A war without weapons, fought via a modem, Wi-Fi and sophisticated viruses. The goal is to peep and steal from you precisely when you think that nobody can assault you. Those criminals move in the shadows, bouncing from one server to another: professional hackers or simply informatics geniuses at the service of terrible international organizations. There are also Robin Hoods among them, or people who are thought to be so, who by making themselves room in the maze of the World Wide Web, want to give the world full knowledge of truth. Only history will be able to tell whether the end justifies the means. Whereas the present calls for us to deal with those people for what they are: thieves, in the best case scenario, terrorists in the worst one.
Their goals can be different, nobody can really say (s)he is safe. Suffice it to consider the names of a few companies which fell victims to online attacks in 2015: JP Morgan, Benetton, Korea Hydro & Nuclear Power, Target, Sony and Ebay. Five giants transformed into dwarfs by as many slaps in the face of global security. Because the stolen data end up in the hands of anonymous people who pursue equally mysterious goals. The alarm was triggered by a report presented at the Verona Security Summit, according to which the well-known American business bank, for instance, has been the victim of a particularly sophisticated attack, that caused a loss of approximately 79 million records (personal data and passwords) of its customers. To strike the blow, the cyber crooks have used the back door (the one through which in horror movies usually comes in the murderer) of the super-armoured computer system of JP, a server which is little used and, therefore, neglected.
The same strategy was used in the case of Korea Hydro & Nuclear Power: one pirate who managed to enter the business part of the South Korean national energy operator’s network. He nicked and spread a large amount of information about the plants, in particular, about three nuclear reactors. The hacker made pressure for those three reactors to be closed. The energy company reiterated that the control systems were not compromised. A reassurance, that does not really change anything: in the future every scenario is possible, even the most dramatic episodes. Which for Target, a giant among the American supermarket chains, materialized in the shape of the theft of about 40 million credit cards from the payment systems of its supermarkets. This blow caused losses of about 1 billion dollars. What proved to be fatal to this chain equipped with advanced protection systems was the delayed reaction to the alert they received from Bangalore. Ten, thirty seconds, or a minute in the world of information technology are equivalent to eons; the executives of Target have learned this lesson.
Broad damage was caused also to Ebay, the mega-platform of ecommerce. The damage of a database has resulted in the abduction of 145 million of files, including personal data and encrypted passwords. This move has forced the company to contact immediately its users and invite them to change their access credentials, so as not to suffer a huge economic backlash. Without forgetting what happened to Sony which has become the butt of a massive attack by north Korean hackers because of the film “The interview” (whose content has supposedly offended Kim Jong-a), produced precisely by the Japanese house. Company’s computer system was deactivated for almost three days. Yet, it did not help to prevent the theft of 38 million documents, including 10 years of mail, salaries, social security numbers, movies which had been released yet, and a series of confidential data in embarrassing or sensitive from several points of view, or even data concerning other companies.
Five cases of a wider and uncontrollable issue, in which thieves are always one step ahead of the guards. Yet, according to the report presented in Verona, hackers usually target critical infrastructures, that represent the core of a country’s growth, telecommunications, supermarkets, but also information websites and companies that operate in the field of health care. “The current scenario is caused by the endemic vulnerability not managed on a global level for too long which ended up endangering today whatever is computerized – explained Andrea Zapparoli Manzoni, a member of the Governing Council Clusit. – As if it were not enough, the organizational abilities of the hi-tech criminals are increasing as their tools grow more and more sophisticated, capable of attacking millions of systems in a few hours”. The number of cyber-crimes has increased of 30% in six months and is the cause of 66% of computer incidents. The largest increase of serious attacks is registered in critical infrastructures such as energy networks, transport and banking: those grew from 2, during the second half of 2014, to 20, between January and June 2015. An increase of 900%, even if the sector itself represents 4% of those under attack.
There was a 3-digit growth also in the motorized industry (+ 400%), in great distribution (+400%), telecommunications (+125%), and in “information and entertainment” which include sites and online press, gaming platforms and blogs (+179%). Have doubled also the computer attacks suffered by entities that operate in health care, with an increase of 81%. Besides, for the first time, the online services show a growth of accidents of more than 50%, a demonstration of the fact that at present, serious attacks target all types of services delivered via Internet. There was a 15% decrease, instead, (compared to 2013) of demonstration political actions on the Internet, such as those of Anonymous. The experts of Clusit have then identified future trends: Cyber-crime will keep targeting social networks (increasingly used also by organizations such as ISIS), mobile devices, ATMs, Internet banking and intelligent household technologies, but also public administration, affected by viruses such as crypt lockers that predate documents and ask for a ransom to pay them back. It is a dark picture, that renders even more urgent the creation of more and more skilful generations on the web. Because hackers, as all the criminals, can be defeated. It is enough to pursue them in a labyrinth made of numbers and matrices in which it still too easy to get lost.