© Getty Images/iStockphoto

CSIRT security experts

Little chance for cybercriminals

05/2017 - Cybercriminals: They shut down websites, plant malware in critical systems, encrypt data for ransom and generally make life difficult for many companies. Through its special CSIRT unit, DB Systel is protecting Group applications from professional attacks like these.

The room is a mess. There’s a desk covered with various items, including a telephone whose cable has to be inserted into a modem to enable a big, boxy computer to infiltrate a school’s “datanet”. Sound familiar? Right, it’s a scene from the film WarGames. In it, David (Matthew Broderick) uses this seemingly prehistoric technology and his computer expertise to manipulate his marks before nearly kicking off a thermonuclear war by mistake later on. WarGames came out in 1983 – that’s more than 30 years ago. These days, we use smartphones that are each a thousand times more powerful than the computer shown in the film. At the same time, however, many people still associate hackers and cybercrime with an image of adolescent nerds bunkered down in their bedrooms. It’s a common misconception that makes light of the actual situation.

As digitalisation progresses, the danger of falling victim to cybercriminals continues to grow. Potential hackers come in all shapes and sizes, as well. Sure, there are young people who manage to access computer networks without permission. Their antics are indeed aggravating, but rarely dangerous. The activities of professional hackers are a different story: they sabotage systems for financial gain, and billions are at stake. Instead of Hollywood-style tactics, these unscrupulous intruders rely on sophisticated methods to get their hands on their victims’ money.

A rapid-response team for cybercrime

The Cyber Security Incident Response Team (CSIRT) was set up to protect Deutsche Bahn from such attacks. It’s something like a DB Systel special operations unit that takes action whenever hackers attempt to circumvent a particular system. Its members are experts when it comes to the tactics and methods used by digital delinquents. CSIRT focuses on detecting security incidents caused by professional and targeted attacks and then taking appropriate action. CSIRT is also involved in optimising existing systems. For example, it regularly inspects infrastructure for known vulnerabilities, and offers recommendations on how to address them as quickly as possible.

© DB Systel GmbH

The “WannaCry” ransomware attack at the start of May, however, showed how even supposedly secure computer systems are at risk. Around 200,000 computer systems in 150 countries were seriously disrupted by this cyberattack, including some of the computer systems at Deutsche Bahn. Platform displays, ticket machines and ticket vending systems were compromised for a time during the attack. Although operational safety, rail services and customer data were not endangered at any time, the attack highlighted vulnerabilities in the IT infrastructure. Aggravating as the attack was, some good has come from it. WannaCry has made it very clear where dangers lurk and has provided the impetus to be ready for such attacks at all times and on all fronts.

In the WannaCry attack, the problem was outdated software on individual computers (e.g. because security patches had not been implemented in time). However, this is not always the case. Very often, cybercriminals introduce malware into a target system through e-mail, which requires interaction with the recipient. As soon as he or she clicks a link in the e-mail or opens an attached file, the door is wide open for attacks. That said, most security programmes are now capable of identifying e-mails of this kind. This means wide-scale attacks are hardly worth the effort any longer, which is why criminals now pinpoint their prey and leave nothing to chance. They work like detectives that stake out their victims with considerable precision. How do their targets live? What are their routines, and with whom are they connected? In this process, they use all manner of freely available personal data: social media profiles, entries in public registries and whatever else a search engine can turn up. If hackers discover that a target has a certain hobby, for instance, they can try their luck with personalised e-mails containing corresponding offers that seem innocuous at first glance.

How hackers operate

The hacker’s next step would now be to hold the victim’s computer for ransom. Only after a certain sum has been transferred to an anonymous account will the computer be unlocked.

© fotolia.com (Elnur)

Victims often take no notice of the intruder’s presence at first. The criminals track keystrokes remotely and log all activities, allowing them to access sensitive data, carry out bank transfers and collect information on the victim’s contacts. The data collected could then be used for so-called “CEO fraud”, for example, whereby the hacker sends an e-mail to the target, pretending to be his or her boss – and requests an urgent transfer of funds.

The objectives of these criminals are indeed diverse, ranging from pure sabotage and extortion to industrial espionage. And even if DB Systel’s comprehensive security efforts are making it very difficult for hackers to break into the DB Group’s computer systems and networks, none of us should have any illusions. Just like in the real world, quality locks and alarm systems don’t scare off criminals; they just keep trying to gain access in different ways. And no matter whether the setting is digital or analogue, people are often the weakest link in the security chain.

Raising awareness is key

All this means that keeping up with cybercriminals, knowing their methods and initiating the proper countermeasures in good time is essential. Operational activities like these are precisely what CSIRT is meant to support. Training of Group employees aims to help identify potential perils at an even earlier stage – before hackers manage to breach a given system. In other words, it’s also essential to raise awareness of how we work with computers and mobile devices.

And it’s also thanks to the interventions of DB Systel that Deutsche Bahn has emerged comparatively unscathed from the recent attack. With their work, the members of CSIRT are making sure that customers and employees alike continue to think of Deutsche Bahn as a secure organisation. But one thing is clear. There will always be criminals who try their hand at gaining unauthorised access to computer systems, as the WannaCry attack demonstrates. In CSIRT, however, these cyber-scoundrels face an adversary that knows their craft as well as they do themselves.