Hacker Kevin Mitnick’s infamous social engineering escapades, in which he would call up companies and convince employees to surrender information he could later use to hack their systems, took advantage of human, rather than computer, weaknesses. Cybersecurity is not a purely technical issue, but also, and arguably mostly, a social one. One of the missions cyber criminologists have is to understand why some people become hacking victims while others don’t, and why hackers hack.
Take, for example, the rudimentary system of password protection. If a service provides an initial default password and does not demand that this be changed, many people will just settle for it, making it vulnerable to hackers who are aware of default passwords, which are easily searchable on the web. Even when required to choose a password, most people will resort to a common word or phrase, a phone number, or a birth date, which are easy to remember but also easy to illegitimately obtain through dictionary attacks, if not mere guessing. People tend to stick to their beloved password and re-use it for different services, meaning that if one service leaks the password, the defenses of all that person’s services topple down like dominoes. On the other hand, prompting frequent password changes causes people to worry they might forget the new password, so they write it down in a text document or email it to themselves, putting it at risk.
Much like password protection, security systems must be built with humans in mind. On the other side are the hackers – also humans. Situational crime prevention can be used to prevent them from committing cybercrimes, or, if unsuccessful, to convince them to discontinue their journey through your systems.
In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, we will talk about the human factor of hacking with our guests Prof. Benoît Dupont, Professor of Criminology at the Université de Montréal and the Scientific Director of SERENE-RISC; Dr. Rutger Leukfeldt, Senior Researcher Cybercrime at NSCR and Director Cybersecurity & SMEs at The Hague University of Applied Sciences; and Prof. David Maimon, Associate Professor in the department of Criminology and Criminal Justice at the Georgia State University and research associate at the Federmann Cyber Security Research Center; with Lex Cybernetica‘s host, Ido Kenan.
Our podcast is now on Stitcher and iTunes! You can listen to it via Android or IOS as well: