What motivates hackers to wreak havoc on security systems and steal sensitive data? According to a new survey, most hackers do it for kicks, and few think they’ll get caught.
Security firm Thycotic surveyed 127 self-identified hackers at the Black Hat conference last week. When asked about their motivations, 51 percent said they hacked mainly for the thrill of it.
By comparison, 29 percent said they were motivated by some social or moral issue—presumably related to the target—and 19 percent said they were mainly seeking financial gain. Only 1 percent said they were primarily looking for notoriety.
“Contrary to a majority of the news stories we read about ransomware and other forms of cyber blackmail, more than half of hackers who responded are simply curious, bored, or want to test out their abilities,” Thycotic’s report said. (Keep in mind that the respondents were all attending a security conference in the United States, and they probably don’t represent the worst of the worst.)
Law enforcement tends not to be a major concern, according to the survey: Only 14 percent of respondents said they were worried about getting caught. But nearly everyone—88 percent—believed that their own information was at risk. (Thycotic’s full report notes the irony of these two responses.)
As for targets, 40 percent of respondents said they were most likely to attack contractors, and 30 percent said they’d target IT administrators first. Both groups are likely to have direct access to servers and systems, allowing hackers to make off with personally identifiable information.
Unsurprisingly, Thycotic recommends that companies and IT pros use an array of tighter security measures for privileged accounts, which the company’s own security software just so happens to provide. For everyone else, at least the survey gives a sense of why your favorite site is suddenly requiring a password reset.