By Tolu Akinterinwa
“The hacking trend has definitely turned criminal because of e-commerce” – Kevin Mitnick
For many, hacking is a word that they have become very familiar with given the rate at which they hear it every day. The majority of us understand hacking: the practice of using a computer to intercept or steal a person’s information without their consent. Hacking threats remain a big issue for both individuals and organizations given the rising level of sophistication and determination of the hackers. The emergence of networked computers and with the interconnectedness of everything from the devices in our pockets to the automated garages in our homes, information security risks are greater than ever before, and it is easier than ever for hackers to gain access to our information.
Most people probably wonder why the ‘bad guys’ hack and the reason(s) they do so. It is important for individuals and in fact businesses to understand the motivating factors of the hackers given that the damages they can do could be extremely serious. An understanding of the hackers’ motivation will particularly assist IT security personnel in strengthening their defenses and to take necessary measures to better control access to company information.
The factors that motivate hackers have evolved over time. In the early 60’s, "hacker" was a positive term for a person with a mastery of computers who could push programs beyond what they were initially designed to do. Primarily, hacking was used in the good old days for learning about systems and IT in general. Hacking was also done for the fun of it; kids were breaking into any computer system they could find for bragging rights and to satisfy their curiosity. It was more of being able to overcome a challenge coupled with the thrill of knowing that they are doing something not meant to be done. Hacking in the past was mostly just for personal gratification.
In recent years, hacking has taken on dark connotations. Eric Holdeman explained in his article ‘The Good Old Days of Hacking’ that “it does not seem that long ago when cyber security meant keeping 13-year-olds from breaking into your network for fun”. Today, hacking has become criminal and is big business when you measure the impacts they are having across the board. Hackers do not hack for the fun of it. No longer are they curious and playing games. Today’s sophisticated attackers or hackers work to penetrate more than just government websites; they are driven by financial gain and target people’s personal financial data. A large portion of hacking attempts fall under this category. Hackers usually install malware on individual computers to collect passwords to sensitive user accounts. Hackers also directly break into merchant or credit card processor databases to collect credit card numbers or other data that would facilitate the stealing of money from unsuspecting victims. They compromise company websites and trick users into revealing sensitive data, such as their passwords. Ransomware is a rising trend and a growing threat to businesses as well; a scenario where malicious code locks up (encrypts) computer files and demand a ransom to decrypt the files.
Idealism or hacking to disrupt is another motivating factor for the ‘bad guys’ in recent times. This is also known as hacktivism. The hackers carry out Denial of Service (DoS) attacks in an attempt to make a machine or network resource unavailable to its intended users. There are various hacktivist groups (LulzSec and Anonymous) that try to make a statement by venting their anger and targeting a company to disrupt their business and create confusion. They hack to reveal security loop holes or show general disapproval for the business.
While hacking for disruption and financial gain continues to be a growing trend, hacking for notoriety has not ceased. These hackers are usually ‘fame seekers’. They attack their targets in order to work their way up to notoriety. A teenage Austrian hacked into 259 companies over a 90-day period and once he got caught up by the police, he admitted that a combination of boredom and desire to prove his skills were the motivation for his act.
It may seem unrealistic to assume that hacking for financial gain, disruption or notoriety will cease to exist. But in the event that this occurs, what is the ‘futuristic’ motivating factor for the ‘bad guys’? What could be the driving force for hackers to continue their practices despite barriers due to presumably improved or tighter security programs or platforms? Not only will understanding the hackers’ motivation assist IT security personnel in tightening their own defenses, it helps the entire IT security industry design programs, policies and software to strengthen information security as a whole.
Companies continue to leave many security loop holes (e.g. weak passwords), and will likely do so for the foreseeable future. Regardless of the driving force or motivation of hackers, companies need to continuously strengthen their defense mechanisms to prevent unauthorized access to their networks, data and customers’ data.