Have you ever wondered what do cybercriminals and fashion designers have in common? The answer is simple - creativity! When talking about the new frontier of human culture and creativity in the 21st century, the major art innovator, film director and script writer, Rustam Khamdamov, once made a point about the fact that we now live in the era of “stylists” rather than “inventors”. Describing creative industries of the future, he said that “nowadays, if you have a style, you can get away with a lot”. By this he meant that in the modern creative landscape we often observe citations of what was already written, things that have already been said, plots that have already been used, melodies which have already been composed. According to Khamdamov, in the current creative landscape, it does not matter “what” you do, but it matters “how” you do it. He maintained that “No one cares about content anymore. Today style is the key. Are you writing a book? Think of “how” you will be writing it. In the end, all possible subjects or “what”s have already been investigated and researched, and there is nothing new left to be explored for the humanity except for maybe something in the outer spaces and other galaxies. All plots we have come from either biographies or from Shakespeare. They are all quoted from here and there but we are keen to know “how” these plots should be translated into books, movies, art, creativity in general. And when we know “how”, we become stylists.”
The Creative Side of Cybercrime
While we may agree or disagree with Khamdamov, much like many creative industries, the "industry" of cybercrime suffers from the same deficiency. The majority of cyberattacks of the present use tools, methods, and sometimes even code which existed since 1960s, 1970s, 1980s, 1990s, 2000s or 2010s. So, what we seem to observe today are citations of the previously invented methods. Yet, new successful attacks are nothing more and nothing less than “talented” or “stylish” citations which represent a creative mix of tools and tricks used in the past.
When we look at the evolution of the fashion industry from the 20th to 21st century, we can clearly identify fashion trends from 1920s to early 1990s. For example, what was “in vogue” in 1960s in terms of clothes, hairstyles, cars, etc. was drastically different from the fashion of, say, 1980s. But from the late 1990s all the way into 2000s, 2010s and now in 2020s we see many couturiers and fashion designers simply offering stylish and creative mix or “fusion” of previously invented fashion. In the 20th century it would be impossible for Brigitte Bardot and Madonna to be fashion icons at the same time; yet, it is perfectly possible in the 21st century.
Similarly, it would be hard to imagine ransomware and phishing to co-exist in the same attack 20-25 years ago; yet, these two methods seem to work in tandem in many cyberattacks of the present. Therefore, what we see today is essentially the rise of an era of “stylists” and “fusion specialists” in cybercrime. Instead of carrying out the attacks locally and from one PC, adversaries now develop stylized versions of the same attack using botnets, or even employing AI. While the adversaries of the past used primarily one method to execute the attack, cybercriminals of the present have mastered the art of fusion and manage to “mix and match” various threats into different types of attacks. This trend towards “stylized” and “fusion” attacks is likely to continue as it offers multiple (if not endless!) pot of ideas and possibilities for cybercriminals.
Cyber Attacks as Logical Puzzles
Perhaps one of the most notorious exhibits of the modern cybercriminal creativity not only involve a fusion of multiple methods and modes of attack, they are also structured as well-designed logical puzzles. Even if you have never heard the name Maurits Cornelis Escher, you most probably know his work. Escher was a graphic visionary and artist from the Netherlands whose creative work was inspired by mathematical concepts. Esher was long neglected by the artistic community and only became known in his 70s. Throughout his career he created a large number of geometrically paradoxical drawings. Two of these drawings, called “Relativity” created in 1953 and “Ascending and Descending” drawn in 1960 are probably Esher’s most famous works.
“Relativity” by Maurits Cornelis Escher, 1953
Both of these drawings show an “impossible staircase”. Esher started to grapple with these ideas in early 1950s and then discovered the work of Lionel and Roger Penrose, father and son scientists, who published a paper in 1958, where they described the “continuous staircase” based on the “triangle on Penrose”. The main idea behind the staircase was that it depicted an ascending and descending staircase making four continuous 90-degree turns in a two-dimensional space such that a person who climbed the stairs would do so forever without getting any higher. The paper written by the Penroses provided inspiration for Esher’s “Ascending and Descending”. It also gave rise to many philosophical ideas and theories of multidimensionality, and even existence of the “parallel” universes and worlds which was later echoed in popular culture (think, for example, of Christopher Nolan’s “Inception” or “Fringe” TV series created by J. J. Abrams, Alex Kurtzman, and Roberto Orci).
One of the main characteristics of the “impossible staircase” is that every individual flight of stairs is possible or “correct” while the entire system of flights as a whole is impossible or “wrong”. This feature is becoming more and more of a characteristic of the modern cyberattacks. We already started to observe “inception attacks” – i.e., attacks where each individual part of the cybercriminal connection system seems completely legitimate, and yet, the system as a whole is criminal and serving the interest of adversaries. The detection of such systems is extremely complicated and often requires deployment of significant resources and sophistication in expertise.
The main issue is that collecting forensic evidence about cybercriminals running such systems is currently next to impossible even when cyber police units and other agencies understand the business models and actors behind them. Only if one goes through each connection and proves that (i) the connection actually exists and that (ii) the connection which seems completely “legit” is a part of a larger illegal system; can we talk about potential attribution of such attacks to a specific set of individual or group adversaries. In the future, we are likely to see more and more of such inception systems being developed by the adversaries. The main difficulty in spotting and uncovering such attacks would be the difficulty in tracing and tracking the entire ecosystem and business model of cybercriminals as each node of the ecosystem will seem “normal” while the system as a whole will serve a criminal goal.
We tend to think of cyber adversaries as criminals, yet, if we study their creativity, we will have better chances to attribute digital crimes faster. Focusing on cybercriminals' creative side may also help us to predict their future targets as well as to protect ourselves as well as our businesses from many known and unknown threats more effectively.