The highest-profile attacks spanned a spectrum that included some who were merely alerted to their weaknesses, some who were ransacked, and others who lost sensitive intelligence. And then there was that day in October when, for most of us, the internet buckled under a hack directed by smart-home devices like security cameras or DVRs.
The hacker group called OurMine decided last year to use its skills to breach the accounts of tech luminaries in order to sell their security services to individuals and companies. On the list of OurMine targets were Google CEO Sundar Pichai, Yahoo CEO Marissa Mayer, Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, and Amazon CTO Werner Vogels. For many of these exploits, OurMine accessed the victim’s Twitter account and then posted self-promotional tweets like “We are just testing your security.” Elsewhere, they announced, “We have no bad intentions and only care about the security and privacy of your accounts and networks.” Now some might call that cyber extortion, but OurMine saw it as just making a “cold call” to attract some attention. OurMine’s avowed raison d’être is simple. “We are not blackhat hackers. We are just trying to tell people that nobody is safe.” In 2016, the group certainly made their point. If Pichai, Mayer, Zuckerberg, and other tech icons can’t be shielded from hackers, who can?
Then there were the bank robbers. On August 3, The New York Times reported, “The digital currency Bitcoin plunged on Wednesday after Bitfinex, an exchange based in Hong Kong, said it had been hacked and funds stolen.” Almost 120,000 Bitcoin worth $78 million were stolen, causing an immediate 20% drop in value of the cyber currency, estimated The Guardian. A theft two years prior at Bitfinex’s largest exchange, Mt. Gox, forced that location into bankruptcy. Also, earlier in the year, The Times reported on what it called “one of the most brazen digital bank heists ever.” In March, about $81 million of Bangladesh’s money disappeared out of its account at the Federal Reserve Bank of New York. At the center of the caper was the SWIFT international bank messaging system—“billed as a supersecure system that banks use to authorize payments.” In contrast, it took the bank robber Willie “The Actor” Sutton 40 years to steal an estimated $2 million.
One of the more exotic hacks of 2016 involved smart-home devices that proved to be pretty dumb. On Friday, October 21, Amazon, Twitter, Netflix, Paypal, online newspapers, and many other sites lurched and slowed to a crawl under a massive DDoS (dedicated denial of service) attack. The servers of the Dyn company, which routes traffic between websites, were being flooded with requests that eventually overwhelmed many of them. Usually, this kind of attack is directed at a specific company or site and comes from an army of malware-compromised computers—a botnet (robot network) that directs a constant stream of requests to the target. In this case, the weapon was a Mirai botnet that was mostly made up of IoT (Internet of Things) devices like security cams. Dyn estimated 100,000 malicious endpoints, and for a good part of the day, large sectors of the internet staggered or came down. The attack persisted at a reported strength of 1.2TBps (terabytes per second), twice as strong as any previous DDoS attack.
And finally, in April, in the middle of the presidential race, came the news of the hack at the Democratic National Committee (DNC). First, the computer techs discovered that someone had accessed their servers. Then a WordPress page appeared, run by someone called Guccifer 2.0. Whoever it was had co-opted the name of a famous hacker, and the site posted emails, memos, and other information from the DNC files. Wikileaks stepped in and began publishing the same WordPress material.
Months before the election, Malcolm Nance, career counterterrorism and intelligence officer, published his book The Plot to Hack America. In it, Nance focuses on a new hybrid cyber warfare, Kompromat, which uses cyber assets to neutralize political opponents. Many questions still remain regarding this breach and similar activity in Germany.
ANY HELP COMING?
In late August, China launched the first quantum communications satellite. China’s state news agency explained, “The satellite is designed to establish ultrasecure quantum communications by transmitting uncrackable [cryptographic] keys from space to the ground.” Although the use of cryptography to secure data and information remains controversial, this prototype satellite, nicknamed Micius, is an attempt at quantum key distribution that would prohibit third-party interception. In other words, it’s a means to undetectable and perfectly secure channels of communications. More on this in next month’s Tech Forum.