October 2nd 2019
With society increasingly dependent on technology and the internet (it is estimated there will be more than 50billion devices connected to the internet by 20206) hackers will also adapt to these changes. The FBI has warned7 that even cars can be hijacked through internet connections they may have. Large corporations and even governments have been on either end of hacking. The Chinese and various other governments8 have in the past been strongly suspected of carrying out hacking for political purposes. In one example, the New York Times was hacked in retaliation to articles written by them concerning the finances of China's Prime Minister. More recently, large companies such as Boeing have been hit by ransomware cyber hacks9, whilst the security of MyFitnessPal was recently breached10 and the personal details of over 150,000,000 users affected.
Hackers are evidently “a major concern”11 for the information technology community and a major threat against the privacy of personal data online. Unfortunately they are also growing at an alarming rate12, and while there are different kinds of cyber-attacks, there is also various types of hackers with varying motivations. Authors (notably Taylor: 1999)13 have discussed the primary motivations that drives people to commit such acts while Thycotic (a software firm specialising in password protection) carried out a survey of 127 hackers determining the motivations behind their hacking. 51% of those surveyed were motivated by the fun of it while 19% were motivated by money14.
These four motivations are financial incentives, seeking sensitive information, political activism (“hacktivism”), and hobby-hackers, concluding with possible suggestions to mitigate threats.
The Financial Pull
As with many crimes, financial motivations are an attraction for hackers. These can be for both positive and negative reasons, ethical and unethical. To differentiate between them, it is common to use the terms of white, black and grey hat15.
A white hat hacker is an “ethical” hacker16 who voluntarily hacks a website or software at the request of the developer in return for payments. In doing so, breaking the security exposes weaknesses in the software's development, and will allow developers to rectify this before it is exploited maliciously, therefore the cost of paying the hackers is small in comparison.
Research shows this to be a highly lucrative “career”, in some cases paying more than software engineers themselves. A 2018 report by HackerOne17, the leading hacker-powered security platform, surveyed almost 2,000 hackers across 100 countries. The study revealed that (by average) the higher-earning white hat hackers earned almost three times the average salary of software engineers, whereas in some nations (such as India) this disparity can be a vast as sixteen times higher. Around 25% of hackers surveyed insisted they rely on bounties for at least half their income annually, 14% say bounties made up at least 90% of their income. HackerOne even insists “there's no better time to be an ethical hacker.”. Over 1,000 organisations such as Lufthansa, Starbucks and even the US Department of Defense are believed to be working with the worldwide hacker community in order to resolve their own security flaws in exchange for payment.
In contrast, black hat (unethical) hackers18 aim to gain illegal access to systems storing massive amounts of personal information such as banking information and to then exploit this for fraudulent profits, which is believed to cost the UK economy billions of pounds annually19. A 2016 governmental report showed that almost half (46%) of all British businesses were hit with at least one cyber attack within the previous year20, while three quarters of directors believed cyber security to be a high-priority issue.
In the middle, grey hats will find network vulnerabilities and offer to fix this for a fee (similar to a white hat but without being asked). Should this offer be rejected, they may publicly reveal the flaw and allow malicious hackers to exploit it (aiding black hats).
Alternatively, a motivation that does not fit into a specific “hat” category is hacking as a method to obtain a high-paying computers career. Parker outlines this as a “short-cut to a high-paying career in information technology”21 without having to go through university and the costs this incurs. Though this is an outlandish strategy, it may work in gaining interest from large companies who acknowledge a hackers skill and wish to recruit them to protect their own business securities.
The damage financial hackers do to society and the economy varies depending on their motivation. White hats may help society by assisting to stop future attacks, activities of black black hats of course be detrimental to it. In 2016, the FBI tallied a cost of more than $1.3billion, while the security company Symantec puts the total financial cost to consumers collectively at more than $20billion22. Evidently, hacking can be incredibly profitable to hackers thus acting as further motivation. Despite this, research by HackerOne insists this is no longer the primary motivation behind hackers, and financial motivation has become less important since 2016.
Searching For Information
One of the most damaging types of hacking is attacks on top-secret governmental systems, often to find and perhaps leak incredibly sensitive or incriminating governmental secrets (private information may also be sold to media outlets or rivals).
One of the most notorious hackings was by Glasgow-born Gary McKinnon who successfully breached the security of US government systems, scanning around 73,000 computers, as well as hacking dozens of US army, navy, and Department of Defence computers (and sixteen of NASA's23). McKinnon allegedly created $800,000 worth of damage to computer systems between 2001 and 200224, although this is sparse compared to the damage that could have been committed by hackers with severely malicious intent. McKinnon himself insisted he was simply looking for top-secret evidence of UFOs.
Glasgow-born hacker Gary McKinnon
This became incredibly embarrassing for the US government to have their national top-secret security systems breached by one man using a “very basic tool”25, and could lead to a total breakdown in public confidence towards their governments security, while the worst case scenario of malicious hackers having unfettered access to such top-secret information is perhaps insurmountable. On an international scale, the hacking of one country by another is a potentially volatile act that could lead to significantly increased tensions. Israeli hackers who broke into the databases of Kaspersky26 (a software used by over 400million people) found Russian operatives stealing top secret intelligence from the US government in 2015, something that exacerbated relations.
Alternatively, hackers could target individuals whilst trying to find personal files such as private details or media. An example is the iCloud celebrity photos leak of 2014 where numerous celebrities had private photos released onto the internet after hackers exploited a security flaw on the iClouds password system. These can be motivated by blackmail, selling, or for other kinds of gratifications.
Acts may be carried out by activist hackers (“hacktivists”) motivated by ethical purposes, an example being those against animal experimentation laboratories27. These can be done to severe effects such as threats against a group or alternatively can be done for simple cyber-vandalism. It is common for the motivations behind these attacks to be ethical retaliation, however sometimes this is motivated by spite or humour. Though these are not always entirely “hacks” by the definition, the effects can be just as damaging to the targeted victim, and sometimes the outcomes can be just the same.
Notorious hacktivists “Anonymous” have frequently made headlines for compromising larger secure systems such as those of oppressive governments, police departments and even the Department of Justice, protesting acts they believe to be unjust. They rose to prominence after “Operation Chanology” against the Church of Scientology, later creating “Operation Payback” motivated by protests towards the perceived greed of major music organisations28. This provides a method of protesting for hackers who are strongly motivated towards a cause but may not have the skills to launch an attack on their own.
Anonymous, arguably the worlds most infamous hacking collective
Alternatively, these attacks may be done for petty revenge, such as the infamous “Cybergate” in 2011 after Aaron Barr, the CEO of HBGarry threatened to reveal identities of those affiliated to Anonymous. Motivated by petty revenge, Anonymous responded by hacking HBGarry's official website, blocked their phoning systems and copying around 70,000 private emails exposing the firms own secretive political agendas. Compounding the misery, the Twitter of Barr himself was also hi-jacked.
Given that Anonymous is a leaderless group, this makes it difficult for authorities to target a hierarchy directing such attacks. Absolutely anyone can claim affiliation, create a cell of cyber-protesters, and organise attacks against a target they deem immoral. Unfortunately this also makes it far harder to prosecute as there is an unknown number of members, there is no registration and absolutely anyone with the internet and similar motivations can support Anonymous. Given they are primarily motivated by ethical causes (in their own eyes) this gives them a global appeal to anyone who feels motivated towards the same cause.
Hobby-Hacking & Recognition
Perhaps the least dangerous type of hacking comes from those who see it as a hobby. The aforementioned report by HackerOne details this makes up 51% of surveyed hackers, although the motivations that leads them to take up such a hobby varies between hackers.29 For example, Mojhrenschlager (1995) and Blatchford (1998) identified curiosity as an important common motivation amongst many hackers30. Many young hackers are highly intelligent and become bored at school due to the unchallenging work, and see hacking as a thrilling way to prove themselves31. The challenge of overcoming highly intricate security frameworks can provide the motivation to encourage them32. According to Yar (2005) trends have also appeared where hackers use the act as an escape from family or school life33.
Some hackers desire bragging rights amongst peers, whether close friends or others in the hacking community34. Though they may seek increasingly difficult challenges to increase the kudos this is rarely done with malicious intent. In one instance, a 17 year old was caught hacking into TalkTalk in 2015, insisting he was merely “just showing off”35 to friends.
While this type of hacking is unhelpful to society, it is hardly the most destructive. The primary concern towards hobby hackers is likely to be the confidence gained in their ability that may lead them to consider alternative and more destructive methods of hacking, such as the aforementioned methods of fraud and seeking information.
What Can Be done?
The damage that hacking creates is of course dependent on the motivations and skill of the hacker. However, there is perhaps more that can be done to prevent hackers from having these motivations in the first place, and more could be done to mitigate the damage should they proceed.
Some writers such as Maiffret (a former hacker) insist the burden lies primarily with software developers to prevent opportunities for cyberattacks, and that companies should be pressured into making significant investments towards improving their products security36. These vulnerabilities, he insists, gives hackers a foot in the door and an opportunity to hack regards of their motivations. Instead of feeling responsible for preventing breaches, Maiffret insists that security problems to software developers are more of a “marketing challenge than an engineering one”, and are only acted up when there is a threat to sales or their reputation.
As previously mentioned, hobby hacking is becoming a more frequent motivation and while this is usually petty cyber-vandalism it can often lead to the hacker seeking greater challenges. HackerOne reported that few hackers fear getting caught with 86% feeling confident they will never face any consequences for their activities. Creating a culture where hackers fear getting caught such as by making examples of high-profile criminals, and portraying a far more aggressive stance against the crime of hacking in general (no matter how small) may create a greater fear amongst the hacking community that makes the incentives of hacking less appealing by comparison to the punishment handed out.
Mullinix suggests that to make it more costly for hackers to commit these crimes would therefore reduce the profit they gain from it, essentially to make it “too costly to attack”37. According to Maqbool, losses influence hackers decision more than financial gains38. Though financial motivations are becoming less common, the destructive and devastating impact on those who fall victim means this remains a serious issue.
Preventing people from becoming motivated to hack is evidently only one part of the problem, but this can be mitigated in several ways as mentioned. A culture where hacking is seen as rebellious is detrimental to preventing it. Replacing this with an idea of nervousness of getting caught would likely allay peoples motivations to attempt it, while the pay-off would appear sparse in comparison. Convicting more hackers would likely be an effective start to this, alongside increased sentences, as well as convicting hackers who are seemingly (in their own mind) untouchable. Hopefully this would send a severe warning to other hackers regardless of how early in their efforts they are.
Hacking will continue to be an increasing problem as technology improves and as society becomes more dependent on it. More opportunities for hacking will arise and computer security systems must keep up with the increasing possibilities for hackers to exploit flaws in their systems for their own motivations. Pressuring software developers to create products that are significantly more secure could be a significant move. As such, security breaches appear to be more of a marketing and publicity nightmare as opposed to a social security problem to developers. By encouraging developers to acknowledge their responsibility that lacklustre products may provide opportunities and motivation to hackers, this could stop many hackers getting their foot in the door.
1Ryan Francis O. Cayubit, Kevin M. Rebolledo, Romulo Gabriel A. Kintanar, Angelissa G. Pastores, Alen Josef A. Santiago, Paula Bianca V. Valles, “A Cyber Phenomenon: A Q-Analysis on the Motivation of Computer Hackers” (2017), Psychol Stud, 62:4, 386.
2MacKenzie Wark, “Hackers” (2006), Theory, Culture and Society, 23:2, 320.
3Uncredited Author, “7 Reasons Why Hackers Hack” (CujoAI, 16 May 2017) <https://www.getcujo.com/blog/7-reasons-hackers-hack/> Accessed 2 April 2018.
4Marc Maiffret, “Closing the Door on Hackers” New York Times (5 April 2013) 23.
5Kacper Pempel, “US Hit by 77,000 Cyber Attacks in 2015 – a 10% Jump” (Newsweek, 21 March 2016) <http://www.newsweek.com/government-cyber-attacks-increase-2015-439206> accessed 3 April 2018.
6Walden University, “What Motivates Hackers?”, (Walden University, undated) <https://www.waldenu.edu/doctoral/doctor-of-information-technology/resource/what-motivates-hackers> accessed 28 March 2018.
7Andy Greenberg, “The FBI Warns that Car Hacking is a Real Risk” (Wired, 17 March 2016) <https://www.wired.com/2016/03/fbi-warns-car-hacking-real-risk/> accessed 29 March 2018.
8Nicole Perlroth, “Hackers in China Attack “The Times” for Last 4 Months” (New York Times, 30 January 2013) <https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html> accessed 30 March 2018.
9Peter Martinez, “Ransomware Virus Hits Boeing, Affecting “Small Number of Systems” ” (CBS News, 28 March 2018) <https://www.cbsnews.com/news/boeing-ransomware-virus-computer-system-today-2018-03-28/> accessed 4 April 2018.
10Mike Campbell, “MyFitnessPal Data Breach Exposes Email Addresses, Passwords of 150million accounts” (Apple Insider, 29 March 2018) <https://appleinsider.com/articles/18/03/29/myfitnesspal-data-breach-exposes-email-addresses-passwords-of-150m-accounts> accessed 29 March 2018.
11Walden University, “What Motivates Hackers?”, (Walden University, undated) <https://www.waldenu.edu/doctoral/doctor-of-information-technology/resource/what-motivates-hackers> accessed 28 March 2018.
12Zahid Maqbool, Nidhi Makhijani, V. S. Chandrasekhar Pammi, Varun Dutt, “Effects of Motivation: Rewarding Hackers for Undetected Attacks Cause Analysts to Perform Poorly” (2017) Human Factors, 59:3, 420.
13Paul Taylor, Hackers: Crime in the Digital Sublime (Routledge, 1999).
14Renushka Madarie, “Hackers’ Motivations: Testing Schwartz’s Theory of Motivational Types of Values in a Sample of Hackers”, (2017) International Journal of Cyber Criminology, 11:1, 81.
15Ryan Francis O. Cayubit, Kevin M. Rebolledo, Romulo Gabriel A. Kintanar, Angelissa G. Pastores, Alen Josef A. Santiago, Paula Bianca V. Valles, “A Cyber Phenomenon: A Q-Analysis on the Motivation of Computer Hackers” (2017), Psychol Stud, 62:4, 386.
16Ryan Francis O. Cayubit, Kevin M. Rebolledo, Romulo Gabriel A. Kintanar, Angelissa G. Pastores, Alen Josef A. Santiago, Paula Bianca V. Valles, “A Cyber Phenomenon: A Q-Analysis on the Motivation of Computer Hackers” (2017), Psychol Stud, 62:4, 386.
17Uncredited Author, “Ethical Hacking Proves More Lucrative Than Software Engineering for Some; Bounty Rewards No Longer #1 Motivation” (Business Wire, 17 January 2018) <https://www.businesswire.com/news/home/20180117005430/en/Ethical-Hacking-Proves-Lucrative-Software-Engineering-Bounty> accessed 28 March 2018.
18Ryan Francis O. Cayubit, Kevin M. Rebolledo, Romulo Gabriel A. Kintanar, Angelissa G. Pastores, Alen Josef A. Santiago, Paula Bianca V. Valles, “A Cyber Phenomenon: A Q-Analysis on the Motivation of Computer Hackers” (2017), Psychol Stud, 62:4, 386.
19Zlata Rodionova, “Cyber security report: Hacking attacks on UK businesses cost investors £42bn” (Independent, 12 April 2017).
20Adi Gaskell, “What Motivates Ethical Hackers?” (Dzone, 7 August 2017) <https://dzone.com/articles/what-motivates-ethical-hackers> accessed 2 April 2018.
21Donn B. Parker, “Plenty More Hacker Motivations” (2013), Communications of the ACM, 56:7, 1.
22Mark Mullinix, “Message From the Interim President: The Federal Reserve and Cybersecurity” (2017) ECON Focus, 3rd quarter, 1.
23Paul Arnell, Alan Reid, “Hackers Beware: The Cautionary Story of Gary McKinnon” (2009), Informations and Communications Technology Law, 18:1, 2.
25Paul Arnell, Alan Reid, “Hackers Beware: The Cautionary Story of Gary McKinnon” (2009), Informations and Communications Technology Law, 18:1, 8.
26Reuters, “Israel Hacked Kaspersky and Discovered Russia Stealing Top Secret U.S. Intel” (Haaretz, 11 October 2017) <https://www.haaretz.com/israel-news/israel-hacked-kaspersky-found-russia-steals-top-secret-u-s-intel-1.5457052> accessed 29 March 2018.
27Brian Moher, “Hacktivism”, (2004) Accountancy Age, 20.
28Steve Mansfield-Devine, “Hacktivism: Assessing the Damage” (2011) Network Security, 5.
29Uncredited Author, “Ethical Hacking Proves More Lucrative Than Software Engineering for Some; Bounty Rewards No Longer #1 Motivation” (Business Wire, 17 January 2018) <https://www.businesswire.com/news/home/20180117005430/en/Ethical-Hacking-Proves-Lucrative-Software-Engineering-Bounty> accessed 28 March 2018.
30Ryan Francis O. Cayubit, Kevin M. Rebolledo, Romulo Gabriel A. Kintanar, Angelissa G. Pastores, Alen Josef A. Santiago, Paula Bianca V. Valles, “A Cyber Phenomenon: A Q-Analysis on the Motivation of Computer Hackers” (2017), Psychol Stud, 62:4, 387.
31Regis University, “Why Do People Hack?” (Regis University, undated) <https://informationassurance.regis.edu/ia-programs/resources/ia-update/why-do-people-hack> accessed 4 April 2018.
32Ryan Francis O. Cayubit, Kevin M. Rebolledo, Romulo Gabriel A. Kintanar, Angelissa G. Pastores, Alen Josef A. Santiago, Paula Bianca V. Valles, “A Cyber Phenomenon: A Q-Analysis on the Motivation of Computer Hackers” (2017), Psychol Stud, 62:4, 394.
33Ryan Francis O. Cayubit, Kevin M. Rebolledo, Romulo Gabriel A. Kintanar, Angelissa G. Pastores, Alen Josef A. Santiago, Paula Bianca V. Valles, “A Cyber Phenomenon: A Q-Analysis on the Motivation of Computer Hackers” (2017), Psychol Stud, 62:4, 387.
34Tim Jordan, Paul Taylor, “A Sociology of Hackers” (1998) The Sociological Review, 768.
36Marc Maiffret, “Closing the Door on Hackers” (New York Times, 5 April 2013) 23.
37Mark Mullinix, “Message From the Interim President: The Federal Reserve and Cybersecurity” (2017) ECON Focus, 3rd quarter, 1.
38Zahid Maqbool, Nidhi Makhijani, V. S. Chandrasekhar Pammi, Varun Dutt, “Effects of Motivation: Rewarding Hackers for Undetected Attacks Cause Analysts to Perform Poorly” (2017) Human Factors, 59:3, 428.