This week we have reviewed 7 different motives for committing cybercrime. I have to admit, they seem rather self-explanatory when you hear the individual motives: boredom, entertainment, money, political, recognition, revenge, and multiple reasons. I’m going to rank these from motives that make the most sense to the least sense. I do want to make a note before I begin: the reading this week that was provided for “boredom”, https://www.theherald.co.za/news/2021-05-31-cyberbullying-and-online-sexual-grooming-of-children-on-the-increase/, did not sound as a direct motive by the perpetrator, but the contributing factor that led to an individual being victimized, and will take this into consideration for my ranking decisions.
Money
This one speaks to me, because admittedly, I like money. I know I have a skill set, and it’s a skill set I enjoy practicing. Why not make money off it? I get to travel all over the world and get paid to perform my role in cyber. The truth is, we all need money. Again, with bug-bounties programs increase in popularity, this is a perfectly legal motive if performed within the defined scope of the program. We always hear about the groups and actors that manage to (illegally) gain a large amount of money from their exploit-adventures, but those that hack legally should not be forgotten. Some of us partake (legally) to pay our bills and provide for our families. I can’t think of a better reason than that.
Political
I believe this to make the most sense and doesn’t surprise me that as time goes on, the amount of hacks originating from state-actors or hacktivists have grown. The way the world has come to rely on the internet for everyday life has made all of the systems connected to it prime targets for an attack. We have seen everything from sensitive data leaks to simple defacement of websites, all for a variety of reasons ranging from inciting change, demanding transparency, revealing wrong-doings, to even just to simply spread the hacker’s beliefs. In addition, with more and more of our lives online, it would not surprise me if we see more cyber attacks due to war and conflict between groups and countries, similar to Stuxnet in the early 2000s. As these threats become more relevant, the reason behind them, whether I agree or not with their position, does.
Recognition
This one comes from two separate perspectives. Yes, there are people that will simply attempt to perform a hack simply for the fame of doing it. However, this is not necessarily the reason I think of. Cybersecurity, for some, has become a difficult field to enter. Finding ways to stand-out to potential employers proves to be a challenge for some. Do we show talk to them about our homelabs? How about our self-studies and IT related hobbies? What about the CVE we discovered? Hacking for recognition does not have to be from illegal activities. With the increased popularity of bug-bountry programs and methods of disclosing issues, developing a “resume” of sorts that can showcase one’s own personal accomplishments, and contributions, to the cyber field makes this a perfect way to stand out in the never-ending pool of people trying to enter cyber.
Entertainment
Sometimes people get bored. Sometimes we just need a new challenge. Online hacking labs such as HackTheBox and Offensive Security’s Proving Grounds provides just that, a challenge. I’ll typically boot up a purposely-vulnerable virtual machine to pass time. For some, when this boredom overlaps with curiosity, it does not surprise me that some individuals might find themselves poking at a system just to see how far they can go. This is not always done with malicious intent. Maybe they’re curious to how the web app’s back-end might function. Perhaps they can find some lost and forgotten file accidentally being hosted on a publicly facing server. Curiosity is what motivated many of the first hackers. These people were not just hobbyists, but tinkerers. Sometimes we just find joy in discovering something new.
Multiple Reasons
I had to think about where exactly to rank this. How do you rank multiple reasons? While most of the above motives can be driven with positive intentions combined just as much as themselves individually. I feel like I should rank this higher, but honestly I don’t know where, or exactly why. Entertainment and money? Sure, I’d love to have fun and make money! Recognition and entertainment? I’d love to research something I enjoy and get recognized for it. But then I think of instances being motivated by money and those below boggle my mind. I understand we all want money, for example, but, for example, making money on a cyber crime like revenge porn? Or cyber bullying somebody because you need some entertainment in your life? Trash motivations to fulfill one’s wants. I couldn’t begin to understand the reasoning why someone would go this route.
Revenge
This is where I get to thinking “that’s not really a good reason to do that”. There’s no valid reason to extort anyone online. There’s nothing positive about image-based sexual abuse. Nothing good comes from deliberately harming anyone. I don’t thing I can explain it any better than that.
Boredom
This was one that (somewhat) confuses me. Boredom? You mean entertainment? The reading however, discusses the topic of children being groomed online or cyber bullying, so I’m taking this in the context of a “bored” individual becoming a victim due to their activities online. With this said, the only thing I can ask is “why?” Every other reason makes sense (well, except revenge. That’s still a trash reason). Targeting bored children online, and manipulating them to take advantage of them, is just outright terrible. Targeting anyone online simply because they are an easy victim just doesn’t make sense to me.