Hacker motives: understanding the psychology behind cybercrime

Сybercrime has been growing, and hackers are invading your systems and networks to steal data, install malware, and more. So why do these individuals commit attacks in cyberspace? The way to gain a better understanding of the mindset of different types of hackers is to be able to better protect yourself as a business, as a government and as an individual.

In this article, we will look at the most common psychological profiles of hackers in general and try to determine what drives cybercriminals. We’ll look at financial motivation, ideology, ego, curiosity and boredom, revenge, and more. Knowing the diverse reasons they have will help strengthen cybersecurity strategies.

Financial and Material Gain

One of the most common motivations for hackers is financial or material gain. Cyberattacks provide opportunities to make money quickly and anonymously. Even basic ransomware campaigns that encrypt files can net thousands of dollars in cryptocurrency from a single business.

Selling stolen data is also lucrative - full identities and financial information often fetch over $1,000 per record on dark web marketplaces. The profits only increase for more sensitive data like healthcare records, intellectual property, or classified government information. This black market economy fuels many financially driven attacks.

Crime as a Service business model also eliminates the barriers to monetising cybercrime. Aspiring hackers now have the ability to rent the malware, tools or botnets needed to launch a DDoS attack or a card fraud scam. It is a ‘cybercrime gig economy’ where hackers do not require advanced technical skills to make money. 

As IT security trends evolve, the rewards of cybercrime continue to grow while the risks remain relatively low. Proving that a cybercriminal operates across multiple jurisdictions and borders is hard for law enforcement to do. Many financially motivated hackers are betting correctly that a successful attack is worth taking the low risk of any consequences. The money is there, and the barriers to entry are low, so it is no surprise that many hackers are lured by the money.

Ideology and Espionage

Nation state hacking groups also carry out cyberattacks, but they are typically motivated by ideology, espionage or geopolitical interests instead of just profits. These state sponsored groups have resources, capabilities and targets that set them apart from traditional cybercriminals. 

Groups linked to countries like China, Russia, Iran and North Korea routinely infiltrate foreign corporations, governments and critical infrastructure systems. The goal is to steal classified information for military and economic advantages.

Attacks related to government espionage have targeted nuclear power plants, electrical grids, government agencies, defense contractors and more. The rise of state sponsored hacking greatly expands the traditional scope of cybercrime.

Ideological hacktivists also attack to advance political agendas, albeit without the resources of nation-state groups. Anonymous and spinoff collectives like LulzSec have claimed responsibility for high-profile denial-of-service attacks, data leaks and website defacements against targets ranging CIA.

While these ideological attacks may not be as technically sophisticated or prolonged, they can still be highly disruptive. Distributed denial-of-service (DDoS) campaigns that overwhelm sites with junk traffic remain a popular tactic for political hacktivists.

Understanding the motives between state sponsored groups and hacktivists can better inform defenses for likely targets. Their attacks are often more focused on disrupting operations or manipulating public perception to advance ideological causes rather than just stealing data or demanding ransoms.

Ego and Fame

In an anonymous world, hacking can appeal to individuals seeking infamy, notoriety and ego boosts. Being the first to exploit a major vulnerability or compromise a high-value target earns significant respect and credibility amongst the cybercriminals underground.

Some hackers even incorporate ego and status into their public personas. Figures like Eugene Kaspersky and Kevin Mitnick achieved mainstream name recognition during their indictments for hacking-related crimes. Other hackers like Guccifer 2.0 maintain blogs to discuss their latest data leaks and taunt victims. 

The media itself fuels this cycle by portraying cybercriminals as eccentric masterminds. Of course, the reality is often more unimpressive – most common attacks rely on simplistic methods, reused malware toolkits and vulnerable targets.

However, we have a psychological desire for recognition. Journalists on the receiving end of a hack may be tipped off in advance so that the attack can be hyped up. Or they might tweet about a major exploit on social media before releasing proof of concept code. These public theatrics all feed egos.

Also, in the development of malware and vulnerabilities, underground credibility comes into play. Exploits or 0-day attacks sell for premium rates on criminal marketplaces before software vendors patch the software. Elite technical skills are shown in the capability to compromise systems in ways that defenses can’t react to. 

Many hackers undoubtedly get intrinsic satisfaction from overcoming complex security controls. Outsmarting Fortune 500 security teams feeds egos and reputations no matter the underlying motive.

Curiosity and Boredom

For less experienced hackers, curiosity and boredom can be big motivators, especially among younger demographics like students. This helps explain some opportunistic cyber-vandalism, such as website defacements.

In these cases, novice hackers often want to test their abilities more than cause real damage. Breaking into insecure websites feeds intellectual curiosity even if no data is actually stolen. It creates challenges to learn new techniques like SQL injection attacks, cross-site scripting and other web app exploits.

These hackers were curious to explore cybersecurity topics through both legal and illegal methods. On the one hand, many students participate in capture-the-flag competitions, security meetups and hackathons to experiment freely. However, some also turn to unauthorised penetration testing against websites or networks. 

Although curious hackers don’t have malicious intent, what they do is very serious. If no data is changed, but there is unauthorised access, public trust and relationships will be shaken. However, there may be reasons to respond to hackers who are more curious than greedy or ideologically motivated.

For some hackers, more experienced, boredom also plays a role on the other end. When basic vulnerabilities such as SQLi or XSS get old and not as novel, then more advanced hackers can start targeting IoT devices, industrial control systems and other specialized victims.

Even though they may not have a financial payoff, these under-protected systems bring forth new challenges to stave off boredom. To compromise an industrial network or an embedded healthcare device is not the same expertise as is required for typical enterprise IT environments. Intellectual curiosity and technical skills are being targeted on operational technology and critical infrastructure feeds. 

Of course, these attacks also carry graver damage potential, given the lack of monitoring and oversight. While the hacker's motivation may just be alleviating boredom, the implications spotlight the risks of under-secured networks.

Revenge

Revenge represents another common personal motivation behind cyberattacks. Disgruntled employees or angry spouses may seek to destroy data, leak documents, and disrupt operations at a specific organisation or individual that wronged them.

In one high-profile example, a Saudi Arabian hacker named OxOmar compromised over 15,000 Israeli credit card details before leaking them online. He posted, "Free Saudi's credit cards!". This attack followed similar data dumps from hacktivist groups like Anonymous. 

In other cases, former employees turn to hacking tools for retaliation after being fired. Attackers with intimate knowledge of internal networks and systems can cause disproportionate damage through targeted sabotage. Even simple actions like deleting records, misconfiguring servers or wiping workstations demonstrate the security risks of insider threats.

Romantic partners (both former and current) also hack one another more frequently through spyware, location tracking and device monitoring. Physical abuse often extends to digital spheres to control and monitor victims during relationships or even after breakups.

While cyberattacks from nation states and cybercriminals dominate headlines, hacking tied to personal vendettas can be just as devastating. Understanding these motivations alongside safeguards against insider threats strengthens resilience.

Mental Illness and Disorders

Mental health disorders represent another potential factor behind malicious cyber activities. However, it is critical not to overgeneralise or make armchair diagnoses that further stigmatise conditions. Most individuals with mental illnesses are not hackers, and most hackers likely do not have these disorders.

Nonetheless, obsessive personality traits and neurodiverse conditions that manifest in social disorders, impulsivity or addictive behaviors can motivate certain attacks. Hacking may act as an outlet for aggression, obsession and lack of empathy in some cases.

Several infamous cybercriminals have shown potential symptoms of Asperger’s syndrome, narcissistic personality disorder or obsessive-compulsive disorder. Figures like Gary McKinnon and Michael Calce exhibited obsessive traits around technology and hacking from a young age.

Again, this motivation captures only a tiny subset of attackers. Speculating on mental health conditions among hackers should not reinforce inaccurate stereotypes. Additionally, these disorders typically interact with other motivations like curiosity rather than directly causing criminal behaviour alone. However, understanding how mental illnesses may remove inhibitions provides some insight into the mindsets of especially aggressive attackers.

Ethical Implications and Deterrence

Analyzing hacker motivations has ethical implications too. Curiosity-driven students may deserve school sanctions rather than criminal charges. Insider threats from former employees demand responses that are similar to traditional cybercrime. 

The compulsive, addictive behaviors implicated in certain mental illnesses also raise issues of agency and consent. Incarceration may be less appropriate than rehabilitation programmes in these complex cases when hacking manifests from disorders rather than malicious intentions.

Incorporating motivational psychology into cybersecurity policies can shape better deterrence, though. For example, emphasising legal penalties may deter financially driven crime but have little impact on ideological hacktivists. Public awareness campaigns regarding ethics and consequences might deter students from hacking for curiosity but not profit-driven cybercriminals.

Understanding the motives behind attacks can inform security controls as well. Strong access management policies mitigate insider threats while anonymising payment systems hamper financially motivated hacking. Implementing controls to match likely adversary motivations boosts efficiency.

Research Limitations

However, there is a lack of even datasets and reliance on self-reporting in current research on hacker motivations. Most empirical studies have mainly relied on rather small samples of students in academic computing programs that are more likely to emphasise curiosity than criminality.

Moreover, most of the psychological assessments of cybercriminals are based on prosecuted cases. Hackers who find themselves in court documents may have very different traits than those who get away with it. Selection bias skews many empirical findings.

Another is survey data and interviews with anonymous hackers. Nevertheless, these studies again rely on honest self-reporting by unreliable narrators.

In reality, the motivations of an individual are likely to be numerous, many overlapping. Hackers’ mindsets are driven by curiosity, profit, ideology and other factors, some of which prevail over other factors, situationally. Granular differentiation between different hacker typologies would be possible to a greater extent if better-standardised assessments were available.

Conclusion

The motivations of hackers cover a wide spectrum from financial gain to ideology, curiosity, ego and others. Technical defenses attempt to block vectors, and combined with these vast psychological profiles, they strengthen the ability to prevent and respond.

There are very different incentives and goals for cybercriminals compared with state-sponsored groups, insiders, hacktivists, or script kiddies. The security teams can get a granular analysis of behavioral motivations and be able to implement targeted controls that reflect possible threats. Additionally, calibrated deterrence policies for compulsion or rational choice are made possible.

Of course, even with a robust behavioral profile of hacker psychology, the human element at the centre of these attacks makes prediction very difficult. The desire for money, change, mischief and mayhem is as enduring as technology changes. Knowing these motivators can help organisations keep up with developing tools and tactics on the cybercriminal underground, even as they change.