Section Two - Hackers
A story about ransomware and a Digital Stockholm Syndrom (17 minutes)
There are a lot of reasons hacking is such a big problem. In this crash course we will name four (but we could have named more):
Dependence on (digital) technology
Of course, we are completely dependent on technology. You know this, since you have done crash course one. Our houses are technology. Our clothes are technology. Our language is technology. Without technology we are nothing. But we are also increasingly dependent on digital technology. Both organisations and private persons rely on access to their digital technology.Can you work without your laptop? Can you find the way without your phone? Can you reach people without your phone? Can your car still drive without its digital technology? Can your company sell products? Can your house be warmed?
Quick question: Suppose someone has disabled or locked your laptop or smartphone or cloud storage, how much would you be willing to pay to have access again?
How much would an organisation be willing to pay to be operational again? A few years ago, hackers tried to frustrate organisations by flooding their systems (so-called distributed denial-of-service attacks – DDoS), but their methods have become more and more advanced. Now we see a lot of attacks with ransomware. The digital information is being held hostage. The information systems of organisations are encrypted and you can only get the key if you pay.
Check this video on how ransomware works (3 minutes):
An example of an attack with ransomware software took place in 2019 at the University of Maastricht. On December 23rd, university employees discovered problems with the mail server. Shortly thereafter, the network turned out to be infected with Clop ransomware. The ransomware blocked access to files and programs on the computers and the network. These attackers also blocked access to systems containing research data, financial information, email systems and the intranet. The university eventually decided to pay up to regain access to its systems. The university paid between 200 thousand and 300 thousand euros. The university board was forced to pay because the university’s backups were also hijacked.
Do you think there were also people who were happy with the files being taken hostage? Because they were lagging behind with their work? Or because their research went badly and they now had the opportunity to start over. Or, because now they had an excuse for missing a deadline? Or just because they had a real Christmas vacation for once? And were they disappointed when the university paid the ransom? Did they miss the hostage situation?
Some kind of Digital Stockholm Syndrome?
It is not difficult to imagine a future where our dependence on technology will increase even more. Nowadays, a hacker can take your laptop hostage, but what if you are in a smart car that is being held hostage? Or what if your pacemaker is held hostage? Or a hacker turns off the lights in your smart home all the time?
The more things in life become digital, the more opportunities for hackers to strike.
That's where the money is!
The second reason that hacking is such a problem is the importance of data. In a world with incredibly large data collections it is very, very tempting to steal that data. When people asked the famous bank robber Willie Sutton. "Why do you rob banks?” He simply replied, “because that’s where the money is.”
The same goes for hackers. There is a lot of valuable data collected and stored and often it is not protected well. Hackers especially like data they can sell, things like creditcard information.
Some examples of large hacks:
- Yahoo’s epic, historic data breach in 2013 compromised 3 billion people in total. The company revealed in 2017 that the accounts for every single customer during that time had been breached, including users of Tumblr and Flickr. Altaba, what’s left of Yahoo after the company sold most of its properties to Verizon, paid $35 million last year to settle charges that it misled investors about the hack.
- First American Financial Corp., an American real estate and mortgage insurer, revealed in May 2019 that it left 900 million sensitive customer files exposed. The trove of digital documents that could have been accessed included private information, such as Social Security numbers and bank accounts. But it’s not clear if any of the files were improperly accessed.
- Marriott said last year that someone had gained “unauthorized access” to its guest reservations system for nearly five years. Approximately 500 million guests’ information could have been accessed, which includes names, passport numbers and credit card details. The hotel chain faces a $124 million fine for failing to protect customer data from UK regulators under Europe’s tough new privacy rules, called General Data Protection Regulation.
This is just a small sample of examples. If you want to know if your account is breached you can go to this website (have i been powned?) and check it out. Of course, on the website are only the hacks listed that have been made known to the public.
The examples above are mostly about financial information, but you could also imagine hackers obtaining information of dating sites (already happened), Facebook (already happened a lot) or other personal information.
Quick question: Suppose some hacker would hack Google Search. Would you want people to know your last 200 Google searches?
No hiding place
The third reason hacking is a big problem is that everyone can do it. It is truly global. You can attack a Dutch University from a suburb in Belarus. You can take a Belgian laptop hostage from a university computer in Lagos. Or vice versa. You can start hacking with just a laptop. You can start hacking when you are 12 years old. Or younger, if you are a prodigy. You can easily download tools from the web. Do you feel inspired? Ambitious?
Check this video about how to become a hacker (5 minutes).
So, now you know you need a hat and sunglasses, a new Operating System and off you go.
Everybody can be a hacker, but also everybody can be hacked. You can be hacked if you are a large company, but you also can be hacked if you are just a person with a smartphone, laptop and/or online bank account.
The fact that everybody can be a hacker, and everyone can be hacked, adds to the size of the problem.
Also, when things become more and more connected, hackers can operate anywhere. They are no longer restricted to your computer or smartphone. In Japan, for example, in the Henn na Hotel, guests can be checked in by humanoid or dinosaur robots that use facial recognition. These robots were hacked and could spy on the guests. The idea of a dinosaur robot 'watching you' in your hotelroom is tragic, scary, but somehow also very funny.
Finally, hacking is a problem because most people do not take security seriously. They do not install updates, they download sketchy software or use a really easy password. If you think you have a very secure password, you might check the video below (4 minutes). You will not regret it!
You can also download a list with most used passwords here.
So, when you are thinking about, designing, using, inventing or assessing a technology, it is very important to think about hackers.
- How can you mitigate risks?
- How can you secure your system?
- Your data?
- How do you balance easy accessibility with great security?
- Can hackers use your technology?
- Is your technology interesting for hackers?
- Which risks are acceptable and which are not?
Important questions, because hackers are everywhere, and they are not the only bad actors. Let's take a look at the identity thieves in the next section.
Take aways from section two:
- Hacking is a big problem for four reasons;
- We become more and more dependent on advancing digital technology;
- Data is very valuable;
- Everybody can hack or be hacked;
- And, finally, change your password.