Why Do Hackers Hack? (Or: What We Learned From Equifax Data Breach)

Dec 23, 2019

The past ten years have been a busy time for hackers. A countless number of high-level security breaches have compromised billions of records. If you don’t know what we’re talking about, just watch our video on the Equifax Data Breach to see how just one mishap potentially affected 143 million people, leaving over 40% of the US population exposed.

But Equifax isn’t the only company targeted. Well-known companies such as Target, Marriott, Home Depot and eBay have fallen victim to data breaches in recent years, resulting in major financial loss and a hit to their reputations. But will all these devastating security breaches in the works, it makes us wonder — **Why do hackers do it?**


Fame & Glory

Of course, the reason someone decides to exploit an organization isn’t always in black and white. But usually, when it’s a high-level security breach, like Equifax, hackers are looking to gain fame. A sure sign that their main goal is to get their name out there is when they leave their alias at the scene of the crime, so people know this was their work. Letting people know that you were able to find your way through the protection of a well-known company is one way to be known as a “notorious hacker.” For instance, Ehud Tenenbaum, aka “The Analyzer” is an Israeli hacker known for being involved in a sophisticated computer-hacking scheme where he reportedly stole over $10 million from U.S. banks. It’s attacks like these that help hackers rise to fame.

Money Money Money

Other than the fame, breaching a well-known company may be due to financial reasons. The potential for a large financial gain can be a huge motivator for hackers. You may be wondering, how much financial gain can there be when most companies don’t even hold credit card information? Here are four ways hackers can reap the financial benefits of a high-level data breach:

  • Selling the stolen records on the dark web. Selling data is less risky than using the data itself, but it also means hackers won’t get as much money. Pricing depends on what kind of information the hacker has stolen. For example, a credit card number may be worth just 25 cents, but medical records can go for hundreds and thousands of dollars.
    Using the data. Even without having credit card information, hackers are able to use other personal information to work around it. In 2016, hackers stole the information of over 57 million people from the Uber app. It’s important to make sure that if someone ever requests your personal information that it’s from a viable source.
  • Ransom payments. Sometimes, hackers will break into a system and withhold the information until the victim pays a sum of money -- aka holding the information for ransom. Since 2012, the use of this strategy has increased remarkably. Just in the first 6 months of 2018, there have been 181.5 million reported ransomware attacks, which is 229% more than in 2017. While the average ransom is about $4,300, the cost of downtime is around $46,800!
  • Crypto-mining. Cryptocurrency is huge, and not just for investors. Hackers have now found a way to take over systems using crypto-mining software that allows them to practice cryptocurrency mining without user permission. According to Kaspersky Labs, hackers can generate over $30,000 a month from this strategy.

State-sponsored attacks

Believe it or not, some hackers are actually employed by the government or part of a private company hired by the government. In late 2015, hackers successfully disrupted the electricity supply of over 250,000 Ukrainians for 24 hours by compromising the information systems of three energy distribution companies. It’s known as the Ukraine Power Grid Cyberattack and considered the first successful cyberattack against power suppliers. The IP addresses of the attackers were traced back to the Russian Federation. This can also be considered a money motivator. In Russia, the unemployment rate is about 25% among college graduates and the monthly salary is about $700. But as a hacker, you can be making as much as $10,000 a month, making the job description quite appealing to anyone desperate to find work.

Well, because it CAN be done…

Breaches and exploits often take place simply because a hacker wanted to prove to him/herself (or others) that it can be done. Thankfully, some in the hacker community will report a breach once it’s detected and choose not to exploit it, but that’s not always the case.

Whether a hacker is trying to climb their way to the top or earn a large sum of money, the fact of the matter is that they aren’t slowing down their hunt. And keep in mind that cyber attacks are a matter of a return on investment -- simply put, hackers are looking to make as much money compared to the amount of time they put into a potential target. Therefore, hackers will be looking at achievable jobs, such as well-known vulnerabilities and then exploit yet-to-be-discovered vulnerabilities. It’s up to us to make sure we are protected the best way we can to avoid falling victim to these breaches by being aware of the vulnerabilities that hackers will be most attracted to. Programs that specialize in prioritizing vulnerabilities in real-time, such as Vicarius’ TOPIA, will be your solution to a secure organization.


Written by

Michael Assraf

Recent Posts

  • 1

    Sealing the Patch Gap

    David Asraf September 08, 2020
  • 2

    Predicting Vulnerabilities in Compiled Code

    Shani Dodge August 26, 2020
  • 3

    Vicarius and Etek NovaRed Announce Partnership

    Roi Cohen August 13, 2020
  • 4

    Vicarius and SecureLatam Announce Partnership

    Roi Cohen August 11, 2020
  • 5

    Vulnerability Rich - Contextually Blind!

    Michael Assraf August 06, 2020
#Get topia

Don't Wait Until It's Too Late

Powerfully protect your OS and third-party applications starting today.