By James Myers
I feel like a sitting duck, waiting for my turn as a human target in the crosshairs of a cybercriminal.
I feel practically defenceless. Even the largest companies and organizations with the best security that money can buy are not immune. A global criminal attack in 2020 stole data from over 200 organizations, including the U.S. and U.K. governments, the European Parliament, NATO, and Microsoft. In August 2020, the Canada Revenue Agency suffered two cyberattacks that exposed the sensitive data of thousands of taxpayers.
So is it simply a matter of time before you and I become the next victims?
Do we accept that cybercrime is an unavoidable feature of technological living in the 21st century? Have we resigned ourselves to two-factor authentication to access our bank accounts, and those annoying are-you-a-human login tests? As the cybercriminal arsenal becomes increasingly powerful, what’s next? Will online services grind to a halt, or will it become next to impossible to access essential applications without facing a lengthy inquisition to prove our identity?
Tackling the plague of identity and data theft surely deserves to be among the highest of our technological priorities. We are developing fantastic technological capabilities, but if we don’t defend ourselves, the cybercriminals may steal all of their value – and more.
On August 1, the US National Science Foundation’s NOIRLab detected a cyberattack at its Gemini North telescope in Hawaii, forcing a shutdown of its systems to prevent damage to the telescope’s delicate guidance functions. For added precaution, the Gemini South telescope and some of NOIRLab’s smaller telescopes on Cerro Tololo in Chile were taken offline in the following days, as well as the Gemini Observatory’s public education website.
While most services were restored by the end of September, the two-month shutdown came with a significant cost to investigate and repair systems and for time lost to the scientific community that depends on NOIRLab’s precisely-scheduled observational data. Sadly, it wasn’t an isolated incident. Cybercriminals attempted extortion in a ransomware attack against the Atacama Large Millimeter Array (ALMA) Observatory in Chile in October 2022, and the downtime cost an estimated quarter of a million dollars daily.
Following the incidents, the U.S. National Counterintelligence and Security Center published a two-page bulletin (which can be downloaded here) listing the methods that adversaries use to infiltrate sensitive space industry data and infrastructure. The bulletin advises, “Foreign intelligence entities recognize the importance of the commercial space industry to the US economy and national security, including the growing dependence of critical infrastructure on space-based assets. They see US space-related innovation and assets as potential threats as well as valuable opportunities to acquire vital technologies and expertise.”
Criminal attacks against telescopes appear to be part of an increasing pattern to disrupt critical public and scientific services.
In January, as The Quantum Record highlighted the looming quantum cryptography crisis in which quantum computer technology threatens to expose data encrypted with traditional methods, we noted the increase of cyberattacks. These target hospitals and other essential infrastructure, including the May 2021 ransomware attack against the Colonial Pipeline which delivers fuel to the southeastern U.S. We also noted that, according to the U.S. Government’s Cybersecurity and Infrastructure Security Agency, one in three American homes have computers infected with malicious software, and 47% of American adults have suffered the exposure of their personal information to cyber criminals.
Recently, blackmailers calling themselves the Daixin Team stole millions of records from five Ontario hospitals and sold the data on the dark web after the hospitals refused to pay the ransom. The Windsor Star quoted the CEO of one of the hospitals: “The cyberattack is not one person in their basement on a computer. The perpetrators are a sophisticated web of people who extort the healthcare sector. They target us while we are caring for our most critically ill. They attack hospitals while we are emerging from a worldwide pandemic. We are not the first healthcare system to be struck by these bandits and will not be the last.”
The attacks don’t stop at telescopes, pipelines, and hospitals.
On October 28, the Toronto Public Library announced a cyberattack and as of December 6, after more than five weeks, its online services remain closed to millions of Toronto residents.
The library reports that, “At this point in our investigation, we believe current and former staff employed by Toronto Public Library (TPL) and the Toronto Public Library Foundation (TPLF) from 1998 are impacted. Information related to these individuals was likely taken, including their name, social insurance number, date of birth and home address. Copies of government-issued identification documents provided to TPL by staff were also likely taken.”
What is our philosophy of technology? How do we see the future? Do we dedicate so much time and resources to technological development to advance the cause of current and future generations of humanity, or do we do all of this to limit our potential?
The two essential visions underlying our philosophy of technology were highlighted in our October 2022 feature, “Two Technological Choices for a Future as Good or as Bad as We Can Imagine.” Our choice is to create technology that either holistically adapts to evolving human needs, or requires us to adapt to its limitations.
We see no reason that would prevent our technological priorities from eliminating the threat of cybercrime. We need not become the victims of technology and the criminals who abuse it.