During virtually the entire history of civilization, one of the prerequisites for carrying out a theft has been the presence of the offenders at the scene of the crime. The stolen objects were always part of the physical world — gold bars, paper money, equipment, jewels, vehicles — and there was always an objective value associated with them. The thieves had to have a plan to access the object, a way to remove it from its original location, and the means to transport it to a new location. From there, they would try to modify, resell, copy, or spend the clumps of atoms they had taken unlawful possession of.
But the world’s transformation from atoms into bits is speeding up, as discussed here. Targets of cybercrimes can be thousands of miles away from the perpetrators, who no longer use weapons, getaway cars, or explosives. These thieves are computer systems specialists fluent in techniques ranging from the simplest to the most sophisticated, and their aim is to access information — to copy it, disclose it, modify it, destroy it, or prevent the legitimate owners from accessing it. This information, stored as bits, could represent anything: photos, movies, money, security codes, maps, documents, patents, spreadsheets, presentations, new programs, new games, or genetic codes.
Like all robberies, the modern version starts with a search for vulnerabilities. The hacker uses tools programmed to analyze the system they wish to break into in search of unprotected entry points via brute force methods or more sophisticated techniques that monitor Internet data traffic in search of specific information.
The World Economic Forum’s Global Risks Report for 2018 listed cybercrime as one of the most significant risks in terms of its likelihood of occurrence. Considering the growing dependence by individuals, governments, and businesses on technology in general, the losses caused by this type of event can be devastating — and, sadly, there is no shortage of examples.
During the negotiations in 2016 for the sale of online services provider Yahoo! to telecom giant Verizon (both US companies), Yahoo! disclosed that it had undergone the largest data leak recorded up to that time: The emails, names, dates of birth, and passwords of no fewer than three billion users had been compromised in at least two hacks between 2013 and 2014. After this information was revealed, the final sale price was reduced by approximately $350 million. Companies from a wide range of sectors have also been the victims of large-scale hacks. This includes e-commerce site eBay (145 million users affected), retail chain Target (110 million customers), ride-hailing company Uber (57 million users and 600,000 drivers affected), JP Morgan Chase (76 million households and seven million small businesses), and the Sony PlayStation Network (77 million users affected and approximately $170 million in losses).
These are only a few of the cases that have been documented — the real list is much longer, and many companies elect not to disclose that they have been hacked to avoid issues with their reputation or lawsuits. According to the Michigan-based Ponemon Institute, which has been running studies on data security since 2002, just one-third of the more than 650 professionals interviewed in 2017 believe their organizations allocate adequate resources to manage the security of their information. Next time, we will take a look into the cybersecurity industry, the main line of defense against cyberattacks. See you then.