Care and feeding of your computer hacker
By Misha Glenny
The opinions expressed are his own.
Under a proposed new law, the Obama Administration is planning to throw the book at hackers convicted of organized criminal activity or endangering national security.
The maximum sentence for these crimes will be raised to 20 years to reflect how hackers have become “a key tool of organized crime,” with many hackers “tied to traditional Asian and Eastern European organized crime organizations.”
But while law enforcement and the criminal justice system seek to impose ever longer sentences on hackers, they are missing a trick – we need hackers. They are an invaluable asset in the fight against cyber crime and cyber espionage at a time when there is a dearth of IT Security professionals able to deal with this threat.
For the last three years, I have been interviewing and getting to know a variety of cyber criminals – some have been convicted of major crimes, some have got away with it and gone straight, and some are still actively involved in criminal activity. Others, like those associated with groups like Anonymous and LulzSec, are explicated politically motivated.
Most learn to hack in their early teens before they have a fully developed moral compass. Often with exceptional ability in Math and sciences (usually Physics), they hack out of a need to satisfy their boundless curiosity. By the time they reach their late teens, they are too deeply involved in the underworld to extricate themselves.
Their incremental descent into crime is usually encouraged by a second time of cyber criminal – skillful ‘social engineers,’ who frequently inhabit online chatrooms with the aim of grooming young hackers with technical ability that they can exploit for criminal purposes. We need to prosecute the ‘social engineers’ while encouraging the ‘geeks’ to come over from the dark side.
This is precisely what our competitors like Russia, China, India and Iran are doing – by using coercive methods, financial or ideological incentives, they are mobilizing hackers usually to engage in industrial or diplomatic espionage but in two significant cases, the Russian attacks on Estonia and Georgia, in cyber warfare, too.
We now spend around $100 billion on IT security annually (I have collated the figures from reputable global consultants) but almost all is devoted to technological solutions to the problem of malfeasance on the web. These solutions can reduce your risk but they can tell you very little about the origin, motivation or the ability of your opponents.
The only research into the behavior and sociology of hackers takes place in a small, impoverished UN unit in Turin, Italy – the Hackers’ Profiling Unit. Run by a former Italian hacker, its extraordinary findings tally with my experience among the hackers themselves: that they are gifted people with communications difficulties (unless mediated by the web of course) who frequently display symptoms associated with Aspergers Syndrome and other behavioural disorders.
Simon Baron Cohen, the world’s leading researcher in autism and spectrum disorder at Cambridge University, has identified links between these disabilities and hacking. He believes that hackers often possess an exceptional skill which we should applaud and seek to put to good use. At the moment our policy is to incarcerate them and, exceptionally, to offer no rehabilitation related to their abilities.
This is not to argue that people should avoid prison for crimes on the web. But we must recognize that a significant percentage of hackers need and deserve help to channel their skills. As I can demonstrate in a number of cases, imprisonment encourages them to return to the dark side of the web after their release.
Read more about Misha Glenny’s latest book, DarkMarket.