Today’s technological revolution continues to transform the conduct of business and has tremendous impacts in the workplace by shaping work and industrial relations (Jacobs, 2002). This current information technology revolution has brought new system trajectories of interrelated and interdependent systems which continue to expand together with a multitude of feedback loops in both technologies and markets through the use of the internet (Perez, 2010). Additionally, with the rise of the Internet of Things there has been an accelerated growth of versatile devices peaking over the seven billion mark and will continue to rise in the upcoming years (Lueth, 2018). However, these advancements have also brought new emerging threats and forms of criminal activity and behaviour such as ‘hacking’.
Leeson (2005) refers to hacking as several activities ranging from “breaking passwords, creating logic bombs, e-mail bombs, denial of service attacks, writing and releasing viruses and worms,” and any other behavior that involves accessing a system without appropriate authorization. As a result of this, those who engage in such activities have been coined as hackers. Hackers can just as well be on the other side of the world as across the street and can be anyone (Hundley, & Anderson, 1997). It’s a type of cybercrime that is here to stay and knows no limits to geographic boundaries; it also obscures criminal jurisdictions (Grimes, 2016). To better understand these individuals we must examine social science criminological theories and explore their fundamental principles to infer which has the strongest validity.
Routine Activities Theory
One of the most empirically supported theories to explain various forms of victimization is the routine activities theory. The theory revolves around the concept that victimization occurs when there is a motivated offender, a suitable target, and the absence of a capable guardian where all three converge in time and space (Holt & Bossler, 2006). This can directly relate to crimes such as computer hacking in many forms. There are plenty of online offenders, instilled and rampaged by a wide range of motivational factors such as emotions, and monetary gain. Similarly, there’s a multitude of targets such as computers, networks, and individual users who have guardian actors such as antivirus, firewalls, and computer skills (Holt & Bossler, 2006). Holt & Bossler (2006) also explain that it can be applied to situations such as those of network intrusions. However, I’m of the opinion with that of Yar which promotes the idea that the internet is spatio-temporally disorganized environment, and all three elements do not always converge at the same time and space (Holt & Bossler, 2006). Moreover, Leukfeldt & Yar (2014) also argue that this theory focuses too much on a variety of crimes ranging from viruses to fraud, and other studies focusing specifically on one show different outcomes. Hence, this makes it too difficult to generalize results.
General Strain Theory
Holt & Bossler (2006) also make a note of the general strain theory which argues “that individuals may engage in crime as a result of exposure to strain”. This revolves around the idea that negative emotions such as anger may actually lead individuals to cope with their problems through crime or deviance. Negative emotions may lead to a lashback, and this explains a lot of the online venting that is directed at others. In fact, Lianos & McGrath (2018) found good evidence to support the efficacy of this in relation to Cyberbullying. Holt & Bossler (2006) also point out that computer hacking may be explained by stress and negative emotions, but what we must remember is that not all hacking crimes are done or have been led due to this state of mind. In fact, hacking requires critical thinking to approach the designated target in a logical and practical manner (Antonic, 2015). Ultimately, the general strain theory is more applicable to those crimes which fall under cyber violence, and deviance (Hay, Meldrum, & Mann, 2010).
General Theory of Crime
The general theory of crime is another popular theory in criminology. The theory suggests that the level of control on an individual from both internal and external sources varies, and so it allows them to feel free from social conventions and restrictions. Individuals with low self control have characteristics such as preferences for impulsive acts, self-centered acts, simple and easy acts, physical acts, non-frustrating acts, and risk-taking behaviors (Higgins, Fell, & Wison, 2007). As a result of this, criminal behavior is an extension of one’s own level of self-control, or the ability to constrain one’s behaviour through internal regulation (Holt & Bossler, 2016). While this may be true for many hackers, the fact remains that every individual will have their own reasons and motivations as to why they perform certain behaviors (Crossler, Johnston, Lowry, Hu, Warkentin, & Bakersville, 2012). Moreover, according to Gordon & Ma (as cited in Udris, 2016) previous studies have found no connection between self-control and hacking intentions.
Social Learning Theory
Lastly, the theory which I feel supports and highly validates many reasons behind hacking is the social learning theory. The social learning theory essentially states that the probability that a person will engage in criminal and deviant behavior is increased and decreased when they associate with others who commit criminal behavior and espouse definitions favorable to it. The exposure to in person or symbolical criminal / deviant models further instills desirable and justified behaviours which anticipate greater rewards than punishments (Ontario Ministry of Children Community and Social Services, 2016). In essence, it asserts that behaviors can be learned by observing others and it can be reinforced or punished by the consequences it generates.
Holt & Bossler (2016) concisely summarize the four principal components that Akers initially included as aspect of operant conditioning and reinforcements: (1) differential association; (2) definitions; (3) differential reinforcement; and (4) imitation.
- Differential Association - refers to the interactions between individuals which has influences on their behaviors and attitudes. These may be favorable to criminal acts and vary on frequency, attitudes, duration, and priorities of the interaction (Sellers & Winfree, 2010). This can be applied to the realms of cyberspace since many of the individuals who engage in hacking are often associated with other computer criminals (Rogers, 2004). These gatherings and associations often take place via chat rooms, conferences, forums, electronic associations, and online groups which build the subculture of ‘hackers’. Similarly, there are onsite meetup such as the yearly Black Hat and Defcon gathering conferences whereby individuals exchange knowledge, tools, techniques, skills, and their personal stories (Ng, 2019). These interactions have heavy influence on individuals who associate with deviant and possibly criminal individuals. Sharma (2007) states that these might be reinforcing factors that reinforce hacking alongside with the overall fame by focused media attention.
- Definitions - determine if an individual considers an act as right or wrong, desirable or undesirable, justifiable or unjustifiable. So if an individual holds favorable paths to certain criminal definitions then they are more likely to engage in criminal behavior (Phillips, 2015). In the realms of hacking which heavily defines the exploitation of information, many model the behaviors of other hackers since they tend to imitate the rationalizations, justifications, excuses and other attitudes that define the commision of “hacking” community.
- Differential Reinforcement - Phillips (2015) describes this aspect of the social learning theory as the relationship between anticipated and actual rewards and punishment which follows the engaged behavior. In essence, if someone committing deviant and criminal acts is rewarded the he/she will continue the pattern, otherwise it tends to minimize. While many may have the perspective of hackers as solitary individuals with underdeveloped socials skills, research has empirically proved that these individuals seek affiliation and recognition by peers (Sharma, 2007). Sharma (2007) points out interesting cases, the first whereby the infamous Kevin Mitnick who penetrated a company’s system was then hired by the company. The next, whereby an Israeli youth who attacked the US military networks was praised by his Prime Minister and then later given a lucrative contract by a European computer manufacturer. Cases like this heavily influence the hacking subculture. Even when there are punishments, not all are standard or equal in punishment for the crimes committed. Take for instance in Canada, the average sentence for youths is an alternative measure while adults may get a conditional discharge (Sharma, 2007).
- Imitation - This refers to observing the behaviors of others and engaging in them (Phillips, 2015). Thus, when individuals associate themselves with hackers, embrace their rationalizations, definitions, and are rewarded or unpunished accordingly then they begin to engage in similar behaviors after either direct or indirect observation of similar hacking and criminal behaviors.
While many criminology theories touch basis on cybercrime, such as hacking, the social learning theory seems to be more on parallel grounds with its core justification and rationale. It institutes that behavior can be learned through observing other people’s actions, and once learned it may be reinforced or punished by the outcome of its consequences. Unlike other theories which only touch some areas of either intrinsic or extrinsic motivational factors, the social learning theory delves deep into both elements. This affirms that the hacking behavior may well be due to complex reinforcements of both factors. Additionally, the theory is very direct in explaining how such criminal behaviors are acquired and then maintained or lost through rewards or punishments. Ultimately, hackers learn and improve their skills through exchange of information between different parties, and this criminal behavior is either maintained or lost through complex reinforcements and punishments through the life of the individual (Sharma, 2007).
Antonic, V. (2015). Critical and Creative Thinking in a Hacker’s Work. Retrieved from https://hackaday.com/2015/12/15/critical-and-creative-thinking-in-a-hackers-work/
Crossler, R., Johnston, A., Lowry, P., Hu, Q., Warkentin, M., & Bakersville, R. (2012). Future Directions for Behavioral Information Security Research. Retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2173644
Grimes, R. (2016). Why It’s So Hard To Prosecute Cyber Criminals. Retrieved from https://www.csoonline.com/article/3147398/why-its-so-hard-to-prosecute-cyber-criminals.html
Hay, C., Meldrum, R., & Mann, K. (2010). Traditional Bullying, Cyber Bullying, and Deviance: A General Strain Theory Approach. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.918.5698&rep=rep1&type=pdf
Higgins, G., Fell, B., & Wison, A. (2007). Low Self-Control and Social Learning in Understanding Students’ Intentions to Pirate Movies in the United States.
Holt, T.J., & Bossler, A. (2016). Cybercrime in Progress: Theory and Prevention of Technology-Enabled Offenses. Milton Park, Abingdon, Oxon: Routledge
Hundley, R., & Anderson, R. (1997). Emerging Challenge: Security and Safety in Cyberspace. In Toffler A. & Toffler H. (Authors) & Arquilla J. & Ronfeldt D. (Eds.), In Athena's Camp: Preparing for Conflict in the Information Age (pp. 231-252). RAND Corporation. Retrieved from http://www.jstor.org/stable/10.7249/mr880osd-rc.15
Leukfeldt, E., & Yar, M. (2014). Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical Analysis. Retrieved from https://www.tandfonline.com/doi/full/10.1080/01639625.2015.1012409
JACOBS, D. (2002). The Internet and the Workplace: Introduction to a Technological Revolution. Perspectives on Work, 6(2), 4-5. Retrieved from http://www.jstor.org/stable/23271990
Leeson, P. (2005). The Economics of Computer Hacking. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.121.7218&rep=rep1&type=pdf
Lueth, k. (2018). State of the IoT 2018: Number of IoT devices now at 7B – Market accelerating. Retrieved from https://iot-analytics.com/state-of-the-iot-update-q1-q2-2018-number-of-iot-devices-now-7b/
Ng., A. (2019). How to Prepare for the World’s Largest Hacker Fest. Retrieved from https://www.cnet.com/news/how-to-prepare-for-the-worlds-largest-hacker-fest/
Ontario Ministry of Children Community and Social Services. (2016). Social Learning Theories. Retrieved from http://www.children.gov.on.ca/htdocs/English/professionals/oyap/roots/volume5/chapter08_social_learning.aspx
Perez, C. (2010). Technological revolutions and techno-economic paradigms. Cambridge Journal of Economics, 34(1), 185-202. Retrieved from http://www.jstor.org/stable/24232030
Udris, R. (2016). Cyber Deviance Among Adolescents and the Role of Family, School, and Neighborhood: A Cross-National Study. Retrieved from https://www.cybercrimejournal.com/Udrisvol10issue2IJCC2016.pdf
Phillips, E. (2015). Empirical Assessment of Lifestyle-Routine Activity and Social Learning Theory on Cybercrime Offending. Retrieved from http://vc.bridgew.edu/cgi/viewcontent.cgi?article=1024&context=theses
Rogers, M. K. (2004). A social learning theory and moral disengagement analysis of criminal computer behavior: an exploratory study. Ottawa: National Library of Canada = Bibliothèque nationale du Canada.
Sellers, C. & Winfree, L. (2010). Akers, ronald l.: social learning theory. In F. T. Cullen & P. Wilcox (Eds.), Encyclopedia of criminological theory (Vol. 2, pp. 22-29). Thousand Oaks, CA: SAGE Publications Ltd. doi: 10.4135/9781412959193.n6
Sharma, R. (2007). Peeping Into a Hacker’s Mind: Can Criminological Theories Explain Hacking?. Retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1000446
published by Alberto J. Matus