Introduction
A cyber-attack is a threat source that uses an exploit to take advantage of an existing vulnerability. It causes unintended or unanticipated behavior to occur in a computer system or network (Rehman, 2013). Cyber-attacks affect the integrity and availability of systems. The end is beneficial to the threat source and detrimental to other users. People assume they are anonymous online, as long as they do not use their names.
Anonymity remains an assumption, even in company intranets and particular databases. Scientists can easily deanonymize people by following the anonymity process backwards. However, they need appropriate tools. Unfortunately, the scientists’ intention cannot always be good (Harris, 2013).
Reasons, motivations, and beliefs for cyber attacks
Digital infrastructures of governments and institutions are increasingly becoming open for clandestine and malicious activities. Intruders can be organized or act individually when they attack a digital system. Employees and other insiders are also capable of making unauthorized intrusions into their networks and cause similar harm that external attackers would (Han & Dongre, 2014).
According to Rehman (2013), the Internet is now a domain for internal politics. Its structure that spans beyond country boundaries makes many national governments vulnerable. International cyberspace security infrastructure is becoming more certain, as governments work together to limit their exposure to criminal acts online. Regarding the Internet, being the most common communication tool in the 21st century contributes to its targeting by cyber attackers.
In addition, the ease of assuming an identity of the Internet is also a motivating factor. It contributes to criminal activity online. Politically motivated hackers, cyber intruders, and terrorists create an economic espionage, theft of sensitive data, manipulation of systems, and revelation of secret information.
In fact, activities of cyber attackers make the Internet both a blessing and a curse. Law enforcing authorities use legalized means to make cyber-attacks and gather evidence about criminal activities. Such an accomplishment would be impossible if cyberspace was not prone to penetration. Cyberspace refers to the Internet and other networks within companies, homes, and institutions. It also relates to electronic devices with computational power linked to any sort of network. Within cyberspace, there are software and protocols that allow management and transfer of information in connected computers or devices. When talking about cyberspace infrastructure, a person could also be referring to hardware that powers the network, such as telecommunications and operating systems (Han & Dongre, 2014).
Knowing the existing threat to cyber security is fundamental to understanding the motivations for cyber attackers. First, the intentions of an attack in cyberspace depend on the desired result. An aim to cause economic impacts will have differing reasons for attack than one that is politically inclined. Categorizing cyber attackers, as done by Han and Dongre (2014), eases an understanding of common motivations. The researchers explain that attackers can be outsiders or insiders. Outsiders are organized attackers, hackers, and amateurs. Insiders are disgruntled employees, thieves, and unintentional actors (Harris, 2013).
Han and Dongre (2014) explain that organized attack groups like terrorists, nation states, and criminal gangs seek to make political statements, gain competitive advantage, steal technical knowhow, or create fear. For hacktivists, the end justifies the means; a cyber-intrusion would be justified, as long as the target population gets the political message. On the other hand, nation state attackers simply keep collecting information about other states. The attackers have the back up of prominent personalities and institutions, who give them financial and technological support needed to carry out the attacks.
They work according to goals set by their leadership. Criminals too can have sufficient technologies and run complex ecosystems. Despite the potency of the above group of attackers, the hackers receive the most publicity because of their decentralization and the motivation to attack the widest variety of computer systems and networks (Han & Dongre, 2014). They can be explorers, intruders, computer trespassers, or thieves. Amateurs are people still learning intrusion methods and using inferior tools. Their motivation is simply to demonstrate their capabilities and earn recognition.
Three main categories emerge as motivations for any kind of cyber-attack. These are political motivations, economic motivation, and socio-cultural motivations, which can play independently or collectively to influence cyber-attack activity. Depending on the underlying motivation, a certain category of hackers will have a high chance of carrying out an attack (Han & Dongre, 2014).
Minei and Matusitz (2011) explain that new media enhances the motives of cyber terrorism, which is to frighten and coerce. For such groups, sending the appropriate message could be accomplished by defacing official law authority websites to show they are capable of doing so and to attract media attention, which advances their cause for fear propagation. In this case, the Internet serves as the main media for propaganda, allowing attackers to gain prominence by vocalizing their activities in internet related opportunities for communication. For propaganda terrorism, Minei and Matusitz (2011) say that the attacks are carefully choreographed. The inspiring factor for such attackers is the need to remain memorable; therefore, all activities revolve around theatrics.
In their research on criminal profiling and insider cybercrime, Nykodym, Taylor and Vilela (2005) show that cybercrime escalated around the world because of existing legislative compatibility gaps. For companies, insiders are the biggest threat and the best way of dealing with the problem is to have an accurate profile of the insider cybercriminal. By showing how profiling is a critical measure for dealing with cyber criminals, the researchers suggest that the lack or inadequate profiling ability or practice is a key inspiration for cyber-criminal activity for insiders (Bayuk, 2012).
While profiling is used mainly for solving crimes, it can also be a tool used by criminal gangs to come up with potential targets for attack. For criminals, profiling considers the vulnerability of a target, its risk and reward ratio, and the overall cost of conducting an attack.
According to Amoroso (2011), the fundamental institutions of government or commerce are the main targets of cyber attackers. The stock market can be a victim because of its potential to make an individual rich quick. However, probable reasons for attacking the stock market would be to destabilize a country’s financial structure. In such an attack, criminals face a number of challenges, which can also explain why elaborate attacks have not yet taken place in global stock markets.
Criminals have to engineer the needed effect, evade prosecution, and have the confidence to execute their plan. These are not easy to achieve, unless the criminals are a group of terrorists or political extremists whose actions are justified by their desire to see changes. Economic rivals at the nation level can have the necessary defense against retaliations by the victim nation and use that as a motivation for cyber war that centers on the crippling of financial institutions. At the same time, military campaigns can motivate the attack (Amoroso, 2011).
There is a growing underground market for data that is fueling increased attacks on networks. Criminals are attacking just for the sake of gaining information that they believe may have financial worth. Therefore, networks with highly valuable data for criminals become the most targeted (“US warns of increased cyber-attacks by Iran”, 2013).
Yunos and Suid (2010) explained that cyber attackers must use information systems and other electronic means when they are making attacks. What differentiates them from typical cyber criminals are their actions and motivations. Thus, it is possible to find out the underlying motivations for their actions by looking at the differences in actions by attackers and criminals. Yunos and Suid (2010) narrow down the motivations of cyber attackers to the availability of technical competency by the attacker, which puts them in an advantaged position of taking on emerging vulnerabilities caused by dynamic cyber environments.
The slow catch-up of law enforcement and defense authorities, as well as company security departments also yield additional reasons for attackers to pounce. Another motivation is the conventional nature of legislation that is inadequate in addressing Internet issues and international cyber-attack events. Moreover, there are international laws that can cater for criminal activities happening beyond borders, but the laws still depend on physical definitions of boundaries (“Alleged MPAA DDoS attacks spark retaliatory cyber attacks”, 2010).
The victims of attacks can also help to explain motivations. As earlier alluded, an attack to a stock exchange market can be fueled by a need to make a political statement, cause fear and, to a lesser extent, acquire illegal wealth. The last option is unlikely because it is easier for attackers to go directly to a company, rather than attack an entire market for such gains. Thus, if there was a breach in a defense contractor, then the most likely perpetrator of the cyber-attack would be another nation. Even when attackers are individual or organized groups, their motivations and supporters would likely be nations keen on gaining intelligence about defense activities and technologies.
Attacking retail companies can be a target for organized criminals looking at valuable customer information for subsequent trading in the underground market. Attacks can be highly targeted at a specific institution or they can be widespread to a particular industry (Rehman, 2014).
Conclusion
The increased interconnection of big computer networks and the existence of cloud computing is making cyber-attacks more lucrative for criminal groups and individual hackers. The potentials of getting substantial information are high when the target is a big network. Unfortunately, cyber spies, cyber criminals, and military campaign attacks can use similar features to execute an attack. Therefore, looking at the method of attack yields little to explain motivations behind the attacks. Based on the review of literature so far, it seems that the best ways to understand the motivating factors of attacks is by taking one or a combination of the following steps.
Categorization of the attacker is one of the steps, while the categorization of potential motivations is another. It is possible to tell the likely targets by looking at the attacker. For example, cyber terrorists will have different targets than typical hackers in most cases. However, the cyber terrorists may use hacking techniques to attack. Profiling of the attacks and the known motivations is also a useful step for explaining the motivation for other attacks done or anticipated in the future.
Reference list
“Alleged MPAA DDoS attacks spark retaliatory cyber attacks”. 2010. Infosecurity, 7(5): 8.
Amoroso, E. 2011. Cyber attacks: awareness. Network Security, 2011(1): 10-16.
Bayuk, J. 2012. Cyber attacks. Computers & Security, 31(2): 251.
Han, C. & Dongre, R. 2014. Q&A what motivates cyber-attackers? Technology Innovation Management Review, 4(10): 40-42.
Harris, A. 2013. The invisible [cyber attacks on critical infrastructure]. Engineering & Technology, 8(10): 40-42.
Minei, E. & Matusitz, J. 2011. Cyberterrorist messages and their effects on targets: A qualitative analysis. Journal of Human Behavior in the Social Environment, 21(8): 995-1019.
Nykodym, N., Taylor, R. & Vilela, J. 2005. Criminal profiling and insider cyber crime. Digital Investigation, 2: 261-267.
Rehman, A.U. 2014. Understanding the significance of cyber security threats. VFAST Transactions on Educational and Social Sciences, 4(2): 21-26.
“US warns of increased cyber-attacks by Iran”. 2013. Network Security, 2013(6): 19-20.
Yunos, Z. & Suid, S.H. 2010. Protection of Critical National Information Infrastructure (CNII) against cyber terrorism: Development of strategy and policy framework. 2010 International Conference on Intelligence and Security Informatics, IEEE.