As follow-up to the recent report Under the Hoodie: Lessons from a Season of Penetration Testing published by Rapid 7, Wendy Zamora, malware intelligence at Malwarebytes, set to work on a months-long research piece exploring the psychology, motivations and other underlying factors that drive people to cybercrime.
The results of her work were published today in the long-form article “Under the Hoodie: Why Money, Power, and Ego Drive Hackers to Cybercrime” which includes interviews with reformed and active cyber-criminals as well as research from forensic psychologists, law enforcement officials and professors of criminology.
Zamora’s research reveals that the main motivations for cyber-criminals include socioeconomic factors, technical skill and psychological drivers such as revenge and ego. Throughout the article, she breaks down each factor to create a general cyber-criminal persona, pinpointing the various motivations to particular forms of cybercrime, such as social engineering and malware creation.
In reference to interviews with one of her subjects who became enamored by the ease with which he could earn money, Zamora writes, “What’s not to like? Money, popularity, and a quiet ‘screw you’ to the man. He was proud of his ability to hack into and modify programs built by professionals.”
The results of her research highlight the value of criminal profiling, a psychological assessment that looks at both personality and physical characteristics. Criminal profiles are not as useful in identifying the individual perpetrator as much as they are helpful in narrowing the field of suspects.
Understanding what motivates cyber-criminals can also serve as a pathway to help them transition from cyber-criminals to white hat hackers. “There’s a razor thin line separating the white hats from the black,” Zamora describes.
“Cyber-criminals are equally passionate and skilled at what they do, but the lens through which they view the world may be blurred by socioeconomic circumstances or psychological hang-ups. There are those that may be beyond hope, but there are also those who are simply too young or too insecure to work a system that feels like it’s set up to watch them fail.”