Care and feeding of your computer hacker

By Misha Glenny
October 11, 2011

By Misha Glenny
The opinions expressed are his own.

Under a proposed new law, the Obama Administration is planning to throw the book at hackers convicted of organized criminal activity or endangering national security.

The maximum sentence for these crimes will be raised to 20 years to reflect how hackers have become “a key tool of organized crime,” with many hackers “tied to traditional Asian and Eastern European organized crime organizations.”

But while law enforcement and the criminal justice system seek to impose ever longer sentences on hackers, they are missing a trick – we need hackers. They are an invaluable asset in the fight against cyber crime and cyber espionage at a time when there is a dearth of IT Security professionals able to deal with this threat.

For the last three years, I have been interviewing and getting to know a variety of cyber criminals – some have been convicted of major crimes, some have got away with it and gone straight, and some are still actively involved in criminal activity. Others, like those associated with groups like Anonymous and LulzSec, are explicated politically motivated.

Most learn to hack in their early teens before they have a fully developed moral compass. Often with exceptional ability in Math and sciences (usually Physics), they hack out of a need to satisfy their boundless curiosity. By the time they reach their late teens, they are too deeply involved in the underworld to extricate themselves.

Their incremental descent into crime is usually encouraged by a second time of cyber criminal – skillful ‘social engineers,’ who frequently inhabit online chatrooms with the aim of grooming young hackers with technical ability that they can exploit for criminal purposes. We need to prosecute the ‘social engineers’ while encouraging the ‘geeks’ to come over from the dark side.

This is precisely what our competitors like Russia, China, India and Iran are doing – by using coercive methods, financial or ideological incentives, they are mobilizing hackers usually to engage in industrial or diplomatic espionage but in two significant cases, the Russian attacks on Estonia and Georgia, in cyber warfare, too.

We now spend around $100 billion on IT security annually (I have collated the figures from reputable global consultants) but almost all is devoted to technological solutions to the problem of malfeasance on the web. These solutions can reduce your risk but they can tell you very little about the origin, motivation or the ability of your opponents.

The only research into the behavior and sociology of hackers takes place in a small, impoverished UN unit in Turin, Italy – the Hackers’ Profiling Unit. Run by a former Italian hacker, its extraordinary findings tally with my experience among the hackers themselves: that they are gifted people with communications difficulties (unless mediated by the web of course) who frequently display symptoms associated with Aspergers Syndrome and other behavioural disorders.

Simon Baron Cohen, the world’s leading researcher in autism and spectrum disorder at Cambridge University, has identified links between these disabilities and hacking. He believes that hackers often possess an exceptional skill which we should applaud and seek to put to good use. At the moment our policy is to incarcerate them and, exceptionally, to offer no rehabilitation related to their abilities.

This is not to argue that people should avoid prison for crimes on the web. But we must recognize that a significant percentage of hackers need and deserve help to channel their skills. As I can demonstrate in a number of cases, imprisonment encourages them to return to the dark side of the web after their release.

Read more about Misha Glenny’s latest book, DarkMarket.

8 comments

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/

First, a couple of apparent typos:
second time -> second type
explicated -> ??? explicitly ???

I won’t dispute your expert findings from your own observations, but let me tell you that there are “hackers” [crackers] who have expert communication skills, and whose motivation for hacking grows out of their pathologically self-centred personality.

I am thinking, for example, of one person who broke into my computer in order to obstruct my progress in meeting agreed work objectives, so he could accuse me of incompetence and stage a leadership coup in our work-group. Or, for example, of the many I.T. professionals I have known who show no signs of “autistic spectrum disorders” whatsoever in their social lives, but who feel a need to build up their own little kingdom in the I.T. department, backed up with all sorts of arcane bureaucratic rules they have invented to make themselves feel more powerful.

[From a computer science graduate, who does some work in computer security.]

Posted by matthewslyman | Report as abusive

[All I am saying is there is a danger in stereotyping. Not all computer professionals or even computer abusing miscreants are on the "autistic spectrum", and not all autistic people are computer "hackers". Each case should be judged on its merits.]

Posted by matthewslyman | Report as abusive

In the 18th Century it was fashionable to recruit young criminals into the armies and navies of Western Europe. They tended to do a lot more damage to the civilian populations of the countries they marched through than they did to the enemy.

Where these policies were successful, they tended to be because the crown recruited “privateers” – pirates who only took foreign ships and were allowed to keep the spoils for themselves. There’s been some talk that this is partly what’s happening in the more successful countries you mention, but it doesn’t sound an appropriate path for liberal democracies to take.

Posted by IanKemmish | Report as abusive

Can these people be converted into productive Internet citizens? I think it depends on the personality. A person with a destructive nature is different from someone who has simply lost his path in life and made a mistake. That is not the sort of decision that can be made across-the-board for all hackers. I do agree that if the personality is right, we should make use of the talent.

The main problem I have with the story is that by the time youngsters get to teenagers they should have already had their morals defined; the untold story here is the decline of morality in society. Some of it is lack of role models, some the breakdown of the nuclear family, some the decline in religion – the list of factors could go on endlessly. But all of it is based in the decline of parenting in favor of the concept that society can take its place. It cannot; our children learn what we teach, and if we teach nothing they will learn from their televisions and other diversions. Considering the content of television and games these days, it is hardly surprising that those with the skills turn to destruction.

Posted by stevedebi | Report as abusive

Whatever happened to thou shall not steal?
The morality issue may be a factor; however most hacking is usually after military or industrial knowledge. Usually with a profit motive.
A secondary factor is empire building and destruction of someone or group, quite often in office or corporate politics.
Your argument hackers are really nice lads to be encouraged may not go down well with those who have been hacked!

Posted by The1eyedman | Report as abusive

Let’s see if I got this correct. Some thief picks your pocket so the smart thing to do is hire him to teach you how to keep him from doing it again….sounds like BS to me. As long as we simply slap him on the wrist and then put them on the payroll, we’ll always have a plentiful supply auditioning for jobs.

Posted by dofus | Report as abusive

Crackers are sometimes sought out and hired by companies, thus they take off the black hats and don the white ones instead. Kevin Mitnick went from prison to forming his own security company. I am not to sure about the Op/Ed’s claim that “As I can demonstrate in a number of cases, imprisonment encourages them to return to the dark side of the web after their release.” I wish he would have expanded on this aspect.

Posted by Ex-Patriot | Report as abusive

It’s remarkable how things evolve over time. In the early and mid-1980′s, the “computer hacker” was often a creative force. In those times, the microcomputer was not ubiquitous, and most hardware and software had not had tens, nay, hundreds of person-years of development time poured into them. There were untold ways to make existing products work better or in ways the designers simply had not yet imagined. Much of the freeware and shareware of the day came from ideas these original “hackers” polished into high performance. The roots of Linux are deep in this fertile environment.
Then came the movie “War Games” and the mass media started to define hackers as the ones trying to break into and damage things. The public at large, not knowing any different definitions, adopted the negative model.
Now, so much comes out too highly polished – and protected – to make the classic form of hacking terribly rewarding. It seems that every good idea that a single person can develop, has already been done bigger and better.
It’s time for a good, jarring paradigm shift that renders all the current technology as dated as carburetors and vacuum tubes. (Smart phones? Sorry, not jarring enough! How about a baseball cap that decodes brain waves?) Then the young, inventive set will have something where they can leave their mark. As for the rest of us, we can just watch in awe.

Posted by AltonBob | Report as abusive