NCSAM and the Evolution of Cyber Crime

Even though here at RCS every month (and every week and every day too) is cyber security awareness month, October has been granted the distinction as the official National Cyber Security Awareness Month. NCSAM, as it’s called for short has been observed for thirteen years and over those years, the need for a national effort to strengthen cyber security habits has only grown in importance. See, way back thirteen years ago, devices that could be connected to the internet were something out of a sci-fi movie, and digital crimes usually involved lugging a bulky desktop computer out of an office in the dead of the night.

Oh, how things have changed. Today, every two-year-old knows how to use any smartphone and all our tiny gadgets and doodads hold more data than the desktops of old. And as tech has evolved, so has cybercrime. According to Price Waterhouse Cooper, digital crime is now the second most reported type of crime in the US. Advances in areas like the internet of things (“IOT”) and mobile tech have made our modern day lives more convenient and connected but have also created vulnerabilities the likes of which we have never been exposed to before.

The Stone Age of Digital Crime

In the early days of computing, digital crimes were thought of as minor offenses and only rarely elicited a response from law enforce the agencies. In the 1970’s, in one of the earliest digital crimes, hacker John Draper gamed computerized phone systems to get free calls using toy whistles he found in cereal boxes. Others, like Dr. Joseph Popp distributed infected floppy disks to introduce viruses onto early PC’s. The game Elk Cloner was the first computer game to distribute malware. And then in the late 1980’s came the Morris Worm, whose creator Robert Morris was the first person to serve jail time for a digital crime under the then newly-formed 1986 Computer Fraud and Abuse Act.

Enter the Internet

But the world hadn’t seen nothin’ yet.

With the internet came new opportunities to lure users and raise stakes — and suddenly, the horizon of what criminals could do exploded. Hackers could send emails to thousands of potential victims in just a few moments. They found the newly-created potential to distribute ads that executed blisteringly nasty malware as soon as users clicked them. Now they could take advantage of vulnerabilities in commonly found programs like Adobe Flash and Java. Social media arose to become the perfect breeding ground for scammers looking to lure victims into online and offline scams. Hackers discovered that a well-planned ransomware attack could rake in a whole lot of money with little effort. And worst of all, they could do it all while lounging comfortably in some basement or garage across the world, at the touch of a few well-executed buttons.

Going Beyond Small Fries

As some criminals set their sights on the data of casual users, other truly enterprising hackers decided to go for a bigger prize, targeting corporations and governments. In the course of just a few years, the concept of digital security shot up from the bottom of any CEO’s and government agency’s priority list to the gold medal spot. In fact, industry analysts predict that corporations will spend on average over $15 million on cyber security each coming year. These attacks not only hurt businesses but consumers (i.e., regular ol’ folks like you and me) as well – the typical aftermath of a corporate breach includes the selling of sensitive customer/user/patient information on the dark web to be used in ID fraud scams, aside from the damage done to the company and their reputation.

And My Oh My, the Internet of Things

And with the Internet of Things, the attack horizon just keeps on expanding. As every gadget we have goes from dumb to smart, the attack surface expands massively. So with each pair of pH-reading socks you put on your paws, and for every Bluetooth enabled toothbrush, you’re giving hackers yet another way to attack you.

On an ever larger and more troubling scale are the DDoS attacks that can target businesses, home user and even governments in one fell swoop. This past Friday morning’s now famous mega-hack against Dyn, the company that manages traffic for some of the biggest, most visited websites in the world opened a new page in the cyber crime encyclopedia. Amazon, Google, Twitter, The New York Times, Netflix, Spotify and many more sites were pretty much dead to the world for most of Friday. As with any typical DDoS attack, Dyn’s servers were hit with a devastating wave of traffic requests which rendered them unable to serve any requests at all. But two elements made this particular hack significant; they attacked at the DNS server, which allowed them to cause far more damage than most DDoS attacks of the past that targeted individual sites, and the hackers didn’t use their typical DDoS attack method, which employs hundreds to thousands of infected computers (called a botnet) to wreak havoc. Instead, they created a botnet army of internet-connected DVRs and cameras and let them do the dirty work of taking down most of the internet on the east coast.

Experts have been predicting that the internet of things would create new and surprising attack vectors for ages but aside from a few baby monitor and refrigerator-based hacks, nothing of real consequence had taken place — until now. And this is precisely how cyber crime works – it continues to evolve as technology evolves. It follows patterns until it doesn’t and then resurfaces in ways no one could have ever predicted. And this is why cyber crime can be so hard to defeat.

Don’t Despair — Instead, Learn What You Can Do

The takeaway here isn’t that defending yourself from digital crime is impossible – Rather it’s to impress upon people that digital crimes are real and they can have devastating repercussions. This is why the third week of NCSAM is dedicated to educating people about all the different kinds of cyber crimes that exist. There are tons of amazing resources out there (and on our blog too); use them to educate yourself and your family about all the unfortunate aspects of living in our hyper-connected society — so you can take advantage of all the amazing aspects safely and securely.

Leave a Reply