WEBSITE CYBER SECURITY CONSULTING

Unfortunately, everyone who owns a computer today has also become quite intimate with viruses, ransomware and adware. Cyber security has grown alongside the threat; however, most people do not have as close of a relationship with the features that protect them as they do with the software that hurts them!

Learning the history of cyber security is a very important aspect of learning how to protect yourself and keeping up with the latest options. Let’s start at the beginning, show you how the good guys have been protecting us since day one, and bring you up to speed on the modern technology that can protect your businesses and personal information online today.

The Advanced Research Projects Agency Network (ARPANET), the precursor to what we now know as the Internet, was a private information sharing network used strictly by government officials. Two advancements – packet switching and the TCP/IP protocol – were first used here and became the basis of Internet protocol. The ARPANET structure became fully functional in 1975 and was under the jurisdiction of the Defense Communications Agency. It became a hub of distribution for unclassified military communications and many dark government projects that were never meant to become known to the public – in short, the most powerful and clandestine network that humanity had ever known.

Arpanet Network Diagram

The Early Attacks

In 1983, this network fell into the hands of a single high school student.

In 2016, Kevin Poulsen serves as the senior editor of Wired News, one of the premier technology publications in the world. In 1983, Poulson was a young hacker who found his way into ARPANET to gain complete control of the entire US military communications network for a short time. Although Poulson’s attack was reversed relatively quickly, he would become first in a line of ambitious coders and computer engineers who would take down some of the biggest systems across the world, sometimes for no other reason than to test their skills.

Here are some of the top cyber attacks in the history of the Internet, attacks that caused software developers and consumers alike to demand upgrades in security.

1988 – Just out of Cornell University, Robert Morris created the first Internet worm with 99 lines of code. Although he did not originally mean the code to be a worm, he noticed that every computer that came into contact with it became infected. He was arrested for this attack in 1990.

1990 – The same Kevin Poulsen who took over ARPANET in 1983 took over the entire communications system of Los Angeles to win a radio contest for a Porsche 944S2. For this scheme, he was actually arrested and sentenced to prison for three years.

1990s – Kevin Mitnick is known as the “father of hackers” for his many break ins into some of the top telecommunications systems in the world, including Fujitsu, Motorola, Sun Microsystems and Nokia. For all of his activity, he was imprisoned for five years and released on parole in the year 2000.

1993 – A group of hackers who were known as the “Masters of Deception” hacked telephone systems and successfully worked their way into AT&T, Bank of America and the National Security Agency. The hack basically allowed people to get free long distance through a bypass directly through to the pbx of carriers.

1995 – The movie “The Italian Job” was based loosely on the activity of Vladimir Levin, a Russian hacker who digitally stole $10 million from Citibank. It is likely that he would not have been caught if he had not been so careless in transferring this money into multiple accounts across the world.

1996 – Timothy Lloyd, a hacker from the United States, used only six lines of computer code to take down the entire network of Omega Engineering, a supplier of hardware to the United States Navy and NASA. Omega took a $10 million loss from this single attack.

1999 – David Smith created $400 million is damages across the world through his Melissa virus. 300 companies had their entire networks completely destroyed.

2000 – MafiaBoy, a minor, hacked into many of the world’s most largest websites incluing Yahoo, Amazon and eBay.

In the early days of hacking as noted above, the perpetrators were usually individuals, and although they were very highly skilled, they were mostly unable to avoid capture after investigation. This is not the case with the current generation of hackers – malicious entities now have entire networks of automated computers. Countries are also creating their own hacker networks to move against rival government networks. In short, in order to protect your proprietary information today, you need a network that is just as robust as the people who are trying to infiltrate it, especially since even the largest systems in the world could be hacked by a single individual.

Many attacks after the early 2000s were not as easily marked, as the turn of the millennium seemed to bring with it a new level of sophistication in cyber attacks. The precautions taken by government agencies and the general public because of the Y2K scare created a temporary lull in cybercrime. However, the underground community of hackers was not long to be discouraged, and as the popularity of cyber security waned in the wake of Y2K, all that was left were the stronger systems that hackers had created to get around the increased security and personal vigilance.

In March of 2013, the Director of National Intelligence of the United States James Clapper named cybercrime as the single most important threat to national security. According to Clapper, the attacks that occur today are more frequent, they come from multiple sources at once and they disrupt systems at a higher level. If an attack were concluded successfully on a single large power facility, the result would be a stoppage of commerce in many cities.

Many hackers targeted large companies and government agencies in the early days of hacking because there was very little personal commerce on the Internet during this time. However, with the rise of all digital and credit card transactions online, cybercriminals now find it quite lucrative to focus on smaller companies and even individuals.

2013 seemed to be the turning point for online tools as a mainstream option for personal commerce. In that year, Millennials began to spend substantial amounts of money per capita in online shopping – around $2000 per head. The slice of total retail sales taken up by online sales continues to grow from 1% in the year 2000 to 6% in 2013 with a positive trend ever since. It is no accident that attacks on personal accounts and small business operations increased at approximately the same rate during the same period.

At the same time that relatively naive individual consumers entered the digital market, the government agencies that once served as a free lunch for talented hackers continued to ramp up security for themselves. Many of the hackers of the early 1990s and 2000s were even usurped into government positions. Newer hackers now had a double incentive to focus on the less protected, consistently growing personal and small business markets for digital commerce. This is especially true of the burgeoning market taking place on the smart phone.

According to the CyberEdge Group, mobile devices are widely perceived as the weakest security links in IT. Currently, one in every four smart phones or tablets encounter a monthly threat, and there were over one billion mobile phone records that were breached in 2014. This is especially telling when you realize that the overwhelming majority of these attacks were placed on Apple operating systems, a system that was previously thought to be impenetrable, especially when compared to PCs. There was five times more malware for the OS X than in the five years previous, with Android coming in a close second with a 188% raise year over year.

And what about Windows – the system that served as a punching bag for so many hackers in the 1990s? Windows based phone systems are lagging so far behind in sales that many hackers do not see a financial incentive. To hear many industry executives tell it, this is a huge part of the reason that Microsoft is moving into a fundamentally business services model as its baseline going forward.

One of the most important updates to malicious attacks in the latter part of the 2010s was ransomware. Instead of completely trying to take over an operating system, ransomware aims its claws at files within your system. One of the more effective ransomware packages extracted money from its victims by targeting important files on smart phones, encrypting them, and forcing the user to pay money to get them un-encrypted.

Ransomware first made its way to Apple systems in a big way in the form of KeRanger, and the result was devastating in two ways. First, the actual damage done to consumers was quite significant (figures are unknown because it is impossible to know how many people actually paid the ransom). However, more importantly, Apple finally lost its status as an untouchable operating system. The attack is sure to embolden copycats in the underground hacking community, especially since Apple is a relatively new target.

One aspect of understanding hacker culture is to understand their motivation: Most of them are not in it specifically for the money. If a hacker takes down an untouchable system (like Apple), the respect can be worth more than any amount of money they could steal. In a way, this attitude is more dangerous than people who are looking to steal money, because the passion these hackers put into breaking a system down ensures they will not stop until they achieve what they deem to be a victory.

Over 50% of enterprises, including Apple, admit that they do not even have the technology in place to even detect a threat that is sophisticated enough. There are no real time eyes on cyber threats, meaning that hackers automatically have a jump on the “good guys.” When you apply this Apple, and specifically on a large financial merchant network such as Apple Pay, you begin to see the scale of what hackers can do if they are allowed to.

Health care records and social media are two of the most prevalent targets for hackers. In the case of health care and social media, the goal is to steal information from personal accounts to sell on the dark web. The latest breach includes over 150 million profiles on voters in the United States. There are also social communities such as Lookbook that have been hacked to the tune of 1.1 million records and various databases for health care that include 9.2 million personal records. The CEOs of Google and Oculus, Sundar Pichai and Brendan Iribe respectively, have found themselves on these hacked lists – “OurMine” is the hacker group that took credit for this particular hack.

The records that are stolen here may find their way back into the hands of supposedly legitimate companies. The purchase of these records can be hidden to a large degree because of the prevalence of Bitcoin and other cybercurrencies on the dark web, the underbelly of the Internet where the transactions of many of these stolen lists takes place. So far, the coordination between supposedly legitimate companies and hackers has yet to be fully illuminated, but this may be the reason that you find sales spam in your email from companies within just a few days of opening a new account.

Other significant hacks within the last few months of 2016 include the DAO foundation, the SWIFT messaging system, a GoToMyPC hack and a nearly $10 million hack from a bank in the Ukraine.

Although the landscape looks dangerous, there are things that you can do to protect yourself quite robustly. Here are the security features that you should look for in a security partner as well as the actions that you can take in house to protect your personal information and your proprietary intellectual property.

Covering Vulnerabilities

There is an incredibly low barrier to entry when it comes to creating an app, meaning that you might be inviting a Trojan or other piece of malware if you do not watch what you download. The first tactic that you can employ is to verify the producer of any app that you put onto your phone – does this studio have a history of good security on its side? How many apps has this group created in the past, and what was the response to those apps in terms of security? You can bet that the comments section will be ripe with criticism if any app serves as a Trojan horse, so read the comments section thoroughly before committing to an app.

As purveyors of the two largest distribution centers for new apps, Google and Apple have taken great pains to ensure that their operating systems are able to detect and remove malware that comes in from apps on their platforms. You can protect yourself by making sure that you have the latest update to the operating system on your phone as soon as it comes out. Do not ignore any of the update reminders that you receive – take them immediately before downloading any new apps.

Additionally, you can avoid many pieces of malware by only downloading apps from the larger app distribution networks such as iTunes or Google Play. If you are prone to try to circumvent a $0.99 download fee by moving into the world of torrents, keep in mind that most Trojans come from this world. Look at the $0.99 as a fee for security if you need to, because it is virtually impossible to create any sort of viable security policy on a BYO device.

Keeping Up with the Latest Vulnerabilities

Many researchers make it their business to locate and identify new threats as they come out. Some of the latest pieces of malware include LinkedOut, Malicious Profiles, No iOS Zone and Invisible Malicious Profiles. Keep up with these vulnerabilities and the fixes that security experts create in opposition to them.

You are much more likely to run into threats using a mobile phone because of the sheer number of networks that you connect to when you use a mobile phone. Mobile devices currently need to connect to anywhere from 10 to 100 times more networks than a desktop PC just to work. Many different types of attacks will work in this kind of an open environment that would be much harder in a desktop PC environment, including Man in the Middle attacks, traffic redirection and decryption attacks. This is true even if your WiFi connection is turned off – your phone can be coerced into joining a malicious network without your consent in the same way that it turns itself off after a certain amount of time depending on your settings.

Security Consultation for Websites

All of the day to day precautions will only reduce your instances of running into a malicious user or coding, not eliminate them. Self protection is also hindered by the fact that most people have other things to do outside of constantly check their phones for new security updates and run antivirus programs on every app. As stated before, the only real way to consistently reduce the threat of malicious programs is to equip yourself with a network that is of the scale of the network that is attacking you.

Outsourcing your day to day security is especially important to consider if you are running a small business. The usually unprotected shared networks that small businesses inhabit make them a very meaty target for modern hackers. Getting caught in the crossfire of an attack that is not even meant for you is par for the course if you do not have a professional security network that is watching your back day and night.

Personalized IT Security for the Business World

24 hour protection is essential if your business is of any substantial size. If you are responsible for the personal or financial information of clients, then you may have a legal responsibility to protect your business network as well. Your risk is heightened if you use your mobile devices for a substantial portion of your online commerce.

Personalized IT security services for the small business market have become much more robust in the past few years. In order to build a business, you need this 24 hour, established protection to surround you at all times. Professional security will help you stay in compliance with new regulations that are levied on the business community from time to time, especially if you are doing international commerce. You will also drive customers to you as they recognize the seal of quality from the security network that you employ.

Outsourcing your security to a professional network also allows you to do better day to day business. There are very few companies, especially small businesses, with the in house staff to direct specifically to the security of the company. When you outsource, you allow your in house staff and yourself the ability to focus on building your business rather than worrying about each download and update.

The history of cyber crime and the response to it shows a definitive trend – as the money moves, so does the target. Protect yourself well in advance of a malicious user targeting your business with the right security features from day one. If you prepare yourself for the eventual attack today, you will be much better prepared to ward it off when it actually comes. You may even be able to completely avoid being on the radar of malicious users with the right security team by your side