Hacking for God & Country

There is clear evidence that hacking and malicious software are tremendously costly for businesses and home users alike. So why do people do it?
The reasons individuals engage in these activities are diverse. For example, Max Kilger from the Honeynet Project argues that the hacker community is driven by six motives: money, entertainment, ego, cause, entrance to a social group, and status.
The economic imperative is particularly strong, given the profit that can be made by hacking databases to steal credit cards and financial information. Additionally, a burgeoning market has developed around the sale of malicious software and stolen data, particularly in Eastern Europe and Russia.
Religion and nationalism also may play in computer attacks, as shown by the actions of Turkish hackers in recent years. Some of the most noteworthy attacks occurred after a Danish newspaper published a cartoon featuring the prophet Muhammad with a bomb in his turban in 2005. This image was justifiably deemed offensive by the international Muslim community, and protests were staged in the streets around the world.
A series of virtual protests also occurred, as the newspaper’s Website was defaced repeatedly by Turkish hackers, along with any other site that featured the cartoon. In fact, thousands of Websites were hacked or defaced by Turkish hackers, who in turn received a great deal of attention by the press for their efforts.
Turkish hackers have also defaced and attacked a number of government Websites, particularly in the United States and in Europe.
In examining a sample of three Turkish hacker Web forums that are driven by religious motives, it is clear that users perceive their actions to support a larger mission and agenda. Posters regularly feature national and religious symbols as part of their avatar, or personal image. The Turkish flag is regularly featured as part of an avatar background. Other avatars use military images, such as soldiers carrying rifles, bombs, or missiles. Some use pictures of masked militants holding rifles or making threatening gestures. All these representations evoke military and patriotic themes and emphasize the importance of these issues for this particular hacker community.

The forums also suggest a military, regimented structure to support attacks and Web defacements. One such forum had an “operations” section dedicated to discussions and listings of all the sites that the group’s members have defaced. The titles of threads within this subforum show a diverse range of targets defaced by the Turkish hackers:
Threat to French Site
Korean Yahoo Sites – “I have defaced a famous Korean site.”
[the group] has defaced 1,000 sites!
Join our site and help deface
Our martyrs have defaced many sites
Deface Announcements
We will eliminate the world (World Wide Web)
Web sites hacked
20 web site templates hacked
Adina Hotel hacked
20 Video Sites Hacked
English Receiving Site Hacked
USA Enterprises Hacked
Buddhism and Satanism Sites Hacked

These Turkish hackers have their own social organization practices. For example, one site established its leadership and attack command structure based on individual performance in a hacking challenge set up through their Website. Individuals must progress through 13 missions, and their performance establishes how they will participate in the larger group. The missions include SQL injection, RC4 encryption cracking, page redirection, password cracking, and other attack methods.
All of the forums also utilize a detailed command structure that regulates activity within the site and in attacks against various targets. This structure ensures easy operation and management, and establishes clear levels of respect and status that must be afforded to the senior leaders.
One site even provided a flow chart to specify forum operations and dictate how complaints and suggestions move through the chain of command. Other forums provided detailed videos on YouTube, featuring Websites that were compromised or defaced, interspersed with information on the attack teams and their organizational composition.
The structure and content of these forums suggest that religion and national pride drive the actions, targets, and practices of these Turkish hackers. Further research is needed, however, with more data from countries around the world, to consider how other religious and national interests affect hacker activity on a global basis.
— Thomas J. Holt is a criminologist specializing in computer crime, cybercrime, and technology