Using ANT to understand dark side of computing - Computer underground impact
on eSecurity in the dual use context
Mario Silic
University of St Gallen
Institute of Information Management
Mueller-Friedberg-Str. 8 • 9000 St. Gallen • Switzerland
Email: mario.silic@unisg.ch
January 2015
Working paper
Abstract:
Dark side of computing – computer underground (CU) – from its roots in Yippies 1960s
counterculture movement to today’s new hackers, CU definition has seen various adaptations to
the new digital era phenomena. Using Actor Network Theory (ANT) we analyze computer
underground and provide complete anatomy of the modern hacker organization. We explore
computer underground as hacker subcultures, and discuss group formation and translation from
ANT perspective. With supporting interviews and observations we will present detailed analyzes
of the computer underground ecosystem. The discussion reveals interesting insights about the
‘black box’ of file sharing, and the ideologies of those involved. Scarcity and quality are strong
motivators for engaging in underground file sharing communities, with access to high quality
music files and scarce music files being a reward for actively participating. The quality of content
is maintained through strict rules for converting and uploading new music. Because
underground communities are quite sophisticated, it is argued that it is possible to learn from
them and use this knowledge in the development of future online music systems and
communities.
Keywords: Ethnography, Actor Network Theory, Hacker subculture, computer underground, information
security
1
Introduction
There is no unique definition of the computer underground (CU), but all illegally
conducted activities performed by one or more individuals can be seen as CU.
Historically, computer underground can be divided in two parts: 60s and 90s hackers.
Levy (1984) defines 60s hackers as the group that strived for creation and loved control
over their computers while 90s hackers as striving to destroy and tamper and love the
power computers gives them over people.
Computer underground (CU) is part of the information security and as such deep and
through understanding of CU is needed. To further explain mechanics reigning in CU,
this research paper is using Actor Network Theory (ANT) proposed by Callon and
Latour (Callon and Latour 1981; Callon 1986; Latour 1993a). ANT’s concepts of group
formation and translation will provide insights into the CU world. In this context, there is
an important dual-use challenge (Silic, 2013; Silic & Back, 2013, 2014a, 2014b, 2015).
In this paper we argue that computer underground and all negative events and actions
are results of a missing understanding of the relationships between different subgroups
of the computer underground (White hat, Black hat, Grey hat, Blue hat, Neophyte, Script
kiddie, Hacktivist, Elite hacker).
This paper is structured as follows. Firstly the literature on information security and
hacker subculture as part of the computer underground is reviewed. We argue that
there is a lack of detailed understanding of computer underground, the motivations for
engaging in illegal activities. After we present research methodology, discussion of
group formation and translation will be explored highlighting concepts from actornetwork theory. Finally, discussion and conclusion will reveal and provide helpful
insights on computer underground and associated ideologies.
2
Literature Review
2.1
Information security
In the literature, information security has received different definitions. More holistic view
of information security is focusing on processes and people while integrating technology
(Baskerville 1993; Straub and Welke 1998; Dhillon and Torkzadeh 2006; Da Veiga and
Eloff 2007). To define information security we follow Zafar’s (Zafar et al. 2009) definition
which says that information security is all about “…understanding the potential threats of
an organization and assessing the risks associated with those threats with continuous
assessment of technology, policies and procedures, and personnel to assure proper
governance of information security issues”. Past research on information security
viewed security from different angles: technical (Denning 1992; Dymond and Jenik
1999; Bass 2000; Wong et al. 2000; Li and Guo 2007; Yang and Huang 2007) and
socio-behavioral (Sipponen et al. 2008; Dhillon and Backhouse 2001; Ratnasingham
1998). Technical direction in the IS research is mainly focusing on the technology itself
and how solutions can benefit the information security concerns, prevention and tasks.
On the other hand, socio-behavioral direction is dealing with understanding employees
and management behaviors that impact IS. According to Latour and Law, IS
occurrences should be seen through socio-technical angle with human and non-human
actors.
2.2
Computer underground and Hacker sub-culture
According to Thomas (1993), computer underground is “a broad and somewhat invisible
community comprising people who systematically interact electronically … in order to
engage in a variety of shared activities”.
These people are generally referred as
hackers or modern-day “Robin Hoods” (Rogers, 2001) that live and act in a virtual world
described by Halbert (1997): “an invisible community with a complex and interconnected
lifestyle, an inchoate anti-authoritarian political consciousness, and dependent on norms
of reciprocity, sophisticated socialization, rituals, networks of information sharing, and
an explicit value system”. Moreover, the emergence of computer technology has
created dramatic changes in social communication, economic transactions, and
information processing and sharing, while simultaneously introducing new forms of
surveillance, social control, and intrusions on privacy (Marx, 1988a: 208-211; Marx and
Reichman, 1985). Finally, if computer underground represents a “highly complex
mosaic of interest, motives, and skills and it possesses a language and a set of values,
information-processing techniques, and norms that shape its cultural identity” (Thomas
1993), then computer underground subcultures are an even more complex phenomena
to research and understand underlying mechanics.
In this research paper, we propose computer underground as community where
hackers have different subcultures and we follow Halbert’s (1997) description of the
invisible community with complex interconnections and relationships.
2.3
Actor Network Theory
The ANT theory is an interdisciplinary approach to the social sciences and technology
studies. This research framework was developed by studies in Science, Technology
and Society (STS) for tracing heterogeneous networks of actors and their interactions
involved in the production of science and technology (Latour 1987, Callon et al. 1996 ).
In the literature, actor-network theory is mainly used to study the technology design as a
micro issue (Walsham, 1997) and while many other approaches to research in
technological areas treat the social and the technical in entirely different ways, actornetwork theory (ANT) proposes instead a socio-technical account in which neither social
nor technical positions are privileged (Tatnall, Gilding 1999).
An information systems researcher using an actor-network approach in an investigation
like this would concentrate on issues of network formation, investigating the human and
non-human actors and the alliances and networks they build up (Tatnall and Gilding
1999; Tatnall 2000).
ANT theory proposes different elements: Actors (macro and micro) represent human or
non-human entity able to make its presence individually felt (Law 1987) by the other
actors, Networks which are the unfolding of interactions between actors that produce
certain configurations, Translation where macro-actor (Callon and Latour, 1981)
introduced a concept of a macro-actor) plays leader role and tries to have all micro
actors aligned in an alliance. Inscription which explains how to protect one’s interests,
Alignment and Irreversibility, Black Boxes defines point when technology reaches its
end point and becomes omnipresent.
ANT shows us how “to map out the set of
elements (the network) that influence, shape, or determine an action. But each of these
elements is in turn part of another actor-network and so forth” (Monteiro, 2000, p. 76).
For our research paper ANT is particularly interesting as it enables us to show the
process where actors are guided by their own interests which once incorporated into the
computer underground ecosystem, through translation and inscription processes,
becomes its integral part.
3
Research Methodology
As computer underground communities are part of internet, technology which is today
very welcomed by ethnography approach (Hine 2000, 2005; Beaulieu 2004), we will use
observations as primary data collection method. Interviews were conducted in second
lieu to confirm observational insights and further complete our initial data.
3.1
Ethnography
Internet Relay Chat (IRC) is a protocol for live interactive text messaging or chat.
Community is built with a forum approach where members can post their answers and
engage into discussions. As it is also a general practice, in this underground
community, members do not reveal their full names when registering, but rather choose
fake names or nick names to identify themselves. Hence, it is not possible to have the
access to the real persons, but rather to virtual members.
Our research was conducted in three phases. Observations of the IRC community,
representing our field work (main concept of Ethnography), were held for thirty-five
consecutive days. We used first phase (ten days) to get familiar with the community and
record some background information. Also, it permitted us to identify different
participants, their information security knowledge, processes established in the
community, participation rules and procedures. Based on the learning’s from the phase
1, we were able to proceed with the next phase (phase 2 – twenty days) used to
document the language used among community participants, motivations to progress in
the community hierarchy and understand underlying mechanics part of the community
ecosystem. Phase three (five days) allowed us to review insights from the previous
phases and get confirmation on the ‘field’ initial conclusions.
As scope of this research is not illegal behavior or illegal activities performed by
community participants, there was no need to take into consideration any possible
ethical issues. Moreover, Hackersforums.net is an open community easily accessible to
any new member that registers through online form. Therefore, we conducted covert
observations where we registered as community member without actively participating
in discussions not to create any possible bias. Also, we did not collect any participant’s
posts to the community forums, but we only documented different challenges and
motivations leading to complete our understanding of the ecosystem.
Finally, Ethnography has been used especially in research where highlight is put on
studies of Internet and virtual communities (Star 1995).
3.2
Interviews
To conduct interviews we contacted ten Defcon participants. Defcon1 is the world's
longest running and largest underground hacking convention where participants are
coming from different areas: computer security professionals, journalists, lawyers,
federal government employees, security researchers, and hackers. Our interviewees
were information security professionals (40%), hackers (50%) and journalists (10%).
Interviews were between 30 to 58 minutes long (on average 42 minutes) with a total of
58 pages of transcribed text. Once data were collected we used NVivo software
program (version 10) to code the interviews. Hackers interviews were useful to
understand their view of the computer underground ecosystem. Information security
professionals provided useful insights on the organizational security perspective and the
way computer underground impacts organizations. Journalist interview was useful to get
bigger picture of different angles of computer underground such is financial risks for the
modern economy.
1
http://en.wikipedia.org/wiki/DEF_CON
3.3
ANT framework
In this research paper we will focus on issues of network formation investigating the
human and non-human actors and network they create (Tatnall and Gilding 1999;
Tatnall 2000). To analyze computer underground, we propose the following framework
which is a generic representation of the computer underground ecosystem. The
framework is displayed and described in Table 1.
Concept
Actor
Description
Any element which bends space around itself makes other elements
dependent upon itself and translate their will into the language of its
own. Actors, all of which have interests, try to convince other actors so
as to create an alignment of the other actors' interests with their own
interests. When this persuasive process becomes effective, it results in
the creation of an actor-network. Callon, M. and B. Latour(1981).
Below, we define major actors2 of the computer underground network.
(1)
(2)
White hat (Breaks security for non-malicious reasons)
Black hat (Hacker who "violates computer security for little
reason beyond maliciousness or for personal gain" (Moore,
2005))
(3) Grey hat (combination of a Black Hat and a White Hat Hacker)
(4) Elite hacker (A social status among hackers, elite is used to
describe the most skilled)
(5) Script kiddie (non-expert who breaks into computer systems by
using pre-packaged automated tools written by others)
(6) Neophtyte (new to hacking or phreaking and has almost no
knowledge or experience of the workings of technology, and
hacking)
(7) Blue hat (someone outside computer security consulting firms
who is used to bug test a system prior to its launch)
(8) Hacktivist (hacker who utilizes technology to announce a social,
ideological, religious, or political message)
(9) Nation state (Intelligence agencies and cyberwarfare operatives
of nation states)
(10) Organized criminal gangs (Criminal activity carried on for profit)
(11) Bots (Automated software tools, some freeware, available for the
use of any type of hacker.)
2
en.wikipedia.org/wiki/Hacker_(computer_security)
Actor
Network
A heterogeneous network of aligned interests.
Interest
What an actant wants to achieve with an action
Enrollment
The moment that another actor accepts the interests defined by the
actor (Callon, 1986). Actor seeks to influence another actor to act in a
particular manner.
Translation
The creation of an actor-network.
Table 1: Actor network framework for computer underground
4
Computer underground Actor-Network
ANT enabled us to see the computer underground as a heterogeneous network
embodying human as well as non-human actors (or actants) (Latour, 1987). Moreover, it
also forces us to ‘follow the actors’ (Latour, 1987) by identifying the links between
different actors that form the network. In the following section we will explore computer
underground by using ANT concepts to understand motivations for participating in
underground communities, and different actors’ inter-relationships. In order to preserve
anonymity we will mask identify by adding INT with corresponding interview number
(e.g. INT02 for interview number 2). Also, observations were used as the main data
source to which we will refer in the next sections.
4.1
Network associations
For Callon and Latour (1981) black box can be defined as a term that “contains that
which no longer needs to be considered, those things whose contents have become a
matter of indifference”. In the same line, computer underground, from ANT perspective,
can be seen as a black box. To start with analysis we first identified different actants of
the network to create associations between each of the actants. For Ritzer, actants are
part of networked associations, “which in turn define them, name them, and provide
them with substance, action, intention, and subjectivity” (Ritzer, 2005). It means that
actants will use networks to express their nature. Ritzer also notes that “Actors are
combinations of symbolically invested “things,” “identities,” relations, and inscriptions,
networks capable of nesting within other diverse networks” (Ritzer, 2005). We have
identified different network associations between actants. One such example of
associations is between hackers that will never access or modify private data without
the permission of their owners, where trust is the main characteristics of the link
between group members.
Generally, computer underground, according to Czarniawska and Hernes (2005) can be
seen as “super actor that seems to be much larger than any individuals that constitute it,
and yet it is an association – a network – of these individuals, equipped with a ‘voice’”
4.2
Translation
For Callon (1986) translation leads to the process where actors agree that the network
is worth building, worth participating in, and worth defending. Also Callon proposes that
translation involves all the strategies through which an actor identifies other actors and
arranges them in relation to each other (Callon et al.,1983).
Callon (1986b) outlined also the process of translation as four ‘moments’: 1)
problematisation which can be defined as something that is indispensable and where
one or more key actors will try to define the exact nature of the problem as well as the
roles of other actors that could fit with the proposed solution; 2) interessement which
can be defined as the way allies are locked in place. It corresponds to processes that
are trying to provide identity and role as defined in problematisation moment; 3)
enrolment which is the definition and coordination of the roles where the end result is
the establishment of a stable network of alliances and 4) mobilisation which refers to
representativeness of the spokesman and arrives when the proposed solution gains
wider acceptance (McMaster, Vidgen et al. 1997). In this process some actors will
appear as spokespersons for other actors.
4.3
Actors in the computer underground
In the case of computer underground the actor network research identified some of the
important actors: hackers. Further observations and interviews revealed other actors
part of the network: White hat, Black hat, Grey hat, Elite hacker, Script kiddie,
Neophtyte, Neophtyte, Blue hat, Hacktivist, Nation state and Bots. Description of all
actors is defined in Table 1. From this point, we explored and followed the actors, both
human and non-human, looking for different negotiations, interactions, alliances and
network formations. We identified obvious human to human interactions but also a nonobvious ones human to non-human interactions, like hackers trying to understand how
software programs (bots) work, and how they can adapt them to their needs.
For Latour (1986), issue with power is related to the fact that once you have the power
nothing really happens and you are powerless; while when you exert power others will
act and perform the action. In sum, power can be explained by the relationship
between two or more actants in which the way one behaves is affected by the way the
other behaves. To map the computer underground actor-network it was mandatory to
explore relationships between different actors. This mapping process revealed number
of controversies, surrounding different relationships in the computer underground, that
contribute to those controversies.
As there are different hacking groups, to enable participants to access them and to have
a successful group formation, computer underground participants must follow some
predefined rules and unwritten procedures. If members want to climb in the computer
underground hierarchy they have to prove themselves through different actions. They
have to gain status and reputation by giving things away. Example of this attitude is that
member needs to write some open source code and provide it for free to other members
in order to build his reputation. At this point, member goes through Obligatory Passage
Point where he is enrolled in the network but needs to continue showing his technical
skills. They need to become active members of the computer underground community.
References
Baskerville, R. (1993). “Information Systems Security Design Methods: Implications for
Information Systems Development,” ACM Computing Surveys (25), pp. 375-414.
Bass, T. (2000). “Intrusion Detection Systems and Multisensor Data Fusion,”
Communications of the ACM (43)2, pp. 99-105.
Beaulieu, A. (2004). Mediating ethnography: Objectivity and the making of
ethnographies of the internet. Social Epistemology, 18(2-3), 139-163. Available:
http://www.virtual- nowledgestudio.nl/staff/anne-beaulieu/documents/mediatingethnography.pdf [accessed Feb. 2007].
Callon, M. (1986b). “Some Elements of a Sociology of Translation: Domestication of the
Scallops and the Fishermen of St Brieuc Bay”. Power, Action & Belief. A New Sociology
of Knowledge? Law, J. London, Routledge & Kegan Paul: 196-229.
Callon, M. 1986. "Some Elements of a Sociology of Translation: Domestication of the
Scallops and Fishermen of St. Brieuc Bay," in Power, Action and Belief: A New
Sociology of Knowledge?, J. Law (ed.). London: Routledge, pp. 196-233.
Callon, M. and Latour, R. (1981) Unscrewing the big Leviathan: How actors macrostructure reality and how sociologists help them to do so. In: Knorr-Cetina, K. and
Cicorel A.V. (eds.), Advances in social theory and methodology. Towards an integration
of micro- and macro-sociologies. Boston: Routledge & Kegan Paul, 277-303.
Callon, M., and Latour, B. 1981. "Unscrewing the Big Leviathan: How Do Actors
Macrostructure Reality," in Advances in Social Theory and Methodology: Toward an
Integration of Micro and Macro Sociologies., K. Knorr and A. Cicourel (eds.). London:
Routledge.
Callon, M., Law, J., and Rip, A., editors, 1996, Mapping the Dynamics of Science and T
echnology: Sociology of Science in the Real World (London: Macmillan).
Da Veiga, A. and J. H. P. Eloff. (2007). “An Information Security Governance
Framework,”Information Systems Management (24) pp. 361-372.
Denning, P.J.: Passwords. American Scientist 80, 117–120 (1992)
Dhillon, G. and G. Torkzadeh. (2006). “Value-Focused Assessment of Information
System Security in Organizations,” Information Systems Journal (16), pp. 293-314.
Dhillon, G. and J. Backhouse. (2001). “Current Directions in IS Security Research:
Towards Socio-rganizational Perspectives,” Information Systems Journal (11)2, pp.
127-153.
Dymond, P., Jenkin, M.: WWW distribution of private information with watermarking. In:
The 32nd Annual Hawaii International Conference on Systems Sciences (HICSS-32),
Maui, HI, USA (1999)
Halbert, D. (1997). Discourses of danger and the computer hacker. Information Society,
13 (4), 361–374.
Hine, C. 2005. "Virtual Methods and the Sociology of Cyber-Social-Scientific
Knowledge," in Virtual Methods: Issues in Social Research on the Internet, C. Hine
(ed.). Oxford: Berg.
Latour, B. 1993a. "Ethnography of a "High Tech" Case," in Technological Choices:
Transformation in Material Cultures since the Neolithic, P. Lemonnier (ed.). London:
Routledge: Taylor & Francis Group.
Latour, B., 1987, Science In Action (Cambridge: Harvard University Press).
Latour, B.: Science in action: how to follow scientists and engineers through society.
Harvard University Press, Cambridge (1987)
Latour, B.: Technology is society made durable. In: Law, J. (ed.) A sociology of
monsters: essays on power, technology and domination, pp. 103–131. Routledge &
Kegan Paul, London (1991)
Law, J., Bijker, W.: Postscript: Technology, stability, and social theory. In: Bijker, W.,
Law, J. (eds.) Shaping technology/building society: Studies in sociotechnical change,
pp. 290–308. MIT Press, Cambridge (1992)
Li, Y. and L. Guo. (2007). “An Active Learning Based TCM-KNN Algorithm for
Supervised Network Intrusion Detection,” Computers & Security (26) 7-8, pp. 459-467.
Marx, Gary T. 1988a. Undercover: Police Surveillance in America. Berkeley:
University of California Press.1988b. "The Maximum Security Society." Deviance et
Societe, 12(2): 147-166.
Marx, Gary T., and Nancy Reichman. 1985. "Routinizing the Discovery of Secrets:
Computers as Informants." Software Law Journal, 1(Fall): 95-121.
McMaster, T., Vidgen, R. T. and Wastell, D. G. (1997). Towards an Understanding of
Technology in Transition. Two Conflicting Theories. Information Systems Research in
Scandinavia, IRIS20 Conference, Hanko, Norway, University of Oslo.
Monteiro, E. (2000). Actor-network theory. In C. Ciborra (Ed.), From control to drift: The
dynamics of corporate information infrastructure (pp. 71–83). Oxford: Oxford University
Press.
Moore, Robert (2005). Cybercrime: Investigating High Technology Computer Crime.
Matthew Bender & Company. p. 258. ISBN 1-59345-303-5.Robert Moore
Ratnasingham, P. (1998). “Trust in Web-Based Electronic Commerce Security,”
Information Management and Computer Security (6)4, pp. 162-166.
Ritzer, G. (Ed.). (2005). Encyclopedia of social theory. Thousand Oaks, CA: SAGE
Publications, Inc. doi: 10.4135/9781412952552
Rogers, M. K. (2001). Modern-day robin hood or moral disengagement: Understanding
the justification for criminal computer activity. Unpublished dissertation, University of
Manitoba, Winnipeg, CA.
Silic, M. (2013). Dual-use open source security software in organizations – Dilemma:
Help or hinder? Computers & Security, 39, Part B(0), 386-395. doi:
http://dx.doi.org/10.1016/j.cose.2013.09.003
Silic, M., & Back, A. (2013). Information security and open source dual use security
software: trust paradox Open Source Software: Quality Verification (pp. 194-206):
Springer.
Silic, M., & Back, A. (2014a). Information security: Critical review and future directions
for research. Information Management & Computer Security, 22(3), 279-308.
Silic, M., & Back, A. (2014b). Shadow IT–A view from behind the curtain. Computers &
Security, 45, 274-283.
Silic, M., & Back, A. (2015). Identification and Importance of the Technological Risks of
Open Source Software in the Enterprise Adoption Context.
Sipponen, M., Wilson, R.: Baskerville. R.: Power and Practice in Information Systems
Security Research. In: International Conference on Information Systems 2008, ICIS
2008 (2008)
Star, S. L. (1995). The Cultures of Computing. Blackwell Publishers, Oxford.
Straub, D. W. and R. J. Welke. (1998). “Coping with Systems Risk: Security Planning
Models for Management Decision Making,” Management Information Systems Quarterly
(22)4, pp. 441-469.
Tatnall, A. (2000). “Innovation and Change in the Information Systems Curriculum of an
Australian University: a Socio-Technical Perspective”. PhD thesis. Education.
Rockhampton, Central Queensland
Tatnall, A. (2000). “Innovation and Change in the Information Systems Curriculum of an
Australian University: a Socio-Technical Perspective”. PhD thesis. Education.
Rockhampton, Central Queensland University.
Tatnall, A. and Gilding, A. (1999). Actor-Network Theory and Information Systems
Research. 10th Australasian Conference on Information Systems (ACIS), Wellington,
Victoria University of Wellington.
Tatnall, A. and Gilding, A. (1999). Actor-Network Theory and Information Systems
Research. 10th Australasian Conference on Information Systems (ACIS), Wellington,
Victoria University of Wellington.
Thomas, J. 1993. Doing Critical Ethnography. Newbury Park: Sage Publications.
University.
Walsham, G., “Actor-network Theory and IS Research: Current Status and Future
Prospect”, in Information Systems and Qualitative Research, A.S. Lee, J. Liebenau and
J. DeGross, J.I. (ed.), London: Chapman & Hall, pp. 466–480, 1997.
Wong, C. K., M. Gouda, and S. S. Lam. (2000). “Secure Group Communications Using
Key Graphs,” IEEE/ACM Transactions on Networking (TON) (8)1, pp. 16-30.
Yang, J. and S. S. Huang. (2007). “Mining TCP/IP Packets to Detect Stepping-Stone
Intrusion,” Computers & Security (26) 7-8, pp. 479-484.
Young R, Lixuan Zhang, and Victor R. Prybutok. 2007. Hacking into the Minds of
Hackers. Inf. Sys. Manag. 24, 4 (January 2007), 281-287.
DOI=10.1080/10580530701585823 http://dx.doi.org/10.1080/10580530701585823
Zafar, Humayun and Clark, Jan Guynes (2009) "Current State of Information Security
Research In IS," Communications of the Association for Information Systems: Vol. 24,
Article 34. Available at: http://aisel.aisnet.org/cais/vol24/iss1/34