The Talk Talk mess and the resulting consumer fallout did real damage to the credibility of online security in more ways than one. Customers allegedly had their details stolen, (Talk Talk disputes the severity of this issue) and the company was subjected to a ransom demand.
This is only part of a much bigger, much nastier, picture in global terms which is now at pandemic level. Nowhere on Earth is safe from cyber hacking. Russia and China have been regularly cited by Western nations as conducting full scale cyber attacks and cyber espionage. The “global battlefield” theory is that nations which are no military match for the US have resorted to cyber attacks.
Current measures aren’t looking good for consumers, whose interests are apparently the last thing on anyone’s minds in terms of the risks of hacking. Talk Talk CEO Dido Harding is quoted by the Telegraph co.uk as saying that
Rather than a raid on their bank accounts, the biggest threat facing customers was having their identities used to take out credit cards and loans, Baroness Harding said. Those hit could find it difficult to remortgage or buy a mobile phone contract.
This is just one day’s worth of global hacking.
PC World
Industrial, commercial, scientific and military espionage hacks are even more common. Most agencies report daily attacks, and many businesses, like Talk Talk, are targeted on a routine basis.
The business side of hacking on a global scale
The view of hacking as a purely nationally-based threat is a bit simplistic, to say the least. It’s not just nations involved. Cyber crime and cyber espionage, conducted on whatever basis, is crime, in some ways. These criminals are into hacking in the same way they’re into supplying terrorists.
The reason is as much financial as anything else. Information which is hacked can be sold. It doesn’t necessarily follow that all these attacks are purely for some national purpose. Billions of dollars’ worth of information is a virtual market in itself. Buying from other hackers and reselling, for example, is the hacking equivalent of eBay. It’s a natural product of hacking.
Add to this the factor that free agent hackers, particularly if working with organized crime, can also deliver good saleable products of all kinds. It doesn’t take a genius to see that “unknown” agents could just as easily work for countries as well as themselves, reducing the risk of discovery by those hacked. Actually, it’s a no-brainer.
Nor does it follow that the nation state cyber attacks are necessarily done out of pure patriotism. People within these networks have access to saleable goods, too, so the incentive is there to hack anything and everything. If you have a sponsor, so much the better.
Let’s not underestimate the risks of global cyber attacks by nations, but let’s also remember that retaliation is also possible. The problem is that in this form of Mutual Assured Destruction, global chaos is the only possible outcome. Nations have very little to gain in such a scenario. It’s debatable whether anyone in their right mind would seriously want to start a major cyber war.
Fighting cyber crime basics — The current security regime and hacking culture
Best practice Internet security includes a complete range of options, including penetration testing, which is all about hiring someone to find security risks in your system before the hackers do. You can even get free penetration testing tools, and backup services online from security firms, or open source penetration testing tools.
Penetration testing even includes testing for “social engineering” hacks, in which hackers contact the target and are freely, if innocently, given information they can use to hack. This type of defence is usually meticulous, and does give a good level of added protection.
In fact, there’s no shortage of useful options for anyone who wants to manage their security. Which raises the natural question — if all this is available, why is hacking so prevalent, particularly on a global scale?
To start with, protecting yourself against hackers with new hacking methods isn’t easy. Dangerous hacks often come from new software. Penetration testing is generally pretty up to date, and the experts are good at finding new exploitations of weak points, but it’s an ongoing process of development of hacking and counter-hacking tools.
Generally speaking, most hackers access their hacking tools from others. Basic “employee” hackers usually aren’t top tech people, but the guys who develop the new hacks often are, particularly those with national sponsors and lots of resources. This really is an arms race, and in terms of reward for risk, hacking is exactly like any big business.
The global imperatives for fighting cyber attacks
It’s almost impossible to quantify a worst case scenario for a major global scale cyber war. The risks are quite real, and could literally crash entire countries. An allegedly Russian cyber attack basically shut down Latvia for some time, and that was a relatively small scale event. It may even have been a test.
Consider this:
All essential services are online.
All major communications networks are online.
The entire global financial system is online.
All transport services are online.
All governments are online.
The internet as a whole can and does act as a distributor of malware on a routine basis, in huge quantities.
The most innocuous information can contain vast amounts of malware.
A massive cyber attack, distributed through basic networks, could do incredible damage.
If it’s a new hack, there won’t be any pre-existing defences against it.
Prevention, but of what?
Obviously, prevention is the best approach to managing a threat which hasn’t yet been identified, but how?
A few suggestions:
* Less amenable software: Add more layers of qualifiers before malware can initiate. The more hoops a hacker has to jump through, the better.
* A “no sale” option in all software: Any software can be coded to resist and refuse to read new code or act when subjected to malware attacks. For browsers in particular, this could create a first-case online hurdle against hackers which delivers an instant firewall with any code you care to use.
* Refuse external access to critical features of operating systems: One of the few cases where “applied nitpicking” can be useful, if built-in 100 points of ID features are part of systems, malware will find it a lot harder to access these key operations.
* SSL (Secure Socket Layer, used by all financial institutions) upgrades and tweaks: Minor additional coding can be used to create a further barrier. SSL, despite much criticism, is actually pretty good, well understood by industries, and dependable. Evolving it, rather than a new system, would be cheaper, and arguably more flexible, removing the need for a new system which would itself have to be security checked for weak spots.
* Built-in penetration testing features: Basic penetration testing tools aren’t IP-sensitive in the commercial context. Onboard penetration testing could deliver some useful “kill whatever it is” options for users.
*Anti social engineering options: No general staff access to anything which could promote hacking except by a few cleared people, to create a quick audit trail of any new account access and define accountabilities. This could track any breach very efficiently. It’s also a useful privacy option; it just needs upgrading to reduce the risk of exposing access points to hackers.
*Tracking worms — Microsoft came up with something like this idea some years ago. The idea is that the computer can identify the hacking source when it feeds back to its source. These worms could be part of any basic software configuration.
*Random encryption of key access points: This is a hacking tool which can be used against hackers. All basic software can run random generators. Encryption is just a matter of attributing values to codes. It’s easy. Encrypt, lock, and only the proper user can unlock. Requires a reliable failsafe if the user can’t unlock, obviously, but doable, and well within the “Another password!” bandwidth of difficulty for most users. Actually, it sounds like fun.
The short version — too many obstacles to hack. Hacking is time-sensitive. Wasting time isn’t good business for hackers. Nobody is going to spend years trying to hack through a few obstacles to simply encounter many more obstacles and things that won’t run without the magic words.
The Internet is arguably the greatest tool for humanity since literacy, fire and the wheel, in many ways. There’s no reason to tolerate hackers, whether they’re two bit criminals or nations. The Cyber Apocalypse is very stoppable, right now. So let’s do it.
