Cyberattacks may seem like an ambiguous threat – happening to someone else, somewhere else. But serious cybercrime is hitting close to home, with attacks from North Korea now targeting Canadian retail banking customers.
Security expert Christopher Porter highlighted this threat at a House of Commons meeting earlier this month. He noted that top Canadian financial institutions were exposed to state-sponsored cybertheft from North Korea just one year ago, in February 2017.
What they want
The attack redirected people to malicious downloads that would subsequently take control of their computers, accessing their bank accounts. These criminals are funding the North Korean nuclear program through stolen money, by targeting financial institutions, companies and retail customers. These cyberattacks show a level of sophistication that was once only seen among nation states’ intelligence groups like the NSA, according to Porter.
How they’re getting it
"Man-in-the-middle" attacks involve an attacker covertly relaying or changing the communication between two parties who believe they’re communicating directly.
In this case the “man in the middle” hacks into your device, imitates your banking sign-on page, and lures you to enter your private information. When you’re done banking, the hacker logs on with your credentials and steals your money.
Why they’re successful
The perpetrators of cybercrime are the same groups known for organized crime like weapons and human trafficking, drugs, et cetera. Cyber represents a booming growth industry for them.
Cyberattacks are relatively easy to accomplish and extremely tough to police. In Canada, despite their efforts, cops can only identify a suspect in 7% of cases. Criminals are going where the police are not; so their odds of getting away with these crimes are much higher than traditional strategies.
In addition to the anonymity cyber provides criminals, decades ago, when our telecoms structures were designed, they were done without much consideration to cybercrime. These same structures haven’t adapted as quickly as criminals have. Ahead of our outdated safety measures, criminals are even bypassing newer security methods like multi-factor identification.
Tom Cruise and the A.I. myth
One way of staying ahead of criminals is to stop them before they have the chance to commit a crime.
In the 2002 Sci-Fi film Minority Report, police were able to predict and arrest criminals before they offended. That movie feels less like science fiction today, considering real police units in the U.K. are now using algorithms to direct officers to patrol specific high-crime areas. Unfortunately, these areas are disproportionately over-policed as it is.
In Canada, we’re also experimenting with artificial intelligence (A.I.) to accelerate bureaucratic processes. One well intended effort is the use of A.I. with immigration applications. However, concerns about algorithms with built in biases and inevitable abuses by authorities are being raised by this attempt to use technology to serve immigrants more effectively.
We may be introducing more problems than we’re solving by using algorithms and A.I. to tackle complex social problems. One of the biggest myths about A.I. is that a computer removes subjectivity, and therefore can’t be biased. But the data fed into these computers are inherently flawed, because the people who’ve created them are flawed.
How can we respond?
Protecting ourselves from cyberattacks starts with awareness. The more people become knowledgeable about their cyber risks and what simple steps they can take to reduce it, the more time our IT and security professionals will be able to dedicate to putting out the big fires.