Subscribe

No underestimating hacker power

By Ryan van de Coolwijk, cyber product manager and specialist
Johannesburg, 04 Oct 2016

ITWeb Security in Finance 2016

Meet Ryan van de Coolwijk, Hollard Insurance cyber product manager and specialist, Hollard Specialist Liabilities, Centre of Excellence at Security in Finance Forum, as he shares his experience in cyber insurance. Register now. For the complete agenda, click here.

Terrorists also welcome hacking and theft of national secrets. Global governments are realising they need to up their game and become united in the fight against terrorism and cybercrime. This has motivated agreements and calls to action by nations which are hopefully moving the world towards proactively sharing threat intelligence and away from focusing on attacks on, and defence against, each other.

High-profile government hacking

There have been a number of high profile government spying and hacking incidents over the years which highlight the potential power being used. These include:

* Edward Snowden's revelations about US National Security Agencies (NSA) PRISM program, which included PRISM spying on a number of governments, as well as on German Chancellor Angela Merkel. He alleged that as part of PRISM, the NSA tapped directly into the servers of nine Internet firms including Facebook, Google, Microsoft and Yahoo to track online communication.

* Allegations around the British intelligence agency, the Government Communications Headquarters (GCHQ), tapping into fibre connections and monitoring communications, as well as having access to the NSA PRISM database.

* About a year ago the GCHQ admitted for the first time in a court case - as part of the Investigatory Powers Tribunal (IPT) - that it carries out computer network exploitation (CNE) - commonly known to you and me as 'hacking'. This happens both in the UK and other countries. (http://www.theguardian.com/uk-news/2015/dec/01/gchq-accused-of-persistent-illegal-hacking-at-security-tribunal).

The IPT was told that microphones and cameras on electronic devices can be remotely activated without owners' knowledge, photographs and personal documents copied and locations discovered.

Ryan van de Coolwijk, Hollard Insurance cyber product manager and specialist, Hollard Specialist Liabilities, Centre of Excellence.
Ryan van de Coolwijk, Hollard Insurance cyber product manager and specialist, Hollard Specialist Liabilities, Centre of Excellence.

The tribunal was also told that Snowden's documents referred to GCHQ's CNE capabilities including programmes called:

* Nosey Smurf: which involved implanting malware to activate the microphone on smartphones;
* Dreamy Smurf: which had the power to switch on smartphones;
* Tracker Smurf: which had the capability to provide the location of a target's smartphone with high precision; and
* Paranoid Smurf: which ensured all malware remained hidden.
* Over a year ago FireEye reported that for more than a decade a cyber operation, with likely ties to China, spied on Indian defence as well as business and media operations.
* Mandiant's APT 1 report, identified a likely government sponsored, Chinese cyber espionage unit.
* Stuxnet is another dramatic cyber incident. Advanced malware - which is believed to have been developed and funded by the US government - was used to infect multiple industrial plants around the world allowing attackers to control systems used to monitor and control critical industrial systems. Stuxnet reportedly compromised almost one-fifth of the nuclear centrifuges in Iran, causing them to tear themselves apart.

AWARENESS OF POSSIBILITIES

These incidents aren't shared to be alarmist but rather to show that the possibilities of the hacking and cyber world are virtually limitless and should never be underestimated. We may not be involved in, or exposed to, internationally explosive incidents but the information and data we protect and manage, as well as confidential meetings which take place, means the world to each one of our establishments.

So the bottom line is do not underestimate the opposition and realise their power grows daily. In our duty of financial protection through insurance, our experts and risk assessors at Hollard Insurance are on call to consult and examine the risks each operation faces because powerful and effective risk management is an essential ingredient in the recipe for success.

Share