Future Crimes: Tech Threats From Hackers, China, Google And Facebook
Marc Goodman, an international security expert, was one of the most impressive speakers at Money 20/20 in Las Vegas last year, and now his book Future Crimes is out with an astounding list of ways that bad guys are after money, business secrets, proprietary technology and government information. He also goes into some alarming detail of how “free” software and services, from Gmail to Facebook, uses the personal information of users to make money from advertisers and companies that want to sell.
Future Crimes should be on the reading lists of bank risk and security executives, not to mention people concerned about privacy, but they may have different sections they want to read since the book has several areas of focus.
The bad news, which never goes away, is that the bad guys are always two to three generations ahead…sort of like static military outposts that can always be hit or bypassed, by guerrillas.
Some of the book is an appeal to common sense. Mat Honan, an editor at Wired, saw much of his life’s records wiped out by a hacker who destroyed all his files, including his baby pictures. It was a Wired cover and then forgotten, writes Goodman. It also raises the question why a Wired editor wouldn’t have backed up his files or maybe even printed some of the photos.
Defenses are feeble — Kaspersky Labs reported 200,000 new malware samples per day in 2013, anti-virus software catches about five percent, and Verizon says the average time to detect a data breach is 210 days.
So is the Internet of Things (IoT) which promises to connect one trillion devices, something to be wished for or something to avoid? Goodman notes how much of modern life is dependent on internet connectivity — the electrical grid, pipelines, stock markets, ATMs, point of sale terminals, bank accounts and the water we rely on. Alarming that these points were made in a 2010 book, Cyber War, by Richard A. Clarke, a security guru for Reagan, two Bushes and Clinton and yet not a lot seems to have been done to improve protection.
Goodman says that after the 1993 attack on the World Trade Center, it took US experts a year to break the code on computers the attackers used so they could learn about plans to blow up airlines.
Commercial/military/national security threats are rampant. Goodman says the Chinese broke into Lockheed and stole the plans for the $300 billion Joint Strike Fighter project, saving it billions in research and simultaneously showing it how the US thinks about warfare. He figures China is the source of 41 percent of all cyber attacks in the US.
While Russia and China are obvious threats, the corporations compiling and selling information may be the more immediate threats to individuals. Nielsen scraped information at the Patients Like Me site that seemed to be a safe support place for people with injuries or illnesses and added it to information from 130 million blogs, 8,000 message boards and Twitter and Facebook while the site itself was selling user information. And while it claimed the information was anonymized, companies like PeekYou have demonstrated an ability to identify real names from supposed anonymous data, says Goodman. The not so hidden secret of “free” services like Google is that their real customers are advertisers and their users are the product that Google sells.
And Google’s terms of service say it owns any information created on Google Docs, so one hopes JK Rowling didn’t use it for her Harry Potter series. Mobile phones provide detailed information of where you are and your spending, and Facebook can turn on your phone’s camera and read your text messages under its terms of service, according to Goodman.
The data brokerage business, led by Acxiom, with earnings of $156 billion annually, is twice the size of the US government intelligence budget according to Goodman and entirely unregulated. Al Gore at SXSW in 2013 called this the “stalker economy.” One category brokers sell — gullible pensioners.
After Sprint gave police a portal to ping to locate mobile phones, they used it 8 million times in one year.
The scope of the issues are huge. Facebook says that 11 percent of its accounts are fake, Acxiom figures 30 percent of its data may be inaccurate and 25 percent of consumer credit reports are wrong.
“We live in a world of screens and have no idea how they work,” Goodman writes, noting that the GPS at Newark Airport was intermittently shut down by a truck driver who was using a $50 jammer to avoid paying EZ Pass tolls on the nearby New Jersey Turnpike. “These systems are wildly insecure and we are adopting them into our everyday lives.”
Some of the factoids are astounding. Russian customs officials checked tea kettles from China and found they had embedded WiFi and could send information back to China. Nanny cams are easily hacked as are most Android phones, although they’d be 70 percent more secure if users updated their operating systems. OnStar recording can be turned on remotely, as the FBI has been doing in mob investigations and the most hackable cars are the Jeep Cherokee, the Cadillac Escalade, the Infiniti Q50 and the Toyota Prius. The US Chamber of Commerce found that a thermostat had been communicating with China, smart meters can tell which TV shows you are watching, home alarms are an easy target for hackers and 75 percent of computer systems can be penetrated in minutes, only 15 percent require more than a few hours.
Goodman has some suggestions, and a number require shifts in public policy. We penalize food producers for poor products, why not software vendors? Make them pay more for bug reporting so hard-working geeks have an incentive to report the problems rather than sell the vulnerabilities. Make encryption the default for data being stored, something Target didn’t do, kill passwords and use two-factor authentication, and follow Europe’s lead in protecting individual privacy — something sure to run up against massive corporate opposition. A 2014 HP report said that 90 percent of connected devices collect personal data, while MIT researcher Ethan Zuckerman said that “Advertising is the original sin of the Web.”
Educate people on how these devices work – IBM says 95 percent of security incidents involved human error, or as some computer folks call it — PICNIC — Problem In Char, Not In Computer.
Key government decision makers are often woefully out of touch. Janet Napolitano, who was head of Homeland Security, didn’t use email, and the Supreme Court apparently doesn’t either. The Supreme Court can at least argue it’s an 18th century institution. Goodman notes that we will never solve 21st century problems with 19th century institutions, but that’s probably an issue for a different book.
“We can no longer neglect the public policy, legal, ethical, and social implications of the rapidly emerging technological tools we are developing; we are morally responsible for our inventions.”
This article was written by Tom Groenfeldt from Forbes and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.