At the Tenth Hackers on Planet Earth (HOPE) Conference, Dr. Aunshul Rege, a criminal justice assistant professor at Temple, talked with one particular hacker, remaining anonymous, who said he’s careful about using the word because he’s afraid of what people will think. When his cousin asked him what kind of work he was in, he lied and said he organized conferences.
This was just one of the many kinds of responses Rege received during her time at the conference talking to 20 self-identified cybercriminals about their thoughts on the myths and media portrayals surrounding their community. She presented her findings last month at the Eleventh HOPE Conference in New York City with Quinn Heath, a Temple undergrad double majoring in computer science and criminal justice.
You can watch the whole presentation here:
Here’s some of what Rege had to say about common myths and stereotypes:
- The omnipotent superhacker: “Everyone has their little niches of things to know, you have the people that find vulnerabilities, the people that can program, there’s niches. There’s not one person who I’ve ever met who knows everything, it’s just too much information.”
- Criminals are anonymous and cannot be tracked: “The only way to not get caught is to … not do anything worth getting caught over, and … if you’re going to do something, do 99 percent of it offline.”
- Criminals go unpunished and get away with crimes: “I think that law enforcement is trying to find people in our community to make examples out of. It’s given me the feeling that you have to be careful about what you type into a terminal. … When we’re prosecuted, we get harsher treatment than violent criminals.”
- Gender: “I think in general, in the tech and computer world, the female gender is pretty underrepresented, so it’s true in the hacker world as well.”
- Race: “Hackers of color? I don’t think I can think of any representations of hackers of color.”
- Issues with news: “They take snippets, and they twist that to whatever they want it to appear to be … but if you read the full story … you’re like, OK, this is actually what happened.”
The presentation, titled “What the Hack? Perceptions of Hackers and Cybercriminals in Popular Culture,” was actually more of a side project for Rege that spawned from one of her two National Science Foundation-funded research projects — trying to understand the decision-making processes cybercriminals take in cyberattacks against critical infrastructures, like power grids, telecommunications and emergency services.
What the Hack? Perceptions of Hackers and Cybercriminals in Popular Culture
— Security Shell (@Sec_Shell) July 22, 2016
Her eight- to 10-year journey looking into the hacker community started when she wanted to look at the more human side of cybersecurity, having worked two years as a software engineer in Canada.
“I think it’s equally important to look at who are the bad guys — why are they after my system, what do they want, how are they getting in?” she said.
So Rege went back to school to study criminology for her Ph.D. at Rutgers and attended the world’s largest underground hacking conference DEF CON in hopes of talking to some hackers. It turned out the stereotypical image of a hacker being incredibly secretive wasn’t exactly true.
“They want to talk because they want to be heard,” she added. “I like to talk to people, I’m a qualitative researcher.”
Her research into who and what a hacker really is was her way to “open up to the community that has opened up to me.” One of her favorite experiences at this past HOPE Conference was being invited by Ed “BernieS” Cummings, a phone hacker, to a rooftop “antenna erection party” where a ham radio contest was taking place. She said she was grateful to BernieS for welcoming her and allowing her to conduct research and share findings at HOPE.
“For those two hours, I got to be a part of that community,” she said. “This is the kind of stuff you rarely get to do as a social science academic. … I would love to bring that sort of story out, from immersing myself in that community.”