Why Do People Become Cyber Criminals?
Cyber criminals seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly and an increasing number of young cyber criminals are motivated more by a sense of notoriety and popularity with their peers rather than by financial gain.
One common pathway is individuals joining cyber criminal forums for ‘research purposes’. Once there, many find a welcoming environment as some forums have taken to encouraging beginners.
Cyber criminals almost always seek financial gain, but it seems that this is not usually what young cyber criminals have in mind when they take their first steps over to the “dark side”. For instance, CryptBB, a cyber crime forum known to previously only accept new members following a rigorous application and interview process recently introduced a ‘newbie’ section and now promotes itself as a place for novice threat actors.
A report by the British National Crime Agency (NCA) found that many are not necessarily motivated by financial reward.
Recognition from their peers, popularity in the forums they belong to, and a sense of success, are bigger influencing factors. “The sense of accomplishment at completing a challenge, and proving oneself to peers are the main motivations for those involved in cyber criminality,” the authors of the paper stated. As an example, the report includes the testimony given by an 18-year-old who was arrested for unauthorized access to a US government website. At the time of his arrest he said: “I did it to impress the people in the hacking community, to show them I had the skills to pull it off … I wanted to prove myself.”
Vulnerable young people can be recruited into criminal networks through social media. They’re told that there are financial benefits and are taught the relevant skills . Often, they act as the “fall guy” for a larger group of criminals. For example, in transactional fraud, the fraudster will offer money in exchange for the victim’s PayPal account. The criminal then uses this account, along with stolen credit card details to perform fraudulent charge backs. Since the account is registered in the name of the young person they may be held responsible and prosecuted.
In September 2020, the administrator of the Russian-language cyber-criminal forum XSS launched a new ‘e‐learning’ section, with an announcement stating that ‘the main concept of the existence of our forum is [to be] an old‐school technical and thematic place, friendly to newbies.’ With such support available, you can see how newcomers to the scene could quickly develop their technical and cyber crime skills.
There is some evidence that this approach works: In June 2020, a thread on XSS asked how forum members had found the site and begun their cyber crime journey. One user in this thread predicted that five percent of cyber-criminal forum users were members of such platforms for research purposes.
Competitions Are A Route To Crime
Competitions are another route in to entice wannabe criminals. One recent competition on XSS was sponsored by the Sodinokibi/REvil ransomware group, partly with the aim of finding skilled new recruits to join their team. A technically-minded forum user, seeing these competitions as an opportunity to showcase their expertise, could easily be dragged into cyber crime if they impressed, and were then courted by, a ransomware group like this one.
Crime As A Service
The increasing prevalence of ‘as‐a‐service’ offerings and detailed tutorials on cyber-criminal platforms may also ease curious individuals’ paths into cyber crime. These offerings mean even those without programming skills can quickly become prolific cyber-criminals.
These services can, initially, be more expensive than developing a project yourself and writing the code. Still, many probably see it as worth the initial outlay if the promise of significant profits is fulfilled over the longer term.
The Insider Threat
Another interesting aspect of the cyber-criminal development story is the potential intersection between real‐life employment and online activities. Having spent time on these sites, sometimes curious forum users realize they can use their privileged position in their real‐world employment to make a splash in the cyber-criminal scene.
Making Money
The most common answer was ‘less than $12,000’, although ‘more than $21,500’ took second place. Even a profit of $12,000 would appeal to many curious newbies, especially those in countries where the average wage is much lower than this. In fact, low wages compared with potential cyber crime earnings is often cited as a reason for the high proportion of cyber-criminals originating from former Soviet Union nations. On the other end of the scale, the well‐known extortionist ‘TheDarkOverlord’ ran several recruitment campaigns at the height of their activity.
It is unclear if these recruitment campaigns were legitimate, but one such post on the now‐defunct English‐language cyber-criminal forum KickAss offered an ultimate salary of $70,000 per month for several technical roles on their team.
Currently the number of arrested cyber criminals is miniscule in comparison to the amount of cyber-crimes that take place each year. When someone is arrested for murder or fraud etc., the suspect has phone, tablet and laptop etc. seized in order to search for evidence that may support the case. In more occasions than not, these were needle-in-a-haystack exercises, but at least there was information to go on.
But, those who choose to become cyber criminals often meticulously learn the right skills before striking and learn how to cover their tracks.
The problem is, the police get a tough time for “not doing enough” when it comes to combating cyber-crime, yet they are playing a huge cat-and-mouse game with the gap widening by the day. Funding will always be an issue, but that just seems like a quick way of the police saying they can’t do it so they go back to investigating “real world” crimes where DNA and fingerprints lead them to suspects.
Prevention
The key to preventing teens and young people from committing this kind of crime lies in giving them the option to use their skills for good and letting them know that this can still be lucrative but without the risk of a prison sentence.
The cyber security industry is well known to be suffering from a skills shortage and the threat of cyber criminals has created a demand for people who understand how hackers think, can test a company’s systems and provide security solutions. Young people should consider doing an apprenticeship or a degree to transition their skill set to work within an official organisation, creating positive outcomes.
National Crime Agency: We Live Security: Beaming: Infosecurity Magazine: We Live Security: Digital Shadows:
You Might Also Read:
Young Hacker Makes $1m. Legally: