The ecology of trust among hackers
Claire Savine2016, Global Crime
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Malicious hackers profit from the division of labour among highly skilled associates. However, duplicity and betrayal form an intrinsic part of their daily operations. This article examines how a community of hackers uses an automated reputation system to enhance trust among its members. We analyse 449,478 feedbacks collected over 27 months that rate the trustworthiness of 29,985 individuals belonging to the largest computer hacking forum. Only a tiny fraction of the forum membership (2.4%) participates in the vast majority (75%) of 'trust exchanges', limiting its utility. We observe a reporting bias where the propensity to report positive outcomes is 2.81 times greater among beginner hackers than among forum administrators. Reputation systems do not protect against trust decay caused here by the rapid expansion of the community. Finally, a qualitative analysis of 25,000 randomly selected feedbacks indicates that a diverse set of behaviours, skills and attitudes trigger assessments of trustworthiness.
Related papers
Skills and trust: a tour inside the hard drives of computer hackers
Stories of the exploits of computer hackers who have broken into supposedly secure government and corporate information systems appear almost daily on the front pages of newspapers and technology websites, yet we know very little about the individuals behind these headlines. Most media accounts and academic studies on hackers suffer from a number of biases that this research attempts to overcome. A case study based on the seized communication logs of ten confirmed co-offenders is used to expand our knowledge of the social norms and practices that govern interactions between malicious hackers. After presenting the data and how the material became available to the author, the remaining sections focus on the two variables that define this criminal network’s performance: skills and trust. The skills under consideration are the three different sets of cognitive and practical abilities that malicious hackers need in order to succeed financially. Monetization and social skills, in addition to technical skills, play key roles in profit-oriented malicious hacking and explain why earning a decent living in the computer underground remains a laborious endeavour, even for advanced hackers. Trust, which facilitates the diffusion of technical, monetization, and social skills and fosters collaboration, was found to be much lower in this network than is generally assumed in the literature. The need for monetization and social skills as well as the lack of trust between members may partly explain why hacker networks are so ephemeral and vulnerable to law enforcement disruption.
Securing cyberspace: Identifying key actors in hacker communities
2012 IEEE International Conference on Intelligence and Security Informatics, 2012
As the computer becomes more ubiquitous throughout society, the security of networks and information technologies is a growing concern. Recent research has found hackers making use of social media platforms to form communities where sharing of knowledge and tools that enable cybercriminal activity is common. However, past studies often report only generalized community behaviors and do not scrutinize individual members; in particular, current research has yet to explore the mechanisms in which some hackers become key actors within their communities. Here we explore two major hacker communities from the United States and China in order to identify potential cues for determining key actors. The relationships between various hacker posting behaviors and reputation are observed through the use of ordinary least squares regression. Results suggest that the hackers who contribute to the cognitive advance of their community are generally considered the most reputable and trustworthy among their peers. Conversely, the tenure of hackers and their discussion quality were not significantly correlated with reputation. Results are consistent across both forums, indicating the presence of a common hacker culture that spans multiple geopolitical regions.
A sociology of hackers
Sociological Review, 1998
Illicit computer intruders, or hackers, are often thought of as pathological individuals rather than as members of a community. However, hackers exist within social groups that provide expertise, support, training, journals and conferences. This article outlines this community to establish the nature of hacking within 'information societies'. To delineate a 'sociology of hackers', an introduction is provided to the nature of computer-mediated communication and the act of computer intrusion, the hack. Following this the hacking community is explored in three sections. First, a profile of the number of hackers and hacks is provided by exploring available demographics. Second, an outline of its culture is provided through a discussion of six different aspects of the hacking community. The six aspects are technology, secrecy, anonymity, membership fluidity, male dominance and motivations. Third, an exploration of the community's construction of a boundary, albeit fluid, between itself and its other, the computer security industry, is provided. This boundary is constructed through metaphors whose central role is to establish the ethical nature of hacking. Finally, a conclusion that rejects any pathologisation of hackers is offered.
Reputation in a dark network of online criminals
Global Crime, 2013
This paper focuses on criminals who could easily be labelled as entrepreneurs and who deal in compromised computer systems. Known as botmasters, these individuals use their technical skills to take over and control personal, business and governmental computers. These networks of hijacked computers are known as botnets in the security industry. With this massive computing power, these criminals can send large amounts of spam, attack web servers or steal financial data -all for a fee. As entrepreneurs, the botmasters' main goal is to achieve the highest level of success possible. In their case, this achievement can be measured in the illegitimate revenues they earn from the leasing of their botnet. Based on the evidence gathered in literature on legitimate and illegitimate markets, this paper sets to understand how reputation could relate to criminal achievement as well as what factors impact a heightened level of reputation in a criminal market.
Computer Hackers in Virtual Community Forums: Identity Shaping and Dominating Other Hackers
2010
This paper debates identity and community issues by using computer hackers as an example of shaping identities in virtual communities. The aim is to show that individuals use strategies within these communities to craft identity and use information to assert dominance over less informed hackers. As the theme is about identity, it is placed within the identity in communities’ stream and contributes to informing about hacker behaviours in online environments.
A Profile of the Demographics, Psychological Predispositions, and Social/Behavioral Patterns of Computer Hacker Insiders and Outsiders
Theories of Human Relativism, 2009
This chapter looks at the literature-myths and realities-surrounding the demographics, psychological predispositions, and social/behavioral patterns of computer hackers, to better understand the harms that can be caused to targeted persons and property by online breaches. The authors suggest that a number of prevailing theories regarding those in the computer underground (CU)-such as those espoused by the psychosexual theorists-may be less accurate than theories based on gender role socialization, given recent empirical studies designed to better understand those in the CU and why they engage in hacking and cracking activities. The authors conclude the chapter by maintaining that online breaches and online concerns regarding privacy, security, and trust will require much more complex solutions than currently exist, and that teams of experts in psychology, criminology, law, and information technology security need to collaborate to bring about more effective real-world solutions for the virtual world.
Issues of Implied Trust in Ethical Hacking
2017
This paper discusses the issues of implied trust in ethical hacking. Unlike many other long-established professions, such as lawyers, doctors, and accountants; ethical hacking is a relatively new profession. As a result, this profession does not currently have a uniformed or mandated code, nor does it require any form of licensing. Because ethical hackers could gain access to highly sensitive and confidential information and there is potential for misuse of such information, the need to ensure professionalism is maintained through ensuring competence and ethical behavior is critical.
Identifying vulnerabilities in trust and reputation systems
2019
Online communities use trust and reputation systems to assist their users in evaluating other parties. Due to the preponderance of these systems, malicious entities have a strong incentive to attempt to influence them, and strategies employed are increasingly sophisticated. Current practice is to evaluate trust and reputation systems against known attacks, and hence are heavily reliant on expert analysts. We present a novel method for automatically identifying vulnerabilities in such systems by formulating the problem as a derivative-free optimisation problem and applying efficient sampling methods. We illustrate the application of this method for attacks that involve the injection of false evidence, and identify vulnerabilities in existing trust models. In this way, we provide reliable and objective means to assess how robust trust and reputation systems are to different kinds of attacks.
HackerScope: The Dynamics of a Massive Hacker Online Ecosystem
2020 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)
Authors of malicious software are not hiding as much as one would assume: they have a visible online footprint. Apart from online forums, this footprint appears in software development platforms, where authors create publicly-accessible malware repositories to share and collaborate. With the exception of a few recent efforts, the existence and the dynamics of this community has received surprisingly limited attention. The goal of our work is to analyze this ecosystem of hackers in order to: (a) understand their collaborative patterns, and (b) identify and profile its most influential authors. We develop HackerScope, a systematic approach for analyzing the dynamics of this hacker ecosystem. Leveraging our targeted data collection, we conduct an extensive study of 7389 authors of malware repositories on GitHub, which we combine with their activity on four security forums. From a modeling point of view, we study the ecosystem using three network representations: (a) the author-author network, (b) the author-repository network, and (c) cross-platform egonets. Our analysis leads to the following key observations: (a) the ecosystem is growing at an accelerating rate as the number of new malware authors per year triples every 2 years, (b) it is highly collaborative, more so than the rest of GitHub authors, and (c) it includes influential and professional hackers. We find 30 authors maintain an online "brand" across GitHub and our security forums. Our study is a significant step towards using public online information for understanding the malicious hacker community.
1 An Analytical Approach to Psychological Behavior of Hackers ’ Motives
2016
Cyber-attacks have always been a critical concern in the field of information security and personal privacy. Although designing security mitigation against cyber-attacks requires the researcher to adopt the mind of a hacker, we still have a lack of knowledge about the psychology behind the hacker’s behavior. Contrary to popular belief, the intentions of a hacker are not always bad and hacking is not necessarily a cybercrime. This paper has many objectives including: defining hacking and the different types of hackers; investigating the motives that drive a person to become a hacker; and, assessing what major role hacking plays in influencing university students. This research is exploratory and uses a quantitative approach; it relies on the use of a survey questionnaire addressed to a sample of 150 students who have taken hacking courses and/or exposed to hacking activities. This questionnaire is inspired from module A, and module C of the Hacker Profiling Project [1] (HPP) adopted ...
An Analytical Approach to Psychological Behavior of Hackers' Motives
Cyber-attacks have always been a critical concern in the field of information security and personal privacy. Although designing security mitigation against cyber-attacks requires the researcher to adopt the mind of a hacker, we still have a lack of knowledge about the psychology behind the hacker's behavior. Contrary to popular belief, the intentions of a hacker are not always bad and hacking is not necessarily a cyber-crime. This paper has many objectives including: defining hacking and the different types of hackers; investigating the motives that drive a person to become a hacker; and, assessing what major role hacking plays in influencing university students. This research is exploratory and uses a quantitative approach; it relies on the use of a survey questionnaire addressed to a sample of 150 students who have taken hacking courses and/or exposed to hacking activities. This questionnaire is inspired from module A, and module C of the Hacker Profiling Project [1] (HPP) adopted by United Nations Interregional Crime and Justice Research (UNICRI). Findings are to help organizations and institutions understanding the cyber-criminal mind and hackers' motives , and hence, be selective in choosing their potential laborers and their corresponding ranks especially in critical administrative positions.
Guarding against Cyber-Trespass and Theft: Routine Precautions from the Hacking Community
2019
Positing that hackers are attuned to the risks and vulnerabilities of online activity, this study used the situation crime prevention (SCP) framework to examine the protection methods promoted within hacking forums to guard against online victimization. Data were collected from 85 webpages representing two categories of electronic communications: forums and blogs. Three goals drove this project: 1) to investigate whether the set of recommendations fit the SCP framework; 2) to identify what opportunity reduction techniques were most often recommended by the self-identified hacking community; and, 3) to examine the level of expertise associated with the suggested security measures. Strategies aimed at increasing the effort required to commit crimes, and reducing the rewards associated with cyber-trespass and theft, figured prominently—the specific strategy most recommended was to keep computer software updated. Ninety percent of recommendations require minimal computer skills. Continu...
Computer Hacking as a Social Problem
Cambridge Handbook of Social Problems, 2018
This paper introduces the ideas and practices of digital technology enthusiasts who fall under the umbrella of 'hackers'. We will discuss how their defining activity has been constructed as a social problem and how that construction has been challenged in different ways. The paper concludes with several policy suggestions aimed at addressing the more problematic aspects of computer hacking.
Hackers Portfolio and its Impact on Society
Currently, a hacker is defined as a person using computers to explore a network to which he or she did not belong. Hackers find new ways to harass people, defraud corporations, steal information and maybe even destroy valuable information by infiltrating private and nonprivate organizations. According to recent research, bad hackers make up only a small minority of the hacker community. In today's society, we depend on more technology than ever and that increases the likelihood of hackers having more control over cyberspace. Hackers work by collecting information on the intended target, figuring out the best plan of attack and then exploiting vulnerabilities in the system. Programs such as Trojan horses and Flame viruses are designed and used by hackers to get access to computer networks. This paper describes how hacker behavior is aimed at information security and what measures are being taken to combat them.
-ETHICAL HACKING DEMYSTIFIED: HOW 'GOOD' HACKERS KEEP US SAFE
International Journal of Multidisciplinary Research and Modern Education (IJMRME), 2015
The research objective of this study is to demystify ethical hacking by examining its principles, methodologies, and impacts on organizational cybersecurity. A qualitative methodology was utilized, analyzing case studies, industry reports, and prior literature on ethical hacking practices, which include vulnerability scanning, network monitoring, and social engineering. Major findings revealed that ethical hacking significantly reduces breach response times, with average times dropping from 72 hours in 2010 to 42 hours in 2015. Statistical analyses show that investment in ethical hacking positively correlates with breach reduction (r = -0.85, p < 0.001) and a high mitigation rate for vulnerabilities such as CSRF, achieving up to 96%. The study concludes that ethical hacking enhances cybersecurity resilience and recommends increased investment, standardized legal frameworks, regular vulnerability assessments, and ethical hacking training
(2019) "Breaking bad in cyberspace: Understanding why and how black hat hackers manage their nerves to commit their virtual crimes", Information Systems Frontiers
Information Systems Frontiers, 2019
What is happening in hacker’s minds when they are committing criminal activities? How black hat hackers manage nerves, which is about managing fear and underlying emotions, and which tactics they employ during their decision-making process before, during and after committing a crime, is the question that could provide some initial insights on hacker’s trajectories, their switch from black hat to white hat and ultimately about their behaviors and motivations. The main difficulty in answering this question resides with the access to hacker’s data. To address this gap, we conducted interviews with 16 black hat hackers. Supported by the general strain theory and routine activity theory, we identified five techniques that they use to manage their nerves: shunting, minimization, plan B, thrill, and lens widening techniques. Each of these techniques help hackers to better manage their nerves and consequently, learn how to better cope with the fear. During their psychological decision-making processes, hackers use these five techniques to create a new mindset, behind which they hide, with the objective of minimizing and mitigating the inherent risks they encounter during their criminal activities. The theoretical importance of nerve is the key to a better understanding of black hat hacker’s illegal acts, their behaviors and ultimately their actions.
Technological Paradox of Hackers Begetting Hackers: A Case of Ethical and Unethical Hackers and their Subtle Tools
Zambia ICT Journal, 2019
Computer crimes have been in existence for a long time now and hacking is just another way or tool that hackers are now using to perpetrate crime in different form. Hackers Beget Ethical Hackers. A number of people have suffered the consequences of hacker actions. We need to know who these hackers are. We need to know why these hackers exist because hackers have been there and will be there and we can be victims of their existence. In essence hackers seem to beget hackers and the tools that they use are getting more and more advanced by the day. We shall take a quick analysis of selected tools from thousands of tools used by ethical and unethical hackers. We shall systematically review three major types of hackers that we can identify. It is not easy to draw a line between them. Three main hackers and minor hackers have been discussed in this paper. The three main hackers are black hat, grey hat and white hat hackers. We have adopted a systematic review of literature to discuss and analyse some of the common tools the black hat hackers have developed to hack into selected systems and commercial software and why they do it?
Social Network Analysis of a Criminal Hacker Community
Journal of Computer Information Systems, 2010
Computer crime hackers have been identified as a primary threat to computer systems, users, and organizations. Much extant research on hackers is conducted from a technical perspective and at an individual level of analysis. This research empirically examines the social organization of a hacker community by analyzing one network called Shadowcrew. The social network structure of this infamous hacker group is established using social networking methods for text mining and network analysis. Analysis of relationships among hackers shows a decentralized network structure. Leaders are identified using four actor centrality measures (degree, betweenness, closeness, and eigenvector) and found to be more involved in thirteen smaller sub-groups. Based on our social network analysis, Shadowcrew exhibits the characteristics of deviant team organization structure.
Hackers Cybercrime - Computer Security: Ethical Hacking
ARIS2 - Advanced Research on Information Systems Security
Today cybercrime is at a record high, costing businesses and individuals billions of dollars every year. What is even more frightening is that this figure represents just the last five years with no hope of it ever ending. The evolution of technology and the increasing accessibility of smart technologies means that there are many access points to users' homes to exploit. Cybercrime is on the rise in the world of technology today. Criminals using the technologies of the World Wide Web exploit the personal information of Internet users to their advantage. They happily use the dark web to buy and sell illegal products and services. They even manage to gain access to classified government information. While law enforcement tries to address the growing problem, the number of criminals continues to grow, taking advantage of the anonymity of the Internet.
Examining Hacker Participation Length in Cybercriminal Internet-Relay-Chat Communities
Journal of Management Information Systems, 2016
He specializes in large social network analysis and statistical modeling of social network problems. His work also focuses on social media, technology diffusion, and business analytics.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.