As the world moves increasingly towards irreversible dependence on digital solutions, the presence of cybercrime in the news cycle is becoming hard to ignore. The targets selected and sheer scale of criminal feats growsever more significant. The question we should be asking ourselves is whether or not the worldcan afford to take on the inevitable risks of a purely digital economy.
According to a report by CSIS, cybercrime is estimated to have cost $600 billion in 2017, or just less than one percent of global GDP. Given that this is a relatively young criminal domain, and that it occurs in the abstract reality of cyber-space, it can be difficult for people not yet directly affected to understand the size of the problem. Stories like South Korean Bithumb’s $31.5 million loss of virtual cryptocurrency coins to hackers can illuminate the subject, it being the third such attack on the company in the span of one year. The incident occurred not long after a $40 million dollar theft from the smaller cryptocurrency exchange Coinrail, also of South Korea.
These are big numbers. Unfortunately, avoiding crypto trading is not going to be enough to safeguard your money or your personal digital footprint, as digital, mobile, and online payments increasingly penetrate the day-to-day lives of regular people. From the high-profile policyshifts of places like India and Thailand, to the more subtle creep of consumer digital spending trends in Europe, in many respects cash is being pushed out. It is often in the places moving with newfound rash haste towards cashless economic policy that we see the highest levels of digital bank robbery and online fraud.
In 2016, it was the real, hard-currency central bank of Bangladesh that was hacked, resulting in losses of $81 million, an incident cited as the largest bank robbery of all time. Online bank robbery is less common, but far morefrequent is data loss, which plagues financial and non-financial companies alike. Last summer, the Bank of Thailand had the personal data of 123,000 customers stolen through online malign activity. Something similar occurred in May when the Bank of Montreal and the Canadian Imperial Bank of Commerce lost the information of 90,000 customers to cybercriminals. And, of course, there have also been similar high-profile incidents reported in recent years involving social media companies, national organisations, and health services, to name a few.
In the digital age, personal information alone has real power and consequence. Hackers can use simple personal data to gain access to other more valuable assets. Or they can target individuals’ personal computers in order to extort money through ransomware, a cyber-attack in which the computer, system, or only specific data contained within, is encrypted by the hacker until sufficient payment has been made.
Just as in most criminal domains, cybercriminals tend to focus on softer targets. “They capitalise on the fact that not all digital banking clients are digitally literate, and exploit this vulnerability,” Kalyani Pillay, the CEO of South Africa’s Sabric said as part of a report on the increase in cybercrimes in the country. “Using technology, coupled with social engineering, criminals can gather sufficient information to impersonate victims, bypassing bank security protocols.”
The result of this is that money can be transferred by the criminals at leisure to their own accounts in loosely regulated banking systems or converted into unregulated cryptocurrencies. One of the major issues is that not only are cybercriminals technologically one step ahead of cybersecurity services, they operate in a criminal market with sophisticated amenities.
On “The Dark Web” you can transfer money through virtual coins, with which you can simply purchase ransomware and viruses pre-packaged, or you can engage with the wider hacker community in order to navigate technical hurdles that you encounter during your own exploits in cybercrime. And you can do all of this anonymously, preventing the risk of one individual’s arrest and confession bringing down even the most well-organised group of criminals.
State-funded cyber-attacks have been carving through the world banking system as well. Technically proficient hackers, plain criminals, are being funded by state actors, or whole governmental departments are being tasked with sowing discord and securing additional funding for economically sanctioned regimes. Russia’s NotPetya virus was a widespread cyber-warfare campaign focused on Ukraine which produced significant international collateral damage. A number of European companies closely connected to Ukrainian businesses suffered extensive denial-of-services and resultingloss to revenues while their systems were catastrophically compromised by the infection.And North Korea is believed to be behind a huge number of cryptocurrency intrusions in South Korea and further afield, along with the aforementioned banking-SWIFT system exploitation which yielded millions of dollars.
While the world is wrestling with incredible new payment and banking technologies, andasking itself questions about how much gravity to place on personal information and its protection, there is a real risk that nations move too quickly with their adoption of cashless practices. Until the dangers of going cashless are more fully understood, it would be foolish to exposeourselves to cybercriminalsmore and more with each new digital convenience. And yet, you would probably have to search pretty hard to find a clear political camp suing for restraint.