3. The Adversary of Cybersecurity: Hackers 53 3.1.2.1 Hacking for Cash The main motivation of most illegal hacking is to make money. This category of hacking is called criminal hacking. Just like in physical space, hackers can make money criminally through activities like stealing, fraud, espionage, sabotage, and extortion. Examples of stealing money include logging into a victim’s bank account and transferring money, or logging into a victim’s human resources portal at work and changing their paycheck’s direct deposit information to a bank account controlled by the attacker. In both of these cases, the attacker impersonates the victim by using their username and password which is a type of fraud. Attackers may also steal cryptocurrency by gaining unauthorized access to another person’s crypto wallet and initiating transactions. Recovering stolen cryptocurrency is difficult since all transactions logged in the blockchain are instantly permanent, whereas there is a short grace period for banking transactions that allow them to be cancelled if caught in time. Besides directly targeting a victim’s finances, hackers may also profit from obtaining access to data. When this happens it is called a data breach. The data obtained might be IP, personally identifiable information (PII), or other types of sensitive information such as health and financial records. Criminal hackers may steal, or the equivalent in cyberspace, make a copy of, data that contains valuable information. An example of IP theft would be stealing research and development data from a pharmaceutical company. Attackers might obtain PII or credit card numbers so they can sell them on the black market. PII is data that can be used to identify a person and commit identity theft. Some data breaches impact millions of people. Therefore, even if individual records stolen in a data breach sell for a small amount each, the total amount of money made by hackers can be substantial. In business settings, hackers may gain unauthorized access to a competitor’s network for the purposes of spying and learning their plans (corporate espionage) or to impair their competitor’s ability to operate (corporate sabotage). Hackers may also obtain access to sensitive information and then threaten to release it publicly unless they are paid. They may also commandeer computer systems and data and then prevent the owners from accessing them until a payment is made— these are forms of extortion. These few examples of criminal hacking barely scratch the surface of all the ways that hackers can use their skills to make money. The amount of money cybercrime costs society is measured in trillions of dollars annually, so this is a major cybersecurity threat and a significant national concern. 3.1.2.2 Hacking for a Cause Some individuals or groups of individuals hack to advance their cause. When they hack for political or ideological reasons this category of hacking is called hacktivism (short for hacktivist hacking). Hacktivists may publish private documents belonging to a company the activist group opposes. For example, a hacking group that is concerned about the
RkJQdWJsaXNoZXIy MTM4ODY=