Can We Cope with the Large Scale Hacking Phenomenon?
Over the past month, news reports have covered two major cases of hackers breaching cyber defenses and exfiltrating (that’s cybersecurity jargon for “stealing”) massive amounts of personal data. One was directed at the Internal Revenue Service (IRS) and the other at federal government employee databases.
Hacking the IRS
Last year, hackers stole over 6.5 million social security numbers. Hackers package stolen social security numbers with names and other identifying data and then sell each “package” for $3 to $5. Other hackers, according to CNN Money, purchase these and then file fraudulent tax forms in order to obtain the victim’s tax return funds. In many cases, these hacks involved obtaining information about individuals from retailers (such as Target), from banks, or other sources. However, in late May of this year, hackers obtained access to 104,000 tax returns directly from the databases of the Internal Revenue Service, including all the personal information included on the forms. A CBS News report suggests a combination of budget cuts and sloppy cybersecurity practices were to blame.
The hack was allegedly traced back to Russia – Russian hackers have proved to be some of the most adept hackers in the world. This attack appears to be largely criminally-motivated, but Russian hackers have, in the past, been thought to work loosely with the Russian government when they felt Russian national interests were at stake. Hence, Russia is thought to be able to use at least some of these hacker networks in order to attack and disrupt the computer networks of its perceived enemies.
Hacking the Federal Workforce
More recently, reports have emerged that charge that China hacked into the personal data of some 4 million federal government employees. To make matters worse, the attack involved the exfiltration of data from the Office of Personnel Management (OPM) on holders of security clearances, who comprise some of the most sensitive employees in the federal government. As reported by The Guardian, Mike McCaul, chairman of the House Homeland Security Committee, blamed China for the attack and noted that this was “the most significant breach of federal networks in US history.” This appears to be a case, like the North Korean attack on Sony Pictures in early 2015, in which a nation-state rival of the United States used hacking as a form of espionage (in the former case) or as a tool to disrupt (in the latter case). Thus, we have recent examples of both criminal hacking and nation-state hacking, and both resulted in the theft of huge amounts of personal data from American citizens and the federal government.
Can We Cope With This Threat?
Cyber threats are a reality of modern life. It is impossible to stop all hacking or other cyber-attacks and modern societies engage in a tradeoff in which we choose convenience (credit cards, online banking, online tax return filing, etc.) knowing that this comes at a cost, that is to say, greater vulnerability to hacking. Future defenses against hackers may include more biometrics, stronger firewalls, more aggressive “counter-hacking,” etc., but this is all predicated on educating a larger workforce to serve as cybersecurity warriors, and the managers and policymakers who guide the cyber-warriors.
Read about the cyber domain and explore CTU’s Bachelor of Science in Cyber Security to see how you can expand your knowledge of existing and future of cyber-security issues and policy.
Nadav Morag, Ph.D., is the Dean for Security Studies at CTU. He brings more than 10 years of experience in the homeland security field, having formerly served as a senior director at the Israeli National Security Council. He also works on projects for the Department of Homeland Security and the Department of Defense. In addition to publishing works in a number of academic journals, such as Homeland Security Affairs, Dr. Morag authored the first textbook to focus on international homeland security policies. Connect with Dr. Morag on Twitter @ctusecurity.
CNN Money, Hackers Are Stealing Your Tax Refund, February 10, 2015
CBS News, Why Hackers are Outgunning the IRS, June 2, 2015
The Guardian, China Likely Behind Hack of US Data Says Homeland Security Chair, June 7, 2015