Why Do People Become Cyber Criminals?

Cyber criminals seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly and an increasing number of young cyber criminals are motivated more by a sense of notoriety and popularity with their peers rather than by financial gain.

One common pathway is individuals joining cyber criminal forums for ‘research purposes’. Once there, many find a welcoming environment as some forums have taken to encouraging beginners.

Cyber criminals almost always seek financial gain, but it seems that this is not usually what young cyber criminals have in mind when they take their first steps over to the “dark side”. For instance, CryptBB, a cyber crime forum known to previously only accept new members following a rigorous application and interview process recently introduced a ‘newbie’ section and now promotes itself as a place for novice threat actors.

A report by the British National Crime Agency (NCA) found that many are not necessarily motivated by financial reward.

Recognition from their peers, popularity in the forums they belong to, and a sense of success, are bigger influencing factors. “The sense of accomplishment at completing a challenge, and proving oneself to peers are the main motivations for those involved in cyber criminality,” the authors of the paper stated. As an example, the report includes the testimony given by an 18-year-old who was arrested for unauthorized access to a US government website. At the time of his arrest he said: “I did it to impress the people in the hacking community, to show them I had the skills to pull it off … I wanted to prove myself.”

Vulnerable young people can be recruited into criminal networks through social media. They’re told that there are financial benefits and are taught the relevant skills . Often, they act as the “fall guy” for a larger group of criminals. For example, in transactional fraud, the fraudster will offer money in exchange for the victim’s PayPal account. The criminal then uses this account, along with stolen credit card details to perform fraudulent charge backs. Since the account is registered in the name of the young person they may be held responsible and prosecuted.

In September 2020, the administrator of the Russian-language cyber-criminal forum XSS launched a new ‘e‐learning’ section, with an announcement stating that ‘the main concept of the existence of our forum is [to be] an old‐school technical and thematic place, friendly to newbies.’ With such support available, you can see how newcomers to the scene could quickly develop their technical and cyber crime skills.

There is some evidence that this approach works: In June 2020, a thread on XSS asked how forum members had found the site and begun their cyber crime journey. One user in this thread predicted that five percent of cyber-criminal forum users were members of such platforms for research purposes.

Competitions Are A Route To Crime

Competitions are another route in to entice wannabe criminals. One recent competition on XSS was sponsored by the Sodinokibi/REvil ransomware group, partly with the aim of finding skilled new recruits to join their team. A technically-minded forum user, seeing these competitions as an opportunity to showcase their expertise, could easily be dragged into cyber crime if they impressed, and were then courted by, a ransomware group like this one.

Crime As A Service

The increasing prevalence of ‘as‐a‐service’ offerings and detailed tutorials on cyber-criminal platforms may also ease curious individuals’ paths into cyber crime. These offerings mean even those without programming skills can quickly become prolific cyber-criminals.

These services can, initially, be more expensive than developing a project yourself and writing the code. Still, many probably see it as worth the initial outlay if the promise of significant profits is fulfilled over the longer term.

The Insider Threat

Another interesting aspect of the cyber-criminal development story is the potential intersection between real‐life employment and online activities. Having spent time on these sites, sometimes curious forum users realize they can use their privileged position in their real‐world employment to make a splash in the cyber-criminal scene.

Making Money

The most common answer was ‘less than $12,000’, although ‘more than $21,500’ took second place. Even a profit of $12,000 would appeal to many curious newbies, especially those in countries where the average wage is much lower than this. In fact, low wages compared with potential cyber crime earnings is often cited as a reason for the high proportion of cyber-criminals originating from former Soviet Union nations. On the other end of the scale, the well‐known extortionist ‘TheDarkOverlord’ ran several recruitment campaigns at the height of their activity.

It is unclear if these recruitment campaigns were legitimate, but one such post on the now‐defunct English‐language cyber-criminal forum KickAss offered an ultimate salary of $70,000 per month for several technical roles on their team.

Currently the number of arrested cyber criminals is miniscule in comparison to the amount of cyber-crimes that take place each year. When someone is arrested for murder or fraud etc., the suspect has phone, tablet and laptop etc. seized in order to search for evidence that may support the case. In more occasions than not, these were needle-in-a-haystack exercises, but at least there was information to go on.

But, those who choose to become cyber criminals often meticulously learn the right skills before striking and learn how to cover their tracks.

The problem is, the police get a tough time for “not doing enough” when it comes to combating cyber-crime, yet they are playing a huge cat-and-mouse game with the gap widening by the day. Funding will always be an issue, but that just seems like a quick way of the police saying they can’t do it so they go back to investigating “real world” crimes where DNA and fingerprints lead them to suspects.

Prevention

The key to preventing teens and young people from committing this kind of crime lies in giving them the option to use their skills for good and letting them know that this can still be lucrative but without the risk of a prison sentence.

The cyber security industry is well known to be suffering from a skills shortage and the threat of cyber criminals has created a demand for people who understand how hackers think, can test a company’s systems and provide security solutions. Young people should consider doing an apprenticeship or a degree to transition their skill set to work within an official organisation, creating positive outcomes.

National Crime Agency:     We Live Security:    Beaming:       Infosecurity Magazine:       We Live Security:     Digital Shadows

You Might Also Read: 

Young Hacker Makes $1m. Legally:

 

 

« Artificial Intelligence In The Cyber Security Market
Cyber Security Training For Employees »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.