For Recent Cyberattacks, Motivations Vary The most recent attacks have targeted institutions, such as the International Monetary Fund, whose computer systems were thought to be relatively secure. The people hacking into these networks can be classified into hacktivists, cybercriminals and cyberspies.

For Recent Cyberattacks, Motivations Vary

For Recent Cyberattacks, Motivations Vary

  • Download
  • <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Computer users have for years struggled with viruses, worms and all sorts of malware. But the most recent cyberattacks have targeted institutions whose computer systems were thought to be relatively secure: the French Ministry of Finance, Sony, Lockheed Martin, Citibank, even the International Monetary Fund.

"These are first-class attacks," says Luis Corrons, technical director for Panda Security, a global cybersecurity firm. "We were always seeing attacks on small and medium companies, but now we're seeing that many big companies are being targeted and successfully attacked."

It's a cyber barrage.

The people hacking into these big computer networks are for the most part highly sophisticated, with advanced tools and software at their disposal. But their motivations vary.

There are, for example, the "hacktivists" who break into networks largely just to disrupt them and make a political point. A recent penetration of the U.S. Senate computer system fit this pattern, as did an apparent attack Wednesday on the CIA's website.

There are also cybercriminals, seeking to commit fraud or raid bank or credit card accounts, as at Citibank or Sony.

Finally, there are the cyberspies who want to steal military secrets from a defense contractor like Lockheed Martin or financial data from the IMF.

"If someone is breaching a defense contractor, it's probably at the behest of a foreign nation," says Anup Ghosh, chief executive of Invincea, a Virginia-based cybersecurity firm. "If someone is breaching the IMF, it's probably at the behest of a foreign nation looking for competitive [intelligence] on what's going on."

The IMF decides which governments deserve financial bailouts, under what conditions, and the fund's actions have enormous implications for the global economy.

"If I can jump into the pool of water that is the IMF system, I can not only read the minds of the central banking community, but I can also manipulate currency and bond markets around the world," says Tom Kellermann, chief technology officer at AirPatrol Corp.

A hacker penetrating the IMF system might know which country's currency is likely to rise or fall in value and which government debts are likely to get paid off and which aren't. He could learn what negotiating stance IMF officials might take with a member government.

Those are important secrets, but the IMF may have neglected the challenge of protecting them.

"For years, they have emphasized physical security," says Kellermann, who used to manage cybersecurity at the World Bank, the IMF's sister institution. "The most important thing was protecting the executives and the decision-makers and the conference rooms wherein they made serious global decisions that had implications for the global financial markets."

In the meantime, however, the expansion of information technology and the widening use of mobile devices and remote access to sensitive systems complicated the security challenge at institutions like the IMF.

"You're seeing hackers leapfrog through these remote access points into the inner sanctums of these institutions," Kellermann says, "and maintain this omniscient presence within the systems by which they can manipulate markets."

The data breach at the IMF remains under investigation, and it is not yet clear who might have been responsible for the cyberattack. Governments would probably have the greatest interest in IMF data and confidential information, but that does not necessarily mean the attack was carried out by a state actor.

"There are underground markets [for data]," Ghosh says. "What we're seeing today is widespread and indiscriminate looting of networks." The IMF breach, he says, fit this pattern. "The person who is gathering that data may try to sell it to the highest bidder," he says.