The most damaging corporate computer crime today is hacking large companies that manage our nation’s critical infrastructure, such as electricity and water companies. While most corporate cyber criminal stories focus on how hackers stole millions of credit card data or PII, that pales in comparison to the potential impact of millions of customers losing electricity service for an extended period of time. Likewise, hacking of water systems could cause loss of life.
The Justice Department indicted an Iranian hackers infiltrated the industrial control systems of the Bowman Avenue dam in Rye, New Yorkin 2013 (Yadron, 2015). Although officials say the men did not access the dam itself, the fact that they were able to access the control systems is frightening. A system meant to protect that section of New York could have been used to cause widespread human suffering and potential loss of life. Power utilities are under attack too.
Ukraine’s power grid was attacked in 2015, resulting in loss of power for over 200,000 customers (Zetter, 2016). Although this did not happen in the U.S., it is cause for concern for those of us defending critical infrastructure and the security community in general.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released the results of an industry audit, which showed that “the energy industry faced more cyber attacks than any other industry sector from October 2012 through May 2013” (Dark Reading, 2013).
I also observed some interesting trends, including increases in SCADA Access-as-a-Service (SAaaS) crimes, HMI attacks, and active exploits against vulnerable codebases. There are also instances of the ever-growing ransomware threat targeting ICS operators. According to Booz Allen’s briefing, ransomware samples increased from less than 100K in Q2 2014 to 6 million in Q4 2015. The infamous Cryptowall ransomware generated more than $300 million in revenue in 2015 (Booz Allen, 2016).
Public details of forensics used in these cases are not yet available as they are still making their way through the court systems. It will be interesting to see whether any anti-forensics tools were used. Anti-forensics is designed to cover the hackers’ digital footprints so that activities cannot be traced back to them. Examples include “encryption, the over-writing of data to make it unrecoverable, the modification of files’ metadata and file obfuscation (disguising files)”, among others (Forensic Control, 2017).
Since attacks against critical infrastructure have the potential to cause loss of life, I believe hacking the companies that manage these services are the most damaging corporate computer crime today.
Booz Allen Industrial Cybersecurity Threat Briefing (2016) Booz Allen Hamilton. Retrieved from: http://www.boozallen.com/insights/2016/06/industrial-cybersecurity-threat-briefing/
Dark Reading Survey (2013, November 21) Majority of IT Professionals Do Not Understand NERC CIP v5 Requirements. Dark Reading. Retrieved from: http://www.darkreading.com/risk/survey-majority-of-energy-it-professionals-do-not-understand-nerc-cip-version-5-requirements/d/d-id/1140939?print=yes
Introduction to Computer Forensics (2017) Forensic Control. Retrieved from: https://forensiccontrol.com/resources/beginners-guide-computer-forensics/
Yadron, D. (2015, December 20) Iranian Hackers Infiltrated New York Dam in 2013. Wall Street Journal. Retrieved from: https://www.wsj.com/articles/iranian-hackers-infiltrated-new-york-dam-in-2013-1450662559
Zetter, K. (2016, March 3) Inside the Cunning Unprecedented Hack on Ukraine’s Power Grid. Wired. Retrieved from: https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/