Predictions for 2003 - How accurate was mi2g?

news release

London, UK - 8 December 2003, 17:00 GMT -This time last year, the mi2g Intelligence Unit made ten key predictions for 2003 which, upon further analysis, reveal a conservative forecast. The number of digital attacks from malware, spam and hackers as well as the related economic damage has been considerably greater than originally forecast. World events in 2003 have continued to be mirrored in cyberspace, which still remains a useful barometer for global political tensions and conflict.

1. Successful overt digital attacks were predicted to follow the trend established over the last seven years, numbering between 120,000 and 140,000 worldwide in 2003. This proved to be a very conservative estimate, as mi2g has recorded in excess of 200,000 overt digital attacks from hackers so far this year.

Concern was expressed that blended attacks - physical attacks synchronised with digital attacks - could materialize in 2003 or 2004. While this has not yet proved to be the case, the mi2g Intelligence Unit continues to express concern in this regard. We advocate continued vigilance and disaster recovery resilience especially within sectors such as financial services, transport, utilities, telecommunications and emergency services.

While it was predicted that the incidence of new viruses and worm species could show an overall decline in 2003, we recorded a near 50% rise in new malware. Our additional prediction that a few "killer viruses or worms" would cause enormous levels of damage and disruption came to be accurate as a result of the now notorious Sobig virus in particular, which caused a staggering $36.4 billion damage worldwide, the greatest amount that has ever been attributed to a single virus family. The top five most damaging malware families of all time have been particularly active in 2003 including Sobig, Klez ($19.1bn), Yaha ($11.18bn), Mimail ($9.64bn) and Swen ($9.59bn). Slammer ($1.05bn) was the fastest spreading worm to date, which was released in late January 2003.

2. It was anticipated that the USA would remain one of the most attacked countries followed by other NATO member countries and allies following the outbreak of the war with Iraq. Successful overt attacks against the US were conservatively estimated to reach 50,000 in 2003 whilst the actual number recorded to date already exceeds 63,000. Other NATO member countries attacked during the war with Iraq and in its aftermath include Germany (21,500+), UK (11,500+), Italy (9,000+), Canada (5,500+) and Netherlands (4,000+).

3. The mi2g Intelligence Unit predicted increasing solidarity and co-operation in 2003 between fundamentalist and anti-capitalist hacker groups with a united agenda against Western interests during the war with Iraq if it took place. As predicted, the Israel-Palestine conflict, the US/UK War on Terrorism as well as the India-Pakistan issue on Kashmir continued to bring disparate fundamentalist hacker groups closer to each other. Eastern European, Central Asian, Indonesian and Malaysian hacking groups also continued to assist the fundamentalist agenda.

4. A backlash on Arab world and other Islamic countries' online presence from Western vigilante hacker groups was predicted to occur in 2003, should pro-Islamic hacking and the consequent online damage of Western economic interests continue apace. This was seen in the form of the massive denial of service attack directed against the website of Al-Jazeera, an Arabic satellite news service based in Qatar, by a Western hacker in March 2003; and numerous small attacks targeting Islamic online presence.

5. Any destabilising impact of the war with Iraq on certain Islamic countries such as Saudi Arabia or Pakistan, was predicted to precipitate a sharp rise in the digital attacks occurring within those countries and across their neighbours. This has since been observed particularly in the case of neighbouring Turkey and Saudi Arabia. Pakistani hackers remain extremely active both against India as well as Western targets.

6. The proliferation of broadband internet services was predicted to result in small to medium size entities as well as individual users coming under more frequent hacker and virus attack - which was indeed the case; attacks on SMEs and households have occurred in far greater numbers in 2003 than on larger entities.

Unsuspecting individuals and small to medium size businesses with broadband access were also predicted to become both surrogates for and victims of increasingly targeted Distributed Denial of Service (DDoS) attacks. This has been manifest only recently when eastern European criminal syndicates increasingly began to adopt DDoS as a tool for running extortion rackets against online eCommerce businesses.

As predicted, identity theft, credit-card theft as well as customer/personnel data and software piracy has been seen to increase in the form of the frequent phishing scams that now proliferate on the internet.

7. Brazil is still the capital and main exporter for hacking activity worldwide in 2003 as predicted. The mi2g Intelligence Unit predicted that Brazilian hackers may soon begin to collaborate with anti-capitalist and fundamentalist groups throughout the world in 2003. There is no concrete evidence at present in regard to the extent to which this has been true, but Brazilian hackers are often seen promoting radical and anti-capitalist agendas.

Eastern Europe was predicted to remain the centre for virus and malicious code development as well as sophisticated hacker attacks by criminal syndicates seeking to carry out financial fraud through identity theft, credit card number theft and sale activity. While the origins of some of the most damaging malware in 2003 have not yet been established, the sudden escalation in phishing scams and anti-spam/spammer wars is attributed primarily to Eastern European countries, especially the Russian Federation.

8. 2003 was predicted to see the emergence of all-encompassing Internet Service Provider (ISP) solutions departing from the traditional component based internet or security services approach to a more complete model offering broadband internet access, mail and web hosting, on the fly virus detection, spam filtering, firewall cover as well as sophisticated intrusion detection and authentication services. This has so far proved to be elusive yet many ISPs are planning to offer a Messagelabs type model for safer and more secure integrated online services in 2004.

9. In 2003, people policies, legal issues as well as specific digital insurance cover were predicted to be increasingly seen as interdependent constituents of a more holistic approach to digital risk management strategy - alongside layered firewalls and anti-virus tool kits - by the boards of directors. Cyber risk insurance cover has been a rapidly growing industry in 2003 according to insurance brokers operating in the UK and US markets.

10. The connection between software vulnerabilities, digital attacks, economic damages and vendor liabilities has indeed become more obvious during 2003, with liability issues associated with large software vendors coming to the fore. The number of digital attacks reported in most parts of Africa, Central Asia, Greenland and Antarctica are still negligible, as predicted.

... and of course, our expectation that more "reputable" authors would emerge to write long public expositions debating what is right and wrong with mi2g Intelligence Unit research came true as well. We will continue to welcome all feedback and will be releasing our predictions for 2004 in the very near future.


Also read The 10 Digital Risk Predictions for 2004

Full details of the November 2003 report are available as of 1st December 2003 and can be ordered from here. (To view contents sample please click here).

Become a member of the Inner Sanctum to retrieve articles in full.

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy