The Internet, like explosives, has “a great amount of potential energy that can produce an explosion if released suddenly, usually accompanied by the production of light, heat, sound, and pressure.” The potential energy of an explosive is quite innocent in itself without one of the four sparks mentioned in the last sentence … grain dust, aerosol can, or even plutonium-239.
Greed and corruption push people to use the Internet in ways to be in control, to steal, to kidnap, to wreak havoc as in distributed denials of service (DDoS). DDoS defense, government and police authorities, and other types of cyber security assistance and measures are available to root out and put such in check.
Committing DDoS and its typical accompanying blackmail for ransom make the perpetrator feel anonymous and powerful. He or she knows that the victims (business-owners) usually have no idea who the criminal is. The victim is embarrassed to report to authorities what is happening. The victim’s customers and competition will perceive the victim as not reliable and not proactive in doing secure business.
As with many crimes, the culprit could very well be from within one’s ranks in business, military, government, familial, and other types of organizations. Disgruntled ex-employees and those being offered a payoff by competitors are prime for disclosing critical and secret information, of taking part in a DDoS scam, phishing schemes, or malware hidden in websites. (Who is familiar with Google Chrome’s “warning, something’s not right here”?) These insiders are individuals who have some kind of special influence or access within the organization: IT department, CIO, security guard, legal, or even social media personnel.
For example, the inside officials and staff may use USB thumb drives or cell phone memory cards to load up customer credit card numbers and other information and sell it on the black market. They may buy $5 bots from any job site and use them to commit cyber breaches and set up zombie networks that do the dirty work for them.
While Romania, Ukraine, China and Russia have some huge hacking reputation, insiders in government and business probably are guilty of a lot more cybercrime. Again, such news does not go public because of organization reputation protection and potential embarrassment in front of competitors and customers.
In 2011, a Bank of America insider sold customer data to criminals which totalled the bank at least US $10 million in losses. According to a 2009 Actimize bank fraud report, 72% of financial institutions have experienced a case of data theft by an employee in the previous 12 month with 70 % of those among full-time employees.
Kurt Seifried was asked, “Who commits DoS/DDoS attacks, and why?” He replied in 2002 on his Denial of Service (DoS) FAQ, “Curiosity, malice, financial gain.” At least a few of the biggest reasons are left out: fame and resistance against perceived oppression. He also admits that his FAQ has links to software that can be used to execute DoS attacks. What?!
In late 2012, Kroll Advisory Solutions released its 2013 Cyber Security Forecast, Tim Ryan, managing director noted, “For instance, if you experience a data destruction attack, everyone will know once your systems are down. In other instances, the stakes will be too high; the threat will be insurmountable without help from security consultants and government entities. We’ve already seen an increase in the number of breaches where clients have been notified by a government entity or security firm that they’ve lost sensitive data; we expect to see that trend only accelerate in 2013.”
Concluding comments: be prepared to report to authorities to get help at the outset of any cyber security breach or attack. Be proactive and have in place a cyber-security provider who is expert at DDoS mitigation and is ready to squash and stop DDoS attacks. Anti-DDoS, anti-data breaches, anti-corruption! Cyber has the capability of much good, but there is a negative, explosive potential. Public and truthful communication about all malfeasant activity is half the solution. The other half is to be prepared. Talk to authorities, set up an anti-cyber threat program, and be honest with customers and the media. Perpetrators want victims to hide and keep everything to themselves. It makes it easier to go after them again.
Link “2013 Cyber Security Forecast” with (http://www.krolladvisory.com/press-releases/cyber-security-forecast-2013/ if you think appropriate. That does reference correctly.)
Link “Bank Fraud Report” with (http://www.pivotpointsecurity.com/risky-business/insider-data-theft-rate-soars-in-financial-industry?)