Specialized Cyberattacks

At the retail level, hackers can seize a consumer’s identity and financial assets without leaving a trail for law enforcement to follow. Identity theft inflicts an average loss of $5,100 on each of the twelve million US victims each year.  Most of us know a relative or acquaintance whose credit card details or personal information has been snatched, then used illegally.  We know it is hard work to recover financially and to overcome the anguish of having our privacy violated.

Retailer databases are juicy targets for hackers in the identity theft racket. Hackers usually wholesale the stolen materials to other criminals who break the haul into smaller parcels, which are converted into cash through ATM machines or through the purchase and return of merchandise.

Perhaps the most infamous of the attacked retailers is Target, where in 2013 the names, phone numbers, and email addresses of 70 million customers were stolen.  Home Depot’s attack was just slightly smaller.  Fifty-six million credit-card accounts were compromised, and 53 million customer email addresses were stolen.  Hackers gained access to Target and Home Depot databases using an authorized vendor’s credentials.

Hackers snatched credit card and debit card information for 40 million of Neiman Marcus’ customers. Other hackers attacked databases of smaller retailers.  UPS, Goodwill, P.F. Chang’s, Sally’s Beauty Supply, and Michaels have lost customers’ personal and financial information to hackers.

Imaginative hackers do not limit themselves to retail stores.  Anthem, the nation’s second-largest health insurer suffered one of the largest data breaches in the healthcare industry.  Hackers stole Anthem’s customer names, dates of birth, Social Security numbers, member ID numbers, addresses, phone numbers, email addresses and employment information for 80 million people.  Another 140 million consumers personal and financial data was exposed by hackers in a recent Equifax debacle.

The same breaches are not aimed directly at consumer finances.  The Federal Office of Personal Management (OPM) reported that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen and 1.8 million relatives and other associates had information taken. Including 3.6 million current and former government employees there were 22.1 million victims.  The state sponsor of the OPM attack is believed to be China.  China was likely seeking identities of US intelligence workers, not the money available from identity theft.

In the above examples more than 390 million people suffered personal information compromised in hacker attacks on named retailer, health care or government databases.  Some must have been victimized twice, perhaps more often since many database breaches were neither mentioned nor counted.  The victim count is so large and the events so common that most Americans are aware of the attacks and the impeding damage we face.  We feel anger toward the hackers and to the retailers whose shoddy security leaves consumers exposed.  We also wonder why so few of these hackers are apprehended and aggressively prosecuted.

A separate class of cyberattacks is perpetrated by hackers who work for rival nation states.   These spies work to identify our military capabilities, designs and plans, and to disrupt our economy or social cohesion, to sour our relationships with prospective foreign allies, and to conduct counterintelligence.  Instead of just collecting information, these hackers will also plant falsehoods or noxious instructions in their targets (e.g. Stuxnet in Iran’s centrifuges).

To avoid revealing sources and methods, our national security agencies seldom announce these attacks. We are chilled by what might happen in cyberattacks of our critical infrastructures – poisoned water, dam overflows, power grid outages, air traffic control chaos, sabotaged pipelines and the like.

Our long-term cyber-allies are called “Five Eyes” which includes Britain, Canada, Australia, New Zealand and the US.  We have common interests with the European Union countries, but intelligence sharing was burned by revelations that we had wiretapped some of their leaders.  That pushed some allies into an uncooperative posture.  Five Eyes share information on cyberthreats, but they are not prone to leaking sensitive information.  Israel, Iran and North Korea are intermittently cyber-active, and Israel is friendly toward Five Eyes.  Russia and China are full-time cyber-players active against the US.

Russia has an extensive track record.  It has shown strong cyber skills.  It knows how to hide its fingerprints, when to keep its mouth shut, and it seems to successfully prevent intelligence leaks.

Since 2010, Russia’s Turla spyware has been used to infect, monitor and sometimes control Ukraine’s government networks in the lead up to warfare along the Ukraine-Russia border.  Its presence within government networks helped it immensely in the Crimea and Ukraine border wars.

By 2014, Turla had infected  hundreds of government computers across Europe and the United States.  More recently, Russia caused distractions and embarrassments for US election candidates.  Surely there are security failures in Russia and China, but their rigid secrecy on security matters avoids the revelation of most embarrassments.  That said, the US has authored some of its own cyber-problems.

Our NSA had a practice of stockpiling information on flaws and exploits for major software products that our rivals may use.  Knowledge of those vulnerabilities can help us exploit the flaws to our advantage, but if that knowledge is dispersed to enemies, it can be used against our military and the civilian economy.  NSA lost control of one such stockpile and some elements rebounded through a third-party called Shadow Brokers as WannaCry, a ransomware nuisance.  For a short while, Microsoft stockpiled product “bugs” but smartly patched those flaws before anyone could use them against us.

For reasons unknown, the NSA and DoD seem lax in allowing employees or contractors to leave secured buildings with classified material.  Laxity resulted in Edward Snowden’s traitorous release of vast amounts of cyber intelligence that puts Americans at risk.  Neither he nor other perpetrators have been prosecuted to an extent commensurate with the damage they caused to the US.

FacebooktwitterredditlinkedinFacebooktwitterredditlinkedin