The world is in the grip of a new age of conflict, cyberwarfare.
Countries are using hackers to target power grids, financial markets and government computer systems of rival nations, all with potential results that are every bit as devastating as any bullet or bomb.
The idea of using tech to pilfer information goes back a long way, as far back as 1834, in fact, with two French brothers — the Blanc brothers — who used to earn a living trading in government bonds, according to communication specialists DeepBlue (opens in new tab). They found a way to get ahead of the competition by bribing a telegraph operator to include deliberate mistakes in messages being transmitted from Paris. This let them get a heads up on financial deals before anyone else did. But as technology got more sophisticated, so did the crimes the crooks were capable of pulling off. However, it wasn’t until almost 150 years later that the first person would be charged with a cyber crime.
Back in 1981 a man called Ian Murphy — imaginatively nicknamed Captain Zap — hacked into U.S. telecoms company AT&T and changed its internal clock to charge off-peak fees to people making peak-time calls, according to Wired.com (opens in new tab) . Although he thought he was doing these people a favor by letting them use the phone on the cheap, the company — having lost millions of dollars — and the U.S. government were none too impressed, so he was given 1,000 hours of community service and a fine as punishment.
These days, when you think about what most teenagers get up to with their computers it probably conjures up images of video games or Facebook — not hacking into the computers of the people who put a man on the moon and built the space shuttle (opens in new tab). But that’s exactly what 15-year-old Jonathan James decided to do. Installing backdoors — gaps in computer code that allow hackers to easily infiltrate a system — into the U.S. Department of Defense, he was able to intercept and read thousands of private emails flying all over the place, including some with top-secret information, according to the New York Times (opens in new tab). He then used what he found to steal a piece of NASA software and shut down systems for three weeks.
From crooks to nations
Cyber attacks have traditionally been carried out by lone criminals — and usually for a variety of reasons. Some like to test their skills against a system and share their successes with others in their shadowy community. Some do it purely for the money, such as Russian hacker group Evil Corp, who are thought to have stolen over $100 million (£77 million) from ordinary people around the world, according to the BBC (opens in new tab). Others do it for what they see as 'good reasons', such as finding gaps in a company’s network so they can take steps to fix it before any serious damage is done.
The first group — the bad guys — are referred to in the hacking community as ‘black hat’ hackers, while the latter — who think of themselves as the ‘good guys’ — are called ‘white hat’ hackers, according to cyber security provider Kaspersky (opens in new tab). Often when a black hat hacker is caught, if they’re good enough at what they do, law enforcement or industry will actually give them a job tracking down other hackers and helping to fix flaws in a computer system. But as technology has become more sophisticated, hacking has become a profession with thousands employed by governments as a new tool in their arsenal of war. Often overseen by spy agencies, they’re told to carry out attacks on rival countries’ infrastructure and steal secret information.
In 2007, in what is believed to have been the first incident of cyber warfare, the Estonian government announced plans to move an old Soviet war memorial, but found itself under a digital assault that sent its banks and government services into meltdown, according to the Guardian (opens in new tab). Russia was blamed, but denied any knowledge. This evolving threat led to the creation of the United States Cyber Command (opens in new tab) (USCYBERCOM) in 2009. Part of the U.S. Air Force, it was placed under the command of General Keith Alexander. It was now official — the cyber threat had gone from kids in bedrooms looking to make a quick buck or prove their smarts to something that was now viewed as a threat to national security.
Alexander’s fears were well founded too, with the US accusing China of infiltrating large US corporations to steal their ideas, including Google in 2010, and at least 33 other corporations such as Northrop Grumman — a major weapons manufacturer, according to the US Army War College Quarterly: Parameters (opens in new tab).
In many ways these attacks pose more of a threat than conventional warfare. With an invasion, there are signs of military build-up: tanks need building, pilots need training. With cyber attacks, they can come at any time with the press of a button, devastating a whole country’s economy or power grid in an instant.
The WannaCry Hack
Few attacks have been as devastating or as shadowy as one that took place just a couple of years ago: the WannaCry attack.
It started just like any other morning on May 12, 2017, an unsuspecting computer user opened what appeared to be a harmless email. The email contained an attachment which, once opened, downloaded ransomware onto their system.
Ransomware is computer code that’s been designed to encrypt a system — scrambling all the data on a hard drive — and only unscrambles it when a user gives into the hacker’s demands, such as paying money, hence the name ransomware, according to cybersecurity provider McAfee (opens in new tab).
If you’d been one of those affected by the WannaCry attack, you’d have logged onto your computer and seen a message asking you for money, with all of your private information such as your pictures, bank records, games, videos — everything — completely scrambled.
It began to spread around the world like wildfire. The first company to report problems was Spanish telecoms giant Telefonica, with multiple staff finding they’d been locked out of their computers.
By 11:00 the U.K.’s National Health Service (NHS) reported problems, with 80 out of 236 hospital trusts having their computers locked out, leading to many of its patients having to be diverted to alternative accident and emergency departments, according to The National Audit Office (NAO) (opens in new tab), the UK’s independent public spending watchdog.
The attack didn’t stop there. Chinese petrol stations had their payment systems cut off, German railways lost control of their passenger information system and FedEx’s logistical operations were disrupted in the United States. French car maker Renault and the Russian Ministry of the Interior were also hit.
Within hours the WannaCry virus had spread to 230,000 computers in 150 countries before being stopped by an analyst who discovered a ‘kill switch’ that shut it down, but it is to this day regarded as one of the most destructive cyber attacks ever seen, according to Kaspersky (opens in new tab).
The reason the malware was able to spread so quickly is that it exploited security vulnerabilities in old versions of Microsoft Windows. This vulnerability had allegedly been discovered by the United State’s National Security Agency (NSA), according to Microsoft (opens in new tab). The NSA allegedly then turned it into a cyber weapon called EternalBlue, according to the cybersecurity provider Avast (opens in new tab). This cyber weapon was later stolen by a hacker group called the Shadow Brokers, and it’s thought it was used to help the malware spread rapidly. The US and UK governments would later single out hackers with links to North Korean intelligence agencies with the attack, according to the BBC (opens in new tab).
If you take a look around you, you’ll probably see a smartphone, tablet, laptop or a smart TV. Maybe there’s some other smart tech in your home: a doorbell that links to your phone or a thermostat you can turn up or down by text. On the drive maybe there’s a car with all the mod cons like GPS. But every single one of these things could be used as a weapon in a cyber war.
We’re surrounded by modern computer technology, and increasingly it’s all connected to one another as part of the ‘internet of things’ — the tech that links smart devices together.
A 2017 briefing (opens in new tab) by US intelligence claimed connected thermostats, cameras and cookers could all be used either to spy or cause disruption if they were hacked. The FBI has previously warned that smart TV speakers, which are designed to listen to our voices, could be hacked for surveillance purposes, according to the Independent (opens in new tab).
What’s clear is that whether it’s in our own homes or outside on the virtual battlefield, a conflict between those who want to take control of technology will continue to rage for the foreseeable future.
Interview with a hacker
From child hacker to bug hunter, Tommy DeVoss started hacking aged ten and was jailed in 2000 for breaking into military computers. He now earns "bug bounties" for finding problems in company computer systems.
Why did you become a black hat hacker?
At school I would finish my work in ten minutes and spend the rest of the lesson playing on the computer. I was ten or 11 when I stumbled across a chatroom whose members taught me how to hack — I was just a bored kid doing it for fun. I first got into trouble in high school and was ordered to stay away from computers, but I didn’t. With others, I broke into secure government systems and was caught again and spent four years in prison. I was told if I got caught again then I wouldn’t get out.
In 2016 I discovered bug bounty programs [via the ‘HackerOne’ organisation] and could return to the hobby I loved, but this time working for good.
Walk us through a typical hacking attack
When hacking a website, I pick a target that has a bug bounty program and spend some time looking at and using it.
Next, I look for interesting places where you might be able to do something like upload files, or where the website tries to fetch data from another website.
I would then try to upload files that could introduce a vulnerability, for example, if there is an option to upload a profile picture. Then I could potentially upload a code execution. If there is an area like an RSS feed generator, I can see if I can get it to pull data from an internal server that I shouldn’t have access to.
How do you see the future of hacking and cyber security developing?
As more things are connected to the internet, we will see more attacks on things in the real world. 25 years ago when I started out, we used to joke about causing real-world damage; it wasn’t feasible then, but it is now.