Ransomware and hacking

When it comes to ransomware and hacking, the party is just beginning

By Morf Morford mmorford@soundpublishing.com • May 28, 2021 1:30 am
Tags:
Image courtesy Creative Outlet
Image courtesy Creative Outlet

By Morf Morford

Tacoma Daily Index

The problem with hacking and ransomware is that they are a constant threat, but unlike any other, more traditional threat, like fire or theft or sabotage, they are unseen and largely undetectable – and vastly more invasive threats than any of us have ever seen before.

To face traditional threats, like theft or attack, physical locks or increased security (in a direct sense, like visible armed guards) would be effective.

If you thought a disease virus that impacts human health is a threat (and as we all know in 2021, that is certainly true) a digital, information-based virus can be, and is proving to be, an even greater threat.

The great promise of the internet was connectivity. The greatest threat to the internet is also connectivity.

Open access was the point.

Communicating across time zones, national borders, and ethnicities with information accessible to all regardless of race, income, education, position or background was the original hacker’s vision.

“Information wants to be free” was the rallying cry of hackers (back in the 1970s when that was largely seen as a good thing) and, in those now-innocent days, hackers were those off-beat characters, like Steve Jobs and Steve Wozniac (Woz) as profiled by Steven Levy in his 1984 book Hackers: Heroes of the Computer Revolution.

Levy formulated and summarized the ethics and values of that first generation of hackers with these attitudes and assumptions:

Access to computers-and anything that might teach you something about the way the world works-should be unlimited and total.

All information should be free.

Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.

You can create art and beauty on a computer.

Computers can change your life for the better.

Sharing

Openness

Decentralization

Free access to computers

World Improvement (foremost, upholding democracy and the fundamental laws we all live by, as a society)

But to quote a phrase, that was then and this is now.

That hacker idealism led to essential development that we all take for granted now, from open-source software (like Linux) and the distinct but philosophically similar Free Software Foundation (https://en.wikipedia.org/wiki/Free_Software_Foundation) which has given us the inherent (but rapidly dwindling) freedom of the internet.

We all take free, global and immediate contact for granted. And we assume that we can find anything on the internet – from how-to videos to celebrity addresses or emails.

It didn’t take long for the criminal element – or worse – to realize the potential of the internet.

The term “hacker” took on a negative, if not malicious, tone in about 2005.

It took a while, but some of us, from individuals to corporate and government leaders, suddenly realized that the “information” that “wanted to be free” could be intrusive, costly and dangerous.

From bank accounts to medical records to the operations of utilities, “information” was vulnerable to theft, copying or manipulation.

Or worse.

It took a while, but hackers (especially those state-sponsored hackers) realized that the real power lay in embedding in government or military databases and waiting.

Here are a few statistics and facts on hacking for our times;

For a variety of reasons, Russian hackers are the most proficient – it takes them an average of 18 minutes to infiltrate almost any computer network. (For more on Russian hackers see here: https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little)

Yahoo had the most significant data breach in history, with up to 3 billion user accounts exposed.

Equifax lost protection of over 200,000 payment card numbers and related information (including US social security numbers and birthdates).

Cyber crime is far more profitable (and far easier) than drug smuggling. The illegal drug trade is estimated to be around $400 billion in any give year. Cyber crime brought in about $600 billion, way back in 2018.

The most recent big news ransomware hacking of the Colonial Pipeline (about $5 million) was paid off in Bitcoin.

Ransomware attacks (and the payments to get information returned or released) are so common that they are rarely reported.

From schools to health care facilities (https://patch.com/washington/gigharbor/ransom-paid-recover-data-200-000-multicare-patients-staff) to banks to every day businesses, we are all vulnerable to a degree not even imaginable a few years ago.

Two out of three business that have been hacked were not confident that they could recover.

In 2020, 113 federal, state and local governments across the USA reported hacking/ransomware attacks which cost them about $915 million. That’s one about every three days – and that is discovered and reported municipal hacks. Many are not discovered or reported, and far more corporate hacks are attempted.

The best hacker, like a skilled hunter, hides themselves and waits for an opportune moment.

In these crazy times, we, our assets, our credit history, even our identity are the prey, and predators are potentially (if not literally) everywhere.

As in every other area, hacking/ransomware attacks are several degrees more serious (hence, more costly) than previous kidnapping/hostage/ransom transactions. In those situations, a person, or item of value was returned (usually relatively intact) after a payment was made.

In current cyber ransom attacks, the information may be released, but there is no guarantee that the hacker will not return or has not built-in a “bug” that may cause problems later. We “trust” them not to hack us again, but why should we?

Connectivity and access have a cost few of us could have imagined.

Security and privacy, we are discovering, are luxuries worth protecting, and, unfortunately, as hackers are discovering, assets we are willing to pay almost any price for.

Security need not be terribly expensive. That extra level of security can make a world of difference. Keep your password secure and updated. Use two level confirmation as often as possible. Report suspicious activity as soon as you see it.

The life, data or reputation you save may literally be your own.

Tags: