One of the most common cyber attacks in recent years: ransomware. Photo: Shutterstock
When an unknown tech term goes mainstream, it’s usually bad news. Think about the “spamThe plague of unsolicited e-mails he threatened “destroy the Internet” 20 years ago. Or even the term cybersecurity, a good example of what is now a big industry, but decades ago, when today’s new professionals were born, it was something very incipient. In case you still don’t feel old enough: Avast was founded in Prague in 1988, after analyzing a virus on a floppy disk.
The expression that is likely to become this year’s bad word is “ransomware,” which, like spam and viruses, is just a novelty in the news headlines. Experts in fields such as cryptography, security, and even corporate security have been dealing with it for many years. Like more well-known malicious hacking attempts, such as credit card information theft, ransomware attacks have gone unnoticed because they have targeted businesses. They attack them, pay them and try to move forward with discretion so that the scandal does not damage their brand image. After all, resetting passwords and refunding stolen money from customers (at times, the insurance will refund the money) is cheaper than showing customers that your company is incompetent and insecure.
Paying the costs of the attack was also considered cheaper than hiring cybersecurity experts and implementing the reforms and maintenance required by good security. Managing public relations, even after the worst attacks, almost become routineand the fact that they have become so common has also helped companies.
“It happens to everyone” it would not be acceptable as a response to an armed bank robbery or, to make a more precise comparison, to a crime wave hitting millions of shops and banks at the same time.
Negotiating with cybercriminals encourages attacks
Negotiation usually creates conflicts. Photo: Shutterstock
Decades of indifference could end today, as the real-world consequences grow ever more dire and the costs of bailouts soar. Criminals risk going bankrupt by asking for sums so large that they don’t go unnoticed in the news headlines. The commercial trend of paying scammers is frowned upon by the public, especially as that money will be used to finance ever-larger attacks. There is a reason why it should do not negotiate with terrorists and kidnappers: Encourage other terrorists and kidnappers.
The other element that emerges is the geopolitical one, which forces politicians, including the president of the United States, to give an answer. When hackers go unnoticed, they’re unlikely to arouse consumer outrage, but when they cause gas outages and threaten hospitals and food supplies during a pandemic, things change. And when there is a face, or in this case a flag, after the attacks, the approach is different.
The United States admitted too late, though better late than never, that Russian hacker attacks are not limited to political or intellectual property targets. Ransomware isn’t just about money when it hits vital infrastructure. We must be careful about the use of the term ‘act of war’ and the consequences it can unleash, but it is clear that it is time to start take cyber warfare much more seriouslynational, corporate and individual.
My views are clear, although it is true that they are somewhat simplistic for lack of further explanation. As with other types of hybrid warfare, when it comes to cyber crimes they are easily denied and often “non-governmental”, deterrence is the only real solution. Trying to arrest all hackers and bring them to justice is an almost impossible task, especially when they are protected or directly supported by their governments.
While law enforcement should not be abandoned, regimes hosting and protecting hackers should be treated as if they harbor any other type of terrorist. Hacking an oil pipeline to shut it down can be as dangerous to national security as blowing it up. Waiting for a catastrophic event to occur before responding forcefully is clumsy. The consequences need to be clarified, early and often. The group “curse”based in Russia according to experts, it vanished in recent days, perhaps to be relaunched under another name and wait for us to let our guard down, as has been the case until now.
The cyber arms race
Putin and the invasion of Ukraine intensified the attacks. AFP photo
For all of these reasons, I was thrilled that New York Times cybersecurity reporter Nicole Perlroth agreed to be a part of Garry’s latest blocking episode. In addition to dozens of stories of recent hacker attacks around the world, Perlroth published a book on the subject this year: “Here’s How They Tell Me The World Ends: The Cyberweapons Arms Race” (So they tell me it will be the end of the world: the cyber arms race).
The origins of Western, especially American, difficulties in the context of cyber warfare, despite their technological superiority and experience, they are a tragic story this must be understood if we are to do anything about it.