Hacking: Does Self-Control Theory Explain Participation in the Hacking Subculture?
The proliferation of automated tools and access to information and guides through online resources provide youth with ample opportunities to become acquainted with the tools and techniques of hacking. Low self-control is a risk factor for engaging in delinquent behaviors, including an inability to consider the long-term ramifications of participating in an array of hacking techniques. Further, the interaction of low self-control and opportunities to learn about and engage in hacking activities can account for the disproportionate number of young males engaging in such behaviors, as well as the lower prevalence of older hackers.
The General Theory of Crime, or Self-Control Theory, cannot completely explain such behaviors without modifying Gottfredson and Hirschi’s concept of crime itself. Computer hacking requires more planning and knowledge than Gottfredson and Hirschi’s original conceptualization of crimes requiring little or no skill or planning, providing immediate and easy satisfaction of simple desires, and resulting in pain for the victim (Buker, 2011).
The core definition of crime aside, Gottfredson and Hirschi’s General Theory of Crime shows some support in explaining general cybercrime and significant support for explaining crime and delinquency. In light of easy access to guides and information exposing youth to computer hacking, the General Theory of Crime can subsequently account for involvement in the hacking subculture when minimal modifications to Gottfredson and Hirschi’s suggested characteristics of crime are made.
The definition of hacking has undergone a number of changes over the past few decades, from a positive label attributed to an individual whose innovative use of technology or software modifications yielded benefits to others to the negative connotation currently defining the activity of hacking as the unauthorized access and use of computer systems (Yar, 2013). This second definition, which is further defined as the act of unauthorized access, redesign, or reconfiguration of a computer system to alter its intended function or gain access to information (Bachmann, 2010), conceptually illustrates the framework of computer hacking with which the criminal justice system is concerned.
According to Marcum, Higgens, Ricketts, and Wolfe (2014), computer hacking includes such activities or behaviors as breaking into a computer system or network, the development or use of viruses or other malware, the destruction or alteration of files, the theft of services through technological methods, credit card fraud, and the infiltration of software systems. It should also be noted that there are some activities that are often attributed to hackers, but do not require unauthorized access to computer systems (Yar, 2013). For instance, the use of software to target a server or set of servers and flood those systems with requests in an effort to deny access by legitimate users of the system, also known as a denial-of-service attack, does not require an individual to first break into the target system.
Although Hollywood and the media often portray hackers as individuals who are able to sit at a computer and break into any system on a whim (Yar, 2013), the reality of how hackers achieve their goals is quite different. Some techniques certainly involve the use of computers and an individual’s knowledge of a computer system to exploit vulnerabilities and gain access, but the most common methods utilized are generally simpler or more indirect. Marcum et al. (2014) discuss the use of “brute-force attacks,” wherein someone simply attempts to break into a system by guessing passwords, “shoulder surfing,” wherein someone watches their victim enter a password or personal identification number, and social engineering, wherein someone poses as someone else in order to have a victim provide information that assists the hacker in gaining access to a system, as examples of some of the varied methods utilized by hackers.
Richet (2013) reaffirms the difference between media portrayals of hackers and reality in his examination of how many youth become involved in such activities, citing the low barrier to entry as a result of the formation of hacking communities on the Internet and the dissemination of information throughout such communities as one of the key changes of the past decade or so. As a result of easier access to information about hacking and the development of automated tools that allow individuals to engage in such behavior without advanced technical knowledge, casual hacking has become a normal idea and component of life for most youth (Richet, 2013). In fact, the most common reasons cited for engaging in hacking activities are fun and curiosity (Richet, 2013).
Yar (2013) also emphasizes the lower barrier to entry associated with hacking, noting the prevalence of automated tools that are available to scan networks and locate vulnerable systems and to establish remote control of said systems, tools for creating viruses and worms, tools for capturing and decrypting passwords, and tools for automating denial of service and brute-force attacks against systems.
As a result of the secretive nature of the hacker subculture, it is difficult to ascertain generalizable information about the average offender (Marcum et al., 2014). It is also difficult to measure the extent to which hacking is, or is becoming, a significant criminological issue. However, anecdotal evidence indicates that computer hacking is a serious issue, and that the problem is increasing at an alarming rate (Bossler & Burruss, 2011).
A General Theory of Crime / Self-Control Theory
Michael Gottfredson and Travis Hirschi developed a general theory of crime, also referred to as self-control theory, which attempts to explain all criminal and deviant behaviors. According to Gottfredson and Hirschi, two key components predict the probability of an individual’s choice to engage in a criminal act: an individual’s measure of self-control and the presence of an opportunity (Moon, McCluskey, & McCluskey, 2010). In essence, individuals commit criminal or deviant acts as a result of their inability to resist temptation in the presence of opportunity, and therefore engage in acts that carry long-term consequences that are greater than the short-term benefits (Bossler & Burruss, 2011).
It should be noted that crimes, as defined by Gottfredson and Hirschi, are stimulating, dangerous, or thrilling, require little planning or skill, result in a victim’s pain or discomfort, provide immediate, easy, and simplistic satisfaction of an offender’s desires, and supply few or insufficient long-term benefits (Buker, 2011). In addition to criminal activities, individuals possessing low self-control also tend to partake in other deviant or antisocial behaviors, such as smoking and drinking (Buker, 2011).
According to Gottfredson and Hirschi’s theory, individuals possessing low self-control exhibit such behaviors as seeking instant gratification, insensitivity to others, and limited cognitive skills (Moon et al., 2010). Further, Gottfredson and Hirschi suggest that low levels of self-control also predispose individuals to analogous activities such as smoking, drinking, drug use, gambling, promiscuity, and having children out of wedlock (Donner, Marcum, Jennings, Higgens, & Banfield, 2014).
The general theory of crime has received significant empirical support, with research linking low self-control to academic dishonesty, bullying, illicit sexual activity, drunk dialing, risky driving, digital piracy, and other forms of both traditional and online deviant behaviors (Donner et al., 2014). In fact, Buker (2011) states that the validity of the relationship between self-control and the commission of criminal acts is largely settled, with the primary focus of further inquiry lying in understanding the formation of self-control. Further, Pratt and Cullen’s (2000) meta-analysis of self-control theory shows, on an absolute level, self-control is an important predictor of criminal and analogous behaviors.
Gottfredson and Hirschi posit that the parental socialization process is the primary factor contributing to an individual’s development of self-control, and that levels of self-control remain relatively stable over time; studies from multiple disciplines, including criminology and psychology, indicate that parenting practices are a factor in the development of self-control, but the effect is moderate and not the sole determinant as originally posited (Buker, 2011). Turner and Piquero (2002) note that Gottfredson and Hirschi’s statement regarding the stability of self-control is often misunderstood by criminologists as the development of an absolute, fixed level that remains constant once developed; to the contrary, Gottfredson and Hirschi clearly note that individuals can, and often do, experience absolute changes in levels of self-control over time (Turner & Piquero, 2002).
In sum, support for self-control theory has been demonstrated across a wide range of disciplines, though Gottfredson and Hirschi’s focus on parental socialization as the de facto component driving the development of self-control in individuals is not supported. Buker (2011) states that the formation of self-control, and therefore the underlying component of Gottfredson and Hirschi’s theory, is more complex than originally thought. The nature and development of self-control is tied to parental socialization processes, effective parenting, and several biological and social structural factors affect the development of self-control (Buker, 2011).
Application of Self-Control Theory to Computer Hacking
Moffitt’s (1993) work in exploring the development of antisocial and deviant behaviors in juveniles, leading to the understanding that the majority of youth engage in antisocial behaviors and subsequently desist from further such behaviors as they age, has become a core tenant in criminological literature. Although the root causes of engaging in such behaviors is still debated, Gottfredson and Hirschi’s General Theory of Crime, or Self-Control Theory, provides a solid framework from which to examine the development of delinquent behaviors in youth. In fact, self-control theory has already received empirical support for the theory’s primary argument that individuals with low self-control are more likely to engage in deviant and/or criminal behaviors (Moon et al., 2010).
Focusing on computer hacking and its associated subculture, Gottfredson and Hirschi’s other argument that low self-control coupled with ample opportunity creates the environment in which deviant behavior occurs, becomes readily apparent. The decision to commit a crime, in this case the hacking of a computer system, relies on an assessment by the potential offender of several factors; such factors include, but are not limited to, cursory assessments of the risks and costs of the opportunity presented, self-awareness of the offender’s ability to perform the hack and attain their desired goal, and the availability of a suitable target for the desired goal to be attained (Richet, 2013). Youth, especially teenagers, tend to have lower potential for earning wealth as well as fewer opportunities for the obtainment of income, which leads to a greater propensity to discount risks and future ramifications of their actions when examining the potential opportunities and benefits to be gained from computer hacking (Richet, 2013).
Understanding that low self-control and the availability of an opportunity are the primary two components of Gottfredson and Hirschi’s theoretical framework is the first step in understanding the explanatory power of the general theory of crime as applied to computer hacking. However, there must also be a greater understanding of both components individually in the face of seeming contradictions between the idea of technologically savvy individuals with the patience and skills to break into computer systems and the idea of individuals with low self-control who engage in more traditional street crimes.
The barriers to hacking now, as opposed to even a few years ago, are much lower and less complex (Richet, 2013). Hacking communities have formed and disseminated their knowledge through the help of the Internet, in addition to creating automated tools available freely to anyone (Richet, 2013; Yar, 2013). As Yar (2013) expresses, such tools allow even the inexperienced novice to create and execute a cyber-attack. Further, Bossler and Burruss (2011) detail the ease with which a sub-sect of hackers, referred to as ‘script kiddies,’ are able to utilize such tools to obtain the immediate gratification they seek without understanding the underlying technology. More than half of all data breaches investigated by authorities have been shown to require little or no skill, and to be capable of being carried out by the use of such tools (Bossler & Burruss, 2011). In short, ample opportunity exists for youth to become involved in the hacking subculture with minimal effort, presenting greater opportunities for offending.
Holt, Bossler, and May (2010) found that low self-control positively correlates with the commission of cyber deviance in general, with three factors relating to the measurement of opportunity also showing significant correlations to engaging in cyber deviance: spending time on the Internet for non-school purposes, possessing greater technological skills, and having personal access to a computer. Similarly, Bachmann (2010) found that two of the six components that comprise measures of low self-control, rational thinking styles and propensity to engage in risky behaviors, showed significant importance in predicting success in hacking endeavors (it should be noted that the other four characteristics were not measured as a part of the study). Impulsiveness and shortsightedness also play a role in the engagement of individuals in hacking behaviors, with such characteristics blinding the offender to the ramifications of such a breach of trust as well as insensitivity to the amount of effort required on the part of the targeted victim(s) to attempt to prevent such behaviors (Marcum et al., 2014). Finally, an empirical test of the general theory of crime to explain a wide range of computer related criminal behaviors found that low self-control showed a significant positive relationship to the commission of such acts (Moon et al., 2010). Summarily, the combination of low self-control and relatively easy access to hacking tools and guides provides youth a perceived low-risk opportunity to engage in risk-seeking behaviors that provide near-instant gratification of desires (Richet, 2013).
As illustrated, hackers tend to possess personality characteristics linked to measures of low self-control. In addition, hacking behaviors are illustrative of Gottfredson and Hirschi’s conceptualization of risk-seeking, impulsive, shortsighted behaviors. Finally, such behaviors often manifest themselves in youth, and especially in adolescent males (Moffitt, 1993). Logically, technological advancement has made the knowledge and tools necessary for a generation of inherently technologically savvy youth to engage in behaviors that have become as accepted and ingrained in their daily lives as downloading music onto an iPod (Richet, 2013). It should subsequently become apparent that the decision to engage in computer hacking presents an appealing outlet for youth by providing cognitive challenges coupled with the thrill of overcoming barriers and gaining access to computer systems, which in turn creates greater risks that perpetuates the cycle of increased thrill and excitement with each successful hack (Bachmann, 2010). In essence, the instant gratification of an easy thrill initiates the offender into a subculture where greater risks and challenges may present themselves, but the initial gateway into computer hacking begins with an impulsive act based on easily accessible information and tools that launch the offender along a journey wherein the long-term risks are easily ignored or perceived to be low.
Critical Analysis of Self-Control Theory as an Explanation for Computer Hacking
Although low measures of self-control can explain the initial engagement in computer hacking among youth, there are exceptions that must be taken into account. For example, Gottfredson and Hirschi have argued that offenders do not specialize and that offenders committing different types of criminal activity, such as white-collar crime, are the same individuals who engage in traditional street crimes (Bossler & Burruss, 2011). Similarly, individuals who can generally be distinguished from street criminals based on such characteristics as technical knowledge, cognitive ability, greater organization or focus, and other such characteristics commit cyber-crimes. Bossler and Burruss (2011) go on to report findings from Benson and Moore that identify self-control as unrelated to corporate offending when studying offenders in higher levels of an organization, that such crimes are not necessarily simple, and that many such offenses require detailed planning and the ability to examine future consequences and activities. Much like white-collar offenders, computer hackers are not necessarily the same types of individuals as those who engage in street crimes, hackers involving higher levels of technical skills and knowledge typically possess higher levels of self-control, and the classification of “hacker” most likely contains a mixture of individuals with both high and low levels of self-control; further, the available literature on hackers and the hacking subculture includes instances of hacking crimes that required high levels of preparation, technological mastery and learning, and a focus on long-term benefits (Bossler & Burruss, 2011).
Interestingly, and much as explained previously, Bossler and Burruss (2011) found that individuals with lower levels of self-control were more likely to engage in the hacking subculture and, subsequently, learn techniques and methods from other hackers. In effect, low self-control predisposes individuals to become involved with the hacking subculture in the presence of an opportunity to learn and apply hacking techniques. It should also be noted, however, that individuals who were not exposed to easily accessed information and guidance from other hackers required high levels of self-control to learn such techniques and methods on their own, which stands in stark contrast to the core tenets of self-control theory (Bossler & Burruss, 2011). In fact, the association with other hackers lends credence to an interaction between both self-control theory and social learning theory, with low self-control appearing to explain the mingling of like-minded individuals possessing low-self control within virtual environments as well as the effect of deviant peer associations enhancing the effects of low self-control, thereby causing individuals to pursue cyber deviance and cybercrime (Holt et al., 2010).
Donner et al. (2014) report strong links between low self-control and the decision to engage in an array of cybercriminal activities, including hacking into unauthorized systems. Given lower measures of self-control coupled with access to hacking knowledge and associations with other hackers, one could simply declare partial support for self-control theory in explaining computer hacking. However, Gottfredson and Hirschi declare crime to be simple, that anyone could commit any crime if they so choose, and that nothing in a criminal offense requires the sharing or support of individuals through knowledge transmission or social support (Bossler & Burruss, 2011). It should be obvious that these statements cannot apply to computer hacking and the surrounding subculture, even though low self-control certainly factors into explaining the initial involvement in said subculture. Therefore, the general theory of crime must be modified and expanded in order to adequately explain certain specialized crimes such as computer hacking, and the interactions between low self-control and social learning must be explored under the auspices of one overarching theoretical framework.
Similar to white-collar crime, computer hacking is a specialized type of crime that may require some knowledge, planning, or skill that separates the offender from the traditional street crime offender. Although low self-control adequately explains initial involvement in the hacking subculture, especially in the context of relatively simple access to an abundance of guides and automated tools and social networks providing support and additional information, the general theory of crime falls short of explaining the development and commission of criminal acts by hackers with advanced skill and knowledge (Bossler & Burruss, 2011). It is more likely that two classifications of hacker exist: youth who become involved with the hacking subculture without enhanced skills and technical knowledge whose involvement in such activities is explained by Gottfredson and Hirschi’s general theory of crime, and those hackers who possess technological skills, knowledge, and cognitive prowess whose involvement in the hacking subculture cannot be explained by low levels of self-control. Further research should investigate the interplay of low self-control with social learning theory in light of the fact that deviant peer associations predict involvement in computer hacking activities more reliably than low self-control alone (Holt et al., 2010).
Bachmann, M. (2010). The risk propensity and rationality of computer hackers. International Journal of Cyber Criminology, 4(1), 643-656. Retrieved from http://search.proquest.com/docview/870326323?accountid=2909
Bossler, A.M., & Burruss, G.W. (2012). Cyber Crime: Concepts, Methodologies, Tools and Applications (pp. 1-1977). Hershey, PA: IGI Global. doi:10.4018/978-1-61350-323-2
Buker, H. (2011). Formation of self-control: Gottfredson and Hirschi’s general theory of crime and beyond. Aggression and Violent Behavior, 16(2011), 265-276. doi:10.1016/j.avb.2011.03.005
Donner, C.M., Marcum, C.D., Jennings, W.G., Higgens, G.E., & Banfield, J. (2014). Low self-control and cybercrime: Exploring the utility of the general theory of crime beyond digital piracy. Computers in Human Behavior, 34(2014), 165-172. doi:10.1016/j.avb.2011.03.005
Holt, T.J., Bossler, A.M., & May, D.C. (2012). Low self-control, deviant peer associations, and juvenile cyberdeviance. American Journal of Criminal Justice : AJCJ, 37(3), 378-395. doi:10.1007/s12103-011-9117-3
Marcum, C.D., Higgens, G.E., Ricketts, M.L., & Wolfe, S.E. (2014). Hacking in high school: Cybercrime perpetration by juveniles. Deviant Behavior, 35(7), 581-591. doi:10.180/01639625.2013.867721
Moffitt, T. (1993). Adolescence-limited and life-course-persistent antisocial behavior: A developmental taxonomy. Psychological Review, 100(4), 674-701.
Moon, B., McCluskey, J.D., & McCluskey, C.P. (2010). A general theory of crime and computer crime: An empirical test. Journal of Criminal Justice, 38(2010), 767-772. doi:10.1016/j.jcrimjus.2010.05.003
Pratt, T.C., & Cullen, F.T. (2000). The empirical status of gottfredson and hirschi’s general theory of crime: A meta-analysis. Criminology, 38(3), 931-964. Retrieved from http://search.proquest.com/docview/220711584?accountid=2909
Richer, J.L. (2013). From young hackers to crackers. International Journal of Technology and Human Interaction, 9(3), 53-62. doi:10.4018/jthi.2013070104
Saunders, I. (2007-05-27). 7 Virtual cultures. The year’s work in critical and cultural theory, 15(1), 128-145. doi:10.1093/ywcct/mbm007
Turner, M.G., & Piquero, A.R. (2002). The stability of self-control. Journal of Criminal Justice, 30(2010), 457-471. doi:10.1016/S0047-2352(02)00169-1
Yar, M. (2013). Cybercrime and society (2nd ed.). Thousand Oaks, California. SAGE Publications.