The Five Horsemen of the Internet Apocalypse — Scam, Extortion, Embarrassment, Theft & Death
I’ve been immersed in the cybersecurity market and media front for a good stretch. Over time, I’ve had an opportunity to work with some of the most brilliant minds and young-gun “hackers” in cybersecurity (I’m not a name dropper, so I’ll refrain from using them as SEO-bait). I’ve watched attackers evolve from basement-dwelling teenagers to organized intruders to APTs.
The most recent attack-flavor of the day is, of course, ransomware — a nasty malware strain wreaking havoc on the healthcare industry. And, at one point or another, I’ve met vall Five Horsemen of the Internet Apocalypse: Scam, Extortion, Embarrassment, Theft and Death.
2015 — The Year in Hacks
There are, of course, already thousands of stories detailing the fragility of our online lives and businesses. If you were at the DevOps.com Rugged DevOps event on opening day of the RSA Conference this year and caught the presentation by Wired cybersecurity and privacy writer Kim Zetter, “2015 — The Year in Hacks,” then you had a chance for a great overview of some of 2015’s biggest digital crimes.
With an ear to the ground on everything the NSA and the most prevalent APT-using hackers are guilty of, @KimZetter never fails to intrigue readers and live audiences. Whenever you read her stories or listen to her speak, you always come away reassured that when all the smoke and headlines clear, the great deep-down reality is that everything we digitize is subject to the whim of the Five Horsemen of the Digital Apocalypse — Scam, Extortion, Embarrassment, Theft and Death.
Kicking off her talk was what she is calling the biggest hack of 2015 — the one that successfully targeted the United States Office of Personnel Management (OPM). The full extent of the damage that allowed attackers to steal personal information on millions may never be known. What we do know is it exposed everything from the identities of covert US operatives to family members listed on security clearance forms to anyone who has ever applied for a job with the federal government. The one lesson from this event that is a “for sure” is that, even after decades of security product development (with more than 800 available for review at RSA), the cybersecurity industry still lacks much needed innovation.
“Men behaving badly.” @KimZetter pegged the Ashley Madison data theft as the most brazen hack of 2015. With 30-plus gigabytes of account information stolen and dumped, log-in credentials for 32 million accounts purloined, credit card transaction information accessed, and even several suicides tied to the incident, the hack again reminded us that the great deep-down reality is that everything we digitize can be used by attackers to scam, extort, embarrass, steal and even kill us.
Some might argue that Embarrassment made a special appearance at Ashley Madison but the fact that suicide was an outcome of that hack leaves me to conclude that Death was likely the lead actor there. Anyone at the presentation would agree that Embarrassment really stole the show in the hack of CIA Director John Brennan’s AOL email account. Allegedly perpetrated by a teenager, this Wired senior writer describes the incident more deeply in her October story: Teen Who Hacked CIA Director’s Email Tells How He Did It
Anyone reading this may be walking away with a rather pessimistic view of our chances of remaining secure online. But even so, the existence of determined hackers should do no more to deter individuals or businesses from going online than road rage should to prevent anyone from getting behind the wheel of a car.
If we can learn any lesson from the news articles penned by @KimZetter and her peers, it’s that we should continue to take full advantage of the Internet but to also take the time needed to apply effective security.
In addition to reading this article on our blog, you can check out Joe’s new column on DevOps.com here