How Bad Actors Begin


A "bad actor" is defined as an "ill-tempered, troublemaking, or evil person", however the term is used in cybersecurity spaces to describe anybody who would exploit others for their own personal gain. Bad actors are hackers, scammers, scripters, middlemen, and are what provides us reason to maintain such robust cybersecurity measures.

While bad actors may have honed quite valuable skillsets, not all of them belong to the kind of criminal organisations that perpetrate high-profile data breaches, some of which are responsible for hundreds of millions of dollars worth of damages to businesses. Equally deserving of the title "bad actor" are the scammers who cold call people or offer fake tech support, or the scammers who send you fake SMS messages to try to phish your personal information.

In fact, there is a clear path of progression for a bad actor to go from unknown and uninvolved, to standing shoulder to shoulder with the internet's most sophisticated criminals.

Today we will attempt to answer the question of how bad actors are made. This will provide insight as to the type of person that cybercrime appeals to, and maybe will shed light on why cybercrime will always prove difficult to prevent.


Let us consider for a second that these days the cybersecurity industry is very diverse in the types of jobs that are on offer, and statistically it offers great job security and good salaries. In spite of that fact, the skillset that would allow one to succeed in this industry are instead used by bad actors to commit cyber crime, the type that can carry lengthy jail sentences. A rational person might ask themselves how it is ever worth the risk? It seems inexplicable, however there must be additional factors that drives otherwise skilled security professionals towards criminal activity. We believe bad actors are motivated largely by two factors: reputation and profit.


The bad actors that manage to make a name for themselves revel in their infamy. There is most certainly ego involved, and a great amount of reputation is earned by criminals who manage to pull off a very prominent attack. It could well be the case that somebody who has a valuable skillset, but perhaps themselves feels undervalued, would look up to these criminals. There is a social element to their motivation. This might cause them to consider committing cyber crime themselves in order to gain the respect of their new peergroup, and earn their place within the online criminal community.

You may have heard of "hacktivism" before. Hacktivists are bad actors who see their attacks as serving justice to organisations or individuals who they disagree with. The internet hivemind "Anonymous" is a well known perpetrator of such attacks, and is very accessible - the group organises their attacks on the clearnet through the publicly available website "", which serves as the ideal gateway for the curious would-be hacktivist. These types of hacks are an easy way to begin to earn notoriety as there are no prerequisites to joining Anonymous, and all that one would need to do to earn reputation from involvement in these attacks is to give themselves a name. Additionally, hacktivism may not be seen by young people to be as immoral as committing cybercrime purely for profit due to there being a strong ideological motivation for the attack. 

There is also a clear hierarchy in place in many other darkweb forums. Beginners and nameless bad actors are expected to start from the bottom and earn kudos from their peers by providing (usually for sale) data from people that they themselves have acquired through illegal means. Eventually they might start to get noticed, allowing them to build connections and be invited to more prestigious groups and forums by referral of a more established bad actor. This would allow them to get involved in larger and more serious breaches, to join the ranks of more dangerous organisations, as well as to earn more money.


It goes without saying that criminals can make substantial profits from committing cybercrime. While somebody starting out may not necessarily be part of the next multi-million dollar heist, there is significant monetary incentive even to smaller-scale cybercrime such as card skimming or SMS phishing. Additionally, there is even enough data circulating online from the various breaches that companies and individuals have suffered in the past that brute forcing by reuse of old credentials, social engineering or identity theft are all big problems. The goal of bad actors almost always involves gaining access to an account or system, so consider that Amazon, eBay and Facebook Marketplace are all popular subjects of phishing campaigns, mostly because these provide the successful hacker access to a person's card information. With this information, bad actors can discretely exfiltrate the funds within someone's bank account.

It is also the case that cybercrime remains more profitable than cybersecurity. As long as that imbalance remains, criminals will have enough incentive to continue their illegal activities. Businesses have tried to curtail this profitability by refusing to pay ransoms towards ransomware groups, and by investing more heavily in their own cybersecurity divisions, however this has not done enough to dissuade these criminals entirely. Likewise, while prison sentences will naturally reduce the lifetime earnings of any bad actor, they are highly adept in maintaining privacy and can be very difficult for law enforcement to catch. Often the profitability outweighs the risk, or the risk is to them an enjoyable part of the experience, and so criminal organisations, and bad actors in general, remain at large.

Changing Direction

Given what we have briefly discussed about what motivates a bad actor, and noting the damage that they will cause to individuals and businesses as a result, maybe we ought to postulate on how these bad actors can be rehabilitated.

Firstly, we might like to consider why hacking might appeal to young people. Variably, there are societal norms which the average young programmer might feel like they do not fit, and this might be one motivator that pushes them to seek a more likeminded community online. Or it might be curiosity that exposes them to these communities, and curiosity that precedes their involvement. It might be the case that teaching programming to classes at an earlier age would help to reassure children of both the value and normality of their interests. Further, providing more resources to children interested in programming might prevent their need to seek their information on seedy corners of the internet.

But for the established and experienced bad actor, what might bring them back into the fold? As data breaches have become more widespread, and more damaging, we have seen the cybersecurity wings of major companies rapidly expand, leading to the creation of a wave of high skill jobs in the cybersecurity sector. While these can be well compensated, ultimately these might not prove to be as profitable as a bad actor's more illegal pursuits. Further, this legitimate employment would not protect them from the misdealings of their past, and with the length of prison sentences cresting 27 years, these criminals may feel so committed to the protection of their privacy that they cannot risk employment in such a way. 

As companies continue to place higher and higher value on the skillsets that would prevent them from suffering data breaches, they will naturally be willing to offer higher salaries due to the scarcity of such skilled staff. Perhaps we can imagine a scenario where white hats make just as much money as black hats, and bad actors might no longer be as motivated by the profitability of their attacks. Then, as these jobs become more valued, not just by companies but by society, perhaps they might be afforded the respect and kudos that they feel they deserve, and not need to seek the reaffirmation of other criminals for their own fulfillment.

Until that day arrives, there is little to suggest that cybercrime will decline in any way. Attacks continue on a regular basis, and new groups appear all the time. But consider that there may be social and cultural changes that could prompt a break away from this trend. 


The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

Twitter data breach: exposed the data of 5.4 million accounts | White Blue Ocean
Twitter data breach: exposed the data of 5.4 million accounts

In late July 2022, Twitter confirmed that it had suffered a data breach, after a threat actor appeared in a popular underground forum selling the data of 5.4 million Twitter users. Read more

Read more
Could You Be the Target of Cyber Crime?
Could You Be the Target of Cyber Crime?

Bad actors, who may be any kind of hacker, carder, social engineer or otherwise, are always on the hunt for their next victim. how likely is it that you, yourself, are attacked in this way? Are you a target?

Read more
Learn more about ChatGPT and the rise of AI in cybercrime
ChatGPT and the rise of AI in cybercrime

ChatGPT is an artificial intelligence (AI) tool developed by OpenAI that has the ability to generate human-like text. It has genuine real-world applications, and its creators believe it could soon completely reshape the structuring and operation of modern businesses. While this tool can already be used for a variety of purposes, including language translation and content creation, it also presents potential dangers when fallen into the wrong hands.

Read more
Find out how governments fight Cybercrime
How governments fight Cybercrime: strategies and progress

The rise of cybercrime in recent years has been staggering. This article explores the actions and strategies employed by governments to protect citizens and institutions from the ever-evolving digital underworld.

Read more
Cyber threat landscape: who is LockBit gang?

The cyber threat landscape has undergone many shifts in the past year, from the involvement of ransomware cyber gangs in hacktivist activity during the war between Russia and Ukraine, to the disappearance from the scene of the most prolific ransomware groups. These include DarkSide, the hacker group behind the Colonial Pipeline attack, and REvil, One of the groups that has been active since 2019 and continues to grow regardless of the shifts in the cyber threat landscape is the LockBit gang.

Read more

In this modern world there is an app for everything. Easy access to a variety of free apps for our smartphones and tablets, with millions available on the Google Play Store*, gives cybercriminals an opportunity to find new ways of infiltrating our devices and getting hold of sensitive data. Since bad actors have established methods to get past the Google Play Store’s security scans put into place to protect its users, deceptively innocent looking applications containing malware known as droppers have entered the scene.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!