This article discusses and analyzes the key psychological and sociological issues related to hackers and the potential impact on individual organizations and society as a whole. It considers ethical and non-ethical hacker personalities and motivations, and profiling tools used by law enforcement in combating cyber threats.
Organizations today are reaping the benefits of investing in new technology, especially from the increasing integration of computer-based processes. However, this has been accompanied by the increasing vulnerability of information systems within the firm as the same technology has a way of allowing unauthorized access to information (Furnell, & Warren, 1999). In particular, hacking poses a significant threat to organizational information systems, and therefore must be guarded against at all times. It is important to explore the problem of cybersecurity through the lens of a hacker, by first evaluating their motivation and the potential threats they pose, and then by investigating the impact of ethical and unethical hacking within business information systems. It is helpful to determine whether hacking is an addiction or not, and to consider the option of profiling cyber criminals to help protect against hacking threats.
Hacker Motivation and Threat Mitigation
Hacker motivation depends on whether an individual is an ethical or a non-ethical hacker. In practice, ethical hackers are motivated by all the good reasons. However, non-ethical hackers seek to cause damage. Research shows that non-ethical hackers may be reliable individuals in everyday life but very unreliable in cyberspace. They may be people that most would not suspect as malicious.
According to Bachmann (2010), one of the motivations towards cybercrime is the diminished chance of being caught. Thus, some cyber criminals draw their motivation from the veil of anonymity that cyberspace provides. It is difficult to catch a cybercriminal who does not have a static IP address. Hackers conduct their business in a discrete manner, thus escaping responsibility for their actions. Secondly, hackers are motivated by different crimes they intend to commit (Bachman, 2010). For instance, terrorists have limited space in the open system, but using the knowledge of remote networks, they can be able to access information about the targets they want to attack. Similarly, identity thieves know that the easiest way to get information about certain persons is by accessing a computer information system that carries their biographical data. Lastly, there are a group of hackers that are motivated by the political ideology to which they ascribe.
Most hacking threats are spontaneous and come at a time when they are least expected. Thus, taking control is not easy. However, as Bachmann (2010) suggests, effective deterrence from the threat of punishment or imprisonment could help to alleviate the problem to a great extent. The problem with Bachmann’s solution is that it is in the hands of the government and outside the control of private organizations. Burn-Callander (2015) suggests some better and more dynamic ways that can help both individuals and firms to avoid the risk of hacking. The methods include: avoiding public WiFi; asking personal devices to forget public networks after use; turning off personal WiFi in public spaces; using virtual private networks (VPNs); frequently changing passwords; checking the permission requirements of apps; and checking the encryption (HTTPS) of every website (Burn-Callander, 2015).
Ethical and Non-ethical Hackers
According to Smith, and Rupp (2002), hackers build systems, while crackers maliciously attack and damage information systems (as cited in Carnaghan, 2013). In modern technological and legal jargon, the term “hacker” refers to ethical hackers while “cracker” relates to unethical hacker (Ibid). The primary differences between the two are built on the intentions of the hacker. When the intent is judged as malicious such as that of an identity theft, then it is regarded as unethical and it should be treated as criminal behavior subject to prosecution in a court of law. On the other hand, if hacking is a result of an attempt to protect the organization’s information systems by detecting IS flows, then it is ethical, and it should be protected by law (Carnaghan, Ibid). Thus, the case of non-ethical hackers/crackers should not be debatable. They should be charged in court and punished according to the law.
Ethical hackers are motivated by various factors including patriotism and respect for the law. They want to salvage situations that may cause more damage or vulnerability. According to Sheoran and Singh (2014), ethical hackers are driven by the urge to keep company information safe and help save their company’s money as well as its reputation.
Hacking as an Addiction
The act of hacking has its own thrills. Whether it is an ethical or a non-ethical hacker, they both receive some form of gratification that boosts their morale and self-image. As a result, hacking has been described as a risk-taking behavior that creates obsession just like illegal gambling. According to Skytta (2012), hackers have the ability to access complex systems within no time. Indeed, they are sophisticated in their thinking processes to make intrusions into restricted areas of the internet. Thus, the author also reveals that all information systems are vulnerable and breaking into them is just as easy as creating the encryption that protects them (Ibid). The question that this discovery poses is whether hackers should be treated or be incarcerated for misconduct. The answer to this problem rests in the ability of the jury to decide on either of the two solutions in limiting the cases of non-ethical hacking.
Profiling of Cyber Criminals
While the problem of cybercrime is increasing daily, profiling could partially provide a solution to mitigating the risks associated with it. The reason profiling of cybercriminals may only be of limited help is that it is not easy to distinguish the point at which an ethical hacker becomes non-ethical. As a result, it is possible to find non-ethical hackers masquerading as ethical (Fitch, 2004). As it has already been discussed above, ethical hackers are useful, but their scope of action should be limited to organizational issues only. Whether it is a security firm or bank, ethical hackers employed by the institutions must conform to the law that defines the constructs of ethical hacking.
Recent studies have shown that most cybercriminals are motivated by commission of crime. It is a psychological issue that defines them as people with some super traits that cause antisocial behavior. Possibly, these people suffer from one or more forms of psychological disorders that seek to gain recognition or personal gain from illegal activities. Other personality traits exhibited by the cybercriminals include “self-centeredness, grandiosity, callousness, and lack of remorse or empathy for others coupled with a charismatic, charming, and manipulative superficiality” (Reid, 2011).
A major limitation in profiling cybercriminals is that there is insufficient knowledge in making decisions. Forensic studies have not been successful in unearthing the real issues that lead to the separation of ethical from non-ethical hacking. Therefore, more studies ought to be done so as to effectively distinguish the nexus between the two.