Q&A. What Motivates Cyber-Attackers?

A. The need to understand the motivations of cyberattackers is great, given that "cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century" (The White House, 2009). However, the motivations behind cyberattacks intended to cause economic impacts may be different from those posing a threat to national security. And, in many cases, the real purpose and primary objective of a cyber-attack may be hidden or obscured, even if the attacker claims responsibility (Shakarian et al., 2013).


Q&A
Chen Han and Rituja Dongre A. The need to understand the motivations of cyberattackers is great, given that "cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century" (The White House, 2009).However, the motivations behind cyberattacks intended to cause economic impacts may be different from those posing a threat to national security.And, in many cases, the real purpose and primary objective of a cyber-attack may be hidden or obscured, even if the attacker claims responsibility (Shakarian et al., 2013).
Nonetheless, to help tease out and understand common motivations, cyber-attackers may be categorized, noting that a given attacker may belong to more than one category (Andress & Winterfeld, 2011).For example, politically motivated cyberattacks may be carried out by members of extremist groups who use cyberspace to spread propaganda, attack websites, and steal money to fund their activities or to plan and coordinate physical-world crime (Gandhi et al., 2011).Generally, the reason for non-politically motivated attacks is generally financial, and most attacks are considered as cybercrime (Andreasson, 2011), but many cyber-attacks are motivated by deeply-rooted socio-cultural issues (Gandhi et al., 2011).
As shown in Figure 1, cyber-attackers can be broadly considered "insiders" or "outsiders" (Russell & Gangemi, 1993), meaning that they act from within an organization or attempt to penetrate it from the outside.
The three basic categories of insiders are: i) disgruntled employees, who may launch retaliatory attacks or threaten the safety of internal systems; ii) financially motivated insiders, who may misuse company assets or manipulate the system for personal gain (although some insiders may be acting on ethical grounds or for other reasons); and unintentional insiders, who may unwittingly facilitate outside attacks, but are not strictly speaking primary attackers (Andress & Winterfeld, 2011).
Outsiders can be classified based on their organization, motives, and professional level: organized attackers, hackers, and amateurs.

Q&A. What Motivates Cyber-Attackers?
Chen Han and Rituja Dongre 1. Organized attackers: include organizations of terrorists, hacktivists, nation states, and criminal actors.Terrorists are those who seek to make a political statement or attempt to inflict psychological and physical damage on their targets, in order to achieve their political gain or create fear in opponents or the public (Howard, 1997;Lewis, 2002;Cohen et al., 1998).Hacktivists seek to make a political statement, and damage may be involved, but the motivation is primarily to raise awareness, not encourage change through fear.Nation-state attackers gather information and commit sabotage on behalf of governments (Cohen et al., 1998), and are generally highly trained, highly funded, tightly organized, and are often backed by substantial scientific capabilities.In many cases, their highly sophisticated attacks are directed toward specific goals, but their specific motives may be mixed (Cohen et al., 1998).Criminal actors are usually "organized groups of professional criminals" (Cohen, et. al, 1998), and they may act within complex criminal ecosystems in cyberspace that are both "stratified and service oriented" (Grau & Kennedy, 2014).Perpetrators of organized crime are typically focused on control, power, and wealth (Gragido et al, 2012).
2. Hackers: may be perceived as benign explorers, malicious intruders, or computer trespassers (Hafner & Markoff, 1991;Lachow, 2009).This group includes individuals who break into computers primarily for the challenge and peer status attained from obtaining access (Howard, 1997).In some cases, hacking is not a malicious activity; a "white hat" hacker is someone who uncovers weaknesses in computer systems or networks in order to improve them, often with permission or as part of a contract with the owners.In contrast, "black hat" hacking refers to malicious exploitation of a target system for conducting illegal activities.In most cases, black hat hackers could be hired by or be sponsored by criminal organization or governments for financial gain or political purpose.Thus, hacking can involve espionage (i.e., to obtain secrets without the permission of the holder of the information, primarily for personal, political, or criminal purposes), extortion (i.e., to extract money, property, or other concessions by threatening harm), theft (i.e., to steal valuable data, information, intellectual property, etc.), vandalism (i.e., to cause damage) (Shakarian et. al, 2013;Cohen et. al, 1998;Howard, 1997).
3. Amateurs: less-skilled hackers, also known as "script kiddies" or "noobs" often use existing tools and instructions that can be found on the Internet.Their motivations vary: some may simply be curious or enjoy the challenge, others may be seeking to build up and demonstrate their skills to fulfill the entry criteria of a hacker group (Andress & Winterfeld, 2011).However benign their intentions may be, the tools used by amateurs can be very basic but powerful.Despite their lower skill skills, they can cause a lot of damage or, after gaining enough experience, may eventually "graduate" to professional hacking.
Although these categories are presented as discrete groups, there can be some overlap or difficulty placing a given situation into a particular box.For example, a group of hackers can act in a coordinated fashion, and in this sense could be considered "organized attackers." The categories of cyber-attackers enable us to better understand the attackers' motivations and the actions they take.As shown in Figure 2, operational cybersecurity risks arise from three types of actions: i) inadvertent actions (generally by insiders) that are taken without malicious or harmful intent; ii) deliberate actions (by insiders or outsiders) that are taken intentionally and are meant to do harm; and iii) inaction (generally by insiders), such as a failure to act in a given situation, either because of a lack of appropriate skills, knowledge, guidance, or availability of the correct person to take action (Cebula & Young, 2010).Of primary concern here are deliberate actions, of which there are three categories of motivation (Gandhi et al., 2011)

About the Authors
Chen Han is a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada.She has more than 8 years working experience in product design, User interface design and project management.She built and led an independent technical team that provides overall solutions and outsourcing services for various clients including world's top media, Internet startups, and multinational firms.Currently, she is working with founder team of Pricebeater, a global startup offering tools for online shopping in North America.
Rituja Dongre is a graduate student in Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada.She holds a Bachelor's Degree in Electronic and Telecommunication from the Nagpur University, India, and has worked as an Associate Consultant in Capgemini India.

Figure 2 .
Figure 2. Types of cyber-attacker actions and their motivations when deliberate