Friday, January 17, 2014

Cybercrimes of Passion

Not all cybercrimes fit in to the Criminal Behavior Cost-Benefit Model. Some just don't make sense.

On June 13, 2008, Terry Childs, a network administrator for the City of San Francisco, was arrested for not providing administrative passwords for the City’s Fiber Wan network infrastructure after being disciplined at work. For eight days San Francisco had no system level access to the infrastructure responsible for carrying 60% of its network traffic. The access was restored only after Terry told the Mayor of San Francisco the passwords to the systems during a private meeting in the prison where he was incarcerated.[1]

The cost-benefit formula assumes a rational thinker. Not the case here.
  • Monetary Benefit (Mb) – Nil.
  •  Psychological Benefit (Pb) – High (short term). Once the court records are made public, I suspect we’ll learn that Terry, a CCIE, had a long-time poor relationship with the management staff and that he didn’t feel that anyone but he should have admin access to the network.
  •  Cost of Crime Perpetration (Ocp) – Low. He already had admin access to the network infrastructure.
  •  Cost of Legal Defense and Incarceration – Very high. Prosecution and incarceration were imminent – all facts attributed the crime directly to Terry.

The ‘irrationals’ represent a very small portion of the system hacks, but they are out there and they are very bothersome. Perhaps the people that scare us the most are the ones that we can’t explain.