What Motivates Adversaries?

System intruders value potential target assets based on the financial gain they can realize by compromising the asset. Markets are well established for buying and selling of compromised systems and data of all types. For financial transaction systems, the value of controlling wire transfer and ACH accounts can also be calculated. Non-financial asset compromise motives exist; however, those motives represent a continually decreasing percentage of the system compromise events. System intruders are now financially motivated, and thus the assets they will pursue and how much they will invest in pursuing the asset can be roughly predicted based on the financial return they will reap for their efforts, similar to the way an investor might calculate return on investment.

Non-Financial Motives
Non-financial factors were the impetus behind the majority of system compromises through the late 1990s. These motives included pursuit of forbidden knowledge, the game of system compromise, pranksterism, and reputation building.

In the 1960s and 1970s computer systems were physically and financially inaccessible to many who wanted to understand their inner-workings. Those hungry enough to explore the systems, who were not among the few authorized operators, gained access to the systems without authorization. College students attempting to get more time on systems developed many compromise techniques, such as Trojan software. John Draper, when asked about the techniques he developed for gaining operator access to phone systems, published in the October 1971 issue of Esquire Magazine, stated the hacker ethos of the time.

I don’t do that. I don’t do that anymore at all. And if I do it, I do it for one reason and one reason only. I’m learning about a system. The phone company is a System. A computer is a System, do you understand? If I do what I do, it is only to explore a system. Customers, systems, that’s my bag. The phone company is nothing but a computer. – From Secrets of the Little Blue Box by Ron Rosenbaum, Esquire Magazine (October 1971)

Pursuit of knowledge was the motive for Terminus and ultimately led to his arrest when, in February 1990, Secret Service questioned him in his home and confiscated his Netsys computer containing illicitly obtained software such as KORN SHELL and UNIX SV Release 3.1.[1]

System intruders build their reputation through penetration of previously uncompromised systems and through development of new compromise techniques. Proof of intrusion is better than just a story, so intruders often collected electronic trophies as proof of their compromises. In 1988, Prophet of Legion of Doom (LoD) compromised a BellSouth system, AIMSX. He did no damage to the system, just explored. In his probing of the system he discovered a file containing information related to administration of the 911 system (E911 document). Why did he download the file? It was a trophy – proof of his compromise of the system. Also, it was forbidden knowledge, and possession of forbidden knowledge was the currency with which reputation was bought.[2]

Some system compromises were simply to pull off a prank. In June of 1989 an intruder compromised a Southern Bell phone switch and redirected calls made to the Palm Beach County Probation Department to “Tina,” a phone-sex worker in New York State.[3]
[1] The Hacker Crackdown page 114-116
[2] The Hacker Crackdown page 112-113
[3] The Hacker Crackdown page 95