In the early days a “hack” was associated with a clever fix to malfunctioning software, or a nifty way to alter its function without having to complete a re-write; hacking became “malicious” in the 1970s when John Draper discovered the free whistle in a certain cereal box reproduces a 2600Hz tone.
Draper builds a ‘blue box’ that, when used with the whistle and played into a phone receiver, allows “phreaks” to make free calls. Not only that, Esquire publishes “Secrets of the Little Blue Box” with instructions for making one! Wire fraud in the US then escalated, as the legislation needed to tackle it simply didn’t exist, nor did the expertise to thwart it.
In fact, what does the word “Cyber” really mean in the context of our everyday lives. In 1971 where PCs and servers did not exist in the way we use them today and Cyber was a word to describe scary looking robots, then the first networked electronic email (in a form we would recognise today), was sent by Ray Tomlinson to other computers over the ARPANET (the pre-curser to modern networking), one generation later, over 40 trillion emails are sent every year. This statistic represents the startling growth of networking in the past 45 years. The resulting “Internet of Things“ is now integrated into every part of our lives, from banking, shopping and education to healthcare and everyday business. At last count, Cisco estimated about 8.7 billion devices were connected to the internet by the end of 2012. The rapidity of growth of this critical and burgeoning technology has fundamentally changed the world as we know it and it provides a long list of obvious benefits. The consequences of such rapid growth however, are now becoming more apparent as not a day goes by without a news story of the devastating crime associated with something that touches nearly every part of our daily life. While the technology that tackles this is getting more and more sophisticated by the day (there are now entire conferences dedicated to Cybercrime), the understanding of what Cybercrime actually is woefully lacking. Many businesses fall into the trap of basing their security strategy on an out of date perception based on the risks from 10 years ago. Aided and abetted by misinformation, confusion and naivety, the “human” element is also all too often crucially ignored, which means that phishing and pharming are now becoming incredibly lucrative ways for making money and collecting valuable data, undetected from many organisations.
A Bit More History …
Cybercrime flourished during the 1970s and has grown exponentially ever since – take a look at some of the headline events the word has been treated to since the Blue Box with headline events ….
1982 was a milestone year as Elk Cloner, an Apple II boot virus, was written by a 15 year old high school student “as a joke”– it was one of the first viruses to come to public attention when it attached itself to the Apple II operating system and spread “in the wild”. Pakistani Brain, the oldest virus created in 1986 under unauthorized circumstances, infected IBM computers and after multiple break-ins to government networks the Computer Fraud and Abuse Act passed into law in the USA, making computer tampering a crime punishable by jail time and fines
In 1986 Clifford Stoll was one of the first engineers to use a “honey pot” to lure hackers back into his network, ultimately to track down an unauthorised user who was stealing and selling military information to the KGB.
Ian Murphy, also known as “Captain Zap “, became first felon convicted of a computer crime. He broke into AT&T’s computers and changed the internal clock so that people received discounted rates during normal business hours.
16 years ago in the year 2000, the Love Bug virus around the world and at its height hit over 10% of UK businesses – even the house of commons was cut off from eletronic communications. The virus, in the form of an attachement to an email, was programmed to delete some computer files, including MP3 music files and images, as well as raiding email addresses to multiply itself and send itself and other e-mails onwards. At the time it was the biggest computer virus the world had ever seen and the first golbal succcesful use of “social engineering” in delivering a payload onto PCs all over the world.
WHERE ARE WE NOW?
Since then, internet and communication development has exploded, creating a seismic shift in the way we do business. Today there are literally thousands of different ways to access information illegally on our networks, costing the world economy billions and destroying lives and business wholesale. For the cyber criminals – who may be individuals, organised crime groups or even nation states – it is highly lucrative and the barriers to entry are low. The ease of access to and relative anonymity provided by ICT lowers the risk of being caught while making crimes straightforward to conduct.
Where there is growth there is opportunity, not just for the entrepreneurial engineers who made all this possible, but for the equally entrepreneurial individuals ready to take advantage of our reliance on it, and here’s as an example of how enterprising those individuals can be…
…that despite the leaps and bounds made with cyber security in the last 10 years, that what’s thought to be the world’s biggest ever Cybercrime was uncovered in 2015 with as much as £650M going missing from banks around the world.The hackers infiltrated the bank’s internal computer systems using malware, which was hidden in the networks for months before being discovered Russian cybersecurity firm, Kaspersky Lab, which was called in to investigate after a cash machine in Ukraine was found to have been spitting out money at random times.
The malware was so extensive that it allowed the criminals to view video feeds from within supposedly secure offices as they gathered the data they needed to steal and fed it back to the gang. Once they had all the information they needed, they were able to impersonate bank staff online and transfered millions of pounds into dummy accounts. They even instructed cash machines to dispense money at random times of the day even without a bank card. As investigators looked into the problem, they were staggered by the scale of the crime they uncovered.
Despite the crime being discovered, many banks and financial institutions still fall foul of similar crime as the cybercriminals gain entry onto their systems using “Spear Phishing” and once the payload is installed, it operates in many cases without interference and unnoticed.
There are many ways to protect yourself against Cybercrime and Cyber Wise is here to help. Please explore our website and feel free to contact us directly if you would like a chat about how best to move forward with taking back control!