Science, Tech & Environment

On the trail to catch cyber criminals

Ah, Silicon Valley: a sparkling chrome paradise that the Ambassadors of Tomorrow call home. It’s teeming with young entrepreneurs, ingenious creatives, deep-pocketed investors … and the criminal hackers that watch their every move.

Player utilities

Listen to the Story.

“All of this tech can be awesome, but there is a downside that people are definitely neglecting,” says former FBI Futurist-in-Residence Marc Goodman. “We need to be aware of those risks.”

Goodman, author of "Future Crimes," is referring to the inherent danger in a blossoming Internet of Things: we’re putting more and more information about ourselves online, but not taking any additional steps to protect it.

“We face an existential threat today from the technological tools in our lives being used against us, particularly attacks against critical infrastructures — everything from financial services to the electrical grid itself.”

If it sounds a bit dramatic, Goodman proposes a challenge: see your world from the criminal’s point of view.

“If you’re a corporation like General Electric and you have north of 100,000 employees, every point on every employee’s laptop, phone, server, email account… needs to be locked down. It’s a near impossible task. But [attackers] only need to find one way in, and they’re going for the lowest hanging fruit.”

According to a 2014 IBM security report, 95 percent of all cyber attacks were in fact due to the low-hanging fruit of human error — that is, preventable slip-ups like clicking on malware links.

“Most companies don’t get penetrated by very, very sophisticated attacks,” he tells us. “We’re doing the equivalent of leaving our keys in the car, or our front door wide open.”

Goodman believes a company leaving its site unencrypted — like Anthem Blue Cross, which had 80 million records stolen in one year due to unencrypted data — is taking a risk analogous to a midnight stroll through “a dark alley in a bad part of town.”

So why do these breaches keep happening? “Because the law doesn’t require [security]. It’s difficult and expensive and they just don’t bother.”

While neither massive corporations nor the US government are adequately cracking down — Goodman believes — online organized crime groups are redoubling their efforts. And they’re not all that easy to spot, looking more like the Silicon Valley startups they target than rugged criminals.

“They’re extremely organized, and they are using all the latest business techniques you read about in the Harvard Business Review,” Goodman says. “Crowd funding, price fluctuations, tech support for other criminals.”

While it’d make a lot of sense for the government to come down hard on groups like these, Goodman tells us not to hold our breath.

“International law is a very slow and lumbering process. People don’t run cybercrime rings from Washington DC or London. They’re operating from jurisdictions where rule of law is very weak.”

Goodman warns that the expansion of the Internet creates a mind-boggling number of new access points for these hackers — not only with the proliferating Internet of Things, but the with upcoming switch to Internet Protocol Version 6, which will support 78 octillion simultaneous connections (as opposed to our current 4.5 billion, a jump he says is analogous from switching from a golf ball to the sun).

"We are just living in the first seconds, in the first minute, in the first hour of the Internet revolution, and we have no idea what's coming next,” he says.

In short, we’re headed into an age when criminals can wriggle their way into our cars, thermostats, and kitchen appliances with ease. Not even your forks are safe. 

But before you pull a Christopher McCandless, throw out your phone and flee to the Alaskan wilderness, Goodman has a few tips:

“Apathy is our enemy here. Basic encryption in a corporation? That’s an easy fix. Not having your password be the word ‘password’? There are tools to help you protect yourself,” he explains.

“We’ve built our modern society on technology that we know can be abused and commandeered by third parties halfway around the world,” he continues. “Which means we’ve built our world on a house of cards.”

To keep the house standing, in Goodman’s eyes, it just takes a little effort.

“Until we’re intentional — until we move away from box-checking exercises inside corporations and the government — we’re never going to make the big differences required to benefit from all these wonderful technologies.” 

A version of this story first aired as an interview on PRI's Innovation Hub.