Skip to main content
← Back to Blog

Why Do Smart People Become Hackers? The Psychology Behind Cybercrime

Exploring the psychological, physiological, and societal factors that lead intelligent, capable people to engage in cybercrime.

12 min read

I've always been as interested in people as I am in tech. To me, everything is an interconnected system. I also believe that many people working in tech fields are highly intelligent. But intelligence doesn't necessarily guarantee either high morality or emotional maturity.

I've long thought about why some intelligent people choose the road of illicit activities instead of making a legit career where you don't have to worry about being arrested at some point in life. I know the easy answer is "money," as one seven-year-old told me (don't ask me why I'm having conversations about cyber criminals with kids, but that's the kind of world we're living in).

Yes, money. Of course, that's a big motivator. But if you dare to look closer, life is rarely just that simple. Also, I wouldn't exactly call hacking or creating malware "easy money". Considering the level of sophistication of most software nowadays, it takes a lot of effort and learning how different systems work before you can even begin exploiting anything.

That still leads us back to the main question: what leads someone smart and capable to engage in criminal activities online?

The Emotional Distance from the Crime and the Victims

Most people familiar with computers and smartphones are probably aware of how non-anonymous we are on the Internet. From the ad trackers in our browser and very visible IP address to the possibility of a hacker figuring out your identity through our browser's window dimensions or screen size. In addition, our smartphones are constantly aware of our location. So is Facebook, apparently, when it's giving friend suggestions for the people who have spent some time in the same room with us.

So hackers hardly feel anonymous on the internet. Even in the dark web. But triggering the emotional dilemma of committing an online crime is a different story. You can't see the face of the person whose life savings you've just stolen. Or feel the agony of hundreds of people whose private information you just leaked. Or sense the pain and chaos when you discover that all your work and files are encrypted.

It's not really a reason to become a hacker. But the emotional distance from real-life victims is definitely a major prerequisite for opting in to an online crime scene. I bet at least some of the cybercriminals would stop their activities mid-way through if their empathy were triggered. But it's easy to make up suitable stories in our minds and find justifications for our actions if we never really come in contact with the victims.

I've listened to many hours of cybersecurity-related podcasts, and in BBC's Cyber Hack, the journalists have conducted interviews with criminals or analyzed leaked private chats. I highly recommend that podcast, by the way. It's suitable for non-technical people, too, because it very vividly discusses the storylines around the crimes, not technical details of the heists.

Some criminals have literally said (after being caught) that they didn't give much thought to the consequences of their activity. Others have claimed they thought the victims would get their money back through insurance. If you believe that claim. Even in this case, someone else will still have to compensate for the stolen money. Plus, some heists have been so huge that no insurance can cover them.

The "Easy" Money

It is still an important topic to discuss. That's mainly the only reason cybercrime exists - to earn money. It's difficult to get accurate data on how much has actually been stolen over the past decades through cybercrime because they don't really register their businesses, and not all victims report their incidents.

The cost of cybercrime is expected to top $12 trillion by 2025. Even Elon Musk couldn't pay for all those losses. During 2013-2023, $55.5 billion in losses worldwide were reported to the FBI from Business Email Compromise (BEC) scams. The total ransomware payments have been hovering around $1 billion (give or take a few hundred million). That's the actual money the cybercriminals get their hands on. Another major category of cybercrime nowadays is cryptocurrency theft. In 2025, crypto scams alone are estimated to have stolen around $17 billion globally. I could go on with the statistics…

Cybercrime definitely sounds like a big business, and the number of stolen assets has been increasing over the years. While a successful heist can make someone rich very quickly, I would hardly call it "easy money". The Lazarus Group hackers, for example, are allegedly getting very little out of what they've stolen and have to work together in small spaces 16 hours a day. One former member of Evil Corp said in an interview that his regular working hours were 14:00-00:00, which is 10 odd hours. 10 hours a day seems a pretty mild estimate, honestly. Oftentimes, the hacker (or the group's manager) would have to work at night to time their attack to a specific time zone, too. Plus, you don't get to keep all the money either. An estimated 2%(!) will be recovered by law enforcement. The more expensive part is probably paying shares or salaries to all of the accomplices, starting from money mules to actual hackers and money launderers to crypto mixer service providers. Also, scammers scam other scammers frequently on the dark web. So you may think you're buying new and shiny software, but you get nothing in return, or get malware together with a backdoor for the providers to steal the money you steal. And you have nowhere to go to complain.

Then there's also this huge risk involved in cybercrime. You could end up in jail at any given moment. You could end up on the FBI's most wanted list. Your mental health can take a toll from all the paranoia of being watched or discovered by the police. And the paranoia is not even baseless because often the police just observe cybercriminals for a long time, sometimes even a year or more, before taking any action. You can be betrayed by your own cybercriminal "friends". Maybe you can never travel outside of your own country because you'd then be arrested immediately. And all these people are just "regular" people with families, friends, and hobbies.

I would hardly call it easy money. One of my favorite quotes is "If it costs you your peace of mind, it's too expensive." I'd rather be poor with my freedom and peace than have walls full of hidden cash blocks, garages overflowing with expensive cars, while dreading each day of getting caught or killed. But that's just me.

The Personality Characteristics

Now, to the actual psychological characteristics. No one is born a hacker. But personality traits definitely set up a general direction. All the stories I've read and heard over the years point to some common patterns. Hackers usually begin as just smart and curious people tinkering with software and technology for fun. Over time, curiosity produces new skills and competence.

To tackle numerous issues and problems every day and actually hack something, cybercriminals have to be natural problem-solvers. You can't sit and wait for someone to save you if you want to be a hacker. You have to be the one who figures things out, either alone or with the help of others. But the victim mindset won't help anyway. Some people seem to love complaining without ever taking any action to improve their situation. A hacker, I believe, must be more self-driven.

While being self-driven, they'd also need to be able to learn many new skills on their own. To my knowledge, there are no hacker universities. There are cybersecurity degrees, but hackers are usually already hackers by the time they reach university age. Learning new skills on your own takes a lot of persistence, consistency, and willingness to fail.

They'd also have to be comfortable with abstraction and systems. One thing is to have tangible things laid out for you. It's an entirely different case if you have to work with software that does exist in the form of code somewhere but produces an abstract system altogether. You can't really see the World Wide Web or the network you're reading this from. The most powerful parts of the computer don't have a nice user interface that lets you visually see what you can and cannot do. How all the parts from software, networks, and servers to the whole infrastructure work is a complicated system. Especially if you want to do something more than google your latest medical symptoms. You'd have to actually get to know the makings of the system to be a real hacker. Nowadays, you can, of course, also be like a dark team lead without any hacker skills of your own, but that's a bit boring, and you'd still have to understand some parts of the system.

I'd also mention creativity. You simply have to think outside the box to be a hacker. The creativity of new ways of exploiting software and systems could be truly admirable if it weren't so damaging at the same time. That's where my initial question actually originates from: with this kind of capabilities, why would someone be a criminal instead of building something amazing?

But these are all positive qualities that can be seen in many regular software developers as well. I guess there have always been differences in mindsets: some people love building, and others like taking things apart. And some just don't care about any consequences.

The Ego

I cannot really not talk about the so-called Dark Triad:

  • Machiavellianism - manipulation and strategic thinking
  • Narcissism - entitlement and constant need for recognition
  • Psychopathy - low or no empathy and impulsivity

Studies show that lower empathy, manipulation, and insensitivity are more common in cyber offenders. Moreover, the Dark Triad traits significantly predict interest in malicious hacking.

Basically, it means that many hackers just don't care if they cause harm to others. Maybe they oppose the authority and current legal systems and feel the right to contribute to damaging them. Maybe they are just self-indulgent a**holes who want to buy Lamborghinis, Gucci bags and Armani clothes for themselves. Maybe they feel entitled to others' resources for whatever reason. Also, I have to remind myself that there are people in the world who actually enjoy hurting others, one way or another - individuals with the brain development abnormalities that produce psychopathy.

But sometimes it's not even a diagnosable disorder. Sometimes it's just people's need to gain recognition. You can literally become a celebrity in the underground communities, too, without ever having to show your face or sing or dance for others. The environment of cyberspace rewards traits that would be socially punished offline. In gaming communities, for example, "hacking" is encouraged and rewarded. People are genuinely admired for their skills. Some cybercriminals have made the mistake of bragging about their accomplishments on dark web forums (which are infested with undercover law enforcement officers) and thereby setting themselves up to get caught.

Barriers In The Legitimate System

Meanwhile, the legal paths of career development are often slower, more frustrating, and gatekept. "Traditional recruitment often focuses on formal education and training, whereas self-taught, gifted individuals who don't follow this conventional path are overlooked". That same article makes another point: the majority of cyber talent could be classified as neurodiverse, so the regular recruitment path seems more out of reach to them, despite their skills.

That connects well to my previous article. We lose a lot of talent by forcing every developer to have the exact same skill set to have a chance in the job market. Some people hate group settings (interviews), even though they are collaborative when they can work from behind their own computer. People in general are notoriously biased, too, and tend to believe the loudest person. Even when that loud shouter is entirely wrong. Or way less skilled.

Or some people's brains simply freeze when they're being closely observed or pressured. That doesn't reduce their intelligence. It just means that their talents are assessed in the wrong setting, one that sets them up for failure. Today's job market expects everyone to have perfect self-marketing skills.

Also, the most talented people can become frustrated when they're unchallenged for too long. Grinding through endless tickets, bugfixes, and boring assignments frustrates most software developers. Remember the highly self-driven curiosity I talked about earlier. It may not seem like a big deal to everyone, but for some, the lack of challenge and opportunities for growth can feel like psychological amputation. And this feeling can be maddening.

So we regularly discount the highly intelligent, curious, and creative people because they don't neatly fit into the standard education and job-market boxes. A shame.

The Physiological Rewards

In addition to psychology, we can't forget human physiology either - the system inside ourselves. The reward system, in particular. The social media, gambling, and marketing fields know all too well how to take advantage of basic human physiology. The reward system in cybercrime is completely different from that in most regular jobs. You get instant feedback and a sense of accomplishment for "getting in" to a system.

"Access granted" = your brain releases dopamine because you've achieved an unexpected reward after sustained effort. Dopamine isn't the "pleasure chemical," as it's often described. Modern neuroscience sees it more as a motivation and learning signal. Unfortunately, it's highly addictive too. It's physiologically meant to be that way. Dopamine tells your brain: "That worked. Remember what you did. Do it again."

One of the strongest psychological findings around this topic comes from learning theory. Rewards become especially addictive when they're unpredictable.

This is called a variable-ratio reinforcement schedule. Common examples include slot machines, loot boxes, and social media notifications… Also, you don't know which hacking attempt will succeed.

While there is no official diagnosis of "hacking addiction", the triggered reward system in our brain resembles gambling and gaming a lot. And I guess most of us have felt the effects of those tiny red social media notifications that have been designed to make us addicted. Even without reading about the research, you can see it from the way they try to notify you about completely irrelevant things all the time.

Besides dopamine hits, some people seek the adrenaline rush of extreme sports, physical challenges, high-stakes jobs, or… hacking a system.

The Freedom of Choice

The last thing I want to mention is that there are also many cybercriminals who don't have many other choices. It may literally be the question of life and death for them. In some state-funded hackers in some countries, for example. You either join the cyber army, or they have no use for you. Maybe you are not even aware that a different life would be possible for you if you just got out of the grip of some effective brainwashing. Or the state threatens to sell you out to some other country for your past crimes if you don't help out with your hacking skills. Or you're threatened by some other cybercriminals. Extortion, corruption, and betrayal all play a role in how someone gets into and stays in the criminal field.


All in all, I still wouldn't say it's just money that someone gets entangled with cybercrime. Money is the main surface-level goal, for sure. But there have to be other underlying motivations too, otherwise we wouldn't have all the highly intelligent, competent, and skilled cybersecurity and other specialists. While they most likely can never gain access to billions of dollars in 2 minutes, they still choose not to go down the criminal route. Other bright minds choose differently. And not all cyber criminals are that bright, either, to be honest. But there are better and not so competent "specialists" in every field, obviously.

The biggest misconception about cybercriminals is that they're fundamentally different from us. They're often regular people, driven by the same curiosity, desire for mastery, recognition, and challenge that inspire scientists, engineers, and entrepreneurs. The difference is in where their motivations are directed.

And unfortunately, all it takes to meet one is a single careless click.

← Back to Blog