Lancaster University, Joe Burton, and Hacker Culture

How does hacker culture factor into cyberconflict? The short answer: when Russian and Chinese hackers are involved, we don’t know because Western intelligence has not focused on this topic. Foreign intel is tricky. It’s not enough to suck up all the data—the key is proper analysis. If you’re fluent in Chinese or Russian and computer programming, there’s a good chance you make at least six figures in a private company or are too rebellious for government work. Where, then, would an intelligence agency begin in its quest to understand Eastern hackers and their motives?

Professor Joe Burton of Lancaster University is trying to bridge the knowledge gap. In his NUS lecture, he argued 1) culture matters; 2) an understanding of hacker motivation is important; and 3) non-Western studies of hacker culture are few.

According to Burton, Russian hackers see cyber as informational and surveillance-motivated rather than “kinetic” or disruptive. In contrast, Americans view cyber-strategy as kinetic, i.e., an opportunity to search and destroy infrastructure. Ultimately, we don’t know much about non-Western groups due to language and other barriers. Burton indicated even if only Ukrainian and Russian hackers—who share common root linguistics—are conversing online, analysis is difficult.

Regarding cyber-security culture, Burton mentioned Conti Leaks and the I-Soon group. He also discussed recruiting challenges due to some hackers being too idealistic to support applications like drone surveillance. When such workers are at Google, they are simply replaced, and the project moves on; however, a state agency typically does not have as much flexibility as a Big Tech company. Unsurprisingly, the trend is increasing commercialization and “democratization” of surveillance technologies. Burton didn’t seem to think anything could stop greater commercialization of useful technology, but said if software vulnerabilities are not adequately stress-tested before release, malicious actors could easily hijack and re-purpose military-grade software for illicit use. An audience member mentioned “Project Pegasus” as exposing such illicit use, and Burton confirmed there are no commercial incentives to completely vet a software’s vulnerabilities before market release.

Walking around NUS afterwards, I saw an Albert Einstein quote: “No problem can be solved by the same consciousness that created it.” Despite our advances, we haven’t progressed past the Ford Pinto problem. Is the difference between our analog past and our digital future the difficulty in finding another Ralph Nader?

© Matthew Rafat (October 16, 2024 from Singapore) 

Bonus: for further research, you may watch War Games (1983) and Mr. Robot (2015); and read Graham Allison’s Essence of Decision; Douglas Thomas’s Hacker Culture; and Steven Levy’s Heroes of the Computer Revolution.