Why Do People Become Cyber Criminals?

Cyber criminals seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly and an increasing number of young cyber criminals are motivated more by a sense of notoriety and popularity with their peers rather than by financial gain.

One common pathway is individuals joining cyber criminal forums for ‘research purposes’. Once there, many find a welcoming environment as some forums have taken to encouraging beginners.

Cyber criminals almost always seek financial gain, but it seems that this is not usually what young cyber criminals have in mind when they take their first steps over to the “dark side”. For instance, CryptBB, a cyber crime forum known to previously only accept new members following a rigorous application and interview process recently introduced a ‘newbie’ section and now promotes itself as a place for novice threat actors.

A report by the British National Crime Agency (NCA) found that many are not necessarily motivated by financial reward.

Recognition from their peers, popularity in the forums they belong to, and a sense of success, are bigger influencing factors. “The sense of accomplishment at completing a challenge, and proving oneself to peers are the main motivations for those involved in cyber criminality,” the authors of the paper stated. As an example, the report includes the testimony given by an 18-year-old who was arrested for unauthorized access to a US government website. At the time of his arrest he said: “I did it to impress the people in the hacking community, to show them I had the skills to pull it off … I wanted to prove myself.”

Vulnerable young people can be recruited into criminal networks through social media. They’re told that there are financial benefits and are taught the relevant skills . Often, they act as the “fall guy” for a larger group of criminals. For example, in transactional fraud, the fraudster will offer money in exchange for the victim’s PayPal account. The criminal then uses this account, along with stolen credit card details to perform fraudulent charge backs. Since the account is registered in the name of the young person they may be held responsible and prosecuted.

In September 2020, the administrator of the Russian-language cyber-criminal forum XSS launched a new ‘e‐learning’ section, with an announcement stating that ‘the main concept of the existence of our forum is [to be] an old‐school technical and thematic place, friendly to newbies.’ With such support available, you can see how newcomers to the scene could quickly develop their technical and cyber crime skills.

There is some evidence that this approach works: In June 2020, a thread on XSS asked how forum members had found the site and begun their cyber crime journey. One user in this thread predicted that five percent of cyber-criminal forum users were members of such platforms for research purposes.

Competitions Are A Route To Crime

Competitions are another route in to entice wannabe criminals. One recent competition on XSS was sponsored by the Sodinokibi/REvil ransomware group, partly with the aim of finding skilled new recruits to join their team. A technically-minded forum user, seeing these competitions as an opportunity to showcase their expertise, could easily be dragged into cyber crime if they impressed, and were then courted by, a ransomware group like this one.

Crime As A Service

The increasing prevalence of ‘as‐a‐service’ offerings and detailed tutorials on cyber-criminal platforms may also ease curious individuals’ paths into cyber crime. These offerings mean even those without programming skills can quickly become prolific cyber-criminals.

These services can, initially, be more expensive than developing a project yourself and writing the code. Still, many probably see it as worth the initial outlay if the promise of significant profits is fulfilled over the longer term.

The Insider Threat

Another interesting aspect of the cyber-criminal development story is the potential intersection between real‐life employment and online activities. Having spent time on these sites, sometimes curious forum users realize they can use their privileged position in their real‐world employment to make a splash in the cyber-criminal scene.

Making Money

The most common answer was ‘less than $12,000’, although ‘more than $21,500’ took second place. Even a profit of $12,000 would appeal to many curious newbies, especially those in countries where the average wage is much lower than this. In fact, low wages compared with potential cyber crime earnings is often cited as a reason for the high proportion of cyber-criminals originating from former Soviet Union nations. On the other end of the scale, the well‐known extortionist ‘TheDarkOverlord’ ran several recruitment campaigns at the height of their activity.

It is unclear if these recruitment campaigns were legitimate, but one such post on the now‐defunct English‐language cyber-criminal forum KickAss offered an ultimate salary of $70,000 per month for several technical roles on their team.

Currently the number of arrested cyber criminals is miniscule in comparison to the amount of cyber-crimes that take place each year. When someone is arrested for murder or fraud etc., the suspect has phone, tablet and laptop etc. seized in order to search for evidence that may support the case. In more occasions than not, these were needle-in-a-haystack exercises, but at least there was information to go on.

But, those who choose to become cyber criminals often meticulously learn the right skills before striking and learn how to cover their tracks.

The problem is, the police get a tough time for “not doing enough” when it comes to combating cyber-crime, yet they are playing a huge cat-and-mouse game with the gap widening by the day. Funding will always be an issue, but that just seems like a quick way of the police saying they can’t do it so they go back to investigating “real world” crimes where DNA and fingerprints lead them to suspects.

Prevention

The key to preventing teens and young people from committing this kind of crime lies in giving them the option to use their skills for good and letting them know that this can still be lucrative but without the risk of a prison sentence.

The cyber security industry is well known to be suffering from a skills shortage and the threat of cyber criminals has created a demand for people who understand how hackers think, can test a company’s systems and provide security solutions. Young people should consider doing an apprenticeship or a degree to transition their skill set to work within an official organisation, creating positive outcomes.

National Crime Agency:     We Live Security:    Beaming:       Infosecurity Magazine:       We Live Security:     Digital Shadows

You Might Also Read: 

Young Hacker Makes $1m. Legally:

 

 

« Artificial Intelligence In The Cyber Security Market
Cyber Security Training For Employees »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.