There was a time – back in the halcyon days of the 1990s – when cyber criminals and cyber security was so much simpler. At that time, anti-virus software and firewalls provided an adequate defence against hackers whose attempts to breach security could be described as more annoying than dangerous. Things changed in 2000 when the masterminds behind the Love Bug virus stole $410 billion from 20 different countries.
In 2016, the complexity and threat from cyber-security attacks continue to accelerate. For while cyber defence is light years on from those early days, the sophistication and expertise of hackers has multiplied in more than equal measure. In fact the term ‘hacker’ with its connotations of a lone student making mischief in his bedroom, no longer seems appropriate.
The Office for National Statistics has produced statistics for the first half of 2015 (released in October 2015) which reveal that more than 5 million cybercrime incidents occurred in the UK during that period. This type of crime represented 20% of Britain’s total economic crime in 2014 but the figure has exploded to 44% in the first half of 2015. And 72% of these cyberattacks came from organised crime gangs within the UK. So is it time to dispense with the term ‘hacker’ entirely and replace it with some more specific categories of attacker or refer to them all as cyber criminals?
Not necessarily. Most cyber crimes are still committed by individuals or small groups. But an individual who offers a product online and does not send it, or someone who pretends to be someone else in order to elicit private information for blackmail purposes; these are cyber criminals too. But while they are undoubtedly unpleasant individuals, they do not represent a risk to large corporates or organisations. The risk to business comes from attackers with more elevated ambitions. So just who does pose a threat to an organisation: who are the attackers?
‘Pranksters’ is a name sometimes given to those who hack into systems for fun. An example is the infamous cyber group called LulzSec who were studying computer sciences at college. Their name was based on their desire to ‘laugh in the face of the victim’s security measures’ but it was no laughing matter. In 2011 LulzSec took part in an Internet-wide attack on Sony, carrying out DDoS attacks and allegedly stealing source codes from their Developer Network.
A second group could be referred to as ‘attackers with a cause’. They usually have a political or social cause and usually operate as a small or loosely connected group of criminals. Similar to these are the ‘nation state attackers’ who also serve a cause and are often the most technically advanced of the type. One recent example of nation-state attacks happened right under the nose of a major cyber security firm, Kaspersky Labs. Kaspersky reported that Stuxnet and Duqu malware entrenched themselves in an effort to leech information about nation-state attacks that were under investigation as well as data regarding the detection software that can mitigate attacks. These attackers also present a threat to organisations because their political objectives are well-served by generating income from cybercrime in countries other than their own.
The fourth group, however, is the one that presents the greatest threat to organisations; they are the ‘super criminals’. Lacking any social or political agenda, they tend to work slowly and methodically, mimicking existing IT processes to ensure they aren’t detected until it is too late. They take advantage of any opportunity. There have been reports of cyber criminals flooding Brazil with malware disguised as a guide on how to treat the Zika virus.
As well as being unprincipled, large professional organised crime groups find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities. Criminal communities share strategies and can combine forces to launch co-ordinated attacks. They are difficult to crack down on as the Internet enables people to act anonymously from any location on the globe. Crime laws are different in every country too making it more complicated to bring criminals to justice if they launch an attack in another country.
One of most high profile examples was when ‘super criminals’ stole 40 million credit/debit card details from Target. It cost Target $4,200 million to replace compromised cards and it is estimated the criminals generated $453.7 million for themselves. Big businesses like Home Depot, Sony Pictures and JP Morgan Chase were also breached in 2015 through super-criminal attacks.
Identifying the instigator of any breach is part of the forensic investigation process but for the moment the important thing to remember is that most breaches are the work of intelligent and motivated attackers, who are cyber criminals and not hackers.