People engage in illegal computer activities for various reasons. Some are motivated by potential gains, others by boredom. But there is one thing that will hold true for any illegal computer activity, the perpetrator will have two things; the motive to do it, and the opportunity to do it.
What is with all the hats?
Hackers and crackers do not necessarily wear hats. The terms, "white hat", and, "black hat", were born of the cowboy western movies of the 20th century, in which the good guys wore white hats and the bad guys wore black hats. In modern culture, this has come to symbolise the divide between those hackers who work in the cyber security field improving computer security, and those hackers who operate without permission trying to subvert security for personal and financial gain. Just like the good and bad cowboys all carried guns, all hackers, white or black hat, both have an array of hacking skills.The grey-hat hacker is a mix of the white and black hat concepts. A hacker who may not be acting with permission, but who supposedly motivated by the desire to improve the society that they live in rather than achieving personal gain.
These categories are neat stereo-typical labels that we can use to understand someone's motive's. There are other labels that also help understand other qualities of people how might engage in hacking. As the famous hacker turned security expert, Kevin Mitnick, points out in the preface of his book, "The Art of Deception", there are people who will hack computers to destroy files and peoples hard drives. They should be known for what they are - vandals. There are also those who have little or no appreciation for what they are doing, they simply pick up the tools that others have created to see what they can do - often referred to as script kiddies. One thing is likely true of both the script kiddy and vandal stereo types; they are not really motivated by anything other than boredom. Hacking becomes something to do, and using the tools and programs created by more serious hackers becomes an easy way to get cheap thrills. Victims of such hackers are most likely going to be victims of random chance, unless the victim has done something that has directly impacted and angered the vandal or script kiddy.
So, why would someone hack any computer?
The reasons that a person might have for engaging in hacking activities are influenced by their level of maturity - both sociological maturity, and experiential maturity. For example, an amateur hacker is more likely to be young, brash and inexperienced. They may be hacking into a computer system because they are bored, or for reasons as simple as learning/practicing how to hack; or simply because they found a computer that was not properly secured. It is more likely that they have not paused to fully consider the risk versus reward of their actions.A more professional and seasoned hacker, would most likely approach a target for a predictable reason, and potentially with a specific goal in mind. They understand the value of information and data. They also understand that their activities are illegal, and that if caught there will be consequences. Therefore, before they attempt to hack, they will know why they are doing it, they will have a purpose and a goal, and that goal will have a value that justifies the risk that they take. So a more professional hacker is more likely to target a computer system that holds unique or highly valuable information. Whilst the banking details of an individual person are valuable to that person, the bank accounts of the average Australian, or even the average household are unlikely to be a rich enough target to inspire a professional hacker to take risks. Your identity is likely to be more valuable. Criminals can use such details to create falsified identity documents and commit other forms of fraud. However, thanks to the prevalence of social media, identity theft rarely requires the hacking of a computer.
Beyond the reasoning of bored script-kiddies, and the profit-seeking professional thieves, there are a range of other motivations. These can essentially be summed up with the words hatred, fear and vengence. A growing number of people have had the experience of an online argument in the space of social media. Many people may have been involved in a flame-war, cyber-bullying or cyber-stalking - either as the victim or as the perpetrator. Just like an argument at the pub over a spilled drink can escalate to a fight, an online confrontation can escalate to one or both sides attempting to take the actions further. Such disputes and conflicts can be fueled by the normal kinds of human differences - political, religious, sexual and personal relationships.
Hacking by Proxy
Whilst we may denigrate the criminal elements of society, we should not under estimate their intellectual prowess and capacity for cunning. Whilst the bank details and identity of one person are generally of limited value, the value of such details if gathered in bulk is significant. Being able to steal from one person's bank account might net a criminal $1,000 for example, but if they can steal $1,000 from every customer of a major bank - that would be far more worthwhile.Banks, government institutions and large corporations have large data stores of customer information - identity and account details. For any professional hacker they are a far richer target than the average home computer. However they are often well defended against criminal activities - with security systems and software that your average citizen cannot afford. This makes it more difficult for a hacker to achieve their goals - a greater chance of failure.
Many organised crime syndicates and gangs recognise this. Attacking a bank or large corporation has a high reward, but also a high risk. Attacking your average home user has a lower risk of failure, a lower risk of being pursued if something goes wrong, but also a far lower reward. Hacking an entire community of home users would increase the reward, but the flip side is that it would be far more work, take far more time, and would increase the overall number of failed attempts, and would draw more attention from the authorities.
To get around this, many organised syndicates essentially conduct hacking by proxy - by tricking a large number of average users into doing some action such as visiting a web page, or downloading an application or file, they can install software on the user's computer or mobile device that will capture bank account logins and other identity details, without the user's knowledge, and without the perpetrator directly hacking the user's computer. The chances that the theft of information is detected within a reasonable time frame is decreased. If the illegal activity is detected, in most instances, there is only a piece of malware to be removed from the computer, with little or no real usable way of tracing it back to the source of origin, nor the criminals who benefitted from it.
Held to Ransom
Organised criminals have also learned that whilst your documents and your device may have little to no value to them, they have a value to you the owner of the device and files. They are part of your life, often containing memories of your family. Whilst no other criminal is going to pay for your documents, organised gangs expect that you will pay to get access to your own computer and files again. Hence the inception of ransomware.Being used as a pawn
A hacker might not necessarily desire the files nor bank account numbers that might be on your computer or mobile phone. Sometimes the hack of an individual computer or device is to lay the foundations for the later control and use of the device. The computing power and IP address of your device have value to a hacker who understands how to make use of them to attack other computers. If the hacker has managed to gain access or to put a trojan virus on your device, it is likely that they will have a backdoor to your device that they can make use of in future. In such scenarios, a hacker might use your computer to carry out a a denial-of-service attack on a bank or a company such as Amazon. Any investigation into such attacks will initially lead authorities to your device, giving the hacker time to clear his tracks.What can I do?
As an individual computer user, you most likely cannot afford the type of security systems and software that major corporations and government agencies use. For the average home computer user, behaviour is key to safety on the Internet. Walking into a local pub cursing every other football team, and leering at members of the opposite gender, very soon would most likely end in a fight. The same is true on the Internet. If you behave in a way that upsets other people, you are more likely to be a target for hacking. If you visit websites that are not properly secured, you are more likely to become a target. Understand that the choices you make online will increase or decrease the risk of you being hacked.Similarly, behaviour in terms of routines and discipline will also help decrease the chances of someone successfully hacking your devices. Having strong passwords is the first and most obvious defence against hackers. Install and use an anti-malware application that incorporates a firewall, real-time scanning and spam protection. Commit to checking for updates and upgrades at least once a fortnight, not just for your anti-malware solution, but also for each of your operating systems - even better if you are able to automate these things to download and install. If performed regularly, this should only take five minutes of your time. Schedule regular scans of your system. These are all simple practices that shouldn't cost too much in either time nor money, but they will reduce the risk of you being hacked.
