Cyber Hackers Psychology: It’s Not Just Ones and Zeros

Two international computer hackers (Aleksandr Andreevich Panin, a/k/a Gribodermon, of Russia, and Hamza Bendelladj, a/k/a Bx1, of Algeria) were recently sentenced in Federal Court in Atlanta to a combined 24 years, six months in prison for their roles in developing and distributing the prolific malware known as SpyEye. The sentences reflect the grave harm these hackers caused worldwide. The SpyEye software infects a computer without the owner knowing. This malware is particularly insidious because it gets into the browser and records the keystrokes of the operator, including banking logon credentials. It is known as a man-in-the-middle attack.

Psychology can certainly play a role in both investigation and prevention of computer intrusions. However, the analysis is quite divergent between the two. For the purpose of this blog posting, let’s focus on the hacker motivations. Put simply, a hacker is a person using a computer to gain unauthorized access to other computers. In a later blog, we’ll focus on the mindset of the victim and how that can play a role in preventing intrusions.
Hackers generally leave digital footprints inside victim organizations. Could there be a relationship between that footprint and the hacker’s motivation?

Let’s first explore six hacker motivations.

The Financial Hacker presents serious dangers to people and organizations. Defendants Panin and Bendelladj are emblematic of the emerging international organized computer hacking problem, often involving Eastern European criminals in conspiracy with other nationals. The motivation of the Financial Hacker is largely financial. But it can overlap with those of other hacker categories. Panin was the primary developer and distributor of Spy Eye, while Bendelladj sold it. The telltale sign of an attack—its hallmark—is the hacker software and the type of information stolen. Once we identify these characteristics, we know a Financial Hacker is at work and unless caught in time, the victim will suffer financial loss.

The Insider or Former Insider. The Insider ‘s motivations can include revenge, anger, lack of recognition, or profiteering. Insider hacker transactions often include misappropriation of intellectual property, including engineering designs, trade secrets, and customer information. If still employed, The Insider may be able to access this information or might be maliciously overriding internal controls. Former Insiders may still be able to access company data unless controls are in place and working.

The Hactivist, motivated by political and/social goals do grave harm to organizations, including those of government. A well-known recent example is Edward Snowden’s release of National Security Administration classified information. Another more recent example is the anonymous hacker into the Panamanian law firm, Mossack Fonseca & Co., who exposed off-shore accounts of several world leaders.

Nation-State Hackers are well-funded and clandestine, operating on behalf of a government. Their motivations vary by national governance. A Communist country like China (running both the national defense AND the economy) views the taking of intellectual property from other countries or private businesses as a vital part of their national security. These government actions are considered locally as strategies and actions for the public good. In contrast, a Nation-State like Iran may commit a distributed denial-of-service (DDoS) attack to harm another country’s economy. Nation-State hacking is sometimes a form of non-combative warfare, an example of which was Stuxnet. Stuxnet perpetrators significantly impaired Iran’s development of nuclear centrifuges. We can get clues to the hacker’s motivation based on the type of attack perpetrated.

Terrorist Hackers infiltrate computer systems to harm data. They are often motivated by their political, social, or religious beliefs. As with Nation-State Hackers, their weapon of choice is often a DDoS attack: It’s cost-effective and can be launched from anywhere.

Script Kiddie Hackers are often juveniles using scripts from more sophisticated hackers. They want attention. But don’t consider them to be harmless; they can still cause significant damage to organizations. Script Kiddie Hackers often bemuse the folks in law enforcement because long and complicated investigations often lead to a 15-year-old kid working in the parents’ basement.

Hackers have many tools at their disposal. The types selected and information exploited are often telling clues as to their motivations. In the next posting, I will focus on the psychology of the victim to provide insights on deterring cyber intrusions.