by Marc Goodman
16 Certain criminal forums: Michael Riley, “Stolen Credit Cards Go for $3.50 at Amazon-Like Online Bazaar,” Bloomberg, Dec. 19, 2011.
17 Numerous illicit “torrents”: Ernesto, May 18, 2008, blog on TorrentFreak, accessed on June 27, 2014.
18 Another such site: “Inside the Mansion—and Mind—of Kim Dotcom, the Most Wanted Man on the Net,” Wired, Oct. 18, 2012.
19 Not only do they sell: Beth Stebner, “The Most Dangerous Drug in the World: ‘Devil’s Breath’ Chemical from Colombia Can Block Free Will, Wipe Memory, and Even Kill,” Mail Online, May 12, 2012.
20 Tor hidden sites: Forward-Looking Threat Research Team, “Deepweb and Cybercrime,” Trend Micro, 2013, 16.
21 Once stolen: Brian Krebs, “Peek Inside a Professional Carding Shop,” Krebs on Security, June 4, 2014.
22 Given the vast amounts: Max Goncharov, “Russian Underground Revisited,” Forward-Looking Threat Research Team, Trend Micro Research Paper.
23 The cards are sold: Brian Krebs, “Cards Stolen in Target Breach Flood Underground Markets,” Krebs on Security, Dec. 20, 2013; Dancho Danchev, “Exposing the Market for Stolen Credit Cards Data,” Dancho Danchev’s Blog, Oct. 31, 2011; “Meet the Hackers,” Bloomberg Businessweek, May 28, 2006; David S. Wall, “The Organization of Cybercrime in an Ever-Changing Cyberthreat Landscape” (draft paper for the Criminal Networks Conference, Montreal, Oct. 3–4, 2011).
24 The United States is the largest victim: “Skimming off the Top,” Economist, Feb. 15, 2014.
25 Nearly 20 percent: Pew Research Center, “More Online Americans Say They’ve Experienced a Personal Data Breach,” April 14, 2014; Rosie Murray-West, “UK Worst in Europe for Identity Fraud,” Telegraph, Oct. 1, 2012.
26 Medical identity theft: Herb Weisbaum, “U.S. Health Care System Has $5.6 Billion Security Problem,” NBC News, March 12, 2014; Richard Rubin, “IRS May Lose $21 Billion in Identity Fraud, Study Says,” Bloomberg, Aug. 2, 2012.
27 U.S. driver’s licenses: “Cashing In on Digital Information,” TrendMicro/TrendLabs 2013 Annual Security Roundup.
28 So too are assault rifles: Sam Biddle, “The Secret Online Weapons Store That’ll Sell Anyone Anything,” Gizmodo, July 19, 2012; Adrian Chen, “Now You Can Buy Guns on the Online Underground Marketplace,” Gawker, Jan. 27, 2012.
29 One Dark Web user: Sam Biddle, “The Secret Online Weapons Store That’ll Sell Anyone Anything,” Gizmodo, July 19, 2012.
30 As we saw with Silk Road: Greenberg, “Meet the ‘Assassination Market’ Creator Who’s Crowdfunding Murder with Bitcoins.”
31 The sites request: Dylan Love, “How to Hire an Assassin on the Secret Internet for Criminals,” Business Insider, March 16, 2013.
32 Kindergarten Porn: Joel Falconer, “Mail-Order Drugs, Hitmen, and Child Porn: A Journey into the Dark Corners of the Deep Web,” Next Web, Oct. 8, 2012.
33 Just one Dark Web site: Patrick Howell O’Neill, “Feds Dismantle Massive Deep Web Child Porn Ring,” Daily Dot, March 19, 2014.
34 Moreover, the National Center: Thorn Blog, http://www.wearethorn.org/child-trafficking-statistics/.
35 Law enforcement sources report: Testimony of Ernie Allen, president of the National Center of Missing and Exploited Children, to the Institute of Medicine Committee on Commercial Sexual Exploitation and Sex Trafficking of Minors in the United States of the National Academies, available at http://storage.cloversites.com/thedaughterproject/documents/NCMEC%20report%20to%20congress%2001-04-12.pdf; http://www.nap.edu/catalog.php?record_id=18358.
36 The U.S. Department of Justice: NPR Staff, “Courts Take a Kinder Look at Victims of Child Sex Trafficking,” NPR.org, March 1, 2014.
37 Nearly 70 percent: Thorn Staff, “Child Sex Trafficking and Exploitation Online: Escort Websites,” March 11, 2014; National Human Trafficking Resource Center, “Residential Brothels.”
38 These activities are transacted: Mark Latonero, “The Rise of Mobile and the Diffusion of Technology-Facilitated Trafficking,” University of Southern California.
39 Web sites such as BackPage.com: Shared Hope International, “Demanding Justice Project Benchmark Assessment 2013,” 13; Michelle Goldberg, “Sex Slave Outrage,” Daily Beast, Dec. 9, 2010.
40 Around the world: For an outstanding overview of the international black market in human organs, see Der Spiegel‘s four-part series on the topic available in English at http://www.spiegel.de/international/world/the-illegal-trade-in-organ-is-fueled-by-desperation-and-growing-a-847473.html.
41 Kidneys can fetch: Casey Chan, “Here’s How Much Body Parts Cost on the Black Market,” Gizmodo, April 23, 2012.
42 In the United States alone: National Kidney Foundation, “Organ Donation and Transplantation Statistics,” Sept. 8, 2014.
43 Most will die: Jeneen Interlandi, “Organ Trafficking Is No Myth,” Newsweek, Jan. 9, 2009.
44 The World Health Organization: Damien Gayle, “An Organ Is Sold Every Hour, WHO Warns: Brutal Black Market on the Rise Again Thanks to Diseases of Affluence,” Mail Online, May 27, 2012.
45 The organs may come from: Ulrike Putz, “Organ Trade Thrives Among Desperate Syrian Refugees in Lebanon,” Spiegel Online, Dec. 11, 2013; Jiayang Fan, “Can China Stop Organ Trafficking?,” New Yorker, Jan. 10, 2014.
46 Sadly, those selling body parts: Esther Inglis-Arkell, “How Do You Buy Organs on the Black Market?,” io9, March 26, 2012.
47 “I will sell my kidney”: Dan Bilefsky, “Black Market for Body Parts Spreads in Europe,” New York Times, June 28, 2012.
48 “Donate a kidney”: Denis Campbell and Nicola Davison, “Illegal Kidney Trade Booms as New Organ Is ‘Sold Every Hour,’ ” Guardian, May 27, 2012.
49 At least one seventeen-year-old: “9 on Trial in China over Teenager’s Sale of Kidney for iPad and iPhone,” CNN, Aug. 10, 2012.
50 In a deeply disturbing report: European Cybercrime Centre, “Commercial Sexual Exploitation of Children Online,” Oct. 2013.
51 Organized criminal networks: Paul Gallagher, “Live Streamed Videos of Abuse and Pay-per-View Child Rape Among ‘Disturbing’ Cybercrime Trends, Europol Report Reveals,” Independent, Oct. 16, 2013; Paul Peachey, “Number of UK Paedophiles ‘Live-Streaming’ Child Abuse Films Soars, Warns CEOP,” Independent, July 1, 2013.
52 In one incident: Ann Cahill, “New Age of Cybercrime: Live Child Rapes, Sextortion, and Advanced Malware,” Irish Examiner, Feb. 11, 2014.
53 The system is designed: “How Does Bitcoin Work?,” Economist, April 11, 2013.
54 Bitcoin is the world’s largest: Nick Farrell, “Understanding Bitcoin and Crypto Currency,” Tech Radar, April 7, 2014.
55 Because Bitcoin can be spent: Joshua Brustein, “Bitcoin May Not Be So Anonymous, After All,” Bloomberg Businessweek, Aug. 27, 2013.
56 There are now more than seventy: Alan Yu, “How Virtual Currency Could Make It Easier to Move Money,” NPR.org, Jan. 15, 2014.
57 Hackers have been able to steal: Robin Sidel, Eleanor Warnock, and Takashi Mochizuki, “Almost Half a Billion Worth of Bitcoins Vanish,” Wall Street Journal, March 1, 2014.
58 Beyond crypto currencies: Marc Santora, William K. Rashbaum, and Nicole Perlroth, “Liberty Reserve Operators Accused of Money Laundering,” New York Times, May 28, 2013.
59 Known as the “PayPal”: United States Attorney’s Office of Southern New York, “Liberty Reserve Information Technology Manager Pleads Guilty in Manhattan Federal Court,” United States Department of Justice press release, Sept. 23, 2014.
60 The popularity of Darkcoin: Andy Greenberg, “Darkcoin, the Shadowy Cousin of Bitcoin, Is Booming,” Wired, May 21, 2014.
61 Operating under the motto: Andy Greenberg, “ ‘Dark Wallet’ Is About to Make Bitcoin Money Laundering Easier Than Ever,” Wired, April 29, 2014.
62 One such CaaS company: James Vincent, “Irish Man Arrested as ‘the Largest Facilitator
of Child Porn on the Planet,’ ” Independent, Aug. 5, 2013.
63 Hundreds of crime-trepreneur purveyors: Kevin Poulsen, “FBI Admits It Controlled Tor Servers Behind Mass Malware Attack,” Wired, Sept. 13, 2013.
64 The trend is accelerating: Solutionary, an NTT Group Security Company, Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report, 2013, 8, http://www.solutionary.com.
65 For example, the hackers: Ibid.
66 Today, using the distributed computing power: “Cybercriminals Today Mirror Legitimate Business Processes,” 4.
67 This means that anyone: Simson Garfinkel, “The Criminal Cloud,” MIT Technology Review, Oct. 17, 2011.
68 “private organisation”: Misha Glenny, DarkMarket: Cyberthieves, Cybercops, and You (New York: Knopf, 2011), 203.
69 China’s Hidden Lynx: Danny Yadron, “Symantec Fingers Most Advanced Chinese Hacker Group,” Digits (blog), Wall Street Journal, Sept. 17, 2013.
70 Off duty, however: Kim Zetter, “State-Sponsored Hacker Gang Has a Side Gig in Fraud,” Wired, Sept. 17, 2013.
71 Staffed 24/7: Kim Zetter, “Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves,” Wired, April 19, 2010.
72 As a result, less skilled criminals: Ablon, Libicki, and Golay, “Markets for Cybercrime Tools and Stolen Data,” 4.
73 Vendors offer one-stop shopping: Forward-Looking Threat Research Team, “Deepweb and Cybercrime,” 9; Ablon, Libicki, and Golay, “Markets for Cybercrime Tools and Stolen Data,” 4. 214 As an example: Taylor Armerding, “Dark Web: An Ever-More-Comfortable Haven for Cyber Criminals,” CSO Online, March 28, 2014.
74 Over the years: Donna Leinwand Leger and Anna Arutunyan, “How the Feds Brought Down a Notorious Russian Hacker,” USA Today, March 5, 2014.
75 When they did: Dan Raywood, “New Version of Bugat Trojan Was Payload in LinkedIn Spam and Not Zeus,” SC Magazine UK, Oct. 12, 2010.
76 Once it found it: Robert McMillan, “New Russian Botnet Tries to Kill Rival,” Computerworld, Feb. 9, 2010.
77 Like its rival Zeus: Kurt Eichenwald, “The $500,000,000 Cyber-Heist,” Newsweek, March 13, 2014.
78 The tool, perhaps one of the world’s most popular: Gregory J. Millman, “Cybercriminals Work in a Sophisticated Market Structure,” Wall Street Journal, June 27, 2013.
79 Worse, it was the tool of choice: Dana Liebelson, “All About Blackshades, the Malware That Lets Hackers Watch You Through Your Webcam,” Mother Jones, May 21, 2014.
80 So good was the Blackshades RAT: “Syrian Activists Targeted with BlackShades Spy Software,” The Citizen Lab, June 19, 2012.
81 The rewards, however: Gregg Keizer, “Google to Pay Bounties for Chrome Browser Bugs,” Computerworld, Jan. 29, 2010.
82 Not to be outdone: Brian Krebs, “Meet Paunch: The Accused Author of the BlackHole Exploit Kit,” Krebs on Security, Dec. 6, 2013.
83 Dark Net chat rooms: Nicole Perlroth and David E. Sanger, “Nations Buying as Hackers Sell Flaws in Computer Code,” New York Times, July 13, 2013.
84 In 2012, the Grugq sold: Andy Greenberg, “Shopping for Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.
85 Companies such as Vupen: Brian Krebs, “How Many Zero-Days Hit You Today,” Krebs on Security, Dec. 13, 2013.
86 The result, as pointed out: Josh Sanburn, “How Exactly Do Cyber Criminals Steal $78 Million?,” Time, July 3, 2012.
87 Worse, now that Stuxnet: Simonite, “Stuxnet Tricks Copied by Computer Criminals.”
88 Crime, Inc. can even draft: “The Child Porn PC Virus,” Week, Nov. 10, 2009.
89 According to the FBI: FBI, “GameOver Zeus Botnet Disrupted,” June 2, 2014.
90 As of mid-2014: Symantec, “Grappling with the ZeroAccess Botnet,” Sept. 30, 2013.
91 In the Russian digital underground: Ian Steadman, “The Russian Underground Economy Has Democratised Cybercrime,” Wired UK, Nov. 2, 2012.
92 Moreover, the threat: “Computer Says No,” Economist, June 22, 2013; Perlroth and Hardy, “Bank Hacking Was the Work of Iranians.”
93 The toll of victims: Chris Brook, “Meetup.com Back Online After DDoS Attacks, Extortion Attempt,” Threat Post, March 5, 2014; Pierluigi Paganini, “Botnet Authors Use Evernote Account as C&C Server,” Security Affairs, March 31, 2013.
94 Given these obvious advantages: Mathew J. Schwartz, “Malware Toolkits Generate Majority of Online Attacks,” Dark Reading, Jan. 18, 2011.
95 To unlock their computers: David Wismer, “Hand-to-Hand Combat with the Insidious ‘FBI MoneyPak Ransomware Virus,’ ” Forbes, Feb. 6, 2013.
96 Thus users in the U.K.: EnigmaSoftware, “Abu Dhabi Police GHQ Ransomware.”
97 Another, even more pernicious: Mark Ward, “Crooks ‘Seek Ransomware Making Kit,’ ” BBC News, Dec. 10, 2013.
98 Nearly 250,000 individuals: Dave Jeffers, “Crime Pays Very Well: CryptoLocker Grosses up to $30 Million in Ransom,” PCWorld, Dec. 20, 2013.
99 Automated ransomware tools: Dennis Fisher, “Device-Locking Ransomware Moves to Android,” ThreatPost, May 7, 2014.
100 The police lieutenant: Violet Blue, “CryptoLocker’s Crimewave: A Trail of Millions in Laundered Bitcoin,” ZDNet, Dec. 22, 2013; Bree Sison, “Swansea Police Pay Ransom After Computer System Was Hacked,” CBS Boston, Nov. 18, 2013.
Chapter 12: When All Things Are Hackable
1 The police investigation: Joanne Kimberlin, “High-Tech ‘Repo Man’ Keeps Car Payments Coming,” USA Today, Nov. 29, 2005; Christina Rosales, “Police: Fired Worker Disabled Cars via Web,” Statesman, March 17, 2010; Kevin Poulsen, “Hacker Disables More Than 100 Cars Remotely,” Wired, March 17, 2010.
2 Laptop sales supplanted: Michael Singer, “PC Milestone—Notebooks Outsell Desktops,” CNET, June 3, 2005; Salvador Rodriguez, “More Tablets to Be Sold Than PCs in 2015, Report Says,” ChicagoTribune.com, July 8, 2014.
3 In 2014, we saw: “2014: Mobiles ‘to Outnumber People,’ ” BBC News, May 9, 2013.
4 The Pew Research Center defines: Pew Research Center, “Digital Life in 2025,” March 2014; Pew Research Center’s Internet & American Life Project, “Internet of Things,” accessed July 21, 2014, http://www.pewinternet.org/.
5 “if all the objects”: Lopez Research, “An Introduction to the Internet of Things,” Cisco, Nov. 2013.
6 Indeed, according: Terril Yue Jones, “A Law of Continuing Returns,” Los Angeles Times, April 17, 2005.
7 They are low-powered: Olga Kharif, “Trillions of Smart Sensors Will Change Life,” Bloomberg, Aug. 4, 2013.
8 “a Web server”: Neil Gershenfeld and J. P. Vasseur, “As Objects Go Online,” Foreign Affairs, March/April 2014.
9 Back when IPv4 was introduced: Laurie J. Flynn, “As World Runs Out of I.P. Addresses, Switch to IPv6 Nears,” New York Times, Feb. 14, 2011.
10 IPv6, on the other hand: Andrew G. Blank, TCP/IP Foundations (Hoboken, N.J.: John Wiley & Sons, 2006), 233.
11 That means IPv6 would allow: John Martellaro, “A Layman’s Guide to the IPv6 Transition,” The Mac Observer, Jan. 31, 2012; Robert Krulwich, “Which Is Greater, the Number of Sand Grains on Earth or Stars in the Sky?,” NPR, Sept. 17, 2012.
12 every single atom: Steve Leibson, “IPV6: How Many IP Addresses Can Dance on the Head of a Pin,” EDN Network, March 28, 2008; “The Internet of Things,” Cisco Infographic.
13 Tomorrow’s will be the size: “IPv6—What Is It, Why Is It Important, and Who Is in Charge?” (paper prepared for chief executive officers of ICANN and all the regional Internet registries), Oct. 2009.
14 Though in 2013: Dave Evans, “The Internet of Things,” Cisco, April 2011.
15 The McKinsey Global Institute: McKinsey Global Institute, Disruptive Technologies: Advances That Will Transform Life, Business, and the Global Economy, May 2013, 55, MGI_Disruptive_technologies_Full_report_May2013.pdf.
16 The IoT may very well be: Emerging Cyber Threats (presented by Georgia Institute of Technology a
nd the Georgia Tech Research Institute at the Georgia Tech Cyber Security Summit, 2013), 4.
17 “billions of smart”: Global Strategy and Business Development, Freescale and Emerging Technologies, ARM, What the Internet of Things (IoT) Needs to Become a Reality, May 2014.
18 “phenomenon of convergence”: Marcus Wohlsen, “Forget Robots. We’ll Soon Be Fusing Technology with Living Matter,” Wired, May 27, 2014.
19 You’re not the only one: Robert Muir, “Thirsty Plants Can Twitter for Water with New Device,” Reuters, March 26, 2009; https://twitter.com/pothos; Rachel Metz, “In San Francisco, a House with Its Own Twitter Feed,” MIT Technology Review, May 21, 2013.
20 “the purposes of enrichment”: Gershenfeld and Vasseur, “As Objects Go Online.”
21 Rather, researchers fitted: Alan Yu, “More Than 300 Sharks in Australia Are Now on Twitter,” NPR.org, Jan. 1, 2014.
22 While this future: Alexis C. Madrigal, “Welcome to the Internet of Thingies: 61.5% of Web Traffic Is Not Human,” Atlantic, Dec. 12, 2013.
23 Just as the introduction: M. Presser and S. Krco, Initial Report on IoT Applications of Strategic Interest, Internet of Things Initiative, Oct. 8, 2011, 48.
24 There have been dozens: Annalee Newitz, “The RFID Hacking Underground,” Wired, May 2006.
25 These shortcomings have allowed: Francis Brown and Bishop Fox, “RFID Hacking” (paper presented at Black Hat USA, Las Vegas, Nev., Aug. 1, 2013).
26 Every Fortune 500 company: “Hackers Could Clone Your Office Key Card … from Your Pocket,” NBC News, July 25, 2013.
27 Seconds later: Andy Greenberg, “Hacker’s Demo Shows How Easily Credit Cards Can Be Read Through Clothes and Wallets,” Forbes, Jan. 30, 2012.
28 RFID chips can also be infected: Nate Anderson, “RFID Chips Can Carry Viruses,” Ars Technica, March 15, 2006.
29 Another popular: Juniper Research, “1 in 5 Smartphones will have NFC by 2014, Spurred by Recent Breakthroughs: New Juniper Research Report,” April 14, 2011.
30 But like RFID: Andy Greenberg, “Hacker Demos Android App That Can Wirelessly Steal and Use Credit Cards’ Data,” Forbes, July 27, 2012.