Not all hackers are the same: from the chicken thief to the modern Cyber-Arsenio Lupin

Security Awareness
6 June 2022

The history and the evolution of a legendary profession

Knowledge and use of social engineering are at the base of its change

There are hackers and hackers. Or, to put it this way: even among cybercriminals, you can find an Arsenio Lupin or a chicken thief. We’re talking about a “profession” that presents, in its practicality, many differences, both in method and in objective. And for those who want to defend themselves from these skilled professionals, it can be helpful to have some extra knowledge about their varied typologies.

Let’s begin with brief etymological and “historical” notes. The word “hacker” derives from the English verb “to hack,” which in computer science means to attack and illegally access, and officially appeared in 1980 in an article published in Psychology Today entitled: “The Hacker Papers,” in which it discusses the addiction resulting from the use of computers. The road is wide open: two years later, the movie Tron comes out, telling the story of a hacker who owns an amusement arcade, where his physical body is transformed into a digital form by a pirated software named Master Control which forces him to participate in gladiator-style games and to team up with a figure from a computer program.  

Hackers in the cinematographic imaginary 

The following year saw the release of the unforgettable War Games, starring a genial teenager who enters the U.S. secret military program and interacts with the artificial intelligence (AI) system, triggering actions that could spark a nuclear war between the U.S. and the Soviet Union. In ’85, it is the time of Prime Risk when a woman engineer and her friend discover a way to scam ATMs. In doing so, however, they realized that they could destroy the U.S. Federal Reserve.

Since then, the list of films with such a subject has gotten really long. It has passed through must-see milestones for fans, such as The Matrix (1999), Hackers (1995), The Lords of Fraud (1992), The Italian Job (2003), Citizenfour (2015) all the way to Silk Road, released in 2021, which tells the story of the anonymous dark web marketplace that was launched in early 2011 by Ross Ulbricht, who was jailed for life after an FBI operation shut down Silk Road, the site that lends its name to the film, considered the “Amazon of narcotics.” 

In short, the topic is exciting, intriguing, and highly up-to-date. Books are written about it, films are shot, and even the news is brimming with stories linked to raids on information systems. Just think of the case of Julian Assange, founder of Wikileaks, on which both public opinion and entire countries are still divided. Because what is at stake is not only the life of a hacker but also delicate geopolitical balances and the affirmation of essential values, such as freedom of expression and its limitations. Undoubtedly, a character like Assange, regardless of what you think, will remain in the history books as a legendary figure of recent years.

Being a hacker by trade

All this to say that being a hacker is still a job that has a massive appeal in the imagination of many. Also, there are criminal hackers, also called crackers or black hat, and those (white hat) who do it for a good purpose or to protect the security of a country, a company, or an organization. In short, the subtleties are many, and each
one can choose the one that resembles him more.  

After all, it’s enough to be an IT expert and jump into the Network, isn’t it? Well, in reality, the issue is much more complex than that. Or better, to be a “chicken thief” doesn’t take much. All you need to do is find a way to get malware into the victim’s computer, simply by blackmailing them to spread unpleasant information on their account through social networks or stolen email addresses. This stuff is a bit outdated, but you can always find someone who falls for it and pays a ransom. Fast money and that does not require a big commitment. However, suppose you raise the ambition level and aspire to a more intriguing challenge and more substantial earnings. In that case, social engineering comes into play, which requires a precise and accurate selection of the victim and a thorough knowledge of them.

Social engineering: an actual psychological manipulation

The term social engineering has its origins in the social Sciences. It refers to any attempt by significant players in the change process (e.g., media, the government, or private groups) to influence or shape people’s behavior. Today, the term is closely related to cybersecurity. In the cyber world, it translates into using methods that have nothing to do with technology but are more “social” and serve to make contact with a victim: after having studied them carefully and evaluated their behavior, bring them, through psychological manipulation, to share important personal information.  

For example, the actual victim maybe the manager of a big company, but the person manipulated is his son, who, in a totally unknowing way, becomes friends on the net with a boy of his same age (or supposedly so) with whom he exchanges documents, links or attachments that have as their real target the father’s computer.

The modern-day Arsenio Lupin moves between technical knowledge and
psychological mechanisms. 

A social engineering attack advances in stages. First of all, the research: the cybercriminal carefully analyzes the victim’s behaviors, habits, and preferences to gain their trust and get in touch with him/her. This is then followed by the actual technical phase, which will be different depending on the psychological and social profile of the person to be targeted. It may take several weeks before results are obtained, but they will be much more beneficial than those obtained from “trivial” malware attacks.

In short, we are talking about highly specialized, technical knowledge but certainly with a multidisciplinary approach, creativity, geniality, understanding of reality, and psychological mechanisms. Defending yourself from all these skills that can be used against us becomes more and more complex, especially without proper guidance. Each email we receive can contain a trap as well as any new contact on social media. The rules for shielding yourself are few but fundamental: always pay close attention to every gesture made online, do not accept “gifts” (links, attachments, videos, images, etc.) from strangers, and get to know your opponent as much as possible by anticipating his moves. This can only be done through ad hoc training, continuously updated on the latest novelties, and allows fundamental exercises that simulate any and all possible scams. Because even understanding the theory, what makes the difference is to experiment with the numerous and sophisticated possibilities of being deceived concretely.


Articoli correlati

Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and...

read more