Last year, a group of adolescent hackers managed to infiltrate some of the world's most prominent tech firms by exploiting systematic security deficits in US telecom suppliers and the business supply chain, revealed a US government review. These hacks serve as a warning for America's vital infrastructure.
This review was led by the Department of Homeland Security, and the findings held US regulators accountable. They were advised to impose penalties on telecom firms with slack cybersecurity practices. The government was also prompted to contemplate funding schemes to divert American adolescents from cyber delinquency.
During the hack investigation – which hit businesses like Microsoft and Samsung – it was discovered to be incredibly easy for cybercriminals to hijack text messages used by corporate employees to log onto systems.
“It’s deeply worrisome that a casual group of hackers, comprising numerous teenagers, could consistently hack into some of the most secure corporations globally,” said Alejandro Mayorkas, Homeland Security Secretary. He also noted an increase in juvenile cybercrime.
President Joe Biden established the Cyber Safety Review Board in 2021, led by the DHS, following a wave of significant cyberattacks that typified his first four months in office. The goal of this board is to unravel the origins of such hacking cases and advise on how to thwart future major cyberattacks. Despite lacking regulatory power, the board could influence legislative drafts in Congress and future instructions from federal departments.
Lapses in the cybersecurity system of renowned tech firms were unraveled by a juvenile hacking band identified as Lapsus$, which executed attacks from the UK and Brazil last year. What was most disconcerting about Lapsus$ was their ability to embarrass companies renowned for their robust cybersecurity initiatives.
These troublesome exploits have ceased over recent months, thanks to the apprehension of several alleged Lapsus$ members in the UK last year. However, the group's proficiency in social engineering – manipulating victim organizations into revealing login details by focusing on tech assistance – remains a prevalent strategy, according to cybersecurity professionals.
This group has caused mayhem using a method dubbed "SIM-swapping" attacks, which seize a victim’s phone number by transferring it to another gadget. Robert Silvers, DHS under secretary for strategy, policy, and plans, and head of the review board, said, “This can be absolutely devastating to the victim. They can be entirely financially drained.”
Nations like the Netherlands and the UK have schemes aimed at deterring young hackers from criminal activities, but the US falls incredibly short in this area. Allison Nixon, a security expert, expressed the need for a program that protects victims of cybercrimes along with the offenders.
“Many of the culprits”, noted Nixon, “initially started out as victims.”
