With 2015 in the rear view mirror, it is time to focus on what’s in store for us technology-wise in 2016. My recent articles have been about the future of technology that is now being exhibited at CES in Las Vegas and the latest breakthrough in encryption orchestrated by David Chaum in Palo Alto, CA. I have also chronicled the myriad hacks of the past year. But because the crypto-wars are not going to disappear (but likely intensify,) it is only fitting to cast our eyes forward to see the biggest threats to online security we are likely to face, and how our privacy may be further put in jeopardy. Let’s see if the new trends in hacking we saw in the past 12 months continue or accelerate throughout this yea, for hackers are always persistent, and are increasingly bolder.
The attack on Sony last year is emblematic of an extortion attack – not for ransom, but a threat to disclose information which could be damaging to a company’s image and business and/or threatening to key executives. Extortion attacks at Ashley Madison jettisoned a CEO and smeared the reputation of millions of account holders (Editors note: the details of Ashley Madison victims were released online – no extortion was involved.). This kind of hack is perhaps most feared by companies and the public and law enforcement may not even be aware of them if the person(s) or company cave in and pay up.
Changing, Manipulating Data
That National Intelligence Director, James Clapper and US Cyber Command and NSA head, Mike Rogers, would agree on matters of national security is not surprising. But that also implies agreement about the severity of another major threat-headache – data manipulation. They point out that while theft of data is damaging, getting into a system and causing havoc by altering data or schematics could be devastating. Rogers said,
“At the moment, most (of the serious hacks) have been theft. But what if someone gets in the system and starts manipulating and changing data, to the point where now as an operator, you no longer believe what you’re seeing in your system?”
Such attacks are more difficult detect and more worrisome than the Stuxnet hack. An intrusion of this kind could send global stock markets into a tizzy by changing things like stock valuations. In warfare it has led to the misdirection of missiles, resulting in death. The Patriot missile miscue in 1991, which resulted in an unmolested Scud hitting a barracks and killing 28 people is one example from nearly 25 years ago (Editors note: this incident was caused by a software malfunction, not a pre-internet hack.) To be sure, the ante would have been raised by now, and with it, the increased collateral damage and potential loss of life. No wonder security personnel have trouble sleeping.
If persistence is a signature trait of hackers, than adaptation is their calling card, being able to counter security moves by the “good guys”. When retailers changed their system of registering a sale with electronic payment, the “bad guys” simply changed the way they scan and read the cards. To stay a jump ahead, retailers have installed special PINs and codes into their cards. As a result, hackers will have less success now at the brick-and-mortar and big-box stores, so they will simply shift their focus to the lucrative world of online retailing, where neither a PIN nor signature is required. This has been occurring with alarming frequency over the past months in the UK – expect an increase in the US, too, in 2016.
The Internet of Things Under Assault
In the movie, Field of Dreams, James Earl Jones famously intoned, “ If you build it, they’ll come” ( a baseball field). In the Internet world it might be said that if you build it, it will be hacked. So was the case with the Internet of Things in 2015. Whether it was connected cars, medical devices and medical records, electronic skateboards, or toy-like drones, it appeared no hack was too great or small for the bad guys, and showed the vulnerability of the IoT. Some were not even bad-guys, but rather genius types that wanted to point out weaknesses in products to people, especially car maker Fiat Chrysler – a tendency likely to be on the upswing this year. A trend we’ve already spied is the commandeering of IoT devices for botnets. Instead of hackers hijacking your laptop for their zombie army, they will commandeer large networks of IoT devices, including CCTV surveillance cameras, smart TVs, and home automation systems. Yes, you may pay a price for your nod to modernity!
The assault on encryption may have stalled somewhat as politicians jockey for position and read the tea leaves in this election year, but rest assured – it will be re-instituted with a vengeance after the votes are counted. The NSA and its ilk are going to go down swingin,g even if it doesn’t get its way. Last year there appeared evidence that perhaps a nation-state actor had installed backdoors in software which allowed both the good-guys and the criminal’s access. Make no mistake, the quest for backdoors will increase.
Rather than be frightened by these prospects, we should be somewhat sanguine, acknowledging that no great innovation arrives without warts or problems. These annoyances are soon overcome by more technology, and become not problematic – that is, until some nefarious types push the envelope again, and the process repeats itself. Should be an exciting year, so stay tuned!