THE threat of debilitating attacks launched by hackers has become so concerning that financial institutions in London are reportedly stockpiling Bitcoin to pay off potential ransom demands of cyber criminals.
On Friday in the US, a number of major sites including Netflix, Spotify, Reddit and Twitter were affected by a large-scale distributed denial of service (DDoS) attack causing them to become unavailable to users.
It was just another reminder of the debilitating potential posed by co-ordinated cyber attacks — and corporations are drawing up contingency plans.
According to one UK expert, some of London’s major banks are beginning to stockpile the digital currency Bitcoin in case they need to pay off future hackers.
Dr Simon Moores is a former technology ambassador for the British government and is the chair of the annual international e-Crime Congress which is a global body that brings together IT professionals.
He said some of London’s financial institutions were coming around to the view that it was cheaper to pay the demands of cyber criminals rather than suffer the fallout from an attack.
“The police will concede that they don’t have the resources available to deal with this because of the significant growth in the number of attacks,” he told The Guardian.
“From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack, when law enforcement perhaps might not be able to assist them at the speed with which they need to put themselves back in business.”
The recent DDoS attacks which drew global headlines are believed to have used a code to allow them to take control of internet-enabled devices such as security cameras and smart TVs to bombard the servers of US company called Dyn, which provides directory services to online companies.
It had nothing to do with profiteering. Most attacks of that nature are often political and are either about making a statement or simply done for kicks (or ‘lulz’ in hacker parlance).
But there is the potential for hackers to threaten the use of such a code in a bid to get companies to pay a ransom or suffer a disruptive and damaging attack.
British telco company TalkTalk lost more than 100,000 customers and £60 million as a result of a cyber attack carried out in October last year. The alleged teenage culprit had reportedly demanded 465 bitcoins which at the time which was worth £216,000.
Mr Moores said such tools were becoming “weaponised” by hackers.
Cyber security is no longer solely about protecting data as corporations are becoming increasingly concerned about “shareholder and customer confidence,” he said.
It is not known exactly which banks are stockpiling the untraceable digital currency (presumably as to not encourage attacks for ransom) but it highlights an interesting shift in how some of the biggest corporations are approaching the threat of cyber attacks.
Australia’s major banks won’t discuss their own policy when it comes to possibly dealing with cyber criminal syndicates in such a fashion.
The Commonwealth Bank declined to comment when asked by news.com.au if it would consider paying a ransom in order to avoid a potentially worse financial injury.
“Commonwealth Bank views cyber security is an important national issue and a shared responsibility. As technology is rapidly transforming economies around the world and creating new opportunities for growth and prosperity, we recognise there needs to be a sustained focus on cyber security from government and industry to create a strong, secure and resilient modern economy,” a spokesperson said.
ANZ bank was also reticent to share its position when it came to such a situation.
“ANZ takes cyber security very seriously. Our customers rely on us to keep their money and information safe, we have a team of experts who work around the clock to pre-empt and respond to threats. Due to the nature of this work it’s not appropriate for us to comment any further,” a spokesperson said.
Data on the details and cost of cyber attacks on the financial system is not available given attacks are not reported under Australian law.
However in a recent submission to the government’s Productivity Commission, the Australian Bankers’ Association said the cost of cybercrime in Australia was at least $1 billion a year for individuals alone and would be much higher if governments and businesses were included in that figure.