PROFILING HACKERS The Science of Criminal Profiling as Applied to the World of Hacking PROFILING HACKERS The Science of Criminal Profiling as Applied to the World of Hacking (cid:51)(cid:66)(cid:80)(cid:86)(cid:77)(cid:1)(cid:36)(cid:73)(cid:74)(cid:70)(cid:84)(cid:66)(cid:1)(cid:116)(cid:1)(cid:52)(cid:85)(cid:70)(cid:71)(cid:66)(cid:79)(cid:74)(cid:66)(cid:1)(cid:37)(cid:86)(cid:68)(cid:68)(cid:74) (cid:52)(cid:74)(cid:77)(cid:87)(cid:74)(cid:80)(cid:1)(cid:36)(cid:74)(cid:66)(cid:81)(cid:81)(cid:74) Original edition: Profilo Hacker - La scienza del Criminal Profiling applicata al mondo dell’hacking by Raoul Chiesa and Silvio Ciappi, Milan, Italy. Copyright (c) 2007 by Apogeo s.r.l. - Socio Unico Giangiacomo Feltrinelli Editore s.r.l. All Rights Reserved. The views expressed are those of the authors and do not necessarily reflect the views of UNICRI. Contents of this report may be quoted or reproduced, provided that the source of information is acknowledged. UNICRI would like to receive a copy of the document in which this study is used or quoted. Auerbach Publications Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2009 by Taylor & Francis Group, LLC Auerbach is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed in the United States of America on acid-free paper 10 9 8 7 6 5 4 3 2 1 International Standard Book Number-13: 978-1-4200-8693-5 (Softcover) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Dan- vers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging-in-Publication Data Chiesa, Raoul, 1973- [Profilo hacker. English] Profiling hackers : the science of criminal profiling as applied to the world of hacking / authors: Raoul Chiesa, Stefania Ducci, Silvio Ciappi. p. cm. Includes bibliographical references and index. ISBN 978-1-4200-8693-5 (alk. paper) 1. Computer crimes. 2. Computer security. 3. Computer hackers. 4. Criminal behavior, Prediction of. I. Ducci, Stefania. II. Ciappi, Silvio, 1965- III. Title. HV6773.C477 2009 363.25’968--dc22 2008024603 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the Auerbach Web site at http://www.auerbach-publications.com Contents ACKNOWLEDGMENTS xi FOREWORD xv FOREWORD TO THE ITALIAN EDITION xvii BOOK PRESENTATION xix INTRODUCTION xxi CHAPTER 1 INTRODUCTION TO CRIMINAL PROFILING 1 Brief History of Criminal Profi ling 1 London, 1888 1 Quantico, Virginia, 1970 1 Liverpool, 1993 3 California, 1997 5 Serial Crimes and Criminal Profi ling: How to Interpret Th em 6 Th e Crime Scene Refl ects the Personality of the Perpetrator 7 Th e Crime Method Tends to Remain the Same over Time 7 Criminal Profi ling: Applying It to Study Hackers 9 CHAPTER 2 INTRODUCING “CYBERCRIME” 13 Information Technology and Digital Crimes 15 1980, 1990, 2000: Th ree Ways of Looking at Cybercrime 17 Mr. Smith, Hackers, and Digital Crimes in the IT Society 17 V VI CONTENTS Digital Crimes vs. Hacking: Terminology and Defi nitions 20 Password Guessing 21 Self-Replicating Code 22 Password Cracking 23 Exploiting Known Vulnerability 25 Disabling Audit 25 Backdoor 26 Hijacking Session 27 Sniff er 27 Stealth Diagnostic 28 Packet Spoofi ng 28 GUI 29 Automated Probe/Scan 30 WWW Attack/Incident 31 Denial of Service (DoS) 31 Conclusions 32 CHAPTER 3 TO BE, THINK, AND LIVE AS A HACKER 33 Evolution of the Term 35 Th e Artifacts of the Hacker Culture 35 Th e Jargon File 37 Th e Hacker Manifesto 38 One Code of Ethics or More? 39 Understanding Hackers: How Far Have We Gone? 40 What Are the Motives behind Hacking? 44 Th e Colors of the Underground 46 Commonly Recognized Hacker Categories 52 Wannabe Lamer 53 Script Kiddie 53 “37337 K-rAd iRC #hack 0-day Exploitz” Guy 54 Cracker 54 Ethical Hacker 55 Quiet, Paranoid, Skilled Hacker 55 Cyber-Warrior 56 Industrial Spy 56 Government Agent 56 CHAPTER 4 THE HPP PROJECT 57 Th e Planning Phase 59 Phase 1: Th eoretical Data Collection 60 Phase 2: Observation 62 Phase 3: Archiving 63 Phase 4: “Live” Data Collection 64 Phase 5: G&C Analysis 65 Phase 6: HPP Live Assessment (24 / 7) 65 CONTENTS VII Phase 7: Final Profi ling 66 Phase 8: Dissemination of the Model 66 Th e Questionnaires 66 Th e Format 68 Distribution 70 First-Level Analysis 72 Provenance of the Questionnaires 72 Basic Statistics 73 Second-Level Analysis 76 Time Spent Hacking 78 Legal Aspects 80 Personality 82 Relationships with the Outside World 84 CHAPTER 5 WHO ARE HACKERS? PART 1 87 What Are We Trying to Understand? 87 Gender and Age Group 90 Background and Place of Residence 91 How Hackers View Th emselves 91 Family Background 93 Socioeconomic Background 95 Social Relationships 95 Leisure Activities 97 Education 98 Professional Environment 100 Psychological Traits 102 To Be or to Appear: Th e Level of Self-Esteem 105 Presence of Multiple Personalities 106 Psychophysical Conditions 108 Alcohol, Drug Abuse and Dependencies 109 Defi nition or Self-Defi nition: What Is a Real Hacker? 111 Relationship Data 113 Relationship with Parents 113 Relationship with the Authorities 114 Relationships with Friends, Schoolmates, Colleagues at Work 115 Relationships with Other Members of the Underground Community 116 CHAPTER 6 WHO ARE HACKERS? PART 2 121 Handle and Nickname 121 Starting Age 122 Learning and Training Modalities 122 Th e Mentor’s Role 125 Technical Capacities (Know-How) 126 VIII CONTENTS Hacking, Phreaking, or Carding: Th e Reasons behind the Choice 127 Networks, Technologies, and Operating Systems 130 Techniques Used to Penetrate a System 131 Social Engineering 133 Password Search 134 Individual and Group Attacks 135 Th e Art of War: Examples of Attack Techniques 136 Attack Procedures 138 War Dialing 138 Ping-of-Death Attack against Web Servers 138 NMAP 138 Denial-of-Service (DoS) 139 Distributed Denial-of-Service (DDoS) Attack 140 Operating inside a Target System 141 Th e Hacker’s Signature 142 Relationships with System Administrators 143 Motivations 144 Th e First Step 144 Declared Motives 145 Intellectual Curiosity 147 Love of Technology 150 Fun and Games 150 Making the PC World Safer 151 Fighting for Freedom 152 Confl ict with Authority 153 Rebelliousness 154 Spirit of Adventure and Ownership 155 Boredom 156 Attracting Attention, Becoming Famous 156 Anger and Frustration 156 Political Reasons 158 Escape from Family, Escape from Society 158 Professionals 158 Th e Power Trip 159 Lone Hackers 161 Hacker Groups 162 Initiation Rites 163 Internal Organization of Groups 164 Rules and Social Intercourse within the Group 165 Favorite Targets and Reasons 166 Specializations 168 Web Defacing 169 Software Cracking 170 Principles of the Hacker Ethics 171 Acceptance or Refusal of the Hacker Ethics 174 CONTENTS IX Crashed Systems 176 Hacking/Phreaking Addiction 177 Perception of the Illegality of Th eir Actions 179 Off enses Perpetrated with the Aid of IT Devices 182 Off enses Perpetrated without the Use of IT Devices 183 Fear of Discovery, Arrest, and Conviction 183 Th e Law as Deterrent 184 Eff ect of Convictions 185 Leaving the Hacker Scene 186 Beyond Hacking 187 CHAPTER 7 CONCLUSIONS 189 AFTERWORD: SLAYING TODAY’S DRAGONS—HACKERS IN CYBERSPACE 193 APPENDIX A: HPP QUESTIONNAIRE 199 APPENDIX B: HACKER BIOS 221 APPENDIX C: THE NINE HACKER CATEGORIES 239 APPENDIX D: THE HACKER MANIFESTO (CONSCIENCE OF A HACKER) 243 BIBLIOGRAPHY AND ONLINE REFERENCES 245 INDEX 251