Page 42 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 42
Bluetooth keyboard and mouse, and hotel room TV. The attack was discovered when Kurtaj released the
stolen video clips, and he was immediately arrested again.
Because Kurtaj was previously diagnosed at an early age with severe autism, he was found unfit to stand
trial. Instead, the judge asked a courtroom jury to “determine whether or not he did the acts alleged —
not if he did it with criminal intent.” The jury determined that he did commit the alleged crimes. Evidence
was presented to the court that Kurtaj had been violent while in custody, with dozens of reports of injury
or property damage. A mental health assessment was conducted during the sentencing hearing and
found Kurtaj "continued to express the intent to return to cyber-crime as soon as possible. He is highly
motivated." The judge deemed Kurtaj remained “a high risk of serious harm to the public through skill in
gaining unfettered access to computers.” Kurtaj, now 18, was committed to a secure hospital until doctors
deem him no longer a danger. Secure mental health hospitals in England and Wales house people
deemed to be a danger either to themselves or others on account of their mental illness. Potentially, he
could remain in hospital for life.
What makes Kurtaj so special? He is the first hacker to publicly admit all he wants to do is hack. He is a
sociopath with the will to cause destruction, just like any movie or comic book supervillain. But there will
be more teenage criminals on the rise this year to take his place; disenfranchised teenagers who grew
up practicing hacking from a very early age using tools and information readily found on the internet.
These teens will join a virtual version of gangs found on the streets in most cities, but these cybergangs
have a global reach and access to weapons far more dangerous than drugs and guns. Worse, there is a
far less likelihood that cybergang members will be easily identified and caught. Hackers learn lessons
from other hackers, and new internet privacy protection tools also protect the identity of hackers. AI will
make their attacks stealthier and almost impossible to detect without AI-enabled detection tools that are
still in their infancy. Trend Micro published an interesting blog post about the different criminal
undergrounds that exist globally, but even that is changing as teen cybergangs arise. These cybergangs
will produce more cyber supervillains who will try to bring about the internet apocalypse for fame or gain.
They will fight each other for cyber territory and global supremacy, just as gangs fight to secure
neighborhoods and criminal enterprises today. When that happens, we will see the cyberspace version
of what is happening in Haiti today.
But there will be one that leads a gang - the Cyber Supervillain. Cyber Supervillains will have the drive to
achieve their objectives without fail and have the skills to do so. Nothing will get in their way. They will be
hyperintelligent, but socially outcast. They will be imaginative and quickly develop new attack strategies
and techniques to exploit vulnerabilities. They will have sociopathic, if not psychopathic, traits that allow
them to morph their personalities into masters of social engineering. They will launch campaigns against
targets to fulfill whatever personal agenda they have but mostly to satisfy their own ego.
This will make defending against cyber supervillains extremely difficult. Organizations need to deploy the
best cybersecurity defenses for their requirements and environments. They need to be diligent about
updates and patches. They need to conduct regular vulnerability assessments to find and close attack
surfaces. But the more difficult challenge will be training people to recognize social engineering attacks.
People want to be friendly and helpful, and this can be easily exploited to give up sensitive information
to use in attacks. And that is the Cyber Supervillains greatest superpower.
42
