Recent months have seen a major increase in cybercrime. But that’s not the only threat to our private information.
The year 2017 has been marked by a spectacular increase in digital insecurity. Almost every month a new incident has made the news and shown the impotence of governments in the face of new threats.
Emmanuel Macron had a brush with this phenomenon even before coming to power. His campaign team’s e-mails were massively hacked, then posted on the internet only a few hours before the presidential election’s first round. These 15GB of private correspondence and internal documents unveiled the identity of some of his financial supporters. There were also messages with sexual content that were decried as fakes by the people involved.
This operation apparently had no impact on voters, unlike the leaks aimed at Hillary Clinton’s candidacy a few months earlier. But the new French president was sufficiently shocked that in his first public meeting with Vladimir Putin he felt the need to denounce the hostile activities of sites close to the Kremlin.
On both sides of the Atlantic, democracies have been distressed to learn that their electoral processes are at risk. Equally worrisome is the vulnerability of their infrastructures. At the beginning of May, the systems that refrigerate blood in several British hospitals were infected by the malware Wannacry. Several experts have blamed North Korea for this cyberattack that hit 150 countries.
In June, it was Ukraine’s turn to be at the receiving end of a massive assault on its infrastructure. Railways, banks, an airport and even the automated control systems at Chernobyl were seriously perturbed by NotPetya, software allegedly of Russian origin. In response, NATO’s secretary general requested an increase in funding for cyberdefence.
It was not the first cyberattack on a nuclear installation. In 2010, the Stuxnet worm, attributed to the US’s National Security Agency, successfully sabotaged nuclear centrifuges in Iran. Three years later, a group of Pentagon experts concluded that American nuclear weapons could also be targeted by cyberattacks.
Trojan Horse, virus, phishing, pharming, backdoors, brute force, malvertising, zero-day vulnerability – so many new terms that refer to constantly evolving methods of cybercrime. But they are not the only source of disasters. Last June, the private data of 200 million American voters were “accidentally leaked” as a result of a misstep by Deep Root Analytics, a conservative marketing firm.
Governments are trying to bring some order to this digital chaos, but sometimes they do more harm than good. In April, Donald Trump signed an executive order authorizing internet service providers to harvest their clients’ navigation history and resell it to third parties without revealing the identity of the persons concerned. This trade in “anonymous clickstreams” was supposed to allow advertisers to target their ads more effectively by improving their understanding on online behaviour, but without violating users’ privacy. Yet several weeks later, German journalist Svea Eckert explained how she had discovered the pornographic preferences of a German judge by “deanonymising” clickstreams purchased in all legality. Conclusion: entire universes of private data can now be obtained without breaking any law.
All this underscores a truism: our vulnerability increases in tandem with our dependency on digital services. And this is just the beginning. The development of the Internet of Things will accelerate the trend, to the great pleasure of cybercriminals, but also of companies that specialise in protection. The cybersecurity market should reach $220 billion by 2022.
By Pierre Grosjean, Publishing Editor