There is no shortage of motives behind the threats that attackers come up with. Perhaps the most dangerous motive is the conscious decision to break the law, typically in an effort to gain some financial or monetary gain.
What Are the Motives?
There is no shortage of motives behind the threats that attackers come up with. Perhaps
the most dangerous motive is the conscious decision to break the law, typically in an
effort to gain some financial or monetary gain. Often, criminals develop attacks and
exploits with the sole purpose of gaining illegal access to systems, typically for the
purpose of monetary gain. This gain could come from obtaining personal information and
committing fraud with that information, gaining access to data and blackmailing the
victim into paying for that data, or stealing trade secrets from a competitor's system or
undermining the financial stability of the company.
A less-driven, but still dangerous motive is the simple desire to cause mischief and wreak
havoc on an environment. Mischief covers everything from bored teenagers looking to do
something they consider exciting and interesting, to the disgruntled ex-employee who is
just looking to cause trouble for his former employer. One of the most difficult aspects of
attackers motivated by mischief is that often the attacks they engage in have logical
reason, especially if the attacker falls into the category of the bored person just looking
for something interesting to do. Many times, their attempts at what they consider
mundane and harmless activities can inadvertently cause significant problems or outages.
Many virus writers fall into this category, not realizing just how much damage their
innocuous virus can cause if someone is able to modify it slightly.
Another angle for motivation is simple ego. Attackers are convinced that they are smarter
than you, the defender, and an easy way to prove it is to compromise the system. They
can then run off to their chat rooms and brag about how they were able to get the best of
the company they targeted.
However, the most troublesome motive comes from attackers with multiple motives. In
this case, the attacker is frequently so driven by boredom, ego, and criminal behavior that
nothing short of legal intervention can stop the attacker. Indeed, a number of attacks that
may have started as untargeted attacks against an environment have escalated with bad
consequences when attackers realized that what they did has been patched. Their ego
cannot handle that they were stopped, and they become willing to undertake more
riskyand more costlyactivities to prove that they are superior.
Motives are not solely the realm of the attacker, however. As administrators, we have to
know what our motivation is in protecting our resources. Ensure not only that you are
protecting your resources, but that you are doing so in the proper manner. Although it is
human nature when presented with an attack to want to lash out and strike back at
attackers to teach them a lesson, that is not our place or our role. In fact, in the case of
zombies, the system that you decide to strike back against often becomes an unwitting
victim not only of the original hacker's attack on their system, but of your attack in an
effort to teach the hacker not to mess with your systems. As cliché as it sounds, there are
good guys and bad guys, and as administrators we need to make sure that our motives
and undertakings remain on the side of the good guys.