Hackers Profiling Project

HPP QUESTIONNAIRE - SECTION C

They are the questionnaire's "heart" and essential "nucleus" of our research. If correlated with the data of the other two sections, they allow us to have a "3D" image of hackers' way of action because they will be read in the light of the answers given.

a) Nicknames/handles

1a) Do (or did) you have only one or more "nicks/handles"? In the latter case, why?
Yes
No

1b) If yes, why do (did) you choose one, or more than one?

b) Age in which you started being interested in the topic:

1) At what age did you start being interested in IT and/or computer stuff?

2) At what age did you start being interested in hacking/phreaking?

3) Are you currently practising hacking/phreaking?
Yes
No

c) Hacking/phreaking learning methodology and level of technical skills:

1a) How did you learn the hacking/phreaking techniques?
Completely by yourself
Through a mentor

1b) If you had a mentor, please, describe the way he/she taught you to practise hacking/phreaking.

2) How do you value your level of technical skills?
Low
Medium
High
Expertise

3a) The increase of your technical skills has determined a progressive augment of the "gravity" of the consequences of your attacks?
Yes (Specify )
No (Specify )

3b) From your point of view, why?

d) Hacking, phreaking:

1) 1)Do (or Did) you practise:
Hacking
Phreaking
Both

4) How do you conceive hacking/phreaking?
As a lifestyle
As a pure tool to pursue aims

5a) Have you ever practised carding?
Yes
No

5b) If yes, what are your purposes?

e) Kinds of data nets, technologies and operative systems targeted and tools used:

1) On what kind of data nets and technologies do (or did) you practise hacking/phreaking? For example: Internet, X.25, PSTN/ISDN, PBX, Wireless, "mobile" nets (GSM/GPRS/EDGE/UMTS), VoIP.

2) On what kind of operative systems do (or did) you practise mostly hacking? For instance: MS Windows, Linux (specify which distribution), *BSD (specify which), commercial UNIX (specify which: Sun Solaris, HP/UX, and so on), Firewall, Routers, Wi-Fi APs, etc.

3) When you practise(d) hacking you use(d):
Your tools (tools produced by you, unreleased exploits)
Software/tools developed by other hackers
Both

f) Penetration techniques and "signature":

1) What sort of technique do (or did) you use for penetrating a system? Please, describe it.

2) What do (or did) you do when you are (or were) in a system?

3a) Do (or did) you usually leave a sort of "signature", which makes (or made) you recognizable by other hackers, upon the penetrated system?
Yes
No

3c) Why do (or did) you leave your "signature"?

4a) After having discovered new system's vulnerabilities, do (or did) you advise the SysAdmin?
Yes
No

4c) If yes, do (or did) you disclose them to the other members of the underground world before warning the SysAdmin about them?
Yes
No, I divulge(d) them after warning the SysAdmin
No, I do (or did) not divulge them at all

4d) If you disclose(d) the vulnerabilities to the other members of the underground world after warning the SysAdmin, do (or did) you wait the "holes" are (or were) patched?
Yes
No

g) Motivations:

2a)What are (or were) the motivations which you practise(d) hacking/phreaking for?
Curiosity for the systems' structure
Dependence from the hacking/phreaking activities
Because off-line life is boring
To gain power over government agencies, law enforcement, firms' systems and so on
To obtain recognition from other hackers
To augment my own level of hierarchy inside my group
For generosity towards the users by discovering bugs in systems/software/nets
Other (Specify )

h) Lone hacker/phreaker or as a member of a group:

1a) Do/did you practise hacking/phreaking:
Alone (Why? >)
In group (Why? >)
Both (Why? >)

1b) Why do (or did) you prefer practising hacking/phreaking alone and/or in group?

2) What is/was your or your group's target?
military o government
productive/industrial
research institutes/universities
Other (Specify >)

3a) Is/was there a message you or your group want(s)/wanted to communicate through hacking/phreaking?
Yes (Specify >)
No

4) What do/did you or does/did your group do? (for example: web-defacing; development of unreleased exploits on the basis of known vulnerabilities; development of exploits on the bases of unknown vulnerabilities, etc.).

5a) Is (or was) there an internal hierarchy in the group? If yes, please, describe its basis (for example: experience, technical knowledge, spirit of enterprise, charisma, seniority, etc.).
Yes
No

5b) If yes, on which bases it is (or was) grounded?
Past experience
Technical expertise
Initiative spirit
Charisma
Seniority
Other (Specify >)

6) Does (or did) each member of the group have a different speciality?
Yes (Specify >)
No

7a) Are (or were) there relevant rules that the members of the group must obey by?
Yes (Specify >)
No

7c) What are (or were) the "sanctions" envisaged by the group for the disobeyer?

8a) Have you ever personally met the other members of the group?
Yes, but only some of them
Yes, all
No

8b) Do (or did) you know their true identity, age and place of residence?
Yes, but only some of them
Yes, all
No

9) 9)Do (or did) the members of your group live in your same city and/or country?
Yes, in the same city
Yes, in the same country
No

10) How do (or did) you communicate with each other? (It is possible more than one answer).
Not cipher e-mail
Ciphered e-mail
"Opened" mailing lists
"Closed" mailing lists
Clear chat/IRC
Encrypted chat/IRC
IRL meetings
Other (Specify )

i) Meaning of the hacker's ethics and level of your obedience to it:

1a) Does a hacker's ethics exist from your point of view?
Yes
No

1b) If yes, what does a hacker's ethics mean to you? What are its principles?

2a) Do (or did) you obey to the hacker's ethics?
Yes (Why >)
No (Why >>)
Sometimes (Specify >)

j) Crashed/damaged systems:

1a) Have you ever crashed and/or damaged a system?
Never
Sometimes
Often

1b) If yes, you crashed/damaged it:
Voluntarily
Incidentally

1c) If you have done it voluntarily, why have you done it?

k) Time dedicated to hacking/phreaking:

1a) On the average, how many hours do (or did) you practise hacking/phreaking every day?
1-3 hours
4-6 hours
7-10 hours
10-12 hours
More than 12 hours

1b) During the years, the time you spend (or have spent) practising hacking/phreaking is (or was):
Increased
Diminished
Unvaried

2) What are (or were) the best hours during which you practise(d) it? Why?
morning
afternoon
evening
late-night

4) Have you ever felt like an "abstinence crisis" when you don't (or didn't) practise hacking/phreaking for a long time?
Yes, always
Yes, sometimes
No, never

l) Perception of the illegality of the own activity:

1a) Are hacking and phreaking a crime in your country?
Yes
No

1b) If yes, when and how did you become aware of it?

2a) From your point of view, are hacking and phreaking morally acceptable? Why?
Yes (Why >)
No (Why >>)

3a) Do you think you are (or were) injuring someone and/or something with your activity?
Yes
No

m) Computer-related crimes:

1) What kind of computer-related crimes have you committed?
Unauthorised access to computer systems and services
Unauthorised reproduction of legally protected computer programmes
Damage to or modifications of computer data or programs (Specify
Fraud by computer manipulation (Specify )
Computer forgery (Specify )
Other (Specify )

2a) Have you ever been busted and judged for your hacking/phreaking activity?
Yes
No

2b) If yes, how many times? Please, indicate the fine(s) and/or penalty/ies inflicted for each of them, and specify its/their amount or duration. If you have been acquitted, specify why.

n) Other crimes not related with the use of the computers:

1a) Have you ever committed crimes not related with the use of the computers?
Yes
No

1b) If yes, what kind and how many?

2a) Have you ever been busted and judged for these crimes?
Yes
No

2b) If yes, how many times? Please, indicate the fine(s) and/or penalty/ies inflicted for each of them, and specify its/their amount or duration. If you have been acquitted, specify why.

o) Deterrence effect of the laws, the convictions and of the technical difficulties encountered in violating a system; stop causes of the hacking/phreaking activity:
1a) Are (or were) you afraid of being busted and convicted for having violated a system?
Yes
No
Not more

1b) If not or not anymore, why? (It is possible more than one answer).
For the precautions and technical shrewdness adopted
For the inadequacy of investigators
Other (Specify )

2a) Are (or were) you deterred by the laws on computer crimes?
Yes
No
Not anymore

2b) If not or not anymore, why? (It is possible more than one answer)
Because the envisaged penalties are not sufficiently severe
Because it is difficult to be discovered and charged for this kind of crimes
Other (Specify )

3a) Are (or were) you discouraged by the convictions suffered by other hackers/phreakers?
Yes
No
Not anymore

3b) If not or not anymore, why? (It is possible more than one answer).
Why does it should happen to me?
For the precautions and technical shrewdness adopted
Because usually they are immediately released or condemned to moderate penalties
Other (Specify )

4a) Are (or were) you deterred or stimulated by the technical difficulties encountered in violating a system?
They stimulate(d) me
They discourage(d) me
Sometimes they stimulate(d) me, while other times they discourage(d) me

5a) If you don't practise hacking/phreaking any more, when and why have you stopped practising it?

5b) If you stop practising hacking/phreaking, do you continue to be interested in the topic? (for example working as an expert in computer/data security, etc.).
Yes
No

6a) Have you ever stopped practising hacking/phreaking and then started again after a while?
Yes
No

6b) If yes, why have you stopped practising it and why then have you started again?

Please, insert here your comments about the questionnaire.

For any information feel free to contact hpp@isecom.org This site is under GNU Free Documentation Licence