Many companies already have the ability to run keyword searches of employees’ emails, looking for worrisome words and phrases like embezzle and I loathe this job. But the Stroz Friedberg software, called Scout, aspires to go a giant step further, detecting indirectly, through unconscious syntactic and grammatical clues, workers’ anger, financial or personal stress, and other tip-offs that an employee might be about to lose it. ... To measure employees’ disgruntlement, for instance, it uses an algorithm based on linguistic tells found to connote feelings of victimization, anger, and blame. ... It’s not illegal to be disgruntled. But today’s frustrated worker could engineer tomorrow’s hundred-million-dollar data breach. Scout is being marketed as a cutting-edge weapon in the growing arsenal that helps corporations combat “insider threat,” the phenomenon of employees going bad. Workers who commit fraud or embezzlement are one example, but so are “bad leavers”—employees or contractors who, when they depart, steal intellectual property or other confidential data, sabotage the information technology system, or threaten to do so unless they’re paid off. Workplace violence is a growing concern too. ... Though companies have long been arming themselves against cyberattack by external hackers, often presumed to come from distant lands like Russia and China, they’re increasingly realizing that many assaults are launched from within—by, say, the quiet guy down the hall whose contract wasn’t renewed.
The group of European black-hat hackers who launched the attack against New York had spent much of the previous decade breaking into American corporate networks — credit-card companies, hospitals, big-box retailers — mostly for profit, and sometimes just because they could. When those attacks became routine, the group moved into more politically inclined hacks, both against and on behalf of various governments, rigging elections15 and fomenting dissent. In the summer of 2016, the hackers received an anonymous offer of $100 million to perform a cyberattack that would debilitate a major American city. ... to self-identified anarchists with a reflexively nihilistic will to power, the proposition had some appeal. Causing disruption was something that had been on their minds recently, as their conversations veered toward the problems with global capitalism, the rise of technocentrism, bitcoin, and the hubris required to nominate a man like Donald Trump. Their animus got more personal when American authorities arrested a well-respected white-hat hacker who had broken into an insulin pump in order to show the dangers of connecting devices without proper security. The black hats were on the opposite end of the ideological spectrum but had more empathy for their fellow hacker than they did for the American people, who, they felt, deserved a comeuppance ... The plan was to show how much of modern life in a city like New York could be disrupted by purely digital means. The hackers would get paid, but they also hoped their attack would dent America’s complacent faith in order and in the technology and political authority that undergirded it. As a bonus, their services would be in even greater demand.
The Office of Personnel Management repels 10 million attempted digital intrusions per month—mostly the kinds of port scans and phishing attacks that plague every large-scale Internet presence—so it wasn’t too abnormal to discover that something had gotten lucky and slipped through the agency’s defenses. In March 2014, for example, OPM had detected a breach in which blueprints for its network’s architecture were siphoned away. But in this case, the engineers noticed two unusually frightening details. First, opmsecurity.org had been registered on April 25, 2014, which meant the malware had probably been on OPM’s network for almost a year. Even worse, the domain’s owner was listed as “Steve Rogers”—the scrawny patriot who, according to Marvel Comics lore, used a vial of Super-Soldier Serum to transform himself into Captain America, a member of the Avengers. ... Registering sites in Avengers-themed names is a trademark of a shadowy hacker group believed to have orchestrated some of the most devastating attacks in recent memory. Among them was the infiltration of health insurer Anthem, which resulted in the theft of personal data belonging to nearly 80 million Americans. And though diplomatic sensitivities make US officials reluctant to point fingers, a wealth of evidence ranging from IP addresses to telltale email accounts indicates that these hackers are tied to China, whose military allegedly has a 100,000-strong cyberespionage division. ... To figure out why the hackers had trained their sights on OPM, investigators would have to determine what, if anything, had been stolen from the agency’s network over the preceding year. But first they had to hunt down and eliminate the malware on its network, an archaic monstrosity that consisted of as many as 15,000 individual machines.
There was a time, a few years back, when the most sophisticated cyber-warfare tools were still developed and used exclusively by the world’s most sophisticated cyber-warfare combatants: government spy agencies, such as the ultra-secret National Security Agency and its counterparts in Israel and other developed countries and their arch-rivals in China and Russia. The surveillance and monitoring capabilities that Edward Snowden unveiled to the world in 2013 were shocking and little understood, but an ordinary citizen could at least take comfort in the belief that, if he wasn’t a criminal or a spy, it was unlikely these tools would ever be used against him. ... That was then. ... last August, came the startling confirmation from Apple itself: a genuine remote jailbreak “in the wild,” the one discovered and identified by Marczak and the Lookout researchers. To everyone’s surprise it had been out there operating secretly for years. ... By 2010 a true black market for zero days was emerging beyond the usual black market. ... In this new black market few knew exactly who the buyers were, but it was widely assumed that many were governments looking for clever new ways to spy on their own citizenry.
America’s War with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. ... The leading victim in the case was a subsidiary of the payments-processing giant First Data, which lost $450,000 that May. That was quickly followed by a $100,000 theft from a client of the First National Bank of Omaha. What was odd, Craig noticed, was that the thefts seemed to have been executed from the victims’ own IP addresses, using their own logins and passwords. Examining their computers, he saw that they were infected with the same malware: something called the Zeus Trojan horse. ... The ruse is known as a “man in the browser” attack. While you sit at your computer logging into seemingly secure websites, the malware modifies pages before they load, siphoning away your credentials and your account balance. Only when you log in from a different computer do you even realize the money is gone.
It is reasonable for executives to be anxious. Both Gregg Steinhafel and Beth Jacob, Target’s former chief executive and ex-information officer respectively, lost their jobs following the data breach. The average tenure of a CISO at a company is a little more than two years, according to the Ponemon Institute. This is partly due to the fact that these professionals are in such high demand, but also due to job insecurity of those in the role. ... The average cost of a data breach is $4m, according to security researcher Mr Ponemon, or around $158 for each compromised record. In fact, the figure can vary considerably.
The Cyber-Cassandras said this would happen. For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world. ... Now, in Ukraine, the quintessential cyberwar scenario has come to life. Twice. On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again. But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality. ... And the blackouts weren’t just isolated attacks. They were part of a digital blitzkrieg that has pummeled Ukraine for the past three years—a sustained cyberassault unlike any the world has ever seen. A hacker army has systematically undermined practically every sector of Ukraine: media, finance, transportation, military, politics, energy. Wave after wave of intrusions have deleted data, destroyed computers, and in some cases paralyzed organizations’ most basic functions. ... In a public statement in December, Ukraine’s president, Petro Poroshenko, reported that there had been 6,500 cyberattacks on 36 Ukrainian targets in just the previous two months.