Who is listening in?
We all know about hacking. We know about cyber crime and viruses that could potentially destroy your computer systems or bring down your company website and internal servers. This is why we send the most valuable and sensitive information through physical cables, fiber lines – for the sake of security. We do not want our information ‘out there’, to be picked out of the air or the cloud by cyber criminals. And as long as we are not on line, we are safe – right?
Unfortunately, the answer to that question is – no. Security is often one of the main features highlighted when we talk about physical cables – fiber and land lines – but they are not nearly as safe as most of us like to think. They are vulnerable when traversing large distances from one company location to another, but even when they connect departments or various buildings it may be difficult to protect the entire length of a physical cable. And yes – the image popping up in your head right now is something out of an old cartoon; a man clinging on to the top of a telephone pole in the middle of the prairie or a deserted street, a curly wire connecting his headphones to the telephone line. And the reality is that you would not be far off the mark. Your data, travelling through the fiber line, may be tapped into, listened to, manipulated or simply stolen – by the help of a physical breach in the line.
Even though it was many years ago that we did our work on paper and posted it in brown envelopes, our information must nonetheless still be recorded and kept safe. Our computer systems are now the backbone of our organisations, projects are stored in cloud services and documents are collaborated on simultaneously in opposite corners of the world. But in one respect tapping our phones or fiber lines is still as simple as shown in the classic cartoon above: if you are able to get to the actual cable, you will get access.
But does it not take special skills?
It is not it complicated, something that requires special training, equipment and skills? Again, the answer is – no. You need the proper equipment, yes, but that is readily available around the world. You would need the means to process the data after extracting it – especially if it is a huge quantity, but the skills and software for that type of processing are easily accessible, too – the latter even as freeware. And fiber tapping may be achieved without even breaking a connection or halting the transfer of data. In this way detection of breaches is growing increasingly difficult.
Take Denmark, for example, although the problem is very much the same throughout the world. The Danish Defence Intelligence Service said in their most recent report that cyber security is a high risk area, raising a definite red flag. Industrial cyber espionage is considered the most serious threat against Danish companies and organisations and is expected to increase. And with the increased activity, the level of skills, equipment and knowledge among those trying to access your information is also expected to rise; basically, they just get better and better at what they do. We know for sure that Danish companies have already lost valuable corporate information and intellectual property in recent years – especially within the fields of high technology and medical industry. It was also simple wire tapping – famously revealed by Edward Snowden in 2013 – that allowed the American NSA and British GCHQ to access vast amounts of information at Yahoo! and Google’s data centres.
But who would go to all the trouble of accessing my particular information?
That depends entirely on the type of information or data you possess or process – and on whether the attack is aimed at you, your company or even your country. Cyber criminals wanting to make money from the sale of valuable information may harvest large quantities of data for use by third parties. This may be in bulk or it may concern specific information for sale to specific interested parties. Competing industrial companies may be interested in gaining economic advantage by snapping up new product developments or inventions. Hacktivists, who combine hacking with political activism, attack companies and organisations for political or ideological motives, directing their charges at their perceived enemies to either cause direct damage or impede their activities, or simply to create or heighten awareness of their particular cause. And there are hackers who simply find interfering with other people’s computer systems an enjoyable challenge. Finally, some organisations have been unfortunate enough to fall victim to employees or other persons who have actually had legitimate access, but have abused that privilege either by accident or deliberately.
In other words, the threat is real. This is simply the new reality for the companies who are attempting to avoid the attacks. The many and varied groups with dubious intentions range from those who are curious, those seeking economical gain to mere thieves. It also involves matters of national security.
You must take the necessary precautions. Protect your data. Encrypt. Get the right advice. But step one will always be to take the threat seriously and take a good, hard look at your own systems and processes. The least you can do is make it as difficult as possible for those who are trying to tap your wires.