It's one thing to read about all the advanced targeted attacks that are going on, and to absorb the impact that they're having on individuals, businesses and governments alike. But it's another thing to ask, "Who exactly is behind all of this?"
It's not an easy question to answer. The work of the hacker, after all, takes place in the virtual sphere, and largely, that's where criminal hackers like to remain. Hackers occasionally come out of the shadows to make some kind of statement, but this typically happens via a collective declaration on the part of a group (like, for example, the self-declared Guardians of Peace (GOP), the hacking collective that attacked Sony Pictures).
The carefully cultivated anonymity of cyber criminals makes them difficult to characterize, let alone pinpoint. This presents a challenge to law enforcement, since one of the first steps to pursuing a criminal is to have some kind of composite picture of who that person may be. But hackers are not always able to evade justice, and whenever one is captured, their arrest sheds new light on the motives, resources and criminal intentions of the modern cyber criminal. Though expert knowledge about cyber criminals is sparse, there's one fact that's emerged with clarity: The hacker of today is far more threatening – and violent – than ever before.
A troubling evolution
Just as the cyber threat sphere has evolved, so too have hackers. Today hackers operate in a highly interconnected web of international criminality, but that wasn't always the case. In fact, in its first incarnation, hacking wasn't even an overtly criminal practice, but instead a way to test and refine the power of computers and the Internet. As Michael Devitt points out in "A Brief History of Computer Hacking," the word "hackers" was originally used as a complementary term to describe solutions-focused computer people.
"The best and brightest of those [early computer] programmers created what they called 'hacks' – shortcuts that would modify and improve the performance of a computer's operating system or applications and allow more tasks to be completed in a shorter time," Devitt wrote.
But in the 1970's and 80's, as the Internet came into wide use, the idea of hacking as a criminal practice began to emerge. Here were some of the earliest hacks that were carried out:
- 1988: Robert Tappan Morris is responsible for what's largely considered to be the first worm to hit cyber space. Morris, who now teaches at MIT, said he developed the worm in order to ascertain the size of the Internet. But the government didn't buy that excuse, and he was convicted under the then-recently established Computer Fraud and Abuse Act.
- Late 1980s: According to The St. Petersberg Times' "A history of hacking," First National Bank of Chicago got hit with a cyber attack in the late 80's. The hack resulted in $70 million in damages.
- January 1998: The Federal Bureau of Labor Statistics is accustomed to getting a steady stream of information requests. After all, its data is central in many articles and reports. But in January 1998, the FBLS had to deal with an influx of information request messages that were completely phony. The Bureau had been hit by spammers.
- 2006: In advance of a space launch, NASA discovered that foreign intruders had reportedly gleaned highly privileged information about the launch. This cyber episode was an alarming early indication of the power of cyber criminals to not just carry out money-focused attacks, but also intrusions centered around countries acquiring private data from other countries.
For all the damage they did, these attacks seem positively amateur compared to the cyber crime that makes headlines today. And that's because, comparatively, they are: The cyber crime we deal with today occurs on an unprecedented scale. By all accounts, hacking is a growing industry. The only problem is, it's also a criminal one. These days, cyber crime is racking up as much as $575 billion annually worldwide, a figure that is set to rise. And behind this statistic are individuals with criminal motives – and criminal backgrounds.
The cyber criminal: From geek to violent offender
Robert Tappan Morris, whose namesake bug made history in 1988, typifies the early hacker brought to life in films like "War Games": a computer nerd with spare time and lots of virtual skills. But in the 20 years since Morris' bug, the picture of the hacker has changed from that of a mischievous youngster to a hardened criminal, as The Telegraph reports. The article points out that over six out of 10 hackers operating today have criminal records outside of the virtual realm. This is a far cry from someone like Morris, who had no prior record.
"The research by Bedfordshire police found those convicted of cyber crimes also had a history of offenses such as theft, burglary, shop lifting in the 'real world,' " wrote The Telegraph's Rosa Prince. "A number were violent criminals with convictions for battery and assault."
The FBI's current list of their most wanted cyber criminals paints a picture of a truly devious bunch. Among the names are:
- Noor Aziz Uddin: Between 2008 and 2012, Uddin is suspected of having orchestrated a telecom defrauding scheme that resulted in losses of $50 million spread across many victims. But Uddin was hardly operating in isolation: His criminal efforts are believed to be tied to a criminal organization that spans the globe. He has not been seen since a warrant for his arrest was issued in 2012.
- Evgeniy Mikhailovich Bogachev: Bogachev has the unenviable distinction of having the largest bounty for a cyber criminal on his head. The FBI is willing to shell out $3 million for intelligence that results in his arrest. The reason he's such a high-value target is because he's allegedly the man behind the "Zeus" campaign – a malicious effort that's racked up more than $100 million in losses to victims. He's had indictments and criminal complaints brought up against him, but none have allowed authorities to get any closer to nabbing him. Part of this is possibly due to his propensity for boating, a practice that allows him to be constantly in transit.
- Nicolae Popescu: In terms of cyber criminals, Popescu is about as hardened as they come. As a hacker, he's reportedly behind a massive-scale wire fraud, passport fraud, money laundering and counterfeit trafficking scheme that's led to many victims. As a criminal, he's tied to a broader criminal enterprise group that has hubs across Europe, including in Romania.
- Wang Dong: Look into the eyes of Wang Dong and see a man who thought he was above the law. This career hacker – nickname 'UglyGorilla' – is currently evading 31 criminal counts that include computer fraud and aggravated identity theft for his participation in a collective called the People's Liberation Army (PLA) of the People's Republic of China (PRC).
"The activities executed by each of these individuals allegedly involved in the conspiracy varied according to his specialties," states the FBI in its profile on Dong. "Each provided his individual expertise to an alleged conspiracy to penetrate the computer networks of six American companies while those companies were engaged in negotiations or joint ventures or were pursuing legal action with, or against, state-owned enterprises in China. They then used their illegal access to allegedly steal proprietary information including, for instance, e-mail exchanges among company employees and trade secrets related to technical specifications for nuclear plant designs. Wang controlled victim computers."
As these examples illustrate, the cyber crime sphere is being more crowded with criminals than ever before. Not only do hackers have technological prowess on their side – they also have the backing of wide-ranging criminal networks that are willing to use violence to carry out their malicious work. The merging of hacking and organized crime is where things start to get truly scary, and this is a point that the world is reaching.
Just as the cyber criminal underworld is globe-spanning, the means to defend against it will need to be as well. Keeping hacking at bay is a task that should occupy not only governments and businesses, but individuals. From the top down, there are behaviors and best practices you can carry out when computing to ensure an optimal level of security. Taking steps like encrypting information, using anti virus protection, and keeping abreast of hacking news all play their part in limiting the power that hackers are allowed to have in the world. The fight against hackers needs all the help it can get, across the board.