‘Collect Now, Decrypt Later’: Why Hackers Are Waiting for Quantum Computers

Hackers are waiting for quantum computers to interrupt cryptography and allow for the mass decryption of years of stolen information. In preparation, they are collecting much more encrypted data than usual. Here’s what firms can do in response.

Why do hackers collect encrypted data?

Most organizations today encrypt many critical facets of their operations. In fact, about eight out of ten firms They are widely or partially using enterprise-level encryption for databases, archives, internal networks, and Internet communications. Ultimately, it is a cybersecurity best practice.

Alarmingly, cybersecurity experts are increasingly concerned that cybercriminals are stealing encrypted data and waiting for the right moment to attack. Their fears are not unfounded — greater than 70% of ransomware attacks Now steal information before it is encrypted.

The “collect now, decrypt later” phenomenon in cyberattacks—where attackers steal encrypted information in the hope that they are going to eventually have the opportunity to decrypt it—is becoming common. As quantum computing technology advances, it can turn into increasingly common.

How “Collect Now, Decrypt Later” Works

Quantum computers enable the “collect now, decrypt later” phenomenon. In the past, encryption was enough to discourage cybercriminals—or at least render their efforts pointless. Unfortunately, that is now not the case.

While classical computers operate using binary digits — bits — that may be either a one or a zero, their quantum counterparts use quantum bits called qubits. Qubits can exist in two states at once, due to superposition.

Because qubits may be a one and a zero, quantum computers’ processing speeds far outpace their competitors. Cybersecurity experts fear they are going to render modern ciphers—or encryption algorithms—useless, inspiring cyberattacks based on exfiltration.

Encryption turns data, also often called plaintext, into a string of random, unreadable code called ciphertext. Ciphers do this using complex mathematical formulas that are technically unimaginable to decode without a decryption key. But quantum computers are changing the game.

Although a classic computer it can take 300 trillion years or more to decrypt a 2,048-bit Rivest-Shamir-Adleman encryption, a quantum cipher could break it in a matter of seconds, due to qubits. The problem is that this technology is not widely available — only places like research institutions and government labs can afford it.

That doesn’t deter cybercriminals, as quantum computing technology could turn into available inside a decade. In preparation, they’re using cyberattacks to steal encrypted data and plan to decrypt it later.

What varieties of data do hackers collect?

Hackers typically steal personal information akin to names, addresses, job titles, and Social Security numbers because they permit identity theft. Account information—akin to corporate bank card numbers or checking account credentials—is also highly coveted.

With quantum computers, hackers can access anything that is encrypted—data storage systems are now not their primary goal. They can eavesdrop on the connection between a web browser and a server, read inter-program communications, or intercept information in transit.

HR, IT, and accounting departments still pose a high risk to the average business. However, in addition they have to fret about their infrastructure, vendors, and communication protocols. After all, each client-side and server-side encryption will soon turn into fair game.

Consequences of breaking encryption with qubits

Companies may not even realize they have been hit by a data breach until attackers use quantum computers to decrypt the stolen information. Business may proceed as usual until there is a sudden increase in account takeovers, identity theft, cyberattacks, and phishing attempts.

There will likely be legal issues and regulatory fines. Considering the average data breach increased from $4.35 million in 2022 to $4.45 million in 2023 — a 2.3% year-over-year increase — the financial losses might be catastrophic.

In the face of quantum computing, firms can now not rely on encryption to securely communicate, share files, store data, or use the cloud. Their databases, archives, digital signatures, Internet communications, hard drives, email, and internal networks will soon turn into vulnerable to attacks. Unless they find an alternative, they could have to revert to paper systems.

Why prepare when quantum technology has not arrived yet?

While the potential for crypto to be broken is alarming, policymakers shouldn’t panic. The average hacker won’t have the opportunity to get their hands on a quantum computer for years—perhaps even many years—because they are incredibly expensive, resource-intensive, fragile, and error-prone if not stored in ideal conditions.

To explain, these sensitive machines must maintain a temperature just above absolute zero (459 degrees Fahrenheit (exactly) because thermal noise can interfere with their operation.

But quantum computing technology is advancing every day. Scientists are attempting to make these computers smaller, easier to make use of, and more reliable. Soon, they may turn into reasonably priced enough for the average person to own one.

Already, a startup based in China recently unveiled the world’s first consumer-grade, wearable quantum computers. Triangulum — the costliest model — offers three qubit power for about $58,000. Two cheaper two-qubit versions cost lower than $10,000.

While these machines pale in comparison to the powerful computers found in research institutions and government-funded labs, they are proof that the world is not far from mass-scale quantum computing. In other words, policymakers must act now, relatively than wait until it’s too late.

Besides, the average hacker isn’t the one firms must worry about—well-funded groups pose a much larger threat. A world in which a nation-state or business competitor pays for quantum computers as a service to steal mental property, financial data, or trade secrets could soon turn into a reality.

What can businesses do to guard themselves?

There are several steps business leaders should take to organize for cryptography-breaking with quantum computers.

1. Adoption of post-quantum ciphers

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) plan to release a new edition soon post-quantum cryptographic standardsAgencies are using cutting-edge techniques to create codes that quantum computers can’t crack. Companies could be sensible to adopt them once they’re released.

2. Improve violation detection

Compromise indicators—signs that show a network or system has been compromised—can assist security professionals respond quickly to data breaches, potentially rendering data useless to attackers. For example, they will immediately change the passwords of all employees if they notice that hackers have stolen account credentials.

3. Use a VPN with quantum protection

A quantum-safe virtual private network (VPN) protects your data in transit, stopping exfiltration and eavesdropping. One expert says consumers should expect them soon, stating are in the testing phase from 2024. Companies should adopt such solutions correctly.

4. Transfer confidential data

Decision-makers should ask themselves whether the information bad actors steal will still be relevant once decrypted. They must also consider the worst-case scenario to know the level of risk. Based on that, they will determine whether to transfer sensitive data.

One option is to maneuver the data to a closely guarded or continually monitored paper storage system, which completely prevents cyberattacks. A more feasible solution is to store it on a local network unconnected to the public web, segmenting it with security and authorization controls.

Decision makers should start preparing now

While breaking quantum cryptography is still years—perhaps many years—away, it can be devastating when it does occur. Business leaders should start planning for post-quantum now to make sure they aren’t caught off guard.