When you think of industrial espionage, images of agents dressed as James Bond sneaking around high rise office blocks, stealing top secret documents spring to mind, but a case from November 2016 highlights the rise of a newer, more localised aspect of this facet of cyber-crime being utilised by unethical businessmen.
In November, James Frazer-Mann, head of a payday loans company in the Vale of Glamorgan, was given a suspended prison sentence after paying two hackers a total of £2000 to disable a rival's website using DDoS attacks.
The payments were routed through Costa Rica and came to the attention of the FBI who forwarded the case to the National Crime Agency which, working with the Welsh Regional Organised Crime Unit, were able to investigate and subsequently arrest Frazer-Mann who claimed he had only set up the attacks after being targeted himself.
This was a relatively small scale operation involving a small business owner and individual hackers, but recent attacks on larger businesses such as Yahoo (December 2016), TalkTalk (November 2015) and Tesco Bank (November 2016) are increasingly highlighting vulnerabilities in this area.
Currently, it would appear the individuals behind the attacks selected their targets because of security flaws, but given the widespread losses these incidents can cause (The Tesco case affected around 20,000 customers while TalkTalk lost 100,000 customers and £60 million in earnings), I predict it will be sooner rather than later before these attacks are used maliciously on a much larger scale by unethical corporations as a cheap and relatively easy way of increasing their market share.
According to Havocscope – which collects information on a global black market – a remote administration tool (RAT) such as Blackshades is available to purchase for $US40 (£32) and a bot net of 1000 PCs costs $US35 (£28).
With instructions on how to launch a DDoS attack easily available online, IT industry sources tell me that a semi-competent user could launch an attack without much difficulty, with the only challenging aspect being evading detection and ensuring the attack is not traced back to the perpetrator.
The fact that this sort of large scale DDoS could be achieved for such a small amount of money is worrying, even more so is the ease of expanding such an operation. If your target was a busier website with a higher threshold then you could simply purchase more compromised PCs.
Society's increasing reliance on technology and a trend of placing greater portions of our daily lives into the digital sphere is providing greater opportunities for those wishing to exploit them.
Law enforcement need to be active to prevent this, but the monitoring of internet traffic and personal communication creates a range of privacy issues and, in reality, just as a homeowner doesn't use the police as an alternative to locking their front door, the onus must be on them to ensure their own cyber defences are secure, that the data they are entrusted with is safe and that it is as difficult as possible for a rival, or any other actor, to put that at risk, whatever their motive.