You are here: Home Contents V3 N3 V3N3_Beebe.html
Personal tools

A Model for Predicting Hacker Behavior



Full text

Journal of Information System Security
Volume 3, Number 3 (2007)
Pages 320
ISSN 1551-0123
Nicole Lang Beebe — The University of Texas at San Antonio, USA
Jan Guynes Clark — The University of Texas at San Antonio, USA
Information Institute Publishing, Washington DC, USA




Unauthorized access to information systems (hacking) continues to plague businesses. Researchers have sought to characterize the motivation and “profile” of various types of hackers in an attempt to better understand their behavior and improve the defensive posture of businesses. Little research, however, has been conducted toward the development of a predictive model to categorize individuals as hackers or potential hackers. Doing so would help target scarce educational and investigative resources. The present study utilizes existing theory in an attempt to empirically develop a discriminant model to categorize an individual’s likelihood of engaging in illegal hacking behavior. The independent variables considered include age, gender, education level, professional status, and personal moral philosophy (Forsyth 1980). The dependent variable is behavior (measured by willingness to hack), mediated by attitude toward hacking. The empirical results reconfirm that demographic variables influence one’s willingness to hack. Personal moral philosophy, as indicated by one’s idealism and relativism, emerged as a significant predictor of one’s attitude toward the ethicality of hacking.




Hackers, Discriminant Analysis, Multinomial Logistic Regression, Personal Moral Philosophy, Ethics, Hacker Profile




Anonymous. (2007) “Newly Nasty; Cyberwarfare,” The Economist, 26 May, 2007.

Arief, B. and Besnard, D. (2003) “Technical and Human Issues in Computer-Based Systems Security”, Report No. CS-TR 790, University of Newcastle upon Tyne, Newcastle, UK, pp. 1-17.

Austin, R. D. and Darby, C. A. R. (2003) “The Myth of Secure Computing,” Harvard Business Review, June: 120-128.

Chantler, N. (1996) “The Profile of a Computer Hacker,” in Infowar, Florida.

Denning, D. (1998) Information Warfare & Security, Addison-Wesley, Reading.

Dhillon, G. and Backhouse, J. (2001) “Current Directions in IS Security Research: Towards Socio-Organizational Perspectives,” Information Systems Journal, 11:127-153.

Ellis, T. S. and Griffith, D. (2001) ”The Evaluation of IT Ethical Scenarios Using a Multidimensional Scale,” The DATA BASE for Advances in Information Systems, 32:75-85.

Fishbein, M. and Azjen, I. (1975) “Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research,” Addison-Wesley, MA.

Forsyth, D. R. (1980) ”A Taxonomy of Ethical Ideologies, Journal of Personality and Social Psychology,”  39:175-184.

Goode, S. and Cruise, S. (2006) “What Motivates Software Crackers?,” Journal of Business Ethics 65(2): 173-201.

Harrington, S. J. (1996) “The Effects of Codes of Ethics and Personal Denials of Responsibility on Computer Abuse Judgments and Intentions,” MIS Quarterly, 20:257-278.

Hollinger, R. (1988) “Computer Hackers Follow a Guttman-Like Progression,”  Social Sciences Review, 72:199-200.

Jones, T. M. (1991) “Ethical Decision Making by Individuals in Organizations: An Issue-Contingent Model,” Academy of Management Review, 16:231-248.

Landreth, B. (1985) Out of the Inner Circle, Microsoft Books, Redmond, WA.

Leonard. L. N. K., Cronan, T. P., and Kreie, J. (2004) “What Influences IT Ethical Behavior Intentions – Planned Behavior, Reasoned Action, Perceived Importance, or Individual Characteristics?,” Information & Management, 42: 143-158.

Loe, T. W., Ferrell, L. and Mansfield, P. (2000) “A Review of Empirical Studies Assessing Ethical Decision Making in Business,” Journal of Business Ethics, 25:185-204.

Marshall, K. P. (1999) “Has Technology Introduced New Ethical Problems?,” Journal of Business Ethics, 19:81-90.

Parker, D. (1998) Fighting Computer Crime: A New Framework for Protecting Information, John Wiley & Sons, Inc., New York.

Rogers, M. (1999a) “A New Hacker Taxonomy”, University of Manitoba, Winnipeg. Unpublished Master’s Thesis.

Rogers, M. (1999b) “The Psychology of Hackers: The Need for a New Taxonomy,”

Rubin, R. (1994) “Moral Distancing and the Use of Information Technologies: The Seven Temptations,” Proceedings of the ACM Conference on Ethics in the Computer Age, Gatlinburg, TN, pp. 151-155.

Schlenker, B. R. and Forsyth, D. R. (1977) “On the Ethics of Psychological Research,” Experimental Social Psychology, 13:369-396.

Singhapakdi, A., Vitell, S. J. and Frank, G. R. (1999) “Antecedents, Consequences, and Mediating Effects of Perceived Moral Intensity and Personal Moral Philosophies,” Journal of the Academy of Marketing Science, 27:19-35.

Sykes, G. M. and Matza, D. (1957) “Techniques of Neutralization: A Theory of Delinquency,” American Sociological Review 22(6) 664-670.

Trevino, L. K. (1992) “Moral Reasoning and Business Ethics: Implications for Research, Education and Management,” Journal of Business Ethics, 11(5-6):445-464.