Terrorist and criminal organizations around the world are trying to hack into the systems to gain an advantage for their cause or profit. The reason why is because successful results have a value. Some organizations sell the spoils of their hacking to fund other criminal activities. There are even references to hackers using their money to fund terrorism or hire a hitman to kill a person. Hacking has become so lucrative that they even have help desks to assist other people wanting to hack. And, by all accounts the customer service is excellent.
Other groups just use the information they steal to develop future network exploitation opportunities. Attackers are increasingly attempting to access computer systems and data centers because they hold data that can be sold or exchanged. This is related in motivation to why people rob banks. Bank robbers go where the money is held and hacker go where the data is located.
The success of these criminals typically comes from the seams in the protection technology and schemes that we depend on to thwart attacks. There is a role of humans and the role of the machine. We have not quite figured it out yet. There are best practices, but so many different approaches to protecting assets, systems and networks. This leads to greater vulnerabilities. Systems we cobble together from old systems – mixed with new system, and our divided views about what has value, makes us riper for the picking.
Below are the names of some of the most notorious and biggest hacking organizations that have shocked the world with their skills and determination. They are known to have hacked into US government systems, corporate and religious websites, telephone network and credit card databases.
- Chaos Computer Club
- Master of Deception
These organizations have figured out how to make their individual members into teams. They determine a target and go to get it. They work in the solution space and not the problem space. We focus on the problem and not the solution.
Don’t be surprised, but Governments have also become hackers. That’s right, they hack and attack other governments the same way some companies hack each other. Some Governments do it and gain access to plans, organizational mapping, intellectual property or to disable military defense systems. Attacks prior to a ground and air assault can render the opposing Government weak and limited in their ability to defend. Experts say Sony was hacked by North Korea in 2014 because the film company produced a movie denigrating their leader, Kim Jong-um. Although we always believe attacks are strategic it is just sometimes just an emotional response.
Cyber-attacks provide the adversary an advantage by shutting down power, destroying drones and even manipulating security cameras. With weak physical defenses, even a weak opponent can play big. Think about it, if the two guards at a gate can’t sound an alarm or call for assistance as 30 soldiers storm the entrance, the people inside will be caught totally off guard. Think Pearl Harbor, and we remember that surprise attacks on enemies with debilitated alerting systems lead to disaster for the victim.
Organizations and Governments are trying to overcome the cyber problem through a continuous push towards new network defense strategies. They seek, better identification of intrusion indicators and ever-expanded training of the national workforce. As progress is made, the playing field continuously expands with new websites, and technologies being created every day. It is like closing and locking a door and for convenience, a new door is created. Each new convenience means new opportunities for a criminal to exploit or use the new tools to hack us.
To biggest issue with creating a collective cyber defense is our inability to define cybersecurity. Cybersecurity can be described as the protection of the computer system from damage to the software and hardware and theft of electronic data. It can also be defined as the protection from misdirection or disruption of the services that are provided by systems and networks.
The definition in its very essence signals the complexities of securing cyberspace. A friend at the U.S. Secret Service explains that if you go into any university or advanced high school physics class, they give the same formula when asked to define “force” or similar baseline constructs of physics. Force equals mass times acceleration (F=M*A). However, if you go to 50 cybersecurity experts across the nation and ask for a definition of “cybersecurity” you will receive 50 similar, but different answers.
Supporting our spaghetti of definitions is the constant creation of new criminal organizations, their motives and expanding forms of criminality. Additionally, new forms of communications and wireless connections are creating additional access points to get into systems.
Piracy and cyber criminality are a form of business to potential intruders. Data can be used as currency or to gain currency. This includes the bits of information that defines our identities. Until we determine we can’t untangle this cyber mess alone we all continue to be victimized. We must become as motivated as the hacker, and find value in protecting asset, systems and networks. Leadership and information sharing will get us halfway to competitive.