The word is already out that the average hacker makes a lot of money. And we’re talking a LOT of money, not just “pretty good for a days work” kind of money. A new report from security firm Trustwave concluded that the net gain from a typical Trojan or ransomware attack puts about $85K back into the pockets of its perpetrators for every $5K invested. So it doesn’t seem like it would take a detective to figure out why some less than scrupulous people may be drawn to such illicit means of making ends meet.
It’s not all about the $$$
But lets face it, not every down and out geek decides to use his powers for evil and not every hacker is in it for the money. Money may indeed be attractive, but for some hackers, it’s no more than a mere fringe benefit of the job. And only looking at the money may keep people focused on the wrong factors when it comes to protecting their online activities. Here is a look at the most common reasons people hack or get hacked aside from cold hard cash.
Political Motivations/Espionage – China, Russia, Iran, North Korea, The US, Israel and France are but a few nations purportedly involved in recent politically motivated attacks. Whether they are aimed at digging up information on federal workers or to intimidate, nation-to-nation cyber attacks have been around since about 2007 when Russian nationals deployed an attack on the websites of the Estonian Government in protest of moving a national wartime monument. Later that year China reported that it suspected that Taiwanese hackers were stealing information from the Chinese government. In the summer of 2008 shortly before the Russian invasion of Georgia, Georgia found their government websites hacked and President Mikheil Saakashvili’s website was targeted with traffic directed at the website displaying the message “win+love+in+Russia”.
Then in the fall of 2010 Stuxnet came and changed the entire playing field.The incredibly powerful worm was designed to wreak havoc on Iranian reactors and it did its job with relative efficiency. It crippled approximately 1000 centrifuges and supposedly set Iran back 3-5 years depending on which report you trust.
This set the stage for the modern political cyber attack as we know it today. Once upon a time students in schools ran under their desks to hide from Russian nukes that (thankfully!) never launched. Today we run to check our IPhones to see what was latest government agency to fall prey to Chinese or Russian intelligence. You likely will not encounter such an advanced attack on your personal computer but be forewarned, such attacks are around us all the time.
Personal Agenda/Low Profile Hacking – What once only existed in the bitter dreams of insulted ex-employees, jilted exes and neurotic students, low profile hacking is on the rise. Think your boyfriend is cheating? Get access to his social media accounts and see who his friends are. Want to find out to whom your competition is marketing? Well just crack their database. Flunked that last test that will keep you out of the Ivy’s? Hey, why not just break into your school’s online transcripts and change your grades? (No, this is NOT an approbation, don’t do any of these, they are all illegal and you’ll get caught and in lots of trouble, too)
Hacker-for-hire websites have started popping up to fill that need. Now a forlorn partner/ex-employee/vendor can get their dirty work done by hiring a hacker to do what they technically cannot. A January 2015 article from the New York Times profiled one such agency and the growing trend – its penetration into daily life and the blithe disregard of the fact that such activities teeter on the edge of what is legally and morally acceptable. And though the terms and conditions for the particular website profiled do clearly specify that no illegal activities may take place, that would pretty much limit hacking projects to retrieving your own lost passwords. And I have a bridge to sell you.
Internet Street Protests…and Fame – If your PC is acting a bit off lately there is a chance it could be part of a botnet. A botnet is an infected network of computers being manipulated to covertly attack other computers. Computers that are in botnets are used to carry out DDoS attacks against websites to jam their servers with fake web traffic.
Though sometimes DDoS attacks target businesses, a large portion take place in opposition to something – almost like a street protest. Molly Sauter, former researcher at Harvard University’s Berkman Center for Internet and Society and PhD Student at McGill U says that such attacks for activist purposes have existed since the 1990’s.” Her 2014 book “The Coming Swarm” hypothesizes that “because of the densely intertwined nature of property and speech in the online space, unwelcome acts of collective protest become also acts of trespass.” Just look at Anonymous, the network of international hacktivists who have targeted major corporations and countries alike in their highly effective DDoS and other cyber hacks and pranks. They are not in this for money but rather to make a statement and in their minds, bring wrong-doers to justice. Their activities even got them listed as “One of the 100 Most Influential People” according to Time Magazine.
Then there is fame – Remember Lizard Squad’s December attack on XboxLive and Sony PlayStation? Well their brazen and obnoxious attacks got them mentioned more than 100,000 times on Twitter in less than 24 hours. It may have even gotten them involved in the purported North Korea attack on Sony. So a high profile hack is a great way to draw some attention to yourself and secure your next gig.
At the end of the day it’s almost impossible to judge what the motivations behind a hack could really be and often times it’s a combination of a bunch of factors (your girlfriend from China has some government secrets and you think she revealed them to someone but not you…oh no!) Avoid ending up as part of a statistic by keeping your AV and anti-malware protection current and update operating system patches as they come out. Stay tuned for more tips and tricks to keep your PC safe.