ExpressVPN's 6 big data security predictions for 2016: Which ones came true?

In January, ExpressVPN made some predictions about what might happen with information security during 2016.

Were the predictions correct? Let’s review and see what actually happened.

#1: Hackers will target transportation and electricity infrastructure

Did ExpressVPN get it right? Somewhat

Shortly after the security soothsaying article was published, Israel’s Power Authority was hit by ransomware. Some computer systems had to remain offline for two days before services could be restored. Fortunately, electricity continued to flow as usual during the attack.

In March, Verizon publicized a “data breach” at a Water Utility in the United States, though the exact location remains classified. Attackers were able to remotely change the concentrations of chemicals used to treat the water, highlighting the imminent danger of such attacks to our lives.

The biggest news, though, came in the same month, when highly sophisticated attackers managed to take down the Ukrainian power grid. It was the first time hackers had been able to take down a power grid, and, to date, remains the most stunning and frightening example of a virtual attack on physical infrastructure.

In November, the San Francisco light rail was unable to charge commuters their fare after ransomware took out their computer systems. The attackers, however, denied that they specifically targeted the system.

#2: The Internet of Things will prove to be disastrous

Did ExpressVPN get it right? Spot on

As ExpressVPN was making this prediction, news of consumer electronics giant VTech breach echoed through our office.

The notorious Internet of Things search engine, Shodan, added a section that allowed users to find vulnerable webcams. The cams allowed anyone to peek into the back rooms of banks and infants’ beds alike. Some of the images later made it into an art exhibition at the Tate Modern in London.

A year after researchers proved they can remote control a driving Jeep from anywhere, a Nissan showed similar vulnerabilities, although not as severe.

The two most worrying trends, however, came not from everyday hackers, but from nation states. There’s increasing concern about the ability of motion sensors, web cameras, and air quality tools to spy on us on behalf of large adversaries. Such devices can tell when we are at home and what we are doing. This information can then be sent back to the manufacturer, where we have little control over who has access to it.

The second trend is that of networked devices being used as weapons against the internet. In October, a botnet of millions of web cameras and Wi-Fi routers knocked out the DNS provider, Dyn, taking down dozens of high profile websites with it.

The S in the IoT stands for Security.

— Oleg Šelajev 🇪🇪🧊🐳 (@shelajev) November 10, 2016

#3: Someone will hack a big bank

Did ExpressVPN get it right? Spot on

2016 was the year of the great digital bank heist. Standing out was the hack on the interbank settlement network, SWIFT. The biggest victim was the Bangladesh central bank, which had US$100 million stolen, of which only $20 million was recovered. The bank was lucky, almost 800 million of valid transactions were created using the compromised encryption keys, but partner banks blocked the majority of them.

Later, reports emerged that a bank in Ecuador had been hacked for over US$12 million. A Ukrainian bank, also in 2016, was defrauded US$10 million through a similar attack.

There was also a noteworthy attack on a smaller bank. In November, hackers got into the systems of a Hong Kong-owned Liechtenstein bank. No money was stolen. Instead, account information was used to blackmail account holders. The hackers threatened to expose the accounts to spouses, anti-corruption, and tax agencies unless they received 10% of the balances.

Bitcoin exchanges also faced successful thefts. The popular exchange Bitfinex had US$65 million worth of the cryptocurrency stolen. Shortly after, an attacker managed to exploit a bug in the code of smart contract platform, The DAO. Millions of dollars worth of digital tokens were stolen, and the remaining quickly lost value in the resulting sell-off.

The precise details of all of the above attacks remain a mystery to this day, and not a single person has been convicted.

#4: Encryption will become the standard on everything

Did ExpressVPN get it right? Spot on

While Google’s transparency report does not show a particular rise in encrypted connections, the web giant’s browser will soon begin shaming websites that don’t offer secure and private connections by marking them as insecure.

Meanwhile, advanced encryption tools for the masses have become a reality through Whatsapp’s inclusion of the Signal Protocol. This is particularly exciting as it makes private communications the default for 1 billion users globally. Many of which live in countries with excessive surveillance and censorship. Competitors, such as Google Allo and Facebook Messenger have also started to test encrypted conversations, though are hesitant to make them defaults in their platforms.

The last big positive news in the fight for encryption to become the standard came in April when the FBI withdrew their court case against Apple. The “court case that will define everything” was a public and intense battle over whether the FBI had the right to force Apple to compromise the security of its own products.

#5: Mesh networks will enter the spotlight and become mainstream

Did ExpressVPN get it right? Dead wrong

Contrary to what ExpressVPN hoped and believed, mesh networks were not a big thing in 2016, at all. There was some buzz on the topic at the beginning of the year, especially around experimental networks in New York and Philadelphia. But news of emerging and established mesh networks were sparse throughout the year, though Facebook’s new technology got everyone hoping.

#6 We will have another big surveillance whistleblower

Did ExpressVPN get it right? Dead wrong

Leaks were certainly a big subject during the U.S. Presidential Election, we did not learn much new. Presumably, though, there are growing surveillance apparatus built by our governments in the name of harmony and protection.

In April the Panama Leaks taught us about the secret wealth of the world’s rich and powerful. It was certainly interesting, although it begged the question: What do the Panama Papers mean for financial privacy?

Maybe 2016 wasn't all that bad, after all

2016 wasn’t all that bad. And ExpressVPN’s predictions weren’t all that wrong. Encryption, bank attacks, and the Internet of Things were big topics this year, just as expected. On surveillance whistleblowers, mesh networks, and infrastructure hacks, though, ExpressVPN fell a little short of the mark.

What do you think about the security news of 2016? Are there any big stories that flew under the radar? What’s going to happen next year? Share your thoughts in the comments below!