Modus Operandi

We provide advice about what you and your organisation can do to prevent cybersecurity incidents, but often we forgot to look at the simple reasons behind someone becoming a cybercriminal.

Hackers and cybercriminals have longed been tarred with the same brush. Ethical testers are contracted by organisations to help identify weaknesses concerning security and reduce the risk of these vulnerabilities being exploited. Cybercriminals exploit weaknesses in security for their own illicit advantage. Technically speaking, both are hackers and should have that mindset. But is it really fair to think hackers are illicit? They seem quite an orderly bunch! They even have a manifesto.

Most people from an early age will have a career in mind. We all have a reason why we chose the job role we did. Some of us may have pure passion for the role, wanting to making an impact or change. For other’s their job could be an afterthought in life to make ends meet. We are all the results of life’s nature and nurture.

Cybercriminals are no different. They all start with an innocent desire to break things and explore and they land in their chosen roles later in life. Pentester, hactivist, data protection advisor, privacy campaigner, social engineer, scammer. For some a conscious effort and others because they went with the crowd and floated through life.

Common Reasons

Often, the illusion is painted of a cybercriminal coding in a dark room, in a hoodie making a small fortune with code. The reality is somewhat a million miles away. But what are some of the motivations of a cybercriminal:

  • Belongingness: In order to be considered a hacker by cybercriminals, hackers may be given a challenge, this could be to target an organisation, without their permission. Once hacked, they can be gain a strange kudos from their group.
  • Ego and reputation: Staying within the realms of the law for some hackers doesn’t provide enough excitement and people would rather be identified as ‘that guy’ who breached a large organisation.
  • Professional Development: We can’t all be Kevin Mitnick and do some crime, only to befriend the police and make money. But in some circumstances crime has provided a haphazard route to meaningful employment.
  • Financial Gain: The cybercriminal may attempt to withdraw funds from an organisation. This may not be out of personal greed, but due to more sensitive pastoral issues. If hacking is the only skill the criminal has, this may be a way to provide for his/hers family. Consider this to be a form of digital shoplifting to feed the family.
  • Personal Belief: Politics, religion or environmental beliefs usually hold a very personal meaning to the beholder. A way of targeting the opposition could be to breach their systems.

Steering Young Minds

Hackers usually have a lot of talent, but “with great power comes great responsibility”. Rather than let these skills go to waste, many hackers will unfortunately turn to cybercrime. Don’t be misled that it’s as easy as choosing a black or white hat either, I am reminded by the phrase one man’s terrorist another man’s freedom fighter. Finding your feet can be quite disorientating in ‘the industry’ and require you to hold ethics and your conscious close.

Rather than wasting their skills, people of all ages and skill levels can participate in organised competitions. Competitions such as the Cyber Security Challenge allow budding hackers to participate a competition and even compete at an international level. Government Communication Head Quarters (GCHQ) and Cyber Retraining Academy both offer apprenticeship in the cyber security industry.

If you want to hack companies then thats even OK! Join one of the common bug bounty platforms – shout to Open Bug Bounty.

Are you a young mind thats not bothered with challenges and doing tricks like a dolphin for rewards – we understand this! but have you checked out these navigation mind maps and tried to self-teach yourself something new recently?