The escalating pace of technology innovation is dizzying for consumers and businesses alike, as it opens up new opportunities, entertainment options and functionalities. But unfortunately, the dangers involved in an online, connected-everything universe are growing as well. Connected cars, biometrics and that little camera that comes standard on most laptops are all top targets for criminals—requiring a new approach to protection and law enforcement.
Security expert Marc Goodman author of a new book, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, explained in Episode 142 of the Geek’s Guide to the Galaxy podcast that the assumption must be that everything is hackable, and, that criminals are throwing everything they have at upping their technological attack vectors.
“The fact that narcos in Mexico are going to colleges of aeronautical engineering to hire drone engineers would be a surprise to people,” Goodman said. “Everything from AI to synthetic biology to robotics to big data to the Internet of Things, crooks and terrorists, rogue governments and corporations are all over it.”
He added, “It’s not people that are committing the crime anymore. Crime has become software. It’s crimeware.”
Adding insult to injury, user-friendly malware is making hacking a democratic activity. Take, for example, the case of Cassidy Wolf, Miss Teen America. Jared James Abrahams, 20, hacked into as many as 150 online accounts to extort young females into sending him nude photos and video, including Wolf. He surreptitiously used the webcam on her computer to spy on her and take pictures of her in various states of undress as she moved around her bedroom. She was tipped off only when she received an anonymous email from the perpetrator. Creepily, there was no sign that the webcam was in use, she said.
Abrahams used the nude photos to extort victims by threatening to publicly post the compromising photos or videos unless the victim either sent more, or engaged in a Skype (News - Alert) (News - Alert) session with him and did what he said for five minutes. At least two victims consented to the latter, just to keep their photos off the internet.
“[The FBI] found that the hack was carried out by one of her classmates,” said Goodman. “And this kid was not a master hacker. He just bought some cheap software online, sent her an email, she clicked on the wrong thing, and now he had installed keystroke loggers to her computer and took over her camera.”
And that’s just the tip of the iceberg. More sophisticated hacks are beginning to emerge as well, and that’s dovetailing with the rise of more and more Internet-enabled consumer goods.
Take, for instance, connected vehicles. BMW revealed in February that it patched a serious cybersecurity flaw that affects 2.2 million Rolls-Royce, Mini and BMW vehicles. The flaw would allow hackers to open doors remotely, and seize control of on-board systems for everything from the radio to air conditioning to online services. The vulnerability is found in the ConnectedDrive software, which uses mobile phone-like SIM cards to identify authorized drivers and allow them to activate door-locking mechanisms and a range of connected services, like real-time weather updates.
“Most folks don’t realize the extent to which the whole world is becoming a computer,” Goodman said. “All physical objects in our space are de-materializing and are being transformed into information technology… A [modern car] is a computer that we ride in, an elevator is a computer that we ride in, an airplane is a Solaris box that we fly in. All of these devices are hackable.”
A range of new security options have surfaced as a path to better protection. But even the most forward-thinking areas of security are not immune. Biometrics, for example, is a hot area that’s trickling down to consumers, thanks to Apple’s (News - Alert) (News - Alert) implementation of Touch ID fingerprint sensors in the iPhone (News - Alert). But it’s worth noting that a hack for Touch ID became available shortly after it was released.
Chaos Computer Club used everyday materials that many people already have to hand or can easily obtain. "First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting," explained CCC. “After that it is simply involves creating a mold of the fingerprint using pink latex milk or white woodglue; and applying it to the sensor.”
Similarly, 3D printing can make the process even simpler. Goodman noted that when the German Minister of Justice pushed to have biometric data on national ID cards, and all Germans fingerprinted, the CCC stole a glass that he had left behind at a restaurant, lifted his fingerprint off of the glass, took a photograph, brought it into Photoshop, cleaned it up, and then were able to replicate it on 3D printers, in latex.
Bottom line? The nature of criminal activity is changing, and so is law enforcement. Locking up individual criminals is no longer a realistic solution.
“My goal should not be to arrest every hacker in the world. My goal should be to create a self-healing immune system for the Internet, so that even if a disease or a virus gets created, it won’t be passed to me,” Goodman said.
He also noted that some organizations are reverting to an analog world to protect themselves. Kentucky Fried Chicken and McDonald’s for instance keep secret handwritten recipes locked in a vault.
“And after the Snowden revelations, the Kremlin, for their secret communications in Moscow, went back to typewriters—manual typewriters, not even electronic typewriters, but manual typewriters—to type things,” he said. “So I think you will see some stepping back away from this digital stuff.”