Who attacks IoT and why do they do it?

Aleksandra Pawlicka, PhD, ITTI Sp. z o.o, Poland

If you were asked to think of a hacker trying to attack IoT, how would you picture the person in your mind? It turns out that oversimplified stereotypes of hackers are no longer relevant. The development of cyberspace gave birth to several new kinds of threat actors. As the landscape of the threats to IoT is incredibly vast, just taking the attack types into consideration may not be enough to be able to grasp its complexity. Instead, it is worth having a look at the adversaries themselves, as well as at their underlying motives.

In the scientific state-of-the-art literature, a number of actors have been identified who are known to pose a threat to the security of IoT. Starting from the most harmless ones, there are the “regular” hackers, that is, malicious individuals such as cyberbullies, script kiddies or pranksters; they usually use ready-made tools and applications, viruses or worms. Then, there are thieves who make material gain by exploiting vulnerable IoT devices. In turn, “hacktivists”, i.e. hacker-activists, such as Anonymous, hack IoT devices in pursuit of social or political agenda. Then, there are competitors and organized crime; the actors who use IoT for financial gain or tarnishing the competitors’ reputation, in a structured manner. Cyberterrorists are terrorists who target information systems in order to inspire terror and threaten citizens, or even harm them, for example by attacking the remotely-configurable life-sustaining devices. Lastly, the nation-states are the most dooming threat to the IoT network, as they employ highly skilled individuals and receive generous governmental funding. In the context of IoT they are the most dangerous threat actors, as it has been hypothesized that they are capable of employing it as part of cyber warfare or surveillance programs [1].

The actors posing the threat to IoT vary, and so do the motivations for performing cyberattacks on the network’s devices. An analysis by the FBI let distinguish four motivations for doing so. A number of hackers are motivated by national interest. Other threat actors attack IoT to bring terror and destruction or wreak revenge. There are also people who attack for any kind of advantage, whether it be financial gain, intellectual property or peer recognition. Finally, for a number of actors, compromising IoT devices is a form of a challenge, driven by curiosity [2].

In the H2020 ELEGANT project, ITTI has carefully scrutinized the threat landscape of the Internet of Things, and besides collecting and comparing a number of attack taxonomies, we sought the answer to the question of who attacks IoT and what drives them to do so. By adopting such a holistic approach, we’re able to better address the purely technical needs and contribute to a safer, more secure European IoT. This resulted in the contribution to the D5.1, as well as scientific publications, currently under review at esteemed outlets. Currently, ITTI works on the machine-learning based network intrusion detection component that is part of the ELEGANT platform.


[1] J. Bugeja, A. Jacobsson, and P. Davidsson, “An analysis of malicious threat agents for the smart connected home,” in 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), 2017, pp. 557–562.

[2] A. Shostack, Threat Modeling: Designing for Security. Wiley, 2014.