by Marc Goodman
Copyright © 2015 Marc Goodman
All rights reserved. Published in the United States by Doubleday, a division of Random House LLC, New York, and in Canada by Random House of Canada Limited, Toronto, Penguin Random House companies.
www.doubleday.com
DOUBLEDAY and the portrayal of an anchor with a dolphin are registered trademarks of Random House, Inc.
Jacket design by Pete Garceau
Jacket art: camera lens © PixelEmbargo/iStock/Thinkstock
phone © yganko/iStock/Thinkstock
Library of Congress Cataloging-in-Publication Data
Goodman, Marc.
Future crimes : everything is connected, everyone is vulnerable and what we can do about it /
Marc Goodman.
pages cm
Includes bibliographical references.
ISBN 978-0-385-53900-5 (hardcover) ISBN 978-0-385-53901-2 (eBook)
1. Computer crimes—Prevention. 2. Computer security. 3. Data protection. 4. Technological innovations—Moral and ethical aspects. I. Title.
HV6773.G66 2015
364.16′8—dc23 2014038053
v3.1
To all my teachers,
who have taught me so much
CONTENTS
Cover
Title Page
Copyright
Dedication
PROLOGUE: THE IRRATIONAL OPTIMIST: HOW I GOT THIS WAY
PART ONE
A GATHERING STORM
CHAPTER 1: CONNECTED, DEPENDENT, AND VULNERABLE
Progress and Peril in a Connected World
The World Is Flat (and Wide Open)
The Good Old Days of Cyber Crime
The Malware Explosion
The Security Illusion
CHAPTER 2: SYSTEM CRASH
A Vulnerable Global Information Grid
WHOIS It?
CHAPTER 3: MOORE’S OUTLAWS
The World of Exponentials
The Crime Singularity
Control the Code, Control the World
CHAPTER 4: YOU’RE NOT THE CUSTOMER, YOU’RE THE PRODUCT
Our Growing Digital World—What They Never Told You
The Social Network and Its Inventory—You
You’re Leaking—How They Do It
The Most Expensive Things in Life Are Free
Terms and Conditions Apply (Against You)
Mobile Me
Pilfering Your Data? There’s an App for That
Location, Location, Location
CHAPTER 5: THE SURVEILLANCE ECONOMY
You Thought Hackers Were Bad? Meet the Data Brokers
Analyzing You
But I’ve Got Nothing to Hide
Privacy Risks and Other Unpleasant Surprises
Opening Pandora’s Virtual Box
Knowledge Is Power, Code Is King, and Orwell Was Right
CHAPTER 6: BIG DATA, BIG RISK
Data Is the New Oil
Bad Stewards, Good Victims, or Both?
Data Brokers Are Poor Stewards of Your Data Too
Social Networking Ills
Illicit Data: The Lifeblood of Identity Theft
Stalkers, Bullies, and Exes—Oh My!
Online Threats to Minors
Haters Gonna Hate
Burglary 2.0
Targeted Scams and Targeted Killings
Counterintelligence Implications of Leaked Government Data
So No Online Profile Is Better, Right?
The Spy Who Liked Me
CHAPTER 7: I.T. PHONES HOME
Mobile Phone Operating System Insecurity
Mind the App
Why Does My Flashlight App Need Access to My Contacts?
Mobile Device and Network Threats
Hacking Mobile Payments
Your Location Becomes the Scene of the Crime
Cloudy Weather Ahead
Big Data, Big Brother
The Darker Side of Big Data
CHAPTER 8: IN SCREEN WE TRUST
Life in a Mediated World
Does Not Compute
I Thought You Were My Friend
Fatal System Error
When Seeing Ain’t Believing
Screen of the Crime
Stock Screeners
CHAPTER 9: MO’ SCREENS, MO’ PROBLEMS
Call Screening
Lost in Space: GPS Hacks
When General Tso Attacks
Screen Play: Hacking Critical Infrastructures for Fun and Mayhem
Smoke Screens and the Fog of War
Control, Alt, Deceit
PART TWO
THE FUTURE OF CRIME
CHAPTER 10: CRIME, INC.
The Cyber Sopranos
Crime, Inc.—the Org Chart
The Lean (Criminal) Start-Up
A Sophisticated Matrix of Crime
Honor Among Thieves: The Criminal Code of Ethics
Crime U
Innovation from the Underworld
From Crowdsourcing to Crime Sourcing
CHAPTER 11: INSIDE THE DIGITAL UNDERGROUND
Passport to the Dark Web
A Journey into the Abyss
Dark Coins
Crime as a Service
Crimeazon.com
The Malware-Industrial Complex
Net of the Living Dead: When Botnet Zombies Attack
Committing Crime Automagically
CHAPTER 12: WHEN ALL THINGS ARE HACKABLE
Where the Wireless Things Are
Imagining the Internet of Things
Connecting Everything—Insecurely
Obliterating Privacy
Hacking Hardware
More Connections, More Vulnerabilities
CHAPTER 13: HOME HACKED HOME
Candid Camera
From Carjacking to Car Hacking
Home Hacked Home
What the Outlet Knows
Business Attacks and Building Hacks
The Smart City Operating System
CHAPTER 14: HACKING YOU
“We Are All Cyborgs Now”
More Than Meets the Eye: The World of Wearable Computing
You’re Breaking My Heart: The Dangers of Implantable Computers
When Steve Austin and Jaime Sommers Get a Virus
Identity Crisis: Hacking Biometrics
Fingers Crossed (and Hacked)
Your Password? It’s Written All Over Your Face
On Your Best Behavior
Augmenting Reality
The Rise of Homo virtualis
CHAPTER 15: RISE OF THE MACHINES: WHEN CYBER CRIME GOES 3-D
We, Robot
The Military-Industrial (Robotic) Complex
A Robot in Every Home and Office
Humans Need Not Apply
Robot Rights, Law, Ethics, and Privacy
Danger, Will Robinson
Hacking Robots
Game of Drones
Robots Behaving Badly
Attack of the Drones
The Future of Robotics and Autonomous Machines
Printing Crime: When Gutenberg Meets Gotti
CHAPTER 16: NEXT-GENERATION SECURITY THREATS: WHY CYBER WAS ONLY THE BEGINNING
Nearly Intelligent
Talk to My Agent
Black-Box Algorithms and the Fallacy of Math Neutrality
Al-gorithm Capone and His AI Crime Bots
When Watson Turns to a Life of Crime
Man’s Last Invention: Artificial General Intelligence
The AI-pocalypse
How to Build a Brain
Tapping Into Genius: Brain-Computer Interface
Mind Reading, Brain Warrants, and Neuro-hackers
Biology Is Information Technology
Bio-computers and DNA Hard Drives
Jurassic Pa
rk for Reals
Invasion of the Bio-snatchers: Genetic Privacy, Bioethics, and DNA Stalkers
Bio-cartels and New Opiates for the Masses
Hacking the Software of Life: Bio-crime and Bioterrorism
The Final Frontier: Space, Nano, and Quantum
PART THREE
SURVIVING PROGRESS
CHAPTER 17: SURVIVING PROGRESS
Killer Apps: Bad Software and Its Consequences
Software Damages
Reducing Data Pollution and Reclaiming Privacy
Kill the Password
Encryption by Default
Taking a Byte out of Cyber Crime: Education Is Essential
The Human Factor: The Forgotten Weak Link
Bringing Human-Centered Design to Security
Mother (Nature) Knows Best: Building an Immune System for the Internet
Policing the Twenty-First Century
Practicing Safe Techs: The Need for Good Cyber Hygiene
The Cyber CDC: The World Health Organization for a Connected Planet
CHAPTER 18: THE WAY FORWARD
Ghosts in the Machine
Building Resilience: Automating Defenses and Scaling for Good
Reinventing Government: Jump-Starting Innovation
Meaningful Public-Private Partnership
We the People
Gaming the System
Eye on the Prize: Incentive Competitions for Global Security
Getting Serious: A Manhattan Project for Cyber
Final Thoughts
Appendix: Everything’s Connected, Everyone’s Vulnerable:
Here’s What You Can Do About It
Acknowledgments
Notes
PROLOGUE
The Irrational Optimist:
How I Got This Way
My entrée into the world of high-tech crime began innocuously in 1995 while working as a twenty-eight-year-old investigator and sergeant at the LAPD’s famed Parker Center police headquarters. One day, my lieutenant bellowed my name across the crowded and bustling detective squad room: “Gooooooodmaaaan, get your ass over here!” I presumed that I was in trouble, but instead the lieutenant asked me the question that would change my life: “Do you know how to spell-check in WordPerfect?”
“Sure, boss, just hit Ctrl+F2,” I replied.
He grinned and said, “I knew you were the right guy for this case.”
Thus began my career in high-tech policing with my very first computer crime case. Knowing how to spell-check in WordPerfect made me among the techno-elite of cops in the early 1990s. Since that case, I have been a keen observer and student not just of technology but of its illicit use. Though I recognize the harm and destruction wrought by the misapplication of technology, I continue to be fascinated by the clever and innovative methods criminals use to achieve their objectives.
Criminals perpetually update their techniques to incorporate the very latest emerging technologies into their modi operandi. They have evolved well beyond the days when they were the first on the street carrying pagers and using five-pound cell phones to send coded messages to one another. Today, they are building their own nationwide encrypted cellular radio telecommunications systems, like those employed by the narco-cartels of Mexico. Consider for a moment the sophistication required to establish such a fully functioning encrypted nationwide communications network—an amazing feat, especially because many Americans still can’t get a decent mobile phone signal most of the time.
Organized crime groups have established themselves as early adopters of technology. Criminals embraced the online world long before the police ever contemplated it, and they have outpaced authorities ever since. News headlines are replete with stories of 100 million accounts hacked here and $50 million stolen online there. The progression of these crimes is striking, and they are accelerating in very much the wrong direction.
The subject of this book isn’t just what was going on yesterday or even what is happening today. Nor is its focus how long your password should be. It is about where we’re going tomorrow. In my own research and investigations, first with the LAPD and later working with federal and international law enforcement organizations, I have uncovered criminals who have progressed well beyond today’s cyber crime into new and emerging fields of technology such as robotics, virtual reality, artificial intelligence, 3-D printing, and synthetic biology. In most instances, my law enforcement and government colleagues around the world are unaware of these looming technological developments, let alone their growing exploitation by both organized crime and terrorist organizations. As somebody who has dedicated his life to public safety and public service, I am deeply concerned by the trends I observe all around me.
Though some may accuse me of fearmongering or being a hard-core pessimist, I am neither. Rather, I am optimistic—perhaps “irrationally optimistic”—given what I’ve seen about our future. To be clear, I am no neo-Luddite. Nor am I foolish enough to suggest technology is the source of all the ills in our world. Quite the opposite: I believe in the tremendous power of technology to be a driving force for good. It should also be noted that there are many ways it can and has been used to protect individuals and society. But technology has always been a double-edged sword. My real-world experiences with criminals and terrorists on six continents has made it clear to me that the forces of evil will not hesitate to exploit these emerging technologies and deploy them against the masses. Though the evidence and my gut tell me there are significant bumps in the road ahead—ones that government and industry are not dedicating sufficient resources to address or combat—I want to believe in the techno-utopia promised to us by Silicon Valley.
This book is the story of the society we are building with our technological tools and how these very same implements can be used against us. The more we plug our devices and our lives into the global information grid—whether via mobile phones, social networks, elevators, or self-driving cars—the more vulnerable we become to those who know how the underlying technologies work and how to exploit them to their advantage and to the detriment of the common man. Simply stated, when everything is connected, everyone is vulnerable. The technology we routinely accept into our lives with little or no self-reflection or examination may very well come back to bite us.
By shedding light on the very latest in criminal and terrorist tradecraft, I hope to kick off a vibrant and long-overdue discussion among my friends and colleagues in policing and national security. Though most are already overburdened with enough traditional crime, they must confront, sooner rather than later, the exponentially advancing technologies that will arrive as a tsunami of threats capable of destabilizing our common global security.
More important, as somebody who long ago swore to “protect and serve” others, I want to ensure that members of the general public are armed with the facts needed to protect themselves, their families, their companies, and their communities against the horde of emerging threats that will be here much more quickly than anticipated. Limiting this knowledge to “insiders” working in government, security, and Silicon Valley simply won’t do.
Throughout my tenure in public service working with organizations that include the LAPD, the FBI, the U.S. Secret Service, and Interpol, it became increasingly obvious to me that criminals and terrorists were out-innovating police forces around the world and that the “good guys” were rapidly falling further and further behind. On a quest for deeper impact against the growing legions of criminals abusing cutting-edge technologies, I left government and moved to Silicon Valley to further educate myself on what would come next.
In California, I immersed myself in a community of technological innovators in order to decipher how their latest scientific discoveries would affect the common man. I visited the scions of Silicon Valley and made friends within the highly talented San Francisco Bay Area start-up community. I was invited to join the faculty of Singularity University, an amazing institution housed on the campus of NASA’s Ames Research Center,
where I worked with a brilliant array of astronauts, roboticists, data scientists, computer engineers, and synthetic biologists. These pioneering men and women have the ability to see beyond today’s world, unlocking the tremendous potential of technology to confront the grandest challenges facing humanity.
But many of these Silicon Valley entrepreneurs hard at work creating our technological future pay precious little attention to the public policy, legal, ethical, and security risks that their creations pose to the rest of society. Yet my own experience putting handcuffs on criminals and working with police forces in more than seventy countries has yielded a different outlook on the potential abuses of the emerging technologies that innocent people everywhere welcome into their daily lives—generally without question.
To that end, I founded the Future Crimes Institute. The goal was to use my own experiences as a street cop, investigator, international counterterrorism analyst, and, most recently, Silicon Valley insider to catalyze a community of like-minded experts to address the negative as well as the positive implications of rapidly evolving technology.
As I look toward the future, I am increasingly concerned about the ubiquity of computing in our lives and how our utter dependence on it is leaving us vulnerable in ways that very few of us can even begin to comprehend. The current systemic complexities and interdependencies are great and growing all the time. Yet there are individuals and groups who are rapidly making sense of them and innovating in real time, to the detriment of us all.
This is their story—the story of organized criminals, hackers, rogue governments, substate actors, and terrorists, all competing to control the latest technologies for their own benefit.
The techno-utopia promised by Silicon Valley may be possible, but it will not magically appear on its own. It will take tremendous intention, effort, and struggle on the part of citizens, governments, corporations, and NGOs to ensure that it comes to fruition. A new battle has begun between those who will leverage technology to benefit humanity and those who prefer to subvert these tools, regardless of the harm caused to others. This is the battle for the soul of technology and its future. It rages on in the background, mostly sub rosa, heretofore well hidden from the average citizen.
