2007 – present, the world starts paying attention.
Jonathan Evans’ message and the subsequent recognition of the importance of data security helped, but the criminals had seen the profit potential of cyber crime and by then had huge networks and spending power behind them. In the past few years we have made huge moves forward in both our awareness and our defences, but the big attacks have kept coming.
In 2008 Heartland Payment Systems lost $140M in stolen credit card details and the end of 2008 saw a further attack against a nation – Georgia. In 2009 Ghostnet, another cyber espionage campaign was detected which had infiltrated government systems across 103 countries. In 2010 the Bredolab botnet was discovered with an estimated 30 million zombie computers under its control. In 2010 Operation Aurora was discovered. Google, Adobe Systems, Juniper networks and Rackspace confirmed they had been targeted whilst media reports also named Yahoo, Dow Chemical, Northrop Grumman, Morgan Stanley and Symantec as targets.
In 2010 an extremely sophisticated programme, Stuxnet, was discovered in Iranian nuclear power plants. The programme was designed to disrupt SCADA systems, destroying key machinery in the plant. Cyber warfare was now firmly on the cards for governments.
In the last year we have seen the rise of ‘hacktivism’. Groups such as Anonymous and LulzSec have used DDoS attacks to bring down the websites of organisations they disagree with, or simply to cause chaos. And one of the latest hacking campaigns to be discovered, Operation Shady RAT, is suspected of compromising targets across 14 countries including security organisations, steel industry, defence, oil, gas and energy firms, the CIA, FBI, the UN, Sony, Mitsubishi, and several governments to name but a few.
Data breaches large and small have dominated the news. Hacks are no longer limited to computer systems with recent attacks targeting social networks and YouTube. Whilst the headlines tend to focus on governments and multinationals, small businesses and individuals remain just as much a target. The cost of cyber crime to the global economy continues ever upwards.
As we end 2011, hacking is a bigger business than ever. Gone are the days when hacking was an exercise in impressing your peers (that still goes on, but is the least of our worries), and damaging viruses have given way to covert malware which sits hidden on computers, quietly monitoring your data for anything useful. Cybercrime costs us millions and is used to fund terrorism and organised crime. Nation states and corporations infiltrate competitor systems for military secrets, customer information and IP. The internet has become a relatively safe way for governments, criminal groups and activists, as well as bored teenagers, to attack anyone they disagree with.
But at least we are taking it seriously. Major attacks on big companies have led to bigger and better staffed security departments. The Cyber Security Challenge, launched last year, has had great success in encouraging more people to enter the profession so that we have the skills available to protect our systems in the future.
But the biggest vulnerability remains the people. However secure we make our systems, hackers will always find a weak point in a naïve or corruptible individual who will download malware, email personal information, or just leave unencrypted personal data on a train. Education about the risks remains one of the most important tools in the fight against cyber threats. This needs to be continued and expanded in schools, through the media, and most importantly within companies themselves, who remain one of the main targets for hackers.
Part 1 is available here: The 50s-90s: the birth of global communications and the birth of hacking
Part 2 is available here: 2000-2007 hacking becomes big business
This is a guest post by Tony Dyhouse. Tony is one of QinetiQ’s senior managers and runs the cyber security arm of the ICT Knowledge Transfer Network. He has a wealth of experience in all areas of Cyber Security and Information Assurance.
About the ICT Knowledge Transfer Network
The ICT Knowledge Transfer Network (ICTKTN) is an independent body set up by the Technology Strategy Board. Its aim is to deliver improved UK industrial performance by facilitating the development and take up of information and communications technologies, and their adoption as key enablers in other industries.
The KTN runs free-to-attend events, develops workgroups to investigate and advise on key ICT challenges and promotes collaboration between business, government and academia as a route to ICT innovation.
The KTN is a free membership organisation. To find out more, or to join, visit www.ictktn.org.uk