Cybercrime has the potential to paralyse countries and commerce, but companies and individuals are only just waking up to the threat. That spells opportunity for long-term investors, says Ben Judge.
Crime doesn’t pay – or so we are always told. But it’s not always true, and as crime becomes more sophisticated, that saying is becoming less true every day. Take robbing banks. According to Guinness World Records, the world’s biggest bank robbery was committed in 2005. A group of around ten crooks spent a weekend tunnelling 78 metres from a house they had rented directly into a branch of the Banco Central (Brazil’s central bank) in the town of Fortaleza, on the northeast coast. They bored though more than one metre of reinforced concrete into the vault and made off with 164,755,150 reals, around £38.6m. A tidy little haul, you might think.
Bank robberies go online
But Guinness is using a very narrow and outdated definition of bank robbery. And £38.6m is peanuts compared with today’s bank robbers’ hauls. The world’s biggest bank heist actually happened over several years, from 2013 to 2018, when a gang of Russian hackers used computer viruses to make off with £650m from 100 financial institutions around the world – no pneumatic drills necessary. The cybercriminals created accounts to receive cash; inflated balances in other accounts by changing bank database entries; and even programmed cash machines worldwide to spew out notes at specific times, when associates would be waiting with bags to fill. The cash was then laundered via cryptocurrency exchanges and spent on luxury cars and houses, among other things.
Crime has moved online. Online fraud is now the most common form of crime in England and Wales, according to the Office for National Statistics. The rewards are higher and the risk of getting caught dramatically lower. According to computer software security company McAfee and the Center for Strategic and International Studies, a US think tank, the most lucrative crime in the world is government corruption, followed by the narcotics trade and cybercrime. Ginni Rometty, IBM’s president and CEO, said in 2015 that “cybercrime… is the greatest threat to every profession, every industry, every company in the world”. It costs business around $600bn per year, or 0.8% of global GDP, estimates McAfee.
As technology makes users and companies more efficient, so it also makes criminals more efficient. As more and more things are connected to the internet, the opportunities for cybercriminals proliferate. It’s not just smartphones and computers. Manufacturers are cramming online connectivity into new models of everything from kettles to fridges, cars and doorbells. Each element of this “Internet of Things” (IoT) provides an opportunity for cybercriminals, who can hijack them and use them as a gateway to attack more lucrative targets.
Many contain glaring security deficiencies, exacerbated by the fact that many users don’t change the default usernames and passwords the machines come with and fail to upgrade security with the latest firmware. Hewlett Packard has said that it reckons 70% of IoT devices are vulnerable to hacking.
A favourite tactic is to use compromised devices to install “bots” (“web robots”, or autonomous software programs that perform simple tasks), which can launch so-called distributed denial of service (DDoS) attacks. The upshot is that multiple devices are used in a coordinated attack to overwhelm a victim’s system by flooding it with traffic. One such “botnet”, the Mirai botnet, was used in 2016 to cripple some of the internet’s biggest sites, including Twitter, Airbnb and Netflix.