The recent spate of hack attacks on the IT systems of British Airways, GitHub, Slack and Rutgers University are all signs of the fast-changing nature of the Internet -- and the growing number of people who are capable of launching attacks on it. And cybersecurity professionals worry that such incidents are only likely to become more common in years to come.
A large distributed denial of service (DDoS) attack, apparently launched by Chinese hackers, on the coding collaboration site GitHub began last Thursday. A similar attack -- linked to China and Ukraine -- began Friday afternoon on the systems of Rutgers University.
At the moment, those attacks do not appear to be connected to other hacks involving British Airways, the workplace team chat site Slack or, reportedly, the person-to-person taxi service Uber. Slack confirmed that hackers were able to access information in its user database -- although not, it believes, including encrypted passwords -- over a four-day period in February, while complaints about stolen frequent-flier points from British Airway's Executive Club members began emerging a couple of weeks ago. A number of Uber users have also reported apparent hacks into their accounts.
Cluster Likely Coincidental
"As far as I know, there are no links between these hacks, and some (GitHub) are DDoS attacks while others (like Slack) are proper breaches," said Patrick Nielsen, senior security researcher at Kaspersky Lab. "Also, it appears Slack was actually compromised in February. There are some theories that actors in China are behind the DDoS attack on GitHub because GitHub hosts anti-censorship tools, but early attribution, and indeed attribution in general, is very difficult no matter what kind of attack we’re talking about."
Nielsen told us: "I would say that this clustering of releases is just a coincidence, but they highlight an ever-increasing number of targeted hacks, and the need for companies to take information security and incident response seriously. The best thing you can do for your company from a risk perspective is to figure out what you’re going to do when something like this happens to you, and how you’re going to let your customers know. Keeping a hack secret can be far more damaging to your reputation than the hack itself."
According to a survey of IT professionals by Kaspersky Lab and B2B International, 94 percent of organizations around the world have encountered at least one cybersecurity incident over the past 12 months. Of those, 12 percent reported they were the victims of at least one targeted attack, up from the 9 percent reported by Kaspersky in 2012 and 2013.
We also reached out to Jon Miller, vice president of strategy for the Irvine, California-based cybersecurity firm Cylance, to learn more about what the recent series of hacking attacks might mean for individuals and organizations dependent on online communications.
"The amount of people that can perpetrate these types of hacks are greater than 10 or 15 years ago," Miller said. In addition to the rising skills of hackers around the world, he added, "everyone is starting to realize that it's a consequence-free environment."
Nation-state actors like North Korea, for example, can use hacking attacks to send a message if they are displeased with their portrayal by media companies, as the country is believed to have done following the run-up to Sony Pictures' release of "The Interview," a comedy involving a plot to kill Supreme Leader Kim Jong-un. And hackers from countries like China and Russia have long been known to target victims to gain access to either data or money.
'A More Hostile Internet'
As hackers with a variety of goals around the world continue to hone their skills, they find they can usually act with impunity because there are few ways to hold them accountable. As most legislators generally do not fully understand the intricacies of Internet technology, laws are unlikely to solve that problem, Miller said.
Rather, he said, "a lot is going to be driven by private companies in the short term." While cybersecurity firms and security-minded companies are constantly getting better at identifying and fixing vulnerabilities, though, individuals -- the end-users whose data and money are ultimately at stake in many of these hacks -- will need to put more pressure on the companies they do business with, Miller said.
Meanwhile, Miller said, he believes the number of incidents of multiple, large-scale hack attacks will continue rising.
"I think it's going to become a lot more commonplace," he said. "The Internet is going to become a lot more hostile place."