15-15 STORY 1: Future Crimes: Privacy, Law and Criminal Activity

 

Synopsis: We’ve all learned how to become more careful about protecting our credit card and financial information from hackers. However, there are new ways that criminals can invade our privacy and, often, there’s little the police can do about it. We talk to a cyber-security expert and a technology attorney about the new threats to privacy – and even personal safety – and how we can protect ourselves from intrusions into our homes and lives.

Host: Gary Price. Guests: Marc Goodman, author of “Future Crimes: Everything is connected, everyone is vulnerable and what we can do about it”; Adam Rouse, Legal Fellow for the Institute for Science, Law and Technology, IIT Chicago-Kent College of Law.

Links for more info:

 

Future Crimes: What can we do about cyber security?

Gary Price: It seems that almost every week there’s another company or government body that falls victim to a hacker. Many of these attacks originate in the Eastern Bloc countries and Asia, but they can originate from anywhere on the globe. A report from the Center for Strategic and International Studies states that cybercrime costs the global economy about 445-billion dollars every year, and it’s going up. As we become more dependent on technology and the Internet for everything from tracking our workout, to running our home appliances to transferring money from bank to bank, the more we open ourselves up to hackers stealing our money, identities and our privacy. How did we get to this point? And what can we do to stem the tide of cybercrime? Marc Goodman has studied the problem as a former law enforcement officer and academic. He’s also the author of the book, “Future Crimes: Everything is connected, everyone is vulnerable and what we can do about it.” He says that today’s cybercrime is different from it was even 10 or 15 years ago…

Marc Goodman: Many of the hackers that were launching computer viruses back in those early days, certainly 15 or 20 years ago, were doing it for what they called the “lulz” the L-U-L-Z, for the fun of it, just to see if they could get the computer to do something that they wanted that it wasn’t supposed to do. And they were mostly younger people who had some stronger scientific backgrounds. The big change today is that the clear motivation for most attacks is financial, with some of it being political or espionage, but there’s a heavy financial component. And it’s no longer sort of young kids hacking in their mom’s basement. According to a study by the Rand Institute, a full 80% of criminal hackers are associated with an organized crime group and the average of these cybercriminals is 35.

Price:  Goodman says that many of those crime syndicates are from the former Soviet Union, a place that grew into a haven for smart, tech-savvy criminals after the Berlin Wall fell…

Goodman: So if you go back to the fall of the Soviet Union, the Soviets were quite good at training their citizens in math, in science, engineering. Many, many, many Soviets with Ph.D’s when the wall fell, suddenly found that they were out of employment opportunities because the government that was paying their salaries kind of went away. So they turned to alternatives and what they started to do was many of these very clever, very smart people found other opportunities in crime. As to why there is this large proliferation of crime from the Eastern Bloc, one of the big reasons is, is that because the rule of law there is much lower than it is in the United States and other European Nations so that the cops often are in cahoots with the criminals or on the payroll of the criminals and there’s very little opportunity to extradite folks. So the Internet sort of broke international law.

Price:  There are laws that cross borders, but unfortunately, not everyone signs on to uphold them. Adam Rouse is a legal fellow for the Institute for Science, Law and Technology at IIT Chicago-Kent College of Law. He says that it’s very difficult to find the hackers, and once you do, good luck prosecuting them…

Adam Rouse: There is a convention, a treaty that was signed not too long ago, the Budapest Convention on Cybercrime. The EU was involved in helping to draft it, the United States helped to draft some sections of it. And it’s really the strongest and the only international treaty in terms of providing for international police agencies to cooperate, to track down and arrest cybercriminals, extradite them back to the country where the cybercrime took place. But outside of that, the hackers sitting in China or Belarus or a country that hasn’t signed on to the convention, there’s not a whole lot that our law enforcement can do, it really becomes a diplomatic issue at that point. And you know the State Department could go to the embassy or go to the ambassador and ask to extradite these criminals. But besides asking politely, we don’t have a lot of recourse once the actual crime takes place outside of our borders.

Price:  Not all cybercrime is perpetrated by techies from the Eastern Bloc. In fact, Goodman says that you can go to school to learn how to hack and even find software to help you get the job done from what he calls “Crime University”…

Goodman: All the information you need to get involved in these crimes is widely available on the ‘net. So there are YouTube videos that teach people how to hack, how to do “denial of service attacks.” You can freely buy the software that will infect somebody’s computer, infect somebody’s mobile phone. So there’s a full Crime University that people who want to learn more about this can go out there and do it, and it’s very difficult to take that data down.

Price:  Hackers are also not just invading big box stores, investment houses and banks. They’re also finding ways to invade your home through your computer, WiFi boxes and even baby monitors…

Goodman: A baby monitor is just a small computer. Some of them are audio only, but today many of them contain video images and they can be turned on remotely. And so can the cameras on your laptop and on your mobile phone and hackers have ways of turning them on so you don’t even see the little green light or the little red light on the computer. So in the case of baby monitors of course they can listen in hour house and now you’ve got sort of a wireless spy inside your home that neighbors can pick up. But there’ve been other examples, where for example a woman may be in her infant’s bedroom breastfeeding the child and those images have leaked out over the baby monitor and been posted online. And there was a case, I believe it was in Ohio, where a couple of parents were sleeping and at 3 o’clock in the morning they heard what they thought was an intruder in their house screaming, “Wake up, wake up Jessica, wake up I’m gonna kill you!” And of course the parents ran to their infant daughter’s bedroom, her name was Jessica, and there was somebody on a video camera who, when the parents walked in there turned the video camera and started looking at the parents and yelling at them. And they knew that the girl’s name was Jessica because the parents had written it over the crib. So this is just some creep for the “lulz,” for the fun of it, who decided to come into their bedroom and wake up their baby yelling profanity at it in the middle of the night.

Price:  They can also control your home appliances if they’re on a remote access app on your phone or laptop. Imagine coming home and finding your refrigerator turned off, your faucets all running, the televisions blaring, and your burglar alarm system deactivated! It’s like a home invasion…only when you call the police, Rouse says there’s a good chance they won’t be able to do much…

Rouse: If you do call the police will they have the technological means to track down the vandal or the perpetrator, and odds are if it’s your local police department, probably not. And certainly calling the FBI for that sort of thing, while they’re mandated to investigate Internet crime and cybercrime, it’s a lot of departmental resources for someone who simply turns your refrigerator on and off.

Price:  But what about the baby monitor and the creepy surveillance of your child’s room and your home? Can the police do anything to stop that kind of home invasion? Rouse says it depends on the state…

Rouse: Some states have recognized the problem of kind of voyeurism, and digital voyeurism isn’t any different in terms of the “peeping tom.” Just instead of the guy creeping around at the window, it’s someone creeping around on the Internet trying to achieve the same thing. So some states have caught up at least a little bit. And there’s “invasion of privacy claims” you could make, saying where someone has invaded the privacy and the sanctity of your home. But other states, there’s still a monetary requirement which is, it’s a very difficult obstacle to overcome when the only thing that’s really happening is that snooping, that peeping, because how do you put a price on that? And unfortunately the law doesn’t.

Price:  Unfortunately, technology outpaces governments’ ability to create laws and regulations governing it. But, as with most things, prevention is still better than calling the police after the fact. Goodman says that we need to push for more security from the top of government to our own homes…

Goodman: Better more secure technology, Manhattan Project for cyber-security, I talk about creating a World Health Organization for cyber, and I think that if we make some of those steps, we can actually make the world much more cyber-secure, right? We faced really tough challenges in the past. President Kennedy in the 1960s said by the end of this decade, we’re going to put a man on the moon. So if we can put a man on the moon, surely we can figure this out. In the meantime, until we get to that better technological future, there are specific steps that I have listed in the book. I created something called the “Update Protocol” which are six steps that folks can take involving encryption, passwords and the like. And the research that I did for that was based upon a study by the Australian Ministry of Defense and they analyzed tens of thousands of hacks, and they said that if you follow the six steps I’ve outlined in the Update Protocol, then you can reduce your cyber-risk by 85%.

Price:  Goodman adds that listeners can find an infographic of those protocols at the website, FutureCrimes.com. Rouse says that if he were in charge of cyber law enforcement, one thing he’d do is make companies whose computers are hacked and whose customer’s data is compromised, more accountable…

Rouse: If you allow yourselves to be breached by these known vulnerabilities – and I think each time in the media it comes out that what was happening to these companies was known about in the IT field before the hacks occurred — and the companies should be responsible for, and by responsible I mean more than just the court of public opinion, and whether it’s fines they have to pay to the FTC, or fines that would have to go into, say, a general fund, that people could draw off of if their identity is stolen as a result of the breach. So at least the people could have some help in recovering their identities and maybe it would give the companies pause and make them think twice, and perhaps even incentivize them to spend a little bit more money on data security to take it seriously.

Price:  You can read up on all of the cyber-crime nightmares and some solutions to stay safer in Marc Goodman’s book, “Future Crimes,” available in stores and online. You can also find some tips on staying safe and maintaining your privacy on his site, FutureCrimes.com. To find out more about Adam Rouse’s work at the Institute for Science, Law and Technology at (IIT) Chicago-Kent College of Law, visit their site at kentlaw.iit.edu and click on “institutes and centers.” For more information about all of our guests, visit our site at Viewpoints online.net. I’m Gary Price.

 

Advertisements