Abstract
With the progressive advances in technology, incidences of cybercrimes are also on the rise. Preventing these cybercrimes requires organizations to develop knowledge that can help them form psychological profiles of the perpetuators of these crimes.
This would subsequently help organizations install appropriate controls in order to effectively deal with cybercrimes.
It is the lack of effective controls that accounts for most hacking incidences, as depicted by the case of Gary McKinnon who was able to gain unauthorized access to NASA and pentagon systems, deleting crucial data that grounded their operations.
Introduction
Cybercrimes are criminal activities that target computer and networks such as electronic hacking and denial of service. Cybercrimes have become increasingly rampant in today’s world, despite many advances that have been made in improving security systems (Turkle, 2000).
The trend that is observed nowadays is that of a global hacking culture, which is often highly collaborative compared to what is considered to be the previous subculture.
Hackers are generally regarded as anti-social technophiles whose core motive is mischief and malice. It is estimated that worldwide, hacking activities amount to more than $10 billion each year, while damages arising from these activities are in excess of $100 billion annually (Wall, 2008).
Incidents of cybercrimes have also increased with the exponential growth in internet access across the world.
Similarly, technical skills related to computing have increased, resulting into emergence of skilled programmers, some of whom engage in the development of malicious software and unauthorized intrusion into systems for various reasons.
Just like other criminals, cybercriminals can be motivated by a number of reasons such as doing an espionage looking for military secrets, system vulnerabilities, and economic benefits or trying to reverse engineer their way into vital infrastructure (Wall, 2008).
Other motivations may appear trivial, such as searching for passwords, system user identity, dates, and contacts, information that may often be used in unprecedented ways.
Hacking may also take the form of hacktivism, an internet vigilantism that involves hacking systems to advance a political cause (Campbell & Kennedy, 2009).
Motivations for hacking
Hacking for entertainment motives has been demonstrated particularly among young people. A great majority of hackers are also motivated by economic benefits, including embezzlement, corporate espionage and acting as agents for hire. The need to revenge is also a common motivator for cybercriminals.
Some people vent their emotional anger by hacking into systems with the intent of damaging systems or causing a complete denial-of service attack. There also exist social motivations to cybercrimes, whereby a hacker may break into a system to show off their capabilities to their peers or to gain attention from authority.
These socially motivated hackers claim to seek knowledge, discover new things, or be driven by the need to be the first ones to find a particular weakness in a system (Campbell & Kennedy, 2009).
Some hackers perceive that the cyberspace should be a level playground and advocate for free information. These hackers harbor sentiments against transnational organizations and governments in the cyberspace.
Thus, they seek to make the cyberspace an unlimited and deregulated entity by breaking into systems and disclosing computer passwords. Politically motivated cybercriminals, hacktivists, are people with political agendas who are oriented to extremist beliefs.
These people resort to hacking systems to spread their propaganda or pass their messages, often severely disabling systems of those who are opposed to their beliefs. They can engage in cybercrimes to generate funds for their cause.
Though it is the rarest motivator for cybercrimes, psychiatric and personality disorders have been recognized as the most dangerous cybercriminals.
Some hackers have been shown to suffer from conditions such as schizophrenia, depression and mania conditions that make such hackers feel detached from the society (Campbell & Kennedy, 2009).
Hacking of the Pentagon by Gary McKinnon
Gary McKinnon is perhaps one of the most popular hackers in the world, after confessing to unlawfully gaining access to computers at NASA and the Pentagon by capitalizing on security glitches in Microsoft’s operating system.
McKinnon, an unemployed computer systems administrator, hacked into computers belonging to private companies, NASA and the pentagon in 2001 and 2002.
McKinnon boasted to have scanned a lot of military computers, and he was surprised at the ease with which he gained entry since many of the computers had auto passwords while others apparently had no passwords installed.
McKinnon’s crime activities were identified as he attempted to download a picture he believed to be an alien spacecraft from NASA. This allegedly compromised the United States computer networks, causing computer damages and a loss of more than $800,000.
Further, McKinnon left messages on the hacked computers, which made fun of the security systems and criticized the United States’ foreign policy (Fisher, 2007).
While the United States perceived McKinnon’s cybercrime activities as terrorism related, his supporters argued that MacKinnon’s motivations for hacking are odd.
Supporters of McKinnon were of the opinion that McKinnon was a lone eccentric whose interest was merely an obsession to obtain information about UFOs and the United States’ secrets concerning alternative forms of energy (Fisher, 2007).
While confessing to his crime, Gary McKinnon said that he was mainly driven by his interest in UFOs, which dates back to his childhood years. His interest was to infringe on the security system of the pentagon and NASA to gain evidence of unidentified flying objects’ activity.
McKinnon believed that the NASA and the Pentagon kept secret crucial information concerning free energy suppression and unidentified flying objects’ activity.
Being jobless and bored, McKinnon spent a huge proportion of his time on the computer attempting to unravel his childhood interest concerning unidentified flying objects.
It was in the process of pursuing his interest that he found his way into the United States networks and was taken back at the ease of access (The Telegraph, 2009). He realized that the networks lacked firewalls and most government employees had no passwords for their computers.
It is alleged that McKinnon gained administrator privileges on various NASA and Pentagon computers, after which he utilized that access to manipulate user accounts. This enabled him to control the systems remotely.
Upon committing this crime, Gary McKinnon never made attempts to cover his tracks, but rather he readily confessed to have hacked into the system when he was traced.
Unidentified flying objects are objects believed to originate from space or other planets. People are generally interested in these unidentified flying objects because they believe that they are the key to unraveling mysteries surrounding the universe, forms of life in other planets and their origin.
Both the public and scientific community harbor interests about unidentified flying objects as they belief that these objects are controlled by some forces from space. To a majority of the public, unidentified flying objects do exist, and are best kept secret in the scientific community and the military (Ruppelt, 2011).
Motivations of Gary McKinnon
Gary McKinnon’s motivations seem to arise out of boredom and curiosity. At the time of committing his crime, McKinnon was not employed. Out of boredom, he decided to search for information about unidentified flying objects and alternative forms of energy.
McKinnon believed that the United States had some information related to extraterrestrial life forms and technology. Therefore, he took his time to gain the evidence by hacking into computer networks.
In targeting the NASA and Pentagon computers, McKinnon must have been inspired by film war-games he had watched as a child about a young man who accessed Pentagon secrets, almost triggering a war.
According to McKinnon, the United States was keeping vital information regarding technology related to unidentified flying objects, anti-gravity and free energy, which it had obtained through reverse engineering and ought to release the information to help humanity as alternative sources of energy.
McKinnon also says he had no malicious intent, except unraveling the secrets about unidentified flying objects and extraterrestrial life forms. McKinnon’s form of motivation can be said to be intrinsic since he reported to have experienced full engagement and he sought no reward (The Telegraph, 2009).
McKinnon’s personality
Cybercriminals are often thought to have narcissistic oriented traits as demonstrated by the comments they leave on the systems after breaking into them.
Hackers often leave bragging comments or their names on the web pages, an attribute considered as intended to gain admiration from other hackers and informing the media (Wall, 2008).
Gary McKinnon can also be said to have those narcissistic traits, considering the sarcastic nature of comments he left on the military website, his identity and promise to continue hacking into the system.
As a child, McKinnon was described by his mother as having phobia for traveling and had obsession with natural bodies and planets. McKinnon was suffering from ‘Asperger’s Syndrome’. Asperger’s Syndrome is a form of autism that is very rare.
Individuals with this syndrome are often very intelligent and have a great understanding of complex systems. Nevertheless, sufferers have problems in deciphering social cues and the consequences of their often obsessive behavior.
It is suggested by McKinnon’s supporters that this syndrome may have been the reason for his cybercrime activities (The Telegraph, 2009). It can, therefore, be deduced that McKinnon’s criminal activity may in part have some psychiatric and personality dimensions.
Identifying potential hackers
Understanding an individual’s intention and motivation to hack into a system requires detailed knowledge of their background, psychology, personality characteristics, and social environments.
A significant number of hackers have been shown to be motivated to break into systems by reasons beyond financial gains, such as fraud or theft. In addition, most hackers who intrude into systems claiming to be testing the security system often do not own personal systems.
This, therefore, requires profiling of hackers to establish their motivations. Organizations can be able to prevent further cybercrimes by learning to identify personal characteristics of the hackers.
Most hackers have characteristics that reflect their capabilities. Organizations can, therefore, utilize these psychological profiles to determine the type of firewall to be put in their systems (Campbell & Kennedy, 2009).
How Organization Should Defend against Hacking
Cybercrimes continue to be very costly, and the costs are proportional to organizational size. These cybercrimes threaten technological developments and integrity of systems, and even human lives (West, 2009).
The basic strategies towards reducing the risk of security breaches on computer and data networks as witnessed in McKinnon’s case include the use of an encryption system, implementation of adequate controls on data storage and access, and creating backups of data off-sites.
Establishing the motivation, psychological and personality traits of the hackers could be helpful in understanding the nature of the problem. This can help in development of appropriate strategies to reduce cybercrimes (Campbell & Kennedy, 2009).
Using encryption system
Though passwords can help enhance the security of an organization’s computer networks, they are not sufficient in ensuring that privacy of the data is maintained.
There is, therefore, need for organizations to use encryption systems particular for sensitive information. Encryption systems ensure that only individuals with the appropriate electronic key gain access to the stored information (West, 2009).
Instituting controls on data storage and access
It is suggested that approximately 90 per cent of security breaches in organizations arise from the failure to implement simple and easily installable controls (West, 2009). This was the scenario with the NASA and Pentagon systems when McKinnon hacked their system.
McKinnon also reports to have found a lot of hackers from different countries, like China, Australia and Canada who had broken into the system (The Telegraph, 2009). This would not have happened had the Pentagon and NASA put in place adequate controls in their systems.
Organizations, therefore, need to design and implement policies that are clear and auditable on their computer networks to protect them from being manipulated and misused by unauthorized users, be they insiders or outsiders.
These controls can be firewalls or antivirus systems designed to control unauthorized access to an organization’s network or manipulation of data.
Organizations must ensure that the antivirus software installed in their systems is reliable and updated, while the employees should be sufficiently trained to use the software. Placing a firewall in the system could be helpful in keeping the hackers away from accessing the system.
A firewall helps protect the system by blocking any communication from unauthorized sources. Firewalls also help prevent hackers from remotely logging into an organization’s system by blocking them from viewing or accessing files or manipulating the system’s programs.
Organizations can prevent hacking by ensuring that their systems have functional network firewall, and any activities available are carefully monitored for potential security exposures (West, 2009).
Creating back-ups
Creating and retaining back-ups, preferably at a different location, could serve to reduce the extent of data damage in case of hacking. Back-ups help prevent large-scale data loss or manipulation following security breach (West, 2009).
According to the allegations leveled against McKinnon by the United States, McKinnon deleted a lot of data, which crippled some military operations for almost two days.
In the absence of backups, the operations of organizations may become grounded for a long time due to cybercrime activities, making them incur a lot of losses.
Regular audit of security systems
Organizations should perform a through audit of their computer systems and keep them updated in order to keep off the hackers. This is because hackers are always sharpening their skills and coming up with new ways of circumnavigating the security systems (West, 2009).
It is recognized that hackers like McKinnon utilize system vulnerabilities as a result of organizations using old operating systems with known weaknesses.
Conclusion
Psychological profiling is a significant way of preventing cybercrimes. This is because it helps in understanding various aspects of the perpetrators of the crime such as personality and motivations.
This could subsequently equip organizations with the capabilities to identify the threat and institute appropriate level of control in their system. McKinnon’s hacking event could have been prevented if Pentagon and NASA had implemented appropriate system security measures.
References
Campbell, Q., & Kennedy, D. M. (2009). ‘The psychology of computer criminals’, In Bosworth, et al. (Eds.), Computer security handbook. New York, NY: John Wiley & Sons.
Fisher, P. (2007). Gary McKinnon. SC Magazine for IT Security Professionals. p. 38. Web.
Ruppelt, E. D. (2011). The report on identified flying objects: The original 1956 edition. New York, NY: Cosimo Inc.
The Telegraph. (2009). Gary McKinnon profile: Autistic hacker who started writing computer programs at 14. Web.
Turkle, P. (2000). Hackers: Crime in the digital sublime. London: Routledge.
Wall, D. S. (2008). Cybercrimes, media and insecurity: The shaping of public perceptions of cybercrime. International Review of Law Computers & Technology, 22(1-2): 45-63.
West, M. (2009). ‘Preventing system intrusions’, In J. R. Vacca (ed.) Computer and Information security handbook. Amsterdam: Elsevier.