WikiLeaks, the National Security Agency, data mining — we all know Big Brother is watching. But few of us realize to what extent.
Some things you might not know: Your smart TV is probably watching you watch it. Your office photocopier is recording everything you duplicate. Your smartphone can identify you by the way you walk, the way you hold it, and may also be recording you. The app you downloaded has now siphoned your name, e-mail address and place of residence and reported back to its parent company.
The insecurity of the individual, however, has nothing on the insecurity of nations, diseases, global finance, air and space travel, traffic and power grids, police and fire departments, medical data, news organizations. There are no firewalls that can’t be breached.
In his new book, “Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It” (Doubleday), global-security expert Marc Goodman explores our existing and impending vulnerabilities, all while exhorting us to be aware to the point of paranoia.
“Our interconnected world is becoming an increasingly dangerous place,” he writes, “and the more we incorporate assailable technologies into our lives, the more vulnerable we become.”
Goodman has far too many examples to back up that assertion. Among them: 160,000 Facebook accounts are compromised per day, and the company loosens up your privacy settings every time they update the terms of service — not that they’ll tell you.
Google reads your Gmail and sells your personal information to advertisers. Twitter, Facebook and LinkedIn also sell whatever data on you they’ve got.
Nordstrom and Home Depot track your movements through their stores using Wi-Fi and your cellphone.
Disneyland tracks visitors via sensor-enabled bracelets that they supply; the company records everything the wearer does, says and buys, and then — if that wearer is 13 or over — sells that data to others.
Disneyland tracks visitors via sensor-enabled bracelets that they supplyPhoto: Reuters
In 2010, the Nielsen company, which measures TV ratings, broke into PatientsLikeMe, an online forum where those suffering from chronic illnesses ranging from cancer to Parkinson’s disease to mood disorders gather. Why? To swipe data to sell to the pharmaceutical industry, among others.
There was the 2007 T.J. Maxx hack, which stole 45 million customers’ credit-card info; the 2013 Target hack, which breached 110 million accounts and was apparently the work of a 17-year-old kid in Russia; and the 2011 Sony PlayStation hack, which stole 77 million accounts and shut down the system for nearly three months.
This past winter, there was the back-to-back celebrity nude-selfie hack and the Sony Pictures Entertainment breach, which exposed private e-mails to the entire world and cost its chairwoman, Amy Pascal, her job.
Then there are the multiple malware systems that attempt to infect our personal computers with fake warnings of pre-existing viruses, and the so-called brute-force password-cracking systems that can run through 1 billion possible passwords per second. These do not stop until they succeed.
“Each of us now leaves a trail of digital exhaust through our day,” Goodman writes, “an infinite stream of phone records, text messages, browser histories, GPS data and e-mail that will live on forever.”
Few of us have any idea how powerful our devices are. The iPhone, Goodman notes, has more processing power than NASA had for the entire Apollo 11 moon landing. There are more cellphones on Earth than people. In the near-future, 1 trillion new devices will be online.
We’re also about out of Internet addresses. To remedy this, Internet Protocol Version 4, which has been powering the Web since the 1970s, will be getting an upgrade. The forthcoming IPv6, Goodman writes, would provide each grain of sand on Earth — and there are 7.5 quintillion of them — with 1 trillion Internet addresses.
“We can think of today’s Internet metaphorically as about the size of a golf ball,” he writes. “Tomorrow’s will be the size of the sun.”
In November 2014, then-Secretary of Defense Chuck Hagel admitted the United States was ill-prepared for the technological world of 21st-century warfare. In announcing a Defense Innovation Initiative, Hagel stressed the need to recruit those innovators who could make breakthroughs in asymmetrical cyberwarfare, robotics, artificial intelligence and 3-D printing.
“As the world in which we operate changes,” he said, “we must, too.”
Yet we’re not moving fast enough.
“In 2008,” Goodman writes, “the top-secret design specs for the president’s Marine One helicopter were found freely online, hosted on a peer-to-peer (P2P) network in Iran.” Those plans were inadvertently leaked by a US military contractor who downloaded music online while working. The P2P network he used for those downloads made those specs visible — all over the world.
In Iraq, four new Apache helicopters were destroyed in 2007 by insurgents after US servicemen posted photos to Facebook — unaware that the pictures had been automatically geotagged. GPS revealed their location.
Apache helicopters were destroyed by Iraqi insurgents in 2007 after soldiers posted photos of them online.
Photo: Getty Images
In another virtual breach, Robin Sage, a 25-year-old cyberthreat analyst who had just joined the Navy, befriended more than 300 colleagues and superiors, including high-level intelligence officials and the chairman of the Joint Chiefs of Staff, on social media.
It was later revealed that Sage was a fake, a fictional person invented by an American security expert as a test.
Among other breaches, an Army Ranger had given Sage classified details about his troops’ locations and battle plans in Iraq.
The Health and Human Services Administration admits the medical records of 21 million Americans have been breached since 2009. The Department of Transportation admits that hackers have obtained records for 48,000 FAA workers, interfered with domestic air-traffic control and installed fake code on their networks — and that the agency is ill-equipped to fight back. The next attempt to bring down an airliner probably won’t involve a suicide bomber. Why bother when terrorists can bring one or more planes down with a keystroke?
In light of all this, it’s astonishing that there is no secretary of cyberdefense — and that what we do have is under the umbrella of the Department of Homeland Security, an agency so bloated and inept that a January 2015 report found it can’t even protect high-target federal buildings.
“No one at DHS is assessing or addressing cyber risk to building or access control systems,” wrote auditors from the Government Accountability Office.
They also noted that the DHS division tasked with protecting civilian cybersecurity has accomplished nothing.
One official in that division told investigators that DHS had no plan yet “because cyberthreats involving these systems are an emerging issue.”
One of the biggest stories of 2014: Half of American adults had been hacked.
How can we possibly protect ourselves? Despite his grim view, Goodman insists there are a few things.
Perhaps the simplest: Password-protect your cellphone. Goodman reports that 40 percent of cellphone users don’t take this basic step.
He also encourages users to update software on all their devices continually, which helps protect against weak spots in operating systems. Only run those programs and applications that you recognize and are reputable. This will keep you from unwittingly installing malware on your computer. And restrict access to your own machine.
It’s worth noting that amid all the debate about emerging technologies, there’s heartening evidence that we are evaluating the costs. Last November, after 2¹/₂ years of research and development, Google announced it was killing Google Glass.
Apparently, there wasn’t enough consumer demand for a piece of eyewear that doubled as a computer screen and recording device. A 2014 study reprinted by Adweek found 72 percent of Americans had no interest in the product, citing privacy as their top concern.
The failure of Google Glass also suggests there’s a limit to how we will interface with technology — literally. As one early adopter told the MIT Technology Review, “I found that it was not useful for very much, and it tended to disturb people around me that I have this thing.”