session 4. boundary issues of internet security chair: victor ralevich

Session 4.

Boundary Issues of Internet Security

Chair: Victor Ralevich

ComingSoon

to a computer near you

Damian Gordon

production

a

HACKERS AND

But first, a story

A Long, long time ago…

A Long, long time ago…

UNNAMED ORGANISATION

A Long, long time ago…

me

My boss

My boss’s boss

Owner

A Long, long time ago…

me

My boss

My boss’s boss

Owner

A Long, long time ago…

me

My boss

My boss’s boss

Owner

First task…

Create security policies for 17 companies

= bewilderment

Security Policy

Security Policy

Risk Analysis

How do you identify threats?

“…experience and imagination…”

- Pfleeger and Pfleeger

How do you identify threats?

“…experience and imagination…”

- Pfleeger and Pfleeger

Hacker Movies

The work

• This research seeks to identify whether or not movies are accurately portraying hackers, and the implications of that portrayal for new and non-technical managers.

Hacker vs Hacker

Data Collection

Grounded Theory

Six Principles

A hacker movie must feature a hacker in it, It’s insufficient to have an act of hacking in the

movie, the hacker must appear.

I

Not all cyberpunk movies can automatically be considered as hacker

movies.

II

Only Science Fiction movies that feature

recognisable hacker scenarios

should be included.

III

No animated movies will be considered.

IV

No movies will be considered whose sole focus is cryptography.

V

No hacker documentaries

will be considered, only movies.

VI

Resulting in…

The Two Cultures?

The Two Cultures?

The Two Cultures?

TwoCultures?

The Two Cultures?

TwoCultures?

When was the first hacker movie?

1950s

1960s

1970s

1980s

1990s

2000s

Would you believe?

1950s

1960s

1970s

1980s

1990s

2000s

1950s

1960s

1970s

1980s

1990s

2000s

FORCED INTO HACKING

INSIDER THREATS

SEQUELS

Comparing the movies to real life

In real life…Average age of a hacker?

5-15 years old

15-25 years old

25-35 years old

35-45 years old

45-55 years old

55-65 years old

In real life…Average age of a hacker!

5-15 years old

15-25 years old

25-35 years old

35-45 years old

45-55 years old

55-65 years old

In the movies…Age of Hackers

In real life…Occupations of hackers

• Mostly IT industry, with a few full-time hackers.

In the movies…Occupation of hackers

In real life…Insider versus outsider attacks

• Might be as high as 50/50

In the movies…

But…

• “teenagers sitting in their bedrooms ”

• “often high school or university students ”

1. Threat of destruction from US

2. Young hackers contacted by KGB

3. Monomyth

Conclusion

OK so what does that tell us

• Is it us or them?

• We need to make it clearer

???

Questions

???