Pandemic accelerates growth in cybercrime

The coronavirus pandemic has fundamentally changed the way we work. And that includes cyber criminals, who have had a particularly busy and lucrative time. Canalys, a tech market analysis firm, has reported that 30bn data records were stolen in 2020 — which is more than in the previous 15 years put together.

Two big trends have contributed to this. One is our growing dependence on networked technologies, massively accelerated by the pandemic; the other is the increased outsourcing of computer systems to cloud-based companies. This combination of ubiquity and concentration provides an exceptional opportunity for cyber criminals.

Cyber crime comes in two distinct guises: cyber-dependent crime, such as hacking, and cyber-assisted crime, which is merely traditional organised crime made more efficient by the use of computers.

The most notorious recent instance of hacking emerged in December 2020, when FireEye, one of the world’s biggest cyber security companies, announced that its defences had been breached. Things are bad when the specialists on whom everyone else is counting for protection prove to be vulnerable, and the news over the following week duly confirmed this, with thousands of organisations turning out to be potentially compromised.

FireEye was a victim of the so-called SolarWinds hack, whose perpetrators — most likely but not definitely Russians — exploited what has become the greatest problem with our dependence on networked computer systems: scale.

SolarWinds is a Texas-based company whose software manages the administrative and security networks of companies, institutions and government departments around the world, including the US Treasury. By surreptitiously hijacking that software, the hackers stood to gain detailed insights into up to 275,000 SolarWinds customers. In the event, the company said only 18,000 had actually downloaded the updates that the hackers exploited.

“SolarWinds was the Wizard of Oz moment for the industry, and we’ve said goodbye to Kansas for a long time,” says Rafal Rohozinski, founder of SecDev, an Ottawa-based data analytics company that specialises in digital risk. Rohozinski argues that “all cyber security is ultimately based on trust. SolarWinds broke that trust chain and if you can no longer trust your most trusted system, who can you trust?”

Dirty work

In January, US security agencies said the attack was “primarily an intelligence gathering effort”, but the line between espionage and crime is far from clear. State actors and cyber criminal groups learn from each other, hire each other, and buy and sell hacking tools and digital vulnerabilities to each other on darknet forums. States often outsource their dirty work to organised crime groups or private intelligence companies in order to provide a layer of deniability.

In March 2020, for example, a hacking gang called Maze launched a ransomware attack — where data is made unavailable until a ransom is paid — on a London medical research centre. When it did not pay up, Maze posted confidential patient information online. What makes the attack noteworthy — beyond the callousness of its timing during a pandemic — is that the centre was working on Covid research. In July, the UK’s National Cyber Security Centre, with endorsement from the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, warned that Russia’s intelligence services were using cyber attacks to steal vaccine-related intellectual property.

On the heels of SolarWinds came Hafnium, purportedly a Chinese espionage group which compromised Microsoft email software. The damage here consisted not only of data lost to China in the initial hack, but also in money lost to the criminal groups who launched secondary hacks. According to cyber security company Crypsis, successful ransomware attacks netted an average of $115,000 in 2019, but that does not account for the costs of the disruption, which can be far higher.

Verizon, the US telecoms company, has reported that 86 per cent of breaches are financially motivated and that only 10 per cent are espionage. But the lines are blurred here, too: the 2016 theft of $81m from Bangladesh’s central bank has been attributed by some digital security experts to a North Korean group, desperately trying to bolster Kim Jong Un’s foreign currency reserves.

However, cyber-dependent crime is only half the story. Over the past decade, the influence of the internet on organised crime has been transformative. Few, if any, criminal networks operate now without assistance from internet-based technologies.

Cops and hackers

Crime was a latecomer to the digital revolution, though. Organised crime went global in the 1990s as the east European revolutions combined with the opening of previously protected or sanctioned markets such as Brazil, South Africa, India and China. At the heart of this “gangster capitalism” was the privatisation of state assets, especially in former communist countries. There was also a huge expansion of the trade in illicit goods and services, a boom that continued to this day.

But, for the first 12 years or so after 1989, law enforcement officials and policymakers did not have to concern themselves unduly with cyber crime. That changed as criminal hacking and phishing communities emerged in online forums. By the end of the first decade of this century, signs of a fusion between traditional mafias and hackers were proliferating.

In 2013, Belgian police uncovered a drug importation scheme into the Port of Antwerp, which involved a Dutch organised crime group that had co-opted two hackers to break into the port’s computer network. The hackers were able to track sea containers in which cocaine was being smuggled alongside legitimate cargo. The information allowed the criminals to intercept the containers before the legitimate owners did.

Encrypted messaging is central to successful crime these days. Almost 30 per cent of drug users in Britain have used the darknet to buy their supplies, a figure that may have risen still further during lockdown, according to the National Crime Agency.

But legitimate platforms, too, are used to facilitate crime. As early as 2014, the Wildlife Justice Commission, which combats the trafficking of endangered species, identified how use of the Chinese messaging app WeChat had enabled the emergence of a new hub for illegal wildlife products in Vietnam catering largely to Chinese customers.

Crime rates are likely to keep spiralling unless governments reorganise their police forces. Increasingly, law enforcement agencies need specialists with hacking and computer security skills in order to police the burgeoning world of cyber criminality. Globally, there are an estimated 3.5m vacancies for cyber security engineers.

But here is the problem: the dearth of engineers means this is one of the best-paid sectors in industry. In the UK, the average wage is roughly £56,000, which is about the same as the starting salary for a chief inspector of police.

It is not clear that the public is aware of such budgetary realities, or of the changing nature of crime. Law enforcement officers worldwide say that the public still demands more “bobbies on the beat”, not cybercops online.

That perception must change — or politicians will have to find the resources to deliver both types of policing. Otherwise, the surge in cyber crime that we have seen over the past decade will continue to blight our increasingly digital world.

Misha Glenny is the author of ‘DarkMarket: How Hackers Became the New Mafia’ (Vintage)