Cybercriminals—who are expected to cost the world $9.5 trillion in 2024—are popularly depicted as social outcasts or shadowy masterminds. So it was with some trepidation that experts from Cisco Talos set out to interview one in September 2020.
A man they called Aleks had tagged Talos senior intelligence analyst Azim Khodjibaev and others on X, then called Twitter, in a message relating to a hack on a business in Latin America. Khodjibaev wrote back—and found Aleks was only too happy to talk to the Talos team.
They also discovered that Aleks had more in common with the average IT worker than the nefarious hackers portrayed in the media.
“This threat actor, and others like him, lead seemingly normal lives that are filled with family demands, work deadlines, and leisure activities,” wrote Khodjibaev and his colleagues Dmytro Korzhevin and Kendall McKay in a 2021 report.
Aleks, who carried out attacks using LockBit, the most widely deployed ransomware variant globally in 2020, even demonstrated peculiarly human fallibility by lying to the Talos team about being ethical in his actions, saying he avoided healthcare targets as the COVID-19 pandemic was raging.
“During the conversation, our intelligence has told us none of it was true,” said Craig Williams, then director of outreach at Talos, in a 2021 interview. “We knew he absolutely was targeting healthcare. It just, I think, made him feel a little bit better that we thought he was better than he was.”
Diversity in the hacker community
In May 2023, the U.S. Department of Justice identified Aleks as Russian national Mikhail Pavlovich Matveev and charged him with ransomware attacks on critical infrastructure, offering a reward of up to $10 million for information leading to his arrest.
While Matveev remains at large, other sources have confirmed that the average hacker—if there is such a thing—is more like you and me than most of us would imagine. When Arion Kurtaj, of the notorious Lapsus$ hacker group, appeared in court in 2023 he turned out to be an autistic teen.
The hacker community draws from people of all backgrounds and “is becoming more diverse by the day,” says Khodjibaev. “The idea that most of them are twenty-something white males is wrong.”
Many of them are, he adds, but today’s hackers can be of almost any gender, age, or race. “Additionally, the idea that they all come from humble backgrounds is also false,” Khodjibaev says. “A large number of hackers come from upper middle-class families.”
A job like any other?
“They have IT support, business development, and most ransomware gangs have customer support and quality management,” Hofmann says. “The hacker group DarkSide published a press release talking about their ‘values’. There are hacker job boards, affiliate marketing systems and so on.”
Hacker teams “operate more professionally than most businesses,” says Hofmann, with Matveev telling the Talos team in 2020 that much of his success came from hearing about official patch announcements—and rushing to exploit the vulnerabilities concerned before they were patched.
The diversity and professionalism of the hacker community partly explains why cybersecurity teams always seem to be rushing to keep up—and offers little in the way of insights that security chiefs can use for defense. But there are some traits that most hackers seem to have in common.
Understanding hacker psychology
“One of the biggest things that they all share is this innate need to solve puzzles, always wanting to know what’s beneath the hood,” says Luke Secrist, CEO of the ethical hacking firm BuddoBot. “Every hacker, whether criminal or ethical, wants to be able to do things that others can’t.”
This can lead hackers to seek out high-profile targets, often as much for notoriety as for financial gain. “The more popular the software is, the more the idea of being able to break it before someone else does is a thrill,” Secrist says.
Hofmann says hackers may also be seduced by how easy it is for them to get away with their activities. “If you have already $200 million in bitcoin in your wallet but you continue to commit crimes then your motive is not money, but greed,” he says.
This underscores the fact that while an understanding of hacker psychology is important in avoiding attacks, security leaders should also pay attention to how their employees think.
“Ninety percent of cyber attacks are caused by human error,” says Hofmann. “It’s people clicking on links, it’s people opening attachments, it’s people plugging in flash drives they found in the parking lot. The best strategy to prevent cybercrime is to inspire people who are not interested in IT.”