Hacker Kevin Mitnick’s infamous social engineering escapades, where he’d call up companies and convince employees to surrender information he would later use to hack their systems, took advantage of people’s, rather than computer systems’, weaknesses. Cybersecurity is not a purely technical issue, but also, and arguably, mostly, a social one. One of the missions cyber criminologists have is to understand why some people become hacking victims while others don’t, and why hackers hack.
Take, for example, the rudimentary system of password protection. If a service provides an initial default password and doesn’t require changing it, many people will just settle for it, making it vulnerable to hackers who are aware of default passwords, which are easily searchable on the web. When required to choose a password, most people will resort to a common word or phrase, a phone number, or a birthdate, which are easy to remember but also easy to illegitimately obtain through dictionary attacks, if not mere guessing. People tend to stick to their beloved password, and re-use it for different services, meaning that if one service leaks the password, all that person’s services’ defenses topple down like dominoes. On the other hand, prompting frequent password changes causes people to worry they might forget the new password, so they write it down in a text document or email it to themselves, putting it at risk.
Much like password protection, security systems need to be built with humans in mind. On the other side are the hackers – also humans. Situational crime prevention can be used to prevent them from committing cybercrimes, or, if unsuccessful, convincing them to discontinue their journey through your systems.
In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, we will talk about the human factor of hacking with our guests Prof. Benoît Dupont, Professor of Criminology at the Université de Montréal and the Scientific Director of SERENE-RISC; Dr. Rutger Leukfeldt, Senior Researcher Cybercrime at NSCR and Director Cybersecurity & SMEs at The Hague University of Applied Sciences; and Prof. David Maimon, Associate Professor in the department of Criminology and Criminal Justice at the Georgia State University and research associate at the Federmann Cyber Security Center; with Lex Cybernetica’s host, Ido Kenan.
Our podcast is now on Stitcher and iTunes! You can listen to it via Android or IOS as well: