Os tempos mudaram e os hackers também. Há 20 anos desafiar a segurança dos sistemas informáticos era uma forma de dar nas vistas e, muitas vezes, uma tentativa de encontrar um emprego legal junto das empresas atacadas. Quem desenvolvia os ataques procurava reconhecimento junto de outros especialistas em informática.



Hoje desafiar a segurança dos sistemas informáticos é essencialmente dar nas vistas. Porquê? Porque sim, porque é fácil fazê-lo e porque há um impulso narcisista que o pede.



A opinião é de Luician Trasa, psicólogo romeno, que sintetiza no documento que hoje publicamos, uma análise onde traça o perfil do hacker dos dias de hoje e reflete sobre o fenómeno do hacktivismo, que ao longo dos últimos meses tem estado na ordem do dia.



O texto está publicado em inglês, conforme foi disponibilizado num evento da BitDefender em Bucareste, em que o TeK participou, onde a empresa quis mostrar que está a trabalhar com várias áreas do conhecimento para desenhar as soluções que tem no mercado.


From "hackhard" to "hackeasy"

Psychosocial changes in hacking and the hacker personality


I could say with deep conviction that the reason I became a psychologist is a narcissistic one. It's not the only motivation, but from a certain perspective, it's an extremely important one. But I could say the same thing about an IT specialist or a journalist, lawyer, doctor, soldier, fireman - and the list could go on. They are all professions that fulfill a profoundly narcissistic demand. In this way, the individual gains narcissistic compensation or gratification for a valued and accepted social activity. I could speak about varying degrees of social acceptance and ease of access of a profession and the way the profession correlates with the need for narcissistic compensation. Practically speaking, the harder it is to enter a profession and the longer and harder the educational requirements, the higher the level of the professional's compensation and narcissistic gratification. Or the higher the risk involved in carrying out the profession, the more intense and profound the level of narcissistic gratification.


You already have some terms that, I guess, aren't easy to master: narcissism, narcissistic gratification, need for narcissistic compensation. All these terms are part of the psychologist's jargon and you've probably been placed in different situations in which the professionals in the area use a highly specialized vocabulary. If you find this type of language a cause of frustration, for those who use it in specialized conversations it is a good opportunity for narcissistic compensation. And to continue on that note with an accent of humor: the greater the level of wonder and confusion to be read on the face of those who don't understand the language, the greater the level of narcissistic satisfaction of the knowledgeable specialist who uses it. But to not continue in the same tone of mystery and narcissistic knowledge using ultra specialized language, I'll try to clear up some of the terms without going into too much detail.


Narcissism - and here I refer to the slightly extended psychological perspective - represents a state from which the individual mirrors himself, deriving satisfaction from what he is or what he does. There are many types of narcissism depending on varying criteria that we could consider, but we must remember that narcissism is a legitimate and normal aspect of the human personality, insofar as only through narcissistic investment and comparison can we build and develop a personality. We exist as individuals and personalities as long as we don't give up on ourselves and we remain capable of narcissistic self-examination. Following the same line of discussion, we can say that the satisfaction we obtain from our profession is, in some measure, all of a narcissistic nature. In other words, the better we are perceived in our profession and the more social recognition we receive, the greater the level of satisfaction we receive from our profession. The same thing can be said of other types of activities. And the activity undertaken by a hacker can be seen from the same perspective.


So, to offer a psychological view of the mutations that have happened in the hacker personality and the activity of hacking, we should characterize and catch briefly at least two different moments in the hacker personality. For IT specialists and the specialized press, those two moments may be easy to identify.


There's almost a nostalgia for the hacker following an attack that accesses a secret database and which speaks of the results of his work only within a restricted circle of connoisseurs and specialists. This period that we could already name "hackromantism" was characterized by an aura of "professionalism" and pride of a job well done - even if the results of the act were not and are not accepted or valued socially, or even legal. The "Romantic hacker" is well prepared from a technical point of view, who knows very well the language of programming and who could, from this point of view, compete with IT specialists who were working legally. It could be hard to be appreciated, the position being recognized by a tight knit circle of specialists and obtained through time and intellectual effort. The hacker of 20 years ago worked hard and could be identified as a "hackhard." The hacker then had a secret dream of being appreciated as a professional and an expert in the domain and then of obtaining at some point a well-paid job in a successful IT company or with a government agency, keeping its information secret.


Today, things have changed almost completely. The image of the lone hacker, well prepared technically, who obtained narcissistic gratification and enhanced his self-image through a small circle of experts, has been replaced by the image of the hacker socialized online who has lost the pride of a job well done in favor of quick results. The hacker of today no longer necessarily dreams of being appreciated by specialists in the field, but rather aims at increasing the number of clicks he gets when he applauds himself on Twitter or Facebook.


In other words, the value that a hacker received from a small number of specialists for his actions, based on knowledge and intelligence, has been replaced by the value of the large number of people globally that is now attainable through social networks, despite the lack of advanced technical knowledge or above-average intelligence. If it's hard to penetrate a secret data base with a high level of security and obtain bragging rights among a small group of specialists, the hacker of today congratulates himself with breaking into e-mail inboxes of journalists or other semi-public figures for broader public exposure.


For the "Romantic Hacker" of the not-so-distant past, the lack of technical wizardry and the manner in which the hacker of today brags about his great result could be a reason for shame. The "Hackhard" has been transformed into the "hackeasy" who uses online socialization for narcissistic overcompensation for his results. Obviously, this change that could be called "superficialization" does not just belong to hacking, but can be seen in all areas of the modern and postmodern life. "Faster and easier" has come to characterize contemporary existence.


Unfortunately, "faster" does not always mean "better." The "fast-food" civilization has become the "fast-anything" and "easy-anything" civilization. We don't just eat faster, but we live faster, love faster, study faster, grow sick faster. As "faster" is understood as a necessity, the hacker needed some "reprofessionalization." He believed he was learning the technical activities faster and he started to use them faster, without having the patience to grow and perfect his method. Thus, the individual attack of a hacker is harder because of a decrease in technical knowledge and the impatience of the hacker to get results.


And how can the poorly prepared, inexperienced hacker - born and raised under the "hackeasy" domain - obtain the narcissistic gratification he needs? The answer came quickly and is easy to guess. If a single "hackeasy" hacker can't get a result that would be worth of praise in an online social network, then more "hackeasys" together can do it. And so appears the hacking groups, in which individual identities are lost within a group.


Today, we have a term for this phenomenon: "Hacktivism." The initiative of a single hacker can be adopted and applied online in such a way that, at some point, hundreds and thousands of hackers can simultaneously attack a target that will fall not because of their technical skill, but because of their large number. An individual scope of a hacker thus becomes the scope of a global community of hackers. Also, this type of phenomenon is intrinsically sustained by a series of internal mechanisms of the group. The gregarious mechanisms of "hacktivism" confer safety and power.


To make a parallel that helps us understand the phenomenon better, we can turn to the following example: a man of 40 years of age, middle class, exemplary father and husband, without a criminal record, no history of aggression. Once he finds himself in a group of football fans will join with those on the side of the stadium he's in. The same thing happens in street protests that transform vandalism into an act of extreme violence. The lone individual gains power from the group he feels part of and will act in unison with it. The mechanism is similar in "hacktivism," as the hacker that is part of such a group is more disposed to sacrifice his personal identity in favor of the collective.


So, the deeper reason of the change can be expressed in the following synthesis: to satisfy internal needs of narcissistic compensation that any hacker is seeking through his acts and the principle "faster and easier" of contemporary civilization, he has started to renounce a highly valued and qualified personal identity within a group of experts, in favor of the identity of a group valued more quantitatively by exposure with the help of online social platforms.


The change didn't take place at the level of internal psychological necessity or other deep reasons, but only at the level of the routes and means by which this internal psychological necessity is met. In other words, the need of narcissistic gratification and growth in self-esteem through the act of hacking has remained the same subconsciously. The change has been only in the means of satisfying it and the route to public exposure.



Apresentação de Lucian Trasa, psicólogo, para um evento da BitDefender em Bucareste.

Escrito ao abrigo do novo Acordo Ortográfico