I choose to stand strongly against the prevalent perception that 2013 was a catastrophic year for online privacy! People believe that the Snowden revelations have given us a cause to mourn, whereas I believe that this was the year that online privacy finally came back to life. Essentially, I invite you to understand that our online privacy was NOT violated in 2013 – it had been the subject of mutilation for years; and 2013 marks the year we found out enough about it to become capable of taking a stand against its exploitation.
Let there be no doubt that the events and news-breaks that shook us this year will impact our decisions and perceptions for decades to come.
Conspiracies run deep in every cybercrime story. The matter is worsened by the fact that the planet’s populace now chooses to rely heavily on Wikipedia as a source of information.
Not many realize that the world’s most trusted source of information is nothing more than a collaborative platform where just about anybody can write anything. How long the posted statement stays online on Wikipedia boils down to the number of people in favor of the statement. As a result, Wikipedia becomes nothing more than a platform for the powerful if not for the majority. Finer details, hard facts and unpleasant truths can be expected to disappear with time in such a setting.
Regardless of the side of the story that gets written down in history books, half a million people lose their jobs because of cybercrime every year. The global cost of cybercrime currently stands at $500 billion. These are expected to be modest figures since most companies victimized by cybercrime tend to either hide the magnitude of their losses or remain unaware of the damage until it is too late. Corporate giants have grown to accept the cost of cybercrime; so much so that they now refer to it as Pilferage.
#5 – 1 Man, Login Credentials, European Parliament’s public WiFi
The Hack Attack of the year was undoubtedly the hacking of the European Parliament’s public WiFi and the theft of email passwords belonging to personnel employed in the facility. According to John Leyden, a Security correspondent at The Register, the man-in-the-middle attack (utilizing a rogue WiFi) was allegedly carried out by a French white-hat hacker and was meant to prove a point to the European Parliament.
Dimitrios Symeonidis of the Technical Helpdesk at European Parliament comprehensively explained the working of the attack in his post on the publicly accessible European Parliament Free Software User Group. He stated that the attacker setup a rogue WiFi that impersonated the European Parliament’s public WiFi.
Individuals looking to connect to the publicly accessible WiFi were asked to provide their usernames and passwords, after which the rogue WiFi went offline for long enough to allow the devices to connect to the facility’s real public WiFi (referred to as EP-EXT) would ask for the same details. Users continued to enter in their credentials believing that a negligible error had caused the disruption.
As a reaction to the attack in which the usernames and passwords of 14 European Parliament members were said to have been stolen, public WiFi services in Strasbourg were temporarily shut down. This damage comes despite the fact that the public WiFi is generally only used by the general public and media visiting the facility.
#4 – 25 Countries, $45 Million, New York ATMs
Over $45 million was stolen from New York’s ATMs in a robbery that targeted around 2900 ATMs and involved people from over 25 countries working together. The crime came to light when a few individuals associated with it were apprehended in Brooklyn.
In a news post on FoxBusiness in May, Senior Reporter Matt Egan confirmed that the heist was carried out with impressive systematic precision in three stages.
In the first stage, the ‘back-office team’ hacked into databases belonging to Credit Card processing companies based in India. They increased/removed the withdrawal limits on debit cards while stealing countless account numbers at the same time. In November last year, Reuters’ correspondent for New York Bernard Vaughan confirmed that the hackers chose to target MasterCards issued by the National Bank of Ras Al-Khaimah and Bank Muscat in this stage.
In the second stage, this information was then passed down the tunnel to the ‘Supplies’ team – responsible for creating dummy cards with the stolen account numbers. In stage three, the ‘cashing’ team was given these cards to use at ATMS.
In two hits (on December 2012 and February 2013), the team managed to draw a combined amount of over $45 million from ATMs across New York. This map by the New York Times shows a map-based representation of the ATM locations that the culprits chose to hit.
#3 – 6 Men, $300 Million, The Nasdaq
2013 was a year of monumental importance for the global corporate community as a group of Russian and Ukrainian hackers were finally caught after having cost companies around the world as much as $300 million. The best part is that this was a cybercrime operation that had been on-going for the last seven years and had managed to remain under the radar all this time.
Daily News correspondent for the Manhattan Federal Court Daniel Beekman reported that the hack attack was top-of-the-line and involved the hacking of Nasdaq servers as well as the penetration of major retailers’ networks (including J.C. Penny and 7-Eleven) as far back as 2007. All of this was carried out without rocking the boat as the Nasdaq stock trading platform experienced no problems during this time.
A total of six men (5 Russians and 1 Ukrainian) were involved in the hacking process. An estimate of $300 million in losses easily makes this one of the largest hacks in US history and is the reason because of which the heist made a place in our list. The key to the attack was the penetration of the Nasdaq stock exchange.
Doing so made it easier for the team to get into servers connected to the trading platform. The hackers were able to walk out with information on account details and credit/debit card numbers without leaving behind any signs of entry.
The hackers were clever and did not steal any money directly at any time. Instead, they chose to steal information in bulk and then resell it forward in order to isolate their connection from the utilization of that information. These information dumps would then be sold down the chain and each reselling would increasingly distance them from immediate risk. Author and investigative journalist Bob Sullivan of NBC News quoted prosecutors stating that the five men accomplished by the hack of the century by exploiting a feature that was originally designed to assist Nasdaq users recall forgotten passwords.
#2 – North Korea, $500 Million, South Korean State Websites
This year, South Korea became history’s first cyber-war victim. Beginning in March 2013, South Korea became the victim of a full scale cyber attack that targeted numerous government websites and work systems. South Korean authorities stated that the attacks continued for nearly four months – at the end of which South Korea had suffered a loss of 800 billion won (over 500 Million USD).
Even though this was not the first time South Korea came under heavy cyber fire, it was undeniably the most costly. Beginning in 2011, South Korea has been the victim of over 6000 cyber attacks from North Korea alone.
Damage caused by these attacks includes the disruption of financial services, state owned websites and internet banking operations. In his article, Alex Hern of the Guardian quoted South Korean authorities stating that cyber warfare is raging between North and South Korea – with each country bulking up their cyber warfare troops and technology in preparation for more cyber war.
However, cyber warfare between the two countries has receded to a more subtle level more recently. An attack on six South Korean financial institutions disrupted over 32000 computer systems in March while a word document retrieval program targeting official South Korean documents (in Hangul) was detected in October.
The change in intensity raises speculations that large scale back-breaking attacks have been replaced with small cyber raids aimed at collecting sensitive official data – at least for now.
Kim Eun-jung of the Global Post reported in October, that South Korea has officially classified North Korea’s cyber war as ‘non-military provocation’ and is in the process of systematically expanding the cyber warfare infrastructure (including troops and tech). South Korea’s weak and under-financed cyber defense force is public knowledge and the magnitude of damage that North Korea has managed to dish out is a lesson for countries to prepare for the battlegrounds of the future that will undoubtedly be fought in cyberspace.
Youkyung Lee and Elizabeth Shim of the Associated Press confirmed that the attack began on the 63rd anniversary of the Korean War. Over the last few years, North and South Korea have traded cyber attacks and accusations. The incident makes our list for being one of the largest cyber attack exchanges in the history of the world. Unlike other cyber attacks that are carried out in the pursuit of monetary gain or fame, this was a unique assault in which the motive was to cause pure damage.
#1 – NSA
Perhaps nobody has committed privacy invasion crimes like the NSA. 2013 marked the year when the NSA got caught with its pants down. Edward Snowden’s revelations about the NSA’s unwarranted spying and surveillance activities have kicked off a domino effect in which years of unauthorized and underhanded activities are coming to light one after the other.
So far, at least two Federal court judges have found the NSA to be guilty of breaking the law while others are expected to rule in the near future. Each month, new information makes headlines revealing the audacity and scope of NSA’s surveillance operations.
- The tapping of German Chancellor Angela Merkel’s phone
- The interception of laptops bought online for malware installation
- NSA’s cooperation with Dell to create a backdoor for NSA
- The NSA’s formation of the Tailored Access Operations Unit to carry out formal and fully structured hack-and-crack operations for the NSA
- NSA’s coop with the American IT security pioneer RSA to allegedly create rigged back doors
These are just a few of the many reasons because of which we consider the NSA to be the biggest privacy invader of 2013. I invite you to consider the NSA in the same light as you would consider anybody else collecting personal information and violating online privacy by the millions.