CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Information Systems (DISS)


College of Engineering and Computing


Gurvirender Tejay

Committee Member

Ling Wang

Committee Member

Stefan Savage


Information science, Information technology, Management, breach, countermeasures, hacker, information systems, innovation, security


Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining to the defeat of IS security countermeasures. This research sought to understand the manner in which hackers diffuse innovations within these communities. Employing a multi-site, positivist case study approach of four separate hacking communities, the study examined how hackers develop, communicate, and eventually adopt these new techniques and tools, so as to better inform future attempts at mitigating these attacks. The research found that three classes of change agents are influential in the diffusion and adoption of an innovation: the developer/introducer of the innovation to the community, the senior member of a community, and the author of tutorials. Additionally, the research found that three innovation factors are key to successful diffusion and adoption: the compatibility of the innovation to the needs of the community, the complexity of the innovation, and the change in image conferred upon the member from adopting the innovation. The research also described the process by which innovations are adopted within the hacking communities and detailed phases in this process which are unique to these communities.