Cybercrime – What’s changed?
In the previous post, I looked at one of the earliest computer security crimes involving Roswell Steffen and the embezzled $1.5m in 1973.
A landmark case in 1988 involving two journalists, Stephen Gold and Robert Schiffren recorded how Schifreen gained access to BT's 'Prestel' system by watching an engineer enter access details at a trade show. Through this, they even gained access to Prince Philip's personal message box. Despite not showing intention to damage the system or Prince Philip, it did lead to the UK Computer Misuse Act 1990. The act represented the first time an official piece of legislation existed to deal properly with Computer Security crime and has been updated several times since its inception.
Trends of computer security remaining unchanged over the years include:
- Continued use of weak passwords - making it easier for attackers to use 'brutal force' techniques in which they use multiple combinations of usernames and passwords to gain access to accounts
- Social Engineering attacks - Colloquially referred to as 'Rubber hose crypto'. A common technique is to trick victims into giving up their details voluntarily. These could include emails seemingly from a friend with a link to click through to baiting scenarios where irresistable offers are made to victims in order to have them part with account details.
Trends - So what's changed?
- Massive increase in the number of devices, connections and general bandwidth.
- Classic crimes moved online. EG Fraud is now Phishing.
- Beta culture. EG Software is always enhancing and patching.
- Magnification of capabilities and consequences. EG Fixes can be rolled out quickly through updates. However - a single attacker can harm many users.
- The 'Attribution problem'. EG Is the attacker a state or an individual operating out of a cyber cafe in China?
In the next post, we'll look at whether security is getting better or worse.