Greetz from academe: On motivation

Some academics are fascinated by what young men do with their computers. I don’t mean that in a licentious, ‘Quick! Censor the Internet!’ way, though. It seems that every few years I stumble across an academic article written about the dreaded hackers, their motivations, and what can be done about them. Invariably this involves interviews with adolescents or young men – at least it does in the cases where the academics bother to track them down (some papers just survey university students and call it a day, but they shall remain citeless). In this context, the focus on individuals bearing the Y chromosome does seem to be largely accurate, statistically speaking, along with the age bias. (Perhaps there is a hidden demographic of senior citizens who hack, but presumably they’re too wily and treacherous to be caught.)

My latest find was in a recent issue of the Communications of the ACM, or CACM for short. CACM is the premier publication of the Association for Computing Machinery, a decades-old organization to which many academics belong, giving them access to a massive digital library along with a really spiffy membership card (VB, take note!). Xu et al.’s paper ‘Why Computer Talents Become Computer Hackers’ [1] is yet another foray into the hacking area, albeit with a Chinese cultural focus – both a strength and weakness that the authors note. The basis of their paper: the expected interviews with six young male hackers.

The academic focus on the portrait of the hacker as a young man may seem somewhat puzzling to those on the front lines of the anti-malware industry, and even those academic security researchers who do very applied work such as botnet infiltration. Having spent time in both camps, I think the anti-malware industry surpasses the academics with respect to colourful names – I remember one anti-malware conference where an attendee in the audience referred to malware writers as ‘scum-sucking pigs’. And that was before the bar had opened.

In all seriousness, though, surely most security havoc is now caused by more seasoned professionals. Xu et al. suggest that there is a progression over time from ‘affection for computers’ to ‘curious exploration’ to ‘illicit excursion’ to ‘criminal exploitation’ [1]. As a cynic, I would interpret this progression to mean that curiosity and affection for computers should mercilessly be stamped out. The authors’ conclusion from their research is somewhat different: ‘Eliminating tolerance and strengthening moral-value constraint appear to be the only manageable options in resisting hacking today.’

Whenever I read academic papers on this topic, I’m reminded of Sarah Gordon’s work on virus writers (e.g. [2], [3]), which regrettably is often overlooked in academic papers, even though she published a relatively recent commentary on it in an academic venue [4]. Again, the gap between industry and academia rears its head.

Although I callously spoiled Xu et al.’s paper by giving away its conclusion above, the periodic nature of academic ‘hacker motivation’ papers ensures that there are more. A particular favourite of mine was also published in CACM, in 2005. McHugh and Deek argued that a sandboxed ‘microcosm’ in which hackers could unleash their malware safely would be good for the Internet at large [5]. They delved into hacker motivation to address the rhetorical question: ‘Is the system we propose likely to attract the interest of hackers?’ Somehow I think that people in the anti-malware industry would have a quick, realistic answer to that.

With all this discussion of young hackers, I should disclose my own age bias. I’m old enough to remember the use of the word ‘hacker’ in a positive sense [6]. Each time I write the word ‘hacker’ in the popular, derogatory way, I involuntarily grit my teeth and twitch slightly. For those who can’t appreciate this particular quirk of mine, simply imagine the word ‘virus’ being used to describe all instances of malware as well as Grandma’s hard drive in need of a defrag.