Is your kid obsessed with video games and hanging out with questionable friends?
These are common traits for involvement in cybercrime, among other delinquencies.
New research from Michigan State University identified characteristics and gender-specific behaviors in kids that could lead them to become juvenile hackers.
“We know much about the scope of hacking and its threat, but the problem is that we don’t know exactly when and how hacking behavior starts,” said Thomas Holt, lead author and MSU cybercrime expert in the School of Criminal Justice.
“There is a general understanding that hacking starts in the early teens but until now, we weren’t clear on background factors, such as behavioral issues, the impact of social connections or personality traits.
Our findings pointed us in the direction of thinking that there are gendered pathways to hacking.”
Holt assessed responses from 50,000 teens from around the world to determine predictors of hacking.
The findings, published in Crime & Delinquency, are the first to dig into gendered differences from a global data set.
“We found that predictors of juvenile delinquency, like low self-control – so, not having the ability to hold back when opportunity presents itself – are big factors for computer hacking for both boys and girls,” Holt said.
“But for girls, peer associations mattered more. If she has friends who shoplift or engage in petty forms of crime, she’s more likely to be influenced to hack as well.
For boys, we found that time spent watching TV or playing computer games were associated with hacking.”
Holt explained that the stark differences between boys and girls were quite distinct, reinforcing the idea that girls get into hacking in ways that greatly differed from boys.
He said that some of the findings play to how kids are raised within gender roles, such as letting boys play video games and giving girls different activities.
For boys and girls, simply having opportunities to hack were significant in starting such behavior.
This could include having their own bedroom, their own computer or the freedom of doing what they want on the internet without parental supervision.
While most schools have computer and internet access, Holt explained that there are still some geographic barriers for kids to enter cybercrime.
The researchers found that kids who had mobile phone access early on were more likely to hack – especially if they lived in larger cities. Spending time with peers was more likely to influence delinquent behavior for those living in smaller cities.
The researchers also found a connection between pirating movies and music and hacking.
In the 1980s and 1990s, juvenile hacking was mostly limited to gaming purposes, and even now most initial cybercrime isn’t serious, such as getting into Facebook or email accounts, Holt said.
Holt explained that the stark differences between boys and girls were quite distinct, reinforcing the idea that girls get into hacking in ways that greatly differed from boys.
“The initial attempts might not be serious, but without supervision and low self-control, it’s likely they got a taste for what they might be able to accomplish by taking their hacking abilities further,” Holt said.
“And while low self-control plays a huge role with kids and teens, some of them mature as they age and can sit for hours, which gives them time to refine the skills of a sophisticated hacker.”
It’s important for parents to understand their kids’ tech-savviness and habits to help guide them on a path that uses their skills in a more positive way.
“Parents shouldn’t assume that having a kid with sophisticated technological competency is always totally fine,” Holt said.
“Finding others in the field – like those you’d meet in a robotics club or attending something like the DefCon conference – is vital for kids to learn about using their skills in a positive way and for staving off bad behaviors,” Holt said.
“Cybercrime can be a hidden problem, so talking is vital.
The more you can understand what they’re doing, the easier you can flag something that might be off and curtail activity.”
Practical Ways to Use Common Personality Traits to Thwart Hackers
In a Science Publishing Group study — Hacker Personality Profiles Reviewed in Terms of the Big Five Personality Traits — researchers interviewed six black-hat, gray-hat and white-hat hackers (two of each) to identify the predominance of the five main personality traits: extraversion, agreeableness, openness to experience, conscientiousness and neuroticism.
| Hacker type | Extraversion | Agreeableness | Openness to experience | Conscientiousness | Neuroticism |
|---|---|---|---|---|---|
| Black hat | Medium | Medium | High | Medium | Medium |
| White hat | Medium | High | Medium | Medium | Medium |
| Gray hat | Medium | Medium | Medium | Medium | High |
Personality trait research summary (Source: Science Publishing Group)
How can awareness of cybercriminals’ personality traits help us to combat crime?
- Openness to experience: Hackers love a challenge. For instance, some of the biggest brands in the world offer bug bounties to hackers who can breach their security. Honey pot systems can be used as a decoy to trap criminals before they can breach a company’s real network. TrapX develops deception software “creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.” According to WikiLeaks, CEO Carl Wright said if Sony Pictures had utilized their decoy software, the command issued by cybercriminals to destroy infrastructural data would have been detected and circumvented.
- Neuroticism: According to 123 Test: “Neuroticism is similar but not identical to being neurotic in the Freudian sense.” The concept of neuroticism is closely akin to that of emotional stability. People with low emotional stability tend to be “emotionally reactive.” Some studies have shown that neuroticism may be linked to cyberbullying. Certain language use, e.g., on social media, can identify neurotic-related text, which could help identify scams in much the same way email filters strip spam from a user’s inbox.
Hacker Types – The Good, the Bad and the Ugly
Hackers can be divided into several types. Their motives vary widely, from the terrorist hacker wanting to save the planet to the script kiddie wanting to destroy their ex-spouse. Here are fifteen of the best-known families of hackers.
- Gray hats: Aligned somewhere between the black hats and white hats, these hackers are not bent on destruction or in the game for personal gain. Nevertheless, they operate unethically. They typically find a security flaw in an organization and then disclose the vulnerability publicly.
- Black hats: The stereotypical cybercriminal, aka “cracker.”
- Blue Teams: Not strictly hackers in the conventional sense, Blue Teams consist of ethical hackers (white hats and sometimes gray hats) working to defeat attackers and secure the organization’s environment. Blue and Red Teams often work together.
- Red Teams: A team of ethical hackers acting as though they are black hats by pretending they are criminals trying to break into the organization.
- Script kiddies: These hacker wannabes are usually low-skilled, but they can be a menace to individuals they target to harass or whose lives they try to infiltrate.
- Spy hackers: Involved in corporate espionage.
- Cyberterrorists: Bent on causing mayhem and creating fear, and the most likely to cause physical death and destruction.
- Hacktivists: Motivated by a cause, e.g., politics, ideology or religion.
- Cyber-mercenaries: Third-party hackers for hire.
- State-sponsored hackers: Subsidized or supported by a government agency, or even government agencies themselves.
- Organized crime: Much like a digital mafia and usually in the game for financial gain.
- Malicious insiders: Internals and whistle blowers, often with an axe to grind.
- White hats: Hackers who have authorization to attempt to breach a system.
Social engineering is a technique often used by hackers to breach a target. This kind of hacker uses a variety of psychological methods to manipulate people into giving up confidential information, which the hacker can use to breach security defenses.
Reasons We Need to Profile Hackers
Capture the enemy in the cross-hairs
- Understanding hackers’ motivations and traits can help an organization to identify their potential enemies. For example: Could we be a potential target for a terrorist hacker trying to score political points by breaching the security defenses of an international conglomerate?
- Forensic analysis of breaches or attempted breaches can identify the type of hacker, and potentially even pinpoint the group or individual responsible. Hackers often have a signature style, e.g., a particular way of coding, a preferred point of entry. For example: Was the breach perpetrated by a nosy script kiddie or an experienced black hat with an axe to grind?
Ideate new security strategies
- Armed with this knowledge, organizations can devise realistic attack scenarios against which to arm themselves. For example: Are our employees aware of how social engineering attacks work?
- Understanding the criminal mind behind an incident can help to analyze the magnitude of a threat and how to resolve it. For example: Was the hack a once-off by an opportunist or a concerted effort by digital terrorists to bring an organization to its knees?
- Understanding a hacker’s motivation can be used to turn the tables on criminals by setting up traps called honey pots to lure and catch them, deceive them into attempted breaches of data without value or deflect them.
Source:
Michigan State University
Media Contacts:
Caroline Brooks – Michigan State University
Image Source:
The image is in the public domain.
Original Research: Open access
“Exploring the Moderating Role of Gender in Juvenile Hacking Behaviors”. Thomas J. Holt, Jordana N. Navarro, Shelly Clevenger.
Crime & Delinquency doi:10.1177/0011128719875697.
