Marc Goodman on Crime in the Online World

Breakfast discussion with Marc Goodman

Technological change is proceeding at an exponential rate, and international criminals are eagerly embracing technology to find new ways to cheat, steal and harm people, according to Marc Goodman, a former adviser to the FBI and Interpol. Unfortunately law enforcement and our political system only proceed on a linear basis, and are hopelessly behind the curve in such areas as cyber-security, online extortion and the hacking into a wide array of machines and medical devices we rely on in our daily lives. "Moore's law, which states that computing power doubles every year or 18 months, means we are living in exponential times," Goodman told a Global Café Breakfast meeting of LAWAC on Thursday, January 14th. "But this also applies to the bad guys - I call them Moore's outlaws."

Goodman, the founder of the Future Crimes Institute and author of the recent book Future Crimes, asked for a show of hands in the LAWAC audience for how many people had been hacked in some way - the majority of the audience put their hands up. "Crime isn't committed by people any more - it has become automated and very sophisticated." In the old days, Goodman said, a stick-up would be committed by one criminal against one individual in an alleyway. "But in 2013, 110 million Target accounts were compromised by one individual - because of the exponential nature of automated online crime, it can be massively scaled."

There are a bewildering array of scams, from malware that locks up all the files on your computer and demands payment within 48 hours to avoid the data being deleted permanently, to fake banking sites that ask for your password, to botnets that take over part of your computer and use it as a launching pad for an attack on some other computer or website, thus disguising the origin of the attack. Goodman talked about a passenger on a recent United Airlines flight in the US who hacked into the plane's flight management controls via the inflight entertainment channel - he was apparently able to increase the thrust on one engine that caused the plane to begin to turn in flight. He also told the story of a disgruntled former city employee in Australia who was fired from his job in the sewer works, but was allowed to keep his work laptop - he used that to hack back into the system and reverse the flow of sewerage in the town, causing a predictably unpleasant outcome.

On a more serious level, Goodman talked about the "Dark Web" - a large section of the internet that is behind firewalls and is not indexed by Google. This dark web is only accessible with specialized software, the best known of which is TOR, or "The Onion Router", which does peer to peer decryption, and allows users to get access to illicit online markets for drugs, firearms, child pornography and even assassination websites, on which one can anonymously order up a hit on some individual and receive photographic confirmation of the target's death before making the full payment. In 2013, the Feds arrested the operator of one of the most infamous of these dark sites, "Silk Road" - he went under the pseudonym of "Dread Pirate Roberts", but was discovered to be Ross Ulbricht from Austin, Texas, and he was subsequently sentenced to life in prison. But in the year and a half that he was operating freely, Silk Road did $1.2 billion in online commerce. "Of course new sites have jumped up to replace Silk Road - one of them is Aurora, which allows people to give eBay-like feedback on their drug purchases - like 'five stars for that heroin consignment'," said Goodman.

He also spoke about the danger to medical devices from malicious hacking. Pacemakers, insulin pumps, even cochlear implants can be hacked - and the consequences can be life-threatening. "You would think that nobody would hack into somebody else's body, people aren't that bad.... Well, some are," said Goodman. As an example he cited the case of a hacker who got into the website of the Epilepsy Foundation and embedded flashing lights in the site, so when any user who suffered from epilepsy logged on, they were bombarded with the flashing lights that could provoke a seizure.

Goodman comes from a law enforcement background, and his purpose in describing all the abuses that can be committed with technology is to provoke a debate on why the authorities are not doing enough in response. "The Internet has broken policing," he said, "Because police departments have rigid jurisdictions, but criminals can easily jump borders online all around the world, and police cannot follow them." So if an American citizen is hacked by a Russian or Chinese syndicate, the chances of Moscow or Beijing extraditing the hacker "are close to nil." And even within the US, law enforcement is not equipped to counter cyber-crime - "they are completely overwhelmed by cyber." This means that despite being paid by taxpayers, the police agencies have abdicated their responsibility to protect those taxpayers. "In Manhattan, the FBI has a floor of $1 million on a cyber-crime - and soon that will go up to $10 million," said Goodman - in other words, if the crime does not rise above that level, the FBI won't even investigate it.

As technology continues to increase in sophistication and capability, its abuse by criminals will similarly be enhanced. "For that reason I am calling for a Manhattan Project on Cyber," says Goodman, comparing our current situation today to the existential threat faced by the Allies in World War II by the possible acquisition of nuclear weapons by the Nazis. "We are also facing an existential threat today - and in the future it is only going to get worse - we face massive difficulties with the expansion of artificial intelligence, synthetic biology, robots." Goodman says that the fact that one of the presidential candidates can call for "shutting down the bad part of the internet" shows a disturbing lack of understanding of how technology works. He said that despite the danger from terrorists using encrypted services to plan attacks, the idea of the US government forcing Google and Yahoo etc to build secret backdoors into their servers so that the government can watch for terrorist communications is a bad idea. "As Tim Cook from Apple says, there is no way to have a secure system with a back door - because the bad guys will find it." In fact, he thinks that the government should be promoting more encryption for everyone else, to make Americans safer from cyber crime. "The one thing that is decidedly not exponential is Government....What we have are technologies that are running light-years ahead of our public policy, regulation, law, ethics, and we're completely unprepared. So we need to create a generation of people who are fluent in science and technology and who'll have a passion for world affairs, public policy, and international affairs by law." Otherwise, the bad guys in the dark net will keep getting away with murder - sometimes literally.