There are probably as many different specific motives behind attacks upon information systems as there are attackers, but we can break the most common underlying attacker motivations into a few broad categories as follows:
Recreation and/or Personal Gratification
For the Thrill of it – Believe it or not there are those who get their jollies by hacking into networks purely for the “fun and adrenalin pumping thrill” of it. The thrill of the chase has often been shown to be the most alluring of motivations. This has been attributed by many social and behavioral analysts to originate from our deeply rooted subconscious drives to “hunt”.
Primitive Instincts – The advent of agriculture on a massive scale has; in the majority of Western societies, removed the direct “life or death” importance embodied by a successful hunt. As a society we no longer actively participate or depend heavily on traditional hunter/gatherer or subsistence farming lifestyles. Through attacking information systems many are able to fill this perceived gap in their everyday life experiences.
Self-Importance – Then there are those who instigate attacks against information systems to prove their “technical prowess” either to themselves and/or their friends and associates. This class of attacker genuinely believes that their actions will somehow raise their standing in the community. While this result may be true of attacks at the micro-level (the attacker and/or small group of the attacker’s peers), we tend to find that society in general will for the greater part collectively think otherwise.
The Group Effect – Never underestimate the power of peer group pressure or the compulsive behaviors that can result both directly and indirectly (collateral damage) from it. On top of this; the “group effect” is just as relevant and applicable to both individual styled attacks and group attacks.
Group Dynamics – The fact that many of these collectives/groups of attackers are such loosely bound collectives makes defending against them all the more difficult.
Group Effect Gratification – The specific gratification that many perpetrators of information systems attacks desire can often be as simple as believing that; in some manner or way, successful attack exploits will result in the elevation of their (the attacker) perceived level of esteem within the group collective. It could also be a means of proving their “worth” in the eyes of those they perceive to be their peers.
Sociopathic Tendencies – The motivation behind this group of information systems attackers can be deeply rooted, long seated, anti-establishment or genuinely deep antisocial tendencies. Many times have; the initiatives and outcomes instigated and driven out of sociopathic intentions and behaviors, so nearly resulted in chaos/anarchy. Collateral damage is most common when an attacker’s sociopathic tendencies take center stage.
Counterculture – Underground and counterculture type motivations are also prime factors contributing to information system attacks. It’s all about some sort of “the in thing” among a group generally priding themselves in their “alternative” lifestyles and views.
Notoriety – Never forget those driven to personal gratification through notoriety. Getting one’s 15 minutes of fame has often proven too hard to resist and driven purely by this desire an attacker will perpetrate many attacks.
Sometimes hearing of the consequences of their actions is not anywhere enough. The maximum publicity to be gained from becoming a “hacking legend” anonymously simply won’t do for some people. They need to be caught in order to truly become the center of the universe.
Those motivated to commit persistent multiple attacks in order to gain notoriety are one of the more dangerous types of attackers since crashing or denying access to a large number of prominent web sites brings the highest publicity and hence the greatest notoriety. This group also exhibits a very strong underlying compulsion to do as much malicious damage as possible for the same reasons as stated above.
Spam – Spammers are a group where notoriety and fiscal gain meet in the cyber war. Being the world’s most prolific spammer has an egocentric side to it that most people quite simply just don’t understand.
Forbidden Fruit – We should not forget the “forbidden fruit” factor either. More or less similar to the “dangling the carrot in front of the donkey” to get it moving. The need to reach that which is just out of reach is so deeply in-grained into some people that they cave-in to temptation.
Curiosity – Curiosity can be such a compelling core human motivation that it also merits mention here. I think all of us have at some time or other wondered “I wonder what it’s like on the other side of the fence”.
In the case of membership privileges websites this can be manifest in users lacking the appropriate credentials and access permissions and privileges attempting to gain entry into the restricted registered member only zone. “The grass is always greener on the other side”.
The Age Factor – While the mass media tends to portray many of these “hacker” groups as being comprised solely of persons under the age of 25 (and usually in their teens) the reality of the statistics gathered in a number of recent studies tells a very different tale.
In what is more or less a case of mistaken identity or being hung out to dry by default. In reality they were wrongly maligned and innocent of malicious intent. Their “crime” was that due to a total absence of forethought or lack of appropriate due care and consideration they may have unwittingly created havoc for others. Quite often this class of attackers does what they do simply because it was there.
Increased Access Rights and Privileges – One group commonly found to be engaging in “hacking-type” activities are those modifying the system functions in order to maintain greater levels of user access rights, privileges, privacy and freedom for themselves (personal gratification).
The recent rise in the numbers of publically accessible anonymous proxy servers now available on the Internet bears witness to just how strong an influence the pursuit of privacy by users can be. At some time or other, we all feel the urge to surf the net anonymously. Our desire to avoid spam greatly motivates one and all.
Fiscal Gain
There are a considerable number of individuals and/or groups whose sole purpose for invading other networks; to which they have no authentic access, is for personal fiscal gain. Common attack motivations and strategies in this category include:
Financial Records – Manipulation of financial records is often the ultimate objective driving an attacker to gain access to a network. They may desire to attempt to transfer funds to their own bank accounts or to erase all records of their debts.
Hacker for Hire – Some hackers are paid by others to break into various networks designated by those engaging the services of the hacker. Corporate espionage is included in this category.
Bot-Master for Hire – Bot-masters are also known to perform similar services for a fee of course although in their case this usually means a DoS or DDoS attack or PPC fraud.
Extortion and DDoS Attacks – The attacker instigates a DDoS and then contacts the victim to inform them of the fact. The attacker then halts the attack. At this point the attacker usually contacts the victim again to make demands upon the victim.
Basically; the message is “Pay up or I will continue crashing your network and thereby halt your ecommerce endeavors”. This is very much a new spin on the traditional “stand over” extortion practices of the past. The main difference is that in this version the extortionist does not need to threaten their victim with physical injury (break an arm if you don’t pay up).
So long as the victim keeps paying the will attacker hold-off their attacks. No prize for guessing that if the victim stops paying the attacker will strike immediately by launching a denial of service attack (DoS or DDoS) specifically designed to debilitate the victim network. In this way the victim’s ecommerce can be halted in the blink of an eye.
Pay-Per-Click (PPC) Fraud – Certain notorious bot-masters have been known to use their botnets (hundreds even thousands of compromised machines) to commit PPC fraud for some time now.
These scams work by exploiting the fact that website owners are paid advertising revenues on a per click basis by the likes of Google and Yahoo as part of their advertising strategies on behalf of legitimate advertisers.
Even though many sites may only receive 1 or 2 cents per click having a botnet consisting of thousands of zombie machines cruising the Internet performing these actions can be very rewarding. It really doesn’t matter which ad gets clicked just as long as it is on a specific web page or website. Click through analysis and advanced traffic analytics can detect these activities.
PPC Greed – Because human nature is what it is greed can often overrun their better judgment with the result that some of the perpetrators of this type of scam get so overzealous that they have a website suddenly earning hundreds and even thousands of dollars a day.
Google and Yahoo are not that stupid and will promptly revoke the offending site’s revenue generating advertising privileges and services. Advertisers can afford themselves some protection by capping their maximum daily or site click through limits.
Revenge
Revenge can also be a motive behind an information system attack. For example; dissatisfied customers, disgruntled former employees, jealous or angry competitors and even people who have a personal grudge or bear some other umbrage against someone in the organization rate among the highest incidence for reasons that an attack against an information system is perpetrated.
This group comprises the most persistent of all information systems attack motivations as well as being the attack motivation category that tends to cause the maximum malicious damage. Someone scorned is a very dangerous adversary indeed because more often than not they don’t care about whether or not they are apprehended. On the contrary apprehension is in itself justifiable as they will present the aggrieved attacker with further opportunities to publically air their grievances.
Identity Theft
Motivations for identity theft related attacks include the likes of: avoidance of penalties (punishment for other crimes committed), fraudulent impersonation, character assassination, espionage, revenge, extortion and elevation of authentication credentials and the associated access rights and privileges.
Quite often criminal activity is required to commit identity theft which in turn is used to commit further crimes. Identity theft can vary considerably in form, nature, method and intent but can be loosely grouped as follows: financial identity theft, criminal identity theft, identity cloning, masquerading and impersonation and business/commercial identity theft.
It is through a basic understanding of the motivations behind information systems attacks that we can better arm ourselves and be truly ready for the cyber wars. We will also be better placed to know where and when to look as well as what to look for. Our next steps will be the construct of robust proactive defenses teamed with the essential knee-jerk responses we are more familiar with.
Dig the info tnx