Articles‎ > ‎Data Security‎ > ‎

Organized Crime, Nation States, and Terrorists, oh my...

It seems like everyday the media is constantly bombarding us with some new story about hackers breaking into an organization or other news event with words that they prefixed with "cyber" to try to describe different types of digital warfare, crime or defense.  For example cyber-crime, cyber-terrorism, cyber-warfare, cyber-attacks, cyber-defense and cyber-weapons.  Its gotten ridiculous often these words are being used, and sometimes out of context.

Whether we know or not there is digital warfare being played out across the Internet.  Criminals and "nation states" are attacking different organizations (both private and public) and  countries to steal money, information (such as different types of intellectual property), and damage infrastructure.

Through different innovations over the centuries, criminals have gone from robing a single person with a knife, to hundreds of people on a train with a gun, to stealing money and data from millions of people on the Internet by attacking a specific web site or business.

Its possible to provide almost countless examples of these actions, but you can watch some of the videos below to get some more context and background.  Although, the purpose of this article is to point out the evolution of these attacks. 

Every year these crimes are becoming more sophisticated as new technologies are being invented and deployed.  Organized Crime, nation states, and terrorists are all using the latest technology and digital weapons and defenses to fight each other. For example these groups are:
  • Building advanced encrypted communications networks to keep their communications from falling into the hands of their rivals
  • Building situational awareness rooms, to monitor and increase effectiveness of their attacks
  • Utilizing the latest technologies, to hide their activities, create new weapons or deliver a weaponized payload
Its like a chess game where the digital infrastructure (used to run utilities, data, and finances) are constantly having to be fortified because they're continuously being attacked. 

We are in a "technological arms race", and current technologies used to fight these crimes is quickly becoming out dated.  For example, one of the first computer viruses called "Brain A" (1986) which was used to infect the boot sector of floppies. The principles (e.g. infectious code, stealth, deployment package) of that early technology have been evolved to one of the most sophisticated piece of malware written to date called Stuxnet (2010), which was used to take out the centrifuges in the Iranian nuclear enrichment facilities.

Most of these attacks are more sophisticated then the average person maybe able to understand.  Even the computer security experts are having a hard time staying up with the depth and breath of the new types of digital attacks that are constantly being developed.  Anti-malware companies struggle to keep up-to-date with the new and different types of malicious software that is being released.

The criminals are winning this game, and the computer security community is struggling to keep up.  For example, its next to impossible for basic defenses like anti-malware software, and firewalls to protect your computer and data 100%.  Criminals have learned to exploit bugs in the operating system and applications to take over your computer by doing something as simple as just clicking on a link in a browser or opening a document.

The future of defending our countries, businesses, and personal data from other nations and criminals will not be dependent on one government, organization or individual.  Although, it will have to be achieved through public and private cooperation working together towards a common goal.  For example, there is a site like the OCCRP (Organized Crime and Corruption Reporting Project) that is trying to help fight against government and business profiteering.

We also need to be aware that there going to be new attack vectors that are going to constantly be developed and weaponized as more technologies are wired together.  For example, cars, homes, medical implanted devices, even the DNA of different organisms can be exploited.

Marc Goodman: A vision of crimes in the future
Published on Jul 12, 2012
Video Description: "The world is becoming increasingly open, and that has implications both bright and dangerous. Marc Goodman paints a portrait of a grave future, in which technology's rapid development could allow crime to take a turn for the worse."

Avi Rubin - All Your Devices Can Be Hacked
Published on Dec 1, 2011
Video Description: "Avi Rubin is Professor of Computer Science at Johns Hopkins University and Technical Director of the JHU Information Security Institute. Avi's primary research area is Computer Security, and his latest research focuses on security for electronic medical records. Avi is credited for bringing to light vulnerabilities in electronic voting machines. In 2006 he published a book on his experiences since this event."

Stuxnet: Computer worm opens new era of warfare
Published on Mar 4, 2012
Video Description: "Computer virus's evident success in damaging Iran's nuclear facility has officials asking if our own infrastructure is safe. Steve Kroft reports."

Mikko Hypponen: Fighting viruses, defending the net
Published on Jul 19, 2011
Video Description: "It's been 25 years since the first PC virus (Brain A) hit the net, and what was once an annoyance has become a sophisticated tool for crime and espionage. Computer security expert Mikko Hyppönen tells us how we can stop these new viruses from threatening the internet as we know it."

Todd Humphreys: How to fool a GPS
Published on Jul, 2012
Video Description: "Todd Humphreys forecasts the near-future of geolocation when millimeter-accurate GPS "dots" will enable you to find pin-point locations, index-search your physical possessions ... or to track people without their knowledge. And the response to the sinister side of this technology may have unintended consequences of its own. "

Creating Cybersecurity Strategy in the Age of Wikileaks
Video Description: "Author Andy Greenberg talks about how strategic cybersecurity can created in the age of Wikileaks."