“We have banks that have ATMs on every street corner of America. And those banks know very well that that cash could be getting used for drugs. And yet, that’s fine, they are allowed to do that, no one gets into trouble. But Charlie sells Bitcoins to a guy who sells Bitcoins to someone who uses drugs, and he goes to jail. He was an entrepreneur that started building this industry. He built services that people found useful. When bankers almost destroyed the world economy, and none of them got in trouble whatsoever. And here we have this 23 year old kid and he goes to jail, because he started building an alternative.”
Boudreaux was called into his bank to discuss his accounts.
“Your finances are in terrible shape,” the banker stated. “Your checking account is way overdrawn, and your loan’s are overdue.”
“Yeh, I know.” said Boudreaux. “It’s my wife, Marie. She’s out of control.”
The banker asked Boudreaux, “Why do you allow your wife to spend more money than you have?”
“Mais, to tell de truth, Mr. Banker,” replied Boudreaux with a deep sigh, “because I’d rather argue wid you than wid her!”
I was recently driving back to the office from a customer meeting with a colleague. She was telling me about the gated community she lives in with her family. I was stunned to hear that even in these walled worlds there is still crime and houses being burgled. Turns out that we have sophisticated criminals in our backyard, literally. From what I understand, these lawbreakers rent a house in the gated community and then rob the homes inside the estate and store the loot in their rented house and then get a truck and move out with all the stolen stuff. Sounds like a decent plot for a film script caper but this is real life.
Since I have been learning about honeypots and laying down traps, it occurred to me that it would make sense to have a decoy house added to the equation. Dress it up real nice, make it look valuable and attractive, and then have cameras on the inside that records who comes knocking on the door, well, er, who climbs though the open window, that was left vulnerable on purpose. That is what an interactive honeypot is designed to do – it sits their quietly, and if someone comes along and starts to fiddle it will send out an alert. Suspicious behaviour is generally always a problem. No honest person accidentally climbs through an open window into a stranger’s house.
Perhaps we could even call these “housepots”, like a honeypot for your house. Yes, this may very well be one way to detect these new cunning villains. Of course, one has to wonder on the vetting process. Can anyone rent a house in a gated community? Apparently, yes. The same with corporate computer networks. When your company reaches hundreds or thousands of staff, then is it possible to say that each and every person is on the up and up?
Honeypots are cost effective and very smart. I believe we will be seeing more and more creative uses of these elegant traps, especially considering the high unemployment around the world – becoming a hacker, for example, is a career path for many who can’t find a job.
What you want to know is if you have been breached where you live (physical) and where you work (online). There is no perfect science when it comes to keeping people safe, so, lay down traps. If your first line of defense is bypassed then have another control in place.
Picture this. A busy office building, people everywhere, energy, tension, excitement, hustle, bustle… Phones are ringing, e-mails are flying, and computer keyboards are being hit non-stop. This is life in the fast lane.
In the typical modern corporation there will be strategic objectives and operational parameters, and of course, weekly reports, monthly goals, quarterly targets. And there is constant pressure to bring in the numbers. So, it is not uncommon to find stressed out people that are literally on the treadmill from the time they wake up until the time they hit their beds and collapse.
Long hours seems to be the norm for so many. And there is this never-ending pressure to check your messages. It used to be just e-mail but these days it is also WhatsApp and Slack and LinkedIn, and the occasional phone message (some people still do leave voice mail messages), and then there is social media, which is an abyss all on its own. The constant anxiety to stay up-to-date. Yes, stress is all around us, and it only seems to be getting more intense.
To hear someone joke, er, complain, about the pressures of modern day life is pretty common. So picture this now for a moment. A busy office worker talking to their manager :
I really need a few days off. I am just exhausted.
What’s the problem?
I am just tired of being on the phone all day, talking to customers, every day. It is exhausting. And some of the people are so rude.
Perhaps you just had a bad day. Tomorrow will be better. Come in a bit later tomorrow and try get some sleep tonight.
Ja, perhaps you are right. It was just… this one guy today… I spoke with him 3 times and every time it was so painful.
Now, think about this for a minute … what business are they in?
Are they selling something over the phone? An insurance product? A mobile phone offering? Or perhaps this is travel service?
Maybe. But, how about this : organized crime. No jokes. Yes, the modern company I am describing in this story today are in the ransomware industry.
And this company has an HR department, and thirteenth cheques, and career paths, and mentorship programmes… yup.
Mafia are online these days, and they are extorting companies and people using malicious software (malware). It is big business, and it is professionally run and it is growing fast.
In the last month the world heard about WannaCry – this is going to continue. Ransomeware is big business.
When you think of computer hackers, think of high tech office buildings, complete with canteens and corporate pubs, and with modern day stresses.
This is the new world of online organized crime – modern, sophisticated, and yes, twisted.
When we think of online crime, we think of someone taking money out of our bank account. That is the common illustration of a threat in the world of cyber security. But there is something far more fundamental that is soon going to worry all of us: breach.
We all lead very private lives. Social media is about the images we project, but behind the scenes we don’t reveal our vulnerabilities. Our medical records, our educational accomplishments (or lack of), our bank balances, our tax returns. And what about our shopping habits, our travel plans, our hotel bookings – these are all private. Can you imagine if a hospital computer network is breached and all their patients’ medical conditions are made public. Just think what would happen if everyone’s tax returns suddenly were floating around the Internet.
We all remember that scene in that beautiful film Love Actually, when the late, naughty Alan Rickman bought an expensive gift for his office co-worker, and we remember Emma Thompon’s sadness when she found out – she happened to see her husband sneaking around buying the lavish present for his mistress. But, can you imagine if one could simply look online and see what your partner is spending money on.
I remember one of my first clients back going back about 20 years. It was a big hotel chain. They told me that on Valentine’s Day they have 400% occupancy. Imagine what would happen if they were breached and all these people’s names were suddenly there for everyone to see. The Ashley Madison hack is a case in point: people committed suicide over this.
Laws are coming to punish those companies that don’t behave responsibly. Australia is ahead of the curve on this front. Breach laws are coming into effect this year. A company will legally need to report any data breach to the government, and also, notify their customers that have been affected.
According to the bill, a data breach is classified as an instance where there has been “unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (the affected individuals), or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure”. It qualifies as an “eligible data breach” when there is a likelihood that the individuals who are affected by the incident are at “risk of serious harm” because their information have been exposed.
In short, if your company has a breach and does not disclose it, and you are get busted, then the guilty company will be hit with massive fines. But this is not the real problem – it is about the people that are affected by having their private data exposed. This is where the real damage could be, and hence why laws are coming to help keep people’s private lives, private.
For a modern day company, university, or any organization that is holding a ton of private, and often, sensitive, data, breach is becoming a big concern, and an item on the executive agenda. This is not something that can be delegated down the chain as a nice to have project to be looked at in someone’s spare time. This is a serious issue. We have all our private information sitting there in databases connected to the Internet, and if a hacker really wanted to cause trouble they could mobilize mass panic in one well-crafted cyber attack.
Today’s connected organizations need to be responsible and they need to put in place the necessary technical steps to be notified of breach, and to do deal with these vulnerabilities as soon as possible. No one can afford to bury their head in the ground on this matter. To end off, imagine if a law firm or one of the accounting giants got hacked – just think of what a breach could lead to when it comes to confidential and private information. Phew!
Breach notification technology and “incident response” is soon going to be mandatory for all connected organizations.