Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hacking
Can the science of behavioral profiling apply to cybercriminals and hackers?
***** Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hacking. By Raoul Chiesa et al; published by CRC Press, www.crcpress.com (Web); 262 pages; $49.95.
Profiling Hackers is a compilation of the early findings of the Hacker Profiling Project (HPP), supported by the United Nations Interregional Crime and Justice Research Institute (UNICRI). HPP is a multi-year study aimed at applying the behavioral science of criminal profiling to the world of hacking and cybercrime.
Co-author Raoul Chiesa was the Italian equal of American hacker Kevin Mitnick, and like Mitnick, he turned from a black-hat hacker and social engineer into an ethical hacker. He made that transition in 1995. Now he protects the computer networks and systems he previously broke into. Stefania Ducci is a member of the UNICRI Counter Human Trafficking and Emerging Crimes Unit, while Silvio Ciappi is a criminologist and profiler at the University of Pisa.
The book covers the first three of eight planned HPP phases. Phase One has to do with theoretical data collection, with planning and distribution of a hacker questionnaire with different formats for distinct targets; Phase Two entails observations, with participation in IT underground culture including international hacker conferences; and Phase Three involves archiving data collected during the first phase.
The book includes a rather remarkable first chapter that introduces, defines, and categorizes different profiling techniques and systems in only 12 pages. The authors have selected a “hybrid” methodology that combines the deductive method of analyzing data from live honey-nets with the inductive method of processing questionnaire data to define the particular traits of various types of hackers. Those traits are then applied to attackers with similar characteristics as deduced from hacking “crime scenes.”
Well-constructed introductions to cybercrime and hackers follow. If only the rest of the book were that clear and efficient. Instead, it tends to bog down under the weight of its own data as it delves into the details of the HPP questionnaire. Perhaps it is the innate nature of the book, which serves as an introduction to an ongoing study, that forces such a burden on the reader.
The end result is mixed, with valuable but incomplete insights into the development of a hacker profiling methodology. It is a good introduction for those who need some current data, including an appendix with The Hacker Manifesto, hacker biographies, and nine hacker categories. This reviewer looks forward to the final version of this book, when this important study is completed. That will be a book that should add significant knowledge to the field.
Reviewer: William Stepka, CPP, CISSP (Certified Information Systems Security Professional), is a security consultant, investigator, and principal at Stepka & Associates in San Francisco. He is the historian of ASIS’s San Francisco Bay Area Chapter, and his articles on topics ranging from social engineering to plain clothes security have appeared in chapter newsletters.
@ For more information about the study, visit "Beyond Print."