Profiling the Hacker/virus writer

Why do people decide to create malicious software? Are they just anti-social basement dwellers or just jackal style criminals? What do they get out of it? Is it some satisfaction from the damage they cause or is it the notoriety they crave? Financial and political gain can be somewhat explained but what about the individual who just gets a kick out of causing havoc? What is the purpose of risking your freedom and your future for fleeting fame?

http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/psycho.html

The article is a profile of them, but I would suggest that if they were given the chance to profile themselves they would see themselves in a totally different light. IMO, like any sociopath they do not have any empathy for their victims. They do what they do, because they can. This was not touched on in the article.

 

One doesn't need to be a sociopath to commit murder. Why would one need to be a sociopath to commit other crimes? IMO the normal human capacity to rationalize is quite sufficient.

Just my 2c.

 

I've known quite a lot of hackers. They have all been nice and friendly. We make jokes and we chat about other things or research or whatever. I don't think they're sociopaths.

They're greedy, usually. Or the nonprofit ones just like to have fun.

They like money. They're OK with what they do. They rationalize it a lot, which is why it's obvious that they're not sociopaths (well I just have a botnet, I don't hurt anyone, what my customers use it for is on them).

Most of them won't deal with certain groups, because some of them are insane.

They're mostly normal people. Just desensitized.

 

It could also be a sense of arrogance in that if your stupid enough to have little or no security installed then you deserve to get infected.

 

Living outside the law is an elixir to some people.
It's a mindset, a lifestyle, an identity... that may or may not be accompanied by greed (greed having already been mentioned).
I am sure there is a very tangible rush inherent in outsmarting "the man".
Some people see low-hanging fruit and simply cannot resist harvesting it, regardless of who it belongs to.
Ultimately, a thief is a thief, no matter the spin one tries to put on it.
For the pure maliciousness aspect of malware, wherein the only thing being done is destruction, I'd of course have to eliminate greed as a motivating factor. These folks just like to jam a wrench into the gears of anything that is functioning.
I fail to agree with the lofty status that some people assign to hackers. But, subversion is in the hacker's DNA, and I suppose it isn't that surprising that they would have their own groupies.

 

I have to point out here that you can't "install security." Security IMO means that you can assume your data to be safe (integrity), private (confidentiality), and usable (availability) within certain limits. Software alone won't cover that. Software defenses against certain threats can be part of a security policy, but cannot be a replacement for a policy.

Nitpick aside, though, I have seen people make similar rationalizations. e.g. there was one blackhat who pasted an AMA on Reddit a while back. (There was a thread on that here IIRC.) His thing was fake keygens; in his opinion, if you were greedy enough to try and pirate whatever software, you deserved a hacking. Because, you know, two wrongs clearly make a right.

 

There is a lot of rationalizing with them. Not all hackers are bad though. I know a few, one in particular, who will take a website down but they don't try to *hurt* anyone. They don't compromise users or steal information. They break into things because it's a challenge and, for some, because it'll teach websites that they need to be better about security.

It may not be 100% kosher but it's not nearly as malicious.

 

Not anymore, & not since April 11, 2008 10:46 AM

http://www.badguys.org/blog/2008/04/symantec.html

How sad for such a talented girl to be mistreated like that You can still DL a number of her papers @ Symantec though. So they havn't completely wiped out her memory & work, yet ! Symantec should be ashamed of themselves, & i hope they now back pay her what they owe her, & interest/compensation too.

She has deleted most of her www info, & only the blog remains ? Poor girl

 

Do you know any virus writers? They seem to fit into a totally separate category or do you believe that they too are nice people and just a bit desensitized?

 

Yes, I know people who write malware. I was grouping them with the hackers I know.