Acls patient cases robert mccrae answers

INTRODUCTION TO PART II

THREATS AND VULNERABILITIES

What are the practical, technical problems faced by security practitioners? Readers are introduced to what is known about the psychological profiles of computer crim- inals and employees who commit insider crime. The focus is then widened to look at national security issues involving information assurance—critical infrastructure protection in particular. After a systematic review of how criminals penetrate secu- rity perimeters—essential for developing proper defensive mechanisms—readers can study a variety of programmatic attacks (widely used by criminals) and methods of deception, such as social engineering. The section ends with a review of widespread problems such as spam, phishing, Trojans, Web server security problems, and physical facility vulnerabilities (an important concern for security specialists, but one that is often overlooked by computer-oriented personnel).

The chapter titles and topics in Part II include:

12. The Psychology of Computer Criminals. Psychological insights into motiva- tions and behavioral disorders of criminal hackers and virus writers

13. The Insider Threat. Identifying potential risks among employees and other authorized personnel

14. InformationWarfare.Cyberconflict and protection of national infrastructures in the face of a rising tide of state-sponsored and non-state-actor industrial espionage and sabotage

15. Penetrating Computer Systems and Networks.Widely used penetration tech- niques for breaching security perimeters

16. Malicious Code. Dangerous computer programs, including viruses and worms, increasingly used to create botnets of infected computers for spreading spam and causing denial of service

17. Mobile Code. Analysis of applets, controls, scripts, and other small programs, including those written in ActiveX, Java, and Javascript

18. Denial-of-Service Attacks.Resource saturation and outright sabotage that brings down availability of systems and that can be used as threats in extortion rackets by organized crime

II · 1 Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

II · 2 THREATS AND VULNERABILITIES

19. Social-Engineering and Low-Tech Attacks. Lying, cheating, impersonation, intimidation—and countermeasures to strengthen organizations against such at- tacks, which have increased drastically in recent years

20. Spam, Phishing, andTrojans: AttacksMeant to Fool.Fighting spam, phishing, and Trojans—trickery that puts uninformed victims at serious risk of fraud such as identity theft

21. Web-Based Vulnerabilities. Web servers, and how to strengthen their defenses 22. Physical Threats to the Information Infrastructure. Attacks against the infor-

mation infrastructure, including buildings and network media

Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

12CHAPTER

THE PSYCHOLOGY OF COMPUTER CRIMINALS

Q. Campbell and David M. Kennedy

12.1 INTRODUCTION 12 ·1

12.2 SELF-REPORTED MOTIVATIONS 12 ·3

12.3 PSYCHOLOGICAL PERSPECTIVES ON COMPUTER CRIME 12 ·4

12.4 SOCIAL DISTANCE, ANONYMITY, AGGRESSION, AND COMPUTER CRIME 12 ·4 12.4.1 Social Presence and

Computer Crime 12 ·6 12.4.2 Deindividuation and

Computer Crime 12 ·6 12.4.3 Social Identity Theory

and Computer Crime 12 ·7 12.4.4 Social Learning

Theory of Computer Crime 12 ·8

12.5 INDIVIDUAL DIFFERENCES AND COMPUTER CRIMINALS 12 ·9 12.5.1 Antisocial and

Narcissistic Personalities 12 ·9

12.5.2 Five-Factor Model of Personality and Computer Criminals 12 ·10

12.5.3 Asperger Syndrome and Computer Criminals 12 ·11

12.5.4 Internet Abuse and Computer Crime 12 ·12

12.6 ETHICS AND COMPUTER CRIME 12 ·14

12.7 CLASSIFICATIONS OF COMPUTER CRIMINALS 12 ·16 12.7.1 Early Classification

Theories of Computer Criminals 12 ·17

12.7.2 Rogers’s New Taxonomy of Computer Criminals 12 ·19

12.7.3 Hacktivists and Cyberterrorists: Hacking for a Cause 12 ·20

12.7.4 Dangerous/Malicious Insiders (DI/MI) 12 ·21

12.7.5 Virus Creators 12 ·22

12.8 RECOMMENDATIONS 12 ·24

12.9 FURTHER READING 12 ·26

12.10 NOTES 12 ·26

12.1 INTRODUCTION. Symantec’s Internet Security Threat Report for 2011 indicated an 81 percent increase in network attacks compared to 2010; this, coupled with a reported 187million identities that were exposed due to outsider attacks, sug- gests that the threat of computer crime is growing to unprecedented levels.1 For the most part, the industry has relied upon legal and technological solutions to reduce the risks to information security. An alternate approach is to target the human element;

12 · 1 Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

12 · 2 THE PSYCHOLOGY OF COMPUTER CRIMINALS

to try to understand the psychological motivations behind those who would exploit these technologies and to design security system accordingly.2 The main drawback to this approach is that the information security field has traditionally relied on outdated stereotypes of computer criminals, which have lead to convoluted, overgeneralized, and inaccurate portrayals of these individuals. Contributing to this is the industry’s over- simplification of computer crime and its reliance on a generic, all-encompassing view of the computer criminal. The computer underground is a vast and varied landscape that comprises many different subgroups, some of which are infantile and benign, and others that are criminal and destructive. The purpose of this chapter is to identify the various subgroups of computer criminals and to examine their differing motivations from a psychological perspective. Using theoretical perspectives from social, person- ality, and clinical psychology, we will review current research on the various subsets of computer criminals, ranging from script kiddies to malicious insiders, and provide recommendations for addressing the problem of computer crime at its source.

The National Institute of Justice defines a computer criminal as any individual who uses computer or network technology to plan or perpetrate a violation of the law.3 Although the term computer hacker is often used interchangeably with computer criminal, they are not synonymous. The term hackerwas originally used as an umbrella term to refer to a computer programmer who changes or alters code (i.e., hacks) in a unique or unorthodox fashion to solve a problem or to enhance its use. Such interventions may be legal or illegal depending on the circumstances, intent, outcome, or use of the hacked program.

Although a computer criminal, or cracker, sometimes also referred to as amalicious or criminal hacker, may fall under this broad definition, these individuals typically alter or exploit technology for destructive purposes or financial gain rather than for benign or creative functions. Common examples of computer crimes includeWeb page defacements, creation and distribution of viruses, unauthorized access of technology, theft of information, distributed denials of service (DDoS), and so on.

In recent years, computer security analysts have reported that many computer crim- inals are moving away from the hacking-for-fun-and-notoriety mindset to hacking for profit.4 More recently, activist groups (hacktivists) have used the Internet as a way of spreading their messages of social and political discord by engaging in digital harass- ment of their targets. According to the 2012 “Verizon Data Breach Report,” hacktivist groups represent a significant threat to network security, accounting for the majority of data thefts occurring in 2011.5,6

Computer crime is an obvious financial and societal problem that shows no signs of slowing. Researchers suggest that computer attacks will continue to grow in frequency and sophistication as technology continues to evolve. More specialized threats to social networks, peer-to-peer networks (P2P), handheld mobile devices, and nontraditional hardware systems (e.g., networked gaming consoles and point of sale devices), have been identified in the wild with increasing regularity.7 Douglas Campbell, president of the Syneca Research Group Inc., states that “the dominant threat to the United States is not thermonuclear war, but the information war.”8,9

One solution that has been offered as an effort to slow this disturbing trend is to examine the motivations of computer criminals from a psychological perspective. Computer-crime researchers suggest that understanding the psychological motivations behind cyber criminals would aid in both cybercrime prevention and protection.10,11

Generating a psychological profile of the various subtypes of computer criminals would aid in creating preventive initiatives as well as more effective countermeasures in the fight against computer crime. Since computer crime is not solely a technological

Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

SELF-REPORTED MOTIVATIONS 12 · 3

issue but one involving human agents, psychological theories regarding anonymity, aggression, social learning, and individual difference factors may enable us to better understand the behaviors and motivations of the computer criminal.

Information security consultant Donn Parker asserts that the creation of an effective malicious hacker profile still remains an elusive goal in the information security field.12

Therefore, the goal of this chapter is to survey past and current literature surrounding the psychological motivations of computer criminals. Theories from criminology, as well as social, personality, and clinical psychology, will be presented in an attempt to explain some of the possible motivations behind computer criminals. Based on these psychological research studies, we will conclude by offering recommendations for attenuating computer crime from the perspective of the perpetrator.

12.2 SELF-REPORTED MOTIVATIONS. Perhaps the simplest approach to un- derstanding the mindset of computer criminals is having the perpetrators describe their motivations in their own words. Using various self-reporting measures, including surveys, open-ended questionnaires, and first-person interviews, researchers have con- sistently found a number of common accounts used by computer criminals to explain and justify their illicit and sometimes harmful behaviors.13,14,15,16

According to sociologist Paul Taylor, computer criminals report that they are mo- tivated by an interacting mix of six primary categories: addiction, curiosity, boredom, power, recognition, and politics.17 Using a phenomenological-interpretive interview approach that emphasizes the interviewee’s perception of reality, sociologist Orly Turgeman-Goldschmidt similarly found that computer criminals reported curiosity, thrill seeking, the need for power, and the ideological opposition to information restric- tions among the motivations for their behaviors.18 Taylor suggests that the extensive use of computers by these criminals may result from a combination of both compulsive behaviors and intellectual curiosity. From an outsider’s perspective, an advanced com- puter user’s need to meet the swiftly changing demands of the computer industry may appear to be an indicator of computer abuse, when in actuality the constant use of tech- nology is a consequence of the field. A relentless curiosity and desire for technological improvement is often used by computer criminals as a motivation for their behaviors.19

Anecdotal evidence has also suggested that the frustrations that result from restrictive computing environments (e.g., network or Internet filters), coupled with a lack of suf- ficient intellectual stimulation, contribute to some computer criminals’ unauthorized access attempts. Some reformed computer criminals have indicated that once they were provided with more liberal access to technology, they were able to focus their skills on practical and legal endeavors rather than illicit undertakings.20

In one of the most ambitious efforts to understand the mindset of criminal hack- ers, computer security consultant and reformed computer criminal Raoul Chiesa and colleagues created the Hacker’s Profiling Project (HPP).21 The aim of the HPP was to utilize criminal profiling techniques to develop a comprehensive profile of criminal hackers. Chiesa developed a questionnaire that was judiciously distributed to known criminal hackers and asked questions regarding personal demographics, technological skill, criminal history, and social relationships. The research revealed again that some of the main motivations of criminal hackers are curiosity, proving their self-worth to themselves and others, and feelings of adventure. These relatively benign motivations are also coupled with feelings of anger, frustration, and rebellion against authority. For many of these individuals, the Internet is viewed as the great equalizer. Because of the reduced social context cues that guide face-to-face interactions, Internet users are judged more on their technological skills rather than their social skills, gender, or

Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

12 · 4 THE PSYCHOLOGY OF COMPUTER CRIMINALS

ethnicity. For a more comprehensive looked at the results of the HPP, see the recently published book Profiling Hackers.22

Contrary to their stereotypical portrayals in the news media and in fiction, computer criminals appear to havewide-ranging social networks that exist in both their online and offline environments.23,24 Taylor indicates that both the need for power and recognition by their peers may be motivating factors for some cybervandals. Computer criminals report feelings of enjoyment and satisfaction when they prove themselves better than system administrators and their peers. Communications researchers Hyung-jin Woo, Yeora Kim, and Joseph Dominick report in their analysis of Webpage defacements that 37 percent of the prank-related defacements contained messages that bragged or taunted the system administrators. Twenty-four percent of these types of defacements contained statements aimed at obtaining peer recognition and 8 percent contained boastful and self-aggrandizing verbiage.25

12.3 PSYCHOLOGICAL PERSPECTIVES ON COMPUTER CRIME. Al- though self-reporting analyses can give us some insight into the motivations behind computer criminals, these types of descriptivemethodologies typically yield incomplete and sometimes inaccurate results. Unless the causes for our behaviors are obvious, our explicit or consciously held explanations for our actions are often misguided. Research has found that our behaviors are frequently controlled by subtle situational variables and implicit attitudes of which we are not typically aware, and may be distinctly dif- ferent from the conscious mechanisms we use to explain our actions.26 Therefore, our conscious justifications for our actions may be inaccurate if we are unaware of more subtle cognitive processes. The next section examines more empirically based psychological theories of aggression and deviance to gain a further understanding of the factors that may be influencing the behaviors of computer criminals.

12.4 SOCIAL DISTANCE, ANONYMITY, AGGRESSION, AND COM- PUTER CRIME. Many acts of computer crime can be categorized as demonstra- tions of aggressive behaviors. For example, cracking into a company’s Web server and defacing a Web page, or launching a DDoS attack on an organization’s computer net- work, thereby crippling its Internet connection, are common malicious and aggressive acts engaged in by computer criminals. Social psychological theories on hostility and violence suggest that people are more likely to commit acts of aggression when the perpetrator of these acts is anonymous and the threat of retaliation is low.27 Since cy- bervandals frequently use nicknames (nicks or handles), stolen accounts, and spoofed Internet Protocol (IP) addresses when they engage in illegal activities, their behaviors may be more aggressive than when they are more easily identifiable. Computer crim- inals are overly confident that their crimes cannot and will not be traced back to their true identities. Computer criminals who deface Web pages are so confident that they are anonymous that they regularly tag the hacked Website by leaving their handles and the handles of their friends, and in some cases, even their Internet email addresses and Web page links.28

Due to the relative anonymity of the Internet and the technical abilities of cybercrim- inals, which enable them to further obfuscate their identities, the resulting emotional distance may be another factor that contributes to increased aggression online. For example, it is an extremely difficult and tedious task to identify computer criminals who launch DDoS attacks against computer networks. The attacker plants denial-of- service (DoS) programs into compromised shell accounts controlled by a master client. The master client will instruct every slave DoS program to cooperatively launch an

Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

SOCIAL DISTANCE, ANONYMITY, AGGRESSION, AND COMPUTER CRIME 12 · 5

attack at the victim’s host at a configurable time and date. Thus, the DoS attacks are not launched by the criminal’s own computer; rather, the attacks come from innocent networks that have been compromised by the cracker. This additional layer makes it all the more difficult for information-security professionals to locate the attack’s perpetra- tor. Much like the Website vandals, DDoS attackers are also confident that the attacks will not be traced back to their actual identities. Frequently, DDoS attackers will even brag on Internet Relay Chat (IRC) channels and Twitter about how many host nodes they have compromised and against which domain they are planning to launch new attacks.29

Situational influences on behaviors and attitudes work on the Internet much as they do in the real world. However, computer criminals who commit aggressive acts against their innocent victims do not see the immediate consequences of their actions. The computer screen and increased social distance that characterize interactions online can act as an electronic buffer between the attacker and victim. Like the participants in psychologist Stanley Milgram’s famous obedience experiment, computer criminals are physically and emotionally removed from their victims while they are committing their harmful actions.30 They do not witness firsthand the consequences of their computer- ized attacks. Automated cracking and DDoS scripts, coupled with the lack of social presence in computer-mediated interactions, may make it easier to attack an entity that is not only emotionally and physically distant, but also depersonalized (e.g., a system administrator working for a large corporation).

Consistent with social psychologist Albert Bandura’s theory of moral disengage- ment, individuals who engage in unscrupulous behaviors will often alter their thinking in order to justify their negative actions.31 According to Bandura, most individuals will not commit cruel or illicit behaviors without first engaging in a series of cognitive justification strategies that allow the person to view those actions as moral and just. Immoral behaviors can be justified by comparing them to more egregious acts, mini- mizing the consequences of the actions, displacing responsibility, and by blaming the victim themselves. Criminologist Marc Rogers posits that computer criminals may rely on a number of these disengagement strategies in an attempt to reduce the dissonance associated with their malicious activities.32

Studies conducted by sociologists Paul Taylor and Orly Turgeman-Goldschmidt suggest that many computer criminals are, in fact, engaging in forms of moral disengagement.33,34 Their interviewees report that computer crime is driven by a search for answers and spurs the development of new technologies. They further indicate that their electronic intrusions cause no real monetary harm or damage to the victims, and that larger corporations that can afford any financial losses that are incurred from their digital transgressions. Web page crackers will often criticize and publicly taunt the system administrators for not properly securing their computers, suggesting that the victims deserved to be attacked.35 Rogers suggests that this victim-blaming strategy is likely the most common form of moral disengagement that is employed by computer criminals.36

A study conducted by information technology researcher Randall Young and col- leagues confirmed that computer criminals have amorally distorted viewof their deviant activities, enabling them to socially justify their digital exploits.37 Self-identified com- puter criminals attending a computer conference reported significantly higher levels of moral disengagement than a control group of university students. The self-identified criminals strongly felt that their digital intrusions were actually helpful to the compa- nies that they invaded and that their friends and families would not think negatively of them if they were caught engaging in illegal computer hacking.

Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

12 · 6 THE PSYCHOLOGY OF COMPUTER CRIMINALS

12.4.1 Social Presence and Computer Crime. Social psychologist Sara Kiesler and colleagues found that during face-to-face (FTF) interactions, conversants implicitly attend to social context cues (e.g., facial expressions and intonations) and use them to guide their social behaviors. Since these social context cues are absent or reduced during computer-mediated interactions, digital communication may be more deregulated than FTF discussions.38,39 Kiesler and Lee Sproull suggest that the absence of social-context cues in computer-mediated communication hinders the perception of and adaptation to social roles, structures, and norms.40 The reduction of social-context cues in computer-mediated communication can lead to deregulated behavior, decreased social inhibitions, and reduced concern with social evaluation. The most common variables examined in their experiments were hostile language in the form of “flaming” (aggressive, rude, and often ad hominem attacks) and post hoc perceptions of group members (i.e., opinions formed after interacting with members). One empirical study found that group members communicating via computer-mediated communication were more hostile toward one another, took longer to reach decisions, and rated group members less favorably than comparable face-to-face groups.41 Another experiment reported that there were 102 instances of hostile communication during computer- mediated interactions, compared to only 12 instances of hostile commentary during comparable FTF discussions.42

Based on Kiesler’s findings, computer criminals may be engaging in hostile behav- iors partly due to this reduction of available context cues. Crackers who harass and victimize system administrators and Internet users may be engaging in these antisocial activities due to the reduced attention to and concern with social evaluations. There are numerous anecdotal accounts of computer criminals “taking over” IRC channels, harassing people online, deleting entire computer systems, and even taunting system ad- ministrators whose networks they have compromised.43 Their criminal and aggressive behaviors may be partially attributed to the reduced social context cues in computer- mediated communication and the resulting changes in their psychological states (i.e., deindividuation) while online.

12.4.2 Deindividuation and Computer Crime. Disinhibited behaviors have also been closely linked to the psychological state of deindividuation. Dein- dividuation is described as a loss of self-awareness that results in irrational, aggressive, antinormative, and antisocial behavior.44,45 The deindividuated state traditionally was used to describe the mentality of individuals who comprised large riotous and hostile crowds (e.g., European soccer riots, mob violence, etc.). Social psychologist Phillip Zimbardo suggested that a number of antecedent variables, often characteristic of large crowds, lead to the deindividuated state. The psychosocial factors associated with anonymity, arousal, sensory overload, loss of responsibility, and mind-altering sub- stances may lead to a loss of self-awareness, lessening of internal restraints, and a lack of concern for social or self-evaluation.46

The factors associated with deindividuation also appear to be present during some online activities. For instance, Internet users are relatively anonymous and often use handles to further obscure their true identities. Many of the Websites, software pro- grams, and multimedia files that typify the computing experience are sensory arousing and in some cases can be overstimulating. The Internet can be viewed as a large global crowd that individuals become submersed in when they go online. It is possible that the physical and psychological characteristics associated with the Internet that make it so appealing may also lead individuals to engage in antisocial and antinormative behaviors due to psychological feelings of immersion and deindividuation.47

Bosworth, S., Kabay, M. E., & Whyne, E. (Eds.). (2014). Computer security handbook, set. Retrieved from http://ebookcentral.proquest.com Created from apus on 2018-03-19 16:20:05.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

.

SOCIAL DISTANCE, ANONYMITY, AGGRESSION, AND COMPUTER CRIME 12 · 7

Deindividuation is brought about by an individual’s loss of self-awareness, and psychological immersion into a crowd due to the aforementioned antecedents.48 The aggressive, hostile, and antinormative actions of computer criminals may be linked to the denindividuated state. Zimbardo found that when participants were deindividuated, operationalized by anonymity, darkness, and loud music, they would administer higher levels of electric shocks to subjects, and for longer lengths of time, than individuated participants. Like Zimbardo’s participants, computer criminals may be engaging in hostile and aggressive behavior due to deindividuation—that is, as a direct result of anonymity, subjective feelings of immersion, and the arousing nature of computer and Internet use.49,50

12.4.3 Social Identity Theory and Computer Crime. Social psychol- ogists Martin Lea, Tom Postmes, and Russell Spears have recently developed a social identity model of deindividuation effects (SIDE) to explain the influence of deindividuating variables on behaviors and attitudes during computer-mediated communications.51,52,53 According to social identity theory, an individual’s self- concept resides on a continuum with a stable personal identity at one end and a social identity at the other. Depending on whether the social self, usually in group situations, or individual self is salient, the beliefs, norms, and actions associated with that particular self-concept will have the greatest influence on the individual’s actions and attitudes.54 When one of our social identities is salient, the norms associated with that group identity tend to guide and direct our behaviors.

According to the SIDE model, the isolation and visual anonymity that characterizes our online environment serves to enhance our social identities. This increase in social identification with a group may polarize our behaviors and attitudes toward the prevail- ing norms of that collective.55,56,57 Contrary to popular media stereotypes, computer criminals appear to have large social networks and frequently form groups and friend- ships with other like-minded individuals.58 The use of handles and pseudonyms by these individuals combined with their physical isolation from each other may increase their aggressive and criminal tendencies depending on the overall norms associated with their online social groups. If the criminal collective values electronic intrusions and defacements more than programming and coding, then these behaviors will be exhibited to a greater extent by members who strongly identify with that group.

According to Henri Tajfel and John Turner’s social identity theory (SIT), we tend to identify with ingroups, or those with whom we share common bonds and feelings of unity.59 We have a bias toward our own group members and contrast them with outgroups, whom we perceive as different from those in our ingroup. While this ingroup bias or favoritism may benefit and protect our self-concepts, it may cause us to dislike and unfairly treat outgroup members (e.g., network administrators).