With the recent attacks on Sony and, yet more recently the attack on UK based game manufacturer CodeMasters, to say nothing of the attacks on Google, several international banks and even the IMF, it leaves one wondering: Are cyber-criminals stepping up their game? Or is this just a continuation of a pre-existing war?

Only 10 years ago, a large percentage of the population wouldn’t even consider online gaming, banking online or sharing their life via social networks. It wasn’t that the facilities didn’t exist, it was more that they were the domain of geeks and nerds, those with a little more technical nounce than the ability to find the on button.

As high speed internet became commonly available (and cheap), so more and more people could join the online community. Doors were opened to the world at large and, in many respects, were unfortunately left wide open for anyone to wander in.

Without going into the mathematical complexities surrounding encryption, it is well known that our current encryption algorithms are dated.

Today encryption is everywhere. Whether it is for setting up a secure connection between your home PC and your bank, or whether its converting your rememberable password to a unique yet seemingly random sequence of characters so it can be stored for later comparison, the methods used vary from the very weak to the supposedly super-strong.

They say that the weakest point in any system is the end user. This is true. If a computer chose a random password for you, it would be impossible to break. The problem there is, it wouldn’t just be impossible to break, it would also be impossible to remember, mainly because a computer has a much larger alphabet to choose from than the average bloke off the street so any password a computer generates would not only be exponentially longer than we can memorise, it would also contain characters we simply do not understand.

It is this very problem which has lead to weaknesses in our entertainment and financial sectors in recent years. For Sony, it was a design decision taken early on at a time when the method they chose was still considered strong. With the IMF, to all intents and purposes, it appears that a highly targeted attack was carried out against key individuals in order to plant “trojans” or software based listening devices on to their computers in order to capture passwords and other information as it was entered. The trojan would then feed this information back to its source as well as use the information itself in order to download as much as possible before discovery.

As with all attacks against major corporations, the end result is the same. Yes, the corporation may get slated for not protecting its assets, yes they may lose revenue, but the real loser is not big business, they are usually well protected. The real loser in all of this is always the end user.

When we look at the information stolen from the entertainment industry, it generally revolves around credit/debit card information, names, addesses and dates of birth. All of this information can be used to build false identities and for a hacker, this is the real goal. Identity theft is a huge business. A haul the size taken recently from codemaster, which although not stated directly is classed as significant, would probably sell for tens of thousands on the black market, and that haul did not include payment details.

I suppose that its easier to identify the loss to ourselves when a games company gets hit in such a manner. When its banks we are all too easily convinced that its the money that they are after, yet banks have more information about us than anyone else, and in the wrong hands that information is priceless.

Hacking started out as a university prank, yet today it is an industry worth billions. Every time an attack is carried out, the value of that industry goes up. Every piece of information stolen has monetary value and the more information that gets taken, the more value that adds to the industry and the more misery gets wrought onto the end user.

This is a war which has been raging for some time, and as long as there is information to be had, will continue to rage.

When the criminal population first cottoned on to the concept of breaking into systems, a large part of that was about money or wreaking as much havoc as possible. At that time security over the wire was virtually unheard of, information was transmitted in a way that anybody could collect and use and systems were wide open to all manner of exploits. Today, we are more alert to the issues but many of our protections date back to a time when we weren’t.

Whilst the nature of cybercrime has not changed over the years, the goals have. Today we rarely see viruses of the scale of melissa, or worms the scale of code red. That isn’t to say they are not still out there but today cyber-crime has taken on a more surreptitious role. Your system might still be infected, but the goal of the infection is no longer destruction. Today it’s espionage and that espionage is being carried out on a global scale.

Leave a Comment