Future Crimes
Page 42
Watchful Software’s TypeWATCH product is designed to run on networks in the background to constantly monitor a user’s typing rhythms to uncover and block attempts at unauthorized access. Other firms such as the Sweden-based Behaviometrics AB have created tools that note how each mobile phone or tablet user holds his phone, at what angle, the way he types on the virtual keyboard, and even how he swipes and pinches the screen, revealing minute millisecond pauses between various actions. Any variation from an established “cognitive footprint” will set off alarm bells at a bank and block access to the account, one of the reasons Denmark’s largest bank, Danske Bank, adopted the technology. Banks believe biometric tools such as this may be able to cut fraud rates by as much as 20 percent, and thus you can expect the ToS at your online retailer or financial institution to be amended in the near future, requiring your consent to such detailed monitoring in order to use your bank’s iPhone app.
New forms of behaviometrics are emerging all the time. The Nymi wristband uses a voltmeter to read the beating of your heart and uses its unique electro-cardiac rhythm to unlock your computer, smart phone, car, and house. Scientists at the U.K.’s National Physical Laboratory have developed the walking-gait-recognition system that can be used in conjunction with CCTV monitors to uniquely identify an individual based on the way she walks. There is, however, an even easier way to identify you by the way you walk—using the accelerometer in the smart phone that you carry with you twenty-four hours a day, thereby sharing this information with your mobile phone company, handset manufacturer, and app developers.
If these technologies seem intrusive now, the reality is that they may well be even more so in the future. Already Motorola has partnered with the firm MC10 to “extend human capabilities through virtually invisible wearable electronic RFID tattoos” that can be used for password authentication. Proteus Digital Health has created a pill that you can swallow and is powered by the acid in your stomach to create a unique eighteen-bit signal in your body to turn your entire person into an authentication token. Though many of these biometric security products offer great promise, hackers and Crime, Inc. will not just give up their self-enriching efforts and go home defeated. However, rather than merely hacking your computer, Crime, Inc. will be hacking the Internet of You.
Security vulnerabilities aside, biometric and behaviometric technologies bring with them a host of public policy and privacy issues with which society has only just begun to struggle. What does it mean to have any individual typing on a keyboard anywhere in the world be remotely identified based solely on the way he or she bangs away at the keys? Great for locating the world’s most wanted hacker, but bad news for the leader of the opposition movement during the Arab Spring. The challenge with biometric surveillance, whether conducted by advertisers at the local mall or by the state’s security apparatus, is that it affects our behavior. When we know we’re being watched, we behave differently, more likely to conform and thus more easily be controlled. Whether at the hands of an out-of-control government or a monopolistic megacorporation, self-censoring behavioral modifications brought about by omnipresent surveillance can rapidly lead to a dystopian future for all. It is not just our physical selves that can be subjected to such persistent observation but our virtual selves as well.
Augmenting Reality
As the Internet of Things advances, the very notion of a clear dividing line between reality and virtual reality becomes blurred, sometimes in creative ways.
GEOFF MULGAN, U.K. NATIONAL ENDOWMENT FOR SCIENCE, TECHNOLOGY, AND THE ARTS
In the movies, Tony Stark amazes us with the capabilities of his all-powerful Iron Man suit, which, among its many features, benefits greatly from a plethora of real-time augmented-reality information streaming before his eyes from the suit’s head-mounted display. The technology in the film is based solidly on reality. Augmented reality (AR) provides a live direct view of a physical, real-world environment through a computer screen, such as the one on your mobile phone or embedded in Google Glass, and overlays additional digital information such as images, sound, video, or GPS data on the real-world environment. Some of the earliest AR applications were those used in heads-up displays for jet fighter pilots, allowing them to see critical system information on their cockpit window screens without looking down at their instruments during a dogfight. Today that technology has come into civilian life, with car manufacturers such as Mercedes-Benz and Range Rover projecting vehicle speed and turn-by-turn directions directly onto a car’s windshield. Unlike virtual reality, which can supplant the real for the virtual or even create an entirely fictional world, augmented reality enhances one’s perception of reality by laying useful data on top of the things we see in the real world.
AR can be used with any screen that has embedded sensors and cameras, whether it be your mobile phone, tablet, eyeglasses, or even contact lenses. It is expected that 2.5 billion AR apps will be downloaded and installed on our devices annually by 2017. The benefits of AR will be astounding, and major companies are already showing us the possibilities. In a Google ad, a user wearing Glass is about to descend into a subway in Manhattan, only to receive a pop-up alert with the MTA’s 6 train logo that train service has been suspended—data that are projected into his field of view on his Glass screen. Tools like this will allow travelers around the world to dump their bulky Fodor’s travel guides and use an AR app to show them around the city.
As you walk down the street, these apps can overlay data so that you can see the Yelp reviews of restaurants when you pass and Wikipedia entries on statues and historical buildings in your field of view. Of course, AR will bombard us with advertisements as we walk about town, with our Google Glass recognizing all the physical objects around us and placing ads on top of them. Ikea even incorporated AR into its 2013 catalog, allowing users to snap photographs of couches or any other pieces of furniture with their smart phones and then place them in their own homes (with the correct dimensions) to see how they might look before actually making purchases. AR will be the way we interact with the world around us and the IoT in particular, allowing us to query physical objects to better understand their history, intended use, and context. It will connect the online and off-line worlds and will change every aspect of life and work.
AR will also bring with it a host of security and privacy questions that need to be addressed. A future malicious app might overlay an incorrect speed limit on a highway road sign or place a fake sign where none actually exists on our car-mounted AR windshield display. Worse, it could show a traffic lane as being clear, when in fact it is not, causing an accident when you change lanes into another car. As noted previously, the more we disconnect from reality and accept the virtual in place of the real, the more we open ourselves up to manipulation via “in screen we trust”–type attacks.
In addition, just as Crime, Inc. has created crimeware, such as Blackshades, to automate criminality, we can expect it to release any number of AR crimeware apps in the future. For example, using an iPhone or Google Glass, hackers might be able to visually interrogate all the IoT devices in your office or home and see information displayed on their screens about which devices had known vulnerabilities or perhaps even see your poorly secured password, making hacking the IoT even easier than it is today. Reality-altering technologies such as AR will open the door further to even more immersive virtual environments, such as virtual reality systems, which also can be subverted and abused in powerful ways.
The Rise of Homo virtualis
Reality is merely an illusion, albeit a very persistent one.
ALBERT EINSTEIN
Increasingly, as we live our lives through avatars—in video games, online worlds, and social networking sites—our online personas are standing in for us in social situations, commercial transactions, and even sexual encounters. They are there representing us online 24/7, compressing time and space, to interact on our behalf with the rest of the world even as we sleep. The renowned game designer Jane McGonigal has
noted that “the average young person racks-up 10,000 hours of gaming by the age of 21,” the vast majority of which is in the persona of an avatar or game character. As they do, we witness the rise of Homo virtualis, perhaps the next evolution of Homo sapiens, a species that is pulled away from the constraints of our natural physical world in favor of the immediacy and perceived unlimited potential of the virtual.
Virtual reality (VR) uses computers to create simulated environments, worlds real and imagined, in which we can insert a representative physical presence of ourselves and our senses. Even the sense of touch can be re-created as haptic or tactile feedback technologies apply “force, vibration or motions” to the user. As Mark Zuckerberg commented upon Facebook’s $2 billion acquisition of Oculus Rift, a highly responsive virtual reality head-mounted display, in early 2014, “Strategically we want to start building the next major computing platform that will come after mobile.” Tools like the Oculus Rift headset can transport us in an instant to immersively experience a beautiful Tuscan villa, a courtside seat at an NBA game, or an imagined but realistic battle with Klingons and Romulans.
One of the earliest virtual worlds was Second Life, which was launched by Philip Rosedale of Linden Lab in 2003 and allowed users to represent themselves in the form of highly customized avatars. In Second Life, it was possible to make friends, shop, learn, and even attend a U2 rock concert performed by the actual avatars of the band’s members. Another common form of virtual worlds are known as MMORPGs (massive multiplayer online role-playing games). MMORPGs are video games that “allow thousands of players to simultaneously enter the virtual world and interact with one another. Players can run their own cities and countries, stand up armies” to engage in battle, and go on a “variety of quests with their own avatars.” The largest MMORPG is Blizzard Entertainment’s World of Warcraft, which has drawn up to twelve million subscribers, each paying monthly fees to inhabit a virtual world. Yet for as intricate and multilayered as these virtual spaces are today, Rosedale points to a near future wherein hardware and software advances, such as the High Fidelity platform, will deliver us the next-generation virtual world—one potentially as large and as complex as the real world is today.
In order to understand virtual worlds, one needs to comprehend the mind-set and psychology of those who inhabit virtual spaces. Many genuinely view their “second lives” as “first lives,” and 20 percent of MMORPG players regard the game world as their “real” place of residence. To them, earth is nothing more than “meatspace,” a secondary home in which the meat of their physical bodies can eat and sleep, while most of their interpersonal, commercial, and sexual relations take place online. While the overwhelming majority of VR users do not feel this way, the feelings may become commonplace as we spend more time in highly immersive and pleasurable virtual environments.
But there is a downside to this technophoria, as evidenced by a South Korean couple who spent so much time at a local cybercafe obsessively caring for their virtual daughter in the online world known as Prius that they failed to return home for days to feed their actual three-month-old, resulting in the real-world infant’s death. While this case is extreme, dozens of such incidents have been reported over the years, and even more may be yet to come.
The line between man and machine, online and off-line, is becoming increasingly blurred. Anybody who has ever played a hyperrealistic first-person shooter video game such as Doom or Call of Duty will know that the virtual experience definitely leads to physiological changes, including a quickened heart rate and sweaty palms in the heat of battle. Because avatars are virtual representations of ourselves and because people are spending thousands of hours in the personas of their avatars, our real-world psyches are becoming increasingly enmeshed with our virtual representations. In effect, what happens to our avatars leaves a mark on us, and within virtual worlds nearly any crime that can take place in our physical space can be replicated. Virtual worlds have their own currencies, such as Linden dollars or World of Warcraft gold, which like Bitcoin can be converted into “real money,” and have become a favorite target of Crime, Inc., which launches 3.4 million malware attacks daily in pursuit of online gaming accounts.
As strange as it may sound, crimes by and against avatars are becoming more common, and in virtual worlds you can be subjected to everything from cyber bullying to identity theft, with police in Japan having arrested a man for a series of avatar muggings. Even “sexual assaults” have been reported in virtual worlds, as was the case in 2007 in a matter investigated by the Belgian Federal Police. The incident involved a woman whose avatar was infected with malware by a man she met in Second Life. The computer virus allowed the aggressor to take control of the female avatar and violently and graphically sexually assault it. Ultimately, the case was investigated as an incident of “unauthorized access to a computer system,” and while some may find it easy to dismiss a case of “virtual rape” out of hand, doing so in the future will prove more difficult given the ever-improving immersiveness of virtual space and the very likely real trauma such incidents may cause moving forward. These incidents might be further exacerbated by the growing number of corporeal haptic feedback devices that are increasingly being connected to online worlds, allowing partners to use the science of teledildonics to remotely stimulate each other over the Net. Like any other IoT-enabled object, these will be subject to hacking with unpredictable consequences.
The rise of VR may have not only criminal implications but terrorism and national security ones as well. A 2008 report by the U.S. director of national intelligence suggests that terrorists may well be using virtual spaces for covert communications, to spread propaganda, train members, launder virtual currency, and even recruit new followers. According to an eighty-two-page document leaked by Edward Snowden and published on the New York Times Web site, both the NSA and the U.K.’s GCHQ have been spying on gamers in virtual worlds, including World of Warcraft, Second Life, and various games hosted by Microsoft’s Xbox platform. The spies have created undercover avatars “to snoop and to try to recruit informers, while also collecting data” and performing mass interception of communications between players, including the forty-eight million individuals using the Xbox Live console network. Concerns about terrorist organizations’ using gaming platforms for fund-raising and recruitment are not without foundation. Hezbollah has produced its own first-person shooter video game titled Special Force 2, which is used as a radicalization medium for young jihadis. In the game, players earn points by launching Katyusha rockets at Israeli towns, and they win by successfully becoming “suicide martyrs.”
As virtual reality continues to improve exponentially, the distinctions between our virtual and our physical selves will continue to erode as well. The result will be a world in which it will be increasingly difficult to tell where the physical you ends and the virtual you begins. This is the Internet of You, and it is entirely hackable. Throughout this chapter, we have seen numerous examples of how the technology around us is becoming the technology on us and in us. Wearables, embeddables, ingestibles, and implantables mean that to one extent or another we have all joined the cyborg nation—opening up our physical bodies to cyber attacks for the first time. Adding to these challenges is the fact that our anatomy and physiology can now be measured at a distance, with or without our knowledge, via biometrics and behaviometrics that can profile and uniquely identify us. As a result, digital bread crumbs have come to physical space, while we, our bodies and ourselves, are integrating with cyberspace as never before. But as we shall see, the converse is also true. Computers and other stationary techno-objects will soon leave the virtual world behind and join us in moving about real space. Machines are finally coming to life. After a long era of hibernation, they are ready to descend upon our physical world, and when they do, they will bring with them a tidal wave of threats for which we are wholly unprepared.
CHAPTER 15
Rise of the Machines:
When Cyber Crime Goes 3-D
/>
It is only when they go wrong that machines remind you how powerful they are.
CLIVE JAMES
Rezwan Ferdaus was raised in Ashland, Massachusetts, an upscale town in the suburbs of Boston. His parents had emigrated from Bangladesh in search of a better life in America and had high hopes for their son, whom they had raised to respect Allah and their Muslim faith. After graduating from high school, Ferdaus earned a bachelor’s degree in physics from Northeastern University in 2008. Unable to find significant work in his field, he moved back in with his parents. Like many his age, he spent a lot of time online. He began to frequent radical Islamist Web sites and watched numerous al-Qaeda videos calling on young Muslims to rise up in jihad against the great Satan—America.
As time went on, the twenty-five-year-old grew increasingly disillusioned with the United States and decided it was time for action. He told a man at his local mosque he wanted to join al-Qaeda and was eventually introduced to several “brothers” who could help him on his quest. In 2010, Ferdaus began to plan his own violent attack against the infidels he saw all around him in America. While the thought was not particularly original for a terrorist, his plot to use killer robots was. Ferdaus purchased three unmanned aerial vehicles (UAVs) that he intended to load with C-4 explosives and fly into the U.S. Capitol and the Pentagon.