Assessing Civilian Willingness to Participate in On-line Political and Social Conflict

Video in TIB AV-Portal: Assessing Civilian Willingness to Participate in On-line Political and Social Conflict

Formal Metadata

Title
Assessing Civilian Willingness to Participate in On-line Political and Social Conflict
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2013
Language
English

Content Metadata

Subject Area
Abstract
https://www.defcon.org/images/defcon-19/dc-19-presentations/Holt-Kilger/DEFCON-19-Holt-Kilger-Assessing-Civilian-Willingness.pdf Changes in the social dynamics and motivations of the hacking community are a potential catalyst that when combined with the expanding reliance of critical infrastructure components upon networked control systems may provide the genesis for the emergence of what is being called the civilian cyberwarrior The emerging visibility and salience of cyber-vulnerabilities within large elements of a nation's critical infrastructure is creating opportunities that are facilitating significant potential shifts in the power relationship between individuals and nation states. This paper examines some of these shifts in the social dynamics and motivations in the hacking community, their effects on the traditional power differential between individuals and nation-state actors and discusses the emergence of the civilian cyberwarrior - individuals that are encouraged and emboldened by this transformed power differential to engage in malicious acts against another country's critical infrastructure or even the critical infrastructure of their own country. In particular, this presentation will explore the findings from an international survey of youth to identify the situational and social factors that predict individual willingness to engage in physical and cyberattacks against various targets. The findings will assist researchers, law enforcement, and the intelligence community to proactively anticipate various threat scenarios and develop effective defenses against attacks on and off-line. Thomas J. Holt is an Assistant Professor in the School of Criminal Justice at Michigan State University. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. His research focuses on computer hacking, malware, and the role that technology and computer mediated communications play in facilitating all manner of crime and deviance. Dr. Holt has been published in numerous academic journals, including Crime and Delinquency, Deviant Behavior, and the Journal of Criminal Justice, is a co-author of the book Digital Crime and Digital Terror, editor of the text Cybercrime: Causes, Correlates, and Context, and co-editor of the forthcoming book Corporate Hacking and Technology-Driven Crime. He is also a regular presenter at Defcon, the Department of Defense Cybercrime Conference, and various regional hacker conferences. Dr. Holt is also the recipient of two grants from the U.S. National Institute of Justice to examine the market for malicious software and the social dynamics of carders and data thieves in on-line markets. Additionally, Dr. Holt is the project lead for the Spartan Devils Chapter of the Honeynet Project, and directs the MSU Open Source Research Laboratory dedicated to exploring the landscape of cyberthreats around the globe through on-line research. Max Kilger received his doctorate from Stanford University in Social Psychology in 1993. He is a behavioral profiler for the Honeynet Project and contributes additional efforts in the areas of statistical and data analysis. Max has written and co-authored research articles and book chapters in the areas of influence in decision-making, the interaction of people with technology, the motivations of malicious online actors and understanding the changing social structure of the computer hacking community. He was the lead author for the Profiling chapter of the Honeynet Project's book Know Your Enemy (second edition) which serves as a reference guide for information security professionals in government, military and private sector organizations. He also coauthored a chapter examining the vulnerabilities and risks of a cyberattack on the U.S. national electrical grid. His most recent published work is a book chapter on social dynamics and the future of technology-driven crime. He currently is working on two chapters dealing with cyberprofiling for a book on cyber-counterintelligence to be published in early 2012. Max was a member of the National Academy of Engineering's Combating Terrorism Committee, which was charged with recommending counterterrorism methodologies to the Congress and relevant federal agencies. He is a frequent national and international speaker to law enforcement, the intelligence community and military commands as well as information security forums.
Loading...
Cybersex Point (geometry) Area Slide rule Dynamical system Context awareness Multiplication sign State of matter Physicalism Device driver Bit Internetworking Different (Kate Ryan album) Computer crime Touch typing Revision control Virtual reality Associative property Physical system
Point (geometry) Slide rule Group action Variety (linguistics) Line (geometry) Range (statistics) Mass Parameter (computer programming) Mereology Twitter Revision control Facebook Medical imaging Frequency Spring (hydrology) Malware Mechanism design Mathematics Different (Kate Ryan album) Internetworking Hacker (term) Hypermedia Vector space Computer-assisted translation Booting Binary multiplier Cybersex Addition Shift operator Information Forcing (mathematics) Electronic mailing list Physicalism Denial-of-service attack Connected space Hypermedia Frequency Integrated development environment Revision control Connectivity (graph theory) Website Quicksort Virtual reality Resultant
Point (geometry) Laptop Group action Variety (linguistics) Multiplication sign View (database) Flash memory Set (mathematics) Twitter Revision control Mechanism design Telecommunication Internetworking Different (Kate Ryan album) Hypermedia Vector space Videoconferencing Message passing Proxy server Information Shared memory Planning Control flow Group action Connected space Tablet computer Message passing Hypermedia Vector space Personal digital assistant Telecommunication Revision control
Dynamical system Multiplication sign Decision theory Student's t-test Confluence (abstract rewriting) Exploratory data analysis Mechanism design Different (Kate Ryan album) Operator (mathematics) Cybersex Collaborationism Building Software developer Projective plane Sampling (statistics) Denial-of-service attack Bit Vector potential Type theory Vector space Integrated development environment Mixed reality Order (biology) Universe (mathematics) Revision control Faktorenanalyse Whiteboard Hacker (term)
Cybersex Type theory Mechanism design Observational study Mixed reality Cybersex Cellular automaton Faktorenanalyse Bit Table (information) Identity management
Scale (map) Group action Building Scaling (geometry) Touchscreen Distribution (mathematics) Length Military base Variety (linguistics) Lemma (mathematics) Maxima and minima Mereology Student's t-test Flow separation Wave packet Different (Kate Ryan album) Term (mathematics) Order (biology) Computer worm Right angle Game theory Local ring Writing Lambda calculus
Group action Server (computing) Cybersex Programmable read-only memory Total S.A. Twitter Number Attribute grammar Revision control Facebook Goodness of fit Computer worm Physical system Cybersex Area Modal logic Scale (map) Execution unit Point (geometry) Electronic Government Physicalism Electric power transmission Flow separation Type theory Arithmetic mean Order (biology) Website Writing
Server (computing) Gender Cybersex Maxima and minima Power (physics) Number Web 2.0 Hacker (term) Different (Kate Ryan album) Data structure Gamma function Extension (kinesiology) Form (programming) Cybersex Execution unit Distribution (mathematics) Channel capacity Gender Interior (topology) Physicalism Bit Extreme programming Limit (category theory) Degree (graph theory) Basis <Mathematik>
Group action Linear regression Civil engineering Variety (linguistics) Equaliser (mathematics) Cybersex Copyright infringement Computer simulation Variable (mathematics) Independence (probability theory) Cross-correlation Different (Kate Ryan album) Hypermedia Software Energy level Identity management Cybersex Dependent and independent variables Variety (linguistics) Copyright infringement Linear regression Gender Computer simulation Physicalism Group action Statistics Measurement Type theory Hypermedia Software Prediction Computer crime Energy level Form (programming) Identity management
Group action Scaling (geometry) Equals sign Equaliser (mathematics) Multiplication sign Group action Mereology Variable (mathematics) Independence (probability theory) Local Group Commitment scheme Different (Kate Ryan album) Statement (computer science) Ideal (ethics) Flag Video game Condition number Commitment scheme Ideal (ethics) Identity management Identity management Condition number Flag
Area Group action Greatest element Context awareness Scaling (geometry) Cybersex Maxima and minima Group action Greatest element Event horizon Measurement Variable (mathematics) Independence (probability theory) Local Group Cross-correlation Physics Form (programming)
Standard deviation Divisor Gender Multiplication sign Copyright infringement Set (mathematics) Student's t-test Computer Computer programming Variable (mathematics) Formal language Independence (probability theory) Hypermedia Software Operating system Divisor Operations research Standard deviation Copyright infringement Gender Java applet Sampling (statistics) Computer Computer programming Formal language Hypermedia Software Musical ensemble Physical system
Group action Context awareness Cybersex Mathematical analysis Multiple Regression Variable (mathematics) Independence (probability theory) Local Group Cross-correlation Hypermedia Software Form (programming) Identity management Cybersex Predictability Copyright infringement Physicalism Computer simulation Extreme programming Computer Type theory Hypermedia Software Faktorenanalyse Identity management
Group action Linear regression Equaliser (mathematics) Cybersex Copyright infringement 1 (number) Reflection (mathematics) Mathematical analysis Computer simulation Perspective (visual) Local Group Exploratory data analysis Term (mathematics) Negative number Identity management Form (programming) Cybersex Multiplication Copyright infringement Expression Logistic distribution Computer simulation Physicalism Maxima and minima Binary file Variable (mathematics) Statistics Flow separation Type theory Speech synthesis Faktorenanalyse Freeware Form (programming) Identity management
Cybersex Area Group action Multiplication Linear regression Equaliser (mathematics) Cybersex Logistic distribution Computer simulation Physicalism Mathematical analysis Binary file Computer simulation Statistics Local Group Type theory Faktorenanalyse Form (programming)
Group action Equaliser (mathematics) Direction (geometry) Cybersex Power (physics) Local Group Facebook Sign (mathematics) Latent heat Term (mathematics) Negative number Maize Website Position operator Sanitary sewer Form (programming) Identity management Cybersex Distribution (mathematics) Multiplication Copyright infringement Reflection (mathematics) Computer simulation Physicalism Maxima and minima Variable (mathematics) Type theory Message passing Root Web 2.0 Odds ratio Identity management
Cybersex Group action Dependent and independent variables Server (computing) Copyright infringement Equaliser (mathematics) Cybersex Maxima and minima Physicalism Computer simulation Core dump Plateau's problem Local Group Web 2.0 Facebook Message passing Facebook Website Message passing Identity management Position operator
Cybersex Domain name Information Copyright infringement Euler angles Gender Reflection (mathematics) Cybersex Materialization (paranormal) Reflection (mathematics) Physicalism Cyberspace Degree (graph theory) Type theory Hacker (term) Term (mathematics) Hacker (term) Virtual reality Spacetime
Cybersex Dynamical system Group action Reflection (mathematics) Equaliser (mathematics) Cybersex Sampling (statistics) Physicalism Group action Local Group Degree (graph theory) Different (Kate Ryan album) Identity management Identity management
Copyright infringement Multiplication sign Copyright infringement Sampling (statistics) Computer simulation Control flow Computer simulation Mereology User profile Type theory Different (Kate Ryan album) Universe (mathematics) Set (mathematics) Bounded variation Bounded variation
Group action Context awareness Dynamical system State of matter Multiplication sign Archaeological field survey Mereology Disk read-and-write head Perspective (visual) Computer programming Different (Kate Ryan album) Descriptive statistics Reflection (mathematics) Sampling (statistics) Sound effect Computer simulation Physicalism Bit Measurement Degree (graph theory) User profile Type theory Category of being Arithmetic mean Computer crime Computer science Quicksort Virtual reality Resultant Point (geometry) Identifiability Observational study Divisor Variety (linguistics) Copyright infringement Motion capture Student's t-test Computer Number Goodness of fit Inclusion map Cross-correlation Causality Natural number Term (mathematics) Hacker (term) Representation (politics) Energy level Form (programming) Dialect Dependent and independent variables Validity (statistics) Copyright infringement Poisson-Klammer Extreme programming Vector potential Software Universe (mathematics) Family Window
Game controller Group action Dependent and independent variables Email Observational study Validity (statistics) Copyright infringement Denial-of-service attack Measurement Power (physics) Twitter User profile Facebook Type theory Malware Computer crime Term (mathematics) Different (Kate Ryan album) Identity management
a lot of the discussion here is always about the technical dynamics the way in which systems are being attacked but we don't often give as much tension perhaps as is necessary to that overlap between physical and virtual so what we're going to do today is walk through some of that and actually touch on how those two areas might intersect and in what ways somebody who's going to attack a system online might also be willing to do something offline and what those kinds of relationships might mean we think about the virtual environment as its own animal but realistically speaking they could be entirely different they could have some distinct drivers that are in common they could have some very distinct differences and so that's the point of today's talk so to tell you a little bit about myself I'm a Tom whole time the first guy on the slide I'm an associate professor at Michigan State University in the school of criminal justice I do a lot of research on cyber crime and the social dynamics of the internet and how that affects criminal behavior whether it's hacking whether it's prostitution or something else and so our interest both Max and I was in trying to understand a little bit more about what is going on in the context of physical attacks and cyber attacks I'm just going to jump right into the first
slide since a lot of this is is relatively introductory anyway when you think about the historical at least within the last decade range of attacks that we've seen based on real-world conflict spilling over into the virtual environment the Danish cartoon attacks are an excellent example of this posting the image of the Prophet with abominus turban leads to mass defacements from a variety of different hacker communities but with a specific emphasis on the Turkish community you could go all the way back to the US spy plane that crashed in China in 2001 and sparked that sort of brief hacktivists debate between Chinese attackers and American hackers defacing one another's websites then we have Russia and Estonia that conflict which began over the removal of a statue in a cemetery leads to both boots on the ground kind of conflict and serious denial of service attacks compromises spamming list goes on over the last year with the Arab Spring where we've seen mass protests in the street physical violence that's being taped that's being posted that's being reposted that's organized in part through Facebook or Twitter or other kinds of social media the intersection of the Internet is really critical and we shouldn't just give short shrift to it and then over the last few months with the anonymous and lull SEC attacks how many of you have seen a lot about this this week with black hat and everything else probably tons this is probably old news but it continuously occurs and they're getting a lot of press and they're getting a lot of attention from a variety of different outlets when you have hacker groups like anonymous and the lulz sec being discussed on the daily show even though ingest that really says something about the tenor of what is happening so what we are interested in trying to
understand is why there's this increasing emphasis placed on the cyber environment the frequency of attacks is increasing even just anecdotally there are more resources being targeted in a variety of different ways they might be simple attacks they might be more serious regardless it seems as though there is a distinct change in the tenor of the attacks in addition just over the last decade since we have so much connectivity globally pretty much now the only parts of the world that aren't well connected appears to be sub-saharan Africa otherwise both at the tips of Africa there's high-speed connectivity there's good general ability to access information as a result the use of technology as a force multiplier and as a mechanism for civilian actors is increasingly important and you could argue that it's forcing a shift in both policies at the nation-state toward other nations as well as toward prospective citizen attackers now we've got the little Stuxnet picture up here to emphasize that point stuxnet nobody knows quite for sure who created it there's lots of arguments about where it might have came from and who is responsible but if nothing else the fact that this kind of very targeted weaponized malware that's out there that could be adapted by skilled actors suggests the cat is out of the bag and how do we deal with it how do we determine what might occur when we think
about technology in political conflict in general we've got to look at it both as a mechanism of communication and as an attack vector for communications it's perfect it's excellent for these citizen to use because you've got access to phones you've got various kinds of connections for the internet and you can do real-time communications so getting a group together having a flash mob having the ability to organize come together and disband quickly is pivotal these are cheap things to do how many of you have a cell phone plan and how many of you carry more than one phone at any point in time anybody good I used to have to myself carry around a lot a lot of gear a lot of equipment how many of you have a tablet pc and a laptop ipads whatever okay there we go the anonymity that's afforded by these devices is also important you can find a variety of different ways to get online whether you're using a proxy whether you are going through tor whatever the case might be you can find ways to access share information and get around the lull sec twitter feed is always interesting to read and somewhat unusual
when we think about technology this is particularly true with the jihad movement with a variety of different extremist groups but this point should be emphasized also technology gives a voice to the marginalized group it allows them to control the message and spin it in their own way so you could think of the camera phone that's directly recording violence on the street and posting it to youtube or other resources is going to put a message out the fact that anonymous and lulz set can post their own messages and tweak how people take point of view even in the last couple of years we've seen the jihadi movement directly posting comments videos taking questions from the media and then posting them online so this is a vehicle to control how you are perceived or at least how you engage with the broader society and then from the technological
attack vector it's a great resource you can damage critical infrastructure or you can damage reputation by itself if you think about Arizona being hacked the InfraGard attack the HB Gary attacks all these things provide a mechanism to embarrass if not cause harm some of you might have read a couple of weeks ago on the wired threat down the fact that DHS is now concerned about a Stuxnet attack here in the United States or at least a modification of stucks for some kind of attack this is not expensive in order to obtain if you read anything or heard anything about Operation Payback which was early in 2010 in late two thousand nine where anonymous was attacking both the business community and governments the tool that you downloaded was absolutely free very easy to use and it just helped in denial of service so it's not an expensive type of attack but it can still be effective so the anonymity that's provided the attack capability this is really really critical and as a
consequence we're arguing that this confluence of technology and society as a whole is enabling the development of the civilian cyber warrior an individual who is both emboldened by all of these resources and sees the attack potential with technology and is using it as a mechanism to go after nation-states private industry or whatever target they feel is deserve it that doesn't necessarily mean that these are lone wolf actors they can be they could be organized based around a philosophy they could be working in tandem with a nation-state whether with tacit or other approval or they could be totally opposed to what's going on in their own home country and decide that this is the time to act regardless with the emergence of the cyber warrior the civilian actor it's not quite clear what drives this behavior why do some go online and does the individual who's willing to act in a cyber environment have any relationship to what we might view as kind of the traditional protester or the individual who engages in civil disobedience what's the relationship between these two things so what I'm going to walk you through today are some findings from research we've been conducted we've collected a sample of students from a Midwestern university a large one at that and we've got a mix of both US citizens and foreign nationals we're also working with some partners in different countries to develop samples based on their student populations right now we've got Italy Russia and Taiwan on board so we're hoping to understand a little bit about different dynamics in different nations and understand what might drive someone in another country we're still looking for potential collaborators so if what I go through today sounds interesting and you might have the capability to help us with this research please let me know we'd be happy to have you on board we're really excited about this project we think it's a very interesting and innovative kind of thing our goal is to really get at this phenomenon in depth so let me take
you through what exactly we've set up
we've tried to understand for inter related phenomena individuals who are willing to attack a country specifically their home country in the physical world whether they're willing to engage in cyber attacks against their home country and whether they'd be willing to attack a foreign nation online or offline so it
creates this kind of four celled table the type of attack the target of the attack so a foreign nation or their home country and in trying to get at these mechanisms we've had to figure out a way that would get past perhaps national identity or individual biases against other countries it's hard to survey a population of individuals and get past personal prejudices so when I walk through a little bit about the foreign country example I'll show you what I
mean so let me take each one of these in turn
will start with the physical attack against the homeland item here on the right hand side of the screen you will see the percentages for individuals willing to engage in certain kinds of attacks we provided a scenario imagine that the country that you most closely associate with your home country or homeland given the population of students we had our from a variety of different places we wanted to make sure that we didn't specify a certain locale instead what country are you from and where do you associate as your home country pretend that they've recently promoted national policies and taken physical actions that have had negative consequences to your home country it's caused hardships for the people in your home country what would you do in order to take action against your home country in these policies choose as many as you want and within the sarin within the scenario assume you have the skills necessary to complete the act so you can get the training you can get the resources whatever it is how far would you be willing to go in support of your beliefs as we go down the column in terms of severity its do nothing fair amount of people said I'd do nothing write a letter so seventy percent almost said this participate in a protest protest at your country's home capital confront one of your senior government officials about their policies still have a fair proportion of people who do that sneak into a military base to write slogans on buildings or vehicles a relatively small proportion here agreed with that physically damaged an electrical power substation in your country less than two percent and then damage a government building in your home country with an explosive device so we only had three say that so kind of a good-news bad-news thing not too many are willing to go to extreme lengths on the bad news side you really only need one or two people who are willing to go to this length to actually cause some trouble so this is the physical scale we use the same scenario to assess physical damage to a foreign nation let me walk
you through these cyber end of things so it's the same scenario assume that you have the necessary Gill's to carry out any action below we start with do nothing then post a comment on a social networking site like Facebook or Twitter seventy-seven percent were willing to do so to face the personal website of a government official for your home country only thirteen percent to face an important government website twelve percent compromise the server's of the bank to withdraw money to give to victims of government policies or actions only 15 search your home country's government servers for secret papers that you might be able to use to embarrass the government around ten percent compromise one or more of your home country's military servers to affect military readiness so less than five percent and then these last two are particularly severe compromised the power grid to cause a blackout less than two percent or compromised a nuclear power plant system to cause a small release of radioactivity so we only have three here again good news bad news not too many engaging in the most severe types of attacks but they're still there so taking both of these examples we then
move on to the foreign question now in order to assess without any bias a foreign nation we developed a fictitious country called Bogoria as a means of providing a non attribution country that no one has any particular bias against if you are from China if you were from Russia if you're from the United States just pretend that a foreign country has done something to your homeland as a consequence what would you be willing to do and what do you think would be appropriate for you to do against Bogoria based on the physical scenarios so it's the same activities only against this fictitious country of big area so the proportions are about the same we have a number of people who are willing to write letters engage in protests travel to engage in protest a small proportion engaging in some kind of physical conflict and a very small number who are willing to travel in support of physical violence against that country and then we use the same
scenario for cyber attack and the distribution is somewhat similar to the homeland issue many people are willing to post a calm publicly on facebook or twitter some are willing to engage in to face mints server compromises are acceptable to a certain proportion and the compromising military servers causing harm against power structures and otherwise a small percentage so if we take this for what it is this is telling us that a very limited number of individuals regardless of skill or capacity are willing to engage in extreme acts of violence but what we might consider as kind of common forms of protest a more healthy proportion of people are willing to do
this when we took these items and ransom crosstabs we didn't find a lot of difference between the geographic actors so whether you are a US citizen or a foreign national there were no significant differences between the two but on gender we separated this by male and female and it seems as though males are a little more likely to travel for protest and confront government officials at least on the physical side of things on web defacement and server compromises again this is a little bit more heavily skewed towards men this fits to a certain degree with what we know about the general demographic composition of the hacker community if we think about cyber attacks as perhaps an extension of hacker capabilities this is a somewhat interesting relationship and the one that we might expect to see
moving from the general basic
demographics we've tried to figure out ways to predict who's going to engage in these kinds of attacks based on certain criteria so I'm going to walk you through some regression analyses through the statistical models that we've created but first I want to give you a sense of the measures that we used we tried to create a variety of different independent variables based on emotional national identity how much do you attach yourself to your national identity your belief in a guate and equality for groups antagonism towards out groups to groups who are different from you the level of nationalistic ethnocentrism so something akin to national pride or willingness to engage in violence based on your nation the willingness to engage in either physical or cyber attacks so taking our cyber items we want to see if there's any correlation with physical attacks and vice versa so we have country of origin willingness to engage in software and media piracy given the prominence of the anonymous and the all-sec attacks we wanted to see if there's any relationship at all between piracy and acts of civil disobedience or protest or otherwise we had some other items for different types of computer crime but they weren't very correlated they didn't really show any kind of relationship the level of technical skill that a person has and finally demographics based on age and gender so
here's the national identity scale I'm proud to be a citizen of my home country I'm emotionally attached to my home country and I'm emotionally affected by its actions although at times I may not agree with the government my commitment to my home country remains strong I feel a great pride in the land that is my home country when I see my home country's flag flying I feel great and the fact that I'm a citizen of my home country is an important part of my identity so this was a Likert scale item ranging from one to four strongly disagree to strongly agree the more someone agrees with these statements the more they have a very high emotive national identity and we adapted a lot of these items from political science and from military science research on willingness to support military action in general belief in group equality
again the more heavily skewed towards agree the more you believe in group equality group equality should be our ideal all groups should be given an equal chance in life we should do what we can to equalize conditions for different groups we'd have fewer problems if we treated people more equally we should strive to make income as equal as possible and finally no group should dominate in society out
group antagonism some groups of pardoning sorry some groups of people
are simply inferior to other groups if certain groups stayed in their place we'd have fewer problems it's probably a good thing that certain groups are at the bottom and other groups are at the top inferior group should stay in their place and sometimes other groups must be kept in their place so those who are more supportive of group antagonism so this is again scaled towards agree the more higher their overall willingness to engage in perhaps attacks nationalistic ethnocentrism
other countries should try to make their governments as much like my home country's government as is possible generally the more influence my home country has on other nations the better off they are and then finally foreign nations have done some very fine things but my home country does things in the best way of all now this is actually a measure adapted from some research in political science that included some measures related to performance in the Olympics or in multinational sporting events we didn't include them here and instead wanted to try to just create as brief a scale as is possible on the attack side we have the maximum form of attack an individual is willing to perform against either their home country or big area so how far would you go in the context of an attack we've used this as a correlate to understand if this predicts any form of attack in
general for a country of origin being a US citizen or a foreign national with in this sample our foreign nationals comprise about ten percent of the overall sample and this includes students from China Russia the Middle East including Iran and a few other nations and then finally participation in piracy this was how many times in the last 12 months have you knowingly downloaded used or made copies of software or media so media being television music or movies and this
might be of interest the computer skill item we included a battery of questions related to how they use technology what kinds of things they can and can't do with computers and use these three items to create kind of an advanced skill factor can you use an operating system like UNIX or Linux can you use a standard computer programming or scripting language and have you ever installed an operating system like UNIX or Linux that way we get those who might have a slightly higher skill set relative to others and then age and gender so taking these items we try to
develop a model to predict the most extreme act that an individual would engage in so what predicts the most severe attack against their homeland in a physical context what was significant is cyber skill so how much computer technology skill do you have the more skilled they actor the more willing they were to engage in an extreme form of physical protest homeland support what nation are they from was also related willingness to perform a cyber attack this was a positive relationship so if you were going to engage in a physical act you're also likely to engage in a very serious type of cyber attack pirating software or media was also significant so the more they engaged in piracy the more likely they are to engage in a physical attack which is kind of interesting we weren't expecting to find this and then out group antagonism this was actually a negative relationship so those with minimal out group aggression were more likely to engage in some kind of protest so this is is somewhat interesting perhaps there's maybe an activism affected play someone who feels there should be general generally little aggression towards other groups and who feels as though a cyber and physical attacks are related when we use this
model to predict cyber attacks against the homeland we found some of the same relationships and emotive national identity was relatively significant but it's negative so those who have a minimal emotional attachment to their home country are willing to engage in cyber attack which we didn't find in the physical model US citizens were more likely to engage in cyber attack willingness to perform a physical attack was highly related here so there's a significant correlation between these two acts and then the pirating software or media was again significant so we're seeing piracy as a somewhat significant predictor these homeland models worked really well there's a problem though we
couldn't get the big Aryan attack models to work at all nothing was significant in terms of predicting the most severe type of attack it could be that we're missing some important predictors that the items that we have just are not correct it might be alternatively that it's no specific predictor so let me walk you through a few other models that we try to develop to get at this issue we created a dummy variable
for multiple attacks would you only do one thing or would you be willing to engage in multiple attacks and with this
we actually found some of the same relationships on the physical end of things engaging in an attack against your homeland those who believed in group equality were more likely to engage in multiple forms of physical attack against their homeland for out group antagonism this is again negative so those with minimal aggression towards out groups or towards groups that do not resemble them we're more likely to engage in physical acts the homeland variable is significant so US citizens were more likely to do this and then finally cyber attack was also significant now given that the u.s. is coming up as a somewhat important predictor here perhaps it has something to do with the perspective of free speech with political expression here in this country we're not quite sure if this is something distinctive or other ones on the cyber end of things the homeland issue drops out as does out group aggression but negative emotional national identity is still significant so those who have minimal attachments to their home country are more likely to engage in multiple forms of cyber attack piracy is again significant as is a willingness to engage in physical attacks what's interesting is that we
were finally able to get the big Aryan models to work so this foreign attack finally hung together on the physical end of things out group antagonism is again negative so the less extreme you feel about out groups the more likely you are to engage in multiple attacks the cyber attack variable is significant to on cyber attacks themselves against big area only two things mattered a willingness to engage in physical attacks and group equality but here we're seeing a negative relationship so those who feel that group equality is not important that we should actually have some kind of apportioning of groups within any given community is significant and this is somewhat different than what we were expecting to find now based on this we've just looked
at severity and we've looked at multiple types of attacks so we wanted
to see what happens with each specific form of behavior and given that the distributions are a little funky we had to only include certain items because otherwise we couldn't get the models to work there just was not statistical power so here the signs are reflection of positive or negative relationships and we have the odds ratio below as well as it's probably hard to see but these little dashes are significance for each variable so you can see that doing something individuals who are willing to do something on behalf of their nation this is mostly negative cyber attacks don't appear to matter for some reason when it comes to doing any type of activity but it is completely important for writing a letter engaging in physical protest traveling to engage in a protest and confronting a government official these are extremely significant variables and the same with advanced skill so the more skill and individual has the more likely they are to engage in physical attacks out group antagonism is negative here across multiple forms and group equality is only significant when it comes to writing a letter the other variables are not included here because they were non-significant in
terms of cyber attacks against the homeland we see physical attacks as again being highly significant predictors and the same with piracy a motive national identity is also relatively low so it seems as though individuals with minimal attachment to their home country are more likely to engage in cyber attacks group equality is only significant for doing something and posting a message on facebook and it's again- in a slightly different direction than what we would have
expected on the physical end of things with regard to cyber attack against Bogoria this was again a very highly related very positive relationship age was significant for doing something so the older you are the more likely you are willing to do something against a foreign nation out group antagonism was significant for only writing a letter and participating in a protest and then
when it comes to cyber attacks there were only three significant predictors out of all those independent variables piracy and engaging in a physical attack predicted web defacements and bank server compromises and posting a message on facebook relates to group equality as a somewhat significant predictor so using these different models it seems as though the physical attacks highly significant piracy matters and in general we find
very minimal influence of what we might refer to as ethnocentric beliefs demographic predictors are not necessarily strong gender doesn't seem to matter age doesn't seem to necessarily matter the relationship between technological skill and the attack type we thought was relatively interesting also given that it's tied to physical attacks overall maybe it's something to do with general involvement in technology we might think of the hacker culture as being to a certain degree kind of counterculture this belief in information being free and otherwise maybe this has some influence the fact that it doesn't matter when it comes to either domestic or foreign cyber attack though is different than what we might have otherwise expected perhaps it's a suggestion that in a virtual environment attackers are willing to do whatever they can regardless of overall skill in terms of
the physical and cyber attack relationship it seems like these two spaces really converge if you're willing to do something in one domain you're probably going to be willing to do it in the other the piracy relationship was also relatively important noting it both for cyber attack in to a certain degree for physical attacks this could be some kind of a general reflection maybe of ethical attitudes toward behavior on and offline willingness to pirate materials might be some kind of a larger reflection of how you feel about legal strictures the notion of copyright and ownership this is still something we're trying to figure out but it's important to note that this is something that
appears to be at play the significance of being a US citizen also is key this could be just a consequence of the larger sample of US citizens overall but it could be again a reflection of how we perceive the ability to talk about our government and deal with different dynamics and the out-group antagonism item for physical attacks and to a certain degree cyber attacks is also very interests perhaps those who have more sympathy towards others are willing to engage in attacks that they feel are supportive of the entire country or the entire nation not marginalize in one group over
another group equality also seems to be important those who are less supportive of the group appear more willing to engage in certain kinds of tax and emotive national identity being low suggests that if you don't really care or have a strong attachment to whatever it is that your nation stands for the more willing you are to act against it because you believe they're doing something wrong or otherwise if we're to
try to take away a general model from this relatively exploratory research we might say that a person who's willing to engage in a tax on or offline believes in social quality has minimal attachments to their homeland engages in different types of piracy and is willing to attack both on and offline but we don't know how stable this is across place or across time and so that's why
we are trying to go out and get different samples together as we're putting more and more of this research together we'd like to have as international sample as is possible to get some of these additional variations to understand more of what might be going on so our relationships with other universities we're trying to build that up to do what we can we're also trying to be as inclusive as is possible we would love to get some individuals from Middle Eastern nations involved from Africa from different parts of Europe as well if you know anyone if you find any of this interesting please let us know
in general I'm going to open it up to questions and I thank you all for coming I realize it's very early so fire away thank you good the question is age appeared to matter for different kinds of attacks in one circumstance that the older they were the more likely they were to engage in attacks no we did not bound age by any specific category instead it's just a reflection of the age of the student population as a whole at the high end we I think it was around 35 but we only have a small number of individuals who are in that age category and this sample includes both undergraduate and graduate students so we get a smattering of people at different age groups yes ma'am sure the question is are we going to try to be more inclusive with regard to age if possible we'd like to but just given the general nature of University samples it's hard to get past a certain age bracket and it might also be kind of a sampling bias some people might be if they're working full-time there might be less inclined to do a survey like this but yes if we could we'd like to yes sir so the question is you looked at skill but could it also be something related to anonymity might that be important it certainly could be we have some other items that are included relating to how they perceive virtual environments but we didn't include them in here instead we thought let's see if any of these sort of political science items might matter since only a few of them are significant it's possible they might so we are going to include these in our further analyses yes sir so the question is we looked at this general perspective of what social group do you belong to it's possible that being affiliated with we're perceiving yourself as a minority group or attached to some other type of small group within a larger population might matter we don't have that in our initial survey we do have an item for what nation are you from we didn't want to include religion or some other potential hot-button issues that might turn someone off from completing it but it's possible that it might and that is something that we definitely will think about including in further survey sure that that's very possible that that might matter yes ma'am absolutely it certainly might the question is does regionality perhaps bound the sample and it might and what we can say is that to a certain degree this is representative of larger Midwestern states but yeah it might matter with regard to north east or west or otherwise so if we could get some other universities across country good work yes sir some of the damages so the question is how do we capture the lone wolf perhaps paranoid actor who suddenly finds an issue in acts on it so sort of in a physical context the tender theme McVeigh's of the world not necessarily I don't know that we could find that but it is a question that if we could find a way to address it it would be helpful I don't know of any ways to do it right off the top of my head but it's possible that there could be some way to get that any other questions I know there were still some hands up yes sir the willingness to engage in attacks in support of another group is that just perhaps part and parcel of being in a college campus maybe just the general dynamic of being within this age group it's possible it's hard to say though whether this is just a representation of us college students as a whole I don't know if we can find other ways to get at this hopefully we can we can find ways to answer it with the Italian the Russian and the Taiwanese samples we're hoping that that might get it that a little bit more with different regional and national context perhaps there are some differences yes sir so if I heard correctly the your point is with regard to policies and how that might affect behavior gotcha yeah so perhaps the way that we've operationalized the scenario in terms of some country whether it's your home country another one is using policies that affect the group without specifying policy maybe we're missing some intrinsic motivation that could be important mmm that certainly could be we've tried to figure out a variety of different ways to capture how we would strategize measuring attack and we didn't want to get too specific in terms of using physical violence against the population or economic sanctions or otherwise we try to make it as as kind of nondescript as as possible so that way unfortunately you're right we might be missing some motivation perhaps an a in the context of either an invasion scenario or a repressive regime it might be a different dynamic it is certainly possible but it's hard to tease out those specific items yes are you in the way back can you say that again really loud I think I heard you are there any causal relationships thus far so far we can only say that based on these analyses the description that i have
here seems to best capture it with these correlates in general the social quality items being significant the emotional attachment to your homeland being significant weather that is truly causal or not I can't say that these appear to be strong correlations for different types of attacks most extreme types of attacks and willingness to engage in multiple attacks yes ma'am hmm mm-hmm it's a very good question we thought about trying to expand it yes we have it's somewhat hard to do if for no other reason than having tried to collect surveys at hacker conferences and things like that before it it can be something of a challenge but yeah we'd love to find a way to access larger populations we did this as kind of a startup with in both of our institutions as a means of seeing if if any of these items would even work and now that they appear to have some salience that's why we're trying to take an international and if we could do something whether telephone or physical conferences or otherwise we'd absolutely love to and you make a good point perhaps this kind of bounding of a group might have we might find different results with a larger sample yes sir hmm sure so the first point relates to anonymity maybe that does have some influence here you're absolutely right the second point is how we are perceived might affect the responses that we get there is truth to that that's why when we administered the survey we send it out to a 25-percent stratified sample of the university we offered no kind of payment for participation or otherwise and just clearly elaborated the purpose of the study and our role as researchers within the institution this was not funded by any particular group or otherwise so we were as transparent as is possible that our motives for conducting the survey you're right that individual respondents might have their own kind of ideas about this when I tell people I work in a school of criminal justice that immediately sets off certain bells for some people so you're right this might influence some of the results in general however I think this gives us at least in an initial window into trying to explain some of this phenomena or identify relevant questions so though certainly different factors might affect the individual respondent I think this gives us a starting point if nothing else to begin a dialogue about who's going to engage in certain forms of attack are there any other questions yes sir can you say that really loud I heard something about punishment but good so the question is did we factor in anything about being caught the potential for you no harm by government or by some sort of law enforcement agency no we did not when we've surveyed students in the past about their perceptions of different types of punishments and the deterrent effect of different punishments it appears to be relatively ineffectual there's been a variety of different social science studies looking at computer attack and the only time that deterrence has any kind of influence it all appears to be with regard to software piracy by University sanctioned groups but less so from law enforcement and otherwise so we didn't include those items because we thought we weren't going to get a much bang for our kind of instrumental buck but it is something that that could matter particularly in other nations where there might be more oppressive or authoritarian kinds of sanctions so certainly it might matter as we branch out into other nations we're going to look at this issue it with some depth there was question over here yeah was personal or family economic of concerns built into this we did include items for employment there was are you full-time part-time unemployed we didn't include anything about their actual a sort of income level but just looking at employment as a measure it was non-significant across some of these models so we threw it out so it doesn't appear to matter but it might in some of the other nations that we're looking at so that is something to keep in mind yes sir we did not control for degree program although that is something that we're going to do when we look at some of the other nations particularly because we're working with people in computer science and social sciences we didn't include it because it hasn't necessarily been a significant predictor aside from early studies of computer crime with regard to being in an IT program appears to be a more significant predictor but it is something that we're going to include later yes sir yes we do have some validity instruments they can be provided if you're interested in seeing them in particular
the emotive national identity out group antagonism and a group of quality items were taken from relatively heavily tested research so they have some validity already in the empirical literature so we'd like to say that these are stable the cybercrime measures that we've included are from different studies with in criminal justice and criminology and they have pretty high validity as well any other questions yes ma'am okay did we measure anything with regard to encouraging others to take action so kind of spurring activity by others not necessarily if you wanted to think of it that way perhaps the posting on Facebook or Twitter might be something of an enticement to others or an inducement but not directly spurring action Byler's no we didn't include that we kind of debated back and forth about including things like engaging in denial of service attacks or explicit types of attack but did not include them just for fear about how individuals might perceive it we included as some control measures have you ever created malicious software have you ever used it but the proportion of respondents who said yes was so low that they provide relatively little in terms of explanatory power but the enticement question is something that we should definitely look into any other questions no well good thank you all for coming I hope it was interesting feel free to shoot us an email community
Loading...
Feedback

Timings

  446 ms - page object

Version

AV-Portal 3.19.2 (70adb5fbc8bbcafb435210ef7d62ffee973cf172)
hidden