Why Do Hackers Hack?

Why They Do It
The main reason hackers hack is because they can! Okay, it goes a little
deeper than that. Hacking is a casual hobby for some hackers — they hack
just to see what they can and can’t break into, usually testing only their own
systems. These aren’t the folks I write about in this book. I focus on those
hackers who are obsessive and often have criminal intentions.
Many hackers get a kick out of outsmarting corporate and government IT and
security administrators. They thrive on making headlines and being notorious
cyberoutlaws. Defeating an entity or possessing knowledge makes them
feel better about themselves. Many of these hackers feed off of the instant
gratification. They become obsessed with this feeling. Hackers can’t resist
the adrenaline rush they get when breaking into someone else’s systems.
Often, the more difficult the job is, the greater the thrill.
Hackers often promote individualism — or at least the decentralization of
information — because many believe that all information should be free.
They think cyberattacks are different from attacks in the real world. They
easily ignore or misunderstand their victims and the consequences of hacking.
Many hackers say they don’t intend to harm or profit through their bad
deeds, which helps them justify their work. They often don’t look for tangible
payoffs. Just proving a point is often a good enough reward for them.
The knowledge that malicious attackers gain and the elevated ego that comes
with that are like an addiction and a way of life. Some attackers want to make
your life miserable, and others simply want to be seen or heard. Some common
motives are revenge, basic bragging rights, curiosity, boredom, challenge, vandalism,
theft for financial gain, sabotage, blackmail, extortion, and corporate
espionage.
28 Part I: Building the Foundation for Ethical Hacking
Is the government hacking?
While in a conflict with another country, some
governments will wage war via the Internet and
other computer systems. For example, the U.S.
government reportedly has at times launched
cyberattacks against its adversaries — such as
Yugoslavia during the Milosevic crisis in the
late 1990s and in the war in Iraq.
Are we headed toward a digital Pearl Harbor?
I’m not convinced that we are, but this method of
waging war is becoming more common as technology
progresses. Many folks are skeptical
about this as well, and the U.S. government
denies most of its involvement. However,
because the world increasingly relies on computer
and network technology as well as the
Internet, those avenues may become the launching
pads or battlegrounds for future conflicts.
Rogue insiders who are doing things inside your network may be looking to
gain information to help them with personal financial problems, to give a leg
up to a competitor, to seek revenge on their employers, or simply because
they’re nosy and don’t have anything better to do.
Many business owners and managers — even some network and security
administrators — believe that they don’t have anything that a hacker wants or
that hackers can’t do much damage if they break in. This couldn’t be further
from the truth. This kind of thinking helps support hackers and their objectives.
Hackers can compromise a seemingly unimportant system to access the
network and use it as a launching pad for attacks on other systems.
It’s worth repeating that hackers often hack just because they can. Some
hackers go for high-profile systems, but hacking into anyone’s system helps
them fit into hacker circles. Hackers use many people’s false sense of security
and go for almost any system they think they can compromise. They know
that electronic information can be in more than one place at the same time,
so it’s tough to prove that hackers took the information and possess it.
Similarly, hackers know that a simple defaced Web page — however easily
attacked — is not good for business. The following Web site shows a few
examples of Web pages that have been defaced in the past:
www.2600.com/hacked_pages
Hacked sites like these can persuade management and other nonbelievers
that information threats and vulnerabilities should be addressed.
Computer breaches continue to get easier for several reasons:
 Increasing use of networks and Internet connectivity
 Anonymity provided by computer systems working over the Internet
and often on the internal network (because, effectively, logging rarely
takes place)
 Increasing number and availability of hacking tools
 Increasing complexity and size of the codebase in the applications and
databases being developed today
 Computer-savvy children
 Unlikelihood that attackers will be investigated or prosecuted if caught
Although most attacks go unnoticed or unreported, criminals who are discovered
are often not pursued or prosecuted. When they’re caught, hackers
often rationalize their services as being altruistic and a benefit to society:
They’re merely pointing out vulnerabilities before someone else does.
Regardless, if justice is ever served, it helps eliminate the “fame and glory”
reward system that hackers thrive on.