DOCSLIB.ORG

How Hackers Think: a Mixed Method Study of Mental Models and Cognitive Patterns of High-Tech Wizards

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
How Hackers Think: a Mixed Method Study of Mental Models and Cognitive Patterns of High-Tech Wizards HOW HACKERS THINK: A MIXED METHOD STUDY OF MENTAL MODELS AND COGNITIVE PATTERNS OF HIGH-TECH WIZARDS by TIMOTHY C. SUMMERS Submitted in partial fulfillment of the requirements For the degree of Doctor of Philosophy Dissertation Committee: Kalle Lyytinen, Ph.D., Case Western Reserve University (chair) Mark Turner, Ph.D., Case Western Reserve University Mikko Siponen, Ph.D., University of Jyväskylä James Gaskin, Ph.D., Brigham Young University Weatherhead School of Management Designing Sustainable Systems CASE WESTERN RESERVE UNIVESITY May, 2015 CASE WESTERN RESERVE UNIVERSITY SCHOOL OF GRADUATE STUDIES We hereby approve the thesis/dissertation of Timothy C. Summers candidate for the Doctor of Philosophy degree*. (signed) Kalle Lyytinen (chair of the committee) Mark Turner Mikko Siponen James Gaskin (date) February 17, 2015 *We also certify that written approval has been obtained for any proprietary material contained therein. © Copyright by Timothy C. Summers, 2014 All Rights Reserved Dedication I am honored to dedicate this thesis to my parents, Dr. Gloria D. Frelix and Dr. Timothy Summers, who introduced me to excellence by example and practice. I am especially thankful to my mother for all of her relentless support. Thanks Mom. DISCLAIMER The views expressed in this dissertation are those of the author and do not reflect the official policy or position of the Department of Defense, the United States Government, or Booz Allen Hamilton. Table of Contents List of Tables ..................................................................................................................... ix List of Figures ..................................................................................................................... x Acknowledgements ............................................................................................................ xi Abstract ............................................................................................................................. xii INTRODUCTION .............................................................................................................. 1 The History of Hacking ................................................................................................... 3 The First Generation Hackers ......................................................................................... 4 The Second Generation Hackers ..................................................................................... 8 The Third Generation Hackers ...................................................................................... 11 The Fourth Generation Hackers .................................................................................... 16 LITERATURE REVIEW ................................................................................................. 21 Pragmatism .................................................................................................................... 22 Learning ........................................................................................................................ 23 Forward Thinking .......................................................................................................... 25 Knowledge Acquisition and Transfer ........................................................................... 27 Intrinsic individual characteristics ............................................................................. 27 Creativity ................................................................................................................... 27 Curiosity .................................................................................................................... 28 Perceived Skills ............................................................................................................. 29 Domain expertise ....................................................................................................... 29 Diagramming ............................................................................................................. 30 Perception of Environment............................................................................................ 32 Ambiguity tolerance .................................................................................................. 33 THEORETICAL FRAMING............................................................................................ 34 What is Known .............................................................................................................. 34 What We Do Not Know ................................................................................................ 35 A Tentative Theoretical Framework ............................................................................. 36 Mental models ........................................................................................................... 37 Skill acquisition ......................................................................................................... 38 Self-efficacy ............................................................................................................... 38 Flow ........................................................................................................................... 39 vi Systems thinking........................................................................................................ 40 RESEARCH PLAN .......................................................................................................... 41 RESEARCH METHODOLOGY...................................................................................... 43 Method – Hacker Study #1............................................................................................ 49 Method – Hacker Study #2............................................................................................ 50 Method – Hacker Study #3............................................................................................ 51 OVERVIEW OF RESULTS ............................................................................................. 51 Study I: How Hackers Think: A Study of Cybersecurity Experts and Their Mental Models ........................................................................................................................... 51 Summary of Findings ................................................................................................ 51 Study II: How Hackers Think: Understanding the Mental Models and Cognitive Patterns of High-Tech Wizards ..................................................................................... 54 Summary of Findings ................................................................................................ 54 Study III: How Hackers Think: Sociocultural Facets and Understanding Their Impact on the Hacker Mind ....................................................................................................... 55 DISCUSSION ................................................................................................................... 55 Limitations .................................................................................................................... 60 Qualitative ................................................................................................................. 61 Quantitative ............................................................................................................... 61 Mixed method: Design quality .................................................................................. 62 Mixed method: Interpretive rigor .............................................................................. 62 Implications for Practitioners ........................................................................................ 63 Future Research ............................................................................................................. 67 Hacker assessments. .................................................................................................. 67 Performance outcomes. ............................................................................................. 67 Comparison with other populations. .......................................................................... 68 CONCLUSION ................................................................................................................. 70 Appendix A: How Hackers Think: A Study of Cybersecurity Experts and Their Mental Models............................................................................................................................... 71 Appendix B: How Hackers Think: Understanding the Mental Models and Cognitive Patterns of High-Tech Wizards ....................................................................................... 101 Appendix C: How Hackers Think: Sociocultural Facets and Understanding Their Impact on the Hacker Mind ........................................................................................................ 146 vii REFERENCES ............................................................................................................... 201 viii List of Tables Table 1: What We Know Concerning Hackers and Their Mental Models ....................... 34 Table 2: Unknowns Concerning Hackers and Their Mental Models ............................... 35 Table 3: Mapping Research Questions to Theoretical Frameworks ................................. 43
Load more

Recommended publications
  • UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations
    UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations Title A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Permalink https://escholarship.org/uc/item/6w76f8x7 Author Swift, Kathy Publication Date 2017 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA Santa Barbara A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Education by Kathleen Anne Swift Committee in charge: Professor Richard Duran, Chair Professor Diana Arya Professor William Robinson September 2017 The dissertation of Kathleen Anne Swift is approved. ................................................................................................................................ Diana Arya ................................................................................................................................ William Robinson ................................................................................................................................ Richard Duran, Committee Chair June 2017 A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Copyright © 2017 by Kathleen Anne Swift iii ACKNOWLEDGEMENTS I would like to thank the members of my committee for their advice and patience as I worked on gathering and analyzing the copious amounts of research necessary to
    [Show full text]
  • Impact of the Maker Movement
    Impact of the maker movement Developed by Deloitte Center for the Edge and Maker Media from the Maker Impact Summit Dec. 2013 I AM A MAKER with my own two hands I forge the future from my imagining my work, my sweat with these tools i can build worlds here i put wire and foam transistor and plastic rubber metal and wood together to make something new what does it do where will this take us new places new worlds all from my workshop Malcolm S. Hoover, 2014 TABLE OF CONTENTS A Future of Potential 4 Overview 7 Letters from Conveners 10 How to Read This Document 14 How might the Maker Movement have an impact on… 15 • Manufacturing 16 • Education 19 • Government and Public Policy 22 • Citizen Science 25 • Retail 28 What Happens Next? 30 Participants 32 Other Images from the Summit 38 A FUTURE OF POTENTIAL We are on the cusp of an opportunity to more fully We are in a correction of sorts. Driven by the goal of scale tap into our creative potential, driven by significant efficiencies and low costs, the supply chain has been technological innovation that is democratizing the means stretched to the far extremes, like a bungee cord, and now of production and enabling connections between resources it’s starting to come back as the underlying economics and markets. Realizing this opportunity will require change. Where will we end up? We’ve learned in the last re-thinking and redesigning all of our major institutions, 15 years that experimentation is the key to innovation.
    [Show full text]
  • A Study of Android Application Security
    A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri Systems and Internet Infrastructure Security Laboratory Department of Computer Science and Engineering The Pennsylvania State University enck, octeau, mcdaniel, swarat @cse.psu.edu { } Abstract ingly desire it, markets are not in a position to provide security in more than a superficial way [30]. The lack of The fluidity of application markets complicate smart- a common definition for security and the volume of ap- phone security. Although recent efforts have shed light plications ensures that some malicious, questionable, and on particular security issues, there remains little insight vulnerable applications will find their way to market. into broader security characteristics of smartphone ap- In this paper, we broadly characterize the security of plications. This paper seeks to better understand smart- applications in the Android Market. In contrast to past phone application security by studying 1,100 popular studies with narrower foci, e.g., [14, 12], we consider a free Android applications. We introduce the ded decom- breadth of concerns including both dangerous functional- piler, which recovers Android application source code ity and vulnerabilities, and apply a wide range of analysis directly from its installation image. We design and exe- techniques. In this, we make two primary contributions: cute a horizontal study of smartphone applications based on static analysis of 21 million lines of recovered code. We design and implement a Dalvik decompilier, • Our analysis uncovered pervasive use/misuse of person- ded. ded recovers an application’s Java source al/phone identifiers, and deep penetration of advertising solely from its installation image by inferring lost and analytics networks.
    [Show full text]
  • Ethics in Security Testing
    Ethics in Security Testing Title Prepared by: Nick Dunn, Managing Security Consultant Table of contents Executive summary ................................................................... 3 Introduction ................................................................................4 Professional ethics .................................................................... 6 The hacker ethic ........................................................................ 9 Reconciling the ethical stances ............................................... 12 Conclusion ............................................................................... 16 References .............................................................................. 18 About NCC Group ................................................................... 20 2 NCC Group Whitepaper ©2018 Executive summary This paper discusses the similarities and differences between professional ethics in the information security industry and ethics in the hacker community. Sources of conflict between the two and shared values of the two are discussed in order to find some reconciliation and come to an understanding of how a shared set of ethics is possible. A reconciled set of ethics allows hackers to function within the corporate world without compromising their principles and allows the commercial world to benefit from some of the more progressive ideas within the hacker community. A reconciled set of ethics allows hackers to function within the corporate world without compromising their principles
    [Show full text]
  • Cyber Crime and Cyber Terrorism Investigator's Handbook
    CHAPTER Cybercrime classification and characteristics 12 Hamid Jahankhani, Ameer Al-Nemrat, Amin Hosseinian-Far INTRODUCTION The new features of crime brought about as a result of cyberspace have become known as cybercrime. Cybercrime is growing and current technical models to tackle cybercrime are in- efficient in stemming the increase in cybercrime. This serves to indicate that further preventive strategies are required in order to reduce cybercrime. Just as it is important to understand the characteristics of the criminals in order to understand the motiva- tions behind the crime and subsequently develop and deploy crime prevention strate- gies, it is also important to understand victims, i.e., the characteristics of the users of computer systems in order to understand the way these users fall victim to cybercrime. The term “cybercrime” has been used to describe a number of different concepts of varying levels of specificity. Occasionally, and at its absolute broadest, the term has been used to refer to any type of illegal activities which results in a pecuniary loss. This includes violent crimes against a person or their property such as armed robbery, vandalism, or blackmail. At its next broadest, the term has been used to refer only to nonviolent crimes that result in a pecuniary loss. This would include crimes where a financial loss was an unintended consequence of the perpetrator’s actions, or where there was no intent by the perpetrator to realize a financial gain for himself or a related party. For example, when a perpetrator hacks into a bank’s computer and either accidentally or intentionally deletes an unrelated depositor’s account records.
    [Show full text]
  • Greek Society in Crisis and in Motion: Building the Material Bases for an Alternative Society from the Bottom up Georgia Bekridaki and Antonios Broumas
    Interface: a journal for and about social movements Article Volume 9 (1): 230 – 255 (2017) Bekridaki and Broumas, Greek society in crisis Greek society in crisis and in motion: building the material bases for an alternative society from the bottom up Georgia Bekridaki and Antonios Broumas Abstract In the last six years, Greece has been hit by a vicious circle of relentless neoliberal restructuring programs. During the years of the crisis, throughout the country urban and rural communities of struggle have been formed, which tend to employ instituent practices and to acquire constitutive characteristics, in order to collectively address unmet social needs / desires and ensure their collective survival. In this context, socially reproductive commons in germ form have emerged with social and solidarity economy initiatives in their peripheries, alternative forms of life in common have been shaped and societies have been set in motion with the potential to establish the material foundations of their collective autonomy. Within this huge gap of social (re)production, the constituent power of social movements emerges in germ form as a resurgent force with the potential to address these needs and desires and, correspondingly, shape life in common. In the neoliberal era, it is this potential of a constituent counter - power that has the capacity to constitute the contending power to the dominant force of the capital - state complex. Keywords: Greece, social movements, mutual aid, commons, social and solidarity economy, constituent power. Introduction Greece is at the forefront of a social war raging throughout the south and, gradually spreading towards the north of Europe. On the one side, capital loots wealth and accumulates social power from vulnerable populations directly by dispossession of small property, public wealth and the commons and less by the traditional means of extracting value through exploitation (Harvey 2014: 65).
    [Show full text]
  • PC Magazine Fighting Spyware Viruses And
    01_577697 ffirs.qxd 12/7/04 11:49 PM Page i PC Magazine® Fighting Spyware, Viruses, and Malware Ed Tittel TEAM LinG - Live, Informative, Non-cost and Genuine ! 01_577697 ffirs.qxd 12/7/04 11:49 PM Page ii PC Magazine® Fighting Spyware, Viruses, and Malware Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256-5774 www.wiley.com Copyright © 2005 by Wiley Publishing Published simultaneously in Canada ISBN: 0-7645-7769-7 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1B/RW/RS/QU/IN No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, e-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials.
    [Show full text]
  • Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p.
    [Show full text]
  • CADET: Computer Assisted Discovery Extraction and Translation
    CADET: Computer Assisted Discovery Extraction and Translation Benjamin Van Durme, Tom Lippincott, Kevin Duh, Deana Burchfield, Adam Poliak, Cash Costello, Tim Finin, Scott Miller, James Mayfield Philipp Koehn, Craig Harman, Dawn Lawrie, Chandler May, Max Thomas Annabelle Carrell, Julianne Chaloux, Tongfei Chen, Alex Comerford Mark Dredze, Benjamin Glass, Shudong Hao, Patrick Martin, Pushpendre Rastogi Rashmi Sankepally, Travis Wolfe, Ying-Ying Tran, Ted Zhang Human Language Technology Center of Excellence, Johns Hopkins University Abstract Computer Assisted Discovery Extraction and Translation (CADET) is a workbench for helping knowledge workers find, la- bel, and translate documents of interest. It combines a multitude of analytics together with a flexible environment for customiz- Figure 1: CADET concept ing the workflow for different users. This open-source framework allows for easy development of new research prototypes using a micro-service architecture based atop Docker and Apache Thrift.1 1 Introduction CADET is an integrated workbench for helping knowledge workers discover, extract, and translate Figure 2: Discovery user interface useful information. The user interface (Figure1) is based on a domain expert starting with a large information in structured form. To do so, she ex- collection of data, wishing to discover the subset ports the search results to our Extraction interface, that is most salient to their goals, and exporting where she can provide annotations to help train an the results to tools for either extraction of specific information extraction system. The Extraction in- information of interest or interactive translation. terface allows the user to label any text span using For example, imagine a humanitarian aid any schema, and also incorporates active learning worker with a large collection of social media to complement the discovery process in selecting messages obtained in the aftermath of a natural data to annotate.
    [Show full text]
  • Ethical Hacking
    International Journal of Scientific and Research Publications, Volume 5, Issue 6, June 2015 1 ISSN 2250-3153 Ethical Hacking Susidharthaka Satapathy , Dr.Rasmi Ranjan Patra CSA, CPGS, OUAT, Bhubaneswar, Odisha, India Abstract- In today's world where the information damaged the target system nor steal the information, they communication technique has brought the world together there is evaluate target system security and report back to the owner one of the increase growing areas is security of network ,which about the threats found. certainly generate discussion of ETHICAL HACKING . The main reason behind the discussion of ethical hacking is insecurity of the network i.e. hacking. The need of ethical hacking is to IV. FATHER OF HACKING protect the system from the damage caused by the hackers. The In 1971, John Draper , aka captain crunch, was one of the main reason behind the study of ethical hacking is to evaluate best known early phone hacker & one of the few who can be target system security & report back to owner. This paper helps called one of the father's of hacking. to generate a brief idea of ethical hacking & all its aspects. Index Terms- Hacker, security, firewall, automated, hacked, V. IS HACKING NECESSARY crackers Hacking is not what we think , It is an art of exploring the threats in a system . Today it sounds something with negative I. INTRODUCTION shade , but it is not exactly that many professionals hack system so as to learn the deficiencies in them and to overcome from it he increasingly growth of internet has given an entrance and try to improve the system security.
    [Show full text]
  • Hacker Culture & Politics
    HACKER CULTURE & POLITICS COMS 541 (CRN 15368) 1435-1725 Department of Art History and Communication Studies McGill University Professor Gabriella Coleman Fall 2012 Arts W-220/ 14:35-17:25 Professor: Dr. Gabriella Coleman Office: Arts W-110 Office hours: Sign up sheet Tuesday 2:30-3:30 PM Phone: xxx E-mail: [email protected] OVERVIEW This course examines computer hackers to interrogate not only the ethics and technical practices of hacking, but to examine more broadly how hackers and hacking have transformed the politics of computing and the Internet more generally. We will examine how hacker values are realized and constituted by different legal, technical, and ethical activities of computer hacking—for example, free software production, cyberactivism and hactivism, cryptography, and the prankish games of hacker underground. We will pay close attention to how ethical principles are variably represented and thought of by hackers, journalists, and academics and we will use the example of hacking to address various topics on law, order, and politics on the Internet such as: free speech and censorship, privacy, security, surveillance, and intellectual property. We finish with an in-depth look at two sites of hacker and activist action: Wikileaks and Anonymous. LEARNER OBJECTIVES This will allow us to 1) demonstrate familiarity with variants of hacking 2) critically examine the multiple ways hackers draw on and reconfigure dominant ideas of property, freedom, and privacy through their diverse moral 1 codes and technical activities 3) broaden our understanding of politics of the Internet by evaluating the various political effects and ramifications of hacking.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]