One of the questions that seems to plague IT security professionals is why do hackers do what they do? What makes them tick? To answer that question, our first challenge is to identify who a hacker is? Dictionary.com defines a hacker as “a microcomputer user who attempts to gain unauthorized access to proprietary computer systems.” Although, not entirely satisfied with this simplistic definition, for the sake of discussion, we will accept it as it is.
Now that we have a working definition of who a hacker is, we can move on to what motivates them? Many hackers are simply curious. They are brightand talented people who get a thrill from using their skills to manipulate vulnerabilities in systems. These hackers are not unlike talented graffiti artists who use their artistic abilities to deface property. Although they can certainly cause damage, their motivation is more aligned with mischief than malice.
The next group are those that seek to achieve financial gain through compromising vulnerable systems. These hackers are essentially cyber thieves who’s primary goal is money. Much like “traditional” thieves, hackers range in ability and ambition. Many of these hackers focus on petty credit card fraud and identity theft. Much like a smooth talking conman, they target naive and less experienced computer users with “phishing” emails and “free apps” that are designed to make a quick buck and then move on to the next victim. Some more enterprising hackers in this category are more akin to bank robbers than petty thieves. Their attacks are well planned and choreographed and intended to produce a “big score.” These hackers focus on stealing intellectual property and other sensitive information with the intention of selling it to the highest bidder. Generally, this group seeks to remain undetected in order to continue exploiting their target for as long as possible.
Next, we will explore the ideological bread of hacker. This group are motivated by social, political or religious ideals and often consider themselves to be cyber warriors. They are generally related to similar ideological terrorist groups fighting for their belief system. This group can be particularly dangerous to their intended target in that their goals are to create as much damage to their victims as possible. Their motivation is to create grand and visible damage that will bring attention to their cause.
Lastly, we will consider an emerging group of “sponsored” hackers. These are professional hackers that are in the direct employ of a foreign nation, drug cartels or organized crime syndicates. They are generally very well trained,funded and organized. Their motivation can vary depending on the objectives of their sponsoring organization. This group is capable of devastating damage and can be very difficult to defend against due to theirextraordinary resources.
By taking a closer look at some of the different types of hackers, we can see that the title of hacker is as diverse as the term criminal. Many organizations falsely assume that they will never be the target of hackers because they do not have anything of interest to hackers. Whether motivated by financial gain, religious fervor, or simple mischief, hackers are all capable of significant damage and financial loss to any organization.