We have all heard the continued news drum beat on hacking. Anthem, Sony, Target, Home Depot, Experian, various government and military branches have all been hacked and received their fair share of negative press. People were harmed, leaders were fired, brands were damaged and no one was really surprised. Clearly the cyber threat is increasing and has real consequences. I think the scary part is what is happening at the macro and pattern-matching level and what is changing in the murky Dark Web world.
I am not a singularly focused cybersecurity expert, but I have been up to my neck in tech for 30 years and have a knack for seeing emerging patterns and macro trends and stitching those together to synthesize consequences and outcomes. In the case of the Dark Web, none of that is good news. The emerging patterns should worry us all. As English historian (1608-1661) Thomas Fuller wrote, “Security is the mother of danger and the grandmother of destruction.”
Below is my list of the “Top 10 Scary Macro Cyberthreat Trends.” The areas mentioned below are not mature, nor have they peaked and exhibited the patterns of mid-stage growth or a maturation curve. This is early days, but “progress” is growing in breadth, accelerating and becoming smarter.
1. The Dark Web Pareto
Over the last decade, the hacker population has gone from 80 percent aficionados, hacktivists, deep-end-of-the-pool techies and 20 percent professional criminals to 80 percent professional criminals and 20 percent others. To be clear, lots of acts were actually criminal; but I am referring to organized, professional criminals who are there for the money.
2. “Lego-ization” of the Dark Web
Over the last few years, technology in the Dark Web has been decomposing from often intricate, end-to-end constructed hacks to a place where one merely assembles “Legos,” that are commercially available, albeit inside an anonymized criminal environment. This is not just the ability to buy tool kits with instructions but also the ability to buy “lego-ized” services like illicit call center agent time for more complex criminal activities like getting access to your bank account. Parts of the Dark Web look like IKEA without the assembly difficulty or the inevitable leftover parts.
3. The Dark Web embraces the capital-lite approach
Of course the Dark Web has embraced the cloud computing model for all the ease of use, multitenant, economies of scale and speed reasons we see in the enterprise world. What this means to the criminal hacker or, more likely, hacker organization, is they now can go asset free and just rent the assets they need when they need them.
For example, there are services for running a few hundred million permutations of passwords in under an hour for a few hundred dollars. Hackers no longer need to infect a massive amount of computers to fire up a denial-of-service hack; they can simply rent time on a botnet, a massive amount of “hijacked” computers up for sale in the Dark Web. Most companies still do not have a botwall to deflect bots.
Gameover ZeuS is a massive example of a botnet with one variant being able to generate 10,000 domains a day with over three million zombie computers just in the US. Botnets are sometimes referred to as “zombie armies” … surely there’s a TV series in there somewhere. The Bredolab botnet may have had as many as 30,000,000 zombie computers.
4. Clandestine versus brazen
This one is worrisome. The value, prestige and props side of revealing a hacking “accomplishment” was once a hallmark of this space. Over the past decade or more, that has become a tiny minority. The criminal enterprise would like nothing more than to go unnoticed. The recent massive Experian hack came to light only after the Secret Service let Experian know they had found some of their stuff for sale in the Dark Web. Focusing on avoiding detection by adopting smarter methods, targets, distribution models and revenue capture is better business and is in line with a longer, sustainable view of profit. None of the criminal organizations have boards of directors that pressure them to hit the quarterly sales and operating income figures. A hack is not a moment in time. If a hacker can go undetected, he/she can milk the hack for years.
5. The total available market has grown and is target rich
The target space for crime connected to an IP Node has grown tremendously but so has the value of the content. The massive increase in mobile IP addresses, the online transactions we do and IP-related things like stored value cards or mileage points makes this a giant rich target for crime. It is 100x bigger than what it was just 10 to 15 years ago.
The target space’s growth is accelerating. After banking regulations on the minimum size of banks were relaxed in 1900, 2,000 banks were added in two years along with growth in the relatively new credit union sector. This increase in “target space” spawned bank robbers. The target space for Dark Web crime loves the increase in the target area and doesn’t mind that the “banks” are smaller. The number of people using the Web and the average amount of time spent on the Web continues to increase. I think with the advent of things like IoT, 5G, Li-Fi and a quantum leap in cloud compute capacity per unit cost, this increase will accelerate.
6. Small many versus big few
Over the past decade, the trend in conjunction with the above items moved towards smaller “‘heists,” but a lot more of them. Someone in Venezuela took $2.00 a month off my credit card for 18 months before it stopped despite monthly pleas to the credit card firm. How many people would miss a dollar or two off a stored value card/account that has an auto-refill function like my Skype account.”
What sort of statistical controls would you put on your revenue flows (as a business) to even recognize that leakage? Of course, there are still big hacks going on; but a lot of those are just the front end of a B2B transaction that then sells off that big pool of hacked data to buyers in the criminal bazaar. Small, often and dispersed is harder to catch and more clandestine by nature.
7. Automation of the Dark Web –Timing is everything. As the Dark Web evolved into a scale-based, organized criminal environment, it leveraged modern automation from provisioning to tool sets to communications and even billing.
Blackshades creepware is a great example of automation extending into the consumer product end. Available for $50, it has a point-and-click interface and has internalized all of the complexity. It has automated hacking even for bad actors with very low-level tech skills. It allows the bad actor to browse files, steal data/passwords and use the camera (often relating to extortion). Blackshades infected over 500,000 computers in over 100 nations. A lot of the people who bought this did not have the skills to do any kind of hacking without this kind of automation.
8. Tech getting better, faster, cheaper while talent improves –Late last year, TalkTalk, an ISP quad-play provider in the UK, got hacked and held for ransom by four teenagers. The company estimates $90 million of cost tied to this, and who knows what the cost of the brand damage is. Then there’s also a third of the market cap gone, and they lost 95,000 customers. In all fairness, their security was poor. The point here is, just like the entire rest of the world, the technology in the Dark Web is getting faster, better and cheaper. At the same time, the average talent level is rising, which may not be the case in the non-criminal tech world.
This is happening for three reasons:
- Communities of collaboration and learning are becoming commonplace. Blackshades is a great example of a malicious tool with a super-low point of entry (price and tech skills) backed up by great online help and a community site.
- The likes of The Metropolitan Police Cyber Unit (London), the FBI, Interpol, etc. are all very effective and are continually improving organizations that stop crime and lock up cyber criminals. This is in some ways a culling of the herd that also serves to create a positive Darwinian push on the average talent in the Dark Web.
- The giant upside financial opportunity to use one’s tech skills for nefarious purposes creates a big gravitational pull that is only enhanced by recent economic and national turmoil, especially in places like Eastern Europe, Russia, Ukraine, etc. In addition to that, state-sponsored or affiliated hackers with almost military rigor in their training can often make money moonlighting in the criminal world.
So the combination of forces raising the talent level and the continued effectiveness improvement of tech in general make for a bad combo. The Dark Web is also embracing open source. Peer-to-peer bitcoin-based plays may become the next dark commerce platform.
9. The Dark Web itself
The Dark Web has evolved over the past decade or so from a foggy, barely penetrable to the average Joe, labyrinth of loosely connected related actors, activities and forums to a massive, modernized bazaar thriving with commercial activity with a huge neon sign on the front door saying “Open for Business.” It is not just a bazaar; it is also a huge B2B marketplace where the best technologist criminals can resell their wares whole or in “lego-ized” pieces. Some of these offer testimonials and performance guarantees! This adds to the increasing effectiveness of the Dark Web beyond just riding the wave of technology improvement that we all see.
Beyond that, the Dark Web has moved from what economists call perfect competition to a more imperfect model trending towards oligopoly. In simpler terms, it is not a sea of malevolent individuals; it is largely the domain of organized businesses that happen to be largely illegal. These are organizations of scale that must be run like a business. This new structure will evolve, adapt and grow so much faster than the prior structure because these organizations have mission-focus and cash-flow pressures. Of course, the market forces common in a bazaar will winnow out low-value and defective products quickly simply because word travels fast and customers vote with their wallets.
10. The truly ugly “what’s next?” section
Like many thriving businesses, there is a tendency to move into adjacencies, into nearby markets. This has already happened. There is a lot of money to be had in fiddling with clickstreams and online advertising flows (flows of ad spend; like how Google makes most of its money). Bots account for about 50 percent of the traffic on the Web; of that, about 60 percent are bad bots. There is money to be made in transportation. One can buy fake waybills on the Dark Web to ship a crate to, say, Kiev at a fraction of the price FedEx or UPS would charge even though it will travel FedEx or UPS.
But these may be the least of our worries. Here are four emerging areas that could be leveraged (in a bad way) by sophisticated tech-savvy commercial criminal enterprises alive and thriving today in the Dark Web.
- Internet of Things – It is just the beginning for the Internet of Things. You can read a paper on what may drive the amazing growth and where the potential is by clicking here. The available talent who know how to secure devices, sensors and tags from hacks and stop those hacks from jumping five hops up a network are few and far between and don’t normally work in the consumer and even industrial spaces that make stuff and have now decided to make an IP-enabled model. Few boards in the F500 can have an intelligent conversation about cybersecurity at any level of detail that matters. In short, IoT for the next few years may be a giant hunting ground. For instance, what if a hacker goes through the aircon control system to point-of-sale devices and steals credit card info? That is a target with a big bull’s eye on it. That is what happened to Target.
- Robotics – This is a little further out and the criminal cash flow a little harder to predict, but IP-connected robots is a space that will grow exponentially over the next decade and be at key points in manufacturing, military and medical process flows. What is the ransom for holding a bottling plant hostage? The Samsung SGR -1 (no, not a new phone) is a thermal imaging, video-sensing robot with a highly accurate laser targeting gun that can kill someone from 3,000 yards out. The Oerlikon GDF005 is a less-sophisticated antiaircraft “gunbot” in part designed to be turned on and left to shoot down drones. These things are all hackable.
- Biochem – What if some of the above Dark Web trends extend into this area like “lego-ization,” renting assets and expertise, point-and-click front-end designs? The bad news is that this seems to have started.
- The over-the-horizon worries – Nanotech, Li-Fi, AI, synthetic biology, Brain Computer Interface (BCI) and genomics are all areas that at some point in their evolution will draw a critical mass of criminal Dark Web interest. The advances in these areas are at a pace that is astounding. They are parts of the near future, not the distant future. If you have not looked at CRISPR, go Google it. Things like CRISPR coupled with progressively better economics are going to supercharge this space. Li-Fi coupled with 5G and the IoT, including accelerated growth in soft sensors, will create a large target space. The Open BCI maker community is growing quickly and holds enormous promise. Take a look at the Open BCI online shop and see what you could put together for $2,000 or $10,000. The Ultracortex Mark IV is mind blowing (not literally) and only $299.
So all of this is going to get worse before it gets better. This is clearly not a fair fight. This is a target-rich environment that is growing faster than most anyone anticipated. The bad actors are getting progressively better organized, smarter and architected for “success.” Interpol, the FBI and other law enforcement agencies do great work, but a lot of it is after the fact at the scene of the crime, so to speak.
Enterprises need new approaches to network-centric compartmentalized security. New thinking about upstream behavioral preventative design is needed for robustly secure IoT plays.
National organizations in law enforcement and intelligence need to think through fighting a borderless, adaptive, well-funded, loosely coupled, highly motivated force like those under the Dark Web umbrella. They probably need to play as much offense as defense. Multiple siloed police and intelligence units that are bounded geographically, organizationally, financially and culturally probably will start out with that disadvantage.
Toby Redshaw is CEO of Kevington Advisors and a leading authority on innovation, agility and leveraging modern IT for competitive advantage. He has 30 years’ experience leading technology-intensive efforts in change-intensive environments from both business and CIO perspectives at FedEx, Motorola, American Express and Aviva as well as several startups. He has served on several boards, both private and public. Toby is chairman emeritus of the Kellogg Innovation Network and was chairman of the RosettaNet Council in Telecomm. Contact him at Toby@kevingtonadvisors.com.