The reach and potential of cybercrime grows with every new device that’s connected to the internet, and with every industry that moves to an online platform.
Cybercrime is no longer just about corporations losing intellectual property. Today, it’s hospitals having their equipment locked by hackers until a ransom is paid; it’s hackers being able to seize control of cars while we drive them; and it’s our personal information being sold online to the highest bidder.
Deputy Attorney General Rod J. Rosenstein said at the Cambridge Cyber Summit on Oct. 4 that the cost of global cybercrime is expected to grow from $3 trillion in 2015 to $6 trillion in 2021, citing research from Cybersecurity Ventures.
Rosenstein also noted that as he spoke, the United States was dealing with “one of the largest breaches ever of a private company holding sensitive financial data” after 145 million people were affected by the breach of credit-reporting agency Equifax.
When Trump declared October as National Security Awareness month on Sept. 30, he noted that “All Americans are affected by threats to our Nation’s cybersecurity,” and called on “people, companies, and institutions of the United States to recognize the importance of cybersecurity.”
According to Daniel Wagner, the threat of cybersecurity has gone beyond the realm of cyber. He registered a new term to describe it, which he also used as the title of his new book, “Virtual Terror.”
Wagner noted that when terrorism enters the realm of cyber, “all of those traditional measures are surpassed. It’s not just about political objectives and causing physical damage to promote your means—it goes into another realm that encompasses literally everything.”
New Form of Terrorism
Virtual terror is a much broader definition, he said. It encompasses anything related to digital snooping, stealing, creating war, causing damage or harm to individuals, businesses, governments, or groups.
“When you have 145 million people who have essentially had their identities breached, that impacts so many aspects of their lives,” Wagner said, referring to the Equifax breach.
He asked who would call that breach terrorism, according to that term’s usual definition. But then he said, “by virtual terrorism’s definition, that’s right in the bullseye.”
“Cyber only seems to encompass theft and security, what virtual terror does is encompass fear and damage,” he said. “The one thing traditional terror has gone on is its ability to scare people, to have an impact on their psyche.”
Wagner noted that when it comes to technological developments, the world is teetering between the glossy, high-tech future, and the nightmarish digital dystopia.
The problem is that we’re pushing more and more of our lives into the digital space, and allowing technology to play a greater role in managing our lives and societies, but the security and protections of individuals are not keeping pace with developments.
“It seems to me like we’re at a pivot point. It’s very bad, but not so bad that we can’t turn the tide,” he said.
Some companies are now looking at biometric fingerprints or facial recognition to work as passwords for devices. While these technologies seem flashy, however, Wagner noted that unlike the current passwords, your face and fingerprints are relatively permanent—if someone steals them, they have access forever.
He noted cases in Japan, where Japanese police have uncovered at least nine instances where Chinese citizens had surgically replaced their fingerprints to take on someone else’s identity. Some of these individuals even went to Japan and married Japanese people who thought they were someone else.
“That’s already happening,” he said. “People are getting around biometrics.”
Technology and its impact on our lives doesn’t stop at banks and finances, however. Wager noted that major countries including China are talking about the militarization of space, and “If you have the ability to militarize space, what would prevent you from nuclearizing space? Nothing.”
Even when it comes to the helpful technology—the type that doesn’t cause us direct harm—if we become overly reliant on it, what’s the impact if a virtual terrorist suddenly disables the system? Many nations already have capabilities for electromagnetic and energy-directed weapons for this purpose.
When it comes to the American power grid, he noted, “It could cripple our grid for years, because most of our grid technology is based on 1970s-era technology.”
Changing Our Lifestyles
The shift that needs to take place is something that is often heard among circles within the cybersecurity community, but that rarely echoes beyond it. We need to move from reactive security to proactive security.
Wagner noted some of his own experiences when he had his identity stolen while living in Singapore in 2002. He received a call from CitiBank saying he owed them $22,000 for two credit cards he never took out.
“Someone had taken out my identity, gotten a drivers license, gotten an apartment, and got a job in my name in Florida—while I was living in Singapore.”
More charges soon followed in Malaysia and the Philippines. He got another call soon after, saying he spent $1,200 in a beer hall in China. Wagner said, joking “I must have bought a lot of beer, and I wasn’t even in China.”
He’s still left guessing what happened, but knowing the cybercrime industry he said it’s likely he handed his credit card to a waitress at a Singapore restaurant—at a time before credit cards had the three-digit codes on the back—and she passed the information along to a network of criminals.
Today, crimes like these are even more common, and much more sophisticated.
Some cybercriminals, he notes, will steal 50 cents from each person—a small enough amount that almost none of them will detect it, but from a large enough group of victims that the hacker can live a life of luxury.
Other cybercrime networks work on a real-time basis. They can steal $10,000 from your bank account, and when you login to check your balance online, they can alter the data to still display that the money is in the account. He said “They have the ability to change the appearance online in a real-time basis.”
Wagner noted that financial institutions have thrown billions of dollars at the problem, but “they can’t prevent it from happening.”
He notes, however, that this is where virtual terrorism comes into play—criminal acts conducted on a large-scale that can throw the lives of its victims into disarray. He said it’s “all about internet-based and remote-control terrorism.”
If more people understood this threat, he said, maybe they’d be more cautious of handing over their credit card data. And if people started becoming more cautious, maybe the banks would also be forced to change the way they work.
“Most people, they want the newest, latest, most expensive gadget, which simply opens them up to a greater possibility of having problems, but they don’t think about that,” Wagner said.
“Now that millions of Americans have had their identities breached, until it affects their pocketbooks they’re not going to do anything,” he said.
“There is some very basic stuff people can do,” Wagner said. “Instead of presuming it’s somebody else’s problem, or presuming it’s something in the future, presume it’s your problem and you need to fix it now.”