If you like what you are about to read please be sure to leave a comment below.
In this new age of “tech-savvy hyperbole expressionism, we seem to have a definition for just about everything but to come to terms with a universal “truist” definition of Terrorism the task is not so easy. Scholars struggle with this concept and so do we. There are various definitions that exist across the multi-layered international and research communities.
Title 22 of the U.S. Code, Section 2656f(d) defines terrorism as “premeditated, politically motivated violence perpetrated against non-combatant targets by subnational groups or clandestine agents, usually intended to influence an audience.” and so this definition would seem to escape the grasp of Cyber Warfare & Security but not so fast!
Let’s take this one – The F.B.I. – The Federal Bureau of Investigation (FBI) defines terrorism as “the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.”[1]
Now we are a little closer but whether the definition fits or not there can be no dispute that the acts of incomprehensible disruption, enormous loss by theft of monies, national economic markets reactions are quite real. How can this be so given the ingenious software tools and firewall protections that are available in the marketplace today?
Let’s take the prime targets – the Financial Institutions. I was reading an Article the other day and was shocked to learn that surprisingly the Banking institutions are living in the” Nano-Dark Ages” and are highly vulnerable. Here’s how;
Every bank runs on something called “core banking software”, which is sort of a central financial database that keeps track of all accounts and transactions.
Anytime you deposit or withdraw funds, the core banking software updates its records. And whenever you log in to your bank’s website to check your account balance, the server relies on the core banking software for that information. Core banking software is the most critical component of any bank’s technological infrastructure.
Yet ironically, the software that many of the most established banks use was originally written in either Fortran or COBOL, both 60-year old programming languages that date back to the late 1950s.
Back then banks were very early adopters and at the forefront lines of technology and jumped on the chance to automate their core functions. As technology improved, banks continually patched and updated their systems rather than abolish and implement new upgraded versions because all of the Central Banks, as well as the Federal Reserve System, had to be synchronized.
But they eventually ran into limitations in terms of how much they could modernize the software. In the software industry, developers recognize this limitation. That’s why from time to time they stop supporting obsolete versions of their applications and re-engineer new versions with the latest technology. But that didn’t happen across most of the banking sector. Instead, banks kept patching and upgrading outdated software.
But, The ACH Transfers Are Safe, Right?
No, they are not. Simply put, the most important functions in the banking system are powered by decades-old technology. Perhaps nowhere is this more obvious than with domestic money transfers.
Within the domestic US banking system, most banks rely on the ACH payment network to send and receive financial transactions.
If your paycheck is direct deposited into your bank account, or mortgage payment automatically deducted, these typically use ACH. What’s completely bewildering is that ACH payments typically take 48 hours to clear.
That’s completely insane given that any domestic bank transfer is simply an internal transfer from the sending bank’s account at the Federal Reserve to the receiving bank’s account at the Federal Reserve.
It’s utterly astonishing that in 2017 such a simple transaction actually takes two days, as if they have to send a satchel full of cash cross-country via the Pony Express.
But this is a reflection of the nature of the outdated technology that underpins the banking system. It doesn’t get any better internationally either.
But What About SWIFT?
If you’ve ever dealt with international financial transactions you may have heard of the SWIFT network.
SWIFT is a worldwide banking network that links allows financial institutions to send and receive messages about wire transfers and payments. Anytime you send an international wire, it’s customary to enter the receiving bank’s “SWIFT code” as part of the wire details.
But SWIFT does more than just transacts the moving and payment of money. It has another interesting feature that the Cyber-hackers have just fallen in Love with the MT199.
The MT199 can be thought of and compared to a Bank’s official “text Messaging” system. It transmits details regarding the financial status of an individual or company, its resources, where they are, how they are held and a host of other highly confidential and proprietary information so as you can see this is an opening for other alternative attempts to commit “Corporate Terrorism”.
SWIFT is absolutely critical to global banking and handles billions of transactions and messages each year. So, you can imagine my surprise when I found out that SWIFT runs on Windows Vista an obsolete operating system that even Microsoft no longer supports.
When your bank receives its SWIFT code, we were told that we have to have a computer running Vista in the office in order to connect to SWIFT.
It was such an absurd exercise to find an obsolete computer running an obsolete operating system to connect to the supposedly most advanced and important international payment network in the world.
Unsurprisingly, SWIFT has been hacked numerous times, both by the NSA as well as private hackers who have stolen a great deal of money from their victims. Last year a bunch of hackers famously penetrated the SWIFT network and stole over $100 million from the Bangladesh central bank. And that was nowhere near an isolated incident.
This is the big hidden secret of banking: despite the shiny veneer of online banking, the institutions that literally control your money are run on outdated, inefficient, obsolete technology. [2]
So, as you can easily imagine there is a “Dragnet Effect” among other industries that accept and send payments for various services because the majority of them are forced to use the Bank’s ACH clearinghouse “Batch Code” analytics (another vulnerable area).
And another issue necessarily arises in the Data Privacy areas and this is a most complex regulatory area of law not only with respect to Federal Legislation but State to State requirements and a Corporate Counsel would be well advised to have their own intra-corporate “White Page” Data Security compliance program in place and an excellent place to learn more about this and to even obtain very updated information of requirements and templates to amend and make company-specific compliance can be found on the DLA Piper’s download “White Paper” Article entitled “Data Protection Laws of the World” for an outstanding overview. [3]
Attacks & Hacks
Another element of Cyber Security / “Attacks & Hacks” come in the form of what we refer to as “Disruption” and this terminology does not adequately describe the enormity of the cause and effect of this new anomaly for it could be more adequately described as “Tech Det” or a “Detonation” of your technical infrastructure and this is normally accomplished after a Breach, theft and on the way out they (Cyber-Criminals) implode the system, quite literally as criminals typically do in an attempt to destroy the evidence and to “cover their trail”.
Incidentally one of the most common of a breach in Security in the industry today is Employee carelessness. For example, your employee is on your Corporate database system and during the process of working within this intranet corporate software they open another browsing window, get out of the Corporate firewall protected window and get on social media or check their personal email and leave it open. Bingo! They are in – through Social media into your open browser bars into your intranet database with little or no effort to scale the implemented firewalls so training is highly effective because it instills awareness throughout the entire chain of command.
Learn the “Lingo” And Get Proactive
So, learn the definitions of Cyber Security from the NICCS (National Initiative for Cyber Careers and Studies) [4] and what some the industry leaders such as BMC are doing about it and their services to help you “navigate” your way to the “Cyber Security Promised Land” [5].
See also a robust and yet very understandable approach and solutions in this area from The Synack Solution group where you can also obtain some downloads and learn more about such things as Launch Points, Mission Ops, and Integration as well as solutions across the three most utilized various Platforms such as Web, Mobile, and Infrastructure Applications. [6]
By now I hope that the reader has come to the conclusion that it is essential that these efforts are implemented on a Corporate wide basis, educate your Team and conduct regular training sessions and again here is where the NICCS (National Initiative for Cyber Careers and Studies) can be most useful because they have virtually free training tools and programs to enrich your team to these issues to the point that all are aware and involved. [7]
Taking It to The Next Level – Above & Beyond
I would certainly be remiss if I did not mention what our US Government is doing Proactively and the most State of The Art Strategic Approach and this comes from the US Geospatial Intelligence Foundation or GEOINT. If there exists a desire of your Company to get ahead of the curve and I consider this to be a most Counter Cyber Offensive approach and I personally attend these (See the latest, footnote 8, infra) and these Symposiums can be characterized as Cyber-Pre-Emptive Strategy on Steroids. Think of this as Going to a Real-Life Star Trek Convention because it is. [8]
Where to Start Identifying the Issues
One way to begin would be to take a free assessment and there is an excellent one available by IBM and it will give you an informed appraisal of where your organization’s status and vulnerability lies. [9]
Closing
As with all the technological threats, today awareness cannot be overemphasized. After that there are a plethora of low-cost or free tools to help you develop, tailor and implement your own “Cyber Warfare” SDI- Strategic Defense Initiative Compliance program. [10]
May the Force Be with You!
[1] U.S. Department of State, Office of the Coordinator for Counterterrorism, Country Reports on Terrorism, April 30, 2007
[2] Reprinted by Permission – Simon Black’s – The Sovereign Man, May 02, 2017 Ed.
[3] DLA Piper; Data Protections of The World https://www.dlapiperdataprotection.com/index.html
[4] NICCS – https://niccs.us-cert.gov/glossary
[5] BMC – Cyber Security Report 2017 – http://www.bmc.com/forms/DCA-SecOps-ForbesSecOpsReport-Q3FY17-Search-v3.html?cid=ps-DCA_SecOps_ForbesSecOpsReport_Q3FY17_Search_v3-LR-03-f-01052017&cc=ps&elqcid=1899&sfcid=70114000002XmBQ&emid=2152&gclid=CPaog_e31tMCFYIjgQodxr8JjQ
[6] The Synack Solution Group – https://cdnm.synack.com/wp-content/uploads/2015/12/Synack-DataSheet_12-2015.pdf
[7] NICCS Training – https://niccs.us-cert.gov/
[8] USGIF/ GEOINT – http://geoint2017.com/
[9] IBM – Don’t Leave Anything To Chance When It Comes To Protecting Your Organization – https://www.ibm.com/security/resources/demos/cyber-threat-assessment/?S_PKG=ov51989&cm_mmc=Search_Google-_-IBM+Security_Safer+Planet-_-WW_NA-_-+cyber++security++response_Broad_ov51989&cm_mmca1=000000QG&cm_mmca2=&mkwid=0958a01d-d48e-44d1-b44f-79a551205e7a%7C467%7C286407&cvosrc=ppc.google.%2Bcyber%20%2Bsecurity%20%2Bresponse&cvo_campaign=IBM%20Security_Safer%20Planet-WW_NA&cvo_crid=190488516382&Matchtype=b
[10] Term first used in President Reagan’s Foreign Policy Strategy against the Soviet / USSR Military Build-up, more commonly Referred to as The Star Wars Program.
* Disclaimer – © 2017 Precocious Life. All rights reserved. Any reproduction, copying, or redistribution, in whole or in part, is prohibited without written permission from the publisher.
The information contained herein is obtained from sources believed to be reliable, but its accuracy cannot be guaranteed. It is not designed to meet your personal situation—we are not financial advisors nor do we give personalized advice. Cryptocurrency is a new and novel concept and like anything else within these parameters it has had and possibly will have volatility, like stocks, precious metals, etc…
The opinions expressed herein are those of the publisher and are subject to change without notice. It may become outdated and there is no obligation to update any such information. There should be nothing contained herein that should be construed as a recommendation. Any publications should be made only after consulting with your advisor and only after reviewing the prospectus or financial statements of the company in question. You shouldn’t make any decision based solely on what you read here.
Precocious Life writers and publications do not take compensation in any form for covering those securities or commodities. Precocious Life expressly forbids its writers from owning or having an interest in any security that they recommend to their readers.
