Freely subscribe to our NEWSLETTER

While the tech world watches the months’s wrangling, it is worth taking a new look at a more innovative project that has been quietly progressing under the United Nation’s purview. The Hacker Profiling Project is a unique attempt to get inside the heads of cybercriminals, assessing the human element of hacking and cybercrime, and potentially providing more insightful measures for cyber security.

Not Safe from Hacking

After all, it seems as if no government or corporation has proven itself safe from hacking; even the companies that provide cyber security for the Federal Bureau of Investigation have, themselves, been hacked. As the axiomatic saying would have it: “There are only two types of companies: those that know they’ve been hacked, and those that don’t.”

If it isn’t possible to build walls that keep hackers out, it seems wiser to “hack” the hackers, as it were, by getting inside their heads. That is precisely the task with which the U.N.’s Hacker Profiling Project has been charged.
Response to hackers has historically been reactionary rather than proactive, although some governments (most notably Russia and China) have already begun to recruit hackers for the development of cyber offensive technology. If the Cold War is indeed migrating to the web, as BBC journalist and cyber-expert Misha Glenny suggests in his books, those governments with hackers on their side have an indisputable advantage.

A Deep Well of Information Untapped

The United States, by contrast, tosses these experts in jail when they get apprehended—potentially leaving a deep well of information untapped… Or open to recruitment by the criminal element with whom they are, by necessity, rubbing shoulders while they serve their time.

Take the notorious hacker Max Vision (known in the hacking community as “Iceman”) as an example. The crime for which Vision is currently previously served eighteen months was his patch job on government websites that could potentially have leaked nuclear secrets. Unfortunately for Vision, he had not been invited to patch this problem. It was after his imprisonment that he ventured into serious cyber crime, stealing credit cards for financial gain. Vision’s story could be an instructional tale. Imagine the insights he could have provided into hackers’ mindsets and techniques if he had been used as a resource—and imagine the different turn his life (and his skills) might have taken if he had spent those months associating with influences other than his cellmates.

The USA Network’s dramatic series “White Collar” illustrates the idea in a storyline involving an FBI agent who partners with a convicted forger to solve cases of white collar crime. Although of course the series is purely fictional, it aptly illustrates how easily the “criminal” mind sheds light and insight on cases that are purely mysterious to the “outsiders” of the FBI. Even aside from his useful criminal contacts, the forger has an entirely different way of thinking from the FBI agents.

Valuable insights and hiring opportunities

The U.N. Hacker Profiling Project (HPP) is only in the second and third of its proposed eight phases, but it has already produced a book titled Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hackers, which could provide insights useful to those whose jobs revolve around defending against hacking.

This book is admittedly an introductory-level look at the world of hackers, but it is an important beginning. It addresses the culture, motivation, mentality, and (surprisingly to some) moral codes of hackers, as well as venturing into areas of criminal psychology and pathology.

In his book, DarkMarket: Cyberthieves, Cybercops and You, Misha Glenny points out that nations recruiting hackers are finding their hackers not only after they are caught or convicted, but even before they engage in cyber crimes. Perhaps their methods bear examining. Perhaps potential hackers could be identified and engaged in legitimate work before they are corrupted or seduced into the world of cyber crime.

In the course of his research, Misha Glenny has taken the time to talk with hackers convicted around the world, and he reports a startling common theme among them: that they would have liked a chance to put their skills to work in a legitimate venue—free from fears of apprehension and punishment—if they had only known of one.

In fact, the HPP book devotes an entire section to hackers’ “Fear of Discovery, Arrest, and Conviction.” These findings suggest that budding hackers might be ripe for recruitment by corporations looking for smarter ways to approach their cyber security. Perhaps the nation’s universities (or even high schools, given the HPP reported statistic that most hackers got their start in their teens or even earlier) would be a productive recruiting ground.

If corporations and governments and cyber security companies remain “outsiders” to the hacking world and hacking culture, they will always be reacting and playing catch-up. Harnessing hacking power may be the wisest way to innovate a more effective cyber security system.

References
• Glenny, M., 2011. DarkMarket: Cyberthieves, Cybercops and You. The Bodley Head Press.
• UN publications, Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hackers.

About the Author
Jean-Loup Richet is Information Systems Service Manager at Orange and Research Associate at ESSEC-ISIS. He graduated from the French National Institute of Telecommunications, Telecom Business School, and holds a research master’s from IAE/HEC Paris.
Expert in IS Security, Jean-Loup Richet has been a speaker at several national and international conferences in Information Systems and has published articles in academic and trade journals. He is also a guest lecturer in IS Risk Management at Sorbonne Graduate Business School (International MBA).