
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Components of Risk
|
7
Motives
Many of the threats are fairly obvious and easy to understand. We all know that
business competitors wish to make more money and disgruntled ex-employees often
want revenge for perceived or real wrongdoings. Other motives aren’t so easy to pin
down. Even though it’s seldom addressed directly in threat analysis, there’s some
value in discussing the motives of people who commit computer crimes.
Attacks on data confidentiality, data integrity, system integrity, and system availabil-
ity correspond pretty convincingly to the physical-world crimes of espionage, fraud,
breaking and entering, and sabotage, respectively. Those crimes are committed for
every imaginable motive. As it happens, computer criminals are driven by pretty
much the same motives as “real-life” criminals (albeit in different proportions). For
both physical and electronic crime, motives tend to fall into a small number of cate-
gories.
Financial motives
One of the most compelling and understandable reasons for computer crime is
money. Thieves use the Internet to steal and barter credit card numbers so they can
bilk credit card companies (and the merchants who subscribe to their services).
Employers pay industrial spies to break into their competitors’ systems and steal pro-
prietary data. And