Not so long ago when one thought about major crimes, bank robberies and ingenious heists came to mind. But in this day and age, why rob a bank if you can simultaneously hack into thousands of ATMs around the world? Or what’s the use in putting together an Ocean’s Eleven-like team if you can go to the Darknet and hire the necessary accomplices without ever leaving your bedroom?
Marc Goodman’s addictive new book, Future Crimes, introduces readers to this brave new world of technology, where robbers have been replaced by hackers, and victims include almost anyone on the Web. (So if you are reading this online, it may be too late for you.)
“Each day, we plug more and more of our daily lives into the global information grid without pausing to ask what it all means,” Goodman writes. “But what should happen if and when the technological trappings of our modern society — the foundational tools upon which we are utterly dependent — all go away? What is humanity’s backup plan? In fact, none exists.”
A former beat cop who founded the Future Crimes Institute, Goodman believes that the forces of cybercrime are swarming. Consider the case of Innovative Marketing, a small startup incorporated in Ukraine. It sold what it called an “entirely new class” of anti-virus software. It advertised products with names like Malware Destructor and System Defender. And in no time, Goodman reports, the company had customers in more than 60 countries, as well as more than 600 employees.
As it turns out, the company wasn’t a system defender at all. Instead it was a pioneer in something called crimeware — essentially software that is written specifically to commit crimes. If you downloaded a version of Malware Destructor, it would quietly remove any legitimate anti-virus program on your computer and then gobble up credit card numbers and other critical information stored on the hard drive. Innovative Marketing would then sell the information to the highest bidder. The company became, Goodman writes, one of the most lucrative high-tech criminal operations ever known.
These sorts of cyberattacks are not isolated crimes; according to Goodman, this is the new normal. His message is that, for all the advantages of technology, it has a dark side that few people stop long enough to consider — the world is wired, but it isn’t secure. Even the human body, he declares, is hackable.
Anyone who watched the second season of the television series Homeland will remember terrorists ordering Nicholas Brody, played by Damian Lewis, to go to the Naval Observatory to retrieve the serial number of the vice president’s pacemaker. As soon as the terrorists acquired the information, they hacked into the system and sent an electric pulse to the device.
This isn’t just Hollywood fantasy, according to Goodman. Implantable medical devices, known as IMDs, communicate with the outside world through radio frequencies, and, he writes, some 300,000 patients receive wireless IMDs every year. The implantable defibrillators allow doctors to monitor their patients remotely in real time. Many medical devices are sold without any security mechanisms in place.
Researchers from the University of Massachusetts and the University of Washington successfully broke into a Medtronic pacemaker — as happened on the fictional television show — and not only were able to read confidential patient information but also could have delivered jolts of electricity to the patient’s heart. Though there have been no known criminal attacks against IMDs in the real world, Goodman says, it is only a matter of time before one happens, and determining the real cause of death may be difficult when it does.
“Physicians and forensic pathologists have absolutely no training in computer forensics,” he writes. “How then will they possibly be able to determine the cause of death? They won’t and the threat we face from medical device insecurity may mean that in the future, it may be even more possible to get away with murder.”
Goodman says he isn’t in the business of fearmongering. Instead he wrote Future Crimes to shed light on the latest in criminal and terrorist tradecraft and to kick off a discussion. He uses the last two chapters of the book to suggest how to limit the impact of this new brand of crime. As he sees it, we need to view cybersecurity in much the same way nations view epidemics and public health. He wants to create an organization similar to the Centers for Disease Control and Prevention in Atlanta to tackle the problem. “A trusted international Cyber World Health Organization,” he writes, “could foster cooperation and collaboration across companies, countries, and government agencies — crucial steps required to improve the overall public health of the networks driving the critical infrastructures in both our online and offline world.”
He wants to require companies to report cyberattacks against them, something many executives decline to do now out of concern that it could affect share prices or make their firms more vulnerable. “This silence is at the very heart of our cybersecurity problems,” Goodman writes. “When a person survives a sexual assault but is too embarrassed or ashamed to report it to the police, the assailant will not be found and prosecuted, free to surely victimize others. Though a cyber attack is an entirely different form of crime, its victims too are loath to speak publicly.”
Goodman is not the first person to suggest such a remedy. The idea is to make attacks public so it is easier to develop common defenses against them. There have been a number of attempts to do this in Congress, but thus far it has proved to be a difficult legislative hurdle. Goodman says we ignore these issues at our peril.
Typically, technology writers fall into two camps: starry-eyed optimists who say innovation will save the world, and doomcasters heralding the apocalypse. Goodman manages to skirt this trap by avoiding breathlessness. He presents his myriad hard-to-imagine cybercrime examples in the sort of matter-of-fact voice he probably perfected as an investigator. He clearly wants us never to look at our cellphones or Facebook pages in the same way again — and in this, Future Crimes succeeds marvelously.
Dina Temple-Raston reviewed this book for The Washington Post.