What Does the Future of Cyber Crime Hold for You?

March 1, 2015

Irecently interviewed Marc Goodman, founder of the Future Crimes Institute and author of the recently published book “Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It.” In his book, Goodman sets forth with great precision the frightening extent to which current and emerging technologies are harming national and corporate security, putting people’s lives at risk, eroding privacy, and even altering our perceptions of reality.

Steven Chabinsky: We read a lot about stolen data. Do you think security will improve or are we going to live in a world without any secrets?

Marc Goodman: As I look out in the near term, five to 10 years from now, I see no scenario in which we experience fewer data leaks. The numbers speak for themselves. We are producing more and more exabytes and zettabytes of data in this world. We are storing all of that information in inherently insecure systems. A computer system has never been built that could not be hacked, and the bad guys know that. We’ve all heard much about the era of big data, which the world economic forum has called the “new oil.” It’s not just credit card or identity data either. Increasingly, there are new forms of identity and intellectual property theft emerging. Perhaps one of the fastest growing risks is medical cybercrime. Medical records have vastly more personal information than credit card data. We also are at increasing risk based on all the data we are freely giving away with phone apps and on social media sites, including our locations, family history, social graphs and purchase histories. Organized crime, foreign powers, corporate competitors and even terrorists are perfectly capable of amassing this information too and using it in real time against us.

Steven Chabinsky: Do you think there will be a rise in hackers altering data to the point where most everything is unreliable?

Marc Goodman: Absolutely. Right now we think of our data being stolen as the worst-case scenario. But the greater threat is having our data altered and corrupted without our knowledge. Data runs the world. Airplanes take off and ships at sea sail based upon weather data. Algorithms run global financial marketplaces that perform trades in microseconds, speeds faster than any human being could accomplish, and all based upon data. People turn left or right in their cars based upon GPS data that nobody questions. But here’s the dirty little secret. All of the information on the billions of blinking screens around our planet can be manipulated. We cannot afford to live in a world of “in screen we trust.”

Steven Chabinsky: Will destructive attacks begin to focus on the Internet of Things (IoT)?

Marc Goodman: Destructive attacks against the IoT have already begun. The gaming consoles used by our children have been hacked to spy on them. Refrigerators and DVRs have been subverted via malware to join botnet armies, relaying spam, participating in DDoS attacks and even mining for Bitcoins. Organized crime groups view the computing power of the IoT as a tool, and increasingly will use it to further their illicit activities. They also will create new targeted attacks against specific devices. For example, there are hundreds of thousands of implantable medical devices in the United States that are online and connect to the Internet, ranging from pacemakers to diabetic insulin pumps to cochlear implants. When your heart is online for your doctor to access, it is also available to the kid next door. Though it sounds dramatic and overstated, research at the University of Massachusetts has proved these types of attacks against implantable medical devices are possible. For the first time in human history, the human body itself has become susceptible to cyber attacks. Unless we build in much more robust safety and security systems into the IoT and its related protocols, the Internet of Things will be nothing more than the Internet of Hacked Things.

Steven Chabinsky: Governments don’t seem to be sufficiently organized, resourced, and aligned to tackle our current and emerging technology risks. What’s your take?

Marc Goodman: Government is indeed playing catch up and frankly falling far behind in our efforts to protect and secure the critical information infrastructure that runs the world. Most government efforts to date have been nothing more than a Band-Aid approach. We need a Manhattan Project for Cyber Security. Grand thinking created the Internet, small thinking won’t save it. The 18th century institutions around us that form the backbone of our government cannot keep pace with the exponential nature of technology – a trend that could lead to a crisis in governance. This isn’t about blame, of course. It’s about building a more secure world and future for ourselves and for our children. Doing so will require a fundamental change to the operating system of our society. We must vastly ramp up citizen involvement and even crowdsource elements of our own security. The time to start having that conversation is now.

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.