A look into teenagers becoming millionaires from their bedroom, narcotics traffickers, using AI for hacking, terrorism and war
Cybersecurity – a subject so pressing in our world today, and yet, it’s not talked about enough.
Humanity has reached a point where technology has become a crucial part of our lives and getting hacked is an unavoidable risk.
Everyday, we rely on computers to run machines essential to our existence – from providing us with clean water and electricity to keeping our data and money safe at banks, we can’t live without them.
All of these networks are at risk of a cyberattack, which is why cybersecurity should be a priority.
In December 2023, the UK came forward with evidence that Russia’s Security Service, FSB, has carried out targeted hacks against politicians, journalists, academics and think tanks, gathering a lot of vital information which, if put to use, could be a danger to our democracy.
This is but one of the many attacks that the UK have fallen victim to in recent months. Attacks on the British Library, which were carried out Rhysida, a “ransomware-as-a-service” provider, auctioned off found documents on the dark web. On January 11, The Guardian confirmed the ransomware attack.
“I work in information security field and consider it important because it affects people daily!” says Liisa Past, the national cyber director of Estonia, who comes from a journalism and communications background.
“I am very unusual in this sector, everyone is! It is a developing field that has been taught in universities for perhaps a decade. Anyone involved in cyber is constantly learning new things about it and would need to as well to keep abreast. Estonia is a great example of a country where national digital ID grants access to all national personal records, such as health records.”
In 2007, Estonia was the victim of a colossal cyber attack carried out by Russia, which came as a response to Estonia’s decision to move a Soviet-era copper statue from its original place in the capital of Estonia. This was the first nationally organised cyberattack in the history of the world.
“I was working as a print journalist at that time. This denial-of-service attack targeted websites of government institutions, banks and news outlets. This made it difficult to publish, we ended up having to upload our content on USB sticks and CDs and drivers would take them down to the print house, in order to have a national newspaper in the morning,” Liisa told us.
“This attack was also important because it showed the world that cyberattacks will be a part of international relations even if a country is not warring with the other, and it could happen during a time of peace.”
What is Cybersecurity?
Cybersecurity is the protection of our cyber world. Humanity has gotten to a point where we rely on technology to do so many things for us. All actions that are operated by computers or WiFi are prone to cyberattacks, which is why they need to be protected.
In a security network, there are “holes” that hackers use in order to gain access to a code that controls for example someone’s personal laptop or the computer that controls the electricity flow in a power station.
This is why cybersecurity is important. Establishments such as banks are prone to cyber attacks. Cyber criminals use this to get rich. There are other establishments, however, such as power stations as said before that get attacked for warfare reasons.
Nowadays, it’s common practice for hackers to, rather than steal money from said banks, demand a ransom for access to the money they have taken, which, more often than not, they get paid. Banks do not want to lose clients and, as a result of these situations, intermediary companies have emerged, offering to lower ransom prices.
Not so long ago, the criminal world was operated by bad guys selling heroin on the streets. Now, the biggest criminal associations consist of hackers, either as their own bosses or acting as puppets for bigger criminal executives, and their biggest crimes are hacking into the databases of huge organisations and demanding ransom for the information they seize.
Another offset of criminal activity within cyberspace is narco-trafficking, a practice that sees criminals hacking into airports and ports across the world, enabling them to traffic drugs on an international scale.
An aggressive cyberattack may have devastating effects way beyond the intended field. An example of this was when Russia hacked into a Viasat satellite on the eve of February 24, 2022, a day before the beginning of their war with Ukraine.
Viasat is a global telecommunications company and broadcasts channels throughout most of Europe. Russia, in order to get to Ukraine overrode a vital system, shutting down tens of thousands Wi-Fi and TV channel carriers in Europe resulting in billions of dollars in damage.
Moving forward
Liisa gives insight into how we should protect ourselves against cybercriminals: “The goal of strong locks is to protect your home. The goal is not to have everyone wash their hands, the goal is not to have viruses spread. That applies to cybersecurity as well. Strong cyber defences means digital services that are available as and when users need them.”
Cybersecurity will have to be a part of how societies shape the way they operate. If a society like Estonia has decided to be digital, then it is important that they consider how this system can be secured as soon as possible.
“If you were to have a look around the world and in Europe, digital identity, by and large, is created by big technology companies. I too, have a Google, a Facebook and an Apple Identity which I would recommend using because they have put effort into checking and verifying whether I am really me,” Liisa explains.
“However, it is possible that digital identity in a private sector will not lead back to a person. On the one hand it allows for anonymity, for example in politically oppressive regimes, it could be especially important for freedom of speech in journalism.
“However, on the other hand, this anonymity in a free society allows lack of accountability. The old joke that “No one on the internet knows that you’re a dog,” is still true, so the future of digital identities and how they link to physical people is exciting,” says Liisa.
“One of Estonia’s ‘unicorns’ is Veriff, which deals with connecting people’s digital and national identifications and verifying it. It’s a very big and global business which is led from Estonia, but because of government issued IDs does not have a lot of work there.
“I do not know where we will move to next, I think it is a very interesting thing to study, with many possibilities. Currently, your trusted digital identity can be your national ID – given out by your cell service carrier or your bank or identity given out by a global tech giant,” says Liisa.
This leads to the fundamental question of personhood, identity, identity theft, and if I can be sure that the other person is who they are. This affects everything starting from personal relationships, letters of fraud, business relations up until online dating profiles.
“It affects everything from personal relationships to the philosophical question of our society of who is the citizen, the person for whom the communication of nations happens. For me that is the most interesting digital question. Looking at the future a lot of people will tell you that quantum computing is the central question in cyber, as we will surely need to prepare for that,” Liisa told us.
The spread of hacking
Coding needed for hacking has become accessible to everyone. Schoolchildren are learning to hack. The UK has launched the £16 “computer” Raspberry Pi, which is a credit card sized circuit board, which is meant to be tinkered with and hacked, encouraging people to understand the hardware at their own fingertips.
There are YouTube videos, websites and university courses dedicated to coding. Universities run courses about creative coding in the context of visual art and design. Coding lies in the heart of hacking, and now it’s easily accessible to everyone, it’s paramount we improve cybersecurity and the laws around.
In 2022 the search for a mastermind behind a cyberattack group known as ‘Lapsus$’ led to a home outside of Oxford, England. The suspected leader was 16 years-old at the time of the arrest, and the group had managed to have earned £11 million from the attacks.
And this is just one example of the many hacker groups that consist of teenagers nowadays.
Worryingly, AI can now be used for hacking as well as dodging these cyber attacks.
In most places, there are now cyber security laws in place meaning that, thankfully, the majority of hackers will now get arrested for their crimes.
However, There remain places that have not established these laws well enough such as Nigeria, where cybercrime is at an all-time high.
These laws remain in their infancy across the world as the field of cybersecurity has recently emerged as technology has developed at an exponential rate over recent decades.
Additionally, most hackers are not familiar with these laws.
Going forward, projects to target specific hackers are becoming increasingly prevalent. In one mission, a plan to hold a convention in either Estonia or Latvia (where Russian is widely spoken) saw a Russian or affiliated hacker attend a convention, unknowing to the fact that two countries, in alliance on behalf of the EU, were working together to arrest them. The plan saw the hacker incarcerated for his crimes
“A big motivator for these hackers nowadays not to hack should be fear of being put in jail. There are websites like hacker 1 for example. If you find a vulnerability in a code, you can sell it. For responsible disclosure, you have the right to expect a proportional pay.”
Publicising Cybersecurity
A lot of the attacks that are directed at governments or militaries are not publicised yet. The UN has worked to create cyber attribution methods and laws, but currently the state of cybersecurity is very much tied with intelligence services which are not available to the public. In order to know who the culprit is, you have to have done some hacking yourself.
A good example of this took place in 2017 after the Charlie Hebdo shooting, there was a little blip in the French news channel Le Monde. It was late at night and suddenly a message read on every TV screen in France “J’aime l’ISIS” (“I love ISIS”).
Luckily some of the news channel workers had decided to stay after hours and turned off the channel straight away leaving the French people with a blacked out screen until morning
This, however, was no coincidence, the workers had stayed because they were told to by intelligence services who anticipated the attack. Interestingly enough, ISIS turned out not to be behind the attack. It was Russia.
Sometimes the guilty party is addressed however, in 2017, ‘Wannacry’ – a world-wide cyberattack – which ended up having massive implications on the NHS, is a case which has still not found justice to this day.
The attack was operated using a ransom cryptoworm that targeted computers running on Microsoft and demanding ransom money in cryptocurrency. Around 200,000 computers were affected world-wide.
In the UK, the NHS was one of the most impacted organisations, with 70,000 of its computers running on Microsoft being affected as well as MRI scanners, blood storage equipment and theatre equipment.
The attack also saw the health service’s ambulances being diverted. Although, The UK and USA did find out who was behind the attacks – North Korea – although the nation denied it was responsible.
Usually countries don’t create cyberattacks but a country, low on resources, like North Korea, might, for the money.
What next?
“Quantum computing”, “Zero Trust Architecture” and “Biometric and Behavioral Analytics” are key concepts in the technological advancements of the world, which may have an affect on our cybersecurity.
However in terms of the near future the prominence of cyber-attacks on militaries and governments is becoming more and more publicised, the statistic of one teenager in six who hacks is on the rise, we can only predict that we will see the rise of cyberterrorism.
“The everyday user, however, must also have a feel for their own best behaviour in cyberspace. Protecting your identity and simple things such as logging out when you’re not using your device,” Liisa confirmed.
“That you do not leave excessive information lying around. In some cases it can be something as simple as not telling people on the internet where you are in the world currently. In some cases nothing will come of it, but in some cases it’s not good to say that you are on a trip, if the wrong people get their hands on that sort of information you may end up having your home robbed.
“The most interesting thing to analyse is the progress of technology, how it moves forward in big leaps, as it has mostly been, not in a clear linear line. It will be interesting to see how people adjust to take advantage of innovation. This calls for focus on cyber psychology, our perception of ourselves and analysis of behaviour in cyberspace to be able to build both user-friendly and secure digital services,” Liisa said.
With this brief look into our future all we can do now is keep our data, our phones and tablets safe. You never know who may be hacking you!
Featured image by