Future Crimes
Page 58
Download
Download software only from official sites (such as Apple’s App Store or directly from a company’s own verified Web site). Be highly skeptical of unofficial app stores and third-party sites hosting “free” software. In addition, avoid pirated media and software widely available on peer-to-peer networks, which frequently contain malware and viruses. Settings in both the Windows and the Mac operating systems can help you “white list” so that only approved software from identified vendors is allowed to run on your machine. While doing so will not guarantee software safety, it can greatly reduce the risk of infection. Pay close attention to apps and their permissions. They are “free” for a reason and you’re paying with your privacy. If a flashlight app tells you it needs access to your location and contacts, run the other way.
Administrator
Administrator accounts should be used with care. Both Windows and Apple allow users to set account privileges, with administrators having highest privileges. While you will need an administrator account on your computer, it should not be your default account for everyday work and online browsing. Instead, create a standard user account to do the majority of your work and for day-to-day use. When you are logged in under administrative privileges and accidentally click on an infected file or download a virus, the malware has full privileges to execute and infect your machine. If you are logged in as a general user and the same thing happens, often the virus, Trojan, or worm will require your specific permission to execute, giving you a warning sign that there is a problem. Always run your computer as a non-admin user unless absolutely necessary to carry out a particular task, such as a known update from a trusted source you are conscientiously installing.
Turn Off
Turn off your computer when you aren’t using it. The simple act of turning off your computer while you sleep will automatically reduce your threat profile by one-third because thieves cannot reach out and touch your machine when it’s not in use and connected to the Internet. In addition, turn off services and connections on your smart phone when you aren’t using them. Keeping Bluetooth, Wi-Fi, NFC, and cellular hot spots on at all times provides additional avenues for attack, which thieves can use to hack your phone, spread malware, and steal data. Also, keeping Wi-Fi on allows retailers and advertisers to persistently track you through your physical world, further encroaching on your privacy. Only turn these services on when you need them.
Encrypt
Encrypt your digital life, protecting your data both locally while at rest and when in transit across the Web. Both Windows and Mac include free programs for full hard-disk encryption (BitLocker and FileVault, respectively). Encrypting your hard drive means others cannot read its contents if it’s lost or stolen. You should also encrypt your Internet traffic by using a virtual private network (VPN), particularly when using a public Wi-Fi network such as those at airports, universities, conferences, and coffee shops—frequent targets for hackers and thieves. Your phone, too, should be encrypted, because today’s mobile devices can have as much personal information as our laptops, if not more. Always use a password on your mobile phone, and consider enabling biometric security, such as Apple’s Touch ID fingerprint technology. Using a password in the latest version of iOS and Android not only ensures nobody else can access your phone and its data in your absence but also provides full encryption on the device, adding another layer of privacy and security.
Additional Safety Tips
If you faithfully follow the UPDATE Protocol above, you can avoid more than 85 percent of threats. To further secure yourself, follow these tips.
1. Use common sense with all your e-mail. As a general rule of thumb, be wary of any request to click on a link or open an attachment sent to you—even when it looks as though it came from somebody you know. Criminals are expert at tricking the general public with irresistible headlines, such as “click here” to see the shocking photographs of some naked movie star. Phishing attacks only work because unsuspecting individuals click on files and links that look realistic or enticing but contain a malicious payload that will infect your machine. When in doubt, check with the individual who purportedly sent you the e-mail to verify it came from him or her (don’t reply to the e-mail itself!). And, no, the Prince of Nigeria is not reaching out to you personally with a viable way to get rich quick.
2. USB drives are one of the most common ways to spread malware and other computer viruses (the Department of Defense has even banned their use). Generally speaking, do not accept a thumb drive from a stranger (or even a person you know well) or plug one into your machine without first scanning for viruses. Disable “auto run” on your computer to ensure that any viruses do not automatically execute, thereby infecting your computer. The same advice applies to external USB hard drives and even smart phones that do not belong to you.
3. Back up your data frequently. You can back them up onto an external hard drive using built-in operating system tools such as Mac’s Time Machine or Windows Backup. You can also use cloud providers such as Carbonite, Backblaze, and SpiderOak. When you utilize cloud providers, it is wise to encrypt the data before uploading them for an extra measure of protection. In addition, you should always have multiple backups of your data. Keep one or more physical drives for backup, and ensure that at least one of them is stored off-site so that in time of disaster, fire, or break-in a backup of your data will be stored in a safe and secure location.
4. Cover up. Unfortunately, it is easy for hackers, criminals, and spies to get access to all the Internet-connected cameras in your life, whether on your computer, smart phone, or tablet. When the camera is not in use, cover the lens up. A simple Post-it note or piece of tape will do and will provide cheap protection from unwanted prying eyes.
5. Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you and on a network you trust. Whether it’s a friend’s phone, a public computer, or a café’s free Wi-Fi, your data could be copied or stolen. Be particularly wary of computers in common or high-trafficked areas such as airport lounges, favorite targets of criminals who plant malware and keystroke loggers in areas where businesspeople congregate.
6. Think before you share on social networks. Criminals, ranging from stalkers to burglars, routinely monitor social media for information. Posting travel itineraries can let burglars know that you will be away from home for two weeks on vacation—an invitation for trouble.
7. Use your operating system’s built-in software firewall, available in both Windows and Mac, to block unwanted incoming connections to your machine, and enable “stealth mode” to make it more difficult for hackers and automated crime bots to find you online.
NOTE: Both the threats and the tools to protect yourself online change frequently. For additional guidance, visit www.futurecrimes.com.
Acknowledgments
One more thing …
STEVE JOBS
A project of this magnitude can never be the work of just one person alone. To this point, I owe a debt of gratitude to a large number of individuals for their support and contributions throughout the creation of this book, chief among them my literary agent Richard Pine of InkWell Management. From the very beginning, Richard saw the potential in Future Crimes and had faith in me to write it, generously agreeing to serve as my sherpa, mentor, and friend as I navigated the world of publishing. Richard’s gifts to me were many, but perhaps his greatest was introducing me to the world-class team at Doubleday, including its editor in chief, Bill Thomas, and my own editor, Melissa Danaczko. Bill’s enthusiasm and support for Future Crimes was outstanding. The same was true for all those with whom I had the privilege to work with at Doubleday, including Alison Rich, Joe Gallagher, Kim Thornton, Margo Shickmanter, and Maria Massey. Without a doubt, my absolute greatest and most profound appreciation must go to Melissa Danaczko, who encouraged me every step of the way through the writing and editing process. She is brilliant, funny, and generous. She worked weekends and night
s, and even missed family gatherings in the cause of this book. Without Melissa, this work simply would never have come to fruition and I will remain eternally thankful to her.
To those individuals who generously agreed to review galley copies of this book and offer their comments on the work, you have my respect and considerable appreciation for taking the time out of your incredibly busy schedules to do so. In particular, I’d like to say thank you to Peter Diamandis, Ray Kurzweil, Kevin Kelly, Daniel Pink, David Eagleman, Christopher Reich, Interpol president Khoo Boon Hui, Ed Burns, Frank Abagnale, and P. W. Singer. To Sarah Stephens and Adam Kaslikowski, thank you both for the countless hours you spent reading through the earliest versions of Future Crimes and your deeply insightful comments on the work along the way. I have also benefited greatly from the wise counsel freely shared by well-established authors who selflessly agreed to help a newbie trying to figure things out for no other reason than they are generous, kind, and amazing. For that, I say thank you to Daniel Suarez, Ramez Naam, and Jane McGonigal.
Writing a book is no easy endeavor, not just for the countless hours it keeps you away from friends and family, but because the process of writing causes one to impose the book on others just because they are in your life. For dealing with me and offering their advice on a never-ending stream of book titles, subtitles, covers, research, and structure options, I want to thank Jacque Murphy, Tarun Wadhwa, Mikhail Grinberg, Daniel Teweles, and Kelsey Segaloff, as well as Brad, Steve, Adam, Carol, Monte, Jacqueline, Noni, Bob, Hanna, Mark, and Jonathan. For their willingness to support Future Crimes and for providing so many good ideas on how to share the information contained in the book with others, I am indebted to Paul Saffo, Chris Meyer, Joe Polish, Marcus Shingles, Steven Kotler, Jonathan Knowles, Sheryl Rapp, Eileen Bartholomew, Dave Blakely, Bill Eggers, Diane Francis, and Cody Rapp. I’d also like to thank the subject-matter experts who helped with some of the technical content in the book, including Andrew Hessel on synthetic biology, Alaina Hardie on robotics, Don Bailey on the Internet of Things, Emeline Paat-Dahlstrom and Mark Ciotola on space, and Andrew Fursman and Landon Downs on quantum computing. Thanks too to Keith Blount, founder of Literature & Latte’s Scrivener, the world’s greatest writing program. Without Scrivener, it would have been nearly impossible to organize the hundreds of cases and thousands of pages of research materials that went into the creation of this book.
I would also like to extend my appreciation to my friends and colleagues in law enforcement with whom I’ve shared many investigations, adventures, and good times over the years, including Michael Holstein, Bernhard Otupal, Rainer Buhrer, Paul Gillen, Mick Moran, Andrew Smith, Skukesha Goldberg, Jim Hirt, Bobby Weaver, Robert Rodriguez, Steven Chabinsky, and Kathy O’Toole. To my allies in the fight to bolster our common global security, including Roderick Jones, Justin Somaini, Tom Kellermann, Matt Wollman, Bradford Davis, and Steve Santorelli, thank you for all that you do.
I am privileged to serve on the faculty of Singularity University, an amazing educational institution with a mission to use next-generation technologies to address the world’s grandest of challenges. There I am joined by some of the most talented people I have ever met in my life—faculty, staff, students, and alumni who are profoundly committed to driving positive change in this world. I’m honored to be counted among them, and I thank Rob Nail for his leadership in driving us exponentially forward.
Finally, this list of acknowledgments would be incomplete without recognizing the support of my family, who have provided the foundation to achieve all that I have in life and instilled in me the importance of fighting for justice in our world. With my deepest appreciation and gratitude to you all.
Notes
Prologue: The Irrational Optimist: How I Got This Way
1 Today, they are building their own nationwide: Michael Weissenstein, “Mexico’s Cartels Build Own National Radio System,” Associated Press, Dec. 27, 2011.
Chapter 1: Connected, Dependent, and Vulnerable
1 All or most of the information: Mat Honan, “How Apple and Amazon Security Flaws Led to My Epic Hacking,” Wired, July 6, 2012; Mat Honan, “Kill the Password: Why a String of Characters Can’t Protect Us Anymore,” Wired, Nov. 15, 2012.
2 Over the past hundred years: Peter Diamandis, “Abundance Is Our Future,” TED Talk, Feb. 2012.
3 And the mobile phone is singularly credited: Deloitte Consulting, Sub-Saharan Africa Mobile Observatory 2012, Feb. 4, 2014.
4 For centuries, the Westphalian system: Marc Goodman, “The Power of Moore’s Law in a World of Geotechnology,” National Interest, Jan./Feb. 2013.
5 Levin, a computer programmer: Amy Harmon, “Hacking Theft of $10 Million from Citibank Revealed,” Los Angeles Times, Aug. 19, 1995.
6 One of the very first computer: Jason Kersten, “Going Viral: How Two Pakistani Brothers Created the First PC Virus,” Mental Floss, Nov. 2013.
7 Eventually, Brain had traveled the globe: For a fascinating and entertaining perspective on Amjad and Basit Farooq, and the history of computer malware, see Mikko Hypponen, “Fighting Viruses and Defending the Net,” TED Talk, July 2011.
8 Researchers at Palo Alto Networks: Byron Acohido, “Malware Now Spreads Mostly Through Tainted Websites,” USA Today, May 4, 2013.
9 Many large companies: Brian Fung, “911 for the Texting Generation Is Here,” Washington Post, Aug. 8, 2014.
10 In 2010, the German research institute: Nicole Perlroth, “Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt,” New York Times, Dec. 31, 2012.
11 In the summer of 2013: Kaspersky Lab, Global Corporate IT Security Risks: 2013, May 2013.
12 A survey of its members: “Online Exposure,” Consumer Reports, June 2011.
13 According to a study by the Gartner group: “Gartner Says Worldwide Security Software Market Grew 7.9 Percent in 2012,” Gartner Newsroom, May 30, 2013; Steve Johnson, “Cybersecurity Business Booming in Silicon Valley,” San Jose Mercury News, Sept. 13, 2013.
14 The results: the initial threat-detection rate: Imperva, Hacker Intelligence Initiative, Monthly Trend Report #14, Dec. 2012.
15 Though millions around the world: Tom Simonite, “The Antivirus Era Is Over,” MIT Technology Review, June 11, 2012.
16 The landmark survey: Verizon, 2013 Data Breach Investigations Report.
17 A similar study by Trustwave Holdings: Trustwave, Trustwave 2013 Global Security Report.
18 When businesses do eventually notice: Verizon RISK Team, 2012 Data Breach Investigation Report, 3.
19 From the time an attacker: Ibid., 51.
20 In that case, hackers: Mark Jewell, “T.J. Maxx Theft Believed Largest Hack Ever,” Associated Press, March 30, 2007.
21 Later in court filings: Julianne Pepitone, “5 of the Biggest Ever Credit Card Hacks,” CNN, Jan. 12, 2014.
22 Though TJX reached a settlement: Ross Kerber, “Banks Claim Credit Card Breach Affected 94 Million Accounts,” New York Times, Oct. 24, 2007.
23 One of the most authoritative: Ponemon Institute, Ponemon Institute, home page, 2014, http://www.ponemon.org.
24 Add to that the price: Byron Acohido, “Experts Testify on True Cost of Target Breach,” USA Today, Feb. 5, 2014.
25 In one case, Global Payments: Robin Sidel and Andrew R. Johnson, “Data Breach Sparks Worry,” Wall Street Journal, March 30, 2012.
26 All told, the Ponemon: Ponemon Institute (sponsored by Symantec), 2013 Cost of Data Breach Study: Global Analysis, May 2013.
Chapter 2: System Crash
1 Something had to be wrong: Graeme Baker, “Schoolboy Hacks into City’s Tram System,” Telegraph, Jan. 11, 2008.
2 The boy spent months: Chuck Squatriglia, “Polish Teen Hacks His City’s Tram, Chaos Ensues,” Wired, Jan. 11, 2008.
3 In other words, the teen: Ibid.
4 “automatically monitor and adjust”: Clay Wilson, Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, Congressional Research
Service, Jan. 9, 2008, 25.
5 The problem is worse: Brian Prince, “Almost 70% of Infrastructure Companies Breached in Last 12 Months: Survey,” Security Week, July 14, 2014.
6 It may sound like fantasy: “Hackers ‘Hit’ US Water Treatment Systems,” BBC, Nov. 21, 2011.
7 There a local teenager: Martha Stansell-Gamm, “Interview: Martha Stansell-Gamm,” Frontline, Feb. 2001; Sean Silverthorne, “Feds Bust Kid Hacker,” ZDNet, March 18, 1998.
8 “caused millions of litres”: Tony Smith, “Hacker Jailed for Revenge Sewage Attacks,” Register, Oct. 31, 2001.
9 “the next Pearl Harbor”: Anna Mulrine, “CIA Chief Leon Panetta: The Next Pearl Harbor Could Be a Cyber Attack,” Christian Science Monitor, June 9, 2011.
10 Yet 70 percent of the grid’s: President’s Council of Economic Advisers and the U.S. Department of Energy’s Office of Electricity Delivery, Economic Benefits of Increasing Electric Grid Resilience to Weather Outages Report, Aug. 2013.
11 One utility reported: Edward J. Markey and Henry A. Waxman, Electric Grid Vulnerability Report, May 21, 2013.
12 The findings build: Siobhan Gorman, “Electricity Grid in U.S. Penetrated by Spies,” Wall Street Journal, April 8, 2009.
13 In the video: Jack Cloherty, “Virtual Terrorism: Al Qaeda Video Calls for ‘Electronic Jihad,’ ” World News, May 22, 2012.
14 Earlier FBI investigations: Barton Gellman, “Cyber Attacks by Al Qaeda Feared,” Washington Post, June 27, 2002.