Why Do People Become Cyber Criminals?

Cyber criminals seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly and an increasing number of young cyber criminals are motivated more by a sense of notoriety and popularity with their peers rather than by financial gain.

One common pathway is individuals joining cyber criminal forums for ‘research purposes’. Once there, many find a welcoming environment as some forums have taken to encouraging beginners.

Cyber criminals almost always seek financial gain, but it seems that this is not usually what young cyber criminals have in mind when they take their first steps over to the “dark side”. For instance, CryptBB, a cyber crime forum known to previously only accept new members following a rigorous application and interview process recently introduced a ‘newbie’ section and now promotes itself as a place for novice threat actors.

A report by the British National Crime Agency (NCA) found that many are not necessarily motivated by financial reward.

Recognition from their peers, popularity in the forums they belong to, and a sense of success, are bigger influencing factors. “The sense of accomplishment at completing a challenge, and proving oneself to peers are the main motivations for those involved in cyber criminality,” the authors of the paper stated. As an example, the report includes the testimony given by an 18-year-old who was arrested for unauthorized access to a US government website. At the time of his arrest he said: “I did it to impress the people in the hacking community, to show them I had the skills to pull it off … I wanted to prove myself.”

Vulnerable young people can be recruited into criminal networks through social media. They’re told that there are financial benefits and are taught the relevant skills . Often, they act as the “fall guy” for a larger group of criminals. For example, in transactional fraud, the fraudster will offer money in exchange for the victim’s PayPal account. The criminal then uses this account, along with stolen credit card details to perform fraudulent charge backs. Since the account is registered in the name of the young person they may be held responsible and prosecuted.

In September 2020, the administrator of the Russian-language cyber-criminal forum XSS launched a new ‘e‐learning’ section, with an announcement stating that ‘the main concept of the existence of our forum is [to be] an old‐school technical and thematic place, friendly to newbies.’ With such support available, you can see how newcomers to the scene could quickly develop their technical and cyber crime skills.

There is some evidence that this approach works: In June 2020, a thread on XSS asked how forum members had found the site and begun their cyber crime journey. One user in this thread predicted that five percent of cyber-criminal forum users were members of such platforms for research purposes.

Competitions Are A Route To Crime

Competitions are another route in to entice wannabe criminals. One recent competition on XSS was sponsored by the Sodinokibi/REvil ransomware group, partly with the aim of finding skilled new recruits to join their team. A technically-minded forum user, seeing these competitions as an opportunity to showcase their expertise, could easily be dragged into cyber crime if they impressed, and were then courted by, a ransomware group like this one.

Crime As A Service

The increasing prevalence of ‘as‐a‐service’ offerings and detailed tutorials on cyber-criminal platforms may also ease curious individuals’ paths into cyber crime. These offerings mean even those without programming skills can quickly become prolific cyber-criminals.

These services can, initially, be more expensive than developing a project yourself and writing the code. Still, many probably see it as worth the initial outlay if the promise of significant profits is fulfilled over the longer term.

The Insider Threat

Another interesting aspect of the cyber-criminal development story is the potential intersection between real‐life employment and online activities. Having spent time on these sites, sometimes curious forum users realize they can use their privileged position in their real‐world employment to make a splash in the cyber-criminal scene.

Making Money

The most common answer was ‘less than $12,000’, although ‘more than $21,500’ took second place. Even a profit of $12,000 would appeal to many curious newbies, especially those in countries where the average wage is much lower than this. In fact, low wages compared with potential cyber crime earnings is often cited as a reason for the high proportion of cyber-criminals originating from former Soviet Union nations. On the other end of the scale, the well‐known extortionist ‘TheDarkOverlord’ ran several recruitment campaigns at the height of their activity.

It is unclear if these recruitment campaigns were legitimate, but one such post on the now‐defunct English‐language cyber-criminal forum KickAss offered an ultimate salary of $70,000 per month for several technical roles on their team.

Currently the number of arrested cyber criminals is miniscule in comparison to the amount of cyber-crimes that take place each year. When someone is arrested for murder or fraud etc., the suspect has phone, tablet and laptop etc. seized in order to search for evidence that may support the case. In more occasions than not, these were needle-in-a-haystack exercises, but at least there was information to go on.

But, those who choose to become cyber criminals often meticulously learn the right skills before striking and learn how to cover their tracks.

The problem is, the police get a tough time for “not doing enough” when it comes to combating cyber-crime, yet they are playing a huge cat-and-mouse game with the gap widening by the day. Funding will always be an issue, but that just seems like a quick way of the police saying they can’t do it so they go back to investigating “real world” crimes where DNA and fingerprints lead them to suspects.

Prevention

The key to preventing teens and young people from committing this kind of crime lies in giving them the option to use their skills for good and letting them know that this can still be lucrative but without the risk of a prison sentence.

The cyber security industry is well known to be suffering from a skills shortage and the threat of cyber criminals has created a demand for people who understand how hackers think, can test a company’s systems and provide security solutions. Young people should consider doing an apprenticeship or a degree to transition their skill set to work within an official organisation, creating positive outcomes.

National Crime Agency:     We Live Security:    Beaming:       Infosecurity Magazine:       We Live Security:     Digital Shadows

You Might Also Read: 

Young Hacker Makes $1m. Legally:

 

 

« Artificial Intelligence In The Cyber Security Market
Cyber Security Training For Employees »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Dapple Security

Dapple Security

Dapple Security is creating cutting edge technology utilizing responsible biometrics that protects people and privacy through a first-of-its-kind passwordless platform.

AppSOC

AppSOC

AppSOC is a leader in Application Security Posture Management (ASPM) and Code-to-Cloud Vulnerability Management.