Hackers’ Heaven

cyberspies _Facebook_news

Monday was the turn of Tesco, specifically Tesco Bank, to humble itself before its horrified customers, 15% of whom lost money over the weekend as an as-yet-unidentified cyber villain concentrated an attack on the bank’s central system. Tesco reacted quickly and assured all affected account holders that it would repay losses in full. The total cost to the bank of this reimbursement was described, to the bafflement of many, as ‘a big number, not a huge number’ by Benny Higgins, the Chief Executive.

Only a fortnight has passed since hackers last made the news in a big way on 21 October, disrupting the services provided by Twitter, PayPal and at least ten other widely-used sites over a period of several hours in the USA. It is not clear – or at least not publicly known – which individual or organisation was behind the attack nor why it was perpetrated, though fingers have been pointed and the generalised feeling is that it was a warning message to remind us all of our vulnerability.

Tomorrow sees the culmination of almost a year’s election campaign in the USA and, if Donald Trump were a less colourful figure, the principal sub-plot would have been the leaked emails that have dogged Hillary Clinton for much of the process. Hacked from the Democratic National Committee (DNC) email system by parties ‘linked to the Russian government’[1] according to Crowdstrike, the cybersecurity firm that investigated the breach, the motive of the attack seemed overtly political although conspiracy theorists have posited that the Clinton campaign or a third party orchestrated the leaks in order to discredit the opposition.

Whatever their motives and whoever is behind all this hacking, it is clear that our IT security systems are far from impregnable. After all, just last year, PayPal bought CyActive in Israel, undisputed centre of cybersecurity excellence.[2]

So where does the problem lie? With users who require better education in discretion? With companies and organisations that patch, instead of refresh their IT systems in the interests of cost? With universities and technical colleges that do not upgrade their curriculum fast enough to keep pace with industry change and send graduates into the workforce without the programming skills they need?

It is significant that GCHQ, the UK’s surveillance centre, announced last week that it was anxious to recruit 50 people – not necessarily from an IT background – to become the next generation of cyberspies. They will be given two years’ training in an intensive ten week course, so GCHQ clearly feels that the problem needs to be addressed urgently.[3]

One thing is clear: cyber security firms need have no fears about falling revenue.

[1] The Guardian. Russian government hackers steal DNC files on Donald Trump. 14 June 2016.
[2] City AM. PayPal sets up cyber security centre in Israel and buys startup CyActive. 12 March 2015.
[3] Recruiter. Government launches cyber bootcamps to unearth hidden hackers. 3 November 2016.