After reading a third of Marc Goodman’s Future Crimes: Inside the Digital Underground and the Battle for Our Connected World (2015), I am shocked to learn just how much data people and businesses are collecting and leaking over the Internet.That data, combined with the power of technology itself, is allowing the unscrupulous to manipulate people, steal, and finance terrorism across the world. The author himself has worked with law enforcement, is a consultant to the FBI, and can tell firsthand what the criminals want, what they are thinking, and what they have dared to do.
You might be wondering, who are these criminals and what are their motivations? When hacking first emerged, it was a ‘for-fun’ activity. Nowadays, when I say ‘hacker’, you might think of the stereotype of a teenage boy changing his grades from his basement. But none of those quite capture how diverse cybercriminals really are. As quoted from the book,
“The cast of characters is vast: they include nation-states, neighborhood thugs, transnational organized crime groups, foreign intelligence services, hacktivists, military personnel, cyber warriors, state-sponsored proxy fighters, script kiddies, garden-variety hackers, phreakers, carders, crackers, disgruntled insiders, and industrial spies.”
Technology is accelerating and connecting people online at an exponential rate. For example, the iPhone that hundreds of millions of people carry today has more processing power than what was available to all of NASA during the Apollo 11 moon landing 40 years ago. Technology is also the perfect tool for criminals to expand their influence and increase their profits. Think about it: in the early days, crime was as simple as robbing 6 or 7 people a day. When trains were built, no one thought they would be subjected to train robbery. But in the mid-eighteenth century, criminal entrepreneurs such as Butch Cassidy earned fortunes robbing train passengers of their money and jewelery, earning millions of dollars. Fast-forward to modern times: in 2013, Target stores across the US were cyber-attacked at the height of Christmas shopping season, by a 17-year-old hacker in Russia who stole data from more than 110 million accounts. Nearly a third of the American population was robbed: no robbery had been committed at that scale before. Then, in August 2014, that number was surpassed by a Russian hacking group that gathered 1.2 billion usernames, passwords and other confidential data from 420,000 websites. Cybercrime is able to take down electrical grids and critical infrastructures in cities, derail and crash flights, and contaminate drinking water, thanks to all of the infrastructure becoming increasingly reliant on technology. The scale is so large that the U.S. military has dubbed cyberspace as “the next domain for warfare”, as nation-states, hacktivists, and cyber-warriors try to attack and disable cities globally. Even worse, the nature of cybercrime is that unlike bombs, code used for attacks can be easily repurposed and reused.
The thing is, we have no idea how defenseless we are in the cyber world. Antivirus used to be effective, but is nowadays just an illusion of security. In December 2012, researchers at Imperva (a data security research firm) collected 82 new computer viruses and ran them against the threat-detection engines of more than 40 of the world’s largest antivirus companies, including Microsoft, Symantec, McAfee and Kaspersky Lab. The initial threat-detection rate was only 5%, meaning that 95% of malware went completely undetected. Businesses are not safe, either. According to Verizon’s 2013 Data Breach Investigations Report, most businesses have proven simply incapable of detecting when a hacker has breached their information systems. Verizon’s survey, carried out in conjunction with 3 police forces including the U.S. Secret Service, reported that on average, 62% of the intrusions against business took at least 2 months to detect. 92% of the time, when a business notices that it its information systems have been compromised, it is not the company’s security team who discovers the breach. Rather, law enforcement, an angry customer, or a contractor notifies the victim of the problem. The same study also notes that once hackers set their sights on a network, 75% of the time they can successfully penetrate its defenses within minutes. Defenders have to make sure that they are protected against all threats, because as soon as an attacker finds a chink in the armor, he/she can invade.
On top of that, as more and more mobile users become connected around the world and go on social media, more and more personal data is being leaked that criminals are more than happy to take advantage of. Have you ever stopped to ask why your Android apps and services are free? Because Google wants you to register your account with them so that they can find out where you are, what you are doing every day, what you are interested in and the websites you browse, so that they can resell that data to advertisers who can then target you with highly relevant products. You are not Google’s customer: rather, you are its product that it sells to advertisers. In exchange for convenience, you have agreed, without reading the terms of service (which is so long, it is designed to not be read), to let Google invade your privacy (without compensation) and take your data for themselves. That data, along with the accounts and data you keep on social media and email, are perfect resources that criminals can use to pretend they are you, ruin your reputation, break into your bank account by finding the answers to your security questions, rob you when you are not at home (because you said on Facebook that you are going to Hawaii for the next 2 weeks), take out loans and ruin your credit, trick Grandma into giving ‘you’ money by telling her that you were in a terrible accident and need to pay the hospital bill, and many more risks. What’s worse is that if the criminal is attacking you from another country, you are often hard-pressed to prosecute them under the law of your home country. Law has not kept pace with the growth of technology, companies that collect your data are under-regulated, and very few people actually know about cyberthreats.
If you are in CFM, you are in a special position to make a difference in cybercrime and keep people secure. Many crimes are financially motivated and are often financed through money laundering in banks. I would highly recommend reading this book, not just to find out if you have a passion for cybercrime, but also to be aware of technology’s dark side and be able to protect yourself from it.