Editors Note: This content was originally posted in 2018 but continues to be one of our most popular topics, both online and in-person training. The Anatomy of a Hack is a five-part series.
The Internet Age of Criminals
In 2015 the global cost of cybersecurity failures was five hundred billion dollars. In 2018 the cost was expected to reach two trillion dollars. And, amazingly, that number is predicted to hit six trillion dollars by the year 2021.
So, what’s the story behind this trend? I’ll answer it in a series of blog posts called The Anatomy of a Hack: The Internet Age of Criminals.
I’ll start with an example of the kind of things that are happening.
In 2014 there was a company called Code Spaces who literally went out of business in 12 hours because they got hacked. Here’s what happened. Code Spaces provided cloud storage, source code, and different kinds of hosting capabilities for 200 business customers. They built their infrastructure using Amazon’s EC2 (Elastic Compute) product rather than racking and stacking their own servers and buying their own space in a data center. This type of cloud-based infrastructure is not uncommon because it is so cost-effective.
Code Spaces had a control panel on their EC2 product that was broken into, and the thieves left some pretty heavy extortion demands on them. Cyber Spaces refused to comply and attempted to fight back to regain control over their control panel. It didn’t work. The extortioners deleted all the data belonging to Code Spaces and all the data belonging to the customers. Within 12 hours, Code Spaces lost everything and shut their doors. Which leaves us with many questions: How did this happen? Could it have been prevented? Who did this?
It’s Not Who You Think
Do you remember the 1983 movie War Games? Matthew Broderick played a bored but curious teenager who had too much time on his hands and used his computer to accidentally almost starts World War III. This movie set up the stereotype of a hacker that is still perpetuated today. It presented a hacker as an individual and harmless person, usually in a hoodie, going around and causing all these problems.
That just is not the case. We are in the Age of Internet Criminals, and the hacker looks more like a mobster than a teenager in a hoodie.
The Millennial Mobster
Online criminals and online gangs are driving this dangerous and illegal activity all over the world. Worse, these gangs are sometimes backed, or at least protected, by their government.
Take Evgeniy Bogachev, for example, a criminal on the FBI’s most-wanted list. There is a lot of evidence to suggest that he is being protected and supported by the Russian Intelligence Services. Bogachev writes malicious code and breaks into banks silently to steal money. But when he’s in there stealing money, people are looking over his shoulder from the Foreign Intelligence Service saying,
“Hey, while you’re in there stealing the money, could we have that file? Can you grab that database and that information?”
It’s an excellent cover for any government agency because they’re not the ones actually doing the breaking and entering. This kind of scenario is so prevalent that it has become the new normal in cybercrime.
The New Normal of Cybercrime
These organized criminals, often in cooperation with their government, are driving the six trillion dollars in damages predicted by 2021.
If you’re an executive, or you work for an executive, you should consider Bogachev to be a competitor, in a sense. Cybercrime has become an amazingly profitable business.