Embed Size (px)
Citation preview
Hacker Taggers: A new type of hackers
Matthew Warren & Shona Leitch
Published online: 7 August 2009# Springer Science + Business Media, LLC 2009
Abstract Organisations often spend large sums of moneyto ensure that they are protected against the risks associatedwith online attacks. The perceived threats against organ-isations are well known and the losses can be easilyquantified. This perceived threat is usually portrayed by themedia as being the work of a hacker however little isknown about hacker subgroups, their rationale and ethicalviews. This paper focuses upon hacker subgroups and theiractivities and in particular the new hacker subgroupidentified as ‘Hacker Taggers’.
Keywords Hackers . Hacker Taggers . Australia and ethics
1 Introduction
Security is becoming a greater issue because more peopleuse the Internet, the number of potential targets can beconsidered to have increased. As more organisations rely onthe Internet and other networked systems to conduct theirbusiness activities the greater the potential for loss ordamage to organisational systems (Furnell 2002).
There has been a rise in computer misuse at a globallevel and it is generally thought that “Hackers” areresponsible for the majority of these attacks. Hackers areperceived as being adolescent males, in dark bedroomsbeing able to cause massive damage across the world justby the use of their computers. The impact of computerattacks are well known in terms of the damage that attacks
can cause including the loss of data, unavailability ofsystems or the corruption of data. Hackers use theirknowledge and their wits to maintain their anonymity(Wark 2004).
The term hacker could mean different things to differentpeople. Sometimes it denotes nothing more than thecompulsive computer programmer eager to spend allwaking hours working with the machine in another sense,hacking is used to denote criminal activity, the skilled useof a computer to perpetrate illegal acts of one sort oranother (Simons 1989). The problem is that computer abusehas the impact of damaging and limiting the developmentof the Information Society (Furnell and Warren 1996).
The potential threat to the Information Society, is thecrux of the problem, hackers are perceived as a singleentity, a single group who can harm the InformationSociety. The aim of this paper is to explore a particularsub group of hackers that the authors have identified anddescribe their actions.
This paper looks at hackers, their motivations andactions and the paper focuses upon a sub group of hackersknown as “Hacker Taggers” and their motivations andactions. The paper will use a number of case studies toshow the impact of “Hacker Taggers” and the paper makesa contribution by proposing a “Hacker Taggers” profile thatshows their rationale and relates this to the impact that theycould have upon the Information Society.
2 Hacking—a definition
According to Bruce Sterling in the book titled “The HackerCrackdown”, the term “hacking” is the act of intruding intocomputer systems by stealth and without permission(Sterling 1993). However, this name is used routinely today
M. Warren (*) : S. LeitchSchool of Information Systems, Deakin University,Burwood Campus,Melbourne, Victoria, Australiae-mail: [email protected]
Inf Syst Front (2010) 12:425–431DOI 10.1007/s10796-009-9203-y
by almost all enforcement officials with any professionalinterest in computer fraud and abuse to describe any crimecommitted with, by, through, or against a computer(Sterling 1993). Moreover, “hacker” is what computer-intruders choose to call themselves, not as a criminalpejorative, but as a noble title given to those “soakedthrough with heroic anti-bureaucratic sentiment” (Sterling1993). Hacking then, can describe the determination tomake access to computers and information as free aspossible. Hacking can involve the heartfelt conviction thatbeauty can be found in computers, that the fine aestheticin a perfect program can liberate the mind and the spirit(Levy 1984).
The usage of the term “Hacker” has changed over theyears and is now generally accepted as referring to personswho deliberately gain (or attempt to gain) unauthorisedaccess to computer systems. Caelli et al (1989) havedescribed ‘the computer hacker’ in the following ways:
& In programming, a computing enthusiast. The term isnormally applied to people who take a delight inexperimenting with system hardware (the electronics),software (computer programs) and communicationsystems (telephone lines, in most cases);
& In information security, an unauthorised user who triesto gain entry into a computer, or computer network,by defeating the computers access (and/or security)controls.
Some research has focused on determining the motiva-tion behind hackers. Chantler developed a profile whichdescribes the motivation of hackers. These common profilecharacteristics that define hackers are (Chantler 1995):
& Are loners;& Have poor social skills;& Have a low self-esteem;& Are intelligent, able to focus for extended periods;& Are young;& Are explorers, investigators, curious, analytical;& Have a strong desire to succeed;& Are obsessive, even addicted to computers;& Have poor communication skills;& Have lots of acquaintances which they never meet;& Enjoy a hierarchy amongst peers;& Exchange knowledge and information amongst
themselves;& Respect each other, popular with peers, subordinates
and; superiors and are secretly admired by the public.
Donn Parker (Parker 1976) highlighted that the individ-uals involved in computer crime in the 1960’s and 1970’swere employed as key punch operators or clerks in EDP(electronic data processing) organisations and that thecrimes were crimes of opportunity.
Steven Levy’s book Hackers: Heroes of the ComputerRevolution (Levy, 1984) suggests that hackers operate by acode of ethics. This code defines the main key areas as(Levy 1984):
& Hands On Imperative—Access to computers andhardware should be complete and total. It is assertedto be a categorical imperative to remove any barriersbetween people and the use and understanding of anytechnology, no matter how large, complex, dangerous,labyrinthine, proprietary, or powerful;
& Information Wants to Be Free—can be interpreted in anumber of ways. Free might mean without restrictions(freedom of movement = no censorship), withoutcontrol (freedom of change/evolution = no ownershipor authorship, no intellectual property), or withoutmonetary value (no cost);
& Mistrust Authority: Promote decentralisation—Thiselement of the ethic shows its strong anarchistic,individualistic, and libertarian nature. Hackers haveshown distrust toward large institutions, including, butnot limited to, the State, corporations, and computeradministrative bureaucracies;
& No Bogus Criteria—Hackers should be judged by theirhacking, not by ‘bogus criteria’ such as race, age, sex,or position;
& You can create truth and beauty on a computer—Hacking is equated with artistry and creativity. Further-more, this element of the ethos raises it to the level ofphilosophy;
& Computers can change your life for the better—In someways, this last statement really is simply an extension ofthe previous one. Since most of humanity desires thingsthat are good, true, and / or beautiful.
During the 1980’s, a brief text entitled The Conscienceof a Hacker, which is more widely known and refereed toas the Hacker Manifesto, was published. This was writtenin 1986 by a hacker who operated under the pseudonym ofthe ‘The Mentor’ (Furnell 2002). The Hacker Manifestoputs forward an individual’s rationale for the actions andmotivation of Hackers (Furnell et al 1999) and is one of thefew examples of a hacker justifying their being and actions.
During the 1980’s and 1990’s this pure vision of whathackers are was changed by the development of new groupswithin various aims and values. Mizrach (1997) states thatthe following individuals currently exist in cyber space:
& Hackers (crackers, system intruders)—These are peoplewho attempt to penetrate security systems on remotecomputers. This is the new sense of the term, whereasthe old sense of the term simply referred to a personwho was capable of creating hacks, or elegant, unusual,and unexpected uses of technology;
426 Inf Syst Front (2010) 12:425–431
& Phreaks (phone phreakers, blue boxers)—These arepeople who attempt to use technology to explore and /orcontrol the telephone system;
& Virus writers (also, creators of trojans, worms, logicbombs)—These are people who write code whichattempts to a) reproduce itself on other systems withoutauthorisation and b) often has a side effect, whether that beto display a message, play a prank, or destroy a hard drive;
& Pirates—Originally, this involved breaking copy pro-tection on software. This activity was called ‘cracking’.Nowadays, few software vendors use copy protection,but there are still various minor measures used toprevent the unauthorised duplication of software.Pirates devote themselves to thwarting these andsharing commercial software freely;
& Cypherpunks (cryptoanarchists)—Cypherpunks freelydistribute the tools and methods for making use ofstrong encryption, which is basically unbreakableexcept by massive supercomputers. Because Americanintelligence and law enforcement agencies, such as theNSA and FBI, cannot break strong encryption, pro-grams that employ it are classified as munitions. Thus,distribution of algorithms that make use of it is a felony;
& Anarchists—are committed to distributing illegal (or atleast morally suspect) information, including, but notlimited to, data on bomb making, lock picking,pornography, drug manufacturing, and radio, cable andsatellite TV piracy;
& Cyberpunk—usually some combination of the above,plus interest in technological self-modification, sciencefiction and interest in hardware hacking and ‘streettech’.
More recent research has not focused upon hacker sub-groups but more generally upon hacker capability (Parker etal. 2004):
& Will the attacker actually initiate an attack against thetarget?
& What is the adversary’s capability and motivation?
One key trait of all hackers, is that they tend not to takelaw enforcement seriously (Thomas 2002). A future issue,will be the global access to the Internet by an increasingnumber of users, this could have a dramatic impact uponthe number of hacking incidents (Furnell 2004).
2.1 A national focus—Australian hackers
In terms of the paper, we have discussed the impact ofhacking at a generic level, this section of the paper willfocus upon a particular country, Australia.
Research in the early nineties within Australia showedthat computer crime and hacking was becoming a seriousproblem. Victoria was the first Australian state to imple-ment State laws to outlaw hacking in 1988, the Common-wealth followed in 1989 (Hughes 1990) and were updatedin 2001 (Bronitt and Gani 2003). An analysis of computercrime in 1991, showed that within Australia between 1990and 1991 there had been 497 computer abuse incidents and31 incidents related to hacking (around 6% of incidents)(Kamay and Adams 1992). Research at this time alsoindicated Australian perception towards computer crimewas influenced by cultural precedents (Coldwell 1995).Other studies at this time also looked at the Australianperception of Computer Crime, a study was undertakenlooking at teachers’ perception of hacking and found from asample group that 60.2% thought hacking was unacceptableand 39.8% thought hacking was acceptable (Coldwell1994). In 1997 “Underground” was written which de-scribed the history of Australian hackers during the earlynineties as well as the development of the “W*nk virus”and the “plans” to destroy NASA computer systems(Dreyfus 1997). Since that time the Australian hackingcommunity has disappeared, no well known Australianhacking groups or even Australian hacking conventionsoccurred. The only large Australian hacking group was“2600 Australia”; this group was based upon the famousUS hacking group 2600. The philosophy of 2600 Australiawas “2600 Australia is a loose-knit group of peopleinterested in computer security, electronic gadgetry, com-munications and just technology exploration in general”and in terms of their activities can be best described as acomputer club. But the “2600 Australia” group was only inexistence between March 1999 and November 2002 and thegroup ended because of a lack of interest and lack ofmembers and at the end they had 700 subscribers to theirmailing lists (ZDNET 2002).
The most notorious Australian hacking case wasconcerned with sewage. In October 2001, Vitek Bodenwas convicted of 30 charges involving computer hacking ofthe Maroochy Shire Council sewerage system. The attacks,which commenced in late 1999, involved using remoteradio transmissions to alter the actions of the seweragepumping stations and caused hundreds of thousands oflitres of raw sewage to be pumped into public waterways(Kingsley 2002).
3 Hacker Taggers
The authors have identified a sub group of hackers, whohave become more prevalent since the early 2000’s. Thisgroup is defined by the authors as “Hacker Taggers”, thesehackers deface websites with the sole intention of leaving a
Inf Syst Front (2010) 12:425–431 427
“Hacker Tag” or “calling card” behind. This “tag” isupdated against their score and their score is updated intheir hacking related competition, this is discussed furtherin Case Study 1. These hackers see hacking as acompetition, they do not aim to steal data, disrupt theoperation of online services, only to leave a “tag” behind.The media has often misreported these activities as masshacking or in some cases, cyber terrorism.
An example of a Hacker Tagger attack is shown inFig. 1, in this case an attack upon a UK website, TheSamaritans website. The attack was successful and thehacker did not even interrupt the operation of the site, theyjust left their Hacker Tag (or mark) on the site (see theHacker Tag at the bottom of Fig. 1).
This section of the paper will focus upon the ethicalviews of this new hacking sub group and the impact thatthey have caused by analysing a number of case studies.
3.1 Case Study 1—a global impact
In terms of researching hackers, one of the most difficultaspects is obtaining quantifiable data. The data used in thefollowing case studies was taken from a website Zone-H(www.zone-h.org), this site contains an archive of websitedefacements and the associated data related to the deface-ments for the period 1999 to the present day.
An interesting aspect of the Zone-H website is that aswell as containing an historical archive of website deface-ments, it also contains a league table of hackers who havedefaced websites and their position (or standing) within that
group. The site records the date of the attack, the attacker,the attack type, the domain attacked, the operating systemof the web server and a mirror image of the tag that was lefton the attacked website.
In 2006, the site listed the top fifty hackers who haddefaced 13,269 websites. The top five hackers are shown inTable 1.
Another aspect of the Hacker defacement is that some ofthe hacker’s defacements are politically motivated, this isshown by the fact that they choose government websites toattack and leave their tag on that site. In some cases apolitical tag is left behind, but often a normal tag is leftbehind and the embarrassment is caused by the mediareporting the case. This is described further in Case Study 3within this paper. The political hacking has been describedas being different to hacking the new definitions describepolitical hacking as Cyber Activism (McCaughey andAyers 2003), Internet Activism (Meikle 2002) and Com-puter Hackactivism (Himanen 2001).
In terms of the 2006 analysis of the Zone-H website, ofthe top fifty hackers 2178 attacks were politically motivat-ed, these attacks relates to 16% of the overall tag attacksbeing undertaken, the top 5 politically motivated hackersare shown in Table 2.
During 2009, the Zone H site was restructured and themanner in which the data was presented was changed, theleague tables have been removed and information relatingto politically motivated Hacker defacements has also beenremoved. The information about individual hackers and theattack details are still included.
Fig. 1 A successful HackerTagger attack
428 Inf Syst Front (2010) 12:425–431
For the period 1999–2009 the Zone H website reportsthat it contains archive information about 3,140,294 attacks,this is at the rate of 314,029 attacks per year.
It is not possible to determine the Top 5 hackers or Top 5politically motivated hackers in 2009 but it is possible tocompare the individual performances of the Top 5 hackersidentified in 2006 against their performance in 2009, thisdata is presented in Table 3.
What is of interest when looking at Table 3 is the scaleof the increase over the time period. Some the Hackers havehad moderate increases, e.g. Dark-underground with anincrease of 68% of attacks over a three period and othershave had dramatic increases, e.g. Command Tribulationwith an increase of 11,173% in attacks over a 3 year period.This does raise the question of whether we are discussingindividual hackers or groups of hackers. This is aconsideration that is discussed in Case Study 2.
The outcome of Case Study 1 shows the global impact ofthe Hacker Taggers and the magnitude of their impact in avery short time period, e.g. Command Tribulation with anincrease of 11,173% in attacks over a 3 year period.
3.2 Case Study 2—a national study
Case Study 1 focused upon the impact of Hacker Taggersfrom a global perspective, this case study looks at theimpact of Hacker Taggers upon a single country, in thiscase Australia.
Australia is a federation of states and territories. Thestates within Australia are New South Wales (NSW),Queensland (QLD), South Australia (SA), Tasmania(TAS), Victoria (VIC), and Western Australia (WA). Thetwo territories within Australia are the Northern Territory(NT) and the Australian Capital Territory (ACT).
Data was extracted from the Zone H website relating toHacker Tagger attacks on Australia and in particular uponAustralian government websites, with the domain gov.au.During the period between 1999 and 2009 there had been517 attacks upon Australian Government websites, thisrelates to about 52 attacks per year. The analysis alsoshowed that 172 Hacker Taggers were behind the attacksand one Hacker (SuZuki) was responsible for over 50attacks.
The data of the attacks was analysed based upon thelevel of government concerned, the criteria was:
& Federal—Australian Federal Government and FederalGovernment bodies;
& State Government—State Government and State Govern-ment bodies;
& Local Government—Local councils or shires or localutility organisations.
The breakdown of the analysis by criteria is shown inTable 4.
What is of interest is the number of attacks against localand state government websites. Further analysis of the dataon the State sites attacks are shown in Table 5:
As expected the smaller territories recorded a lowernumber of attacks, of interest is a higher than expectednumber of attacks against Western Australian State govern-ment websites.
An analysis of the attacks show that some high profilesites were attacked e.g. Federal Department of Broadband,Air Training Corp, Federal Department of Communicationsand the Digital Economy, Queensland State Parliament,Chief Minister of the ACT but the majority of the sitesattacks were less important Federal and State governmentsites, this may imply that the security in place is notcurrently of the highest level.
An outcome of the attacks was a single conviction of oneof the Hacker Taggers attackers. An Italian court sentenceda group of Hacker Taggers (four adults and two minors) forattacking websites across the world including Australianwebsites (O’Grady 2006), namely the Air Training Corpwebsite and the Queensland State Parliament website. Whatis of interest is that the Hacker Tagger was named Hi-TechHate, which according to Zone H was responsible for 914attacks and of further interest is that the Hacker Tagger wasnot a single hacker but a group of hackers.
In terms of the Case Study, the important feature is that itshows the magnitude and scope of the attacks against anindividual country and also that a group of hackers areacting as individual Hacker Taggers.
Table 2 Total number of politically motivated Hacker defacements(2006)
Position Hacker name (Tag) Number of defacements
1 Chinahacker 419
2 dark-underground 244
3 NobodyCoder 230
4 aneurysm.inc 162
5 Command Tribulation 161
Table 1 Total of Hacker defacements (2006)
Position Hacker name (Tag) Number of defacements
1 Chinahacker 1199
2 Fatal Error 857
3 D.O.M 588
4 OutLaw 583
5 Red Eye 578
Inf Syst Front (2010) 12:425–431 429
3.3 Case Study 3—analysis of a single attack
In 2005, the Chief Minister of the Australian CapitalTerritory (ACT) caused controversy by posting the AustralianFederal draft counter-terrorism legislation on his websitewithout the approval of the Federal Government (TheAge 2005).
On November 1, 2005 the website of the ACT ChiefMinister (www.chiefminister.act.gov.au) was hacked by aHacker Tagger and a hacker tag was left in its place. Thewebsite was altered with the message “Fatal Error was hereohh yeahh let’s go! irc.gigachat.net #Ferror” (SydneyMorning Herald 2005).
The ACT chief minister’s website was offline for a dayand the matter was reported to the Australian Federal Police(Computer World 2005). This incident was widely reportedby the Australian media and the attack was linked to therelease of the Australian Federal draft counter-terrorismlegislation (Sydney Morning Herald 2005).
The ACT government responded to the attack byassuming that the attack was politically motivated (ACTGovernment 2005):
Chief Minister Jon Stanhope has asked the AustralianFederal Police to investigate sabotage of his website,on which the draft anti-terrorism legislation andassociated pieces of legal advice had been posted.
In terms of this case study, what is of great interest ishow the ACT government and the Australian media reactedto the incident and presumed it was politically related andnot just a simple case of a Hacker Tagger. Thomas (Thomas2002) puts forward a possible rationale for their views, that
the reaction to hacking and hackers can be understood as abroader reaction to the threat of technology.
4 Hacker Tagger profile
Based upon the case studies and the discussion of casestudies, the authors have analysed the activities of theHacker Taggers and put forward an initial profile thatrelates to their activities. This profile identifies that they:
& Are very competitive, e.g. based upon Zone H reports;& Have a strong desire to succeed e.g. based upon Zone H
reports;& Exchange information amongst themselves, e.g. suc-
cessful defacements;& Cause minimal damage to websites or no damage to
websites (as shown by Fig. 1);& Rely upon media reports to cause political damage or
embarrassment.& Could be an individual or a number of hackers.
This profile could be used by law enforcement agenciesor forensic investigation teams to help identify the activitiesof Hackers Taggers and help understand their rationalewhich is very different to the rationale of conventionalhackers.
2006 2006 2009 % increase
Position Hacker name (Tag) Total no of attacks Total no of attacks
1 Chinahacker 419 4694 1020%
2 dark-underground 244 411 68%
3 NobodyCoder 230 8130 3435%
4 aneurysm.inc 162 630 289%
5 Command Tribulation 161 18149 11173%
Table 3 Comparison of Hackerdefacements (2006–2009)
Table 5 Total number of attacks against Australian state governmentswebsites (by location)
State No of attacks % attacks
ACT 8 4%
NSW 42 20%
NT 3 1%
QLD 23 11%
SA 41 20%
TAS 4 2%
VIC 17 8%
WA 70 34%
Total no of attacks 208
Table 4 Total number of attacks against Australian governmentwebsites (by sector)
Level of government No of attacks % attacks
Federal 60 12%
State 208 40%
Local 249 48%
Total no of attacks 517
430 Inf Syst Front (2010) 12:425–431
5 Conclusion
Whether we like it or not, the information society has asignificant (and increasing) dependence upon informationtechnology. This paper has sought to suggest that, as aresult of this, we face a number of new immediate andlong-term security threats that need to be recognised inorder for protective action to be taken.
This paper has identified a new sub groups of hackers,namely Hacker Taggers and through the case studies haveshown the impact that they have caused. The impact wasevaluated at a global level, national level and through ahigh profile individual example. The outcome of theevaluation was the development of a profile that describesthe rationale and activity of Hacker Taggers. The paper hasalso highlighted that Hacker Taggers can act as individualsor as members of groups.
The long term issue posed by Hacker Taggers is stillunknown, but in the short term we have seen that this subgroup will have a global impact, only time will demonstratehow severe this impact will be.
Acknowledgement This paper was presented at ETHICOMP 2008conference and was updated based upon the feedback received.
References
ACT Government. (2005) Press Release: Sabotage of Chief Minister’sWebsite, 1st November, http://chiefminister.act.gov.au/media.php?v=3871&m=51&s=33, Accessed 15th November, 2008.
Bronitt, S., & Gani, M. (2003). Shifting boundaries of cybercrime:From computer hacking to cyber-terrorism, Journal of CriminalLegal Justice. Australia: Lawbooks.Co.
Caelli, W., Longley, D., & Shain, M. (1989). Information security formanagers. New York: Stockton.
Coldwell, R. (1994). Perceptions of computer crime, conferenceproceedings crime against business (Australian Institute ofCriminology). Australia: Canberra.
Coldwell, R. (1995) Australian attitudes toward legal intervention intohacking. Communications of the ACM, Vol 38, No 11.
Computer World. (2005) ACT Chief Minister targeted by hackers,November, 1st, http://www.computerworld.com.au/index.php/id;1349625640;fp;16;fpid;0, Accessed May, 2008.
Chantler, A. (1995) Risk: The profile of the computer hacker, PhDThesis, Curtin Business School, Australia.
Dreyfus, S. (1997). Underground hacking, madness and obsession onthe electronic frontier. Australia: Random House.
Himanen, P. (2001). The hacker ethic and the spirit of the informationage. UK: Random House.
Hughes, G. (1990). Computer crime: the liability of Hackers.Australian Computer Journal, 22(2), May. http://www.samar-itans.org.uk
Furnell, S. (2002). Cybercrime: Vandalizing the information society.London: Addison-Wesley.
Furnell, S. (2004). Hacking begins at home: Are company networks atrisk from home computers? Computer fraud and security, 2004(1), 4-7, January 2004.
Furnell, S., & Warren, M. J. (1996). Computer abuse: Vandalising theinformation society, Internet research Vol 7, No 1. UK: MCB.
Furnell, S., Dowland, P. S., & Sanders, P. (1999). Dissecting the‘Hacker Manifesto’, Information management and computersecurity Vol 7, No 2. UK: MCB.
Kamay, V., & Adams, T. (1992). The 1992 profile of computer abusein Australia, ACARB (Centre for Computer Abuse research atRMIT). Australia: Melbourne.
Kingsley, P. (2002) Queen v Boden, ACISP 2002 Forensic ComputerWorkshop, Melbourne.
Levy, S. (1984). Hackers: Heroes of the computer revolution. London:Penguin.
McCaughey, M., & Ayers, D. (2003). Cyberactivism: Online activismin theory and practice. London: Routledge.
Meikle, G. (2002). Future active: Media activism and the internet.London: Routledge.
Mizrach, S. (1997) Is there a Hacker Ethic for 90s Hackers? http://www.fiu.edu/∼mizrachs/hackethic.html, Accessed 10th Jan, 2008.
O’Grady, D. (2006) Italians jailed for breaching Australian defencewebsite, Sydney Morning News, July 12th.
Parker, D. (1976). Crimes by computer. USA: Scribner.Parker, T., Devost, M., Sachs, M., Shaw, E., & Stroz, E. (2004). Cyber ad-
versary characterization: Auditing the hacker mind. USA: Syngress.Simons, G. (1989). Viruses, bugs and Star Wars. UK: NCC Blackwell.Sterling, B. (1993). The Hacker crackdown: Law and disorder on the
electronic frontier. USA: Mass Market Paperback.Sydney Morning Herald. (2005) Hackers shut down Stanhope
website, November 1st, http://www.smh.com.au/news/national/hackers-shut-down-stanhope-website/2005/11/01/1130720534395.html, Accessed 15th May, 2008.
The Age. (2005). Leaking minister in dog house, October 22nd, http://www.theage.com.au/news/war-on-terror/leaking-minister-in-dog-house/2005/10/21/1129775962082.html, Accessed 15th May, 2008.
Thomas, D. (2002).Hacker culture. USA: University of Minnesota Press.Wark, M. (2004). A Hacker manifesto. USA: Harvard University Press.ZDNET. (2002). Australian Hacking group closes its doors, Novem-
ber 18th, http://www.zdnet.com.au/news/security/soa/Australian-hacking-group-closes-its-doors/0,130061744,120270013,00.htm,Accessed 15th May, 2008.
Matthew Warren is the Head of School and a Professor in the Schoolof Information System, Deakin University, Australia. He has a PhD inInformation Security Management from Plymouth University, UK andduring that time worked on several large European Union researchprojects. Professor Warren has received research funding awards fromnational/international funding bodies: Australian Research Council(ARC), Engineering and Physical Sciences Research Council(EPSRC) in the UK, South African Research Foundation and theEuropean Union. Professor Warren has published in theareas ofInformation Security, Risk Analysis, eBusiness, Information Warfareand Critical Infrastructure Protection. He has authored/coauthoredover 225 books, book chapters, journal papers and conference papers.Professor Warren is the former Chair of IFIP TC 11 Working Group11.1 - Security Management and a former Director of the AustralianInstitute of Computer Ethics. Professor Warren has taught withinAustralia, Finland, Hong Kong and the UK.
Shona Leitch is a Lecturer in the School of Information Systems,Deakin University at the Burwood campus. She joined the School ofInformation Systems in 2004. Shona is originally from Scotland,emigrating to Australia in 1998. She obtained her BSc(Hons) in 1997from the University of Plymouth in Psychology/Computing. Her mainteaching and research focus is the area of Systems Analysis andDesign. She has taught various units on this subject. She completedher PhD entitled “A Systems Analysis Method for Online Teachingand Learning Systems” in 2008 at Deakin University. She haspublished over 30 papers, in books, journals and conferences, in theareas of systems analysis, online teaching and information security.
Inf Syst Front (2010) 12:425–431 431
