When you think Hacker, you think Kevin Mitnick. When you think cybersecurity and hacking you think Israel, Russia, China and India. However, in truth, these names are the product of branding in an effort to deify or demonize those actors said to be behind these events.
Kevin Mitnick has not carried out a spectacular hack in over a decade or more. If he has, it has probably been at the behest of the FBI in keeping with the terms of his release from jail.
The biggest disappointment in the reputation of a state actor as super hacker is the state of Israel. Israel had claimed to responsibility for the creation of the Stuxnet, a virus which allegedly crippled Iran’s nuclear programme.
“Hooray,” the world breathed a sigh of relief at news of the tiny Jewish state crushing the ambitions of another ‘radical Islamic state’ to making another unwanted nuclear bomb posing a further threat to the “free world” and to Western civilization. Wrong and so much for the hype.
In 2013, world-renowned Russian cybersecurity expert, Eugene Kaspersky addressed the Canberra Press Club in Australia as its guest. Kaspersky identified common security threats and shared anecdotes about his exceptional skills as a cybersecurity and anti virus expert in identifying and neutralizing sophisticated, technically complex cyber threats throughout the world.
But it is what Kaspersky said at the Canberra Press Club address that went unnoticed and failed to raise an eyebrow amongst his highly acclaimed Australian hosts of top journalists gathered there that day that shattered the myths of certain self proclaimed cyber spies and sleuths: Israel, and the Australian media.
Kaspersky’s disclosures that went unnoticed by the Canberra press club and its members, made many wonder how many writers and journalists in places like Australia know anything at all about the subject matters they report on. In this case, it was all about the cyber threats to the world. No one gathered at the Canberra press club that day appeared to have noticed the value of what Kaspersky told the gathered assembly and the world that day.
Kaspersky’s bombshell, was that not long after it had been reported that Iran’s nuclear program had been severely disrupted the virus, Stuxnet, a virus Israel claimed to be the creator of, Israel desperately and urgently sought Kaspersky’s help to deal with the same Stuxnet which had infiltrated several Israeli military installations which Israel needed Kaspersky’s help to neutralize.
It appeared that Israel, the self-proclaimed creator of Stuxnet, did not have the knowledge or capacity to deal with a monster of its own making. Stuxnet turned Frankenstein, attacking Israel. The question that should have been on every journalists lips or minds was: ‘Did Israel really create Stuxnet?’ Was the Iranian nuclear program really disrupted by Stuxnet? Or was that another myth created by the Israel and West? Perhaps we may never know.
OCTOBER 7- THE DAY A SERIES OF HACKS BROUGHT THE MIGHT OF ISRAEL TO ITS KNEES
The proof of the pudding lies in the eating it is said. On 7 October 2023, the speed and precision with which Hamas attacked Israel with such devastating effect, pointed clearly to a failure of intelligence and from anecdotal evidence, the interdiction of Israeli communications and its cybersecurity apparatus by Hamas.
Israel appears to have fallen, victim to a sophisticated hack that exposed several weaknesses in its surveillance systems, its communications networks, defense control, and its early warning systems. Most of the information available to Hamas, for the 7 October operations, it is alleged was obtained from OSI (open source intelligence) and some degree of Human Intelligence -most likely from Israeli operatives.
There is a counterintuitive narrative at work when the reputations of Israel and other Western nations in their battle for cyber superiority is concerned. Hubris it appears had entered into the Israeli and Western military mindsets. Several prominent hackers and writers on the subject of cybersecurity were either censured or blocked from commenting on issues they had long harbored concerns about on 7 October 2023. Many more who had slipped the net had their comments removed on that day and in the following weeks.
The intensity and level of hacking that occurs every day in places like Australia, the UK, US, and Western Europe is overwhelming and immeasurable. And this is not a recent development in cybersecurity breaches. It is just that the threat is simply ignored by governments who do not fully understand the nature and depth of these threats. Whenever government agencies capture a Kevin Mitnick, they deify them and later make heroes out of them.
A big problem with hacking lies with issues such as defining the term hacking. Black, white or grey, hacking which like the terms ‘terrorism’ and ‘terrorist’, lacks a proper legal definition. It is merely a designation, not a definition. Eventually, when confronted with the problem, judges and law enforcement have difficulty coming to terms with it. They have to improvise.
For instance, Google, Microsoft and other service providers and browsers, hack every computer from the moment a client or user engages their systems. And the way Google and Microsoft operate, they hack deeply into a user’s computer, obtaining their personal details, passwords, browsing habits, patterns, and frequency of use and access to their cohorts online.
Out of the data obtained, Google, Microsoft and other major information companies are then able to sell user’s data to commercial interests for hundreds of millions of dollars without the user even knowing their data is being traded by others with impunity. None of what Microsoft or Google does through hacking and mining a consumer’s personal data is ever fully disclosed to the consumer. Consumer in this context also includes their institutional customers like government departments and banks.
Whilst phishing, social hacking, and brute-forcing are the more commonly used and successful methods hackers use to hack their victims, carelessness, negligence and a lack of awareness account for most of the hacking incidents.
THE REAL DANGER LIES IN SOCIAL MEDIA AND THE NEGLIGENT USER
Since Covid and the isolation of workforces worldwide, relegated to working-at-home arrangements (without adequate supervision) the incidence of hacking has grown exponentially.
In the absence of a properly structured work environment where there is supervision over workers and their performance, the home environment, a more relaxed less controlled environment, provides rich pickings for hackers. It provides easy access to the databases of large companies and government institutions through the computers of home workers. The spate of recent hackings in developed Western nations was not the work of foreign state actors but homegrown hackers in Western nations and within their allies. It is a growth industry helped along and protected with government spun stories of “Russian”, “Chinese” or other East European anti-Western hackers.
The home computer is often either protected by domestic grade anti-virus protection and firewalls and therefore easier to breach by an experienced hacker or in many instances their anti viruses are not updated or is virtually outdated and nonexistent. Unlike the work environment where breach protection and anti-viruses are ironclad, the home environment provides a ready gateway to hackers with the simplest of tools at their disposal which can penetrate the average home computer system.
Hackers are intelligent people. The best of them can’t be traced back to their undergraduate days at Harvard, Yale or Cambridge. They are simply highly motivated curious minds operating from street cafes and laptops in car parks and other nondescript environments that make detection difficult. Many of them in the developing world.
The most vulnerable gateways to hacking a computer and its databases are those of young, ambitious, and entitled workers. Many of them are women in the developed world. Young women of the X, Y and Millenium generations (between 15 to 40 years of age) tend to be more rebellious at the workplace, share information (including classified information) liberally with their peers and social groups and are vulnerable to on recruitment online.
They appear less conscious of dangers and are less vigilant (over 70% of participants in a US survey said they found trust and kinship through blind dates, subscribed to unknown newsletters and clubs and online groups, had intimate chats and shared information with people they had not met in person).
Of this group, 24% said they worked for government agencies, 22% said they worked at banks and credit card companies, whilst a whopping 65% said they openly shared information about their fellow employees, employers, companies and confidential information with pastors and members of their evangelical churches worldwide. All in all it was said was done in good faith.
Similarly, the survey found that workers from the LGBTiQ+ communities were like-minded and to engage in similar risk activities online. The survey identified the LGBTiQ+ communities to be as risk prone -to the 15-40 years age group of females surveyed- in private exchanges and with ‘friends’ they cultivate on social media.
Rick Di Melo
