Many of you have probably heard the adage that one of the best ways to catch a criminal is to think like one. Recently, I discovered several articles in a series called ‘Hacker Conversations’ by Securityweek about hackers and their backgrounds, psychological profiles, etc., and found them fascinating. Here are some interesting commonalities:
- Nature vs Nurture: many hackers would say they are born with hacking as part of them. Perhaps the distinction of good vs. bad (black hat vs. white hat) is more driven by the experiences of their life. So, the hacking comes by nature and the use of the gift is more impacted by life experiences.
- Hyperfocus Capabilities: They typically can hyperfocus on a problem, enabling the ability to find their way through the layers of security we set up…. which is what makes defense in depth so important. There is no way to enable systems to work as we need them to and completely lock them down so that they can never be hacked. The trick is putting enough controls in place to slow them up and encourage them to move to the next one.
- Neurodivergent: Many of the hackers noted in the articles state that they are neurodivergent, meaning their brain functions somewhat uniquely than most people. Most state that they have ADHD, Autism, or a similar disorder. This applicability is explained best by Casey Ellis, CTO at Bugcrowd “Systems are usually built by neurotypical people and used by neurotypical people,” says Ellis. “So, having a neurodivergent come in and say, ‘Hey, here’s the thing you missed’ makes sense. It’s there in the name – they’re thinking in a different way.”
- They don’t dream of being hackers: Being hyper-focused on computers as kids, they typically don’t reflect on whether their actions are ethical or unethical. Hackers see themselves as simply working on a problem that’s in front of them. Many of those interviewed don’t realize they’ve done anything wrong until it’s too late and they find themselves in trouble.
- Some hackers turn into career researchers: One cybersecurity executive, Alex Ionescu, has made a career of being a cybersecurity researcher. Whether black hat or white hat, it comes to down to patience and curiosity at the end of the day. According to Alex, “You could spend years researching something and, in the end, it amounts to nothing more than knowledge gained. It’ll have no value beyond that,” he continued. “So, you must have that curiosity that makes you say at the end of the day ‘Oh, I’m glad I learned something that I can share.’ If you’re in it just for fame or just for money, it’s going to be disappointing quite quickly, because you generally don’t get there; or get there very rarely.”
It was insightful to study these articles; I learned a lot and I hope that this information can help you on your cybersecurity journey as well.
Sources:
https://www.securityweek.com/hacker-conversations-casey-ellis-hacker-and-ringmaster-at-bugcrowd/
https://www.securityweek.com/hacker-conversations-alex-ionescu/