Why Do Hackers Hack?

The online threats to business operations that I've been discussing on this blog aren't going away anytime soon. That's because when it comes to hacking, the promise of high rewards outweighs the risk of getting caught.

A ringleader of a group of hackers who stole 40 million credit card numbers from TJX made more than $11 million from his criminal activity (SearchSecurity.com). This was an extreme case (or so we hope, since much hacking goes undetected), but it’s safe to say that hackers who sell hundreds or thousands credit card numbers and other information they can extract in minutes make good money.

IT security analysts suggest cyber criminals earn $40,000 to $60,000 per attack (Information Week).

Meanwhile, just one out of every 7,000 cyber criminals gets convicted, although it could be as low as one out of every 600,000, suggests Lloyd Hession, chief security officer at British Telecom’s global financial services division (Wall Street Journal).

Why is it so hard for law enforcement to crack down on hackers and reduce the ratio of risk to reward? Here are a few reasons:

1. Without application layer firewalls and network firewalls, it is difficult for IT security experts (and impossible for everyone else) to directly detect hacking efforts. Attacks are often only inferred from slowed performance of web applications or computers – or bank accounts being emptied unexpectedly. No detection => no reporting of a crime => no investigation => hacker drives away in a new BMW.

2. Even when you find out you’ve been hacked, tracking down the hacker isn’t straightforward. There are ways for hackers to disguise their location of origin.

3. Diplomatic immunity? Not quite, but close enough to protect the bad guys. A lot of hackers are based out of places with weak legal systems, where lawmakers have little incentive to crack down on cyber crime that disproportionately exploits us supposedly rich, decadent Westerners -- meaning they're targeting everyone from Bill Gates down to the poor owner of a small corner hardware store that finally got around to posting a website.

The ratio of risk to reward? Not even close. That’s why hackers hack.