The growing threat of cybercrime

Yahoo suffered a massive data breach

Internet giant Yahoo has uncovered the biggest data breach yet. Why are hacking attacks on the rise? Alex Rankine reports.

What’s happened at Yahoo?

Yahoo announced last week that it had fallen prey to the biggest cyberattack in corporate history. The security breach, which took place in 2014 but has only now come to light, saw hackers steal data such as names, birth dates and telephone numbers for a staggering 500 million users, including around eight million in the UK.

The data stolen were not as sensitive as they could have been: credit card data was spared, while account passwords were encrypted. Nevertheless, Yahoo faces serious questions about why it waited so long to make an announcement, while the immense scale of the attack highlights the vulnerability of major companies – and the data they hold on us – to hostile action.

How big a problem is cybercrime?

Large and growing. In the last 12 months prominent companies and websites such as TalkTalk, LinkedIn and Dropbox have all been hit and data about their users sold on or made public. The biggest bank heist last year was entirely electronic, with $1bn stolen from over 100 banks in 30 countries after thieves used infected phishing emails to get user account details.

Banks are especially susceptible to attacks. LogRhythm reports that up to 90% of Asia-Pacific banks experienced an attack this year, sharply up on the year before. The Asian banking system is particularly poorly prepared for the fraud threat, but the UK has its own problems: internet banking fraud cost the UK economy £134m in 2014.

Who is behind cyberattacks?

The internet allows attacks to be mounted from anywhere by geographically dispersed accomplices, making it difficult to identify the original source. A hallmark of the cyberattack era is thus the shadowy and uncertain nature of perpetrators. Criminal gangs are responsible for many of the thefts of bank details, but money is not the sole motivation.

Hacktivist collectives such as Anonymous have made headlines in the past for their “denial-of-service” attacks against groups such as the Church of Scientology and the KKK, in which they inundate targeted websites with requests for service until they crash.

Do politics play a role?

Several major recent data thefts and leaks certainly seem to have been pursued for political ends. World Anti-Doping Agency (Wada) records of athlete’s medical data were leaked soon after the organisation banned Russia’s track and field team from participating in Rio, while the Philippines’ justice department servers came under attack this summer during the dispute with Beijing over sovereignty in the South China Sea.

Are states responsible for this?

Though security experts often point the finger at Russia and China after these attacks, it is hard to determine who is ultimately responsible. The Russian group “Fancy Bears’ Hack Team” has been implicated in both the Wada hack and the assault on the Democratic National Committee’s email servers this summer.

The group even has its own website, but some question whether the operation is as professional as one would expect of a Kremlin-directed effort or whether the hackers are simply enthusiastic or patriotic amateurs without direct connections to the Russian state. Though it is often hard to determine the ultimate source of an attack, it is clear that states are building up their capabilities in the cyber-security sphere (see below).

What do the attacks cost?

Professional services company Grant Thornton estimates that $315bn in business revenues were lost globally to cyberattacks in the 12 months to September 2015. The reputational price can be a serious as the value of the stolen data itself. The aftermath of a major hack can be devastating for a business: TalkTalk lost 95,000 customers and saw profits halve after bank details and sort codes of its customers were stolen last year.

Consultancy McKinsey & Company has calculated that the total costs of the cybersecurity threat worldwide could have mounted to $3trn by 2020. We are often promised that big data and mobile applications will bring big economic rewards, but the increasingly complex security required to keep such technologies safe has been identified as a choke point for many new ventures, and the world economy may struggle to fully realise the promised value of recent innovations. If so, we will all pay the price.

A threat to national security – and the internet

Fears over cyberattacks go beyond the theft of data – they could affect national security and even the continued functioning of the internet. As the rate and sophistication of cyberattacks increase, governments are taking steps to bolster their cybersecurity defences. In the UK, the incoming head of the Government Communications Headquarters’ (GCHQ) cybersecurity division has said it is considering a “national firewall” to halt incoming attacks – a measure previously associated with authoritarian regimes such as China.

Meanwhile, the US is studying the potential threat that cyberattacks could pose to internet-connected driverless cars and new medical devices in the future. What’s more, there are recent signs that some hackers have been testing the defences of companies that provide critical internet infrastructure, says security expert Bruce Schneier. Verisign, the registrar for internet domains such as .com and .net, reported that in Q2 2016 attacks continued to become more frequent, persistent, and complex. It seems that some entities – probably statebacked – might be trying to develop the capability “to take down the internet” if it suited their needs.


Leave a Reply

Your email address will not be published. Required fields are marked *