BID Daily Newsletter
July 24, 2017

BID Daily Newsletter

July 24, 2017

Retribution Hacking Isn't A Video Game

Research by Princeton and the University of Chicago finds men ages 21 to 30 spend much less time working and much more time playing video games than men 31 to 55. The data finds hours worked for the younger group fell 12% from 2000 to 2015, while it declined 8% for the older cohort. The study also found those who stopped working average 520 hours per year on the computer and 60% of that time is spent playing video games.
Speaking of things people do related to computers, in 2015 Juniper Research estimated that cybercrime would cost businesses $2.1T globally by 2019. Now, just two years later and based on the damage recently caused by the WannaCry ransomware virus, Juniper's analysts estimate that cybercrime will actually cost businesses around the world $8T within the next 5Ys. Community banks definitely need to stay vigilant on cyber threats and there may be a new law coming to help.
A recently proposed bill would allow cybercrime victims to legally fight back against their attackers. The Active Cyber Defense Certainty Act (ACDC), which was introduced by Congressman Graves of GA, would modify the Computer Fraud and Abuse Act (CFAA) that currently prohibits access of an individual's computer or mobile device without their authorization.
Under the proposed bill, victims of cybercrime would be able to legally hack into the computers of their attackers to both document the identity of such criminals and cut off unauthorized access to the victim's computer network. The hope is that the proposed law empowers victims of cybercrime to fight back and make it easier for law enforcement to prosecute cybercriminals. It would also likewise serve as a deterrent to individuals who might otherwise not think twice about criminal hacking.
Although the bill is intended to enable victims of cybercrime to fight back, there is a limit to what it allows. It would explicitly forbid vigilantism; anything that would create a threat to public health or safety; the destruction of information on an attacker's computer and physical damage to anyone else's computer.
This is not the first and most certainly won't be the last attempt to try and stem the tide of criminal cyber activities. In late 2015, the Cybersecurity Information Sharing Act made it easier for companies and the government to share information about cyberattacks. Then, in 2016, federal warrant rules allowed a single judge to authorize the FBI to hack into networks of millions of computers. Supporters of the new bill believe it will supplement the current laws and help combat the growing problem.
Not everyone agrees, however and some opponents say it could lead to unintended consequences. They point to things such as cybercrime victims being misled to fight back against innocent bystanders (whose computers were used as decoys by actual attackers). They point out that many malware programs now target large groups of private computers (known as botnets), making it extremely difficult to differentiate an actual attacker from individuals or companies whose computers have unknowingly been infected and manipulated. This could be particularly dangerous if virus-infected machines happen to store sensitive personal information.
While there is no doubt that the proponents of the ACDC have good intentions, it remains to be seen whether this would be good for community banks. Potentially, it could broaden your ability to defend your bank and your customers against cybercrime, but care will be called for. As this game plays out in Congress, we hope we have provided you some ammo to keep battling the dark forces of the cybercriminal world.