The Cost of Asking Crowd Workers to Behave Maliciously

Crowdsourcing has emerged as a powerful way to provide computer systems with quick and easy access to human intelligence. However, there is a risk that online crowd workers could be directed to perform harmful tasks. To understand the impact of financial incentives on paid crowd workers’ willingness to behave maliciously, we conducted a series of experiments in which we hired crowd workers via one crowdsourcing task (Attack task) to attack a different crowdsourcing task (Target task). We found that roughly one third of all crowd workers were willing to provide the attack task with potentially sensitive information from the target task, and that we could double this number by increasing the payment of the Attack task. Based on exit interviews and community feedback, we discuss some of what workers reported. Our findings reveal a measurable cost to completing malicious work that well-meaning task designers can leverage to protect their systems from attack.