loss of responsibility, and mind-altering substances may lead to a loss of self-awareness, lessening of internal restraints, and a lack of concern for social or self-evaluation.³⁶

Many antecedent variables that could lead to a deindividuated state also are associated with the use of computers and the Internet. Internet users are relatively anonymous and often use handles to further obscure their true identities. Many of the Web sites, software programs, and multimedia files that typify the computing experience are sensory arousing and in some cases can be overstimulating. The Internet can be viewed as a large global crowd that individuals become submersed in when they go online. It is possible that the physical and psychological characteristics associated with the Internet that make it so appealing may also lead individuals to engage in antisocial and antinormative behaviors due to psychological feelings of immersion and deindividuation.³⁷

Deindividuation is brought about by an individual's loss of self-awareness, and psychological immersion into a crowd due to certain antecedents. The aggressive, hostile, and antinormative actions of computer criminals may be linked to deindividuation theory. Zimbardo found that when participants were deindividuated, operationalized by anonymity, darkness, and loud music, they would administer higher levels of electric shocks to subjects, and for longer lengths of time, than individuated participants. Like Zimbardo's participants, computer criminals may be engaging in hostile and aggressive behavior due to deindividuation—that is, as a direct result of anonymity, subjective feelings of immersion, and the arousing nature of computer and Internet use.³⁸

12.4.3 Social Identity Theory and Computer Crime.

Social psychologists Martin Lea, Tom Postmes, and Russell Spears have recently developed a social identity model of deindividuation effects (SIDE) to explain the influence of deindividuating variables on behaviors and attitudes during computer-mediated communications.³⁹ According to social identity theory, an individual's self-concept resides on a continuum with a personal identity at one end and a social identity at the other. Depending on whether the social self, usually in group situations, or the individual self is salient, the beliefs, norms, and actions associated with that particular self-concept will have the greatest influence on the individual's actions and attitudes.⁴⁰ When one of our social identities is salient, the norms associated with that group identity tend to guide and direct our behaviors.

According to the SIDE model, the isolation and visual anonymity that characterizes our online environment serves to enhance our social identities. This increase in social identification with a group may polarize our behaviors and attitudes toward the prevailing norms of that collective. Contrary to popular media stereotypes, computer criminals appear to have large social networks and frequently form groups and friendships with other cybervandals.⁴¹ The use of handles and pseudonyms by these individuals combined with their physical isolation from each other may increase their aggressive and criminal behaviors depending on the overall norms associated with their online social groups. If the criminal collective values electronic intrusions and defacements more than programming and coding, these behaviors will be exhibited to a greater extent by members who identify with that group.

According to Henri Tajfel and John Turner's social identity theory (SIT), we tend to identify with in groups, or those with whom we share common bonds and feelings of unity.⁴² We have a bias toward our own group members and contrast them with out groups, which we perceive as different from our in-group. While this in-group bias or favoritism may benefit and protect our self-concepts, it may cause us to dislike and unfairly treat out-group members.

Communications researcher Hyung-jin Woo and colleagues used SIT to explain the motivations behind some Web page defacements. SIT predicts that when groups are in competition for scare resources or feel threatened by out-group members, there is a tendency for groups to respond aggressively toward each other. In-group members see improvements in collective self-esteem and enhanced feelings of group unity when they engage in attacks against out-group members. Based on these predictions, Woo et al. hypothesized that computer criminals who are motivated by out-group threats will express more aggressive and varied communication in Web page defacements than nonthreatened defacers.⁴³

A content analysis of 462 defaced Web pages indicated that the majority of the defacements (71 percent) were classified as nonmalicious pranks. The most common motivations behind these prankster attacks were to beat the system or its administrator, to gain peer recognition, to brag about accomplishments, and for “romantic” purposes. Twenty-three percent of the defacements were classified as militant attacks. The motivations behind these attacks were to promote groups associated with nationalism, ethnicity, religion, freedom of information, and antipornography.⁴⁴ Consistent with the predictions made by SIT, the militant attacks were characterized by significantly more varied content, obscene language, verbal insults, severe threats, and violent images. SIT may be useful in predicting the frequency and severity of attacks by computer criminals. Although only a minority (23 percent) of Web page defacements in this study resulted from intergroup conflict, these attacks were more severe in nature.⁴⁵

For a more extended discussion of anonymity and identity in cyberspace, see Chapter 70 in this Handbook.

12.4.4 Social Learning Theory of Computer Crime.

Computer criminal researcher Marc Rogers suggests that social learning theory may offer some insight into the behavior of computer criminals.⁴⁶ According to psychologist Albert Bandura, individuals learn behaviors by observing the actions of others and their associated consequences. Social learning theory draws from B. F. Skinner's operant-conditioning model of learning, where behaviors are learned or extinguished through schedules of reinforcement and punishment. However, Bandura's theory suggests that social learning occurs when an individual simply observes others' behaviors and reinforcements and forms a cognitive association between the two actions. Once the behavior is acquired, the learned actions are subject to external reinforcement, as in operant conditioning or in self-directed reinforcement.⁴⁷

Recently there has been a growing amount of social and media attention focused on information security and computer criminals. National newspapers, magazines, and electronic news sources have reported thousands of incidents, interviews, and commentary related to computer crime. A number of these articles appear to glamorize hacking and computer criminals.⁴⁸ The articles compare computer criminals to rock-and-roll superstars, James Bond–like spies, and international freedom fighters. Motion pictures and television shows like The Matrix Trilogy, Mission Impossible, Hackers, Swordfish, and The X-Files have all bestowed mythological qualities on rebellious computer criminals. According to social learning theory, individuals acquire behaviors by vicariously observing the consequences of another's actions.⁴⁹ With the media's glorification and glamorization of hacking and computer criminals, adolescents and adults learn that it pays to be a computer criminal—at least, from a social-psychological point of view. Many crimes involving computers are extremely difficult to investigate and prosecute. The public learns via the media that computer criminals often are afforded fame and notoriety among their peers, and in the information security field, for their illegal activities. There are very few instances of computer criminals' being convicted and serving jail time as a consequence of their actions. Usually the criminals are given a light sentence. Their notoriety garners them media interviews, book and movie deals, even consulting and public speaking jobs.⁵⁰ Once an action is learned, social learning theory states that the behavior will be maintained via self-directed and external reinforcement. Computer criminals are rewarded for their illegal activities via the acquisition of knowledge and their elevated status in the hacker community.⁵¹ If the popular media continues to glamorize and focus on the positive consequences associated with computer crime, the cost and prevalence of these illicit actions will continue to grow. Younger generations of computer users also will learn that there are more positive than negative consequences associated with computer crime, which will serve to encourage their engagement in illegal behaviors.

Social learning theory may offer one explanation for the illegal behaviors of computer criminals, especially the marked increase in recent years.⁵² Instead of focusing on the supposedly positive consequences of computer crime, media outlets should stress the negative repercussions of computer crime for both the victims and the perpetrators. Social learning theorists would suggest modeling appropriate use of computers and the Internet as one solution for computer crime.

12.5 INDIVIDUAL DIFFERENCES AND COMPUTER CRIMINALS.

Although situational factors can account for some of the behaviors of some computer criminals, one must not discount the power of the individual. Attitudes and behaviors are often the product of both situational influences and individual personality traits.⁵³ Based on published biographies and interviews of computer deviants, information security consultant Mich Kabay suggests that computer criminals demonstrate personality traits consistent with antisocial personality disorder.⁵⁴ He suggests that consistent with the fourth edition of the Diagnostic and Statistical Manual of Mental Disorders (DSM-IV) criteria for antisocial personality disorder, computer criminals appear to exhibit insincerity and dishonesty in combination with superficial charm and an enhanced intellect. Also consistent with DSM-IV criteria for the disorder, computer criminals commit their illegal behavior for little or no visible rewards despite the threat of severe punishment. Another central characteristic of antisocial personality disorder is lack of clear insight by perpetrators regarding their behaviors.⁵⁵ Researchers have noted that computer criminals do not view their criminal actions as harmful or illegal.⁵⁶ These criminals rationalize their behaviors by blaming the network administrators and software designers for not properly securing their computers and programs.⁵⁷

12.5.1 Narcissistic Personalities and Computer Criminals.

Computer crime researchers Mich Kabay and Eric Shaw, Keven Ruby, and Jerrold Post also have suggested that computer criminals demonstrate personality characteristics consistent with narcissistic personality disorder.⁵⁸ According to the DSM-IV criteria, narcissistic individuals are attention seekers with an exaggerated sense of entitlement.⁵⁹ Entitlement is described as the belief that one is in some way privileged and owed special treatment or recognition. Shaw and associates suggest that entitlement is characteristic of many “dangerous insiders,” or information technology specialists who commit electronic crimes against their own organizations.⁶⁰ When corporate authority does not recognize an individual's inflated sense of entitlement, the criminal insider seeks revenge via electronic criminal aggressions. Anecdotal evidence suggests that external computer criminals also may demonstrate an exaggerated sense of entitlement, as well as a lack of empathy for their victims, also characteristic of narcissistic personality disorder. One self-identified computer criminal whose handle is Toxic Shock states, “We rise above the rest, and then pull everyone else up to the same new heights….We seek to innovate, to invent. We, quite seriously, seek to boldly go where no one has gone before.”⁶¹ Narcissistic individuals also frequently engage in rationalization to justify and defend their behaviors.⁶² Toxic Shock again writes, “We are misunderstood by the majority. We are misunderstood, misinterpreted, misrepresented. All because we simply want to learn. We simply want to increase the flow of knowledge, so that everyone can learn and benefit.”⁶³ Although it would be a mistake to generalize these hypotheses to the entire population without any empirical support, certain subsets of computer criminals may demonstrate characteristics that are consistent with both narcissistic and antisocial personality disorders.

12.5.2 Five-Factor Model of Personality and Computer Criminals.

In one of the rare empirical studies looking at computer criminals, Marc Rogers examined the relationship between the five-factor model of personality and self-reported “criminal computer activity.”⁶⁴ The five-factor model formulated most recently by psychologists Robert McCrae and Paul Costa (1990) suggests that an individual's personality can be accurately described using five core dimensions: extraversion (e.g., sociable), neuroticism (e.g., anxious), agreeableness (e.g., cooperative), conscientiousness (e.g., ethical), and openness to experience (e.g., nonconforming).⁶⁵

Rogers hypothesized that individuals engaging in computer crime would demonstrate higher levels of exploitation, hedonistic morality, manipulation, antagonism, undirected behaviors, introversion, openness to experiences, and neuroticism thannon criminals would. Three hundred psychology students from an introductory psychology class were administered the computer crime index (CCI), which is a self-report measure of computer crime activity, along with measures of exploitation, manipulation, moral decision making, and a five-factor personality inventory. Contrary to the researcher's expectations, individuals who committed computer crimes did not significantly differ from the nonoffenders on any of the five-factor personality measures or in their moral decision making. However, students who reported engaging in illegal computer activities did demonstrate more exploitive and manipulative personality traits.⁶⁶

These findings contradict many of the widely held stereotypes regarding the motivations and personalities of computer criminals. It should be noted that these questionnaires were administered using a pencil-and-paper format, which would assess attitudes and traits when the students' off-line identities were salient.⁶⁷ Internet researchers have suggested that there is a distinct difference between our online and off-line identities.⁶⁸ Therefore, had the students been administered the personality inventories in an electronic format, when their online identities were more salient, Rogers may have found different results. With regard to moral decision making, computer scientist Brian Harvey suggested that due to the relative lack of experience and guidance with computers compared to the real world, teenagers might be at lower levels of moral functioning when online as compared to their interactions and decisions in the real world.⁶⁹

12.5.3 Asperger Syndrome and Computer Criminals.

Recently researchers have suggested a possible link between computer hackers and a relatively new developmental disorder named Asperger syndrome (AS).⁷⁰ Asperger syndrome is a disorder that resides at the mild end of the pervasive developmental disorder (PDD) spectrum with classic autism at the more severe end. PDDs are characterized by primary developmental abnormalities in language and communication, in social relations and skills, and in repetitive and intense interests or behaviors.⁷¹ Unlike autism, individuals who are diagnosed with AS have higher cognitive abilities and IQ scores ranging from normal to superior. Individuals with AS also have normal language and verbal skills, although there are noticeable deficits in social communication.⁷²

Clinicians recently have proposed several criteria that are necessary for a diagnosis of AS.⁷³ According to clinical psychologist Kenneth Gergen, individuals must demonstrate social impairment. They may have a lack of desire or an inability to interact with peers and may engage in inappropriate or awkward social responses.⁷⁴ These individuals may have extremely limited or focused interests, and are prone to engage in repetitive routines. Although language development is often normal, these individuals may demonstrate unusual speech patterns, rate, volume, and intonation. Individuals with AS also may demonstrate clumsy motor behaviors and body language as well as inappropriate facial expressions and gazing.⁷⁵

The central feature of Asperger syndrome is the obsessive or extremely focused area of intellectual interest that the individuals demonstrate. Children with AS often show an obsessive interest in areas such as math, science, technology, and machinery. They strive to read, learn, and assimilate all information about their area of specialized interest. Researchers have indicated that their preoccupied interests may last well into adulthood, leading to careers associated with their obsessions.⁷⁶ Much of their social communication is egocentric, revolving around their obsessive interests, often leading to strained and difficult social interactions. Although children with AS desire normal peer interaction, their egocentric preoccupations, lack of appropriate social behaviors, and inability to empathize with others often leaves them frustrated, misunderstood, teased, and sometimes ostracized.⁷⁷

Researchers have noticed similarities in the characteristics associated with Asperger syndrome and traits stereotypically associated with computer hackers.⁷⁸ Tony Atwood, an Australian clinical psychologist, suggests that some computer hackers may have a number of characteristics that are associated with AS.⁷⁹ He notes that many diagnosed AS patients are more proficient at computer programming languages than social language and that the intellectual challenge that is presented by restricted computers and networks may supersede the illegal nature of their actions. In fact, AS has been used as a successful defense in at least one landmark UK court case.⁸⁰ Based on over 200 personal interviews with computer criminals, cybercrime expert Donn Parker reports finding significant similarities between AS sufferers and criminal hackers. Many of the computer criminals Parker interviewed demonstrated the social awkwardness, unusual prosody, and lack of social empathy during social interactions that are characteristic of AS.⁸¹ Anecdotal evidence suggests that computer hackers often have an obsessive interest in technology and computers, similar to that seen in individuals with AS, that forms a salient component of both their individual and social identities. Due to their egocentric preoccupations, many computer hackers often feel misunderstood and frustrated in social situations.

To date there has been no empirical evidence to suggest a link between Asperger syndrome and computer criminals. There is no evidence whatsoever to suggest that AS causes computer hacking. In fact, most sufferers of AS have been characterized as being extremely honest and lawful citizens. It would be a mistake to assume that all computer hackers are suffering from Asperger syndrome or that every AS sufferer is a computer hacker. Characteristics of Asperger syndrome appear more common in computer hackers, those who explore and tinker with computers and technology, rather than in computer criminals, or crackers, who break into computers or use them for illegal activities. At present, there is still no one all-encompassing personality profile that applies to all computer criminals. In fact, many feel that it is inappropriate to try to create a single personality profile that applies to all computer criminals.⁸²

12.5.4 Computer Addiction and Computer Crime.

Researchers have indicated that a subset of computer criminals appear to demonstrate addictionlike tendencies associated with their use of computers and the Internet.⁸³ Technological addiction is described as having an addiction involving human–computer interaction, characterized by salience, mood modification, tolerance, withdrawal, conflict, and relapse.⁸⁴ Information security researchers Kent Anderson and Jerrold Post suggest that computer criminals appear to have obsessive or compulsivelike characteristics surrounding their computing behaviors.⁸⁵ Cybercriminals will work for 18 or more hours a day on their computers trying to gain unauthorized access to a single computer system with little or no external reward for doing so. Anderson states that computer attacks sometimes take months of planning along with numerous trial-and-error attempts. He further reports an instance where one U.S. judge even attempted to sentence a computer criminal to psychological treatment for his compulsive computer use.⁸⁶

In their interviews with a number of self-identified computer hackers, sociologists Paul Taylor and Tim Jordan indicated that many of their interviewees report experiencing a thrill or rush when engaging in illegal activities that is not comparable to anything that they experience in their real-world interactions.⁸⁷ A number of their respondents reported feelings of depression, anxiety, and impaired social functioning when they are away from their computers. Taylor and Jordan suggest that these addictionlike characteristics may also be combined with feelings of compulsion regarding computers and new technologies. However, the researchers indicated that these compulsive or obsessive-like characteristic may be as much a function of the information technology (IT) field as it is a personality deficit.⁸⁸ Unlike most disciplines, the IT field is in a constant state of rapidly moving change. If any persons hope to maintain a level of professional expertise in this area, they need to devote an inordinate amount of time and resources to monitoring and adapting to this revolutionary field. This one need to keep up with the changing discipline, combined with the euphoric feelings that some experience when committing illegal activities, may increase the likelihood of technological addiction.

Personality theorists state that for some computer criminals, committing electronic crimes is an experience similar to that of a drug high. Computer criminals commit illegal acts because of the euphoric rush they receive from their actions. Information security researcher August Bequai compares the actions of computer criminals to electronic joyriding. He equates the feeling of unauthorized access and usage of a computer network to that of stealing a sports car and joyriding around the neighborhood. One computer cracker interviewed by computer crime researcher Denning described hacking as “the ultimate cerebral buzz.” Other crackers have commented that they received a rush from their illegal activities that felt as if their minds were working at accelerated rates. Some computer criminals have suggested that the euphoric high stems from the dangerous and illegal nature of their activities.⁸⁹ Computer criminals have compared the feelings they receive from their illegal intrusions and attacks to the rush that is felt when participating in extreme sports such as rock climbing and skydiving.

Similar to these reports of euphoria, researchers have found that experienced computer users often report experiencing a psychological phenomenon known as flow. Flow is a psychological state that results in feelings of fulfillment and overall positive affect. When individuals become absorbed in a task that matches their skill set, they may not be consciously aware of the passage of time, or the differences between the undertaking and their identity. In their study looking at the experience of flow in selfidentified computer hackers, psychologists Alexander Voiskounsky and Olga Smyslova found that both inexperienced and highly competent hackers report high levels of flow. For the inexperienced hackers, this flow experience my lead them to limit themselves to low-level challenges, and they may remain in this novice stage for a significant amount of time. More experienced hackers who also experience flow may leave the hacking domain once they are no longer presented with suitable challenges for their abilities.⁹⁰

As in substance abuse or athletic thrill-seeking, tolerance also may develop with computer crimes. Tolerance occurs when increased amounts of a substance or an activity are needed in order to obtain a “high,” or euphoric rush. Tolerance is common in hard drug users who find themselves injecting or inhaling increasing amounts of a substance to achieve their original euphoric state. Anecdotal evidence suggests that computer criminals go through a stage of evolution with each step leading to more dangerous and riskier behaviors. Many cybercriminals begin by pirating and cracking the copy protection algorithms of software programs. When the “warez” (pirated software) scene loses its thrill, they migrate to chat room or IRC harassment. The criminals may then begin launching damaging DoS attacks against servers and defacing Web sites in order to obtain that initial rush that originated with simple warez trading. Similar to a drug addiction, the euphoric psychological states and resulting tolerance associated with excessive computer use may explain why computer criminals repeatedly engage in illicit activities, even after they have been caught and punished.

12.6 ETHICS AND COMPUTER CRIME.

Researchers have suggested that computer criminals may have an underdeveloped sense of ethics or moral maturity.⁹¹ Because of this ethical immaturity, computer hackers may think that many of their illegal actions are justified and ethical. Many computer criminals feel that they are ethically entitled to have access to all information. Most of these individuals also feel that it is morally right to use inactive computer processing power and time, regardless of who owns the computer system. Computer criminals do not feel that breaking into a computer network should be viewed in the same fashion as breaking into an individual's house. Often computer criminals rationalize their illegal activities and justify their behaviors by blaming the victims for not securing their computer networks properly.⁹² Most computer criminals are adolescents, which may account for the underdeveloped sense of ethics in their community.⁹³

Vincent Sacco and Elia Zureik, in their investigation of ethics and computer usage, administered an anonymous survey to university students enrolled in computer courses at a Canadian university.⁹⁴ They used a 22-page questionnaire containing questions about computer behaviors, perceptions, and general attitudes. They examined attitudes toward computer crimes and assessed judgments regarding the ethical nature of illegal computing behaviors, beliefs about the prevalence of the illegal behaviors, and beliefs about probability of detection. Questions about self-reported computer misuse dealt with the use of unauthorized passwords, illegal reproduction of software, avoidance of charges while using programs, and looking at discarded paper for interesting programs, passwords, and the like (dumpster diving).

The researchers hypothesized that there would be a significant relationship between self-reported computer crime and the measures of attitude regarding the crimes. As they predicted, there was a strong positive correlation. Viewing illicit computing behaviors as ethical increased the reported likelihood that the respondents had engaged in such actions. Computer crime was least reported when the behavior was seen as being more unethical.⁹⁵ These findings were similar to the ethical computing theories proposed by information security specialists Denning, Winkler, and Post.⁹⁶

Journalists Steven Levy and Steve Mizrach suggest that computer hackers may have a separate code of ethics from the general Internet population.⁹⁷ Some hackers feel that access to computers and computing time should be unlimited and free of restrictions. From their point of view, hours of potentially useful computing time are needlessly restricted and therefore wasted in today's computing world. They also believe that all nonsensitive information should be free and easily accessible to any individual, regardless of control or authorship. Information should not be hoarded by anyone in power, but rather openly shared so that those who crave it can have access to it. Computer hackers claim to promote decentralization of government and politics. They have an ardent mistrust of authority. Hackers feel that other hackers should be judged not on superficial criteria, such as age, gender, or ethnicity, but by the quality of their computing and hacking skills. They also feel that the proper use of computers can create beauty and art, equivalent to more traditional creative methods, such as painting or poetry. Computer hackers believe that computers have the ability to improve the quality of living.⁹⁸ They feel that it is ethical to crack into computer systems as long as no data are harmed, stolen, or vandalized in the process.⁹⁹

Information security specialist Ira Winkler suggests that computer hackers, because of their generally young age, do not fully understand the possible repercussions associated with their actions. They demonstrate an infantile aversion or complete lack of empathy for their victims.¹⁰⁰ Hackers fail to fully realize the consequences of their electronic intrusion into computer systems. The adolescents do not fully comprehend that their mere presence on a computing network could potentially cost companies thousands of dollars as well as cost systems administrators their jobs within an organization.¹⁰¹ According to Winkler, many computer hackers learn and develop a sense of computer ethics from their online and off-line peers. In other words, unlike most instruction on morality and ethics that stem from a responsible adult, computing ethics are socially learned from other adolescents over the Internet. Computer hackers learn the “dos and don'ts” of hacking and computing from elder statesmen in the hacking community who may be no more than a few years older than they are. Often, in today's technological society, children know more about computers and the Internet than their parents do. When adolescents have problems or need guidance in ambiguous situations, many times their parents and mature role models are unable to offer them such guidance and assistance. Therefore, the youngsters seek out knowledge from their peers, who may or may not offer them the most ethical or wise advice.¹⁰²

Sociologist Orly Turgeman-Goldschmidt, in her examination of hackers' accounts, suggested that computer criminals may view their behaviors as nothing more than a new form of social entertainment. They see their electronic intrusions as a game that provides them with excitement and thrills. The Internet serves as an unlimited playground or social center where “netizens” are able to develop new games and forms of social activities. Computer criminals may view their illegal activity as nothing more than fun and thrill seeking, a new form of entertainment that is carried out on an electronic playground.¹⁰³

As individuals grow older, they develop a more mature or adult sense of ethics. Adults have legal authority over the lives of their children because adolescents are not yet fully capable of making every decision on their own. Adults need to extend this legal responsibility and authority into cyberspace. Many children are making judgments and performing actions on their own, without adult supervision, while on the Internet. Adolescents do not have the same ethical maturity that adults have, yet unsupervised on the Internet, they are given as much power, authority, and responsibility as ethically mature adults. Neil Patrick, the leader of one particularly malicious group of phone-system hackers known as the 414's, stated that he did not know that his hacking was illegal or unethical. In fact, asked when, if ever, he began to question the ethics of his actions, Patrick stated that ethics never came into his mind until the Federal Bureau of Investigation was knocking on his front door. Patrick and the other young members of the 414's did not see anything wrong with their actions. To them, breaking into proprietary telecommunications networks was not a crime. They saw nothing ethically wrong with their actions.¹⁰⁴

Psychologist Lawrence Kohlberg developed a three-level theory to explain normal human moral development. The first level deals with avoiding punishments and obtaining rewards, the second level emphasizes social rules, and the third level emphasizes moral principles. Each of his three levels contains two stages that an individual passes through during adolescence on the way to adult moral development. Computer criminals appear to be operating in the lower three stages of Kohlberg's model: the two stages comprising level 1 and the first stage in level 2. The moral judgments of computer criminals appear to be determined by a need to satisfy their own needs and to avoid disapproval and rejection by others. These individuals do not appear to be aware of, or concerned with, the third level of moral development, where moral judgments are motivated by civic respect and one's own moral conscience.¹⁰⁵ Computer criminals may be functioning at the third level of moral development in the physical world, a level appropriate for teens and adults, and may simultaneously be functioning at lower levels of moral development while on the Internet.¹⁰⁶ A recent study conducted by Marc Rogers found that, while taking pencil-and-paper measures of moral decision-making, there were no reported differences between computer criminals and their noncriminal counterparts.¹⁰⁷ However, these findings may have differed had the study been administered using a computer where their online identities would be more salient.¹⁰⁸ Their entire cyberspace behavior appears to be aimed at satisfying their own needs. They break into computer networks to satisfy their own curiosity and to gain the approval of their peers. One notorious hacker who was known as the Mentor states, “We explore, you call us criminals. We seek after knowledge and you call us criminals…. I am a criminal. My crime is that of curiosity.”¹⁰⁹

According to Shaw and associates, there is a notable lack of ethical regulation and education in organizations, schools, and homes regarding proper computing behavior.¹¹⁰ Computer criminals who lack ethical maturity fail to realize that their actions are sometimes just as damaging as physical aggression. Cybervandals do not see the immediate repercussions of their actions because of the physical distance and lack of social presence in computer-mediated interactions. This ethical immaturity is a result of the technology gap between young computer users and their parents. In real-world situations, parents and teachers strive to instill responsibility and ethics in adolescents. Therefore, young adults become capable of making informed decisions regarding ethical and unethical behaviors. However, the same adolescent who demonstrates ethical behavior in the physical world may be ethically bereft in cyberspace, partly due to the lack of adult guidance and instruction. Research has indicated that computer criminals are primarily white males in their teenage years.¹¹¹ Anecdotal evidence suggests that in today's society, adolescents recreationally use, and are more familiar with, computers and the Internet than their parents. These young adults often learn about Internet-related behaviors and attitudes on their own or via peer-to-peer interaction. Adolescents are socialized on the Internet by other adolescents, which may lead to a Lord of the Flies scenario, where children construct social rules and guidelines to govern their behaviors.¹¹² These socially constructed norms and guidelines may be both morally and ethically different from real-world norms.

Scholastic Incorporated demonstrated in a recent survey that 48 percent of elementary and middle school students did not consider computer hacking to be a crime. Recently the Department of Justice formed a cybercitizen awareness program in an effort to educate parents, teachers, and children about ethical and unethical computing practices. The program seeks to educate individuals through ethics conferences, multimedia presentations, and speaking engagements at schools around the country. This program and others like it may aid to increase moral responsibility and ethical behaviors of adolescents on the Internet.¹¹³

12.7 CLASSIFICATIONS OF COMPUTER CRIMINALS.

For both ordinary and abnormal behaviors, it is difficult if not impossible to find one theoretical perspective that can account for every behavior in a given situation. Attitudes and behaviors are the product of the combined influence of an individual's personality and the current social situation. Therefore, it stands to reason that no single theory or theoretical perspective can account for the various types of computerized crimes and the criminals who engage in them. The difficulty lies in the fact that there are numerous types of computerized crimes, ranging from trading pirated software, to cloning cellular phones, to sniffing network passwords. Along with the different variations of computerized crime, there are many different types of computer criminals, ranging from the AOL-password thief to the professional spy. Any theory that would account for the behavior of many computer criminals would have to consider, first, the type of illegal activity the person was engaged in and, second, the type of cybercriminal category that the individual falls into.¹¹⁴ Computer criminals are by nature paranoid and secretive agents who exist in a similar community. They use handles to conceal their true identities and, except for annual hacker conventions or local meetings, seldom interact with each other in the real world. Therefore, it is difficult for researchers to identify and categorize the various subgroups that exist. However, recently researchers using interview and survey techniques have attempted to do so.

The term “computer hacker” has been both overused and misused as a way of classifying the entire spectrum of computer criminals.¹¹⁵ The motivations and actions of one subgroup of computer criminals may be entirely different from those of a second group; therefore, it is imperative that in any psychological analysis of computer criminals, the various subcategories be taken into consideration. Many theories have attempted to account for the motivations and behaviors of computer criminals as a whole when the theorists actually were referring to one specific subgroup in the underground culture.¹¹⁶ Computer criminals are a heterogeneous culture; therefore, one single theory or perspective cannot explain all their actions. The fact that researchers traditionally have treated computer criminals as a homogeneous entity has limited the validity and generalizabilty of their findings. Even researchers who have taken into account the heterogeneous nature of the computing underground have had difficulty with experimental validity. Experimenters have allowed participants to use their own self-classification schemes or attempted to generalize the results of a single subgroup to the entire underground culture.¹¹⁷

12.7.1 Early Classification Theories of Computer Criminals.

Over the past few decades, several researchers have attempted to develop a categorization system for individuals who engage in various forms of computer crime.¹¹⁸ A comprehensive review of this research is beyond the scope of this chapter. For an extensive review, see Rogers's analysis and development of anew taxonomy for computer criminals.¹¹⁹ Bill Landreth, a reformed computer cracker, was one of the earliest theorists to develop a classification scheme for computer criminals.¹²⁰ His system divided criminals into five categories based on the their experience and illegal activities.

The “novice” criminals have the least experience with computers and cause the least amount of electronic disruption from their transgressions. They are considered to be tricksters and mischief makers, (e.g., AOL users who annoy chat-room members with text floods and DoS-like “punting” programs that crash AOL sessions using specific font or control code strings).
The “students” are electronic voyeurs. They spend their time browsing and exploring unauthorized computer systems.
The “tourists,” according to Landreth, commit unauthorized intrusions for the emotional rush that results from their actions.¹²¹ This subgroup of computer criminals is similar to Bequai's electronic joyriders.¹²² The tourists are thrill-seekers who receive a cerebral buzz from their illegal behaviors.
The “crackers” are malicious computer criminals. This subgroup is composed of the darkside criminals whom Kabay refers to.¹²³ The “crackers” will crack into networks and intentionally delete and destroy the data and the computer systems.
Landreth's final classification of computer criminal is the “thieves.”¹²⁴ Criminals who fit into this category commit their illegal actions for monetary gain. These individuals are equivalent to the dangerous insiders that Shaw has analyzed. Thieves may work alone, or they may be under contract from both foreign and domestic corporations and governments.

Former Australian Army intelligence analyst Nicholas Chantler conducted one of the few empirical examinations of computer criminals and their culture.¹²⁵ This survey based study attempted to gain a deeper understanding of the underground culture as well as to develop a categorization system for cybercriminals. Chantler posted questionnaires to bulletin board systems (BBSs), Usenet newsgroups, and chat rooms owned or frequented by computer criminals. An analysis of the data yielded five primary attributes—criminal activities, hacking prowess, motivations, overall knowledge, and length of time hacking—that Chantler used to create three categories of computer criminals: lamers, neophytes, and elites.

“Lamers” have the least technical skill, and they have been engaged in their illegal activities for the shortest period of time. This group of criminals is primarily motivated by revenge or theft of services and property.
“Neophytes” are more mature than lamers. They are more knowledgeable than the previous category and engage in illegal behaviors in pursuit of increased information.
Members of the “elite” group have the highest level of overall knowledge concerning computers and computer crime. They are internally motivated by a desire for knowledge and discovery. They engage in illegal activities for the intellectual challenge and for the thrill they receive from their criminal behaviors.

According to Chantler, the largest proportion of computer criminals, 60 percent, falls into the neophyte category. Thirty percent of computer criminals fall into the elite category, while 10 percent are lamers.¹²⁶

As cited by Rogers, Donn Parker developed a seven-level categorization scheme for computer criminals.¹²⁷ He formalized his scheme, through years of interaction and structured interviews with computer criminals, into these categories:

“Pranksters” are characterized by their mischievous nature.
“Hacksters” are motivated by curiosity and a quest for knowledge. Pranksters and hacksters are the least malicious computer criminals.
“Malicious hackers” are motivated by a need for disruption and destruction. They receive pleasure from causing harm to computer systems and financial loss to individuals.
“Personal problem solvers” commit illegal activities for personal gain. Problem solvers, the most common type of computer criminal according to Parker, resort to crime after failing in legitimate attempts to resolve their difficulties.
“Career criminals” engage in their illegal cyberbehaviors purely for financial gain.
“Extreme advocates” have strong ties to religious, political, or social movements. Recently these types of cybercriminals have been dubbed “hacktivists,” a combination of “computer hackers” and “activists.”
Malcontents, addicts, and irrational individuals comprise the final category in Parker's scheme. Individuals in this category usually are suffering from some form of psychological problem, such as addiction or antisocial personality disorder.¹²⁸

12.7.2 Rogers's New Taxonomy of Computer Criminals.

After an extensive review of past categorization theories, Rogers has advanced a new taxonomy for computer criminals.¹²⁹ This classification scheme is comprised of seven independent but not mutually exclusive categories:

“Newbie/toolkit (NT)” criminals have the least amount of technical knowledge and skill. Members of this category are relatively new to the scene and use prewritten and compiled scripts and tools to commit their computerized crimes.
“Cyberpunks (CPs)” are the second category in Rogers's taxonomy. Members of this category are slightly more advanced that the newbies. These criminals are novice programmers limited in experience with computer systems and networks. Cyberpunks also commit malicious criminal acts, such as mail bombing, Web page hijacking, and credit card theft. Winkler suggests that the majority of computer criminals fall into either the cyberpunk or newbie categories. He estimates that between 35,000 and 50,000 computer criminals, well over 90 percent of their total estimated number, fall into these categories, whom he dubs “clueless.”¹³⁰
“Internals (ITs)” consist of disgruntled workers or former workers who hold information technology positions in an organization. Members of this category have an advantage over external attackers due to their job and status within the corporation. Research indicates that internals are responsible for the majority of computer crimes and associated financial loss.¹³¹
“Coders (CD)” are computer criminals with advanced technical knowledge and skill. These individuals are responsible for writing many of the exploit programs (e.g., stack overflows, rootkits, etc.) that are used by the less knowledgeable “newbie/toolkit” and cyberpunk crackers in their cyberattacks.
“Old Guard (OG)” hackers, according to Rogers, are not criminals in the traditional sense. However, they have a relaxed sense of ethics regarding privacy and intellectual and personal property found in other computer criminals. OG hackers engage in behavior according to the traditional hacker ethic and ideology described by Levy.¹³² Their illegal behaviors are motivated by a quest for knowledge and information.
“Professional criminals” are traditionally older and more knowledgeable about technology than the previous categories. Members of these categories may be former government and intelligence operatives who are motivated by financial gain. They may often have access to advanced technology and can be adept at industrial espionage. The annual surveys by Computer Security Institute consistently indicate that employees (the category similar to Rogers's “internals”) are responsible for most acts of computer crime against an organization.¹³³

Shaw and associates classify computer criminals into two categories: outside intruders and dangerous insiders.¹³⁴ The researchers focus on the critical IT insiders who are typically programmers, technical support staff, networking operators, administrators, consultants, and temporary workers in an organization. Malicious insiders are a subgroup of such employees who are motivated by greed, revenge, problem resolution, and ego gratification. According to Shaw and coauthors, these dangerous insiders typically have introverted personalities.¹³⁵ They demonstrate a preference for solitary intellectual activities over interpersonal interaction. Members of this subgroup may have had numerous personal and social frustrations that have hindered their interpersonal interactions and contributed to their antiauthoritarian attitudes. Researchers also have suggested that these computer criminals may have developed a dependence on, or an addiction to, computers.¹³⁶

The malicious subgroup of critical information technologists has been characterized as having a loose or immature sense of ethics regarding computers. The dangerous insiders rationalize their crimes by blaming their company or supervisors for bringing any negative consequences on themselves. They feel that any electronic damage they cause is the fault of the organization for treating them unfairly. The researchers also note that many insiders identify more with their profession than with the company for which they work. This heightened identification with the profession undermines an insider's loyalty to an organization. This reduced loyalty is evidenced by the high turnover rates of jobs in the IT industry. According to Shaw and associates, the unstable bond between insiders and their organizations creates undue tension with regard to security practices and intellectual property rights.¹³⁷

Researchers also have suggested that dangerous insiders are characterized by an increased sense of entitlement and hostility toward organizational authority. Entitlement, one of the characteristics of narcissistic personality disorder, is described as the belief that one is privileged and owed special treatment or recognition.¹³⁸ According to Shaw and coauthors, when an unfulfilled sense of entitlement is combined with previous hostility toward authority, malicious acts or revenge against the organization may result.¹³⁹

“Cyberterrorists,” along with professional criminals, may present the most danger to individuals and organizations.¹⁴⁰ A cyberterrorist is defined as, “an individual who uses computer or network technology to control, dominate, or coerce through the use of terror in furtherance of political or social objectives.”¹⁴¹

Since the September 11, 2001 attacks in the United States, the term “cyberterrorism” has been frequently overused and misused by the media. An individual who stumbles on a vulnerable .mil or .gov Web site and decides to deface it would not be considered a cyberterrorist without a premeditated intent to cause panic and fear, with the object of obtaining some social end. Although most of the Web page defacements and network attacks labeled by the media as cyberterrorism would not fit Roger's definition, that is not to say that the Internet will not be used as means for terrorist acts in the future. In the wake of the September 11 attacks, and claims by hackers that they could cripple the Internet in 30 minutes, governments and corporations are investing millions into research aimed at protecting the global computing infrastructure from cyberattacks. Rogers suggests that the relative anonymity of the perpetrator, and the multitude of potential targets that could be simultaneously attacked, makes the Internet a very appealing target for terrorists' actions that will likely be exploited in the near future.¹⁴²

12.7.3 Virus Creators.

Computer crime is not only limited to electronic assaults on computer systems. Various other types of digital offenses, such as cracking software protection, software pirating, and spreading computer viruses, also fall into this category as well. Unlike more traditional forms of computer crime, there has been very little research examining the motivations and behaviors of virus writers. The limited number of research reports on this subgroup of computer crime has relied primarily on one-on-one interviews and surveys, in an effort to understand the actions and motivations of virus creators.¹⁴³

Using case studies and multiple interviews, researchers Andrew Bissett and Geraldine Shipton examined the factors that influence and motivate virus writers.¹⁴⁴ The researchers suggest that it is difficult to generalize their findings to all virus creators because of the limited published literature and research regarding virus writers as well as the lack of clinical populations and theories. Virus creators appear to demonstrate conscious motivations for their potentially destructive actions that are similar to the motivations of traditional computer criminals. Virus writers create and distribute their code for reasons of nonspecific malice, employee revenge, ideological motives, commercial sabotage, and information warfare.¹⁴⁵ Bissett and Shipton's review of Sarah Gordon's interview with Dark Avenger reveals some of the motivations behind one of the most notorious virus writers.¹⁴⁶ They suggest that Dark Avenger consistently denies responsibility for his creation and, like traditional computer criminals, engages in victim blaming. Dark Avenger states that it is human stupidity, not the computer, that spreads viruses. The virus writer also appears to self-identify with his malicious code. Dark Avenger seems to project his persona onto viruses in a process called projective identification.¹⁴⁷ During the interview, Dark Avenger stated that the United States could prevent him from entering the country, but it is unable to stop his viruses. Dark Avenger also attempted to justify creating destructive viruses by commenting that most personal computers did not store data of any value and therefore his malicious programs were not doing any real harm. The researchers suggest that Dark Avenger creates malicious viruses because he is envious of others' computers and of the work they do and the bonds they form with these systems. In the interview, Dark Avenger commented that he hates it when people have more powerful computers than he does, especially when the individuals do not use the resources for anything that he deems constructive.¹⁴⁸

Antivirus expert Sarah Gordon examined the ethical development of several virus writers using interview and survey methodology.¹⁴⁹ Her initial four case studies involved an adolescent virus writer, a college-age virus writer, a professionally employed virus writer, and an ex–virus writer. The interviews revealed that all four individuals appeared to demonstrate normal ethical maturity and development consistent with Kohlberg's stage theory. Gordon suggests that there appear to be many different reasons why individuals create and distribute viruses, including boredom, exploration, recognition, peer pressure, and sheer malice.¹⁵⁰

Gordon suggests that the virus underground is currently populated by a second generation or “next-generation” of virus writers whose skill and ability at virus construction is comparable to that of the “old school,” or original virus writers. On the surface, these second-generation creators maintain a public facade that suggests that they are extremely cruel, obnoxious, and more technologically advanced than previous generations. The next-generation virus writers appear to be more aware of the ethical responsibilities surrounding virus creation and distribution; however, the exact definition of “responsible virus creation and distribution” varies from individual to individual. Many of these next-generation virus writers have considerable technical skill and are motivated by the challenge to defeat the virus countermeasures implemented by antivirus vendors.¹⁵¹

According to Gordon, another group of virus creators populating the virus under-ground is composed of “new-age” virus writers. These individuals are motivated by current trends, such as political activism, virus exchange, freedom of information, and challenges to write the most destructive or sophisticated virus, as opposed to technical exploration. These virus writers are motivated by boredom, intellectual curiosity, mixed messages surrounding the legality of virus creation, and increased access to ever-more powerful technological resources. Gordon suggests that these new-age virus writers may be older and wiser than the second or next-generation creators. They are very selective as to who has access to their creations, and they do not share their findings or accomplishments with members outside their group. Unlike the next-generation creator, new-age virus writers will not stop or grow out of writing viruses, as they are most likely already adults. They will continue to write and distribute more sophisticated viruses in part due to the mixed messages concerning the ethical nature of virus creation propagated by the popular media, academia, and the culture of the Internet.¹⁵²

Similar to the popular views surrounding computer hackers, researchers have stated that we must be careful not to view virus creators as a homogeneous group.¹⁵³ Instead we must monitor the virus-exchange community while pursuing in-depth case histories that may aid in our understanding of virus writers. Education about the ethical nature of virus creation and distribution, and about the repercussions associated with malicious code, may attenuate these potentially destructive activities.

12.8 SUMMARY AND CONCLUSIONS.

According to the annual information security prevalence research and statistics, computer crimes are becoming increasingly more widespread, diverse, and financially damaging.¹⁵⁴ With the advent of broadband technologies such as DSL (digital subscriber line), cable modems, satellite receivers, and fiber optics networks, computer crimes are no longer simply problems for the corporate realm but are affecting the casual home user as well. Personal financial information from millions of consumers was stolen by computer criminals in 2006, placing these individuals at risk for identity theft, credit card fraud, and numerous other financial abuses. With hundreds of new computer vulnerabilities appearing every year, computer security professionals are finding it increasingly difficult to protect their digital networks from criminals.¹⁵⁵

Examining the behaviors of these digital criminals from a psychological perspective, which emphasizes the influence of personality, cultural, and situational factors, may offer possible explanations for their motivations and their criminal actions. Research regarding computer-mediated interaction suggests that the characteristics inherent to the electronic environment may contribute to antinormative behaviors. Anonymity, reduced social context cues, and the psychological state of deindividuation may all contribute to the aggressive and antisocial behaviors of computer criminals.

Self-report measures indicate that electronic lawbreakers may be engaging in these illegal activities due to a mix of boredom, curiosity, and the potentially addictive qualities of the Internet.¹⁵⁶ Contrary to the popular stereotype of the cybervandal, some research indicates that computer criminal have extensive social networks. Social learning theory suggests that computer criminals learn their illegal behaviors from watching the actions and associated consequences of other cyberdeviates.¹⁵⁷ Recently the popular media has been criticized for glorifying computer criminals by presenting them as Robin Hood–like rebels or technological activists. This type of glorification may lead individuals to associate positive consequences with illegal activities, thereby increasing the probability of their occurrence.

Personality theorists suggest that some computer criminals demonstrate characteristics associated with antisocial and narcissistic personality disorders, which may contribute to their illegal behaviors.¹⁵⁸ Researchers also have indicated that computer criminals may develop an addiction to computers and Internet resources as well as a euphoric rush from their illegal behaviors. In addition, computer criminals have been characterized as having an underdeveloped sense of ethics and ethical maturity, although some virus writers have demonstrated normative ethical development.

The few empirical studies that have examined computer criminals have been primarily descriptive in nature and have attempted to generalize their results to the entire population.¹⁵⁹ In order to develop predictive theories regarding the attitudes and behaviors of computer criminals, researchers need to take into account the categories and personalities of computer criminals. There is no one single profile or typical computer criminal. Researchers have developed numerous classification systems that group hackers according to their skill levels, motivations, and goals into independent categories ranging from neophyte hackers to professional cyberterrorists. The computer criminals who comprise one category may have vastly different motivations and attitudes from the typical members of another category. Psychological theories that account for the behaviors and attitudes of one category of cybercriminals may fail when applied to another category of criminals. Thinking of computer criminals as a homogeneous entity limits the understanding of their criminal behaviors and attitudes.

Research and attention from popular culture and the media traditionally has focused on computer criminals in the cyber-punk category due to their sheer numbers and the visible nature of their crimes. However, many theories regarding this group of criminals have been inappropriately generalized to the computer criminal population as a whole, resulting in faulty explanations and misattribution of their behaviors. Although there has been ample theoretical speculation regarding computer criminals in general, there has been a paucity of research on criminals in specific subsets or categories.

Psychological theories offer various explanations that may influence criminal activities on the Internet. These situational influences may interact with various individual personality traits to further contribute to illegal behaviors. The current task for researchers is to untangle these personality and situation influences on electronic behavior. They must determine what situations and characteristics are influencing the various types of computer criminals. There is no simple explanation as to why computer criminals engage in hostile and destructive acts. The answer lies in a complex mixture of factors that depends on the social environment and individual personality factors. There are numerous types of computer criminals ranging from script kiddies to the professional criminal, each with varying personalities and motivators. The interaction of personality variables and environmental factors will determine how a computer criminal reacts in any given situation.

The key message from the research summarized in this chapter is that information security practitioners must contribute to the awareness and education of parents and educators who can influence young people away from the antisocial beliefs, attitudes, and behavior described above. Such efforts will be buttressed by government research foundation investments in further research into the psychological and social dynamics of the computer crime underground as a legitimate sphere of criminological study. Industry would do well to support such scientific and academic efforts.¹⁶⁰

12.9 NOTES

1. National Institute of Justice, “Electronic Crime Research and Development,” 2006, www.ojp.usdoj.gov/nij/topics/ecrime/welcome.html.

2. Symantec, “Internet Security Threat Report,” 2006, www.symantec.com/enterprise/threatreport/index.jsp.

3. Symantec, “Internet Security Threat Report.”

4. Douglas Campbell, “A Detailed History of Terrorist and Hostile Intelligence Attacks Against Computer Resources,” 1992; e-mail: [email protected].

5. Donn Parker, “How to Solve the Hacker Problem,” Journal of the National Computer Security Association, No. 5 (1994): 4–8.

Jerrold Post, “The Dangerous Information Systems Insider: Psychological Perspectives,” 1998; e-mail: [email protected].

6. Michel Kabay, “Kfiles: Ethics,” SecurityPortal, 2000; www.securityportal.com/kfiles/ethics.html.[AU: no such file found]

7. Parker, “How to Solve the Hacker Problem.”

8. Paul Taylor, Hackers: Crime in the Digital Sublime (New York: Routledge, 1999); Orly Turgeman-Goldschmidt, “Hackers' Accounts: Hacking as a Social Entertainment,” Social Science Computer Review 23, No. 1 (2005): 8–23; Tim Jordan and Paul Taylor, “A Sociology of Hackers,” Sociological Review 46, No. 4 (1998): 757–780.

9. Taylor, Hackers.

10. Turgeman-Goldschmidt, “Hackers' Accounts.”

11. Taylor, Hackers.

12. Taylor, Hackers.

13. Jordan and Paul Taylor, “A Sociology of Hackers.”

14. Woo, Kim, and Dominick, “Hackers.” Media Psychology 6, No. 1 (2004): 63–82.

15. Marc Rogers, “The Psychology of Cyber-Terrorism,” In A. Silke (Ed.), Terrorists, Victims, and Society: Psychological Perspectives on Terrorism and Its Consequences. (London: John Wiley & Sons, 2003).

16. Taylor, Hackers; Woo, Kim, and Dominick, “Hackers.”

17. David G. Myers, Social Psychology, 8th ed. (New York: McGraw-Hill, 2005).

18. Myers, Social Psychology.

19. Woo, Kim, and Dominick, “Hackers.”

20. Bob Sullivan, “DoS Attacks: What Really Happened,” MSNBC, 2000; www.zdnet.com/zdnn/stories/news/0,4586,2553035,00.html.

21. Stanley Milgram, Obedience to Authority (New York: Harper & Row, 1974).

22. Marc Rogers, “Modern-day Robin Hood or Moral Disengagement?” 1999; http://homes.cerias.purdue.edu/~mkr/moraLdoc.pdf. (Accessed November 13, 2005).

23. Stanley Milgram, Obedience to Authority (New York: Harper & Row, 1974).

24. Milgram, Obedience to Authority.

25. Rogers, “Modern-day Robin Hood or Moral Disengagement?”

26. Rogers, “Modern-day Robin Hood or Moral Disengagement?”

Bandura, “Selective Activation and Disengagement of Moral Control.”

27. Kabay, “Kfiles: Ethics;” Taylor, Hackers.

28. Woo, Kim, and Dominick, “Hackers.”

29. Rogers, “Modern-day Robin Hood or Moral Disengagement?”

30. Sara Kiesler, Jane Siegel, and Timothy McGuire, “Social Psychological Aspects of Computer-Mediated Communication,” American Psychologist, No. 39 (1984): 1123–1134; Sara Kiesler and Lee Sproull, “Group Decision Making and Communication Technology,” Organizational Behavior and Human Decision Processes, No. 52(1992): 96–123.

31. Kiesler, Siegel, and McGuire, “Social Psychological Aspects of Computer Mediated Communication.”

32. Kiesler and Sproull, “Group Decision Making and Communication Technology.”

33. Kiesler and Sproull, “Group Decision Making and Communication Technology.”

34. Turgeman-Goldschmidt, “Hackers' Accounts.”

35. Phillip Zimbardo, “The Human Choice: Individuation, Reason, and Order Versus Deindividuation, Impulse, and Chaos,” Nebraska Symposium on Motivation, No. 17 (1969): 237–307; Edward Diener, “Deindividuation, Self-awareness, and Disinhibition,” Journal of Personality and Social Psychology, No. 37 (1979), pp. 1160–1171.

36. Zimbardo, “The Human Choice.”

37. Kiesler, Siegel, and McGuire, “Social Psychological Aspects of Computer Mediated Communication.”

38. Zimbardo, “The Human Choice.”

39. Tom Postmes, Russell Spears, and Martin Lea, “Social Identity, Normative Content, and ‘Deindividuation’ in Computer-Mediated Groups.” In N. Ellemers, R. Spears, and B. Doosje (Eds.) Social identity: Context, Commitment, Content (Oxford: Blackwell 1999), pp. 164–183; Tom Postmes, Russell Spears, and Martin Lea, “Breaching or Building Social Boundaries? SIDE-Effects of Computer Mediated Communication,” Communication Research 25 (1998): 689–715.

Stephen D. Reicher, Russell Spears, and Tom Postmes, “A Social Identity Model of Deindividuation Phenomena,” European Review of Social Psychology 6 (1995): 161–198.

40. Tajfel and Turner, “The Social Identity Theory of Inter-Group Behavior.”

41. Jordan and Taylor, “A Sociology of Hackers.”

Woo, Kim, and Dominick, “Hackers.”

42. Tejfel and Turner, “The Social Identity Theory of Inter-Group Behavior.”

43. Woo, Kim, and Dominick, “Hackers.”

44. Woo, Kim, and Dominick, “Hackers.”

45. Tajfel and Turner, “The Social Identity Theory of Inter-Group Behavior,”

46. Rogers, “Modern-day Robin Hood or Moral Disengagement?”

47. Bandura, “The Social Learning Perspective: Mechanisms of Aggression.”

48. Matt Richtel, “The Hacker Myth Crumbles at Convention,” New York Times (1998); [online] www.nytimes.com/library/tech/98/08/cyber/articles/02hacker.html.

49. Bandura, “The Social Learning Perspective: Mechanisms of Aggression.”

50. Richtel, “The Hacker Myth Crumbles at Convention.”

51. Marc Rogers, “A New Hacker Taxonomy,” 2000; http://homes.cerias.purdue.edu/~mkr/hacker_doc.pdf. (Accessed November 13, 2005.)

52. Sullivan, “DoS Attacks.”

53. Myers, Social Psychology.

54. Michel Kabay, “Totem and Taboo in Cyberspace,” Journal of the National Computer Security Association (1996): 4–9.

55. American Psychiatric Association, Diagnostic and Statistical Manual of Mental Disorders, 4th ed. (Washington, DC: American Psychiatric Association, 1994).

56. Kabay, “Totem and Taboo in Cyberspace”; Eric Shaw, Keven Ruby, and Jerrold Post, “The Insider Threat to Information Systems,” Security Awareness Bulletin, No. 2(1998): 1–10.

57. Woo, Kim, and Dominick, “Hackers.”

58. Kabay, “Totem and Taboo in Cyberspace”; Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

59. American Psychiatric Association, Diagnostic and Statistical Manual of Mental Disorders.

60. Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

61. Toxic Shock, “Another View of Hacking: The Evil That Hackers Do,” Computer Underground Digest, No. 2 (1990); ftp.eff.org/CUD.

62. Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

63. Toxic Shock, “Another View of Hacking.”

64. Marc Rogers, “Understanding Criminal Computer Behavior: A Personality Trait and Moral Choice Analysis,” 2003, http://homes.cerias.purdue.edu/~mkr/CPA.doc. (Accessed November 13, 2005.)

65. Robert R. McCrae and Paul T. Costa Jr., “Personality Trait Structure as a Human Universal,” American Psychologist 52 (1997): 509–516.

66. Rogers, “Understanding Criminal Computer Behavior.”

67. Postmes, Spears, and Martin, “Social Identity, Normative Content, and “Deindividuation;” Postmes, Spears, and Martin, “Breaching or Building Social Boundaries?” Reicher, Spears, and Postmes, “A Social Identity Model of Deindividuation Phenomena;” Tajfel and Turner, “The Social Identity Theory of Inter-Group Behavior.”

68. Sherry Turkle, “Identity Crisis.” In Life on the Screen: Identity in the Age of the Internet (New York: Simon & Schuster, 1995), pp. 255–269.

69. Brian Harvey, “Computer Hacking and Ethics,” 1998, www.attrition.org. (Accessed November 13, 2005.)

70. M. J. Zuckerman, “Hacker Reminds Some of Asperger Syndrome,” USA Today, March 3, 2001; www.usatoday.com/news/health/2001-03-29-asperger.htm; Suelette Dreyfus, “Cracking the Hackers' Code,” Sydney Morning Herald, August 8, 2002; http://smh.com.au/articles/2002/08/20/1029114072039.html.

71. Stephen Bauer, “Aspgerger Syndrome,” 2001; www.asperger.org/asperger/asperger_bauer.htm. Rosalyn Lord, “Asperger Syndrome,” 2001; www.sperger.org/asperger/asperger_as.htm. S. Ehlers and Christopher Gillberg, “The Epidemiology of Asperger Syndrome: A Total Population Study,” Journal of Child Psychology and Psychiatry and Allied Disciplines 34, No. 8 (1993): 1327–1350.

72. Bauer, “Aspgerger Syndrome.”

73. American Psychiatric Association, Diagnostic and Statistical Manual of Mental Disorders.

74. Ehlers and Gillberg, “The Epidemiology of Asperger Syndrome.”

75. Bauer, “Aspgerger Syndrome.”

Ehlers and Gillberg, “The Epidemiology of Asperger Syndrome.”

76. Ehlers and Gillberg, “The Epidemiology of Asperger Syndrome.”

77. Bauer, “Aspgerger Syndrome.”

78. Zuckerman, “Hacker Reminds Some of Asperger Syndrome.”

79. Dreyfus, “Cracking the Hackers' Code.”

80. Dreyfus, “Cracking the Hackers' Code.”

81. Zuckerman, “Hacker Reminds Some of Asperger Syndrome.”

82. Zuckerman, “Hacker Reminds Some of Asperger Syndrome.”

83. Jordan and Paul Taylor, “A Sociology of Hackers.” Dorothy Denning, “Concerning Hackers Who Break Into Computer Systems,” CPSR (1990), www.cpsr.org/cpsr/privacy/crime/denning.hackers.html; Jerrold Post, Eric Shaw, and Keven Ruby, “Information Terrorism and the Dangerous Insider,” paper presented at the InfowarCon 98, Washington, D.C.; A. N. Chantler, “Risk: The Profile of the Computer Hacker” (Ph.D. diss., Curtin University of Technology, 1995).

84. Mark Griffiths, “Internet Addiction: Does It Really Exist?” in J. Gackenbach, ed., Psychology and the Internet: Intrapersonal, Interpersonal and Transpersonal Applications (New York: Academic Press, 1998), pp. 61–75.

85. Post, Shaw, and Ruby, “Information Terrorism and the Dangerous Insider;” K. E. Anderson, “International Intrusion: Motives and Patterns,” 1994; www.aracnet.com/~kea/Papers/paper.shtml.

86. Anderson, “International Intrusion.”

87. Jordan and Paul Taylor, “A Sociology of Hackers.”

88. Jordan and Paul Taylor, “A Sociology of Hackers.”

89. August Bequai, Technocrimes (Lexinton, MA: Lexinton Books, 1987).

90. Alexander E. Voiskounsky and Olga V. Smyslova, “Flow-Based Model of Computer Hackers' Motivation,” CyberPsychology & Behavior 6, No. 2 (2003): 171–161.

91. Denning, “Concerning Hackers Who Break Into Computer Systems;” Post, Shaw, and Ruby, “Information Terrorism and the Dangerous Insider;” Ira Winkler, “Why Hackers Do the Things They Do,” Journal of the National Computer Security Association, No. 7 (1996): 12.

92. Woo, Kim, and Dominick, “Hackers;” Rogers, “Modern-day Robin Hood or Moral Disengagement?”

93. Denning, “Concerning Hackers Who Break Into Computer Systems.”

94. Vincent Sacco and Elia Zureik, “Correlates of Computer Misuse: Data from a Self-Reporting Sample,” Behavior & Information Technology, No. 9 (1990): 353–369.

95. Sacco and Zureik, “Correlates of Computer Misuse.”

96. Denning, “Concerning Hackers Who Break Into Computer Systems;” Post, Shaw, and Ruby, “Information Terrorism and the Dangerous Insider;” Winkler, “Why Hackers Do the Things They Do.”

97. Steven Levy, Hackers (New York: Dell Publishing, 1984); Steve Mizrach, “Is There a Hacker Ethic for ‘90s Hackers?” 1997; www.infowar.com/hacker/hackzf.html-ssi.

98. Levy, Hackers.

99. Mizrach, “Is There a Hacker Ethic for ‘90s Hackers?”

100. Winkler, “Why Hackers Do the Things They Do.”

101. Harvey, “Computer Hacking and Ethics.”

102. Winkler, “Why Hackers Do the Things They Do.”

103. Turgeman-Goldschmidt, “Hackers' Accounts.”

104. Harvey, “Computer Hacking and Ethics.”

105. Myers, Social Psychology.

106. Harvey, “Computer Hacking and Ethics.”

107. Rogers, “Modern-day Robin Hood or Moral Disengagement?”

108. Turkle, “Identity Crisis.”

109. Mentor, “The Conscience of a Hacker,” Phrack Magazine (1986); www.phrack.com.

110. Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

111. Denning, “Concerning Hackers Who Break Into Computer Systems;” Chantler, “Risk.”

112. William Golding, Lord of the Flies (London: Faber and Faber, 1954).

113. Peter Smith, “The Cybercitizen Partnership: Teaching Children Cyber Ethics,” Cybercitizen Partnership, 2000; www.cybercitizenship.org/ethics/whitepaper.html.

114. Rogers, “A New Hacker Taxonomy.”

115. Rogers, “A New Hacker Taxonomy.”

116. Rogers, “A New Hacker Taxonomy”; Kabay, “Totem and Taboo in Cyberspace”; Winkler, “Why Hackers Do the Things They Do?”

117. Rogers, “A New Hacker Taxonomy.”

118. Kabay, “Totem and Taboo in Cyberspace”; Post, Shaw, and Ruby, “Information Terrorism and the Dangerous Insider”; Bill Landreth, Out of the Inner Circle (Redmond, WA: Microsoft Books, 1985); Donn Parker, Fighting Computer Crime: A New Framework for Protecting Information (New York: John Wiley & Sons, 1998).

119. Rogers, “A New Hacker Taxonomy.”

120. Landreth, Out of the Inner Circle.

121. Landreth, Out of the Inner Circle.

122. Bequai, Technocrimes.

123. Kabay, “Totem and Taboo in Cyberspace.”

124. Post, Shaw, and Ruby, “Information Terrorism and the Dangerous Insider.”

125. Chantler, “Risk.”

126. Chantler, “Risk.”

127. Rogers, “A New Hacker Taxonomy”; Parker, Fighting Computer Crime.

128. Rogers, “A New Hacker Taxonomy.”

129. Rogers, “A New Hacker Taxonomy.”

130. Winkler, “Why Hackers Do the Things They Do?”

131. Rogers, “A New Hacker Taxonomy”; Sarah Gordon, “The Generic Virus Writer,” 4th International Virus Bulletin Conference, Jersey, U.K. (September 1994), www.research.ibm.com/antivirus/SciPapers/Gordon/GenericVirusWriter.html.

132. Levy, Hackers.

133. Federal Bureau of Investigations & Computer Security Institute, “2005 CSI/FBI Computer Crime and Security Survey,” 2005; www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml.

134. Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

135. Postmes, Spears, and Martin, “Social Identity, Normative Content, and “Deindividuation” in Computer-Mediated Groups.”

136. Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

137. Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

138. Diener, “Deindividuation, Self-Awareness, and Disinhibition.”

139. Postmes, Spears, and Martin, “Social Identity, Normative Content, and “Deindividuation” in Computer-Mediated Groups.”

140. American Psychiatric Association, Diagnostic and Statistical Manual of Mental Disorders.

141. Rogers, “The Psychology of Cyber-Terrorism.”

142. Rogers, “The Psychology of Cyber-Terrorism.”

143. Gordon, “The Generic Virus Writer;” Sarah Gordon, “The Generic Virus Writer II,” 6th International Virus Bulletin Conference, Brighton, U.K. (September 1996), www.research.ibm.com/antivirus/SciPapers/Gordon/GVWII.html; Andrew Bissett and Geraldine Shipton, “Some Human Dimensions of Computer Virus Creation and Infection,” International Journal of Human Computer Studies 52, No. 5 (2000): 1071–5819.

144. Bissett and Shipton, “Some Human Dimensions of Computer Virus Creation and Infection.”

145. Bequai, Technocrimes.

146. Bissett and Shipton, “Some Human Dimensions of Computer Virus Creation and Infection.”

147. Gordon, “The Generic Virus Writer II.”

148. Bissett and Shipton, “Some Human Dimensions of Computer Virus Creation and Infection.”

149. Gordon, “The Generic Virus Writer;” Gordon, “The Generic Virus Writer II.”

150. Gordon, “The Generic Virus Writer II.”

151. Gordon, “The Generic Virus Writer II.”

152. Gordon, “The Generic Virus Writer II.”

153. Gordon, “The Generic Virus Writer II;” Bissett and Shipton, “Some Human Dimensions of Computer Virus Creation and Infection.”

154. SysAdmin, Audit, Network, Security Institute, “Most Critical Vulnerabilities for Q2 2005,” www.sans.org/top20/q2-2005_update; CERT, “CERT/CC Statistics 1988–2005,” www.cert.org/stats/cerLstats.html; Scott Berinato and Lorraine Cosgrove Ware, “The Global State of Information Security 2005,” Chief Information Officer's Magazine, www.cio.com/archive/091505/global.html; Federal Trade Commission, “Identity Theft Survey Report,” 2003, www.ftc.gov/os/2003/09/synovatereport.pdf; Chief Security Officer, “CSO Research Reports,” 2005, www.csoonline.com/csoresearch/report89.html; Federal Bureau of Investigations & Computer Security Institute, “2005 CSI/FBI Computer Crime and Security Survey.”

155. SysAdmin, Audit, Network, Security Institute, “Most Critical Vulnerabilities for Q2 2005;” CERT, “CERT/CC Statistics 1988–2005.”

156. Taylor, Hackers; Turgeman-Goldschmidt, “Hackers' Accounts;” Jordan and Taylor, “A Sociology of Hackers;” Woo, Kim, and Dominick, “Hackers.”

157. Rogers, “Modern-day Robin Hood or Moral Disengagement?”

158. Rogers, “A New Hacker Taxonomy;” Shaw, Ruby, and Post, “The Insider Threat to Information Systems.”

159. Rogers, “A New Hacker Taxonomy;” Denning, “Concerning Hackers Who Break Into Computer Systems.”

160. M. E. Kabay, “Time for Industry to Support Academic INFOSEC,” 2004. www2.norwich.edu/mkabay/opinion/endowed_chairs.pdf.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for CHAPTER 12: THE PSYCHOLOGY OF COMPUTER CRIMINALS

Create new playlist

Sign In

Sign Up

CHAPTER 12

THE PSYCHOLOGY OF COMPUTER CRIMINALS

12.1 INTRODUCTION.