The past decade has brought an incredibly rapid and continuous growth of technological advancements. The growth of the Internet, development of computer software, and creation of smart devices have forever revolutionized the convenience and interconnectedness that technology provides us on daily basis. However, with a global network that places everyone together at the touch of a button comes an accessibility that is almost too effortless. On October 21, 2016, this accessibility became a curse for the state of cyber security in the Caribbean. Dyn, an Internet performance management company that offers products to control and optimize online infrastructure (more specifically to enable web users to access the addresses of major websites), was the victim of a Distributed Denial of Service (DDoS) attack. A DDoS is an attack that floods the bandwidth and resources of one or more web servers in an attempt to make an online service unavailable. Massive servers such as Google, Facebook, and Amazon were temporarily offline because of the invasion.
Experts from across the globe have claimed that this may have been the largest DDoS attack ever executed. The mystery underlying the attack was that it was in part delivered through smart devices connected to the Internet, such as webcams, televisions, and even refrigerators and central heating systems. The hackers used a malware known as Mirai, which uses the Internet of Things (IoT) to turn computer systems running Linux into remotely controlled “bots” to conduct the large-scale attack. These bots then create a botnet, or a network of Internet-connected computers infected with this malicious software that is controlled at a source. Analysts believe that the attack on Dyn may be linked to others, all using Mirai, that took place within a five-week span. On September 20, 2016, two major attacks were launched, a 1 Tbps one on French hosting provider OVH and a 660 Gbps one on KrebsOnSecurity blog (1). With each attack getting larger than the previous, the loopholes of cyber security have begun to catch the attention of officials in the Caribbean sector.
Outmoded IT systems and malfunctioning software have proved costly for Caribbean countries in the past couple years. According to Daily Express, a newspaper on the island of Trinidad, “reports in the trade press suggest that so serious have DDoS attacks in general become, that more than 30 percent are now large enough to swamp almost any business or poorly protected government” (2). Many attacks on Caribbean networks are kept under-wraps because of the perceived reputable damage that would ensue. Most recently, 1.3 million documents from the Bahamas’ corporate registry were publicized online without drawing significant attention. While the leaked ‘Bahamas Papers’ contained mostly consolidated information and no ultra-secret information was exposed, it puts into question the appropriate security within government portals. Especially in a region with an absence of local expertise and financial resources to address technical weaknesses, the compromising of internal government communications (with seemingly little effort) opens the doors far too wide for potential hackers. A The Center for Strategic Studies and Intel Security Group published a joint study supporting the notion that Latin America and the Caribbean (LAC) “has become a new frontier for cyber attacks and crime at an estimated cost of around $90 billion per year” (3). Furthermore, a digital security-based system known as the Cipher Brief released that 12% of DDoS attacks now target the LAC region. A large cause of this escalating number is the increasing number of tourists, and in turn increasing flow of Internet-connected devices on a monthly basis, in “soft” locations through which funds flow for tax advantage and commercial expediency. The striking increase in national vulnerability calls for the help of experts around the world to strengthen the Caribbean’s outdated networks.
Caribbean government officials are slowly starting to realize the importance of strengthening their cyber security infrastructure. In March, a number of international agencies met in St. Lucia and signed-off on a plan to strengthen regional cooperation in training, legislation, and technical capacity. In light of these recent efforts, the first Caribbean Cybercrime Conference was held on November 16, 2016 in Aruba. The goal of the conference was to create awareness for the growing threat of cyber attacks and need for digital investigations (4). The conference was led by Curaçao’s Attorney General’s Office and received help from the Kingdom Detectives Cooperation Team (RST), and DataExpert, a Dutch cyber security group. Since the field of digital forensics is only recently reaching new heights, it was also necessary to inform officials and private enterprises about the new and ever-expanding risks of cybercrime. The Caribbean and Latin America must work quickly to develop integrated cyber security platforms before hackers begin to deeply infiltrate what is a largely unprotected region.
(1) D, Lena. "Caribbean Region Faces Serious Cyber Security Threats - Atlanta Black Star." Atlanta Black Star. N.p., 01 Nov. 2016. Web.
(2) Jessop, David. "Action Needed on Caribbean Cybersecurity." Trinidad Express Newspapers: Editorial. N.p., 02 Nov. 2016. Web.
(4) "First Caribbean Cybercrime Conference." Curaçao Chronicle. N.p., 02 Nov. 2016. Web.
Image: © Carmelo Luis Vicent Rodríguez | Dreamstime.com - Airport Antenna
Carlos was born in Chicago, Illinois and came to USC to study psychology with a minor in Business Administration. He has worked in healthcare and finance for the past two summers. Carlos also helped co-found Trojan Marketing Group, a group that develops marketing strategies for large companies. Carlos has been with Global Intelligence Trust since summer of 2016. He am most interested in writing about innovation in the technology sector and aerospace developments. Apart from academics, Carlos enjoys playing volleyball, hiking, and traveling.