Cybercrime in movies – fact or fiction

WE see cybercrimes depicted in movies all the time. Avid movie buffs would be familiar with flicks such as Skyfall, The Girl with a Dragon Tattoo, Live Free or Die Hard, Anti-trust and Sneakers, just to name a few. Some things we see on the silver screen are obviously make-believe but sometimes one can’t help but wonder how close those ploys are to reality.

For instance, could a hacker bring down the entire US financial sector as the villain of Live Free or Die Hard does? Or could a government defence programme really control every piece of technology connected to the Internet as in Eagle Eye? But movies often reflect the risks of the real world, even if sometimes the scenarios seem a bit far-fetched.

Being in the business of managing enterprise risks, especially IT and cyber risks, Deloitte takes its vanguard role of helping organisations fight cybercrime and detect cyber security issues very seriously. We note that the past couple of years have seen an unprecedented number of high profile information security incidents, data breaches, cyber attacks, and instances of cybercrime both nationally and globally. Intellectual property

Private data, intellectual property, cyber infrastructure, and even military and national security can be compromised due to deliberate attacks, inadvertent security lapses, and the vulnerabilities of social media and the Internet. Anything and everything that depends on cyberspace is potentially at risk and the proliferation of Internet-enabled devices just makes people like you and I even more susceptible. Not surprisingly, cybercrime is now touted by Interpol as one of the fastest growing areas of crime.

To put things in perspective, let us take a look at the plots of some all-time favourite cybercrime-themed movies and see just how realistic the action has got.

Sneakers (1992): Although this film was made more than two decades ago, it is still a favourite among the cyber security community. Robert Redford leads a team of experienced security specialists who are blackmailed into stealing a mathematician’s “blackbox” which turns out to be capable of cracking the encryption of nearly every computer system, which is obviously of great value to the rogues who want to seize power and take over the world.

Fast forward to today, the situation portrayed in Sneakers is no longer fiction. In fact, just a couple of months ago, three South Korean television broadcasters and two banks became victims of a widespread malware (short for malicious software) attack, which resulted in serious network outages. The attack was carried out by six computers located in North Korea accessing computer servers in South Korea, using over a thousand different overseas IP addresses. The results of the attack wiped out the hard drives of over 30,000 PCs in the affected TV stations and banks. North Korea was alleged to be a prime suspect for these attacks by South Korea’s Internet security agency.

The reality is, more than ever, governments around the world are shoring up their cyber defences to protect their critical information infrastructures (CII) from both state-sponsored cyber terrorism, organised groups and rogue hackers. The North Korean military reportedly has a unit of at least 3,000 cyber warriors, including 600 hackers. The South has just 1,000, though it’s purportedly racing to catch up and doubled its numbers in 2012 alone. Meanwhile, the US Air Force recently announced that it now designates six cyber tools as weapons, allowing its cyber programmes to compete for more share of the Pentagon’s coffers.

Antitrust (2001): This movie is a favourite in technology circles as it is often cited as one of the most realistic depictions of cybercrime. Ryan Philippe plays a young Stanford graduate employed at a company that uses an extensive surveillance system to observe and steal code from programmers around the world. Movie commentators at that time had suggested that the film was implicating a particular software giant.

There are actually applications and gadgets which are currently available and capable of spying. For example, a new android application (app) named PlaceRaider, created by US military experts, can make your phone’s camera take pictures secretly. The app works by turning on your phone’s camera and it will start clicking away behind the scene. The app runs in the background taking photos at random while recording the time, location and orientation of the phone. The app mutes the phone as the photos are taken to hide the shutter sound. A malicious user can then browse by looking for objects worth stealing and sensitive data such as credit card details, identity data or calendar details that reveal when the user might be away.

As innovation becomes a competitive advantage, cybercrime is a growing corporate threat. There have been numerous allegations of cyber espionage that some of the theft is even state-sponsored as countries and companies seek to obtain an edge over their contenders by stealing trade secrets from the competition.

Companies may be trying to steal your secret formulas, latest innovations or even client lists and contract details.

Skyfall (2012): Raoul Silva, a former agent who had previously worked under M the head of M16, has turned to cyber terrorism, orchestrating the attacks on MI6. M receives a taunting pop-up message on her personal laptop. In another scene, Q plugs Silva’s personal laptop into the MI6 network in his haste to decrypt it. Surely British intelligence professionals like M and Q would have received basic online security training? Basic IT security protocol could and should have prevented all these events.

And then there is the scene where Silva turns on the gas in MI6 headquarters remotely to blow up the building. Computers have been used by the military to compromise infrastructure in other nations. The Stuxnet computer worm, discovered in 2010, is suspected to be responsible for crippling the industrial systems than ran the Iranian nuclear plant.

The Girl with the Dragon Tattoo (2011): The Hollywood remake of this popular mystery thriller with Daniel Craig and Mara Rooney as the leads begins with a hacker who is hired to create a dossier to blackmail a disgraced journalist and does so by discreetly tapping into his desktop.

This scenario is very much an everyday reality. A simple click to open an e-mail attachment or download a file with the malware embedded does the job and your computer security is compromised. Many victims do not even realise that they have been hacked after weeks, months or years. In some cases, they never come to know at all.

We are so busy that we just open emails or attachments without stopping to think about the risks. Take the extra time to look at the email details – sender’s name, email address, To/CC/BCC details, subject title, nature of attachment. Download files from known sources. Things to look out for include unknown software, computer slowdowns, pop-ups and changes in your chosen home page.

MI4: Ghost Protocol (2011): The fourth Mission Impossible movie tops the thrill factor. You see iPhones that crack door codes, iPads that spy on security guards, wireless intrusion vectors that are delivered by balloon and hijacked security networks. These tactics are actually not far off from reality. All it takes is for a “handshake” to take place between the two medium, be it between devices, networks and environments. The target needs to recognise the incoming person or device, accept and approve the request and lastly allow them into the network or domain. It would do so by virtue of the fact that the passwords and logins are valid.

A simple case is what we call phishing. Imagine yourself having a cup of Starbucks cappuccino and about to tap into its free wireless Internet. Assuming that the wireless account name is “Starbucks”, a perpetrator would disguise his machine as “Starbucks1” recreate the same landing page as the original page. When you log in to Starbucks1, you are actually logging into the perpetrators’ machine, which now acts as a gateway to the internet. Once you log into your online banking site, your ID and password would be captured and soon enough you would have to say goodbye to your hard earned money!

So in MI4, this simple idea is taken to the next level, with a more complicated and complex algorithm to create that handshake and break through a secured network or environment. How it’s done pretty much depended on one’s creativity but it is doable. Underground economy

To be fair, none of these movies claim to be documentaries but some of them haven’t gone that far off from reality. An underground economy has now evolved around stealing and reselling confidential information. E-espionage is escalating as competition intensifies and economic conditions deteriorate. Malware authors and other cyber criminals have become sought-after professionals in their own right for their niche skills, capabilities and products. These include data acquisition and storage, stealthy access to systems, identity collection and theft, misdirection of communications, keylogger and keystroke identification, identity authentication, and botnets, among others.

This has generated significant risk exposure to financial losses, regulatory issues, data breach liabilities, reputational damage, and loss of client and public confidence. CyberSecurity Malaysia recorded up to 2,324 reported cyber incidents in the first three quarters of 2012. That Malaysia was recently reported to be the sixth most vulnerable country in the world to cybercrime by the Norton Cyber Crime Report 2012 further affirms that cyber security will remain a key concern for individuals like you and me, businesses and government agencies andcyber security experts.

Meanwhile, let’s see what the next cyber crime actioner will serve us. You and I can only hope that they are not feeding wild ideas to the cyber criminals out there.

Опубликовать в twitter.com

Comments close