Cyber Crime on a Global Scale

ScaleOfCyberCrime.jpg

Cyber bad guys operate at all levels, from intercepting your car's bluetooth, to using apps and the Internet to steal private financial details of tens of millions of citizens.
Even a single person can create cybercrime mayhem.
In April 2015, Navinder Singh Sarao, a 36-year-old, appeared in court in the UK wearing baggy sweatpants, running shoes and a hoodie. This small-time investor drove a broken-down car, and lived in his parents' run-down flat near the flight path of Heathrow airport. But back on 6th May 2010, he had used off-the-shelf software to manipulate high-frequency trading algorithms to create the infamous 'flash crash'.
He sent the Dow Jones industrial average on a wild ride up and down some 1000 points. He briefly wiped over $1 trillion from the stock markets. To put that in perspective, that's about 1/60 of the gross domestic product of the entire planet, for a whole year. And along the way, using techniques called 'spoofing' and 'layering', he picked up $40 million, all done using a simple home computer.
Given it's that easy for one person to create havoc, think how much easier it would be for a government with all of its resources. People talk about 'cyber warfare', but it is a fairly vague term, referring to governments attacking other governments. Specifically, what happens when governments use the internet for sabotage, espionage and subversion.
Financial markets, military assets, communication networks, infrastructure of many types, if it's got a computer, it can be hacked.
In September 2010, the nuclear enrichment facilities in Iran were attacked by the Stuxnet-worm.
The Iranians were purifying uranium up to weapons-grade using centrifuges. These centrifuges were taken over by this worm. They spun so quickly they destroyed themselves. But while the attack was actually happening, the control panels of the Iranian operators wrongly indicated that the centrifuges were spinning normally.
This attack delayed the Iranian weapons-grade uranium program by over a year. Who did this? In June 2012, the New York Times claimed that President Obama had authorised this sabotage.
A modern country relies absolutely on infrastructure — sewerage, transport, drinking water, power, and so on. In 2009, President Obama said: "cyber intruders have probed our electrical grids".
Then, in 2012, an American company that monitors over 50 per cent of the gas and oil pipelines in the USA discovered that the Chinese had hacked its computer systems.
Were the Chinese simply looking for industrial secrets? Or were they planting bugs, so that they could shut down the US energy grid if China and the USA were to have a conflict sometime in the future?

In 2012, Iranian hackers took control of 30,000 computers belonging to the world's largest oil producer, Saudi Aramco. We know they changed the Aramco logo to a burning US flag. But what else did they do?

In March 2013, the major banks and broadcasting TV stations in South Korea were hacked. Was North Korea to blame, or was it somebody pretending to be North Korea?
In the Middle East, the Syrian Electronic Army hacked into the Twitter account of Associated Press. They then published a fake news item about a bomb at the US White House. That incident alone sucked $136 billion out of the US Equity Market.
One of the beauties of cyber warfare is its anonymity. While there are suspects, there is often still not enough information to positively identify the culprits.
Cyber warfare can also be done relatively cheaply. But of course, you get better results if you spend more.
In May 2010, the four-star general, Keith Alexander, was put in charge of the newly formed US Cyber Command. By 2014, its budget had jumped from $1 billion to $4.7 billion. They claim they need this money to deal with incessant attacks from other governments.
As part of their recruitment, the US Defense Department has annual competitions with cyber warriors running banks of military computers. Each team typically has to protect five computers (which are running seven different operating systems) against relentless waves of ever-sophisticated cyber attacks. 
China and many other countries are doing the same. After all, since time immemorial, teenagers have been given weapons and told to fight. Apparently this is the 21st-century version.
Ein News:  http://bit.ly/1Llc8Bs

 

« FBI Director says ISIS Could Cyberattack the US
Silicon Valley a Major Player in Cyberwarfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

C3i Hub

C3i Hub

C3i Hub aims to address the issue of cyber security of cyber physical systems in its entirety, from analysing security vulnerabilities to developing tools and technologies.

Symptai Consulting

Symptai Consulting

Symptai Consulting is a leading Cyber Security, Digital Transformation and Anti-Money Laundering firm serving the Caribbean and the wider world.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.