ON THE MORNING OF JAN-uary 11, the Federal Aviation Administration halted all airline takeoffs in the U.S. because of a glitch in a software system critical to flight safety. “There is no evidence of a cyberattack at this point,” said the White House press secretary. But would officials know it if it were? And would they disclose it to the public?
Those are fair questions, given that in 2015 it took the FAA two months to disclose that hackers had planted malware in one of its computer networks. The federal government keeps tight wraps on what it knows about threats to American businesses and individuals.
If hackers did indeed attack the FAA, it would be business as usual in the world of cybersecurity. On the same day, according to research firm Cybersecurity Ventures, hackers posted more than 120,000 records stolen from the San Francisco Bay Area transit system’s police department, took down the websites of eight major Danish banks, including the central bank, and broke into military and government agencies in several Southeast Asian and European countries. They also hijacked the cloud-computing platforms of Microsoft and Salesforce, making off with millions of dollars worth of untraceable cryptocurrency.
That’s just on January 11. Every day of the year, hackers unleash a stream of major attacks against government agencies, companies and individuals. Last year, they took down emergency services, threatened regional power grids, disrupted patient care at major hospitals, brought trains to a halt, took over radio stations to sow panic among listeners with a fake crisis, set off air-raid alerts and attacked U.S. nuclear scientists. So far this year, hackers broke into the communications firm Slack and stole email addresses of more than 200 million Twitter users.
More than 70 million Americans are hit by cybercrimes every year, according to computer security research firm Purplesec, often leaving people defrauded, spied on or publicly humiliated by having private photos and other information published online. More than two-thirds of small businesses have been victimized by hackers at least once. Some experts believe that just about every large organization and government agency has been breached—that’s how enormous and constant cyberattacks have become. Last year, 22 billion personal and business records were exposed in hacks on U.S. companies, according to a study by security consultancy Flashpoint—and that doesn’t include breaches that were unidentified or unreported, which may well represent the majority of hacks.
