Security Expert: Cybercrime Dangers Multiplying With Rise Of IoT, Automation
Cybercriminals are taking advantage of automation, Moore's law and the Internet of Things (IoT) to act faster, increase scale and become more dangerous than ever before.
Bad actors are using innovation against us, leveraging technology to move from individual acts of robbery to hacks and breaches involving billions of dollars and hundreds of millions of victims, global security adviser Marc Goodman told more than 500 people Thursday at the Business Innovation Factory (BIF) 2015 Summit in Providence, R.I.
"We're seeing the impact of exponentials in the world of crime," Goodman said. "Exponential times have led to exponential crimes."
[RELATED: How To Make Executives Unafraid Of Taking Risks And Failing]
Moore's law, which stipulates that the processing power constantly doubles every two years, has made it much easier for criminals to scale, Goodman said, now that a single iPhone has more computing power than all of NASA at the time of the 1969 Apollo moon launch.
Criminals have moved from one-on-one scenarios, Goodman said, to the Target data breach with 100 million passwords stolen and a $1 billion banking heist from a Russian hacking ring.
"Moore's law doesn't just apply to the good guys," Goodman said. "With Moore's law comes Moore's outlaws."
Much of the public has an outdated notion of cybercrime as centered primarily on identity theft, while, in reality, the future of cybercrime will involve connected mechanical devices such as a car, Goodman said. Now that cars have computers, Goodman said hackers can gain total control over an automobile remotely and control the gas, braking and acceleration from anywhere in the world.
Connected autos exemplify the dangers associated with IoT, which Goodman expects to add another dimension of crime in the coming years. Some 50 billion new devices are expected online by 2020 thanks to IoT, Goodman said, with an average of 25 vulnerabilities for each product.
Criminals often experiment with the latest technology long before big business or law enforcement, Goodman said. They were using cellphones and pagers to operate crime in the late 1980s, and have flown drones with infrared cameras -- which can now be purchased for just a couple hundred pounds in London -- to identify hot spots where marijuana is being grown.
Drones and robotics are being used to bring everything from guns to drugs to mobile phones into prisons, Goodman said.
Drug criminals went so far as to build their own fully encrypted telecommunications network called Narcotel, which extends to all 31 states in Mexico. Goodman said the parallel network is used by El Chapo, a Mexican drug lord who had $200 million in cash at the time of his arrest and was named the 41st wealthiest person in the world this year by Forbes.
"We know that crime doesn't pay once you're arrested," Goodman said. "But before you're arrested, crime can be a pretty good gig."
Like corporations, criminal enterprises frequently take advantage of gamification principles, Goodman said, with a fake antivirus software scam at one particular enterprise providing its 600 workers with an employee-of-the-month program, team-building exercises, and automobiles and cash prizes for the workers who came up with the best scams.
Criminals also have taken advantage of online crowdfunding, most notably when Toronto crack dealers agreed to release a video of former mayor Rob Ford smoking crack after hitting their fundraising target of $200,000 on Indiegogo, Goodman said.
"There's a lot of innovation in the world, and not all of it is legal," Goodman said.
Cybercriminals also have figured out how to automate everything from hijacking Facebook accounts to denial-of-service attacks, making it possible to scale crime exponentially as the risk of human error fades into the background.
"We have CrimeBots, but we don't have CopBots," Goodman said.
Goodman urged government and businesses to study criminals and how they innovate. Because if they don't, our modern, digitally dependent society could be brought down by hackers at any moment.
"There hasn't been a computer system built that can't be hacked," Goodman said.
PUBLISHED SEPT. 17, 2015