As cybernativity spreads its wings across the world with the increasing accessibility of the internet, IoT, and other digital resources that simplify our daily tasks, the line dividing online and offline services has blurred considerably. This intersection has made cybercrimes more powerful than ever: A disruption in our online environments can have impactful consequences on their offline counterparts.
Despite its prominence, cybercrime is still a relatively nascent form of violation whose sophistication grows in tandem with technological advancements. As a result, most cybercrimes are unique in their design and serve as a triggering event to foster legislative and technological reforms in order to prevent their repetition.
The history of cybercrime can be traced back to 1834, when a Napoleonic semaphore telegraph was hacked by thieves to intercept stock-market-related information. Since then, cybercrime has evolved and operated alongside the transition of networking from analog (telephonic networks) to digital systems, namely the internet.
During the early 20th century, cybercrime was weaponized by countries to sabotage the military plans of their enemies. One of the major examples is the military codebreaking operation carried out by Alan Turing and Gordon Welchman to decipher the ENIGMA codes of the German army.
The mid-1950s saw the rise of phreaking, a technique that mirrors modern hacking. In phreaking, telecommunication networks were manipulated by offenders to avail services such as free, long-distance calls. One of the most common modes of phreaking is red boxing, wherein a device known as a red box is used to simulate the sound of inserting coins into a telephone, tricking the network into making calls for free.
Although phreaking was largely seen as an activity espoused by tech aficionados, it caused a considerable amount of financial damage. By the mid-1970s, telecommunications provider AT&T disclosed a loss of $30 million annually to telephone fraud, including phreaking.
In the early 1980s, phreaking was put to an end when telephone networks were upgraded to common channel interoffice signaling, which separated signaling from the voice line. The void left by it, combined with the emergence of the internet and personal computers among the public, led to hacking, which involved breaking into networks to steal or tamper with the information they held.
The mid-80s can be considered a turning point in cybercrime as home computers witnessed a boom owing to their enhanced computational capabilities and compact sizes. Some of the cyberattacks that happened during this period were followed by legislative reforms and the establishment of units to deal with investigations and legal processes to prevent such crimes.
One of the world's first cybersecurity legislations, the US-based Computer Fraud and Abuse Act (CFAA), was in fact initiated by a 1983 Hollywood film titled War Games—a dystopian thriller centered around a tech enthusiast who accidentally starts World War III after gaining unauthorized access to an army supercomputer. Confronted by the possibility of this scenario happening in reality, the US government, then led by Ronald Reagan, enacted the CFAA bill to ensure that cybercrime was outlawed.
Since then, cybercrimes that undergo due process have contributed to the expansion of the legal framework and institutions that pertain to cybersecurity. One such case belongs to the infamous Morris worm (1988-91), a malicious program that infiltrated networks and targeted a particular version of the Unix operating system. The malware spread rapidly within a network using several attack vectors, slowing down network operations by delaying the delivery of emails, hindering crucial university- and military-related functions, and more. An arrest regarding the case was made by invoking the CFAA, and the aftermath of the incident saw the creation of United States' first computer emergency response team in Pittsburgh.
The year 1999 saw the debut of the Melissa virus, computer malware that was created when the idea of a digital virus was relatively unknown. After hijacking an AOL account, the attacker deployed social engineering techniques to lure victims into clicking a file that promised several passwords to paywall-based websites that showcase adult content. The Microsoft Word applications in the victims' systems were hijacked after they accessed the malicious document, which in turn gave the attacker further access to their MS Outlook email accounts and enabled the transmission of phishing emails to prospective victims.
Considered the most contagious malware of that time, the Melissa virus resulted in a loss of $80 million due to the efforts taken to mitigate the collective damage. Post the conviction of the cybercriminal responsible for the virus, the FBI installed a new national Cyber Division that specializes in fighting online crimes.
Although cybersecurity laws in the US have been increasing in stringency, the intensity of their penalties has been subject to criticism. The 2011 JSTOR library hack by the late Aaron Swartz—in which millions of academic articles were released into the public domain from a subscription-based database by connecting to an MIT University network—started a debate regarding the law's interpretation of hacktivism (hacking as a means for activism) and whether a hacktivist deserves the same kind of punishment as a cybercriminal.
Swartz was arrested on 13 counts including unauthorized computer access, computer fraud, and unlawfully obtaining information, and faced up to 35 years of imprisonment and a $1 million fine. The prosecution was dismissed after Swartz committed suicide.
In order to address the moral ambiguity associated with unauthorized computer use, the US senate tabled Aaron's Law (named as a tribute to Aaron Swartz), which aimed to amend redundant provisions and phrases associated with the CFAA, although the bill did not pass in Congress.
Supply chain attacks are a potent form of cyberattack that can cause widespread infestation of malware that spans several organizations. One of the most damaging cases of a supply chain attack happened in 2020 when an IT company fell prey to a nation state attack carried out by a group of APT attackers who had gained unauthorized access to the organizational network and embedded a backdoor into one of the company's products. The attack also affected the company's customers who had either downloaded the product or implemented software updates, and the list of victims also includes several corporations and government agencies.
Following the attack, the US government passed a law to strengthen the IT supply chains of the Department of Homeland Security in order to strengthen the country's cybersecurity measures and prevent similar attacks from happening in the future.
Cybercrime is a rapidly evolving threat. By drawing insights from cyberattacks, lawmakers and institutions can make stringent measures to curb their repetition. However, the process of lawmaking can be accelerated when governing authorities engage with independent entities, programmers, and hacktivists to identify and mitigate the systemic and software-related vulnerabilities that can endanger critical infrastructures and resources within networks.
2020 Zoho Corporation Pvt. Ltd. All rights reserved.