Greetz from academe: On motivation


John Aycock

University of Calgary, Canada
Editor: Helen Martin


In the latest of his 'Greetz from Academe' series, highlighting some of the work going on in academic circles, John Aycock looks at academic focus on hackers.

Some academics are fascinated by what young men do with their computers. I don’t mean that in a licentious, ‘Quick! Censor the Internet!’ way, though. It seems that every few years I stumble across an academic article written about the dreaded hackers, their motivations, and what can be done about them. Invariably this involves interviews with adolescents or young men – at least it does in the cases where the academics bother to track them down (some papers just survey university students and call it a day, but they shall remain citeless). In this context, the focus on individuals bearing the Y chromosome does seem to be largely accurate, statistically speaking, along with the age bias. (Perhaps there is a hidden demographic of senior citizens who hack, but presumably they’re too wily and treacherous to be caught.)

My latest find was in a recent issue of the Communications of the ACM, or CACM for short. CACM is the premier publication of the Association for Computing Machinery, a decades-old organization to which many academics belong, giving them access to a massive digital library along with a really spiffy membership card (VB, take note!). Xu et al.’s paper ‘Why Computer Talents Become Computer Hackers’ [1] is yet another foray into the hacking area, albeit with a Chinese cultural focus – both a strength and weakness that the authors note. The basis of their paper: the expected interviews with six young male hackers.

The academic focus on the portrait of the hacker as a young man may seem somewhat puzzling to those on the front lines of the anti-malware industry, and even those academic security researchers who do very applied work such as botnet infiltration. Having spent time in both camps, I think the anti-malware industry surpasses the academics with respect to colourful names – I remember one anti-malware conference where an attendee in the audience referred to malware writers as ‘scum-sucking pigs’. And that was before the bar had opened.

In all seriousness, though, surely most security havoc is now caused by more seasoned professionals. Xu et al. suggest that there is a progression over time from ‘affection for computers’ to ‘curious exploration’ to ‘illicit excursion’ to ‘criminal exploitation’ [1]. As a cynic, I would interpret this progression to mean that curiosity and affection for computers should mercilessly be stamped out. The authors’ conclusion from their research is somewhat different: ‘Eliminating tolerance and strengthening moral-value constraint appear to be the only manageable options in resisting hacking today.’

Whenever I read academic papers on this topic, I’m reminded of Sarah Gordon’s work on virus writers (e.g. [2], [3]), which regrettably is often overlooked in academic papers, even though she published a relatively recent commentary on it in an academic venue [4]. Again, the gap between industry and academia rears its head.

Although I callously spoiled Xu et al.’s paper by giving away its conclusion above, the periodic nature of academic ‘hacker motivation’ papers ensures that there are more. A particular favourite of mine was also published in CACM, in 2005. McHugh and Deek argued that a sandboxed ‘microcosm’ in which hackers could unleash their malware safely would be good for the Internet at large [5]. They delved into hacker motivation to address the rhetorical question: ‘Is the system we propose likely to attract the interest of hackers?’ Somehow I think that people in the anti-malware industry would have a quick, realistic answer to that.

With all this discussion of young hackers, I should disclose my own age bias. I’m old enough to remember the use of the word ‘hacker’ in a positive sense [6]. Each time I write the word ‘hacker’ in the popular, derogatory way, I involuntarily grit my teeth and twitch slightly. For those who can’t appreciate this particular quirk of mine, simply imagine the word ‘virus’ being used to describe all instances of malware as well as Grandma’s hard drive in need of a defrag.


[1] Xu, Z.; Hu, Q.; Zhang, C. Why Computer Talents Become Computer Hackers. Communications of the ACM 56(4), April 2013, pp.64–74.

[2] Gordon, S. The Generic Virus Writer. Proceedings of the 4th Virus Bulletin International Conference, 1994.

[3] Gordon, S. The Generic Virus Writer II. Proceedings of the 6th Virus Bulletin International Conference, 1996.

[4] Gordon, S. Understanding the Adversary: Virus Writers and Beyond. IEEE Security & Privacy, September/October 2006, pp.67–70.

[5] McHugh, J. A. M.; Deek, F. P. An Incentive System for Reducing Malware Attacks. Communications of the ACM 48(6), June 2005, pp.94–99.

[6] Hacker. Jargon File, version 4.4.7. E. Raymond, ed., 2003.



Latest articles:

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

Dissecting the design and vulnerabilities in AZORult C&C panels

Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified during the research.

Excel Formula/Macro in .xlsb?

Excel Formula, or XLM – does it ever stop giving pain to researchers? Kurt Natvig takes us through his analysis of a new sample using the xlsb file format.

Decompiling Excel Formula (XF) 4.0 malware

Office malware has been around for a long time, but until recently Excel Formula (XF) 4.0 was not something researcher Kurt Natvig was very familiar with. In this article Kurt allows us to learn with him as he takes a deeper look at XF 4.0.

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.