Lately, the world seems like a rather small place. Our data travels at around 3,000 miles a second globally, we can travel anywhere in about a day and we can share and collaborate with each other instantly in real-time over the internet.
People aren’t that different either; no matter the culture or customs, most people just want to live their lives in relative peace and safety. If there is one universal trait that we as a species share, it’s our ability to use the resources that are available to our advantage, usually for good, though sometimes for bad.
Because I speak on cybersecurity, cyberwarfare and their respective trends, I occasionally get the question, “So, why does it seem like certain regions of the world excel at one kind of cyberthreat or another?”
I love this question because the person wanting to know is an astute observer of the trends that we, in the cybersecurity community, observe in our own threat analysis. This article is going to dive right in and discuss why this is the case, and also provide some very common examples of known hacking methods and preferences from various regions.
The Primer on Why
Before we get into the technical explanations, it’s important to understand that in many areas of the world, hacking can offer economic opportunities that normal low-wage jobs cannot offer, if the jobs are even available.
One successful scam can pay a living wage for up to 6 months for a person in Asia or Africa, so it becomes very attractive to those with the requisite skill. This mentality is nothing new either. I recently came back from a cybersecurity-related trip to Beijing, China, where, in the span of a week, I was approached on the street 11 times with the same scam attempt.
These people are good at what they do and they do it over and over because it works and visiting foreigners fall for it. The internet is no different, except that instead of having to scam one person at a time, a scammer can now attempt to hit hundreds, if not thousands, of targets at once. It’s a big business and there are many sellers.
The Internet Isn’t Always Plentiful
If there is one thing most people living in modern, industrialized nations demand, it’s solid internet speed and performance. Since the consumer demand and population are there, the Internet Service Providers (ISPs) are happy to offer this and are continuously expanding their infrastructures to support a growing population, though they’re having a hard time keeping up.
This is not always the case around the world. There are several regions where internet bandwidth is slow for the user, may not be up all of the time or can be restricted by local governments to control information and access to foreign websites.
Africa is an excellent example of this. Though their internet infrastructure is growing at the fastest rate on the planet to accommodate their now one billion mobile subscribers, the continent still has a long way to go. Many urban areas, not to mention rural, are plagued with poor bandwidth speeds and regular outages.
Governments like North Korea, China, Burma, Saudi Arabia, Iran and others have censored internet access to foreign websites like Google or Facebook, which are both restricted for various political and information control reasons.
Why all of this is relevant to hackers from these areas is that while they may have the skills to pull off superb hacking intrusions and penetrations, they’re prevented from doing so by the limitations of their internet connection. Even infecting and remote-controlling computers in other countries can be difficult, though not impossible, for them. However, as we shall soon read, they have innovated to make use of what performance they do have.
Grandma’s Old Windows XP Machine Still Has Value!
It’s rather amazing to think about just how much computer equipment we discard because it’s old or slow. For many poorer regions, these older computers are all that is available to the population, either due to the cost of newer equipment or because the computers were donated.
This too can limit the hacker in that the computing power they have access to may limit their control of other remote computers they’ve infected or limit their actual processing power to do things like attack encrypted data.
These computers are given new life by removing older, slower, operating systems like Microsoft Windows XP and installing smaller versions of Linux. Because Linux uses less resources and is very efficient at utilization, it can vastly improve the performance of older computers. Linux is the hacker’s preferred operating system anyway, so it’s a win-win for them.
So, now that we understand the background for some hackers in different regions, we can begin to explore why hacking methods vary. Not all hackers are from restricted or poor regions, obviously, and there are plenty of hackers in the first world with lots of access to bandwidth and computing firepower.
Public schools and universities, for example, are excellent places for hackers to use whether they’re students of said institutions or just breaking in to use the resources along with stealing protected information like credit cards and Social Security numbers.
Nigeria and Parts of Africa: Prince Ubuntu Needs Your Help!
One of the oldest internet scams is the Nigerian 419 scam. Named 419 after Nigeria’s penal code for fraud, it seems like virtually everyone on the planet has been introduced to this via email.
Essentially, the user receives an email claiming to be a wealthy Nigerian Prince (or something similar) that is currently under some kind of threat, such as civil war, and has 0 million that he needs to get out of the country.
If you send him the bank fee for the transfer, usually a couple of thousand dollars, he will send you a percentage of his wealth that far exceeds what you just “invested.” Millions of people each day receive these emails and many fall for them.
Nigeria, and other surrounding African countries, are widely known to use this internet scamming technique as their primary method of attack.
Nigeria, like many developing African countries, has slower internet that is prone to outages, especially in rural areas. Nigerian hackers usually cannot run massive bandwidth attacks like Denial-of-Service (DoS) attacks because they simply don’t have access to much local bandwidth, which makes launching a local attack, or even a remotely controlled one, incredibly difficult if not downright impossible in some cases.
Email, however, takes no real bandwidth at all. Heck, you could even send them via 56K modem speeds and they’d get where they’re going even if they had to queue up and wait. It’s really an ingenious way to still be able to reach potential victims while requiring next to nothing, performance-wise.
Don’t have a faucet you can easily turn on to get water? You can still get some. Just grab a bucket and go walk to the nearest well. That is essentially what they’re doing online.
As Nigeria’s economy strengthens, and we’re seeing growth in their infrastructure in major cities like Lagos, this may change. Sustained bandwidth that won’t go down means Nigerian and other African hackers can now expand their arsenal to include many techniques other hackers use in bandwidth-rich environments. Still, the 419 isn’t going anywhere anytime soon.
Asia: Restrictions? We Don’t Need No Stinking Restrictions!
As I mentioned above, some countries like to censor the internet. They may have decent infrastructure and good speeds, but if it’s access to the whole world wide web a hacker is looking for then they need to get creative.
Regionally, Asia holds the distinction of having about 50% of the top 10 slots of countries with the most restrictive internet laws. We’re not getting into politics here, though I could write about 20 articles on government cyberwarfare in this region.
Suffice it to say, many reasons for these blocks are political in nature. Many people in these countries find ways around these blocks, such as purchasing VPN service that allows them to route their traffic through outside sources so they can freely access sites like Google.com.
However, many governments begrudgingly allow VPN service to work and have been known to cut them off or censor them at will. This point is critical because of the size of Asia’s overall population. Aside from hosting the most populous country on the planet, Asia actually holds six of the top 20 populations in terms of size, there are more than 1 billion Asians using mobile broadband alone as of 2015. The internet infrastructure is vast and usually fairly reliable for most.
With access to this kind of firepower, hackers in Asia can, and have, infected millions of devices and computers and we are seeing the rise of powerful zombie networks capable of running large scale DoS attacks at both local and international targets. And they’re rising.
Prior to this, Asia was known for injection attacks primarily because poorly defended databases are easy prey and usually don’t take a lot of sustained bandwidth to break. This is ideal for a developing infrastructure in nations that are churning out hackers by the truckload with China actually helping future IT personnel with substantial support.
As their bandwidth continues to massively expand, Asian hackers, like Nigerian hackers, will continue to expand their capabilities both in and out of the government realm.
Eastern Europe: The Hacker’s Arms Bazaar
Which brings us to Eastern Europe. There is some serious hacker talent being developed in Eastern Europe with some spectacular hackers coming from that area. Eastern Europe is home to what is essentially the largest hacking arms bazaar on the dark web.
The Russian Mafia and a few other crime syndicates in the region have legions of hackers developing new code and techniques for cybercrime and they continue to grow as hackers who join these syndicates are making excellent money doing so.
If you look at the past decade of BotNet attacks, overwhelmingly they were developed in Eastern Europe, each one more innovative than the last. This region has basically developed a hacker school and then supplied them with an open market to sell their goods and innovate new ways to break into networks and take over systems. The latest development, believed to be from the region, is the Mirai virus.
While DoS attacks have been around for quite some time, this particular piece of malware goes after Internet of Things (IoT) devices like security cameras and DVRs and allows the hacker to direct the infected gadget’s internet traffic to whatever target he or she wishes. If anything, it underscores the need for better security development in IoT products.
In terms of hacker innovation, Eastern Europe is on the forefront and very attractive to many cybercriminals, but they’re not alone in this endeavor.
America: Unfortunately Leading the Way
We have a vast internet infrastructure and we know how to use it. We excel at legitimate development and the literal seat of power of all things cloud and internet sits on our West Coast. We have developed scores of top-level programmers, designers and engineers and we continue to have a boom in this arena. So, naturally, we are also leading the way in cybercrime.
Look at any infographic as it relates to cybercrime and the U.S. is by far the largest victim and perpetrator of this. Roughly 23% of all Cybercrime happens here in the U.S. That’s no coincidence. By virtue of this nation’s overall wealth and status, we’re by far the number one target for hackers.
And by virtue of having such a target-rich environment, we have created some truly amazing hackers. I’ve written about him before, but it deserves another mention: a hacker named Cosmo has pulled off many major hits, including breaching Amazon, Apple, PayPal, AOL, Netflix and Microsoft, but none were as amazing as bypassing Google’s entire two-factor authentication (2FA) system and gaining access to potentially hundreds of millions of email accounts.
America’s only real hacker style is that we have no dedicated hacker style. As our population is culturally diverse, so are our malicious product offerings. Our virtual melting pot, both the good and bad parts, is alive and very well.
The Future of Geographical Development
The next decade or so is going to continue to see expansive infrastructure growth. We have growing populations in every region due to better medicine and quality of life overall. As we continue to try and keep our technological growth in sync with our population growth, we are going to see a shifting threat geography as more and more people have access to computers and education.
New innovations in penetration and hacking are always being developed and the never-ending cat and mouse game between the white hats and the black hats will continue to grow and expand into new realms. As Africa and parts of Asia continue to explode in technical capability so will new groups of hackers willing to break the mold with their newfound bandwidth and freedom.
May we live in interesting times.