The economic and societal impact is clear and growing.
There were 3.8 billion internet users in 2017; 6 billion projected by 2022 and 7.5 billion by 2030.
- Cybercrime cost the world three trillion dollars in 2015. It is projected to reach six (6) trillion annually by 2021 (more profitable than the global illegal drug trade).
- Per Microsoft, data volumes were 50 times greater in 2020 than it was in 2016.
- Six billion internet users are projected by 2022, up from nearly 4 billion in 2018 and 2 billion in 2015.
- 300 billion cyber passwords will require protection by the end of 2020.
- Wearable device sales were estimated to have reached 500 million in 2020 (vs. 310 million in 2017).
- The number of IoT devices (devices that communicate wirelessly) is projected to reach 200 billion in 2020 (compared to only 2 billion in 2006).
- The global estimate of the number of sensors, linked to IoT, mobile/wearable devices, digital health/environmental monitoring, context computing, SI, hyper-imaging, macroscopes, medical “labs on a chip” and silicon photonics is over 50 billion in 2020 and projected to reach 1 trillion in 20 years.
- Implantable medical devices (including cardiac defibrillators (ICD’s), deep brain stimulators, insulin pumps, ear tubes etc.) connected wirelessly (hundreds of thousands to millions) can be hacked.
- An estimated 20 million “connected” (online) cars (or 90%) were shipped in 2020 (vs. 2% in 2012). A total of 125 million are projected to ship between 2018 and 2022 – an increase of 270%.
- By 2021, ransomware (the fastest-growing cybercrime), will claim a new victim every 5 seconds resulting in $20 billion in damage (57X the damage in 2015).
- Top five “most-hacked” industries in the last 5 years are healthcare, manufacturing, financial services, government and transportation. The top ten from 2019 to 2022 will include retail, oil and gas/energy and utilities, media and entertainment, legal and education.
- Healthcare, ransomware attacks quadrupled from 2017 to 2020 and projected to increase 5X in 2021 – directly impacting the physical safety of American citizens.
- The numbers of sites comprising the hidden Deep or Dark Web (sites inaccessible by search engines) while difficult to estimate is thought to be is well over 5,000 times larger than accessible sites.
- Hackers exploit increased vulnerabilities during natural disasters. (e.g., minimal cybersecurity resources of remote workers leading to ransomware attacks). The FBI’s Internet Crime Compliant Center (IC3.gov) increased three-fold in 2020.
Cyber-attacks on these systems cost not only trillions of dollars but impact millions of lives directly and indirectly – compromising health, security and safety. The societal cost of cyber-crime and cyber-terrorism are increasing at an accelerated rate. Improved cyber-security is crucial – developing Analog GuardTM technology is critical.
Noteable Hacks & the Aftermath
Yahoo – Aug 2013
3,000,000,000 accounts (essentially every account held at Yahoo), including email, Tumblr, Fantasy and Flickr. Names, email addresses and passwords were breached but no financial data was captured. This constituted the largest data breach ever. Yahoo claimed state actors had perpetrated the hack, but many industry professionals doubt Yahoo’s claim. Ultimately, the FBI brought charges against 4 men, two of whom worked for Russia’s Federal Security Service (FSB) in March of 2017. Karim Baratov ultimately pled guilty to hacking at least 80 email accounts on behalf of his Russian contacts. He was charged with 9-counts of hacking and sentenced to 5-years and ordered to pay $2.25 million in restitution to his victims. By November 2016, 23 separate lawsuits relating to the hack were filed against Yahoo. 5 of the suits were combined into a class action suit that was heard in 2017. Verizon and Altaba offered 200 million total users $50 million and two-years of free credit monitoring to settle certain aspects of the case. The presiding judge in the case ultimately rejected the settlement offer and Yahoo eventually agreed to settle for $117.5 million.
Equifax – Sep 2017
Equifax disclosed that hackers stole the personal information of 147.7 million Americans from its servers. Among the stolen items were customer names, social security numbers, birthdates and addresses affecting more than half of the U.S. population. Making matters worse, several Equifax executives exercised their stock options and sold shares worth nearly $2 million before the details of the hack were publicly disclosed. This activity led to an SEC investigation and then CEO Rick Smith was forced to step down. It still remains unclear who was responsible for the hack and security experts don’t know for certain how the stolen data has been used. Ironically, Equifax hasn’t faced many consequences for its carelessness. On the anniversary of the breach, the GAO released a PDF detailing how they believe the hack took place. Essentially, the hack began on March 17, 2017 and continued virtually unnoticed by Equifax “cybercops” for 76-days. During that time, hackers stole data piece by piece from 51 databases so they wouldn’t raise alarms. They were discovered finally on July 29th and had access cut off the following day.
Sony Pictures and Entertainment – 2013
Sony Pictures Entertainment (SPE) is the U.S. subsidiary of Sony Corporation of Japan. The company accounts for approximately 11% of Sony Japan’s total revenue in 2014. SPE first became aware of the hack in November 2014. Hackers going by the name “Guardians of Peace” claimed to have gained entry into Sony’s servers and stole over 100 terabytes of confidential information, including employee’s Social Security numbers and health records, private emails, and unreleased films such as Still Alice and Annie. SPE immediately turned to the FBI to determine the source of the hack. On December 8, the hackers posted more confidential information and demanded that SPE “stop immediately showing the movie of terrorism which can break the regional peace and cause the War.” Though not specifically stated, it was widely assumed the picture the hackers wanted stopped was a film entitled “The Interview,” a comedy depicting an attempt to assassinate North Korean dictator Kim Jong Un. On December 16th the threat became more explicit when the group threatened 9/11-style consequences and Sony pulled the film cancelling its release.
SolarWorld AG – 2012
SolarWorld was in the business of harvesting solar energy. Between May and September of 2012, while themselves a litigant against Chinese manufacturers (for alleged dumping of solar panels into the United States at below fair market prices), SolarWorld found themselves at the same time the victim of a network hack, for which purpose was the theft of IP. In May 2014, U.S. Federal prosecutors indicted 5 Chinese nationals on charges of espionage, trade secret theft, and computer fraud for hacking the networks of 6 U.S. companies, including the U.S. subsidiary of SolarWorld AG, lasting a period of over 8-years. The breach of SolarWorld’s servers enabled the Chinese to illegally obtain proprietary pricing information placing SolarWorld (and its subsidiaries) at a huge market disadvantage to the firms that benefited from the theft. The loss of this competitive advantage caused SolarWorld to lose 35% of its market value and ultimately led to its insolvency.
Home Depot – 2014
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Mirai Botnet – 2016
Hackers exploiting cyber vulnerabilities began using the Mirai source code to launch a broad-based attack on DDoS targets. According to the Institute for Critical Infrastructure Technology, Mirai exploited devices that work with the Internet of Things (IoT) with factory default or hardcoded usernames and passwords and used them to create and build a botnet which overwhelmed these IoT targets with traffic. Among the affected were Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
Blackouts in the Ukraine – 2015
Cyber-attacks cut the electricity to nearly a quarter of a million people in the Ukraine two days before Christmas, 2015. One year later, hackers hit the power grid again. These attacks, prophetic from the point of view that the Cyber-Cassandras had predicted it for years, signaled a seminal shift from causing digital mayhem to causing real physical damage to the world. Michael Hayden, former director of the NSA and CIA said, “…[T]his has a whiff of August 1945…Somebody just used a new weapon, and this weapon will not be put back in the box.” “Russia will never accept a sovereign, independent Ukraine.” A pro-Russian group calling itself CyberBerkut – an entity with links to the Kremlin hackers who later breached Democratic targets in the 2016 Election – rigged the website of the Ukrainian Central Election Commission to announce that Dmytro Yarosh (an ultra-right presidential candidate) the winner. The hack was discovered less than one hour before the election results were to be declared. This emboldened Russia’s prelude into digital warfare and the cyberattacks that resulted from this attack have only escalated since.
U.S. Satellites – 1998
Satellites as Weapons? Hackers allegedly took over the U.S.-German ROSAT X-Ray satellite by gaining access to the mainframe computers at Goddard Space Flight Center. The hackers instructed the satellite to turn its solar panels directly at the Sun resulting in totally destroying the satellite’s batteries and ruining the satellite. According to William Akoto, a scholar who studies cyber conflicts, hackers taking control of satellites orbiting Earth could have dire consequences. Such consequences could range from hackers merely shutting down the satellites (at the banal end of the spectrum) and denying their services to those accessing them to jamming or spoofing signals from satellites potentially causing havoc to critical infrastructure such as power grids, water networks and transportation systems. Taken to the extreme, satellites could be steered into one another or crashed into the International Space Station. Akoto has noted that some hackers have already waged this type of warfare against satellites.
Noteable Crypto Currency Hacks
92 Billion Bitcoin Out of Thin Air
We all love money for nothing. And with the current price of Bitcoin, it’s fair to say we’d all love some cryptocurrency for nothing as well. Back in August 2010, that’s precisely what happened. In what is still the only major security flaw that’s been found and exploited in Bitcoin’s code, a hacker managed to create 92 billion Bitcoins out of thin air. At today’s prices, it would have made the hacker the wealthiest person on the planet. A number overflow error made the hack possible. You can still see the forum thread where early Bitcoin enthusiasts discovered the problem. Luckily, the community was able to cancel all transactions following the hack and rollback the blockchain to its pre-hack state.
Rolling back the blockchain does raise another question, however: Can you hack a blockchain?
(blocksdecoded.com, November 30, 2018, by Dan Price – “The 8 Worst Cryptocurrency Hacks in History (and what exactly happened)”)
Bitfinex is one of the most popular cryptocurrency exchanges in the world. It has about two million users and sees billions of dollars’ worth of transactions take place every day. In August 2016, the company was the victim of a hack. At the time, it was the second largest hack in cryptocurrency history. Thieves stole 120,000 bitcoins. They were worth $72 million. In today’s prices, that would be several orders of magnitude larger. Bitfinex’s usage of multi-signature wallets made the hack possible. Ironically, the company had only introduced the wallet’s 12 months previously in a bid to make users’ coins more secure. The wallets were poorly coded. In theory, Bitfinex would hold two keys, and BitGo would store one. All parties would have to independently sign off on a transaction to verify it. In practice, BitGo simply mirrored whatever Bitfinex did. As such, there was only one point of failure. As soon as hackers got into Bitfinex’s servers, the game was up. The hack caused Bitcoin’s value to drop 20 percent in the markets.
The Mt. Gox story is well-known in the crypto world. It is the largest Bitcoin hack to date, and one of the most significant cryptocurrency hacks in history. In case you’re not familiar, Mt. Gox had grown to become the world’s principle crypto exchange; it was handling more than 70 percent of all Bitcoin transactions. In February 2014, it was discovered that hackers had stolen 850,000 Bitcoins over a period of three years. 750,000 of them were from Mt. Gox’s customers. Transaction malleability was to blame; someone could edit transaction details to make it seem like the transaction never took place. In what proved to be a lesson in how not to handle a PR disaster, the Mt. Gox board relocated the company’s headquarters to avoid protesters, deleted it’s Twitter accounts, and took its website offline. After the dust settled, Bitcoin had lost 36 percent of its value and users were left questioning the ongoing security of Bitcoin transactions.
Mt. Gox (again)
Frankly, the writing had been on the wall at Mt. Gox for a long time. While the 2014 hack is the one that still garners headlines, fewer people know the exchange had already been hacked once before three years previously. With hindsight, it was a sign of things to come.
So, what happened?
A computer belonging to one of the company’s auditors was comprised. A hacker, who therefore had access to the exchange, altered the nominal value of Bitcoin to one cent. The change created a huge “ask” order at any price, thus initiating a mass selloff. Accounts with values in the millions were affected, and the still-unknown hacker walked away as a rich man.
The world’s second-largest coin—Ether—has also been a victim. The hack happened to the DAO.
In simple terms, The DAO was a smart contract on the Ethereum blockchain that operated like a venture capital fund. Buyers could invest in the DAO through crowdfunding which would then allow them to vote on which companies the fund should invest in.
The original crowdfunding phase raised 12.7 Ether ($150 million), making it the largest crowdfunding project in history. It had control of 14 percent of all Ether in circulation.
In June 2016, a hacker took advantage of a loophole in the DAO which allowed someone to create a “Child DAO.” They put a recursive function into the withdrawal request; the code made the DAO keep handing over more Ether for the same DAO tokens. $50 million was lost.
The hack resulted in a soft fork and the splitting of the Ethereum community. The old Ethereum is now called Ethereum Classic; the forked version goes by the name of Ethereum.
In December 2017, NiceHash—a Slovenian crypto-mining marketplace—announced it had been a hacking victim. The precise amount stolen is not known, but a Bitcoin wallet that’s under suspicion holds 4,736.42 coins, the equivalent of about $70 million. To be fair to NiceHash, it handled the loss well. Users thought the site would be gone for good, but a surprise announcement around the turn of the year said its customers would get their money back: “We are happy to announce we have been able to reserve the funds required to restore balances from a group of international investors. Old balances will, therefore, be restored by January 31, 2018. We need this interim period to ensure all legal paperwork is processed correctly, so please be patient while we do this.”
In mid-2018, Israeli-Swiss decentralized exchange Bancor lost $23 million after a hack. The theft happened when a wallet used to upgrade smart contracts was compromised. The attackers made off with $12.5 million in Ether, $1 million in Pundi X (NPXS), and $10 million in Bancor’s own BNT coin.
Bancor’s response was to freeze the stolen BNT, but it was unable to do the same thing with the Ether and Pundi X. While the company’s response might seem sensible, it drew criticism from some purists—including Litecoin founder Charlie Lee—who said it proved Bancor was never truly decentralized in the first place.