Sutton is also the subject of one of the most frequently cited - and bogus - anecdotes in all of security (we're talking everything from physical security to information security and cybersecurity). At just about every security conference that I've attended, someone has used some version of the following:
"When a reporter asked the bank robber Willie Sutton why he robbed banks, Sutton replied: "Because that's where the money is.""
Before we look at what Sutton really said, please note that if you like this anecdote, you can still use it with one small change to the wording:
"When a reporter asked the bank robber Willie Sutton why he robbed banks, Sutton is said to have replied: "Because that's where the money is.""That's right, according to Sutton's autobiograhpy, he never said he robbed banks because that's where the money is. The reality, claims Sutton, is that a reporter fabricated the exchange (Sutton, 1956). Here's what Sutton really thought:
"Why did I rob banks? Because I enjoyed it. I loved it. I was more alive when I was inside a bank, robbing it, than at any other time in my life."
|Willie Sutton's Autobiography|
In fact, I have used the anecdote myself, for example: "Why do [criminal hackers] seek unauthorized access to networks and digital devices? Because that's where the data is, and data is the new currency." However, in that same 2011 SC Magazine article I also noted Sutton's true motivation, and not just to be snarky. The serious message here is that the reality of Sutton robbing banks because he enjoyed it is immediately recognizable to anyone who has studied the thrill of hacking and the phenomenon of hacktivism. In other words, Sutton may be a poster boy for expressive crimes, those "containing a high emotional or ‘expressive’ element" (Hayward, 2007); these are crimes in which reason plays only a small role, if any. Expressive crimes are potentially immune to crime prevention measures based on Rational Choice Theory and Classical criminology.
Which brings us to late 2014 and the multiple hacking attacks on Sony, both the destruction of data at Sony Pictures and the sustained denial of service attack on the PlayStation Network (PSN). We already know that the latter was perpetrated by a group of people going by the name of Lizard Squad and motivated, first and foremost, by the fun of it (see interview transcripts such as this one). While many organizations focus IT security efforts of protecting data that can be readily converted to cash, Sutton and Sony remind us that for some criminals, the thrill of the crime is the primary motivator. And if the fear of apprehension and detention is not stronger than the love of the crime act, the chances of creating an effective deterrent are slim.
Felson, M., Clarke, R. (1998) Opportunity Makes the Thief: Practical theory for crime prevention, Police Research Series, Paper 98, Editor: Webb, B. Home Office Policing and Reducing Crime Unit Research, Development and Statistics Directorate, U.K.
FBI, Famous Cases and Criminals: Willie Sutton: http://www.fbi.gov/about-us/history/famous-cases/willie-sutton.
Hayward, K. (2007) "Situational Crime Prevention and its Discontents: Rational Choice Theory versus the ‘Culture of Now’" Social Policy & Administration (3): 232-250.
Sutton, W. and Linn, E. (2004). Where the Money Was: The Memoirs of a Bank Robber. Broadway Books. New York City. (First published 1976 Viking Press, New York City, New York), p. 160.