There is a reason that a majority of the world’s services are offered through centralized systems. Before the advent of distributed systems such as blockchains, we collectiavely looked at centralized systems as the surest path to increased security. These perceptions pre-date the digital era; since centuries, ledger-based centralized systems have enabled services that would be difficult through alternate arrangements – such as banking and asset exchange markets.
The emerging relevance of distributed systems in recent years has headlined the vulnerabilities that flow naturally from trusting centralized systems. To clarify things from the get go:
- With a centralized system, data is typically stored, updated and managed through one location rather than spread out across many. When this core system is hacked, it translates to losses for all nodes and stakeholders that rely on it. For example, if a country’s central bank database is hacked into, it usually spells trouble for the economy at large – including private banks, businesses and individual consumers.
- With a decentralized system, data relevant to respective locations is stored and maintained independently of a central hub. This usually means damage due to a hack targeting a specific location would be largely restricted to that specific location, rather than to all nodes connected to the central system.. In distributed systems, this concept is taken one step further: the same data is distributed and synchronised in several independent locations; thereby making prospects of hacking the entire system difficult and cumbersome.
With a vast majority of our information being stored on centralized servers, this leaves us open to a considerable threat and manipulation – all our vital information might (and often does) end up in the wrong hands.
Centralised Systems: A History of Major Attacks
We have compiled a list of some notable hacks in recent years that targeted centralized systems and resulted in massive damages.
Here are some of the major ones that caused the most furor and harm.
1. Citibank – 1995
The amount of exposure electronic transactions have was truly highlighted in this incident in 1995 when an engineer, Vladimir Levin wired an estimated $10 million to accounts worldwide by hacking into the Citibank systems.
2. Mafia Boy – 2000
Michael Calce, a teenager from Canada caused massive damages to major multinational companies such as Yahoo!, Dell and CNN by managing to freeze their operations through the infamous Mafia Boy virus. In essence, the Mafia Boy was a denial-of-service (DoS) attack which made many of the services non-responsive to input from users.
3. Delta Airlines – 2004
In 2004, an 18 year old Sven Jaschan managed to bring down the entire IT department of Delta Airlines, understandably wreaking havoc for the organization as several transatlantic flights had to be cancelled.
4. Operation Shady RAT – 2006
This particular incident brought to light the massive attention that espionage is getting online. The attacks led to significant damages for major defense organisations and public organisations such as United Nations.
5. Mt Gox Bitcoin Exchange – 2013
A blockchain based around the distributed systems approach, Bitcoin itself is quite secure. Nevertheless, it is operated through stock exchanges where people are able to convert normal currency to Bitcoin. This exchange was the subject of a hack in which a whopping $460 million was stolen. This proved to a deathblow as the exchange soon became bankrupt!
6. Bangladesh Bank Heist – 2016
The Bangladesh bank heist is remarkably astonishing as it managed to exploit the presumably hyper-secure SWIFT banking system. This is a global monetary transfer system, and is used extensively all over the world. The gang responsible managed to make $81 million!
7. WannaCry – 2017
The latest in a string of cyberattacks – the modus operandi differs as hackers usually demand money in return for the information stolen during a hack. This is termed as ransomware. Multiple organizations in about 150 countries suffered, including the National Health Service in UK.
So what can be done?
In order to safeguard against security breaches, a number of ‘best practices’ are suggested for companies and service providers of all sizes. While the threat can be greatly reduced by employing all these methods, it is simply not possible to completely eradicate the threat.
- Protect all personal and sensitive information. Be careful not to reveal it to service providers with questionable data protection practices.
- To safeguard information, reduce the transfer of data online. Cloud based systems may be convenient for companies, but they come with their own array of risks.
- Downloads should be restricted, particularly on company laptops and systems which are linked to central servers where information is stored.
- All unencrypted systems are prone to attacks, only encrypted devices should be allowed.
- Security systems that regularly check up on firewall protection should be automated.
- Restrict accessibility to a need-to-know basis.
- Employees should be educated regarding phishing emails and such. This will ensure that they aren’t opened up by mistake, bringing about serious problems.
- Conducting regular audits and tests should be a top priority for organisations.
And here’s the big one, one that must be done on the structural level and not by individuals per se:
- Shift to distributed systems. Blockchains have shown the potential benefits of distributed systems in overcoming the security shortcomings of centralized systems. A number of major banks, such as UBS, Banco Santender and Credit Suisse are exploring the possibilities of the technology for both security and efficiency.
There are multiple ways in which cybersecurity can be reinforced, much like walls outside a house. However, the threat always exists and new ones emerge every day. Hence, constant vigilance is really the only way out.