What motivates a hacker or a group of cyber attackers? The answer is usually money.
For each column in this series, rAVe author Paul Konikowski delves deeper into a recent security incident or data breach, highlighting supply chain vulnerabilities, infrastructure, and cyber-physical security.
The Colonial Pipeline ransomware attack in May 2021 resulted in many gas shortages. It also led to one First order by the Biden administration to “improve the country’s cybersecurity and protect the federal government’s networks”. The EO’s press release states: “Public and private sector companies are increasingly confronted with sophisticated malicious cyber activities by both nation-state actors and cyber criminals.” But what motivates these attackers?
Hollywood movies and TV series have long portrayed hackers as teenagers huddled in a basement or dorm room and hacking into systems to change their grades or just cause a bit of mayhem. The mischievous nerd teenagers or college hacking groups certainly exist in real life. But these stories are rare, and the effects of hacking by mischievous “script kiddies” are usually very minor. At this age it’s more like competition. The pride of “cracking” a device or “pwing” someone is a real feeling among cybercriminals, but most don’t do it for fun. Instead, most cyber attackers are motivated by money. As an example, consider the Colonial Pipeline.
In May 2021, a group of cyberattacks called DarkSide attacked Colonial Pipeline’s corporate networks with ransomware, and pipeline management quickly shut down the pipeline systems as well.
A few days later, the Darkside website hosted a opinion about the motivation of the attack, which said:
“We are apolitical, we do not participate in geopolitics, [you] do not need to be tied to a defined government and look for … our motives … Our goal is to make money and not create problems for society. From today we are introducing moderation and checking every company that our partners want to encrypt in order to avoid social consequences in the future. ”
Granted, if this statement was made by criminals, it could be a partial or complete lie. But for this article we assume they are truthful about their goal: make money. Of course, money, or more precisely Bitcoin, is the target of most ransomware attacks. Still, there are times when ransomware is used for other reasons, outside of or in addition to money extortion.
In 2014, Sony Pictures Entertainment was attacked for the upcoming release of a movie called “Ransomware”.The interview“Which portrayed the leader of North Korea in a bad light. The ransom in this case was NOT to release the movie, which Sony ended up doing anyway after restoring its servers. Much damage was done, however, as the hackers stole customer and employee data as well as several unreleased films. In addition, they released much of this stolen data in hopes of intimidating Sony and its American allies.
This type of attack is commonly known as hacktivism. It’s the digital equivalent of Woody Harrelson climbs the Golden Gate Bridge and hangs a sign hoping to save a sequoia grove. (Was that really 25 years ago? … Damn, I’m getting old.)
Sometimes it’s a mix of politics and global security. For example, many sources say that the US is behind the Stuxnet Attack on the Iranian nuclear power plant. Some say the purpose of the attack was to slow down Iran’s nuclear war program in order to get a head start in global warfare, but others would say it was to further control “big oil” money. Watch the film “Zero days”For more theories on Stuxnet.
Other cyber attackers are motivated by domestic politics: They attack the websites of their local candidates or large corporations that they support. It is unclear whether these attacks can effectively change the outcome of elections, but the attackers feel sincere in this regard.
“Just” is a key word here. Malicious hackers as well as well-intentioned cybersecurity researchers feel they have the right to expose and exploit vulnerabilities. They feel like they have to, and yes there is a hint of nonsense in it too, but it’s more about the pride they feel in outsmarting those who built the computer systems. Hence, they look for a weak spot, such as solving a puzzle or winning a video game.
Last but not least, some hackers are motivated for personal reasons. Maybe they were fired or they just didn’t like their current or former employer. Nation states blackmail some hackers into attacks that they would never carry out on their own. People will do whatever it takes to protect their families or their reputations. For this reason, many cybersecurity researchers prefer to remain anonymous, as those credited with finding vulnerabilities can inadvertently put their own lives and families at risk.