Actors of Cybercrime

https://www.coursera.org/learn/cyber-conflicts/lecture/Qlu34/actors-of-cybercrime


In this module, we're gonna be looking at theories of human motivation, and how they may be used to explain cyber crime. Cyber crime is sort of a unique business, okay? The perpetrators or attackers, often operate in anonymity, and have low probability of being caught or detected.

Like many crimes,

those who perpetuate cyber crime do it for many different reasons, as we'll see. So it's not easy to lump all cyber criminals into one box and explain their behavior neatly. So we'll be looking at theories of human motivation that can explain the different types of cyber crime.

Let's start, first though, by looking at the behavior that we're trying to explain, all right? Cyber attacks occur in many different situations, many different contexts. Let's just use for now a look at hacking, because most cyber crime at some point deals with an individual attacking a computer network and on having unauthorized access to it. Cyber attack can be seen as deviance, but according to different perspectives, the term carries both positive and negative connotations.

When research first started on cyber criminals, there was a distinction made between black hat and white hat hackers. It's probably an old, outdated term, but it's useful to explain this difference between negative deviance and positive deviance. Negative deviance you can think of as your typical computer criminal. They can be national security threats, they're after intellectual property. They're gonna steal secrets and they're gonna sell information, things that we see as bad. Positive deviance refers to hackers who break into systems, unauthorized access to computer systems, but the intent is seen in more positive light. White hat hackers, initially portrayed themselves as pioneers of public access. They were the people who were arguing and keeping open source out there, keeping the Internet free for everybody. They would also be claiming to just test out the security of systems for organizations. So they would sort of break in. It's like the thief that comes into your house and leaves a note on your refrigerator and says, hey, your house is insecure. I didn't take anything, but I just wanna let you know that your house is insecure. Similar here in positive deviance. Breaking in, unauthorized access, but just testing out the security of systems. They see themselves as performing an important service. Many of us, or many people still this as deviance, but obviously it's not as negative as stealing secrets and selling them.  This distinction between positive and negative deviance carries over into the typologies of cyber attackers that have developed over the years. I have a list of them here. I'll run through them quickly. We have the old school hacker, these are the computer programmers primarily interested in lines of code, programming, and analyzing systems. For the most part, these are what are referred to as the white hat hackers. There's no malicious intent or criminal activity. However, you can also say that they aren't concerned about privacy or proprietary information. They also, as I mentioned before, are likely to believe that the Internet is an open system that should be used by all.

These actually were the first known hackers in the early 60s. These were computer programmers at MIT and Stanford.

Shortly after, as the Internet evolved I should say, you saw a different type of hacker occurring, and these are the cyber-punks, or what have been labeled cyber-punks. These are predominantly young males. They like to break things. Okay, they hack into systems to vandalize or disrupt.

They also like to brag about their accomplishments, which often gets them caught by authorities.

Another set of hackers, in fact these have been growing at a fast rate, are professional criminals. The term has been used crackers to refer to this set of attackers.

They break into systems to steal information and then sell it. They may be hired by governments, or they may be hired to do corporate spying. The idea is to get intellectual property or to get information and then to sell it.

There are also coders and virus writers. These are individuals with a strong programming background, they write code that others will use to create havoc or to break into systems. They tend to see themselves as the elite. They actually don't do the hacking but they write the code, and write the programs that allow others to do it. Finally, more recently in the last decade or so, you see an increase in activists and patriots.

The term hactivists that has been used for social activists who use the computer and use their hacking skills to promote their goals of their organization. They tend to be political and they see themselves as non-violent activism.

They see themselves as perhaps a tool against oppression. The group Anonymous, many of you are aware of them. That is perhaps the best example of this. Others however see them as cyber terrorists.

And then final group is patriots, these are the individuals that take action on the basis of nationalism or patriotism, sort of like defending their country. In a way, they could be the old codebreakers of World War II as an analogy. The point here is that there's a diverse set of actors out there, perpetuating these cyber crimes, or hacking.

And this diverse set of actors has different underlying motivation. So to fully understand the sets of actors and why they're doing what they're doing, we need a better understanding of motivated behavior.