Abstract
This chapter aims to present a theoretical foundation on hacking, focusing on the perpetrator's profile, his modus operandi, and typologies. First, a conceptualization and characterization of the phenomenon's key terms is presented. Next, the chapter addresses the historical evolution of the perception of the phenomenon, from the moment of its emergence to the current understanding. The most prominent typologies in the scientific literature will be described, which seek to distinguish the perpetrators of the behaviors according to criteria related to their practice. While focusing on the cybercriminals, the chapter emphasizes the hacker's figure, directing the review on their sociodemographic profile and contextual aspects. Finally, the personality factors prevalent in hackers are characterized, namely according to the big five model and the dark triad model. This chapter, using criminological lens, will increase the knowledge of the hackers and its modus operandi. The implications of this knowledge will be outlined.
Top1. Introduction
In the last few decades, the use of computers and the Internet has proliferated, profoundly revolutionizing societal dynamics and human behaviors. From these changes, technological resources evolve, creating opportunities for committing criminal behaviors in cyberspace (Maimon & Louderback, 2019). These new activities, as a whole, are commonly called cybercrime, characterized by new contours and by being able to overcome the existing physical barriers, since the perpetrator does not need to perform a proximal action and share the same physical space as its victims (Bossler & Burruss, 2011; Britz, 2013)1.
One of the fastest-growing crimes is hacking, conceived in the scientific literature as an illegal and unauthorized activity related to the intrusion and manipulation of a computer and/or computer system (Yar, 2006; Sharma, 2007). This conceptualization is included in computer-focused crimes, rather than computer-assisted crimes, since it can only be committed through modern technologies, which did not exist before the emergence of the Internet (Furnell, 2001; Furnell et al., 2015). Moreover, following Wall’s (2007) classification criteria, hacking is considered a computer integrity crime, because it is related to altering the integrity of systems. Specifically, it can be described as a cybertrespass conduct, depicting the unauthorized crossing of the boundaries inherent to computer systems (Wall, 2001; Wall & Williams, 2007).
Over the past few years, the frequency of this criminal phenomenon has increased exponentially, and hacking behaviors are responsible for more than half (52%) of existing data breaches (Hiscox, 2022) with approximately 65 thousand computer vulnerabilities discovered in 2022 caused by these behaviors (HackerOne, 2022). As a result of this growth, hacking is becoming problematic and harmful in various sectors of social life. In fact, an analysis of data from the IBM Security and Ponemon Institute (2022) showed that the economic cost derived from these actions was $4.35 million, an increase of 2.6% by 2021.
In the international scientific community, the analysis of hacking and its behaviors has been conducted along several lines of investigation, particularly: (1) the hacker's sociodemographic and psychological characteristics; (2) the subcultural dynamics underlying Hacking Culture; (3) the types of behaviors perpetrated (e.g., creation of malware and computer viruses; identity theft; website defacement); (4) the hacking explicative factors according to the criminological theories (Steinmetz, 2016). However, these advances in theoretical and empirical knowledge on the topic have not accompanied the evolution of hacking and remain underdeveloped. Therefore, this chapter offers a consolidation of hacking and the existing criminological understanding of this issue, addressing the previously mentioned research. First, a conceptualization and characterization of the phenomenon’s key terms (i.e., hacking, hack, and hacker) are presented to provide a foundation for the following topics.
The next section presents the historical evolution of the perception of the phenomenon from the moment of its emergence to current comprehension. Regarding the understanding of hacking behaviors, the diverse historical moments are crucial to build an overview and understanding of why it is a phenomenon that generates some lack of consensus. In this sense, the prominent typologies in the scientific literature are described, which seek to share how the perpetrators have been conceptualized and distinguished taking different criteria into consideration (e.g., motivations and act’s sophistication). To focus on the cybercriminal, the hacker’s figure is emphasized, highlighting the aspects that constitute their sociodemographic profile (e.g., gender, age, ethnicity, academic and professional qualifications) and the dimensions of the context where the individual is inserted (e.g., peer network, family ties).
Finally, the personality factors prevalent in hackers will be characterized, supported by the premises of the Big Five (Costa & McCrae, 1992) and the Dark Triad Models (Paulhus & Williams, 2002).
Key Terms in this Chapter
Malware: Is a variety of computer codes, like viruses, trojan horses, and logic bombs, which are designed to interfere or disrupt the computer’s normal operation ( Yar, 2006 ).
SQL Injection: Type of online security flaw that allows interference with an online database query (ul Hassan & Ahmad, 2021).
Social engineering: Type of attack in which human vulnerabilities are exploited, through interaction, to breach cybersecurity ( Wang et al . , 2021 ).
Phishing: Form of cyberattack that, usually through messages or emails, seeks to trick people into giving up sensitive information or installing harmful software ( Curtis et al . , 2018 ).
Session Hijacking: It consists of the exploitation of a computer session, also called a session key. Allowing to gain unauthorized access to information or services on a computer system ( Baitha & Vinod, 2018 ).