The first pirates appeared in the 14th century when they attacked the ships of the Aegean and Mediterranean civilizations. Centuries later, history’s most renowned and romanticized pirate, Edward Teach—more commonly known as Blackbeard—sailed the Caribbean and became a legendary outlaw of the waves. Blackbeard was arguably the most terrifying pirate of all time. In the heat of battle, Blackbeard would tie lit fuses (slow matches) to his beard as he boarded an ill-fated vessel in blazing glory.
Seeking Cryptocurrency, Not Gold
However, as is often the case, the real history is even more interesting than the legends. Most pirates from time to time worked for European governments that could either not afford to build out capable navy fleets or simply wanted to maintain a farcical level of plausible deniability. Many of these pirates were more aptly described as “privateers,” and they were sponsored by countries through a “letter of marque.” Expressed more succinctly, these seaborn outlaws of lore who plundered the massive supply lines of commerce between the new and old worlds were in reality secret agents of national governments whose job it was to wreak havoc on opposing nations’ supply chains. For this, their payment was a percentage of the plunder that they could capture and unload in a safe location such as Nassau in The Bahamas.
Most European countries used this approach at some point. Ironically, the highly unnecessary Battle of New Orleans (the War of 1812 had concluded weeks before, but communication was slow in those days), which vaulted future president of the United States Andrew Jackson to national hero status, would not have been won by U.S. forces without the services of privateer Jean Lafitte. Anyone who doubts the importance of Lafitte’s actions should visit the National Historical Park and Preserve in Louisiana that proudly brandishes his name.
It is true that today’s plunder is not gold, but cryptocurrency, and it won’t be buried on a beach on a Caribbean island; instead it willl be protected by multinational banks using blockchain technology.
Modern-Day Privateers
But as we so often note, the more things change, the more they remain the same. Today’s privateers do not wield deadly swords, but they are experts with keyboards. The modern-day privateers sail the information superhighway and seek out vulnerability in the supply chains of their targeted antagonistic states. The exposures are simple. They search for unqualified and untrained IT admins who fail to upgrade common software, weak passwords and the lack of multi-factor authentication, and, most significantly, critical infra-structure connected to the internet.
In a previous article, we emphasized that the best cybersecurity was “concrete backed up by air,” and we now reiterate that point. The tools of the cyber-pirate of 2021 include inexpensive, everyday software such as virtual private networks (VPNs) and secure browsers such as “Tor” that can obscure attackers’ IP addresses. Phishing attacks which lure the unsuspecting email user to inadvertently reveal various open and exposed paths to the entire environment are another favorite weapon of the cyber-pirate.
Unlike their historical ancestors who carried out their acts during a violent war, these pirates of the information superhighway hone their skills so that they can attack remotely when war is imminent or whenever else they wish. They can use these cyberskills to disrupt key infrastructure such as a gas pipeline, a hospital, or other critical facets of an ever-narrowing and fragile supply chain. While they do not carry letters of marque, we know many are state-sponsored. The evidence is overwhelming. In our article “Data Security—and the Real Dragon in the Room,” we asked the tough questions about the Marriott data breach: “Who did it? What happened to the data? What do they plan to do with the data?” In the case we highlighted, the data had already been absent from visibility for 4 years. If the cyber-pirates had all this data but yet not a single credit card number was sold on the dark web, why was it stolen? Only a government-sponsored cyberterrorist could or would gather information for years and not monetize it. This suggests that the modern-day cyberterrorist has the backing of nation states similar to their historical brethren.
The recent cyberattack in May 2021 forced a shutdown of a top U.S. pipeline operated by Colonial Pipeline. The New York Times reported the pipeline was 5,500 miles long and carried 45% of the East Coast’s fuel supplies. It is believed that this act of cyberterrorism was perpetrated by a criminal group known as DarkSide. It is likely that this is a bunch of personally unintimidating ne’er-do-wells as opposed to the ominous physical presence posed by Blackbeard and his cohorts, but they are equally destructive. Longtime Russian president Vladimir Putin proclaimed recently in Geneva that most of the cybervillainy comes from and festers within the U.S. and he may very well have a valid point. But it is obvious that the state-sponsored actions against the U.S. are on the rise, and, unless the U.S. and other Western governments decide to reclaim the high ground of this ongoing cyberwar, more damage will be done. It is likely that at some point we will experience the cyber-equivalent to 9/11.
The Remedies for Cyberterrorism
The remedies are quite simple. First, all critical infrastructure should be removed from the physical internet. We have taken this position before, and we believe in that position today. All personnel working on critical infrastructure should be required to undergo background checks equivalent to government security clearances, and those same people should have certified expertise in information technology hygiene and security as well as in their specific area of expertise. Of course, this approach will be more expensive—but the $5 million paid by Colonial to unlock its system to start the flow of fuel from Texas to New York was a miniscule amount when considering the potential damage brooding on the horizon.
Whatever the reasons, the countries that host these cyberterrorists choose to look the other way, as they collect their cybercurrency plunder. And, in the absence of strong governmental action, cyber-pirates will continue to dominate global headlines.
Regardless of where they live or what bunker they hide within, they will project an ominous presence similar to Blackbeard’s blaze of glory. The ghostly apparition on the horizon may not be a ship flying the skull and crossbones but, in 2021, a plastic keyboard, an untraceable and comically fearsome moniker, and an internet connection may be equally menacing and deadly.