JOIN USCyber security has come a long way since 1988, when Robert Tappan Morris attempted to gauge how big the Internet was by releasing one of the first recognised worms to infect the world’s nascent cyber infrastructure.
The worm relied upon weaknesses in the UNIX system to replicate itself. Once infected, computers slowed down to the point of being unusable. Tappan became the first person convicted under the United States Computer Fraud and Abuse Act.
Since then, we have seen an increase in cyber hacking and subsequent scams taking us beyond individual “Geeks” gaining access and criminals looking for easy money, to a new cyber underworld of transnational networks and state-sponsored cyber spies.
In the process, sophisticated hackers continue to gain access to personal, banking and government information as well as military and industrial secrets. No sector of cyber has gone untouched.
A major shift in cyber attacks occurred in October 2010 with the release and detection of the Stuxnet worm. Stuxnet specifically targeted programmable logic controllers (PLCs) that control of vast array of automated processes including factory floors, chemical plants, oil refineries, pipelines, electrical grid systems and, in this case, Siemens PLCs that controlled Iranian centrifuges for separating nuclear material.
Stuxnet was introduced into the government computers by individuals using a personal USB drive. With Stuxnet, hacking had gone from an inexpensive phishing expedition to an all-out precision warfare.
Security experts agree that the single method most effective in minimising intrusion and compromise of information is you, the user. Policies and procedures are not effective if computer users are not trained and educated on the proper methods of implementing security policies and using security procedures.
Art Wittmann, a freelance IT writer said, “As we have come to realise, the idea the security starts and ends with the purchase of a pre-packaged firewall is simply misguided.” Yet we continually fall victim to cyber scams and fail to secure our computers. This past year was no exception as we witnessed a variety of scams and attacks.
More than 32 lakh debit cards issued to various Indian banks were compromised earlier last year, which resulted in the loss of Rs 1.3 crore in fraudulent transactions as reported by the National Payments Corporation of India (NPCI). These hacks went undetected for months, allowing the hackers to continuously extract money off these user accounts as well as infect other bank operations with malicious software.
Twitter accounts around the world were hacked. The most noteworthy for India was the attack by an infamous hacker group known as Legion. The group attacked Twitter and email accounts of prominent public figures such as Congress vice president Rahul Gandhi and businessman Vijay Mallya. Legion offered details of upcoming attacks and promised more dumps of Twitter information in future.
Banking in Bangladesh was also not spared as one of the largest financial crimes online took place early last year, resulting in $81 million “liberated” from the banks and “reinvested” in places such as the Philippines, Sri Lanka, and other parts of Asia.
Mark Zuckerberg, co-founder of Facebook had both his Twitter and Pinterest accounts breached multiple times throughout the year. Why? Because he reused the same password. Yahoo suffered two major data thefts in 2016. In September hackers compromised over 500 million Yahoo user accounts, and successfully attacked again in December compromising more than 1 billion accounts. Information compromised included usernames, email addresses, date of birth, passwords, phone numbers, and security questions.
State-sponsored Russian hackers made a big splash across the US by hacking into the Democratic and Republican National Committees’ email archives through repeated phishing attacks. They accessed over 60,000 emails and released them through WikiLeaks. WikiLeaks later published these emails, attempting to influence election results in favour of Donald Trump.
October 21, 2016 now claims the distinction as the date of one of the largest cyber attacks on record as websites such as Twitter, Netflix, Airbnb, Reddit, SoundCloud, and others were temporarily shut down. This threefold attack interrupted websites and caused outages across the United States and Europe.
The newly emerging Internet of Things (IoT) and its associated devices were also slammed by attacks on the servers of DYN, the company controlling the largest portion of the Internet’s domain name servers (DNS), and thereby highlighting future vulnerabilities across the IoT.
Exciting new technologies
The new year promises to bring a host of exciting new technologies as Apple, Amazon and Google began entering products into the smart home technology (IoT) markets. Thousands of new virtual reality games and applications will be released, and machine learning and artificial intelligence will expand exponentially in the workplace, ushering in extraordinary efficiencies.
With all the new technologies, we will still face the same old cyber security vulnerabilities. Each year, the technologies excite us and provide new twists for cyber security as the technologies become so commonplace that people forget about security.
Doug Shadel, a leading expert on fraud in the US summed up what security experts fear most, “We’re concerned that people are trading security for convenience… People are doing things on free Wi-Fi that are really alarming.”
The current year will offer extraordinary opportunities for data breaches, many of which have already occurred in 2016, but we were unaware of them. Previously stolen information will continue to make its way into the news.
Cyber vulnerabilities in national infrastructure will also invite more incidents of cyber warfare while IoT vulnerabilities will expand opportunities for cyber attacks. And yes, our old friends, the individual hackers, will become more innovative providing a year of increasingly creative cyber breaches. Now is the time to brush up on cyber training, change your passwords and begin your own personal crusade for cyber security.
(Iyengar is a distinguished Ryder Professor and Director, School of Computing and Information Sciences, Miami; Miller has been with US Air Force for over two decades and is Coordinator, Discovery Lab, Florida International University)