As of June 1, 2024, Vestige Digital Investigations is part of ArcherHall, a leading digital forensics, e-discovery, and cybersecurity service provider.
The Vestige team that you know and trust will continue to serve you at ArcherHall. Our expanded team, capabilities, and infrastructure will allow us to serve you and your clients even better.

Cybercriminals are the new “Hells Angels”. <br>A look into how cyber gangs are adapting their own ethics, codes of conduct, and charitable acts.</br>

Articles

Cybercriminals are the new “Hells Angels”.
A look into how cyber gangs are adapting their own ethics, codes of conduct, and charitable acts.

Author photo
Cybersecurity Analyst
BS, CCO, CCPA, ACE

If someone were asked to detail the typical traits of a hacker, it’s obvious what words most people would use. The same could be said about describing a member of a biker gang; just the name itself tends to conjure a particular image. Without going into too much detail (or stereotypes), it’s safe to say that the two descriptions would likely be pretty contrasting. Regardless of their clear differences, cybercrime organizations and infamous motorcycle clubs do occasionally have some surprising overlapping characteristics.

There are numerous examples of clubs such as Hells Angels performing acts of charity or upholding moral codes despite their reputation as outlaws. Even when these organizations refuse to abide by established laws, they still strictly enforce their own internal values. This somewhat paradoxical approach can be seen in cyber gangs as well, with many following their own moral standards even while performing widespread criminal activity.

A recent example of this is the ransomware attack on the Hospital for Sick Children (SickKids), a research hospital in Toronto, Canada. In December of 2022, the children’s hospital fell victim to a ransomware attack that encrypted multiple priority systems. Although the attack wasn’t widespread enough to bring down the hospital’s entire network, it did cause delays in lab and imaging results. This attack was performed by an affiliate of LockBit, who operates as a ransomware-as-a-service provider. This means that LockBit maintains the ransomware software and licenses it to other organizations who do the actual network breaching and data stealing. Although LockBit provides tools and services that aid in criminal activity, their product does come with terms of use that forbid targeting certain organizations. In particular, LockBit specifies that affiliates are not allowed to encrypt medical systems where such attacks could lead to death. After hearing that one of their affiliates targeted SickKids, LockBit issued an apology and provided the decryptor to the hospital for free. They also blocked the offending affiliate from any further use of their ransomware service.

Possible Motives

The motives behind the ethical standards of these types of organizations are rarely made clear, but there are several possible reasons. One potential rationale is that these cyber gangs see themselves as part of a community with shared values and ethics that just happen to be at odds with our own values. They could view their activities as a way to challenge and push back against what they perceive as unfair power structures. In some cases, cyber criminals may even see themselves as modern-day Robin Hoods, stealing from what they see as the rich and powerful in order to help the marginalized and oppressed communities closer to them.

In addition, some cybercrime organizations may adopt codes of conduct as a way to justify their actions to themselves and others. By adhering to a set of principles, they can convince themselves and those around them that their activities are not only acceptable, but even virtuous. If members of a criminal organization believe they are committing crimes for the “greater good”, it can help them rationalize their behavior and reduces the risk that they will cooperate with any authorities that try to shut them down.
It is also worth noting that not all cyber criminals see themselves as engaging in immoral behavior. They may view their activities as a form of activism or protest against established systems that have been deemed unjust, or even just as a way to expose vulnerabilities in existing security measures. From their point of view, they may actually be doing a public service by highlighting these security issues and forcing companies to improve their security standards.

Of course, it’s important to remember the fact that committing a crime is illegal and can have serious consequences for both individuals and society in general, regardless of how it might be justified. Whether it’s installing ransomware on a hospital’s computer or just running a red light in a busy intersection, breaking the law can have serious consequences and having a code of conduct does not excuse the harm that criminal activity can cause. It should also be said that not all cyber criminals adopt codes of conduct, and even those that do may not adhere to them consistently or sincerely. However, the trend towards adopting these types of ethical frameworks highlights the complex motivations behind illegal activities in the digital realm.

Protect Your Company

If your organization wants to avoid a possible cyberattack (ie ransomware, malware attack etc.) or you suspect a breach or have actually experienced one, contact the cybersecurity experts at Vestige Digital Investigations. We offer both proactive and reactive solutions.