In 1983, then-President Ronald Reagan screened the movie War Games at Camp David. He was alarmed by the movie’s premise—that someone could start a nuclear war with just a personal computer and a dial-up modem.
When he asked Gen. John W. Vessey Jr., the chairman of the Joint Chiefs of Staff, if that could happen, his reply was, “the problem is much worse than you think.” That exchange resulted in a series of new national security directives as well as laws, including the 1986 Computer Fraud and Abuse Act (“CFAA”).
In 1988, Robert Tappan Morris released a “worm” which unexpectedly replicated out of control, taking down ten percent of the nascent internet, causing Morris to earn the distinction of being the first person indicted under CFAA. This event serves as one of the inspirations for my debut novel, Raven, set at MIT in 1990 during the waning days of the Cold War and the dawning of the internet.
The subsequent decades saw an explosion of computer technology, networks, and mobile devices opening up a whole world of opportunity for criminals as well as new challenges for law enforcement, who often did not have the skills, nor the legal framework, to fight those high-tech crimes.
When it comes to computers, we see that technological change comes first, cultural change follows, but the law often lags behind. From hacking into a bank, to causing chaos with a virus, to committing blackmail via ransomware, the variety of crimes made possible by internet-enabled technologies continues to proliferate.
As do the criminals. In the late 1980s most “hackers” were curious computer-literate amateurs who viewed themselves as adventurers exploring a new world.
But it didn’t take long for criminal enterprises as well as state actors to get in on the action. As the threats against individuals, corporations, and governments grew more common, so, too, did concerted efforts to quash them, creating an industry we now call “cybersecurity,” a massive global market $300 billion in size.
But in the actual moment in which I set my novel Raven, all of this was brand new. There was no anti-virus software, were no internet network firewalls, no “Nigerian prince” email scams yet.
Nevertheless, computer crime was in the news with the 1988 arrest of hacker Kevin Mitnick for breaking into Digital Computer Corporation, among other crimes. He was jailed and the press hungrily reported on him, while also sharing ridiculous misinformation—such as the assertion that Mitnick could whistle into a telephone like a modem and launch nuclear missiles. That concern caused a judge to hold him in solitary confinement for eight months.
This was not an isolated incident, as law enforcement repeatedly erred. For example, in 1990 the Secret Service raided Steve Jackson Games, asserting that their tabletop role-playing game GURPS Cyberpunk was a manual for hackers. That raid was one of the inciting incidents leading to the creation of the digital civil liberties organization The Electronic Frontier Foundation, which continues to fight for digital privacy rights today.
Even as law enforcement and the law began to catch up, the criminals surged forward. As new technology, especially encryption, evolved, so did new crimes.
With the anonymous TOR router protocol, for example, came the Dark Web, home of the criminal marketplace Silk Road, a black market for acquiring everything from illegal drugs to a hitman’s services in exchange for bitcoin. And in what has become a game of cyber whack-a-mole, when Silk Road was shut down by the FBI in 2013, successors immediately followed.
Even more sophisticated crimes are emerging. In a more terrifying example of trafficking, compounds in Southeast Asia—labor camps, essentially—are now running massive “pig-butchering” operations. Online ads recruit for seemingly legitimate work in a foreign country, promising enough money to make poorer workers take a chance.
Once the applicants arrive, their passports are confiscated and they are imprisoned in a facility run by a crime syndicate, often with the permission of—or at least tolerance of—the local government. They are kept productive under threats of violence, including having their organs forcibly harvested if they fall behind on scam quotas.
In this “fraud factory” they run a pig-butchering scam, “fattening” the victim by getting them to contribute increasing sums of money, sometimes with a bogus investment scheme, sometimes with a romantic scam. They find their targets through dating apps, quickly moving to a virtual private network chat to avoid the dating app security controls.
In a recent variation of the scam, this first contact is made via a random text message: “Is this a good time to chat?” or “I’m sorry we haven’t been in touch in so long” The user is drawn into a romantic or financial conversation and the scam begins.
Sometimes it utilizes accounts opened in the name of legitimate U.S. businesses, sometimes via cryptocurrency. This is all done at a global, industrial scale driving as much as $75 billion in losses from their victims over the last four years and trafficking up to 300,000 additional victims to run them.
A new risk, “voice phishing,” is now gaining momentum. Financial services accounts using voice verification are attacked using a combination of a victim’s recorded voice from telephone solicitation calls as well as deepfake audio derived from it. That audio is then used against that victim’s bank account to attempt to get access to their funds.
What has become clear in the last several decades is that individuals, corporations, and governments need to be alert for ever-evolving forms of cybercrime. But, mostly, we aren’t, which means even the most sophisticated entities are at risk.
In the period from 2019-2020, what are believed to be Russian state actors penetrated Solar Winds, an IT systems management company that provides, among other services, cybersecurity. Solar Winds had its flagship product Orion compromised, which then provided a back door for the hackers to penetrate 18,000 systems, including the US Government and Microsoft.
We now live in a world where the internet, computers, and our mobile devices are ubiquitous, essential parts of our work, education, and entertainment. They have turned out to be highly impactful in all of our lives.
They have also turned out to be extraordinarily handy for committing crimes against us. And no matter how quickly we thriller writers get it down on paper and out in print, there’s always the chance that computer criminals will already be yet one more step ahead.
***
