There’s a common saying among accomplished martial arts instructors of long standing (this also applies to law enforcement), that for each technique we teach, there’s a counter. For every counter, there’s a new technique.
This seems to be what’s going on big-time regarding cybertheft in Mexico right now. Except that to all intents and purposes, Mexican financial, government and business institutions are working with procedures that are so ineffective, they haven’t even gotten to the point of coming up with counters to the thievery that’s already getting poised to take them down for the count.
In an article titled, “As Banks Embrace Biometric Tracking of Customers, Cybertheft Explodes in Mexico”, wolfstreet.com’s Don Quijones discusses how the country’s imminent move toward assigning the entire population their own unique biometric identification number (reportedly by as early as this summer), is colliding with a tidal wave of cyberthieves who appear to be operating at close to free access.
Sebastian Brenner, a security strategist for Symantec Latin America, says that “these are very well structured groups, with experts for every stage of the process: infiltration, capture, commercialization. The members can be in the country or operate from others; the internet eliminates any barrier.” There is general agreement among observers that few legal tools are available to mitigate cyber attacks, or the resulting loss of information – a third of which have targeted government institutions – and the laws that are on the books are seldom enforced.
With governments and banks having a single biometric database, a serious breech – almost certain to occur – could have dire consequences across the country, and vertically, through the social structure.
Woodrow Hartzog, an Associate Professor of Law at Stamford University, offers a sobering take on the issue, commenting:
“Biometrics are tricky. They can be great because they are really secure. It’s hard to fake someone’s ear, eye, gait, or other things that make an individual uniquely identifiable. But if a biometric is compromised, you’re done. You can’t get another ear. So it’s plain to see, that once a cyber criminal gets the data, there’s no realistic way to undo the damage, no Plan ‘B’ for the customer, or for that matter, a government agency or financial institution.
Some studies have determined that data from a bank card is worth (the surprisingly low amount of ) $10, while medical files can bring up to $10,000. With a person’s medical data, you can gain access to their insurance policies, pensions and other financially-targeted sources.
Danial Blancas at cronica.com.mx notes that virtually all of this pilfered data can find ready buyers at one or more levels in the criminal underworld – or perhaps more accurately just termed, the “criminal world” – since so much goes on rather transparently nowadays.
Noting how easy it is to hack into minimally-secured data bases in-country, he says, “Mexico is in second place in the Latin American ranking of malicious activity on the Internet, only after Brazil, because of the amount of viruses or malicious codes detected, and the massive sending of phishing or emails for advanced attacks.”
A package containing the personal data of the holder of a bank card: identification number, date of birth, billing address PIN number, username and password, is called Fullzinfo. The value of that file on the “over the counter” black market depends upon its account balance.
Symantec (which offers Norton Antivirus) ranks Mexico as being number two globally in the percentage of detections.
Historically in the martial arts world, some threats have become so dangerous and so capable of “jumping” the way that they had been dealt with in the past, that an entirely new way of looking at – and dealing with – the problems of the day became necessary. In effect, not just new counters, but rather a new system.
Blockchain to the Rescue?
Think about the dominance of the long bow…until the use of gunpowder made it obsolete.
As blockchain applications gain utility and popularity across the financial world, it will be interesting to see how effectively this new way of doing things puts a bite on the type of cybertheft – across all asset categories – which now seems to be taking place almost at will.