Motivations behind an attack
The motives behind cyber attacks can vary massively, from data theft to blackmail, ransoming and outright theft. Many of these cyber attackers aim to leech every penny from their target and in many cases are able to live a lavish lifestyle, leaving their unfortunate victims to count up the losses. However, in a small number of cases, ex-cybercriminals now offer their skills and services to companies, so their workforce can build up an awareness of what to be vigilant for, and combat these attacks.
Social Engineers can attack a target for number of reasons. Some of the potential motives can be observed below:
1- Financial
The focus of a cyber attacker in this type of attacks is to get hold of sensitive and valuable data, so that the victim can be blackmailed into handing over a ransom money. To minimise the inconvenience of dealing with the target, cyber attackers (also known as Social Engineers, or hackers) are also known to target victim’s financial accounts directly, so that they can take command and transfer the funds easily and with minimal chance of detection.
These attacks are often well planned in advanced and every attempt is made to remove all traces of the perpetrator, to ensure that authorities fail in their attempts to track the individuals responsible. In most cases the intentions of the Social Engineers are malicious when carrying out this type of attack, and their victims suffers the consequences of this unwanted intrusion.
2- Curiosity/Personal interest
In this type of attack, the attacker typically attempts to gain as much information about the company or the target as possible. The objective here is not always to inflict damage, but to understand procedures, policies and what is the highest level of sensitive information Social Engineer can gain, without compromising their identity and objectives.
Normally, once the attacker reaches a desired level, they usually consider their objective complete and move on. This motivation for attack can also be described as ‘target practising’, where the Social Engineer probe smaller companies to build up experience and confidence, before taking on the bigger or final target. However, attacks like this can be used for more nefarious purposes, such as for blackmail, or to share sensitive information with others, such as rival businesses.
3- To attain reputation/fame
There are many online forums and mediums through which both experienced and aspiring hackers communicate, exchanging tips and advice. With the aim of building reputation and bragging about their achievements, some Social Engineers target companies and then release the acquired data on these forums for others to use, often for free, in the hope of getting ‘likes’ and ‘vouches’ from other users . Upon achieving the desired reputation, are then able to offer and sell their services to other members for a fee.
4- Revenge attack
Grievances against employers are common. However, it becomes a costly affair for both parties when one of them takes the law in their own hands and maliciously attempts to damage the other party by sabotaging or releasing illegally acquired sensitive data online.
Attackers who are also ex-employees are usually well versed with procedures and policies of the company, which makes the task of stealing or hacking even easier. They know the chain of command and with the right contact and insider knowledge, can cause severe damage to their employers, should they choose to take this path.
Social Engineering and hacking attacks are becoming so common against ex-employers that America’s Federal Bureau of Investigation issued a press release in 2014, warning the employers to be wary of this threat, along with a long list of recommendations for them to follow once an employee is relieved of their duties.
5- Political
Politics may also encourage an attacker to take matters in their own hands, to either bring reputational damage to an entity, or by taking action which favours the political cause preferred by the attacker.
Reporting on the case of an Algerian hacker, Aljazeera released a report in 2015 with the caption ‘Is the Algerian Hacker a hero?’.
The hacker in question was the co-author of a Trojan horse virus which was introduced to around 200 different banks through various Social Engineering methods. Once the virus seized control of the system, the Algerian hacker called ‘Hamza Bendelladj’ was able to withdraw money from compromised banks and institutions.
From the money Hamza amassed through his hacking skills, he donated a reported $280,000,000 to Palestine, a territory illegally occupied by Israel since 1967. Due to this, many of his fans referred to him as a hero and ran campaigns for his release. The BBC reported in April 2016 that the Algerian Hacker has been jailed in US for a total of 15 years in prison for committing cyber crimes.
6- State sponsored attacks
The idea behind this type of attack is to either cause maximum devastation to the target or to discreetly steal high value confidential data. As these attacks are paid for by Governments and powerful establishments, attackers usually have access to infinite resources and funds.
As opposed to criminals who usually work alone, state sponsored Social Engineers are well organised and work in groups. Because they often have immunity from prosecutions, they tend to take bigger risks and have the capability to launch sophisticated attacks to achieve their goals.
Because of this coordination, dedication and a large amount of resources, state sponsored attackers are usually the ones who discover zero day exploits and come up with unique manipulation methods, which are then employed to sabotage the targets, extract secret data or simply used to steal trade secrets of another nation.
It was widely reported in the media in 2011 that US and Israel facilitated the assassination of an Iranian scientist as well as the development of ‘Stuxnet’ virus, which was later introduced to power plants in Iran through ‘baiting’. Their objective was to delay Iran from acquiring technology necessary for the construction of a nuclear weapon.
Consequently, the virus caused the desired impairment to the power plants and Iran went back on to the table of negotiations with the US and eventually agreed to halt its Uranium enrichment program. Reuters also released an exclusive report in 2015 citing evidence that a variant of Stuxnet virus was also used by the US to attack North Korea, but the attempts of sabotage ultimately failed.
Information about function and operational methods of some of the viruses created by state sponsored attackers are now in public domain i.e. Duqu, Flame & Gauss. It is safe to assume that there are many other undiscovered variants of smart malware, secretly transmitting sensitive and valuable data to the high profile sponsors of these types attacks.