I see a lot of stuff posted these days about cyber security and hacking. Most of the folks posting this information are reporting or “opinionating” from second hand information; what they see in the news or hear on the street.
I thought it might be a good idea to share some information with you directly, from the trenches, so to speak. As a technical professional in the cybersecurity industry I have some insights into what is going on and actually understand what is being reported. I cannot share company names and in many cases I may have to share information about “movies” that I may have seen in order to protect myself and others.
The world of cybersecurity has changed dramatically in the last 20-25 years. Back in the day we had limited points of ingress and egress to networks (think of a castle with a very few ways in or out where things could be inspected). The major threats were from amateur hackers who were essentially playing out video game fantasies to build “street cred.” There were very few who were making much more than pocket change for their efforts. That world is as far behind us as the walled towns of the medieval world.
The “script kiddies” and amateur hackers of the old days have, for the most part been replaced with highly organized networks of attackers.
The most significant of these threats are from nation states. Most nations today have dedicated organizations (or several of them) who are focused on offensive and defensive hacking operations. Israel, China, Russia, and the US have all made substantial investments in these operations. Even nations like North Korea and Iran have made sizable investments in these types of operations.
Two examples of recent “movies” I have seen:
Example 1: A major construction and engineering firm was contracted by the Chinese government to design and build major infrastructure projects. These contracts were worth tens of billions of dollars. Once the planning was completed the contracts were cancelled but the company (in this movie) later discovered that the projects were still underway. In fact, the very engineering and planning documents they created were being used in the effort. Forensic investigation showed that they had been hacked and the intellectual property stolen. Legal efforts to recover their investment in time and capital were ineffective. Further investigation showed that their legal counsel had also been hacked and all the evidence and legal strategies were known to the defense team months before being presented.
Example 2: All military vehicles require regular maintenance and upgrade. In order to facilitate such things plans and detail specifications are stored of all this equipment. A major western power discovered that a foreign nation had hacked the maintenance systems and all these plans and specifications had been stolen. In this “movie” we can expect to see significant advances in weapons design and intimate knowledge of the weaknesses of major weapons systems by certain foreign nations. Much of this data will likely be sold or traded internationally and will, basically, be common knowledge by enemies of the West.
I have seen instances where, as part of garnering a contract with certain governments (China) the organization is “required” to purchase networking gear from specific companies (Huawei). Well before the US government started issuing warnings about the use of this company’s gear the backdoors and spyware had been discovered. As a member of the IT staff of a company that did significant business with China we purchased the required gear. It sat in boxes in a storeroom on direct orders from of chief security officer and our recommendations. Anyone buying or implementing this gear has essentially turned off any ability to protect themselves from the Chinese government’s cybersecurity efforts.
It is a pretty open secret that Russian was able to hack the Ukrainian power grid and shut down the electrical service for much of the country. This was not an isolated event. They have done the same to several nations (on a smaller scale). It is the modern equivalent “naval diplomacy,” of having a battleship show up off the coast to show lesser powers who is the boss.
While it is not uncommon to hear of nation states hacking corporations or each other the true impact of most of these breaches is almost never shared publicly. For example when North Korea hacked a certain major corporation not only did they shut down critical systems and release sensitive data publicly but they also threatened attacks on company owned facilities, the facilities of business partners and on the personal homes of hundreds of employees. Based on the data compromised if the will and manpower had been available these could have been successful.
Most cyber attacks against national infrastructure is either never reported or is reported as as something else like a misconfiguration, a system failure, a communications error, etc. Think about that next time you are watching the news.
Outside of nation states the biggest threat comes from criminal and terrorist organizations. Criminal organizations are driven by profit. Your personal and financial information is sold for (cyber) cash like Bitcoin. Organized crime syndicates out of Eastern Europe (especially Russia) and Asia have huge investments in hacking networks. They are driven by pure profit. Credit card, banking information and personal data is worth money.
Outside of “the mob” terrorist organizations also have a tremendous investment in hacking networks. Many ransomware payouts fund terror activities around the world. Other times they are specifically targeting information to assist in planning attacks. For example a retail organization located in the Washington DC area was targeted to get lists of government employees to build “kill lists” to be published for “lone wolf” terrorists in the US. This and several other cyberattacks were traced to ISIS in Raqqa. In other cases the hacks themselves are the terror attack. For example, in one of the “movies” I know about, the control systems of a electric company were compromised and the flood gates of a hydro-electric dam were opened. The only reason thousands were not killed was that the motors actuating the gates were offline for repair…
Some Alarming Statistics:
It takes an average of 206 days for most data breaches to be discovered.
However, most data breaches are never discovered or reported.
77% of IT organizations do not have a cyber security incident response plan.
Cybercrime is a $6 Trillion industry
I hope this helps shed some light on this whole business.
Take care and God bless.