Mind games

It's not all about money

Understanding the psychology of cybercriminals

When a cybercriminal breaches an organization’s data and financial systems, management automatically begins investigating the culprit’s financial motives. But often hackers are just curious to see if they can invade mainframes. Or they’re bored and want to have some fun. Here’s how to investigate cybercriminals’ minds, understand their nuanced purposes and then prevent more breaches.

Ian Bing, a database administrator for Lianjia, a Chinese real estate brokerage, was frustrated. He’d reported that the company’s security of its financial system was lax, but apparently his bosses had dismissed his concerns. Perhaps he wanted to prove them wrong, so on June 4, 2018, he invaded and destroyed four of Lianjia’s servers and made sure nothing could be recovered. He was sentenced to seven years in prison for his IT devastation.

Bing wasn’t looking to get rich. He wasn’t sabotaging his company because he worked for a competing organization. He was mad and disgruntled, and felt Lianjia had ignored him. Perhaps the company could’ve prevented this disaster if it had just taken Bing’s worries seriously or if his supervisors had taken a bit of time to understand his psychological motivations? (See “IT admin gets 7 years for wiping his company’s servers to prove a point,” by Dave James, PC GAMER, May 16, 2022.)

Cybercrimes, undeniably a significant global risk, require a different mitigation approach. We can’t meet cybercrime challenges just by building higher and stronger digital walls around everything. We need to look inside cybercriminals’ minds to understand the reasons and motivations for their crimes and then devise counter-preventive measures.

The Verizon “2021 Data Breach Investigations Report” (DBI) says that insiders could abuse their positions or hack an organization’s system to steal organizational and customer data for financial gain, espionage, fun, revenge, convenience and ideology. DBI also reported that external cybercriminals could attack organizations for financial or nonfinancial reasons, including espionage, revenge/grudge or fun. Here are some examples of cybercriminals’ motivations.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.