Future Crimes
Page 6
While living in Moscow, Russia, under temporary asylum status, Snowden continued to catalog U.S. offensive cyber and technical operations, including the tapping of the personal mobile phones belonging to world leaders ranging from the German chancellor Angela Merkel to the Brazilian president Dilma Rousseff. Moreover, Snowden divulged that millions of citizens in ally nations such as France and Germany were having their communications recorded, to the tune of 120 billion calls a month around the world. Snowden’s leaks also served to limit international sympathy for U.S. complaints regarding intensive cyber operations by the People’s Republic of China, especially when he revealed that America too had launched cyber operations against Chinese targets, including China Mobile and the prestigious Tsinghua University. Depending on one’s political beliefs and point of view, Snowden is either an enemy of the state, a hero, a whistle-blower, a dissident, a traitor, or a patriot. Most feel strongly one way or another. Regardless of how history judges Snowden, his disclosures, if true, paint a highly detailed portrait of how governments are entering the cyber fray.
An analysis of the threat-actor landscape in cyberspace reveals hacktivists, criminals, proxy warriors, terrorists, and rogue governments, all fully capable of exploiting the insecurity of the technological infrastructure of our world. Our financial data, identity, children’s baby pictures, and power grids are all vulnerable and at risk, easy targets for the picking. Yet for as ubiquitous as technology seems in our lives today, the exponential rate of growth means that just over the horizon is a tidal wave of technological advances that will leave our heads spinning. Not only will the breadth and depth of our connection to the global information grid vastly expand, but new technologies heretofore relegated to the realm of science fiction will soon emerge as science fact. In short, we ain’t seen nothing yet.
CHAPTER 3
Moore’s Outlaws
The future is already here.
It’s just not evenly distributed yet.
WILLIAM GIBSON, NEUROMANCER
To learn the mathematical power of exponents and exponential curves, schoolchildren in France were asked to imagine a pond with a small water lily leaf growing on it. The leaf, they were told, would double in size every day and would take thirty days to cover the entire pond. If the lily did cover the pond, it would smother and kill all other forms of life in the water. The question then posed to the children was, on what day will the lily cover half the pond?
At first, there wasn’t much to worry about. The lily grew at a rate that was barely noticeable, reaching only one-tenth of 1 percent of the pond covered by day 20. Just 0.1 percent. Five days later, it had reached 3 percent, but, still relatively unconcerned, the children let the lily continue to grow. Until suddenly, at day 29, the lily covered half the pond. By then, there was preciously little time to save the pond, which was strangled by the lily the very next day. The twenty-ninth day can often seem just like any other day, but given the nature of exponentials, the pond is already half-choked to death.
The lessons of the pond are that the magical nature of exponential growth can sneak up on us very, very quickly and that our continued linear thinking may come at our own peril.
The World of Exponentials
In his book The Singularity Is Near, the futurist Ray Kurzweil describes the exponential nature of the technological world around us and introduces the concept of what he calls the “knee of an exponential curve.” The knee of the curve is an inflection point in time at which an exponential trend becomes truly noticeable. Shortly thereafter, however, the trend line becomes explosive and appears essentially vertical as the mathematical impact of an exponential growth curve is felt. Malcolm Gladwell might describe this phenomenon as a “tipping point” wherein the sum of many small things drives toward making a notable massive difference in outcomes. Given the exponential nature of technology and its omnipresence in our life, there is overwhelming evidence that we are rapidly approaching such an inflection point. The question is, will we be tipping good or breaking bad?
According to the International Telecommunication Union, there were a mere 360 million people online in the year 2000. Though it took nearly forty years to develop, by 2005 the global community that is the Internet reached its first 1 billion members. The second billion were added just six years later, achieving the milestone in March 2011. The greatest growth has been in the developing world, with Asia and Africa experiencing an 841 percent and a whopping 3,606 percent rocketing climb, respectively, since 2000. And while half the world regrettably does not yet have access to the Internet today, Google’s executive chairman, Eric Schmidt, has boldly predicted that by 2020 everybody in the world will be online.
The relentless pace of these changes and the ever-expanding presence of technology in our lives have been catalyzed through an axiom of technology known as Moore’s law. The concept was named after Gordon Moore, the former chairman of the Intel Corporation, who in 1965 famously predicted that the number of transistors per square inch on an integrated circuit would double every year into the future. This principle, later revised to a doubling every eighteen months to two years, is referred to as Moore’s law and is now commonly applied more broadly to the power and capabilities of all circuit-based technologies. As a result, an increasing spectrum of emerging scientific discovery, everything from biotechnology to robotics, is governed by Moore’s law and its consequences. Moore’s law also has implications beyond science, ranging from geopolitics to economics as every domain of human existence is increasingly touched by technology. Importantly, the implications of Moore’s law can have both positive and negative impacts on our world.
It is the persistent doubling of computer processing power stipulated in Moore’s law that makes it so deeply significant. It means that all computer-based technologies are exponential in their growth curves—not linear. In other words, these technologies benefit not from the power of mere addition but from multiplication. It is the difference between 1, 2, 3, 4, 5, 6, 7 and 2, 4, 8, 16, 32, 64, 128. The more the linear versus exponential trend line continues, the more stark and shocking the results. To put the concept into perspective, taking thirty steps linearly, one might walk across the living room. But taking thirty steps exponentially—doubling the distance with each successive step—would be the equivalent of traveling the distance from earth to the moon. The fact that today’s technologies are exponential in their growth curves, not linear, is absolutely fundamental to understanding the next phase of human evolution. We are now living in exponential times.
As information technologies continue to double in their price performance, capacity, and bandwidth, amazing things become possible. Take, for example, the iPhone that hundreds of millions of users carry in their pockets today. Incredibly, it literally has more computer processing power than that which was available to all of NASA during the Apollo 11 moon landing forty years ago. The modern smart phone is more than “a million times cheaper and a thousand times faster than a supercomputer of the ’70s.” As a result of mathematical repercussions of exponentials and Moore’s law, “we won’t experience a hundred years of progress in the twenty-first century; it will be more like twenty thousand years of progress (at today’s rate).”
Given the exponential pace of change in computer processing power and sophistication, it should be obvious that in the very near future computers will become profoundly capable. Ray Kurzweil describes the constant doubling of computing’s price performance and power in his “law of accelerating returns.” He predicts a point in time where a technological singularity will take place—that is, a moment in time where computing progress is so rapid it outpaces mankind’s ability to comprehend it and machine intelligence will exceed human intelligence. Whether or not that day eventually comes (Kurzweil predicts the year to be 2045), one thing is clear: computing power is growing exponentially, and our ability to understand the global information grid and map its vast interconnections is waning.
It’s not just your imagination, technology
is indeed progressing faster than most of us can keep up, and it’s not your fault. Human beings heretofore have developed evolutionally to think in a linear fashion; it’s been coded into our brain since the dawn of mankind. From our days on the plains of the Serengeti, we’ve intuitively done linear calculations in our heads to determine the best path of escape from a charging lion. But that is not the world in which we live today. Kurzweil believes that the coming years will bring a “technological change so rapid and profound it represents a rupture in the fabric of human history.” Given this ever-accelerating rate of change and our journey from building-sized computers to iPhones in the past forty years, what might the next forty years bring? Much more good, and potentially much more evil, than most of us could possibly imagine.
Ours is not a simple binary story of whether technology is good or evil but rather one of accelerating returns. How can we remain safe and secure in a world that is moving so quickly? We are building a civilization that is deeply interconnected yet technologically insecure at the same time. In other words, we are constructing a world that is wired for crime and a panoply of other security threats. Mounting evidence demonstrates these dangers and introduces us to a newly emerging class of elite criminals, terrorists, and foreign governments that can exploit these technologies at will. The result? We now find ourselves increasingly connected, dependent, and vulnerable.
The Crime Singularity
In the criminal days of yore, crime was a simple affair. Any would-be criminal need only buy a knife or gun, hide in a dark alley, and then leap out at an approaching victim and demand, “Give me your money.” Apart from the unsavory morality issue, robbery was a great entrepreneurial business model that had survived for millennia. The start-up costs were low, and criminals could set and work their own hours and schedules. Of course like all entrepreneurs, criminals struggled with an obvious problem: how to scale and grow their businesses. Even a very good robber could only steal from so many people a day, perhaps five or six a day, if lucky.
Fortunately, however, technology provided an answer for would-be criminals on how to surmount the scalability issues their illicit businesses faced, and the solution came from an unlikely place: the locomotive. Of course when trains were invented, nobody ever envisioned that they might become subjected to train robberies. Criminals, however, foresaw the opportunity and lost no time in taking advantage of the new technology. Now, rather than robbing one person at a time, thanks to the locomotive, armed gunmen could rob two hundred or three hundred people simultaneously, thereby vastly expanding their business opportunities and their profits.
Early criminal entrepreneurs such as Bill Miner, Jesse James, and Butch Cassidy in the mid- to late nineteenth century made their fortunes robbing trains of their cargo and passengers of their cash and jewelry. Attacks against trains remained a viable form of criminal employment for more than one hundred years, culminating in the U.K.’s great train robbery of 1963, wherein a band of robbers commandeered a Royal Mail train headed from Glasgow to London. Their carefully planned heist netted the crew £2.6 million, the equivalent of £46 million today ($7.28 million and $76 million, respectively).
Fast-forward to today, and we see that crime too can benefit greatly from the exponential nature of technology. Using the Internet, thieves have gone from robbing individuals and hundreds of people at a time to stealing from thousands and now even millions of individuals. As a result, we are witnessing a fundamental paradigm shift in the nature of crime and how it is committed. With technology, crime scales, and it scales exponentially.
As noted previously, the 2007 T.J. Maxx hack was the largest retail crime of its kind at the time, initially affecting forty-five million customers and their financial data. But news headlines have made it abundantly clear TJX was not an isolated incident. In June 2011, attackers compromised the Sony PlayStation gaming network and gained access to more than seventy-seven million online accounts, including victims’ credit card numbers, names, addresses, dates of birth, and gaming log-in credentials. The incident kept the PlayStation Network off-line for days and affected customers around the world. Criminals have lost no time in taking advantage of all the technological conveniences in our lives, including our gaming consoles. In the end, financial analysts estimated that the repair bill for the Sony PlayStation hacking incident cost the company in excess of $1 billion from lost business, outside consultants, and various lawsuits.
Later, in 2013, Target stores across the United States admitted that they too had become victims of a cyber attack against their point-of-sale credit and debit card terminals. The episode could not have come at a worse time for the retailer, at the very height of the Christmas shopping season. In that incident, data from more than 110 million accounts were stolen, in an attack apparently masterminded by a seventeen-year-old hacker in Russia.
Think about the scale and the enormity of the loss. Nearly one-third of the American population was simultaneously robbed. Never before in the history of humanity has it been possible for any one person to steal 110 million of anything, let alone concurrently rob more than 100 million people.
As incredible as the Target hack was for its size and scope, just over a year later, in August 2014, that number was surpassed by a Russian hacking group that gathered 1.2 billion user names, passwords, and other confidential data from 420,000 Web sites, according to Hold Security. Crime too has entered the age of Moore’s law, and it has exponential consequences for us all.
Control the Code, Control the World
Technological progress is like an axe in the hands of a pathological criminal.
ALBERT EINSTEIN
As the entire human race drives itself toward ubiquitous connection to the Internet, we are transforming both ourselves and our world. From this global interconnectivity will flow tremendous good. Man grows omniscient as every fact or thought ever recorded becomes available in real time regardless of its source or location. From the chemical formula for photosynthesis, to the current temperature in Baku, to who won an English county cricket match in 1901, to the latest shenanigans of Justin Bieber, all is becoming knowable as we plug ourselves into the global brain that is the Internet.
At the same time, man is also growing omnipotent as the world’s objects go online. You can activate your DVR from the freeway and start your car from the living room. 3-D printers churn out auto parts, clothing, and construction materials. Diabetic pumps, pacemakers, and implantable cardiac defibrillators are all connected to the Internet and transmit lifesaving digital data to your doctor in real time. Physicians can even perform transatlantic surgeries via tele-connected robotic surrogates, projecting surgeons into villages where none had ever traveled. Human beings now have the capacity to control things on the other side of the planet in ways that would previously have been both unimaginable and impossible.
While there are obvious cost, efficiency, and capability advantages to these transformations, they add tremendous complexity to our world. One very rough approximation by which to examine these complexities is by considering the number of lines of computer code (LOC) required to make a particular piece of software or system function. For example, the 1969 Apollo 11 Guidance Computer that safely guided astronauts the 356,000 kilometers from earth to the moon and back only contained 145,000 LOC, a ridiculously paltry sum and a remarkable achievement by today’s standards. By the early 1980s, when the space shuttle became operational, its primary flight software had grown to a relatively slim 400,000 LOC.
By comparison, Microsoft Office 2013 is 45 million LOC, slightly fewer than the 50 million lines of code required to run the Large Hadron Collider located at the European Organization for Nuclear Research. Today, the software required to run the average modern automobile clocks in at a remarkable 100 million LOC, many fewer than the unprecedented reported 500 million LOC that ran the much maligned U.S. HealthCare.gov Web site. Though direct comparisons are difficult, HealthCare.gov was roughly thirty-five hundred times more complex than the gui
dance system that brought Apollo 11 to the moon and back. Is it any wonder the Web site crashed and burned?
The growing complexity of computer software has direct implications for our global safety and security, particularly as the physical objects upon which we depend—things like cars, airplanes, bridges, tunnels, and implantable medical devices—transform themselves into computer code. Physical things are increasingly becoming information technologies. Cars are “computers we ride in,” and airplanes are nothing more than “flying Solaris boxes attached to bucketfuls of industrial control systems.” As all this code grows in size and complexity, so too do the number of errors and software bugs. According to a study by Carnegie Mellon University, commercial software typically has twenty to thirty bugs for every thousand lines of code—fifty million lines of code means 1 million to 1.5 million potential errors to be exploited. This is the basis for all malware attacks that take advantage of these computer bugs to get the code to do something it was not originally intended to do. As computer code grows more elaborate, software bugs flourish and security suffers, with increasing consequences for society at large.
Growing system complexities, even when not intentionally exploited by bad actors, can still pose significant safety risks. Take, for example, the 2003 Northeast blackout that left fifty-five million people in Canada and the United States in the dark for days. A labyrinthine electrical grid, an operator error, and a software bug led to the largest blackout in North American history. Computer failures also played a role in the 2010 Deepwater Horizon disaster that killed eleven workers and created the largest environmental catastrophe in American history, leaking 4.9 million barrels of oil into the Gulf of Mexico. At a government hearing into the disaster, Michael Williams, the chief electronics technician aboard the Deepwater Horizon, testified that crucial drill monitoring and control systems were crippled by frequent software crashes and a “blue screen of death” on the oil rig’s computer prior to the explosion that sank the rig.