2000-2007 hacking becomes big business.
The 2000s saw rapid change in the methods and motivations of hackers. Following 9/11, the security services again cracked down, driving hackers further underground and into the hands of organised crime. Combined with the increasing global reliance on IT, identity theft became mainstream. Increased computing power and “always on” connectivity allowed the creation or ever larger botnets, giving hackers access to vast computing power to launch mass phishing scams and bring down IT systems using DDoS attacks. By the mid 2000s, online fraud profits had out-stripped drug dealing.
As well as the millions of individuals who had their identity stolen through malware or social engineering attacks, major hacks started stealing personal and financial information en masse. In 2007 TJX dept store lost 45 million customer credit card details, at an estimated cost of $250M. Shortly after, Hannaford Bros Grocers had 4.2 million credit card details exposed, at an estimated cost $252M.
In 2003 US government systems came under co-ordinated attack designated Titan Rain, believed to be Chinese in origin and now classed as “Advanced Persistent Threat” (APT). In 2007 major organisations including government and media across Estonia were taken out for days with a DDoS attack, retaliating against a decision to move a symbolic Soviet era statue.
In December 2007, Jonathan Evans, the head of Mi5 sent a letter to 300 CEOs, flagging serious concerns about the dangers of cyber espionage attacks. Finally, after costing many millions of pounds and the large scale theft of everything from government secrets to company IP, the world was ready to take cyber security seriously.
If you missed out on Part 1, you can read it here: The 50s-90s: the birth of global communications and the birth of hacking.
This is a guest post by Tony Dyhouse. Tony is one of QinetiQ’s senior managers and runs the cyber security arm of the ICT Knowledge Transfer Network. He has a wealth of experience in all areas of Cyber Security and Information Assurance.
About the ICT Knowledge Transfer Network
The ICT Knowledge Transfer Network (ICTKTN) is an independent body set up by the Technology Strategy Board. Its aim is to deliver improved UK industrial performance by facilitating the development and take up of information and communications technologies, and their adoption as key enablers in other industries.
The KTN runs free-to-attend events, develops workgroups to investigate and advise on key ICT challenges and promotes collaboration between business, government and academia as a route to ICT innovation.
The KTN is a free membership organisation. To find out more, or to join, visit www.ictktn.org.uk