Unmasking the criminal hacker

Unmasking the criminal hacker

Summary: Is there a Hacker Gene? Is the hacker personality a learned set of behaviors? Research suggests that both are at work.

TOPICS: Security

Unmasking the criminal hackerIdentifying criminal hackers is no easy task even for the most gifted white hats. And, while we can't readily match a name or names to specific criminal compromises, there are things we can know about those behind the masks. It's often easy enough to identify the hacker's country of origin, the tools he used, the hacker's style and his skill level. But, what about finding the actual person or persons behind the masks? That's becoming easier too because of our observations of the personality types involved in these activities.

Over the past several weeks, I've spoken with several security professionals, hackers and a psychiatrist about the criminal hacker, his goals and his personality. My research has lead me down an interesting and enlightening path into the minds of the world's cybercriminals.

Hacker Types

Before we trudge too deep into this discussion, let's establish a terminology baseline. Criminal hackers hit cyberspace with different backgrounds and intentions, so let's separate them into three basic types. Before anyone misunderstands, I'm only talking about criminal hackers, not security consultants or other white hat security professionals. Nor am I discussing those who hack code or programs in order to help with security. I'm focused only on criminal hackers and their personalities.

First, there's the paid criminal hacker, who is hired by organized crime groups to go after particular targets in for profit schemes. These people may have no legitimate means by which to provide for themselves or their families. What they do is illegal but it's perhaps a matter of survival for them. Organized crime groups are abundant in certain countries because they have access to skilled computer professionals, they offer lucrative jobs to people in economically depressed areas and they can be persuasive in other ways as well to get what they want. These are not the criminal hackers that we're discussing here.

Second, there are the hacktivists who have something to say to the companies or individuals to whom they direct their attacks. Their attacks and compromises are illegal but they are not after monetary gain. Their purpose in engaging in these activities is to expose, to change behavior, to boast or to cause monetary loss or damage to their targets. This type has something to prove or a personal vendetta to air and hacktivists certainly fall under the definition of criminal hacker and one of the types we're interested in for this discussion.

The third and final type is the hobby hacker. Hobby hackers usually begin their exploits as a matter of curiosity, pranksterism or fun. Their activities are still illegal and often malicious. A few use hobby hacking as a gateway activity to criminal, for profit hacking. This is the type of criminal hacker we all think of when discussing serious system compromises, social engineering attacks and corporate break-ins.

The Hacker Personality

Those who begin hacking, for whatever reason, generally fall into three personality types and often the lines are grayed and overlap. In other words, sometimes hackers will exhibit a complex variety of symptoms and behaviors that lead them deeper into the criminal aspects of hacking. Hackers are generally more intelligent than average but are also characterized by isolation, introversion, paranoia and antisocial behaviors.

Let's begin with the Antisocial personality disorder type. The National Institute of Health (NIH) defines this personality type as:

Antisocial personality disorder is a mental health condition in which a person has a long-term pattern of manipulating, exploiting, or violating the rights of others. This behavior is often criminal.

These people are perfectly suited to criminal hacking because they are able to be witty and charming, are prone to flattery and manipulating others. They also disregard the safety of themselves and others, lie, steal, fight and break the law. They often exhibit arrogance or anger and they show no guilt or remorse for their actions. People with this personality type may be substance abusers.

There is no single known cause for antisocial personality disorder, although research suggests that having an antisocial or alcoholic parent increases the risk. Child abuse and neglect are also indicated. Treatment for this affliction is among the most difficult of all personality disorders and those with antisocial personality rarely seek treatment on their own.

Most interesting is that symptoms tend to peak during late teens and early twenties. Many patients improve by their 40s, with or without treatment.

I asked Psychiatrist, Dr. Soroya Bacchus, MD, if there were any tests that could be given to children to predict this personality type and sadly the answer was, "No." She went on to say that, "There are indicators but nothing predictive can be done until age 15 or older." By then, it seems, the damage is done.

I did find one interesting common thread in speaking with Kevin Mitnick, Christopher Hadnagy, Dr. Bacchus and others: Parental involvement is a keystone. Neglectful, disconnected, disinterested or non-interactive parents produce the bulk of children with this personality type. Researchers have not discounted the genetic aspect of the disorder but the accepted opinion is that this personality type is a combination of learned behaviors, parental influence and social isolation.

A good example is Kevin Mitnick's story (from Ghost in the Wires) of how his mother (a single parent) worked two jobs to support them. He was left isolated and turned to something from which he could extract his own rewards. Plus, his exploits, such as writing a password capturing program, made him popular with teachers and other students.

The obsessive-compulsive personality disorder type is popularly known as OCD; those with the disorder exhibit such symptoms as excessive devotion to work, inability to discard items, lack of flexibility, lack of generosity, overt control, lack of affection and a preoccupation with details.

The NIH defines this disorder as:

Obsessive-compulsive personality disorder (OCPD) is a condition in which a person is preoccupied with rules, orderliness, and control.

People with this disorder tend to be high achievers and feel a sense of urgency about their actions. Symptoms of this disorder usually begin in early adulthood. Social isolation often accompanies those afflicted with OCPD.

Fortunately, effective treatments are available for OCPD and OCD and involves a combination of medication and therapy.

The third personality type that's associated with hacking is Asperger Syndrome. This form of autism is also known as pervasive development disorder and autistic spectrum disorder. It is considered to be a high functioning form of autism. People with this disorder have difficulty interacting socially, repeat behaviors and often physically clumsy. The disorder is generally believed to be genetic in nature but studies are inconclusive.

Their habits and personal interactions often lead to isolation. Asperger types have unusual eye contact, have an inability to detect sarcasm and humor, have difficulty interacting in social situations and exhibit odd body language. This type also may show delays in motor behavior resulting in clumsiness.

Other aspects may include repetitive behavior, inflexibility, inability to sense other's feelings and may obsess about a particular topic or object. Children with Asperger Syndrome may be diagnosed with ADHD and may develop physical or verbal tics.

A combined treatment (medication, therapy, social skills, speech) approach seems to be most effective.

The Masculine Pronoun

It's interesting to note that while many readers criticize me for using the masculine pronouns he and him, when referring to hackers, these disorders (Antisocial, OCPD, Asperger) occur at a much higher frequency in males than in females -- just as most (93%) of all prison inmates are male. The masculine pronoun is appropriate here. I apologize to any awesome female criminals in advance. I'm not snubbing you but the statistics are against you.

Unmasking the Hacker

Often hackers want to be caught. I know it sounds crazy but it's true. Without some exposure, they never get credit for what they've done. The problem is that they don't see anything wrong with what they're doing. If you don't believe me, read back through the symptoms of the disorders. There is a loss of sense of self--a self-imposed anonymity to the hacker. He is isolated by his personality and further isolated by his actions. It's a destructive downward spiral.

And, I don't care how clever the hacker or group of hackers is, they will be caught and exposed. Most will be further isolated in prison. A large number of inmates suffer from the same afflictions as do their hacker counterparts. Read some prison statistics--many have antisocial personality disorder.

Being somewhat socially inept makes the hacker his own worst enemy. He often exposes himself through language idiosyncrasies or outright bragging. For example, Ryan Cleary (Anonymous) exposed himself through language and things he said to the point where security professionals knew immediately that he was from the UK and between 17 and 20 years of age. Ryan Cleary was arrested and charged with five offenses under the Computer Misuse Act on June 21, 2011 by London Police.

Our stereotype of an isolated, socially awkward, gaunt hacker type isn't exaggerated, is unfortunate and accurate. We know what a hacker looks like. We know where he is. We only need his name.

The Answer to the Ultimate Question

How can we identify and stop hackers? The answer and question may never exactly match up as was seen in The Hitchhiker's Guide to the Galaxy series but there are things we can do to help identify the disorders and help those afflicted.

Criticism and harsh treatment are not the answer. In fact, those things contribute to the behaviors associated with the disorders. If you know someone with any of these personality types, get them some help in the form of a counselor or medical professional. Chances are very good that the person won't go willingly or voluntarily. It may take time to draw the person out and into therapy. Be vigilant. Be patient.

Unmasking the hacker is one issue. Fixing him is quite another.

Related Stories:

What is a hacker?

Ghost in the Wires: The Kevin Mitnick Interview

LulzSec: Is it too cocky for its own good?

Topic: Security


Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Unmasking the criminal hacker

    What do you guys think about the Anon phenomenon? Does a social network such as Anonymous provide a much needed social outlet for this personality type you describe? Or, when banded together, do they now pose an expotentially dangerous threat?
    • RE: Unmasking the criminal hacker


      When people like this band together, they tend to excite each other and pose a larger threat. Any single member of Anonymous is dangerous but as a collective, they are more so. They are a serious threat--hacktivism or otherwise.
  • Great Topic, Great Lead, ...

    I felt like the article never had a punch line, a satisfactory conclusion or food for thought. Anyway, this Ted Talks goes into far more depth, examples, personalities, stories, etc: ted.com/talks/misha_glenny_hire_the_hackers.html
    • RE: Unmasking the criminal hacker


      Ted and I said the same things really. So did his professional reference, Dr. Cohen. I didn't hear an earth-shattering punchline from him either. It's because there isn't one.
    • RE: Unmasking the criminal hacker

      @son0fhobs I saw one of the Ted Talk videos, and disagreed with it. The person actually recommended hiring them - a questionable suggestion, as they are likely to cause more damage than they prevent. "They are smart" is not the same as "they are trustworthy," and the speaker failed to recognize that.
  • RE: Unmasking the criminal hacker

    It is unfortunate that you did not seem to have read any of the actual empirical research that exists in this area and instead based your conclusions on limited contact and anecdotal evidence. Your clinical diagnosis based on news accounts and published stories is seriously flawed as well - nothing more than pop psychology hogwash. Your logical reasoning about hackers being males because the disorders you claim they have are more prevalent in males, is a circular argument and absolute rubbish. As mentioned, your are merely rehashing stereotypes and pretending this is somehow scientific. It could not be farther from it. This is just lazy journalism as there is a growing body of actual scientific research into the psychology of hackers, but I guess it is easier to just make nonsense up.

    Dr. Marcus K. Rogers
    • RE: Unmasking the criminal hacker

      @marcuskrogers he must have been pwnzored pretty hard or his wittle penish exposed to the public, he mad
    • RE: Unmasking the criminal hacker

      So, you have evidence to the contrary? And, you believe that hackers are not predominantly male? I'm not rehashing stereotypes and never said that I was. Your interpretation of what I wrote is flawed. Further, it isn't pop psychology. The disorders are in fact more prevalent in males. Males make up the bulk of the hacker community, if you can call it a community.
      And, it isn't my diagnosis. I spoke to one psychiatrist and two clinical psychologists and they all gave the same information independently. If you have evidence to the contrary on any point, please contact me and we'll discuss.
  • RE: Unmasking the criminal hacker

    1) Try using the proper term: crackers.
    2) Stop being a PC wuss. Rules of the English language dictate that when the sex of the subject is unknown, the pronoun he is used.
    • RE: Unmasking the criminal hacker


      If I used crackers, someone would be upset by that too. Criminal hackers does a better job. Crackers can also refer to those who crack software key codes and serialz, so it's really a no win situation for those of us on this side of the pen.
  • Bottom line: about time it's highlighted.

    I am actually glad you made your "bottom line" so appropriate and well said.
    The police state isn't the answer to much of the "criminal" element, it only makes many of the aspects worse. We need to acknowledge and help people, instead of simply applying harsh punishment.
  • RE: Unmasking the criminal hacker

    Um, a little to much late night crime TV is all I can attribute this whole article to. There have been no published scientific articles to back up any of the claims here. Some high profile, caught, hackers have one of the three disorders described. But there is no real science backing up the claim that all hackers have one of those three disorders. (Maybe it's just the ones that get caught?) (The ted talk and the doctor who he refers to also have no had published peer reviewed studies on the subject.)
    And if those 3 disorders caused hacking we certainly would have found that out by now as all three are being studied quite vigorously. I know of no studies that even identified one of the participants as a hacker.
    While this story reads well it reads to much like a plot of a syndicated criminal profiling TV show and has no basis in science, that is there is no published and peer reviewed studies that back it up. So this is nice but anecdotal, that is until you have the science to back you up, it's not real.
  • "Criminal" hacker? - all hackers are criminals

    Unless I'm mistaken, hacking involves the intentional use or misuse of vulnerabilities in a computer system or software code. Whether it is for financial gain, mischief or curiosity - all hacking that is not explicitly authorizied by the computer system or software owner is illegal and therefore a criminal activity.
  • RE: Unmasking the criminal hacker

    "Second, there are the hacktivists who . . ."

    Are terrorists, not activists. Hacking is not an activist activity.
  • RE: Unmasking the criminal hacker

    Hackers are people who bend processes to ends they may not have been intended to be used for initially. CRACKERS are subset of hackers that abuse computer systems. PLEASE get the terminology correct you ignorant media stooge. It really is not that difficult to stop perpetuating the erroneous use of the word hacker.

    If you do you can quit using the lame term white hat entirely. Because all white hats are are hackers. They simply do not hack for nefarious purposes. A fscking 8 year old can handle concepts as simple as this so I fail to see why it escapes professional authors.

    Don't even think about using the argument that popular culture uses the term hacker in this manner either. Educate them! That is your job.

    Oh BTW I couldn't even read your dumb assed article because of the premise and title. I just skimmed it enough to know you were using the terminology incorrectly. Do better or you're wasting all of our time.
  • RE: Unmasking the criminal hacker

    Interesting discussion indeed!!
    I work for EZMCOM a security software company, and we are currently conducting a survey on current security issues and how businesses are protecting themselves from these. Please click on the link to take the survey http://www.surveymonkey.com/s/2HCM8TJ We also have a lucky draw where we are giving 10 iPod Shuffles for those that complete the survey and LIKE & SHARE our http://facebook.com/ezmcom page.
    Please take part guys, and share with your friends!
  • RE: Unmasking the criminal hacker

    Interesting Discussion!!

    I work for EZMCOM a security software company, and we are currently conducting a survey on current security issues and how businesses are protecting themselves from these. Please click on the link to take the survey http://www.surveymonkey.com/s/2HCM8TJ We also have a lucky draw where we are giving 10 iPod Shuffles for those that complete the survey and LIKE & SHARE our http://facebook.com/ezmcom page.
    Please take part guys!