Everyone has an idea of what hackers do. Popular culture is full of images of hooded figures hunched over a monitor, illuminated by falling lines of green code.
But people are less clear about why hackers do what they do.
Hacking and bad actors online have made cybersecurity one of the hot-button topics in IT, and understanding the motivation behind different attacks is an integral part of preventing them.
By the end of 2025, it is predicted that there will be more than 75 billion devices connected to the internet. And with there being no way to absolutely guarantee the security of an internet-connected device, that’s a lot of potential vulnerabilities! For this reason alone, it is vital that we understand not just what hackers do and how they do it, but what drives them. With a little more information, we can be more prepared to defend ourselves and our data online.
With this in mind, here are the main reasons why hackers hack.
The most obvious and most common motivation for hacking is filthy lucre, financial reward, or, putting it plainly, money. Money is, famously, the root of all evil, and it is the motivation behind most criminal enterprises. Hacking is no exception. Verizon’s 2021 Data Breach Investigations Report showed that 86% of all breaches were financially motivated.
What sets hacking apart from common-or-garden crime is the sheer variety of different ways that cybercriminals have to extract money from individuals, enterprises, and even governments. Here are some of the most common and most lucrative.
Misusing data is all about stealing sensitive, important, or personally identifiable information using tools and tactics like malware and phishing. This can then be used to falsify credentials, breach bank accounts, and carry out fraudulent purchases online.
Bad actors might borrow money in your name, create fake documents, open a bank account, take out lines of credit, or use your data to scam others.
Of course, hackers don’t actually have to use your data themselves. It has a value and can be sold on the dark web to others who might then misuse it in the ways described above. There is also a market for dodgy data amongst unscrupulous marketers and online advertisers looking to get a better yet illicit understanding of their audience.
The core principle of ransomware attacks, cybercriminals often blackmail their targets with threats to withhold, sell, or destroy data in return for a ‘reward.’ If the data is sensitive, embarrassing, or includes trade secrets, then hackers might extort money in return for not publishing it.
Known in IT circles as phishing or social engineering, cybercriminals can manipulate their targets into sending money to the wrong location by impersonating someone trustworthy. This sometimes takes the form of emotional manipulation – a friend or family member needing help, an accident victim, or a request for a charitable donation. It can also be more subtle, tricking the victim into transferring corporate funds without proper authorization or getting them to pay for unnecessary services or fake products.
But hacking isn’t only about money. As you can see from most of the examples above, most hacks and breaches involve data theft, and sometimes the data itself is the most important thing.
Corporate espionage, i.e. stealing sensitive or valuable information from other companies and organizations, is big business. Most organizations rely on keeping their data confidential, whether it’s long-term strategies for growth, products in development, or new areas they intend to compete in.
Some corporations employ hackers to access sensitive information from their business rivals, steal trade secrets, customers, pricing information, and data about finances. They might even carry out damaging attacks designed to crash networks and servers, or encrypt or destroy data, to cause setbacks to their competitors.
As we mentioned above, the world is full of internet-enabled devices. Most businesses are run by and reliant on these machines, which means having control of your devices is imperative. But an internet connection means that they are vulnerable to hacking and a common trick of cybercriminals is to use a virus known as a Trojan Horse to take over an element or the entirety of your network and turn it to their own desires.
Not all hacking is done with purely malicious or greedy motivations in mind. One example of this (slightly more) ethical hacking is commonly known as ‘hacktivism’, when an individual or group breaches a network to make a point or carry out a political, social, or religious agenda.
Two recent examples provide the best illustration of hacktivism.
In 2020, a group of Iranian hackers took over the US Federal Depository Library Program’s website as a protest against the assassination of the Iranian general Qassim Soleimani by American forces. The group displayed an image of President Donald Trump overlaid across a map of the Middle East to anyone who accessed the website during their hack.
Going further back, in 2015, a group of hackers breached Ashley Madison, the online affair website. Rather than asking for a ransom for the stolen data, they distributed it publically to shame the users and force the site to close down.
For the challenge
And some hackers just hack for the fun of it. Really! For many younger IT-savvy techies, the technical challenge of finding backdoors into networks or hidden vulnerabilities is all the motivation they need. Breaking a secure system and defeating the best that cybersecurity companies have to offer is a test of skill, wit, and cunning, and there are plenty of hackers out there who hack for the sake of it.
This sort of hack is usually harmless and can even be beneficial, demonstrating and highlighting potential vulnerabilities in the system that more malicious actors might exploit. However, it is a dangerous game to play, as British schoolboy Richard Pryce discovered after his ‘prank’ ended up breaching the Pentagon!
White Hat Hackers
Finally, we come to the genuinely ethical hackers, known as White Hat hackers. These IT pros are taken on by companies and governments and given free rein to ‘stress test their systems to find out how and where they might have vulnerabilities and where they need to shore up their online defenses. The Pentagon regularly carries out what are known as ‘bug bounties’, throwing out a challenge to the White Hat community to see if they can get through their security systems.
To find out more about cybersecurity and how you can protect yourself and your business from malicious actors online, get in touch with CompuVision. Our cybersecurity experts can provide guidance and advice, as well as a range of services to protect your data now and in the future!