McClatchyDc news service reported a chilling story about the intersection of cyber-crime and terrorism. After inserting malware into an Illinois-based retailer's computer systems, the hacker demanded payment in Bitcoins to remove the malware. This type of hacking is commonly called "ransomware" and isn't especially noteworthy. What is notable: the hacker's motivation was driven by money, but devolved into terrorism. Reportedly, the hacker:
"... had ties to the Islamic State Hacking Division, a terrorist cyber unit, and before it was over he’d put together a “kill list” for the Islamic State with the identities of 1,351 U.S. government and military personnel from the 100,000 names, credit card records and Social Security numbers he’d extracted from the host server."
The hacker, currently in prison in the USA, was identified as Ardit Ferizi, also known as the "Albanian hacker." McClatchyDC also reported:
"Ferizi’s case is also notable because his handiwork generated one of the first “kill lists” issued by the Islamic State designed to generate fear and publicity. FBI agents used the early list of U.S. military and government employees to notify the targeted individuals. More recent lists have included thousands of ordinary civilians and even U.S. Muslims the terrorist group considers apostates."
McClatchyDC did not disclose the name of the retailer, who reportedly learned of the breach only when the hacker demanded payment. That suggested poor data security and intrusion detection.
There are plenty of implications. First, no longer can company (and government) executives claim that it was just a breach, or it happens to every business. It is no longer acceptable for corporate executives to downplay the breach and hope it quietly goes away. There are real-world risks and threats to customers and prospective customers from corporate data breaches. Second, this breach reinforces the fact that we live in an inter-connected world. Criminals are smart, persistent, and have learned how take advantage of those online connections.
Third, these online connections and cyber-crime make politicians' goals to limit immigration futile and pointless. Similarly, physical border walls may deter poor and unskilled migrants, but do nothing to stop cyber-crime and terrorism. Government and business need to work together to build better, stronger online and digital defenses.
What do you think?