In the past ten years, cybercrime has transformed from something mostly seen in (terrible) works of fiction - films like Hackers and books likeDigital Fortress - into a subject that concerns all levels of corporate leadership, national governments and even my mother.
But in 2017, we’ve crossed a new boundary. You see, previously, one of the most difficult aspects of cybercrime was monetization - stealing millions of credit card numbers or valuable intellectual property is the easy part, actually getting paid for the effort is another matter.
In case of credit card details, you would need to clone the cards and send armies of ‘cashers’ to multiple ATMs to get your hands on the money. Another method would have cyber criminals enlist ‘stuffers’ to purchase goods from online vendors using stolen data, then send them to several ‘drop’ sites, repackage them and resell them. In case of IP, you would need to find a corporate buyer who would be prepared to negotiate with an anonymous party instead of going to the police - getting rid of stolen goods is always risky.
A digital shakedown
Considering just how much work goes into getting paid for hacking, it is little wonder that stolen customer data is mainly used for shady marketing purposes - and that’s not going to put anyone’s kids through college. The same data could also be used for various forms of phishing, but that takes time, effort and ability.
This landscape has changed with the arrival of a new threat - ransomware. In essence, ransomware is a classic shakedown or extortion tactic employed by criminal entrepreneurs since time immemorial. The model where your assets aren’t actually damaged as long as you pay, something they call ‘pizzo’ in Italy. It is the equivalent of saying: “Nice data you have there. It would be a shame if something happened to it.”
In May 2017, Britain’s National Health Service was hit by ransomware, with the attack affecting hospitals, surgeries and pharmacies. In the US, Butler County in Kansas, Montgomery County in Alabama and Mecklenburg County in Virginia were among those suffering serious disruption after ransomware infected local government systems. We’ve seen similar attacks in Scotland and Ukraine, India and Japan.
Ransomware is gaining popularity because it enables cyber criminals to be paid directly, using one of the countless new cryptocurrencies that are also making the news [don’t invest in Bitcoin, it’s a bubble].
In the past, cyber criminals would go after online shoppers and social media mavens. But now, they are going after our sick and disabled, our public servants and elderly relatives. We need to fight back. We need proactive security policies and thousands of young specialists that can track the attackers back to their homes. We need judges that understand the cyber domain. We need to reshape our firewalls into minefields. They send one of ours to a virtual hospital, we send one of theirs to a virtual morgue.
In this context, the recent announcement by NATO is a step in the right direction. The alliance is considering a more ‘muscular’ and ‘aggressive’ approach to state-sponsored hackers, especially if they come from Russia. We should all learn from NATO, and break their virtual legs.
This article appeared in the December/January issue of DCD Magazine. Subscribe to the digital and print editions here: