The Psychology Of The Cyber Criminal – Part I

The insider threat…

We live in an age in which many if not most crimes involve a computer at some point, but we still know very little about cyber criminals and what makes them tick. As we learn more about the rapidly-evolving field of cyber security and look at ways of detecting and preventing cyber crime, it’s important that we start to ask ourselves what really goes on in the mind of a hacker.

The cyber attacks covered by the press tend to be attacks from the outside; internal attacks are often never discovered, or reported if they are, and lots of companies choose to deal with the attacker by firing, disciplining, or tightening up security unless they’re required to report it to officials. Yet the insider threat (contractors and third parties as well as employees) remains one of the most intractable in cybersecurity. A careless or malicious employee can defeat the best security technology an organization can deploy, and several high profile hacks in the last ten years prove just this. Take, for example, the infamous case of Gary Min, who worked as a research chemist for Dupont for 10 years and spent another 10 in prison following his theft of $400 million worth of electronic documents after deciding to take a job with a competitor in Asia. It could very easily happen to your business; most companies can think of a grumbling employee perhaps with a grudge to bear, and such a character can easily go unnoticed in a busy work environment and yet cause irreparable damage. Fortunately, technology has also evolved to help defend against such breaches.

Inside the mind of the hacker…

Cyber-attacks are sometimes caused by insider negligence or even naiveté, but many others are just malicious plots that cause intentional damage. Psychologists who conducted a study at Danube University suggest that the hacker mind is identical to that of a burglar or pickpocket (with the prime threat of hackers and malware being information and identify theft, the main difference between the two crimes being that identity theft costs victims over $50 billion dollars a year and can destroy people’s lives). Unfortunately, unlike other crimes, cybercrime profiling is hard because there are many different types of hacker and various motivations behind their actions. For example, although usually lumped together, experts claim hackers and malware creators have very distinct personalities, and Sarah Gordon, lead researcher for Symantec, is one of many to claim that ‘surgical’ hackers look down on virus writers, for example, who attack indiscriminately. We still have much to research and learn, because it’s really not always a hoodie-wearing teenage boy in his mum’s basement. Typically hackers are divided into White Hats (virtual vigilantes who like to fix things and solve problems for the greater good of the computing community and its resources), Black Hats (malicious hackers just out for power and to destroy things) and Grey Hats (reformed ex-Black Hats now working as security consultants), but of course there are many hacker types including hacktivists, virus and malware writers, disgruntled ex/current employees and cyber terrorists, to name a few.

But what causes a technologically talented person to become a malicious hacker? Hurtful and scarring childhood experiences, stressors at work and at home (e.g., divorce, money worries, demotion, etc), an opportunity to steal confidential information and rationalization of the potential theft are all factors that contribute to an insider turning against his employer, and exposure to such factors can lead to a stress spiral that can cause an individual to feel deeply underprivileged and open to certain “opportunities.” Depending on the hacker, it can be about financial gain, covering up an error, damaging a company’s assets or reputation just because they can, proving a point, whistleblowing (indeed, ideology plays more of a factor with millennial hackers, such as Edward Snowden, the former NSA contractor who exposed the agency’s surveillance of American citizens). Sometimes though, it’s just about being malicious just because they can, for example, the UBS Paine-Webber attack, where an employee just wanted to wreak havoc, rather than steal information. He planted a “logic bomb” that took down around 2,000 servers across the country and meant that the company was unable to make trades for up to several weeks in some offices, losing them an undisclosed amount of business during downtime and reportedly costing them $3.1 million just to recover from the attack.

Watching your back…

Businesses need to look at things in context and be aware of situations that could point to something bad around the corner – some have even reported spotting ‘cyber-psychotic’ tendencies in an employee at an early stage and converting it into more positive behaviours that actually benefit the organisation, such as improved security measures.

Monitoring employees and spotting early hacker behavior is a tough problem for modern companies to face. It’s much easier for cyber criminals to attack a business’s IT system than it is for the business to defend it, and cyber attacks can last for weeks, months and even years, completely undetected until it’s too late. Skilled hackers aren’t created overnight – they develop their hacker mind-set and allied skill sets over time and experience, often setting themselves increasingly difficult and challenging hacks as they ‘grow’. Cyber crime is a lucrative career to some, so the security industry needs to up its game.

In light of all of this – the daily battle between cyber crime and cyber security – the question arises: how can organizations control, and even prevent, hacker-like behavior among their workforce, and protect themselves from damaging breaches? The WALLIX Bastion Privileged Access Management solution is the most cost-effective, complete and undisruptive of solutions. It protects your privileged accounts (what hackers look for to secure a way into your systems) from both internal and external attacks and lets you control, monitor and record administrator sessions across multiple systems, so you always know who’s looking at and doing what. Ex-hacker & co-author (with Apple Computer co-founder Steve Wozniak) of 2011’s ‘Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker‘, Kevin Mitnick said that: “Cyber-security is about people, processes and technology, and organizations need to bolster the weakest link – which invariably is the human element. It does not matter what security software you have installed, because it just takes one person in the targeted organization to make a bad business decision, and it’s game over. It’s opportunity that hackers need; so don’t give it to them.