6 motivations of cybercriminals–Is it all about the money?

cybercriminal motivations

Performing a Google search (for the past year) using the terms: “cybercrime” AND “hackers” produced over 5 million results. While scanning through search results, headline eye candy produced:

  • Hackers are draining bank accounts via . . .
  • Hackers Trick Email Systems Into Wiring Them Large Sums …
  • Hackers siphon $47 million out of tech company’s accounts …
  • Hackers use virus to steal £20 MILLION from UK bank …
  • We found out how much money hackers actually make …

So, a cyberiminal’s ultimate goal and motivation has to involve financial gain, right?—not necessarily.

Though financial gain is one of the primary cybercriminal motivations and often a characteristic that is frequently observed—there are other motivations that drive cybercriminal activities beyond a focus on money.

Six motivations of cybercriminals

According to Social Psychologist, Max Kilger, PH.D., senior lecturer in the Department of Information Technology and Cyber Security at the University of Texas at San Antonio (UTSA), there are actually  six motivations behind  cybercriminal activities, otherwise known as MEECES (a play off the old FBI counter-intelligence term MICE):

  1. Money
  2. Ego
  3. Entertainment
  4. Cause
  5. Entrance to a social group
  6. Status

Money: Kilger finds that individuals who are motivated by financial gain are found within underground groups who share this motivation.

Ego: Those who are motivated by ego derive satisfaction creating code that is both elegant and innovative.

Entertainment: Those that are motivated by entertainment seek to do things like interfere or humiliate for the fun of it. Kilger notes that due to infusion of less technical individuals into the digital space along with an expanded environment, entertainment as a motivation has gained momentum. One example of this type of motivation is when a cybercriminal group dumps company data for the lulz or tries to humiliate and damage a company brand or individuals employed by the company.

Cause: Kilger says this motivation is commonly utilized by hacktivists—those who use the Internet to promote political, scientific or social cause. Kilger says:

Levels of magnitude in this arena can be as simple as a web defacement to the theft of classified documents.

Entrance to a social group: There are also individuals who are motivated by social group inclusion who generally have to meet particular requirements to join the group—such as hacking a university departmental database to prove to the group that they have a certain level of expertise. This occurs frequently in underground forums where a member must be vetted via other members and through performing some type of hacking act.

Status: Individuals who are motivated by status have skills and expertise in networks, operating systems, hardware, security, cryptography, etc., and are well known within the underground hacking community due to these particular characteristics.

Though Kilger has been teaching MEECES for well over a decade now—these six cybercriminal motivations are still applicable in 2016.

Combined motivations

Within the underground communities there are also individuals and groups that exhibit combined motivations. Whether it is a parent struggling to provide for a sick child or a bullied adolescent—their motivations weave a story that is both sad and tragic.

During past Darknet meanderings I’ve conversed with cybercriminals within various forums and on Jabber (an encrypted messaging app). Some of the stories one encounters on the darknet pull at one’s heartstrings, like the dad who lived in an economically depressed area of the U.S. and had a child who was severely ill. Though his primary motivation was money, he also needed to gain entrance to a social group, and he had a cause.

Another example of a cybercriminal with combined motivations was a struggling high school student who came from a wealthy family that resided in an exclusive gated community. The kid had been severely bullied and castigated by his peers most of his school life. He mentioned situations where some of his teachers participated in badgering and persecuting him in order to humor and support his peers.

The kid utilized the motivations of ego, entrance to a social group, and status and was acknowledged by other underground hackers for producing incredibly elegant and destructive code. The kid was also torn between the desire to hack ethically vs.hacking for underground status and recognition.

Combined motivations: stealing IP

The underground is adrift in data theft, though the primary motivation  behind IP theft generally involves financial gain—stealing intellectual property (IP) can also involve a combination of motivations.

Stealing IP can puff up ego (showing off their code); they can do it for sheer entertainment (posting on forums about lax security) and it can also be a prerequisite to gain entrance to an underground forum that includes a specific type of hack (such as IP) for inclusion into their forum or community.Universities with tight security could go up for a challenge to see who can break into it—for those that are seeking status and “bragging rights.”

A “hacker for hire” may display several motivations for stealing IP to include a combination of money, ego, and status.

A hacker that uses malware, ransomware or exploits to steal IP, may be motivated by both ego and financial gain.

Hacktivists could be motivated by political or state-sponsored hacks and are serving objectives for their country. Perhaps they disagree with a particular professor’s teachings and target individuals within the system or target the entire system. Hacktivists are in it for “cause” only.

Entertainment value

I strongly believe that the most dangerous cybercriminals are those who indulge in dumping company secrets for sheer entertainment value–such as trolling and what some term as “Internet griefing.” Cybercriminals who hack companies just to grab media attention, aim to completely turn company lives upside down. These miscreants derive deep pleasure and satisfaction from watching others squirm and suffer. Though there may be some monetary demands attached to this type of trolling—the money is rarely the primary motivation.

In conclusion, though there may be other cybercriminal motivations—Kilger’s MEECES model covers the basic six quite well. which do you find most dangerous and do you find any of these motivations acceptable?

In my next segment I will be covering old school hacker’s vs modern day hackers – is there a difference?


This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell’s thought leadership site dell.com/futureready. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.


Special thanks goes to Max Kilger for his patience with my busy schedule.

Read the original article on LinkedIn.

Leave a reply