Though in recent years, a number of studies have been completed on hackers’ personality and communication traits by experts in the fields of psychology and criminology, a number of questions regarding this population remain. Does Gottfredson and Hirschi’s concept of low self-control predict the unauthorized access of computer systems? Do computer hackers have low levels of self-control, as has been found for other criminals in mainstream society? If low self-control can predict the commission of computer hacking, this finding would seem to support the generality argument of self-control theory and imply that computer hacking and other forms of cybercrime are substantively similar to terrestrial crime. This chapter focuses on the results of a study where we examined whether Gottfredson and Hirschi’s general theory of crime is applicable to computer hacking in a college sample.
TopIntroduction
The evolution of computer technology and the growth of the Internet have both positively and negatively impacted modern life. Although newer technology makes communication and business transactions more efficient, the same technologies have made it easier for criminals, including mal-inclined computer hackers, to victimize individuals and businesses without ever being in the same physical space. Computer hacking, as defined in this chapter, can be viewed as the unauthorized access and use or manipulation of other people’s computer systems (Taylor, Tory, Caeti, Loper, Fritsch, & Liederbach, 2006; Yar, 2005a).
Unfortunately, good data do not exist to indicate the frequency and severity of computer hacking (Richardson, 2008), a problem similar to that encountered by white-collar crime scholars (Benson & Simpson, 2009). Anecdotal evidence, however, illustrates that unauthorized access to computer systems is a serious and growing problem. For example, the 2008 CSI Computer Crime and Security Survey (Richardson, 2008) found that 29% of all security professionals indicated that their systems had experienced unauthorized access in 2007. In addition, the examination of any news website will contain stories covering data breaches, critical infrastructure deficiencies, website defacements, and successful computer hacks. Some of these news stories appear alarmist (see Wall, 2008), but they do indicate that hacking occurs frequently enough to say that it causes substantial damage and that it is not rare. These attacks against computer systems are not only increasing in frequency, but are increasing in sophistication as well (Holt & Kilger, 2008; Schell, Dodge, & Moutsatsos, 2002). To make matters worse, hackers have become more involved with organized crime and state-sponsored terrorism (Holt & Kilger, 2008; Taylor et al., 2006).
Many of the issues and policies regarding cyber security are too technical and beyond the skills and knowledge of traditional criminologists trained in sociology. Criminology’s progress in studying cybercrime has been much slower than the evolution of technology itself. One of the greatest benefits that criminologists have made to the cyber security field, however, is the application of criminological theories to different varieties of cybercrime to explore whether traditional criminological theories created for the physical world can help explain crime in the virtual world. If only the medium differentiates crime in the physical and virtual worlds (see Grabosky, 2001), then knowledge previously gained from theoretically-based tests examining terrestrial crime would presumably apply to virtual crime as well; thus, scholars would not have to treat cybercrime as being theoretically different. If terrestrial and virtual crimes were substantially different, traditional criminological theories would not be as useful in the cyber world (Wall, 2005; Yar, 2005b).
In general, research has shown that much of our knowledge regarding crime in the physical world applies to cybercrime as well. For example, research has shown that routine activity theory (Cohen & Felson, 1979) can be applied to both on-line harassment (Holt & Bossler, 2009) and malware victimization (Bossler & Holt, 2009). The general theory of crime (Gottfredson & Hirschi, 1990) and aspects of social learning theory (Akers, 1998) have both been extensively applied to digital and software piracy (e.g., Higgins, 2005, 2006; Higgins, Fell, & Wilson, 2006).