Looking Ahead: Technology Threats
By Matthew Harwood
A PDF Version of this Article is available on the Chief Security Officer (CSO) Roundtable Website.
Marc Goodman is a global thinker, writer, and consultant focused on technology’s impact on security, business, and international affairs. Over the past 20 years, he has worked with organizations such as Interpol, the United Nations Counterterrorism Task Force, NATO, the U.S. Government, and the Los Angeles Police Department (LAPD) on cybercrime and cyberterrorism matters. He frequently consults with global policy makers, security executives, and industry leaders on technology-related security threats—including cyber executive protection—and has operated in more than 50 countries around the world. He serves as the faculty advisor for security at Silicon Valley’s Singularity University. He also founded the Future Crimes Institute, which focuses on the security implications of disruptive technologies such as artificial intelligence, the social data revolution, synthetic biology, virtual worlds, robotics, ubiquitous computing, and location-based services.
You are a self-described “futurist” devoting yourself to next generation crime. What does that mean?
As a young street police officer, I began to see the impact of technology on crime and criminality. To that end, I eventually founded the LAPD’s Internet unit in the late 1990s. There I learned clearly that technology could be used for good or ill. Now technology is part of the standard toolkit for both criminals and terrorists around the world.
What first made you come to realize how strong the impact of modern technology would be on crime?
Gang members. I was working in South Central Los Angeles when I saw all these 14- and 15-year-old gang members, circa 1990, and they were carrying beepers. Around that time, the only people who had beepers were physicians. It eventually became clear that the gang members were using pagers to send coded signals to each other for narcotic trans-
actions, among other things.
As the technology got more sophisticated, criminals remained early adopters. They readily migrated from pagers to mobile phones and to the Internet and have always been ahead of the good guys with much more limited budgets.
What are some examples of “future crimes” that have already occurred that many people don’t know about yet?
The examples are numerous, with each new technology introduced being exploited by criminals. One area I have been studying is robotic crime. When I talk about robotic crime, people say “Robots will never commit crime.” But narcotraffickers for some time have been using robotic delivery systems to bring drugs up from Latin America in unmanned submersibles. Now they are using unmanned aerial vehicles, or drones, to deliver drugs over the border.
In the future, you’re worried about people hacking implantable medical devices and wreaking havoc inside the human body. That’s conceivable?
Entirely. Today there are approximately 60,000 implantable medical devices in the United States—cardiac pacemakers, cochlear implants, diabetic pumps—that connect to the Internet in one way or another. If a pacemaker’s defibrillator, capable of delivering an electric shock, is connected to the Internet, it means the Internet is connected to the pacemaker. It’s only a matter of time before a hacker exploits a vulnerability. A recent study showed that it was in fact possible to attack Medtronic pacemakers under lab conditions.
As technology becomes increasingly integrated with biology, there will be significant consequences that security and law enforcement officials have not even begun to contemplate. For example, as some of the sixty thousand people who already have an Internet-enabled implantable medical device die, who will do the autopsy? Physicians are trained in conducting autopsies, not computer forensics. The integration of biology with technology means we’ll need additional skills among these professionals. Otherwise, how will the coroner or homicide investigator know whether the victim died of an accidental death because the pacemaker failed?
In the future, what aspects of technocrime do you think will become more frequent?
Location-based crime is something that is beginning to take off, whether it’s exploiting other people’s location to stalk them, to rob them, or to burglarize them. It’s going on now. There are some Web sites—such as PleaseRobMe.com, ICanStalkYou.com, and now the application Creepy—which cull public information on someone and plots it on a map.
Another location crime that has been going on for years is called SWATing. There are programs for smart phones that allow any phone number to be presented on the phone’s outbound caller ID. So people were calling 911 and spoofing someone else’s phone number and screaming “Help, help, he’s got me. He’s got a gun.” 911 sees the number, dispatches the SWAT team to the address associated with the phone number. The SWAT team goes kicking down the door on an innocent person thinking that they’re dealing with a hostage situation because that’s where the caller ID said they were. The ability to virtually project a location not one’s own to the police is no joke and creates a highly volatile situation wherein armed police may barge in on an innocent family.
The future of crime, then, is the ability of a perpetrator to spoof who did the crime?
That’s exactly right. The future of crime is the ability to spoof anything. Not just caller ID.
You can also plant digital evidence putting people at the scene of a crime. Thus, it will be possible to set someone up to appear, based upon hacked locational data on their mobile phone, to have been at the scene of a crime, such as a murder, when in fact they were never there.
Is the future a place of rapidly degrading trust where nothing is as it seems?
We are already there. People choose to believe all types of digital information that is in no way authenticated. Individuals are using cyberspace and technology to create fake personas and fake realities all the time. There have been many cases wherein bad actors take a photo of a pretty girl and create a profile around it on a social networking service such as LinkedIn and before you know it, you have 100 guys from Army intelligence that are “her” friends, sharing sensitive information because they think they’re talking to an actual woman whom they are trying to impress.
Couldn’t this undermine the public’s faith in the justice system? And what cop is going to believe someone when they tell them they’ve been set up digitally?
Exactly. That’s what happened with these initial SWATing cases. The police couldn’t believe that the victims didn’t call the police. Police would say, “Caller ID says call placed from here…therefore it had to originate here. Maybe it was your son?”
But this cuts both ways. Today, the standard pedophile defense is “I got infected by a virus.” Then the defense attorney brings in all these experts who say “When you get infected with a virus, your computer does all these things.” So the pedophile says my computer may have visited these child pornography sites due to a virus, but I never did.
How will these perpetual revolutions in technology affect the future of terrorism?
I can think of numerous scenarios wherein terrorists could exploit robotics, critical infrastructures, or even synthetic biology and genomics to disastrous effect. Of course, doubters always say “They would never do that.” Or, “Those people live in caves, what do they know about technology?” Let me remind you, “those people” have hacked into UAVs flying over Iraq and downloaded the live video feeds of predator drones that were meant for the exclusive use of the U.S. Department of Defense.
Fifteen years ago Aum Shinrikyo was building chemical weapons that they successfully deployed against the innocent commuters on the Tokyo subway system. It is a classic and too often repeated mistake that we underestimate the terrorist opponent.
How can law enforcement and security professionals anticipate technology’s impact on crime?
In the current budget environment we face, it’s extremely difficult. To be creative requires time to think. Most police officers are running from call to call and information security officials are struggling to keep up with the thousands of software patches. Who’s got time to be creative and conduct R&D?
Some have argued that one of the major reasons 9-11 occurred is that the bad guys were simply more creative than the good guys. It is for that reason that I founded the Future Crimes Institute.
What would you say to those who aren’t quite convinced of the future technosecurity threat?
For those who may doubt the coming onslaught of new and emerging security threats, I could do no better than to quote the noted science-fiction writer William Gibson from his novel Neuromancer: “The future is already here, it’s just not widely distributed.”
In other words, all of these futuristic crime and security threats already exist. Organized crime groups are using robots to engage in criminal activities. Artificial intelligence is being used to refine crime commission algorithms. Virtual world currencies are being exploited for money laundering. Locational data is being used for criminal purposes. To build upon Gibson’s point, I would ask, now that the future is here, what are we going to do about it?
Where does the security field go from here?
Many of the crime and security problems we face today exist because security was never engineered into a particular technology up front. When there were only six nodes on the Internet, nobody ever thought security would be required because “we all trust each other.” One of my goals with Future Crimes is to engage with biologists, roboticists, nanotechnologists, and artificial intelligence experts and share my knowledge of bad guys.
Scientific progress is fantastic, but most of the brilliant researchers conducting this work have never placed handcuffs on somebody or been the victim of a violent crime. They don’t, quite rightly, think like criminals. That’s our job. So for example, now that we’ve fully decoded the human genome, there are dozens of Web sites with lots of information on literally hacking biology. Perhaps now is the time to take a look at that situation and engineer in some safeguards up front before the problems start arising.
As the panoply of new technologies rapidly comes on board in the coming years, now is the time for security executives to engage with technologists and share our knowledge with them as a means of future crime prevention.
Security Management is the award-winning publication of ASIS International, the preeminent international
organization for security professionals, with more than 37,000 members worldwide.
ASIS International, Inc. Worldwide Headquarters USA, 1625 Prince Street, Alexandria, Virginia 22314-2818
703-519-6200 | fax 703-519-6299 | www.asisonline.org
© 2011 Security Management
This site is protected by copyright and trade mark laws under U.S. and International law.
No part of this work may be reproduced without the written permission of Security Management.