Just over a decade ago I began learning about web technologies and found myself learning basic HTML. I was excited when I managed to publish my first website, which was no more than a basic homepage with some external links. Later I started experimenting with early Content Management Systems (CMS) and forum software as well as other web applications, which I didn’t really know enough about. I remember using early versions of Mambo CMS and then later Joomla, along with bulletin board software including Invision and phpBB. It wasn’t long after this I learned the hard way about exploits in web software due to several of my hobby sites being hacked via software vulnerabilities. I remember thinking at the time, why would someone be interested in hacking my little hobby site? Hackers fall into many categories, from the mischievous individuals who get a thrill out of causing disruption to websites (even small hobby sites like mine), to career criminal hackers who make a living off their malicious behavior.
So what is it that motivates a hacker? There is various literature on this topic. The Boston Consulting Group (2002) conducted a survey to try to get to the root of this question. Their survey revealed a mixture of high ranking factors including intellectual stimulation, improving skills, and motivations for open code. Granted, most of these were individuals probably did not fall into the criminal hacker category, however it gave some insight into their motivations. In an article about the employee life cycle and identification of internal organizational threats, Conrad et al (2009) reminds us that “within an organization, the employee population is the source of potential malicious insiders.” This has been the case time and time again, especially in recent years. Organizations need to keep this in mind and implement security policies that best protect their intellectual property.
Siciliano (2011) placed malicious hacker motivations into various different categories. Black hat hackers, sometimes referred to as crackers break into networks, create viruses and steal information motivated by financial gain. Hacktivists are hackers motivated by political or religious reason and state sponsored hackers typically serve military objectives for their home country. Spy hackers is are individuals hired by corporations to infiltrate and steal trade secrets. Finally cyber terrorists are also motivated by religious or political beliefs but aim to cause chaos by disrupting critical infrastructures. By understanding the different types of hackers as well as their underlying motivations, organizations can begin to implement strategies to protect their infrastructure against these types of threats. Hackers are much more sophisticated today than a decade ago in the days when my vulnerable CMS script was exploited. They will continue to use different strategies to their own end. It is more important than ever before to keep up with the latest threats, implement the best possible defenses, and most important of all, know who our perpetrator is by understanding their intentions and motivations.
