Never underestimate hacker power
Cyber specialists and IT professionals are modern-day pioneers, whose daily challenge is not to underestimate the threat from hackers to data – the bedrock of the modern commercial world.
It is the duty of the insurance industry to be up to date on hacking techniques and cybercrime trickery, to make sure the companies under their protection are defended against cyber criminals to highest degree possible.
In addition to businesses, terrorists also welcome hacking and theft of national secrets. Global governments are realising they need to up their game and become united in the fight against terrorism and cybercrime. This has motivated agreements and calls to action by nations, which are hopefully moving the world towards proactively sharing threat intelligence, and away from focusing on attacks on, and defence against, each other.
High-profile government hacking
There have been a number of eye-opening, high-profile government spying and hacking incidents over the years, which highlight the potential power being used. These include:
- Edward Snowden’s revelations about the US National Security Agencies (NSA) PRISM programme. PRISM included spying on a number of governments, including German Chancellor Angela Merkel as well as allegations that, as part of PRISM, the NSA tapped directly into the servers of nine Internet firms, including Facebook, Google, Microsoft and Yahoo, to track online communication.
- There are also allegations around the British intelligence agency, the Government Communications Headquarters (GCHQ), tapping into fibre connections and monitoring communications, as well as having access to the NSA PRISM database.
- About a year ago, the GCHQ admitted for the first time, in a court case – as part of the Investigatory Powers Tribunal (IPT) – that it carries out computer network exploitation (CNE), commonly known to you and I as ‘hacking’. This happens both in the UK and other countries.
The IPT was told that microphones and cameras on electronic devices can be remotely activated without owners’ knowledge; photographs and personal documents copied; and locations discovered.
The tribunal was also told that Snowden’s documents referred to GCHQ’s CNE capabilities, including programmes called:
- Nosey Smurf: which involved implanting malware to activate the microphone on smartphones;
- Dreamy Smurf: which had the power to switch on smartphones;
- Tracker Smurf: which had the capability to provide the location of a target’s smartphone with high precision; and
- Paranoid Smurf: which ensured all malware remained hidden.
- Over a year ago, FireEye reported that, for more than a decade, a cyber operation, with likely ties to China, spied on Indian defence as well as business and media operations.
- Mandiant’s APT 1 report, identified a likely government-sponsored Chinese cyber espionage unit.
- Stuxnet is another dramatic cyber incident. Advanced malware – which is believed to have been developed and funded by the US government – was used to infect multiple industrial plants around the world, allowing attackers to control systems used to monitor and control critical industrial systems. Stuxnet reportedly compromised almost one-fifth of the nuclear centrifuges in Iran, causing them to tear themselves apart.
Awareness of possibilities
These incidents aren’t shared to be a dramatic alarmist, but rather to show that the possibilities of hacking in the cyber world are virtually limitless and should never be underestimated. Brokers would be doing their clients a service if they bring hacker power to their risk awareness. We may not be involved in, or exposed to, internationally explosive incidents, but the information and data we protect, as well as confidential meetings which take place, means the world to all our clients.
So the bottom line is not to underestimate the hacker risk and realise it may be necessary to call on professional assessment, if necessary. In our duty of financial protection through insurance, experts and risk assessors are on call to consult and examine the risks each operation faces because powerful and effective risk management is an essential ingredient in the recipe for success – and hacker power grows constantly.