Cyber crime has cast an unwelcome shadow over a region long thought to be a sunny paradise. Islands of the Caribbean Sea, renowned for secluded bays and sandy beaches, seem to be harbouring a new breed of digital pirates. The trend is a disturbing one, and it is time for regional leaders to be more open and honest about its scale and severity.
Breach in The Bahamas
In early March, the Caribbean Association of Banks (CAB) issued a security alert following a security breach which put thousands of MasterCard and Visa cardholders across the Caribbean at risk. The CAB statement came on the heels of a major incident in which all Bahamian banks had their card data compromised, according to the Freeport News (March 9).
“It is unknown whether Bahamian consumers lost significant funds during this time,” the Freeport News report said.
“Sensitive information for clients across the region could have spilled into the hands of criminals,” it added.
The CAB statement said, “Out of an abundance of caution, your bank or credit union may be contacting you to have your card replaced. Please note that these measures are precautionary, because at this point, no fraud has been attributed to this case.”
Interestingly, the card recall came shortly after a data tape was stolen from an office of the Bank of the Bahamas in Barbados, as reported in the Nassau Guardian (February 26).
The Business of Secrets
Bevil Wooding, an Internet strategist at U.S.-based Packet Clearing House, described CAB’s quick acknowledgement of the security breach as “commendable”.
“Very little is reported about the level or impact of cyber crime in the region. However, this is one instance where silence is not golden, at least not for the good guys. The lack of transparency can create a false sense of security amongst businesses as well as consumers. It can also have the unintended consequence of emboldening criminals,” Wooding said.
“The threat is real, and burying one’s head in the sand won’t make it go away. Regional businesses and leaders need to be more forthcoming about the scope and seriousness of the threats being encountered. This is an important step toward defining a credible response.”
This lack of transparency in the Caribbean contrasts with the prevailing culture in other parts of the world. In fact, some of the most prominent hackings of the year have been promptly and comprehensively acknowledged by the victims themselves. On February 15, Facebook Security posted a statement acknowledging that their “systems had been targeted in a sophisticated attack”. Days later, Twitter disclosed that it had been breached February 1 and that hackers might have accessed some information on about 250,000 users, was hit in the same campaign that attacked Apple. On February 22, the general manager of Trustworthy Computing Security at software giant Microsoft confirmed that the company had experienced a security intrusion similar to breaches that occured at Facebook and Apple days before. And most recently, cloud storage provider Evernote was hacked and subsequently required all of its users to change their Evernote account passwords.
(For more, see Is 2013 the Year of the Hacker? , a round-up of high-profile cybersecurity breaches in the first two months of 2013.)
Strengthening Caribbean Cybersecurity
Wooding, who heads the Caribbean Network Operators Group (CaribNOG), a volunteer group of computer professionals, said people mistakenly believe that emerging markets like the Caribbean, with relatively small economies, are less likely to be a target of attacks. In reality, it is quite the opposite. Regions like the Caribbean, precisely because of their underdeveloped legal frameworks and limited capacity to detect or investigate, are now very attractive locations for hackers and cybercriminals to focus their activities, he said.
(For more, see Cybercrime on the Rise?, a round-up of Caribbean cybercrime stories from 2012 to 2013, curated by regional technology writer Michele Marius of ict-pulse.com)
Speaking at a special CaribNOG forum for computer security specialists last November, Gregory Richardson, Network Security Lead at US-based computer security firm 1337 Networks, Inc., painted a chilling picture of the state of computer security in the Caribbean.
According to Richardson, organisations in the region and around the world are storing an increasing amount of sensitive information on computer networks. “There is a dangerous flip side to this explosion in electronic data. As computer networks connect to the Internet they are susceptible to attack and unauthorised access by modern day digital pirates of the Caribbean–computer hackers.”
Wooding said Caribbean territories need to put in place legislative frameworks to address issues of prosecution, penalisation or restitution following cyber attacks.
“It’s not a crime if you’ve broken no laws. So laws need to be urgently updated to deal with new computer-based threats. And even where statutes are in place, security forces have to be appropriately equipped to deal with the growing complexity of Internet risks that pay no heed to national borders.”
He added, “In light of the global nature of cyber crime, Caribbean governments need to take urgent action to develop a coherent regional cyber security framework. And that work has already begun. Groups like the OAS (Organisation of American States) and the CTU (Caribbean Telecommunications Union) are collaborating with national law enforcement agencies and stakeholders to ensure that citizens, critical infrastructure and national interests are effectively protected.”
Given the scope and seriousness of the issue, a more transparent approach by our region’s corporate and political leaders would also be a welcome development. And if the upward trend in global cybercrime continues unabated, they will likely have no shortage of opportunity to quickly adapt.