28 Dec 2016
When someone says cyberwarfare, you probably think of computers and servers as the soldiers and the casualties being lost data and infected devices. But in the modern world, cyberwarfare can mean those things as well as real soldiers and guns. This month the cyber security firm that helped the DNC investigate the 2016 election hacks, Crowdstrike, announced that they found a link between the hackers behind the DNC hacks and hacks that helped the Russian army during its annexation of Crimea.
All thanks to an app developed by a Ukrainian artillery officer.
Yaroslav Sherstuk developed an app that reduced the targeting time of his Soviet-era artillery piece by 15 seconds. Since he developed it himself, Sherstuk saw nothing wrong with sharing the app with other soldiers online. With the fighting between Russia and Ukraine, the app was downloaded 9,000 times.
Have any warning bells gone off for you yet? If you don’t see the massive mistake Shertuk made yet, you need to keep reading.
After examining the app, Crowdstrike found spyware that allowed hackers to gather data such as location on any devices running it, which explains why 80% of the type of artillery guns Sherstruk designed the app for were destroyed in the fighting. We may not have flying cars and colony planets, but when soldiers are being killed because their weapons are being hacked by their enemies it’s hard to deny that the future and all its dangers are here.
Crowdstrike was able to link the malware found in the Ukranian app to the same hackers behind the DNC hack. No matter what your political stance is on the DNC hack and who was behind it, you can agree that cyberwarfare is a very real danger and that our government needs to get serious about protecting citizens from foreign actors.
One solution is industry security standards. For example, the Gramm-Leach-Bliley Act (GLBA) was made law in 1999. It required financial institutions to abide by a data security standard that not only made them treat data with greater care but also be transparent with what they used customers’ information. But the GLBA only applies to the financial industry, and while medical institutions and practices have HIPPA many other industries don’t have the same kind of security standards despite handling sensitive information.
Take the retail industry for example. This year retailers like Wal-Mart and Wendy’s were hacked and leaked customer information out to hackers, and you probably heard about the huge Target hack a few years ago. Think about how many times you alone swiped a card through a reader this holiday season. With each retailer taking the security of those transactions into their own hands it’s not hard to see why the retail industry is a hotbed for hacking.
Hacks within the retail industry have gotten so bad that a bill called H.R. 2205 was introduced to congress in December that would create a security standard similar to GLBA for retailers. No one can say if or when H.R. 2205 will become law, and maybe a federal security standard isn’t the answer, but there is no doubt that something needs to be done to protect the average citizen from cyberwarfare. We’ve seen how dangerous aggressive state actors can be, we don’t have the option of not preparing for cyber-attacks.
Fortunately, you can take steps to protect yourself and your family right now. Read a cybersecurity blog. Review your network’s security. Audit all your Internet-of-Things devices and decide between those you need and those that are unnecessary dangers. These steps probably won’t protect you from a state actor, but they will protect you from most hackers and that’s a step ahead of most people.