In the wake of the Tesco Bank hack, which saw 9,000 customer accounts targeted, cyber security experts are warning of organised online crime gangs operating like a digital mafia.
Mr Robot is possibly Hollywood’s ultimate hacker show – the chaotically unfolding story of Elliot Alderson, a cyber security engineer with emotional problems, who is recruited by a fiendishly cunning group of hacktivists in their attempt to bring down the fictitious financial giant E Corp.
Elliot wears a hoodie and hacks from his bedroom, just like all good movie or TV hackers do. For Mikko Hypponen, chief research officer at the cyber security firm F-Secure, this image is quaint and entirely false. Mr Hypponen looks at 350,000 samples of new malware attacks almost every single day. Some 95 per cent of them are from organised online crime syndicates. Only the tiniest proportion of hacks is committed by hacktivists.
“The earliest viruses were written by bored teenagers looking for a challenge, but today’s hackers are much more malicious,” he explains. “What makes them different from old-school hackers is they have a motive.”
So, what are hackers really like?
This new breed of cyber criminals see themselves as digital mafiosos. The Moldovan hackers behind the Dridex malware attack stole millions of dollars in co-ordinated hits on 300 banks around the world. Evgeniy Mikhailovich Bogachev, the Russian thought to be the author of the Zeus trojan, has a $3-million bounty on his head from the FBI, and is wanted by Interpol and Europol.
That’s not to say naughty teenagers aren’t a threat, says Troy Hunt of data breach aggregation service Have I Been Pwned? “There are teenagers getting hold of vast amounts of personal data, using freely available software, as in the recent TalkTalk hack,” he points out. “Scotland Yard told the press it was a Russia-based Islamic jihadist group, but it turned out to be two teenagers.”
Either way you lose, says Adrian Nish, who leads the Threat Intelligence team in BAE System’s cyber-defence division. Real-life hackers are as good as or even better than movies suggest. A few months ago, Mr Nish explains, hackers targeted the Central Bank of Bangladesh and tried to steal $951 million, six times the amount in George Clooney’s Ocean’s Eleven.
“They set up bank accounts in Manila in the Philippines and in Sri Lanka then broke into the Bangladesh bank network, probably sometime in 2015, and waited until February 4,” he explains. “This was a Thursday, the end of the week in Bangladesh and just before the Chinese New Year, so overall they had this four-day window to get away with the heist. They flipped just eight bits of code, secured root access and covered up the transactions to make it look like the money hadn’t left the bank’s accounts at all.”