Hacker Ethos as a Framework Protecting Freedom

The term “hacker” has been connected by popular culture to mean someone who infiltrates into secure systems to sow chaos and mayhem for their purposes. They have been described as individuals who steal credit card numbers, create computer viruses, attempt identity theft, and all other manners of illegal behavior (Social Network, 2010). It must be noted though that describing all hackers as such is far from the actual truth when in reality such actions are actually from a sub-group of hackers who are named “crackers” (Social Network, 2010).

Hackers are individuals who “program enthusiastically” in that they consider computer language, code, and the creation of new applications as a form of entertainment, something that gets the mental juices running so to speak. The concept of “hacking” for these individuals is similar to a passion similar to individuals who go mountain climbing, play sports professionally, or even write novels. It is an activity that involves aspects of curiosity, creation, and innovation wherein hackers want to know how a particular system works, try to create one of their own, and innovate it to have more features, more functions, and work better than it originally did before (Gilman, 2009).

Open-source systems such as Unix or free programs such as Mozilla Firefox are the result of the hacker culture where curiosity and innovation spawned the creation of programs meant to better assist the general population of computer users (Harrop, 2007). What must be taken into consideration is the fact that the term “cracker” is associated more with the descriptions attached to the hacker culture rather than what popular culture says hackers are. “Crackers”, as they are named, are a sub-culture within the hacker culture that uses their skills to achieve criminal gain either through subverting secure online systems or by stealing user information for identity theft.

The fact of the matter is most hackers are not crackers and use their developed skills only because they find something to be intrinsically interesting and challenging and do not do so to commit a crime. What controls and directs hacking behavior, in general, is strict adherence to the code of the hacker’s ethos which deals specifically with the right to the freedom of information, individual privacy, and a distinct improvement in the overall quality of life of individual users (Castulluccio, 2003).

The concept of ethos can be described as a form of guiding beliefs that are an inherent part of a community of nations’ character. It is used as a guide that influences a person’s behavior to such an extent that by examining the ethos behind a culture you can determine how they will react based on a given situation. It due to this that concepts behind any form of ethos must first be subjected to intense examination before it is shown to have been constructed under a proper ethical and moral framework.

It must be noted that the set of ethical boundaries embodied by the hacker ethos have dictated the course of the hacker culture leading to instances of innovation to give consumers a choice over the software bundles sold to them by corporations at high prices. Another aspect that has developed is the case of hacker vigilantism in which hackers attempt to subvert a system for the “good” of the people. Such instances can be seen where hackers break the proprietary code of various software bundles to distribute them online for free or attempt to reconfigure systems to run in a different manner that allows greater user flexibility and choice.

One example of such an act was the development of a chip that reconfigured the digital reader on a Sony PS2 gaming console which enabled pirated CDs to work on the console itself. The result of such an act was the loss of potentially billions in revenue for various game development companies around the world however for users this resulted in them being able to play games that they otherwise would not have been able to afford.

Aristotle has stated that “law is order, and good law is good order”, in this particular case what the hacker ethos is representing is a distinctly unlawful act and as such could be considered as a method of contribution to disorder. The fact is hacking attempts done by various hackers while being stated as basically harmless, do result in negative consequences. At times such actions are even compared to the act of stealing which makes the ethicality associated with the hacker ethos highly dubious at times.

What must be understood is that Ethos can also refer to how a person portrays themselves in an argument, in a sense that it is a method in which persuaders present an “image” to people that they are attempting to persuade. This particular “image” refers to a persuader’s “character” in the sense that a person is attempting to persuade another person of the righteousness of their statements based on their inherent character. In the case of the hacker ethos, this takes the form of hackers attempting to convince other people of the righteousness of their cause based on the image that they are portraying, namely, as individuals that have a great deal of experience and knowledge regarding computer systems and how they work.

It is this argument based on a projected image that is a cause for concern since basing it on a person’s knowledge and experience alone doesn’t justify the action itself. For example, a person may argue for the righteousness of a cause based on their knowledge of the event yet this attempt at persuasion may in itself be self-serving for the person that is attempting to persuade other individuals. An examination of the motivations behind the hacker ethos reveals that should individuals accept their ethos and implement it, it benefits hackers more so than regular individuals.

The hacker ethos in itself is self-serving towards hackers themselves since it justifies their actions under the basis of a righteous cause yet, in the end, is more beneficial to them than to other individuals. In the case of ethos what must be understood is that it is “artifice”, meaning that is created, manufactured, made, constructed, etc. It can be considered a type of surface image which may have an entirely fictitious relationship to what is true.

For example, a teacher could show up in class one day wearing cowboy boots, a ten-gallon hat, and a long-sleeved t-shirt with a large image of a cactus on the front, the next day he can wear an average suit and tie while the day after that he could wear a Scottish kilt, bagpipes and one of those patterned hats. The reason I mention this is because despite the different outfits he wears the person and the ideas that are being presented have not changed at all however what is changed is the perception of the audience regarding the idea being presented.

The same can be said for ethos wherein the method in which the idea is “packaged” drastically changes the perception of the audience towards accepting the idea itself or the validity of its statements. In the case of the hacker ethos, it can be seen that when boiled down to its very essence it is merely a statement which says the following: “let me do what I want with computer systems and programs”. It is in the way that it is packaged and presented to the public that changes the perception of the public to the idea that is being presented. What the public sees is an argument for freedom and innovation what it is in essence is a statement to be allowed to do whatever they want.

Based on this it can be seen that the ethos of hacking has several different points of view that need to be examined before an adequate conclusion behind the ethicality of all hacking practices can be determined. It must be questioned whether hacking represents a growing positive trend in innovation and open information systems or a negative aspect of modern culture that has negative implications for various industries and governments.

The concept of open access to information is based on rights evident in the U.S. Constitution which specifically states that people have the right to free access to public information especially those concerning the activities of the government. This particular concept was adopted by hacker culture to mean transparency in the development of systems and direct access to information hidden by the government or private institutions (Trembly, 2005). For hackers, open access to systems means being able to analyze the way they are constructed, learn their fundamental aspects and build upon them to either enhance or reinvent the systems in a way that is better in terms of functionality and usability (Carroll, 2008).

It has been shown that open access to information oftentimes leads to greater levels of creativity resulting in the development of better and more efficient information systems and programs. On the other hand, corporations argue their right to maintain the integrity of their proprietary systems due to the sheer amount of expense and investment they devoted towards their creation. These corporations do have a point, the amount of work and money that went into the development of various programs and systems constitutes a multi-billion dollar international industry that provides jobs to thousands of people.

They can make money due to their possession of a particular system or program that is a necessity to a large consumer market. Take for example Microsoft, it is one of the largest software companies in the world and has nearly 90% of the total PC market in terms of overall sales of its software series. Allowing access to the proprietary information that went into the development of its systems is the same as wasting all the time and effort that went into creating that particular operating system. Open access in this case means a high degree of possible replication resulting in the loss of company profits.

The basis of this argument can be seen in the pirated software industry where illegal copies of Microsoft operating systems have resulted in billions of dollars lost in potential profits. Aristotle states that “even when laws have been written down, they ought not always to remain unaltered”, in this particular case it can be seen that the written law is the intellectual property right companies have over software while open source initiatives represent a possible alteration to this “law”. It must be noted that current intellectual property laws, while designed to protect the rights of companies, are inhibiting the progress of software.

Such an argument is based on the fact that open source initiatives have been shown to have a greater degree of innovation and exploration of new methods as compared to isolated developments within a company. While it may be true that for companies the concept of the hacker ethos which beliefs in open access to information is, in fact, bad for company profits it all boils down to a lack of will on the part of the company to innovate itself to such an extent that it could make a profit while at the same time allowing open access to developed information. The argument of hackers, in this case, is that the software sold by Microsoft is too overpriced and cannot be afforded by a large percentage of the global population.

The result is a strange twist in ethics wherein under the belief that there should be open access to information hackers take it upon themselves to crack the various safeguards placed on proprietary systems and software for it to be distributed for free online. This can be seen in the various torrent files available on Piratebay.org where operating systems such as Windows 7 have been sufficiently cracked by hackers to be able to be installed by most users.

This apparent “Robin Hood” like behavior, while based on the concept of the hacker ethos, is for the most part highly unethical in most cases. As such, it can be stated that what is happening right now is a fight between two different kinds of ethos namely the ethos of openness and sharing as advocated by hackers or isolation and integrated development with profit in mind as shown by corporations.

While it is not a representation of all people within the hacker culture it has been noted that various “moral” hackers do attempt to crack into various proprietary systems just for the sake of being able to do so. An examination of famous hackers such as Kevin Mitnick reveals that for them the concept of the hacker ethos is a method of prevention for excessive government or corporate control over the internet or the development of software.

Aristotle states “for the things we have to learn before we can do them, we learn by doing them”, in this particular case it can be seen that the hacker ethos in which systems are breached or software is de-encrypted is actually under the concept of learning by doing wherein innovation is done through action and in this particular case, it is the development of new systems, attempting to crack software and use it for their end or other similar types of behavior. The fact is in the eyes of hackers the only true way for innovation to drive itself forward is by experimenting and attempting to go beyond what companies seem to users to be capable of.

They state that they mean no harm but the fact remains that cracking a particular system or program is still considered an illegal action. It is due to this that today various hackers are in favor of open source systems since this allows them the liberty to test such systems and implement changes as they see fit. The Unix operating system for instance is an open-source platform used by many of today’s hackers and software developers as a means of implementing new ideas on specific types of programs that cannot be adequately tested nor marketed on Microsoft based systems due to proprietary issues related to unauthorized changes to the program structure of the operating system.

Another interesting development brought about by the hacker ethos of open access to information is the current situation involving barriers to open access to information instituted by various global governments. Government such as those located in the U.A.E., Egypt, and Australia have begun instituting means of blocking websites that contain “subversive” messages aimed against the government. For hackers, this presents a direct assault on internet users’ right to the freedom of information that the internet provides. As a result, various hacking groups have created proxy sites that avoid government censors but allow people to view information that is distinctly negative about the current government in charge.

While such acts of internet vigilantism are in line with the hacker ethos of allowing all users open access to information the repercussions of their actions worry certain segments of various government bodies. Before the start of the recent Egyptian revolution, it was the work of hackers that helped to subvert government controls on information systems that allowed the public to know of the various negative actions committed by the Egyptian leadership. It was the work of hackers that allowed the creation of an integrated online social structure that eventually brought down the Egyptian leadership and instituted democratic reform in the country.

On the other hand, it must be noted that it was due to these actions that mass riots and general mayhem on the streets of Egypt commenced. As such the work of hackers, though supposedly positive in its approach to the right of people to open access to information, can in effect be considered an instrument of violent change. What must be taken into consideration is the fact that open access to all types of information can at times result in negative effects such as profit loss for companies or revolutions in the case of Egypt.

Yet hacker ethos fails to take into account such repercussions and instead focuses on freedoms without considering the possible consequence of such freedoms. In the case of corporations, the “robin hood” like the behavior of hackers results in cutbacks in company spending resulting in the loss of hundreds of jobs. For countries the antics of hackers allowing the spread of subversive information about the government can result in violent repercussions for the state which could have negative consequences for that country’s economy.

One of the first principles that define hacker ethos is the rejection of hackers of all notions that state “businesses are the only entities that are entitled to or have access to the use of modern technology”. The term “modern technology” is not just applicable to the various devices you see at home but rather it is also applicable to the concept of processes used in the development of certain types of programs and software.

For hackers, the fact that only companies can be the providers of software is completely against the concept of the freedom of information and open access. The popular culture belief that only companies produce the best kinds of software is what hackers are striving to change, for them the continued isolation of the production process creates the possibility of control and centralization overall future developments of software which could potentially undermine the current freedom accorded to users. The basis of this argument can be seen in the near-monopoly of Microsoft in the operating system industry which has given it significant control and influence in the manner in which it interacts with customers.

One obvious case is the fact that MS Office applications are never freely bundled with the initial purchase of the MS Operating System but rather have to be purchased as a separate bundle. Not only that, computers within the U.S. are not allowed to be shipped abroad with the MS operating system installed unless with the strict permission of Microsoft. While it can be accepted that protecting proprietary information is of the highest concern in most companies the fact of the matter is the methods of operations of Microsoft do not appear to be trying to protect the integrity of its software but rather are utilized as a means of constraining the market.

Unfortunately, there is very little people can do about it since most of the world’s computer systems run off operating systems originating from Microsoft. As a result, the consumers no longer have the power of choice but rather are being controlled by a company’s business model due to consumers having no choice in the matter. Various studies involving the marketing techniques of Microsoft and other software companies reveal that they intentionally try to indoctrinate people into accepting the notion that there are no other alternatives to their products and that they are the only ones capable of producing the type of software that they want.

It is this very behavior that hackers detest and as such the reaction from the hacker community has been the creation of open source-based platforms that encourage diversity in the choice of software types and options people can utilize. For hackers, it is this decentralization that enables a far better method of innovation, creation, and freedom of expression as compared to the isolated manner in which corporate giants develop their software applications.

The second principle behind the hacker ethos is what hackers consider the use of hacking in a fight aimed against the encroaching behavior of computer technology. All of us one way or another utilize some form of technology in our daily lives whether in the form of credit cards, cell phones, email accounts, etc.

Unfortunately what most companies fail to mention whenever someone does sign up for an account is the fact that information collected about account holders is often used by the company to know more about a person to convince them to buy more of a particular type of product. For example, most people are not aware of it but using the search engine “Google” actually causes the parameters of your search criteria to be recorded along with your IP address and stored in the company’s servers for its advertising campaign.

The more information you input into a Google search engine the more the company’s advertising algorithm gets to know more about you as a customer. The result is that the company’s advertising platform, from which it draws a majority of its revenue, can develop a personality profile of you as an online user which it utilizes to display specific ads that target users based upon an amalgamation of their online searches. For hackers, this represents a gross violation of the rights to privacy since a person’s online search history may contain various tidbits of information that he/she would have preferred to keep quiet.

Another encroachment of technology on users can be seen in the case of the U.A.E. (United Arab Emirates) where the government strictly controls which websites a person can visit. Before, it was not within the capability of ISP (Internet Service Providers) to specifically block users from visiting a particular site however with advancements in networking software the current tools available to ISPs have greatly increased which as a result encroaches on the concept of freedom most users tend to associate with the internet. For hackers, the continued encroachment of technology acts as a deterrent to privacy, the open-access of information, and the freedom of expression normally associated with the internet.

It is due to this that activities related to “Hacktivism” or “Cyberactivism” have occurred around the internet which specifically target websites associated with countries or corporations that supposedly violate the hacker’s ethos. It must be noted that while hackers do not condone behavior that “crackers” do which is either destructive or self-beneficially the hacking community does condone behavior associated with the illegal penetration of systems when it is in the form of a protest against activities which it considers unjust and immoral by its standards.

The final principle behind the rationale of the hacker ethos is the increasingly high cost of software that many people within the hacker and non-hacking community can ill afford. The price of software has long been a matter of contention between hackers and corporations with hackers justifying their action of cracking open software as the only method in which they and other types of consumers can utilize such overpriced bundles.

The inherent problem with this action is that the act of cracking the software and allowing it to be distributed online constitutes an illegal action. For hackers, their actions are supposedly justified under the hacker ethos of the freedom of information wherein everyone has the right to information. The problem with their actions is that under most ethical and legal standards what they are doing is wrong. Yet the response from the masses has been largely positive, individuals that would normally not be able to afford the various types of software cracked by hackers can now enjoy the same benefits as those that can. For hackers, it is the spread of computer literacy that drives such behavior in that they do not do it for the sake of profit but rather do so because it is under their belief, their ethos so to speak.

Further Examination

While it has been established that the basis of the hacker ethos argument is one based upon the inherent skills, talents, and knowledge of hackers the fact remains that such a basis is inherently flawed. For example, before he was sentenced to 125 years of jail time Bernie Madoff was once considered to be one of the best investors in the world. While there were people who sometimes stated that there was something wrong with the various facts and figures that he presented he justified the accuracy of the numbers based on his tenure as a well-respected investor as well as a former board chairman of NASDAQ.

Yet as it can be seen this apparent basis of trustworthiness is based on a projected image since it is possible to present one image yet be another. In the case of the hacker ethos, its justification is based on the knowledge and experience of hackers yet nothing is stating that the various principles that it is composed of, though appearing ethically sound, were created based on ethics alone. An examination of the historical nature of ethos has shown that in one way or another despite the apparent ethical appearance of a certain type of ethos there is always an underlying reason behind its creation which does create a beneficial effect for the individuals that created it.

As it was stated earlier, ethos is not inherent but rather something that has been created and manufactured with a surface image to fulfill a particular purpose. It is often utilized as a method of convincing people or justifying a particular set of actions and as such, it is crafted in such a way to be convincing, believable, and thus adaptable. For example, when order someone to go into battle you do not tell them that the possibility of them dying is high rather you tell them to fight for national pride, democracy, freedom, etc., even though the fact of the matter is that person will most likely die. In a sense ethos is a device utilized to manipulate public perception regarding truth in such a way that it promotes a particular idea based on the common good but in fact, it was created to carry out a particular action.

Ethos in Rhetoric

Rhetoric can be described as the use of language to achieve a persuasive effect on people in other words it is a form of delivery that entails being able to convince people of the validity of the argument being given (Holiday, 2009). On the other hand under Aristotle’s treatise on rhetoric, the concept of ethos is thus defined as the credibility of a speaker in which through this credibility they can convince people that he/ she is believable in what he/she is saying (Nichols, n.d.).

In the case of the hacker ethos, the principles that define it namely open access to information, freedom of access, and information sharing, are justified by the experience hackers have had in their current lifestyle. What must be understood is that hackers have a great deal of understanding regarding what constitutes progressive behavior both in the creation of software and on the internet as such there are often considered to be a reliable source of information regarding what changes should be implemented.

What must be understood is that in this particular case the use of rhetoric by the hacker ethos can be seen in their various campaigns regarding freedom of use, open access to information, and information sharing. They are trying to justify their actions by stating that through their own experiences in this current field of interest they know what works as an effective means of ensuring progressive attitudes in development.

What must be taken into consideration is the fact that upon examination the hacker ethos does indeed promote a distinct degree of progressive behavior. If Aristotle’s treatise on rhetoric is to be used then it can be said that the position the hackers are taking in trying to be persuasive in their message is one based on the concept of ethos in which they justify their request based on their expertise in their field. What must be understood though is that while such a method of argument is rather effective in the case of hackers one cannot help but think their ethos is rather self-serving in terms of allowing them to justify their future actions in terms of what they believe is right (Zittrain, 2008).

Conclusion

Based on the presented information it can be seen that ethos can be manufactured and created for a certain purpose and in the case of the hacker ethos it basis is one which advocates the freedom to let hackers do what they want. The fact remains that due to the reasoning of the hacker ethos that keeps on justifying itself based on the knowledge of hackers regarding certain systems, programs, and methods of operation it shows itself to be inherently flawed.

The ethical flaw in this particular case is the fact that basis a system of ethos on inherent knowledge and expertise creates far too many risks in terms of the ethical principles behind the creation of the ethos itself. Further examination of the hacker ethos reveals that it seems more self-serving to hackers than to the general public. As it was established earlier the concept of ethos can be shaped and molded to entice greater public support for a particular issue.

That is what is being seen right in the hacker ethos wherein the justification for actions is based on an ethos that has been molded to create positive public opinion but in fact, is nothing more than a method of allowing hackers to do what they please.

Other findings of this paper show that hackers react in response to the actions of the environment that they find themselves in. This is about their assumption of the unjustness of corporate practices, the suppression of information by the government, and as a result to act out against these perceived injustices in a manner that conforms to their hacker ethos. Unfortunately what they consider unjust and immoral by their standards also holds for several aspects of their activities which are also unjust and immoral by other standards.

While hackers may state that true “moral” hackers only attempt to crack a system based on curiosity the fact remains that the person who did such an action committed a crime. While hackers may state the moral ethos behind a lot of their actions such as concepts about the freedom of information and innovation in the software industry the fact remains that for some of them, their curiosity and desire to promote the tenets of the freedom of information and access to it has caused various negative consequences both in the political and economic realm.

While the concepts of free information and open access are admirable goals the fact remains that based on the principles behind the hacker ethos it can be seen that this particular type of ethos simply promotes vigilante-type behavior which if remained unchecked could have potentially dire consequences in the future.

Hackers’ Role as Information Security Guardians

Introduction

Computers are becoming an integral part of daily life every day and it is becoming a basic perception of our day-to-day activities extremely fast. Without a doubt, information technology has brought about profound changes to business functions. This article points out the fact that information technology has enabled increased efficiency, increased effectiveness, and an increased amount of IT-enabled processes within the personal and industrial fields. For example, payroll and health benefits processing can now be done more quickly and effectively by not only large businesses but also small businesses who utilize this technology under the context of business. (Yuan 2008)

Further, along with other variables, online recruitment centres, web-accessible training programs, and other technological reliant processes have expanded the reach of typical applications. (Zhang & Ming 2007) Now employee skills can more effectively be managed and upgraded, and potential employee bases can be expanded to allow for more diversity. These changes, among others, highlight the benefits that information technology has had on the different fields of human activities. However, increased reliance on IT is making it a point that one must continually update their knowledge about information technologies and thus may struggle to get up to speed on many widespread changes that occur over a relatively short time. (Mukherjee 2004) This is where the hackers come into play.

Background

Given an IP address, we can find a number of information about the administrator from it. For example, let us consider four IP addresses from the US:

199.252.162.251 = CON2R.NIPR.MIL

Organization Name: DoD Network Information Centre

Organization Identity: DNIC

Address: 3990 E. Broad Street, Columbus, OH

Postal Code: 43218

Country: USA

Organization Email: [email protected]

213.7.98.49 = 213-98-49.netrun.cytanet.com.cy

Network Name: CYTANET

Description: Cyprus Telecommunications Authority, Internet Service Provider

Admin-c: CM94-RIPE

Address: Cyprus Telecommunications Authority, Network Operation and Maintenance, P.O.Box

4929, Nicosia, Cyprus CY-1396

Country: CY

Phone: +357 22701711

Fax-no: +357 22701180

E-mail: [email protected]

209.76.125.28 = 209-76-125-28.ttsfo.com

Organization Name: AT&T Internet Services

Organization Identity: SIS-80

Address: 2701 N. Central Expwy 2205.15, Richardson, TX

Postal Code: 75080

Country: US

165.121.208.192 = user-2injk60.dialup.mindspring.com

Organization Name: EarthLink Inc.

Organization Identity: ERMS

Address: 1375 PEACHTREE ST LEVEL A, ATLANTA, GA

Postal Code: 30309

It is very simple to find the above information and people, like the hackers, can use this information. Nowadays it is easy for a hacker to enter into a firm and access the corporate network of the firm. They find all sorts of useful financial and other information about the firm and even manage to obtain an important password of the firm using standard technical hacking tools. Social engineering is a hacker manipulates a person taking him or her into confidence and then obtaining information from them to access a firm or system. The hacker can use psychological tricks to manipulate the legal user of a computer system and access it. (Miscaroni 2008)

The hacker’s sole goal is to obtain valuable information about a system for his benefit by committing certain frauds and intruding into the network, for industrial spying, identity thefts or simply to destroy the computer system or network. The major targets are mainly telephone companies, multinational companies, financial institutions, government and military agencies and even hospitals. A breach in a company’s security system is not just embarrassing but also hampers the firm’s reputation permanently. (Yuan 2008)

There are two levels of attacks due to social engineering, the psychological and the physical levels. Hackers first notice the physical layout of a certain firm, like the phone and work areas. They then start to communicate with the employees, exploiting them to obtain passwords or documents of importance. (Farmer 2004) Thus, it is obvious that hackers are individuals who understand the security system inside-out and can devise frameworks to find and manipulate the loopholes of the IS/IT system.

Discussion

According to Budi Arief, & Denis Besnard in their article Technical and Human Issues in Computer-Based Systems Security identification of a hacker is someone “that experiments with systems… [Hacking] are playing with systems and making them do what they were never intended to do. Breaking in and making free calls are just a small part of that. Hacking is also about freedom of speech and free access to information – being able to find out anything. There is also the David and Goliath side of it, the underdog vs. the system, and the ethic of being a folk hero, albeit a minor one” (Arief & Besnard 2005)

They also point out that hackers should be renamed as crackers, aligned with the idea of code-cracking, as according to them it would be a more relevant term to use. Budi Arief & Denis Besnard also identify the probable reasons that instigate these individuals to compel in acts such unethical as hacking. It has been estimated that a major section of the hackers indulges in this act to enjoy financial gains by the dint of stealing personal details like bank account or credit card details that would lead them to probable customers in the grey market who are willing to use this information or mine this information to their advantage. (Vasireddy 2007)

Furthermore, the hackers indulge in hacking on behalf of various companies who are willing to gain comparative advantage using this secured information of the rival companies like stocks and internal policies and strategies. But still, another aspect of hacking reveals more hazardous results. It has been found that quite a few hackers decode the security system of others just for fun and without any personal gain or interest. For these individuals, the only gain is the personal satisfaction gained by the measure of the destruction of data they instrumented. (Zia 2009)

In this context, it would be relevant to state that with the increased potential of malicious attacks on the computer and thereby on the personal lives of individuals it could be derived that the risk factors are becoming pervasive at a regular basis at a breathtaking pace. According to Budi Arief, & Denis Besnard in their article Technical and Human Issues in Computer-Based Systems Security published by Centre for Software Reliability, School of Computing Science, the University of Newcastle upon Tyne in 2005, “this vulnerability, along with our reliance on these systems, implies that it is important for us to do our best in securing them to ensure their proper functioning. It is necessary to tackle the security issues from both technical and human perspectives. From this dual standpoint, it is hoped to obtain a better understanding of how computer attacks are performed, including how to gain illicit access, the types of attacks, as well as the potential damage that they can cause.” (Arief & Besnard 2005)

In a general sense, the hackers of today are believed to be the fourth generation of mischief-makers. The first one is believed to be the pool of scientists, programmers and talented students like Richard Stallman who indulged themselves in the codes and intricate details of the computer programs and thereby invented a way out in the process.

The second generation is supposed to be formed with technological experts with radical outlook though they seldom ventured into anything else than petty law-breaking like phone bugging and soon enough they were followed by the third generation of hackers who were completely computer freaks who indulged themselves mostly into making copies of entertainment materials like games etc. the fourth generation of hackers are the real individuals of the current discussion. These people replaced games with hard cored criminal activities and to them, the concept of crime and games are blurred. (Miscaroni 2008)

In the same context, it is a much-needed trait to investigate the probable psychological and sociological factors involved within the framework of the attackers. The basic insight within the fundamental perception of the attackers would help us to reveal their work ethics, motives, taxonomy and community and thereby it would be possible to negotiate the issue in a formulated manner.

But there is a counter idea that suggests that having hackers or other systems intruders as Information Technology security guardians. The idea of having hackers or other systems intruders as Information Technology security guardians holds ground in the sense that as the hackers are in the best position to decode the existing security codes applied therefore logically enough they are the best possible individuals to impose a security system as they know the system inside out. (Simkhada 2009)

On the other hand, on the ethical ground, it is very improbable that people with such low moral outlook as hacking and illegal knowledge deportation could never be given such an important job of maintaining security where a vast amount of assets in form of information would be left open to these unethical people. As the stakes are extremely high it becomes a matter of faith whether having hackers or other systems intruders as Information Technology security guardians would be helpful or not in the context of both ethics and finance. (Podolski 2006)

There is no suspicion over the fact that the hackers are extremely capable of maintaining and implementing the security system if they want to. This is because they possess an elaborate understanding of information technology security measures and at the same time they a very much capable of following a formulated program while cracking codes. This knowledge can be harnessed if intended and it is seen in other parameters of life that when a lawbreaker is used as a person of law the result was substantially fruitful although, it is always a great stake to employ the fourth generation hackers as virtual security personnel or consultant. (Pant & Richman 2006)

Analysis

To conclude the whole topic, it would be relevant to comment that having the hackers or other systems intruders as Information Technology security guardians would be helpful or not is a subject of debate in terms of security and ethics but for the moment it would be better to take up a measure to the extent it can be dragged. The most logical move in this context would be to educate the users more on this topic so that they can withstand the problem as much they can on their own.

Other conventional measures may include the upgradation of security software of noted and reliable companies and installing them as a measurement in the form of anti-virus, firewall and checking IDS regularly. Lastly, the security administrators must be kept updated to deal with the problem. (Sabbah 2008) But these are measures to be taken however the basic debate remains in the same position and legal and ethical employment of the code crackers remains to be seen as the future development of corporate policies in alignment with ethical codes.

Conclusion

A possible risk arises when our computer connects with a network and starts to communicate and download programs. Protecting the files and the Internet account of our computer from other users who can cause harm to it is known as Internet Security. Certain security measures, which help us to protect our computer, would be making backup copies of our important data, changing file permissions now and then and assigning passwords, which only we know. The various IT systems, which are used in different businesses, view security concerns as an important aspect. Internet users need to be sure that their computers, which contain valuable information are completely secure.

Cybercriminals can cause many damages and thus, effective security measures are necessary. The professionals who handle Internet security need to be confident about certain areas like penetration testing, audit or legal compliance, incidence response and intrusion detection. However, it has been discussed that even there are disadvantages or risks involved, it is better to use individuals who actually know the loopholes of the system and thus are capable of providing adequate measures to mend those loopholes. Thus, hackers are the best guardians of IS/IT security systems.

References

Arief, B & Besnard, D. (2005) ; Web.

Farmer, D. (2004) Forensic Discovery, NY: Addison-Wesley.

Mukherjee, S. (2004) Thought Strategies and human components, Wellington: IBL & Alliance Ltd.

Podolski, V. (2006) IS Perceptions: An Approach Towards technological Intelligence, Auckland: IBL & Alliance Ltd.

Miscaroni, J. (2008) ‘Enforcing patient privacy in healthcare WSNs through key distribution algorithms’, Security and Communication Networks, vol. 1, no. 5, pp. 417-429.

Pant, H. & Richman, S. (2006) ‘Optimal availability and security for IMS-based VoIP networks’, Bell Labs Technical Journal, vol. 11, no. 3, pp. 211-223.

Sabbah, E. (2008) ‘An application-driven approach to designing secure wireless sensor networks’, Wireless Communications and Mobile Computing, vol. 8, no. 3, pp. 369-384.

Simkhada, T. (2009) ‘Combating against internet worms in large-scale networks: an autonomic signature-based solution’, Security and Communication Networks, vol. 2, no. 1, pp. 11-28.

Vasireddy, R. (2007) ‘Security posture for civilian and non-civilian networks’, Bell Labs Technical Journal, vol. 8, no. 4, pp. 187-202.

Yuan, S. (2008) ‘A secure business framework for file purchasing in vehicular networks’, Security and Communication Networks, vol. 1, no. 3, pp. 259-268.

Zia, T. (2009) Quality of security through triple key scheme in wireless sensor networks, Aus: Charles Sturt University.

Zhang, C. & Ming, Y. (2007) ‘Network routing and security: A review’, International Journal of Communication Systems, vol. 20, no. 8, pp. 909-925.

The Three Types of Hackers

Technology has improved the way people live, shop, transact, and make decisions. However, it has increased exposure to innumerable risks that have severe financial and social implications. The article “They’re attacking you: learn the three types of hackers’ was written by Jonathan Nichols and explores the three main types of hackers that attack organizations and their clients, and the factors that motivate them to launch attacks. The author lists the three types of hackers as “carders,” “advanced persistent threats” (APTs), and “hacktivists.” Their motivations are money, governments, and ideas respectively.

Carders

The author establishes that carders specialize in moving money from the accounts of organizations and clients into theirs using card-reading devices (“skimmers”) that transfer data from clients’ credit cards to their databases. The use of skimmers is hard to recognize because some gadgets are so small that they can be used without being noticed. Advanced and more qualified scammers use touch-sensitive pads on points of service to capture the PINs associated with cards used to conduct transactions. Others use Remote Access Trojans (RATs) to attack point of service machines and steal entire databases containing private information belonging to customers. Scammers sell the data and cards, and also use the stolen information to manufacture new cards by cloning it onto blank credit cards that are then sold to individuals who use them to shop online.

ATPs

ATPs target the governments that hire them and exploit vulnerabilities in the computer systems and resources provided by their employers. It is difficult to identify the origin of ATP attacks and, as a result, they are highly destructive. Attackers use the resources provided by governments to find vulnerabilities in the systems of victims. The attacks are lethal and can lead to the demise of organizations, loss of clients, and destruction of ideas. The only solution that can mitigate the problem of ATP attacks is the reduction of platforms that attackers can invade. Organizations need to make the hackers’ targets smaller in order to reduce the risk of attack. For example, access to sensitive business data should be restricted to a limited number of individuals through the implementation of user access management policies. In addition, they can implement stringent security protocols and limit the entry of junk into organizational networks. ATP attacks can have serious financial ramifications if not prevented. Frequent system patching, rigorous training on security protocols and restricting access to data are effective strategies that can prevent ATP attacks.

Hacktivists

This group of hackers is motivated by political change and works for a wide range of employers including individuals and governments. “Anonymous” is the most famous group of hacktivists that conducts operations aimed at bringing political change. Hacktivists use a wide range of tools and techniques to conduct their operations. These tools include defacements, Distributed Denial of Service attacks (DDoS), and Structured Query Language injections (SQLi). A DDoS attack involves jamming a company’s system with traffic so that clients cannot locate its website or server. These attacks can be avoided by implementing cloud-based solutions and load distribution. Defacements involve getting unauthorized access to a company’s website and using it to send messages that tarnish the organization’s image. Defacements are avoided by updating servers regularly and implementing stringent user access policies and security protocols. Finally, SQLi exploit weaknesses in the protocols that servers use to allow individual access to databases. Organizations should make security the most important aspect of their business operations.

Hackers: The History of Kevin Mitnick

Despite the common belief, hackers were originally people who were simply professional computer users, specializing in software and hardware. Today the word “hacker” implies a negative connotation, a criminal who will break into your bank account and the national defense system of your country (Grand, 2004).

Kevin Mitnick, born in 1963, was considered to be one of the most wanted hackers in the United States. He grew up in Los Angeles and was a student at Monroe High School. The higher educational institution assigned to him was Los Angeles Pierce College and USC. In his early days, he held a job at Stephen S. Wise Temple and he had a duty of a receptionist. His first official “hack” happened when he was twelve years old. He was a social engineer, which means that a person uses other people—strangers, to do things they would not regularly do. Using this skill, Kevin took advantage of the transfer system of the buses to ride them for free. When he was 16, in 1979, his first computer hacking was to gain access to the computer system of Digital Equipment Corporation. He copied their software but was later captured and convicted, which happened in 1988. Kevin Mitnick received one year sentence in prison and also a sentence of supervised parole for three years. Close to the end of his three years he presumably gained illegal access to Pacific Bell and this action violated his parole conditions. There was a warrant issued for his arrest and so he had to go into hiding. For two and a half years he was running from the authorities. During this time he was said to have broken into many computer systems, coping valuable and secure information. He hacked into computer and cell phone companies, using their resources for personal use. He altered computer networks, stole passwords, and read private emails. In 1995 he was captured, in Raleigh, North Carolina. There was incriminating evidence on him in the form of clone cell phones, cell phone codes, and many pieces of false identification (Lambert, 2005).

The trial that took place in the year 1999 contained his confession to some of the presented crimes and the sentence was administered in a form of a plea bargain, where he received three years and 10 months in prison. Another two years were added on for his violation of parole in 1989. Kevin Mitnick spent 5 years in prison, out of which four and a half were served as pre-trial. Eight months he has spent in solitary confinement. Mitnick says that this happened because the officials from law enforcement were able to convince the judge that simply by whistling into the phone receiver he can start a nuclear war. When his sentence ended in 2003, the court has made it a condition for him to not be able to use any technology based on communication, except a phone which was a landline. Kevin Mitnick appealed the decision and won. He gained access to the internet by the court’s decision. A ruling that was also made in the plea bargain was that he could receive any form of gain from films or books that depicted his crimes and this condition was in force for seven years. Today Mitnick runs a company called Security Consulting LLC, which is a computer consulting company (Mitnick, 2011). His history and sentences are surrounded by great controversy, as there are rumors that many rulings were falsely imposed. Mitnick himself said that he has not used computers for crimes he was convicted of but used simple social avenues that anyone could have gained access to. There are theories that the government wanted him behind bars, as he was considered too dangerous. Many people supported him and demanded justice and even today he has a following (Knight, 2003). Hackers are people with skills that can be used to better the world and help others to protect themselves from criminal hackers.

References

Grand, J. (2004). Hardware hacking: Have fun while voiding your warranty. Rockland, United States: Syngress.

Knight, P. (2003). Conspiracy theories in American history: An encyclopedia. Santa Barbara, United States: ABC-CLIO.

Lambert, L. (2005). The internet: Biographies. New York, United States: ABC-CLIO.

Mitnick, K. (2011). The art of deception: Controlling the human element of security. Indianapolis, United States: John Wiley & Sons.

Protecting Organizations From Hackers and Thieves

Introduction

Background of Study

Technology has significantly improved organizational performance by making firms more efficient and connected with one another. In this regard, there is improved connectivity of organizational processes and the adoption of faster data processing techniques. However, as companies continue to reap the benefits of these changes, they are increasingly facing the possibility of losing important or valuable data to hackers through cyber theft. Relative to this fact, Mukhopadhyay et al. (2019) say that the uptake of technology and the prominence of the Internet of Things (IoT), which is a network of objects that communicate with each other, has increasingly exposed companies to the threat of online attacks. Hackers and identity thieves are the most common set of criminals found online and they are ready to exploit weak security systems for criminal gains.

Hacking and identity theft are cyber-security issues that have affected many organizations because before most of them use computing devices to carry out their core tasks. Consequently, they are vulnerable to multiple levels of security threats, which can be launched from anonymous quarters. The record and history of online attacks have been well documented in reports, publications, and academic studies (McAfee, 2018; Dinger and Wade, 2019). Most of them suggest that such attacks often lead to the loss of information, privacy, and funds, and may cause reputational damages to firms (McAfee, 2018; Dinger and Wade, 2019). Additionally, firms may be concerned that public awareness about such cyber threats may fundamentally undermine confidence in their businesses. Therefore, without the assurance that the devices are secure and that the data contained in them are protected, it is difficult for people to trust organizational systems.

In the context of this study, hacking will be used as a broader term involving different types of malicious activities affecting the integrity of data or information contained in a secure network system. For example, Carpenter et al. (2020) classify unlawful appropriation, embezzlement, espionage, and plagiarism as part of crimes involving hacking. The establishment of sham websites to carry out fraudulent activities and using spoofers to “trick” people into releasing sensitive data through phony email addresses are also categorized as crimes involving hacking (Levitin et al., 2018). Contrary to popular belief, hacking does not only affect personal computers because large-scale operating systems, such as those owned by government agencies running water treatment and sanitation services or electric power lines could also be hacked (Bialas, 2016). This statement means that not only are individuals at risk of such attacks but corporations are equally affected.

Identity theft occurs in several ways, but the effects on victims are the same as those of hacking. This is because both of them can lead to reputational damage, loss of money, and the release of confidential information – outcomes that could affect financial and non-financial aspects of business performance. Various types of identity theft have been mentioned in the Information Communications Technology (ICT) field and they include financial identity theft, social security theft, medical identity theft, synthetic identity theft, child identity theft, tax identity theft, and criminal identity theft (Mukhopadhyay et al., 2019). Although these multiple forms of crimes have the highest incidence of occurrence (Carpenter et al., 2020), the financial industry is the most commonly targeted industry for cyber-attacks because of its proclivity to the flow of resources in business (De Souza et al., 2020; McAfee, 2018; Dinger and Wade, 2019). Consequently, there is a need to set up robust security features to protect organizations from cyber-attacks. This paper investigates strategies that companies could use to better mitigate the risk of hacking and identity theft by enhancing the security of their information security networks.

Definition of Terms

  • Internet of Things (IoT): This concept refers to a network of objects that communicate with each other through the internet to connect and exchange data. The network is designed to use sensors, software, and other technologies to communicate with various devices found within the network (Kim, Lim, and Lee, 2015).
  • Digitization: This concept refers to the transformation of sounds, texts, or pictures into a digital format that can make it possible or managers to process data via their computers. The goal is to transform information into a computer-readable format, which can then be processed for further use.
  • Cyber Security: This is a field in the ICT industry, which is focused on the protection of computing devices, such as computers and tablets, from malicious attacks. Common types of cyber security breaches include malware and Trojan attacks.
  • Hackers: They are people who exploit network security weaknesses to launch attacks on computer systems. They would ordinarily do so to gain access to data that they would otherwise not have had or are not supposed to have. They use such information to steal funds, forge people’s identities and carry out fraudulent activities in the guise of being someone else. Therefore, when given access to secure network operation systems, hackers can alter or misrepresent the actual meaning of data or steal information, which could then be used to carry out fraudulent activities.
  • COVID-19: An airborne respiratory illness caused by a virus. In late 2019, the disease was first reported in Wuhan, China, and it has since spread throughout the world with millions of people infected and thousands more losing their lives. Efforts are currently underway to develop a reliable vaccine to treat it.
  • Biometrics: The use of physical characteristics to identify someone before giving them the authorization to access a secure network or a set of organizational systems. This type of security measure is an upgraded version of the od user-password model, which was prone to hacking some people could guess other people’s passwords and breach the system.

Research Questions and Objectives

The aim of this study is to discover how individuals within an organization can handle issues of identity theft to minimize risk to other organizations. Supporting this aim is a set of research objectives, which will guide further discussions in this paper. They are outlined below.

  • To find out which information security tools are needed to develop secure network systems.

To propose measures organizations can take to mitigate the risk of identity theft and hacking in the current business environment. To ascertain the extent that trust plays in developing secure networks. These objectives are supported by the research questions below.

  • RQ 1: What information security tools are needed to develop secure network systems?
  • RQ 2: Which measures can organizations take to mitigate the risk of identity theft in the current business environment?
  • RQ 3: How relevant is the role of trust in developing secure networks?

Justification of the Study

Digitization is a revolution that has occurred in business circles and created vulnerabilities in organizational systems by replacing old systems of operation with new and better ones. The process predisposes people to security threats, which accompany the change. While these threats can be attributed to digitization, it is inherently difficult for companies to stop the automation process because it portends several major benefits to their operations, such as faster communication and the mass storage of data (Mukhopadhyay et al., 2019). Due to the potential for these changes to improve organizational competitiveness, firms have to think of ways to improve their security systems as opposed to slowing the pace of digitization.

Stemming from the nature of the investigations presented in this report, the findings of this study will have practical implications for businesses that have digitized their processes. For example, they can be used to improve the integrity of existing network security systems by providing unique and more sophisticated ways of preventing cyber-crime. Consequently, firms will be in a position to exploit the advantages brought by digitization without worrying about the threat it poses to businesses.

The findings of this study will also contribute towards expanding the body of literature on internet security systems because expert views form a reliable source of invaluable data relating to how companies can bolster their systems to have a more effective response to cyber-threats. Besides, suggestions for improving existing systems will be availed to provide empirical support in identifying areas that need further investigation. Consequently, scholars will be in a better position of identifying key gaps in the literature that need further investigation.

Literature Review

Introduction

This chapter will highlight what other scholars have written about the research topic. The review will be skewed towards analyzing research materials relating to cyber security and organizational preparedness to manage the threats linked to it. The criterion for selecting articles to be reviewed in this analysis will be based on the year of publication and relevance to the research topic. In line with this selection criterion, research evidence that has not been published within the last ten years will be omitted from the review, while those that were published in 2010 will be included in it.

Theoretical Support

The actor-network theory will be used as the main theoretical foundation of this study. As its name suggests, it traces its roots to the ICT field with a primary focus on the digital data transfer process. The theory explains the relationship between people and innate objects by arguing that the two are involved in a constantly changing environment (Oliveira et al., 2019). Stated differently, the theory presupposes that the relationship between man and innate objects is “fluid” to the extent that it is characterized by a shifting network of interactions. Therefore, there is an existing interrelationship among all factors involved because all the factors that influence these relationships are subject to the same forces of change. Therefore, the actor-network theory suggests that no external factors are involved in understanding the nature of these relationships and no such interactions exist outside of the forces that commonly act on them.

The actor-network theory has been used to appreciate the complexity of human relationships and their primary environment. From an organizational perspective, it is deemed useful in appreciating the complexity of corporate processes and the role that technology has played in improving coordination among departments or between different interrelated departments or agencies (Grommé, 2018). Broadly, the actor-network theory can be used to understand how social effects are generalized and how they emanate from interactions with known networks. This statement is relevant in explaining how the actor-network theory is important in understanding how technology is changing social relationships and interactions among different sectors of the population and business agencies.

Based on the key characteristics of the actor-network theory highlighted above and its important role in explaining how technology is changing the business environment, the model has received immense support from known scholars, such as Bruno Latour, John Law, and Michael Callon (Grommé, 2018; McAfee, 2018; Dinger and Wade, 2019; Sun et al., 2018). They are some of the major proponents of this theory and they argue that the universal transmission of data is essential in supporting the growth of economies around the world (Oliveira et al., 2019).

This response helps to assess the threat level posed by hackers because they are also part of the “human element” involved in the broader networking system. Overall, the justification for the use of the actor-network theory as the main theoretical framework in this study is founded in its efficacy in providing a strong theoretical foundation for sampling the views of experts in the ICT field and analyzing their views on network security by providing a conceptual tool for synthesizing their findings.

Issues in Cyber Theft

Privacy violations are common in most organizational security systems because of the sensitivity of the data they contain. For example, hackers can use another person’s credit card to withdraw or transfer funds without consent and avoid detection or apprehension from police. Therefore, their activities can go unnoticed for a long time. However, the impact of their actions is still felt and researchers have tried to quantify losses that organizations accrue because of such attacks. In 2017 alone, it is estimated that organizations around the world lost billions from such crimes (Aydos, Vural, and Tekerek, 2019). Collectively, they have not only affected organizational performance but also damaged the integrity of their organizational processes by eroding the confidence customers have in such enterprises, particularly with reference to the management of private information (Lutz, Hoffmann, and Ranzini, 2020). Some of these network breaches could have far-reaching implications on an organization’s systems, processes and procedures because one security breach could affect multiple stakeholders at the same time.

Issues in cyber theft can be interrogated using the information security triad, which encompasses aspects of confidentiality, integrity, and availability of data as the main pillars of a strong network security system. Figure 2.1 below explains the nature of interrelationships among the three main tenets of the model.

Security triad
Figure 2.1 Security triad (Source: Bourgeois and Bourgeois, 2020).

As highlighted in figure 2.1 above, the security triad should contain aspects of confidentiality, integrity, and availability of data. The concept of confidentiality speaks to the need to protect information from unauthorized access, but at the same time, it encourages people to share it only among authorized personnel (He, Devine, and Zhuang, 2018). This statement means that the principle of confidentiality in developing secure networks dissuades people who have no authority to access data from obtaining it or learning anything from it. For example, researchers note that, in some jurisdictions, governments require education institutions to protect personal information relating to students by making such information confidential and only accessible to a few people. Consequently, most institutions have set up network security systems that prevent unauthorized persons from accessing information relating to students’ grades and identifying markers.

Integrity is the second concept in the internet security triad and it refers to the need to prevent alteration of data within the network security infrastructure. Therefore, the goal of maintaining high levels of information security is enshrined in the need to have safeguarded data to represent what is intended. This statement is similar to human relationships whereby people of high integrity have a higher moral standing because their followers believe in their truthfulness. Subject to the goals of maintaining the integrity of data and information systems, researchers have pointed out that organizations can suffer security breaches stemming from malicious intentions by a person within or outside the organization to alter information stored in the network security system (Lavorgna, 2019). Thus, researchers underscore the importance of building strong network security systems of high integrity to safeguard data from being corrupted because of these problems.

Information availability is the last tenet of the information triad highlighted in figure 2.1 above. It refers to the ability of anyone to change information in a company’s network security system. Researchers suggest that the timeliness of information access is a significant point to consider in this assessment because some industries value the need to receive prompt information better than others who do not consider promptness as an important consideration in their work (Kim, Lim, and Lee, 2015). For example, a marketer could easily be willing to get the sales data of the day’s operations the following day, but a stock trader may require such information promptly to make a profitable trade. Therefore, some companies can significantly experience operational disruption when their systems are not working while others may not be affected in the same fashion. For example, Amazon may experience significant losses if its website is down for a few minutes but a government agency may not be significantly impacted by such an occurrence because it does not provide services outside of the business hours guidelines. This statement suggests that issues in cyber theft may vary across industries or even organizations.

Risk Factors Enabling Cyber Theft

Since cyber-crime is a broad problem affecting different organizations, researchers have taken the time to investigate key factors facilitating the occurrence of cyber-crime. Analysts have pointed out that one of the main risk factors supporting cyber-crime is the ease in the availability of private information through social media accounts, which can be used to hack private systems (Bossong & Wagner, 2017). The major problem associated with this type of system is the difficulty in identifying such breaches when they occur, thereby giving hackers a lot of room to attack because of the general slow response in detecting breaches (Ratten, 2019). At the same time, failing to secure the physical infrastructure of computers may also encourage criminals to physically destroy or damage computers, thereby leading to the same outcome (Elhabashy et al., 2019). Research evidence further suggests that most of these breaches involve closely linked systems that are usually operated by people or corporate departments, which know each other (Bossong & Wagner, 2017). The sophistication of this system increases the complexity of addressing or mitigating an attack when it happens or detects its existence in the first place.

Risk Management Strategies

The importance of developing risk management strategies to address the threat of a cyber-attack stems from the need for companies to have clear and measurable goals for managing such risks. Many researchers have proposed a variety of strategies for developing a robust risk management strategy for preventing hacking, but there is consensus that availing adequate resources to all players in the Internet of Things (IoT) is one of the most important steps to take in accomplishing this goal (Halima, Islam, and Mohammad, 2018; Ratten, 2019; Bossong & Wagner, 2017). The need for undertaking effective organizational planning and developing robust evaluation systems have also been highlighted as additional strategies that corporations could take to improve their risk management strategies (Halima, Islam, and Mohammad, 2018; Ratten, 2019). However, the nature of the recommendations proposed is commensurate to the type of industry involved and the market that which a business operates.

Computer scientists have been at the forefront in championing the adoption of new strategies to address the growing threat of cyber-attacks, but their views are mostly skewed towards emphasizing the need to adopt sufficient data analytical tools to address the problem. Particularly, they have highlighted the reliability of such techniques to detect security breaches and monitoring networks (Patterson et al., 2017). Their recommendations are consistent with the views of Hu et al. (2017), which suggest that when systems are regularly updated, it becomes increasingly difficult for hackers to launch an attack. Additional evidence suggests that even if they succeed in creating a security breach, such systems should enable authorities to detect it early. Part of the defense strategy adopted by organizations to mitigate against such a crisis is the need to set up an anti-virus and anti-malware software that would allow companies to detect, shutdown, or report security threats and breaches when they occur (Vučković et al., 2018). Most organizations have this type of system and constantly update their employees’ computers with the latest software needed to protect the system from attacks.

Some of the recommendations highlighted above also involve physically protecting the hardware infrastructure of network security systems by hiring guards to evaluate people who seek to gain access to premises that house sensitive data. These measures are intended to make it difficult for hackers to tamper with existing network infrastructure by preventing them from getting physical access to secured premises. Thus, risk management strategies can be physical or virtual based on the extent that which they affect an organization’s systems. However, most literature focuses on virtual protection through software and such-like tools, but the evidence also suggests that physical constraints could be as effective.

Summary

In this chapter, the evidence relating to measures adopted and proposed by companies to mitigate against cyber threats seems to focus more on generic aspects of data management without a specific focus on the organization involved or the type of threat under assessment. Few scholars have also explained the human element of internet security systems, which is trust. It is integral in building robust network security systems but it could also be a source of weakness as seen by the actions of hackers who are people that exploit system weaknesses to benefit themselves.

Methodology

Introduction

In this chapter, the strategies and techniques adopted by the researcher to answer the study questions will be highlighted and explained. In line with this goal, key sections of this chapter highlight the research approach, design, data collection methods, sampling strategy, and ethical implications of the investigation because of the use of human subjects in research.

Research Method and Design

Two main types of research methods are used in academic studies: qualitative and quantitative. The qualitative technique involves the collection of subjective data, while the quantitative technique focuses on the collection and dissemination of standard and measurable data (Strokes, 2017). Therefore, the information collected using the quantitative approach often involves the process of gathering numerical data that can be quantified. Comparatively, the qualitative research method is used to collect data, which cannot be easily quantifiable. In this regard, it offers researchers an opportunity to collect in-depth information from respondents. This characteristic of the qualitative research approach highlights its suitability for the current study because the researcher intends to give in-depth information about the topic under investigation. Furthermore, the qualitative research methodology aligns with the theoretical framework of the study, which is predicated on the use of the actor-network theory, which highlights the intersection between social interactions and technology as a complex process that cannot be explored using numerical data alone.

Data Collection Procedure

The data collected in this study were retrieved after interviewing 13 respondents who worked as security systems administrators in five internet security companies located in the researcher’s city. The interviews happened via telephone calls and skype. Specifically, seven of the respondents were interviewed via skype, while five of them chose to give their views via telephone conversations. The respondents selected the platform to undertake the interviews based on their familiarity with Skype or mobile phone communication. Similarly, their availability to perform a face-to-face (Skype) or oral conversation informed their decision on whether to choose either of the two interview methods. Therefore, the selection of the interviewing platform was purely at the discretion of the respondents. The informants were sampled using the snowball method because the researcher intended to get specialized personnel who could not be reached using other sampling methods. The snowball technique involves identifying an initial contact who later introduces a researcher to other people who are willing to participate in a study (Strokes, 2017). The information gathered using this technique was later analyzed using the thematic and coding method, which identifies unique themes emerging from the interviews.

Reliability and Validity

The reliability and validity of a research process address the integrity of its findings. The two concepts are related but different in the sense that the reliability of a study refers to its consistency, while its validity relates to the accuracy of the measures involved (Mallette and Duke, 2020). To safeguard the reliability of the information presented in this report, the researcher compared the primary research findings with secondary research to find out if there were significant areas of deviation or convergence of opinions. If there are significant disparities in findings, such information was flagged down and investigated further. To safeguard the reliability of the findings, the results presented in this study were investigated across time and compared with pre-existing data.

Comparatively, to safeguard the validity of the findings, the researcher checked how well the findings of the study compared to well-established theories and more importantly the actor-network theory outlined in chapter 2 of this paper. Similarly, the researcher compared the findings of this paper to other measures of the same concept. Subject to the steps outlined above and that are aimed at safeguarding the reliability and validity of findings, it is important to point out the assumptions made by Strokes (2017), which suggest that a valid measurement is reliable. In other words, a test that produces accurate results is often easily reproduced.

Ethical Considerations

The use of human subjects in research attracts many ethical considerations. Relative to this fact, Ballin (2020) says that confidentiality, anonymity, and prioritizing the interests of the respondents in research should be the guiding factors in ethical evaluations of research investigations. Based on this statement, the above-mentioned factors were integrated into the overall ethical protocol followed in this study. First, the informants took part in the study voluntarily, meaning that the researcher did not coerce or give them financial incentives to take part in the study. Secondly, all the information provided by the informants was presented anonymously to protect them from receiving backlash for giving honest opinions. All the data obtained from the study was also stored safely using a password and only accessible to the researcher.

Limitations of the Study

It is important to understand the limitations of this study because they highlight characteristics of the design that may affect the interpretation of findings. The first limitation is that the pieces of information presented in this study are indicative, meaning that they do not represent the situation in any one given organization; instead, it appeals to general security network issues affecting systems globally. Therefore, there are constraints on a generalization of data that should be factored in when interpreting the findings of this study.

Research Findings, Analysis, and Discussions

Introduction

This chapter highlights the findings generated from the study after implementing the research techniques highlighted in chapter three above. To recap, the researcher collected primary data from the respondents using interviews as the main data collection technique. Thirteen respondents gave their views on the research issue and their findings are highlighted below.

Need for Information Security and Trust in Systems

It is important to understand the need for information security and trust in organizational systems to comprehend the context in which companies design their internet security systems and measure the efficacy of such models in preventing identity theft and hacking. Relative to this fact, the respondents were asked to give their views about the real causes of cyber security threats and it was established that a plethora of reasons could be responsible for security breaches. Consequently, there was the need for the respondents to give specifics on their perceived causes of such threats, and they were encouraged to focus on identity theft. Responding to this line of the probe, one of the respondents said,

The real causes of identity theft vary widely. You would be surprised that simply failing to discard documents containing personal information well is a risk factor. Think about it this way, there are thieves who sift through people’s trash to find documents that contain personal data. It starts from there, but more sophisticated causes of identity theft could be traced to weak security systems and …… I believe that is the focus of your study. You see… hi-tech levels of information security breaches can be linked to hacking corporate databases to get information about clients, particularly, the high-value ones.

Relative to the above statement, five of the respondents suggested that organizational security needs and trust in systems can be categorized into three key segments: confidentiality, integrity, and availability. Confidentiality was explained as the attempt by organizations to prevent unauthorized people from gaining access to information. Comparatively, the concept of integrity was described as the attempt by organizations to change information in an authorized and organized manner. Lastly, the respondents said that the need for respecting information security and trust in organizational systems could be predicted by the concept of “data availability,” which refers to the unfettered access to information by authorized users. Relative to these findings, one of the respondents said that trust is often a key pillar of a company’s network security systems because only trusted workers are given premium access to data.

Information Security Tools Needed To Develop Secure Networks

It was important to get the views of the respondents regarding information security tools that organizations can use to improve the integrity, availability, and confidentiality of the information they receive. Broadly, the tools mentioned by the respondents can be regarded as part of a wider variety of equipment needed for developing information security policies among various organizations. Therefore, the view of the respondents sampled can be categorized into three groups. Four respondents proposed the first one and it involved authentication. They acknowledged that most computer systems use people’s physical appearances to authenticate access but it is difficult to continue relying on this measure of authenticity because it is weak. One of the respondents gave an example of a thief who peeps over someone’s shoulder to see the PIN when withdrawing money at an Auto Teller Machine (ATM) machine. Thus, there is a need for a new level of authentication.

In line with the above statement, it was proposed that organizations should use different authentication tools to determine whether the people who want to access the system are indeed who they claim to be. When asked to further clarify on real measures that organizations can follow to actualize this objective, the respondents argued that most systems are based on authenticating people’s identities depending on what the system knows about them, has about them or know something that is uniquely associated with their identity. From these key bases of user authentication, most organizations require employees to input a name and password to gain access to their systems. This view is consistent with those of other scholars who believe that the user and password model is the most commonly used method of authentication (Zhao et al., 2019; He, Huang and Yang, 2020; Lee, Jeon, and Lee, 2019). In this type of security design, authentication is completed based on the information that only the user knows, such as their identification names and password.

The user-password authentication process has been used in many organizational contexts of data management. However, as pointed out by one of the respondents, it is easy for hackers to compromise this type of system, thereby creating the need for a stronger method of control. Relative to this assertion, one of the respondents said,

I am personally not a big fan of the user-ID model, because identifying people based on what only they know has been problematic in the past…. in my experience. This is because when that password is stolen or gets lots, it becomes an automatic problem for the person because it means someone can use the same tools to gain unauthorized access into systems. For example, a hacker can use a lost physical credit card to launch an attack. Therefore, I would propose adopting a network security policy, which stems from identifying markers that are specific to one individual.

Biometric forms of identification fall within this group of network security systems because they use identifiable markers that are only uniquely associated with one user. For example, most of them use fingerprint technology, which is based on a unique identifiable marker (Choi, Lee, and Won, 2016). They also use eye scans and other complex methods of authentication to further protect their systems from unauthorized entry (Choi, Lee and Won, 2016). These types of tools are aimed at improving authentication requirements to discourage hackers from launching an attack.

The second tool proposed by the respondents was access controls, which is concerned with the need for users to only access resources or data that is appropriate for their security clearance level. For example, in most security systems adopted by organizations today, the concept of access control is to categorize employees into different groups with the highest clearance given to people who can modify, delete or alter information. One of the respondents gave more intricate details about this information tool by saying that it occurs in two forms: the access control list and the role-based access control format. The respondents said, in many organizations, two groups of users are often created based on their ability to take control of specific actions that can be initiated within the system. Mostly, this type of system is found in access control lists because each category of user has specific actions they can take, such as reading, writing or deleting data. Employees who do not have this type of access are not even aware that such information resources or data exists.

One of the respondents cautioned against the adoption of such a system because he noted that most organizations manage each information resource separately. A rigid model makes it difficult to remove a user who is plugged within a larger set of system and controls information resources remotely. The same respondent also said that even though it was easy for most companies to manage and maintain ACL systems, it becomes difficult to achieve a high level of efficiency when the number of users increase. Relative to this statement, he said,

This problem creates a new level of access control, which is predicated on role assessment as the main basis for establishing information access security levels. In other words, the system is designed to allocate users with specific roles and then the same roles are assigned different levels of security clearance.

Seven of the respondents hailed this strategy and said it is justified for use in most organizations because it makes it possible for authorities to manage users and roles separately. It was also noted that doing so simplified administrative responsibilities and made it further possible to enhance the associated level of security.

Encryption is the last information technology tool proposed by the respondents. It is primarily focused on the transmission of data across network security systems. Particularly, it is designed to curb security threats that occur when hackers intercept information being transferred from one point of the information network system to another. This information technology tool focuses on the need to encrypt data, such that unauthorized persons cannot gain access to it. The process is often embedded in a computer program, which encodes the text that needs to be transmitted across communication platforms. To further explain how this system works, one of the respondents said that the encryption process is automatically linked to the decryption phase, which started when a recipient receives encoded data. Therefore, for them to be able to read it, they need to decode it. However, for both processes to work effectively, it is important for concerned parties to agree on the encryption format to use, such that both of them have access to the information transferred. Stated differently, both parties should have an encryption key to allow each one of them to code or decode the messages.

The secondary research data gathered in this review also mentioned the need to have a common metric of coding and decoding data. However, they should stem from the process of symmetric key encryption, which has been deemed problematic by some researchers who believe that the presence of two sets of keys in equally different places make it difficult for coordinated communication to happen (Chen, Wei, and Ma, 2015; Choi and Kwak, 2016). Public encryption has also been mentioned in extant literature as an alternative to the symmetric key encryption format (Zhao et al., 2015). It involves the design of two sets of keys: public and private to code and decode information. For encryption to occur, the public key has to be accessed, while the encoded information will be accessed privately. Therefore, anyone who wishes to send a message using the public key can do so but the information generated has to be encrypted and accessed using a privately generated key. Therefore, public and private keys are needed to secure messages.

How to Mitigate the Risk of Identity Theft

When asked to state how the risk of identity theft can be minimized, the respondents alluded to the need to adopt a holistic approach of data assessment when building secure networks. When asked for specifics, one of the respondents highlighted the need to track people’s financial records and social activities. This recommendation is consistent with the views of Laybats and Tredinnick (2016), which suggests that continuously checking the accuracy of personal data is one of the most effective ways of promptly dealing with any discrepancy that may arise from a security breach. Additionally, another respondent highlighted the need to use one’s social security number to keep track of changes to financial statements and other sensitive data.

Three of the respondents said that companies need to seek the help of third-party players in mitigating the effects of cyber theft. Relative to this assertion, one of the respondents said identity protection services could be used to mitigate the effects of cyber theft on companies. He added,

Typically, these third party players equip their clients with information that would help them to safeguard their personal data.

Another respondent added that: These third parties can also help to monitor public and private records to alert their clients of any incidence or information breach. This strategy has been observed in companies that monitor credit reports because they give their clients status reports on the type of data to hold as well as any transaction changes they need to know about. I must also add that they are also useful in helping clients to resolve issues that may occur due to identity theft.

Additional evidence obtained from a review of the existing literature also supports the above-mentioned proposals with much of the suggestions indicating that these third parties could be governmental agencies and non-profit organizations that help people to get help when they have been attacked by a hacker (Chen, Wei, and Ma, 2015; Choi and Kwak, 2016; Laybats and Tredinnick, 2016). This type of help is often offered on websites and other online platforms of engagement where clients can get the tools and resources to better manage their data.

In response to identifying proposals to mitigate the risk of identity theft, one of the informants also said that adopting a multifactor authentication process would enable organizations to improve their network security levels. This strategy works by adopting two or more types of authentication processes to improve the level of risk preparedness because it would make it more difficult for a person to breach multiple layers of security in one attack. To further support the adoption of this strategy, two of the respondents gave examples of the RSA SecurID Token, which generates new access codes periodically and within intervals of minutes or seconds. Organizations that have adopted this system require users to know their access PINs and still key in a security code that is generated by a login system. The respondents further remarked that this system offers a new layer of security, which works by generating the system code described above every few seconds. Therefore, a failed login attempt using a set of codes cannot be replicated in a new attempt because a new code will be generated in every instance a hacker attempts to gain entry into the system.

Four of the interviewees further supported the adoption of this system by giving the example of online banking, which requires users to not only input their passwords but also a mobile-generated code that is linked with the telephone numbers that they used during registration. Therefore, the basic assumption underlying the integrity and quality of the system is that even if a hacker were able to guess a bank user’s password, it would be difficult for them to be in possession of the user’s mobile phone at the time of log-in.

Backing up data was mentioned by all the respondents as one of the techniques that organizations should adopt to prevent themselves from cyber-attacks. This strategy was mentioned as the first line of defense that organizations have in defending themselves from attacks. Relative to this assertion, one of the interviewees said.

I cannot stress enough that backing up your files is an essential requirement in the administration of any network security system. You also need to know that no matter the extent or nature of proposals you hear about protecting network securities from cyber-attacks, they cannot be 100% certain that they will work. Therefore, we need to have a secure backup process to restore the system in case of an attack. This action will protect organizations from the risk of having to “start from scratch” when they lose valuable data.

The secondary literature gathered in this study suggested that a robust backup plan should have four main components: a good understating of an organization’s resources, regular backup of data, offsite data storage, and the test of data restoration (Chen, Wei, and Ma, 2015; Choi and Kwak, 2016). The last measure is proposed as a continuous process whereby organizations are required to occasionally perform drill backup data to make sure that they would actually work in an emergency setting. One of the respondents said that it was important for organizations to undertake their own internal evaluation systems to determine the effects of downtime on their businesses. In most cases, many organizations choose to have an off-site data restoration plan that protects a firm from experiencing the effects of data loss when a security attack happens on-site

Conclusion and Recommendations

Conclusion

The aim of this study has been to determine how individuals within an organization can handle identity theft and hacking issues to protect their network security systems. Three objectives guided the investigation and they were focused on identifying information security tools needed to develop secure systems, highlighting measures that organizations take to mitigate the risk of identity theft, and understanding the relevance and role of trust in developing secure networks. Stemming from the need to meet these objectives, data was obtained from interviewees and secondary research data.

Based on the evidence gathered in this study, internet connectivity can pose significant security risks to organizations. Therefore, when a security breach happens, it may be difficult to detect such a risk early because billions of objects may be connected at the same time. The sophistication of hackers and the complexity of their strategies when planning and executing cyber-attacks have further made it difficult for firms to effectively address the risk of internet security threats. The evidence gathered in this report has additionally shown that the current internet security features adopted by most organizations are insufficient in protecting the physical infrastructure and private data associated with most of these enterprises. Therefore, companies should take the threat of cyber security seriously to encourage the development of a more elaborate framework for handling such risks within and outside the organizations.

Three tools were noted to be of critical importance to organizations that intend to develop robust and secure network systems: access control, authentication, and encryption. Although these tools are purposefully different from one another and serve several functions, they help to identify different levels of security requirements needed to be assigned to different groups of employees in an organization. In other words, the above-mentioned tools promote a layered system of information flow and security access system based on roles and tasks assigned to each employee. More of these discussions have been highlighted in this study as design features that organizations can exploit to promote the robustness of their systems. The same tools have been proposed as instruments for adapting organizational resources to different types of security needs. They have also been mentioned as instruments for developing strategies for mitigating the risk of cyber threats, as seen through the development of backup systems and firewalls, which are commonly adopted tools of security engagement. Overall, the evidence gathered in this document also shows that the strategies proposed to address different types of security systems should be implemented promptly because the nature of security threats keeps changing and it is important for solutions to also change in the same manner

Recommendations

As highlighted in chapter three of this report, one of the limitations of this study was its indicative nature. This means that the findings cannot appeal to all organizations or industries because of their unique characteristics and needs. Thus, it is important to perform a contextualized review of information systems analysis in one industry or sector to have a better understanding of how some of the proposals highlighted in this document can be addressed. The importance of doing a context-specific research is premised on the understanding that each industry has its unique security needs and threats that can be effectively addressed in an investigation that focuses on such factors. Therefore, future research should be directed towards adopting a context-specific understanding of the research phenomenon. These recommendations should be adopted in the study because the objective of this research process was not only to discover new knowledge but also to propose practical recommendations that can be used in a sectoral context or organizational setting.

Social, economic, and political changes affecting the business environment have also forced managers to think of new ways of accomplishing organizational tasks by exploiting the opportunities brought by digitization. For example, the recent COVID-19 pandemic has seen firms encourage their employees to work from home and the preceding rapid digitization of organizational processes has enabled this to happen. However, these changes and developments have only led to the creation of more problems for most companies because of the increased threat of cybercrime and the cost of preventing them. Therefore, to manage these developments, it is pertinent to have a broad strategy for addressing this threat since it is difficult for one company to effectively tackle this problem alone. Particularly, there is need for all stakeholders to collaborate effectively and address the problem.

There is also a need to undertake a quantitative assessment of the research phenomenon because the current study is qualitative. This approach to data collection will ensure the collection of robust and holistic data relating to internet security systems because the qualitative information obtained is only representative of the views of a few experts in the field. Additionally, the focus of this investigation has been on identity theft as one of the main security threats affecting organizations today. Therefore, it is important to investigate other aspects of security breaches such as the physical destruction of computer systems.

Reference List

Aydos, M., Vural, Y. and Tekerek, A. (2019) ‘Assessing risks and threats with layered approach to internet of things security’, Measurement and Control, 52(6), pp. 338-353.

Ballin, E. H. (2020) Advanced introduction to legal research methods. London: Edward Elgar Publishing.

Bialas, A. (2016) ‘Risk management in critical infrastructure-foundation for its sustainable work’, Sustainability, 8(3), p. 240.

Bossong, R. and Wagner, B. (2017) ‘A typology of cybersecurity and public-private partnerships in the context of the EU’, Crime, Law and Social Change, 67(3), 265-288.

Bourgeois, D. and Bourgeois, T. (2020) .

Carpenter, S. et al. (2017) ‘Expert sources in warnings may reduce the extent of identity disclosure in cyber contexts’, International Journal of Human-Computer Interaction, 33(3), 215-228.

Chen, L., Wei, F. and Ma, C. (2015) ‘A secure user authentication scheme against smart-card loss attack for wireless sensor networks using symmetric key techniques’, International Journal of Distributed Sensor Networks, 7(2), pp. 1-10.

Choi, S. and Kwak, J. (2016) ‘Enhanced SDIoT security framework models’, International Journal of Distributed Sensor Networks, 5(1), pp. 1-10.

Choi, Y., Lee, Y. and Won, D. (2016) ‘Security improvement on biometric based authentication scheme for wireless sensor networks using fuzzy extraction’, International Journal of Distributed Sensor Networks, 11(3), pp. 345-451.

De Souza, M. A. et al. (2020) ‘Detection and identification of energy theft in advanced metering infrastructures’, Electric Power Systems Research, 9(3), p. 182.

Dinger, M. and Wade, J. T. (2019) ‘The strategic problem of information security and data breaches’, The Coastal Business Journal, 17(1), 1-25.

Elhabashy, A. E. et al. (2019) ‘A cyber-physical attack taxonomy for production systems: a quality control perspective’, Journal of Intelligent Manufacturing, 30(6), 2489-2504.

Grommé, F. (2018) ‘Actor-network theory and crime studies: explorations in science and technology’, Technology and Culture, 59(1), pp. 201-202.

Halima, I. K., Islam, S. and Mohammad, A. R. (2018) ‘An integrated cyber security risk management approach for a cyber-physical system’, Applied Sciences, 8(6), pp. 1-10.

He, M., Devine, L. and Zhuang, J. (2018) ‘Perspectives on cybersecurity information sharing among multiple stakeholders using a decision-theoretic approach’, Risk Analysis, 38(2), pp. 215-225.

He, S., Huang, J. and Yang, P. (2020) ‘Build with intrinsic security: trusted autonomy security system’, International Journal of Distributed Sensor Networks, 9(1), pp. 1-10.

Hu, Z. et al. (2017) ‘Method for cyberincidents network-centric monitoring in critical information infrastructure’, International Journal of Computer Network and Information Security, 9(6), p. 30.

Kim, H., Lim, J. and Lee, K. (2015) ‘A study of K-ISMS fault analysis for constructing secure internet of things service’, International Journal of Distributed Sensor Networks, 4(2), pp. 1-10.

Lavorgna, A. (2019) ‘Cyber-organised crime: a case of moral panic?’, Trends in Organized Crime, 22(4), pp. 357-374.

Laybats, C. and Tredinnick, L. (2016) ‘Information security’, Business Information Review, 33(2), pp. 76-80.

Lee, S., Jeon, S. and Lee, B. (2019) ‘Security controls for employees’ satisfaction: perspective of controls framework’, SAGE Open, 5(2), pp. 112-139.

Levitin, G., Xing, L. and Huang, H. Z. (2018) ‘Security of separated data in cloud systems with competing attack detection and data theft processes’, Risk Analysis, 39(4), pp. 846-858.

Louchez, A. and Rosner, G. L. (2016) .

Lutz, C., Hoffmann, C. P. and Ranzini, G. (2020) ‘Data capitalism and the user: an exploration of privacy cynicism in Germany’, New Media and Society, 22(7), pp. 1168-1187.

Mallette, M. H. and Duke, N. K. (2020) Literacy research methodologies. 3rd edn. New York: Guilford Publications.

McAfee. (2018) .

Mukhopadhyay, A. et al. (2019) ‘Cyber risk assessment and mitigation (cram) framework using logit and probit models for cyber insurance’, Information Systems Frontiers, 21(5), pp. 997-1018.

Oliveira, M. et al. (2019) ‘Actor-network theory: opening the black box of the reasons for the involvement of researchers in the technology transfer process’, Journal of Innovation Management, 6(4), pp. 49-72.

Patterson, N., Hobbs, M. and Zhu, T. (2017) ‘A cyber-threat analytic model for autonomous detection of virtual property theft’, Information and Computer Security, 25(4), pp. 358-381.

Ratten, V. (2019) ‘The effect of cybercrime on open innovation policies in technology firms’, Information Technology and People, 32(5), pp. 1301-1317.

Strokes, P. (2017) Research methods. London: Macmillan International Higher Education

Sun, Q. et al. (2018) ‘Improving the security and quality of real-time multimedia transmission in cyber-physical-social systems’, International Journal of Distributed Sensor Networks, 6(1), pp. 10-19.

Vučković, Z. et al. (2018) ‘Analyzing of e-commerce user behavior to detect identity theft’, Statistical Mechanics and Its Applications, 1(5) pp. 331-335.

Zhao, H. et al. (2015) ‘Securing body sensor networks with biometric methods: a new key negotiation method and a key sampling method for linear interpolation encryption’, International Journal of Distributed Sensor Networks, 7(1) pp. 998-1123.

Zhao, Y. et al. (2019) ‘Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps’, International Journal of Distributed Sensor Networks, 4(2), pp. 1-11.

Hackers: The Good, the Bad and the Gray

Introduction

When one hears the word “hacker,” one typically thinks of cyber terrorists and criminals. People are stealing money from banks, shutting down facilities, acquiring private info, and locking owners out of their computers. It has effectively become a pejorative for illegal activities as well as bypassing computer security. It has not always been this way; the term “hacker” came from the 1960s, referring to extremely skilled programmers running FORTRAN and other coding languages (Grimes, 2017).

Nowadays, the profession revolves around identifying weaknesses in computer and network security. With the increased digitalization of every aspect of our everyday lives, the ubiquitousness of smartphones, and the emergence of IoT (Internet of Things), hackers have become both an incredible liability and an asset (Grimes, 2017). They are typically characterized using a color scheme: Black, White, and Gray (Grimes, 2017). The purpose of this paper is to describe each type of hacker and what they do in relation to computer security.

White Hat Hackers

White hat hackers are individuals who use their security bypassing skills for good causes. They are typically hired by organizations to test their systems against unwanted intrusion (“White Hat Hackers,” 2021). A white hat hacker will attempt to overcome all defenses the organization has to offer, often without causing damage. Should those vulnerabilities be detected, they are quickly fixed (“White Hat Hackers,” 2021). In some scenarios, a hacker will be allowed to do damage to systems in order to enable the company to test its data recovery strategies.

The three methods utilized in White Hat hacking include deep-scanning the existing networks for malware, trying to break into the protected systems, and using the human factor to bypass firewalls. The human factor is often overlooked by companies that do not train employees to use safety measures when working with outside documents (Grimes, 2017). Clicking on dangerous links, inserting foreign flash devices without scanning them first, and sharing account information with third parties are some of the most glaring weaknesses. The effects of White Hat workers are evidenced in everyday life.

Most organizations with a large digital presence tend to have higher security and lower downtimes (“White Hat Hackers,” 2021). At the same time, smaller companies that cannot afford to test their systems are more vulnerable to security leaks.

White hats working for companies have the potential to become dangerous Black Hats. The danger stems from familiarity with the security systems of their clients. They could purposefully leave backdoors for themselves to exploit later (Grimes, 2017). Dealing with reputable White Hats, thus, is very important for businesses that wish to protect themselves, their assets, and their customers.

Black Hat Hackers

Black Hat hackers fit the stereotype currently present in society. These individuals are criminals that commit illegal cybersecurity intrusions to achieve self-serving objectives. The most common goal is to achieve monetary rewards either by direct theft, blackmailing, or ransom. An example would be the WannaCry ransomware of 2017, which affected over 400,000 businesses across the world (“What is a Black-Hat Hacker,” 2021). It managed to extort only about 120,000 USD before decryption responses and tools emerged to assist those affected.

In many cases, Black Hats are working not to profit directly but to cause damage. These types of hackers are associated with cyberterrorism and are often on the payroll of specific countries or political organizations (“What is a Black-Hat Hacker,” 2021). The US, Russia, and China are some of the most frequent practitioners of such activities (Grimes, 2017). Terrorist organizations, such as ISIS and Al-Qaeda, are also known to engage in hacking as means of undermining their enemies and finding ways to fund their activities.

Finally, cyber-espionage is something both freelancing, and payroll Black Hats do. The information they discover through illegal access can either be ransomed for money, sold on the black market, or otherwise utilized to further the goals of specific people, organizations, and countries (Grimes, 2017). The most prominent example of recent years includes the hacking of Hillary Clinton’s mail in 2016, which potentially swung the presidential campaign in Donald Trump’s favor.

There is some good to Black Hats’ existence, however. The best White Hats come from having worked extensively outside of the law. They are the most familiar with the latest methods of Black Hat hacking, thus making it possible to prevent attempts and reinforce security (Grimes, 2017). Finally, they may have access to sources and connections exclusive only to them, thus enabling them to predict and prevent attacks before they even happen.

Gray Hat Hackers

On an ethical scale of good vs. bad, gray hackers are firmly in the middle. While they perform activities that could be considered criminal, they do so for good reasons. Namely, they often hack websites, facilities, and infrastructure without the owner’s request or permission to expose security vulnerabilities (“White Hat Hackers,” 2021). They see their actions as beneficial to businesses and society as a whole. The real intentions behind their actions vary – some are genuinely interested in the public good, while others do it for publicity (“White Hat Hackers,” 2021). Finally, there are individuals who do it for entertainment purposes, to sate their own curiosity, while ignoring privacy and a plethora of laws.

Some Black Hat hackers consider themselves to be this, as they attempt security breaches not for personal gain but in the name of the greater good. An example of this would be WikiLeaks, which employs the services of hacking organizations, such as Anonymous, to disclose classified documents of various government entities, exposing corruption and other crimes (Grimes, 2017). Many other organizations target business and political entities, but their motives are suspect, often attributed to machinations of opposing parties.

Overall, while Gray Hats think of themselves as heroes and Robin Hoods of the digital world, the rest of the cybercommunity often disagrees with their methods. As time passes, individuals from this group become either White or Black Hats, depending on the sincerity of their motives (Grimes, 2017). Despite the announced harmlessness of their activities, Gray Hats often end up doing more damage than they expect, either through poor hacking methods or by highlighting the weaknesses of a system for Black Hats to exploit.

Conclusions

The stereotype of a hacker depicts only one side of a complex issue. There are different kinds of hackers, each with its own methods, ethics, and agendas. With digital devices and software evolving, hacking will become even more widespread. The demand for cybersecurity specialists to be well-versed in Black Hat hacking methods would give rise to White Hackers becoming a recognized profession. The alternative to the rise of hackers would be to back away from digitalization, making systems less prone to outside interference while sacrificing many advantages brought by global interconnection. History shows that technological progress cannot be halted or stopped. It means that there is only one way – forward, meeting the challenges of cybersecurity as they arise head-on.

References

Grimes, R. A. (2017). Hacking the hacker: Learn from the experts who take down hackers. John Wiley & Sons.

” (2021). Kaspersky. Web.

” (2021). Kaspersky. Web.

The Documentary “How Hackers Changed the World?”

This particular documentary exposes viewers to the history of the Anonymous hacking-movement, which during the last decade began to affect the socio-cultural discourse in the West to an ever-increased extent. According to the documentary, the movement’s origins can be traced back to the founding of the online image-board 4chan, which became very popular with ‘computer nerds’ from MIT during the early 2000s.

As time went on, however, these individuals (as well, as their mind-likes from around the world) were becoming ever more politically motivated – something that predetermined the eventual emergence of Anonymous, as the international community of people committed to the cause of using the Internet to promote free speech (hacktivism). The documentary provides detailed information, as to what were the process’s sub-sequential phases, while presenting the audience with the excerpts from the interviews with the most prominent members of Anonymous and promoting (subtly) the idea that the movement’s objectives are thoroughly legitimate.

In fact, it refers to hackers as nothing short of some modern-day heroes, deeply committed to the cause of the society’s betterment. The movement’s involvement in the harassment of Hal Turner (neo-Nazi radio host) and Tom Cruise (the affiliate of the Church of Scientology), as well as the fact that one of its members Julian Assange was the founder of the WikiLeaks website, are referred to as the best proof, in this respect. In my opinion, this is the main reason why “How Hackers Changed the World” should be recommended for watching – in the aftermath of having been exposed to it; people should be able to expand their intellectual horizons, with respect to what can be considered the societal significance of ‘hacktivism’.

21st Century Hackers – Documentary Review

Summary of the Documentary

In the video, the author first introduces the need for new technology: to make work easier. For increased productivity and work efficiency, internet usage has grown globally, and it has turned into a multi-billion-dollar industry. However, with all this sophistication of technology, the issue of hacking comes up. According to the documentary, hacking is of three different types: white hackers, black hackers, and grey hackers. White hackers are classified as the so-called good hackers, whereas black hackers are the bad type. Lastly, the documentary outlines that grey hackers fall in between the good and bad hackers.

Initially, hacking was not meant for malicious or destructive purposes. To expound more on this term, the author introduces Samy, a white hacker who began his hacking journey through ‘My Space.’ Despite experiencing several challenges out of his hacking activities, such as being prohibited from using a computer for three years, Samy has joined a group of other white hackers to increase the security features of systems worldwide by detecting all vulnerabilities or loopholes and closing them down. The returns for such beneficial white hacking are called bounties.

On the other side, there are black hackers who use their hacking pedigree to extort money from innocent users of the internet and other technology devices. For instance, many black hackers use ransomware to demand ransom to reinstate people’s access to their personal files. Ransomware is mainly spread through emails, where the virus infects all personal files automatically when a person opens a link sent to their email. In return, the hackers encrypt all files with a key and demand ransom from their targets in exchange for the key, which allows them to gain access to their files again. Against such hackers’ actions, the U.S. secret services protect the Presidency and investigate such high-end crimes. The author gives different instances of how the secret services has tracked down the criminals.

Takeaway from the Documentary

In the presence of all these hacking issues, what stands out is that people increase the easy-access of hackers into their systems. Smartphones have penetrated into almost all parts of the world, regardless of the social stratifications, and for everyone that owns mobile phones, most of them are smartphones. Smartphone users give out their personal information, and companies globally are using this data for marketing purposes.

However, information sharing enables malicious uses by making it possible to devise ways of accessing different people in their circles and infiltrate their files; in other words, for monetary purposes. People must find out ways that these imperative devices are not used against them since it is impossible to live without them; for instance, the Tor browser is secure against being tracked by governments and companies, for whatever reasons that they may have.

Questions and/or Thoughts from an InfoSec Professional Perspective

From this perspective, several insights can be obtained to win or at least gain some ground against bad hackers’ malicious intentions. First, technology users must protect their data, for example, through frequent back-ups. Second, users must be the first line of defense against hacking or data insecurity, such as through a firm user policy of emails and other online sites. Third and lastly, it is essential always to be skeptical when dealing with new programs, tools, and projects.