Reading about biometrics (and how easily they can be compromised) in this book and saw this quote about fingerprints. Check out who said it... 😕 
“It’s just old wine in a new bottle” is a pretty good metaphor.
Whoa, the book goes on to talk about other biometrics being tested and mentioned RFID tattoos???
(I couldn't find anything more recent than a 4-yr-old article, so maybe this is falling by the wayside, but still!)
theverge.com/2014/7/28/5945…
(I couldn't find anything more recent than a 4-yr-old article, so maybe this is falling by the wayside, but still!)
theverge.com/2014/7/28/5945…
I just came across the word "teledildonics" in this book.
.......
...............
ok then
.......
...............
ok then
I'm not new to the idea of internet-enabled sex toys, which certainly is a mouthful (*snerk*), but surely there's something other than "teledildonics" we could use?
Now we're on robotics, and this section briefly talks about the future of "human employment" (and how our society might change). Goodman offers two possible outcomes. Guess which one I'm banking on.
Now "Future Crimes" is giving an overview of the various ways drones (and other UAVs) are currently used as well as how they can be hacked (or how they hack other drones—mid-flight).
People have pointed out that a border wall is stupid af because it can be defeated by a variety of methods: boats, tunnels, ladders... And guess what drones are already great at? Smuggling drugs!
The book has already touched upon human-driven, military-usage UAVs, but now we're on to the future of autonomous machines, and apparently South Korea currently has (or had?) sniper drones with heat and motion sensors in usage along the DMZ?? 😳
en.wikipedia.org/wiki/SGR-A1
en.wikipedia.org/wiki/SGR-A1
Whew, okay. That section was scary, but now the book's discussing 3D printing. At least *part* of this section will be exciting. Indeed, I'm tickled to know the ISS has a 3D printer in case it really needs a new part. 😊
nasa.gov/content/intern…
nasa.gov/content/intern…
Aaaaaand here’s the scary stuff. 😱
Okay, last chapter in part two of “Future Crimes”. It starts off with a great quote from Carl Sagan.
Then it recounts something that happened back in 2013 that maybe I missed or maybe I forgot, but which is still pretty alarming.
wapo.st/Y28EjG
wapo.st/Y28EjG
This story is of note not just because a Twitter account was hacked in order to spread a hoax, but because the high-frequency trading platforms that voraciously read the news (and which trusted AP's Twitter) made a panicked "sell! sell!" decision without any human interference.
It's not the first time the book has mentioned Wall Street's HFT machines, nor will it be the last, I'm sure. I'm continuously stunned as I read this book at how people have so gleefully and willingly opened themselves up (in a myriad of ways) to technology-originated disasters.
Another great quote. 👍
(I almost effed up my threading!)
(I almost effed up my threading!)
Facebook?? Manipulating its users’ news feeds?? And therefore their emotional states?? All without consent?? HM, HAVEN’T WE SEEN AN EXAMPLE OF THIS MORE RECENTLY THAN 2014???
washingtonpost.com/news/morning-m…
washingtonpost.com/news/morning-m…
Ahh, and now we're on to AI. (Don't worry, the book has referenced Terminator *several* times already.) Here's a great Stephen Hawking quote from his 2014 op-ed in Independent:
(RIP Mr. Hawking)
(RIP Mr. Hawking)
Reading more "Future Crimes". Goodman's discussing "DNA privacy". I'm not surprised there's little legislation or legal precedent protecting one's genetic information (see: Henrietta Lacks), but I wasn't aware of a 2008 legislative act named GINA.
en.wikipedia.org/wiki/Genetic_I…
en.wikipedia.org/wiki/Genetic_I…
Goodman says of GINA that it does apply to health insurance (e.g. if you discover a genetic disorder that's yet to manifest, your health insurance can't jack up your premium should they get wind of it...at least not yet), but...
He says GINA does *not* stop insurers from discriminating "when writing life, disability, or long-term-care insurance policies." 😒 On top of that, who knows what the last couple of years and attempts to sabotage the ACA has done to the effectiveness of GINA.
Uh-oh, y'all. I got bad news. I previously tweeted about "what if your DNA profile was stolen from a database and hackers planted falsified forensic evidence at a crime scene", and uh... Israel scientists already proved back in 2009 they could do it.
nytimes.com/2009/08/18/sci…
nytimes.com/2009/08/18/sci…
According to the book, there're companies out there that can process DNA samples taken from things like chewing gum, cigarette butts, you name it. Just swipe someone's discarded paper coffee cup, send it off, pay $100, and now you've got their genetic blueprint. And it's legal!
Now we're getting into synthetic narcotics. This ought to be an interesting section. Hubs and I have been watching "Altered Carbon" (excellent world-building, btw—just too many dead, naked women for my taste) and it mentions more than one fictional synthetic narcotic.
You know how I know that at-home bio-printers and "open-source" blueprints for synthetic drugs is going to have a really hard time gaining widespread use in the States? Because of Big Pharma. No way are they going to let diabetics synthesize their own insulin at home.
#nightmarefuel "With the advent of synbio, [terrorists] can just download the genetic sequence blueprints and print these deadly viruses themselves. The full-length genetic codes of...pathogens including Ebola and Spanish flu are freely available [online]." 😬😬😬
Oh God. A few years ago, the National Science Advisory Board for Biosecurity had to stop a Dutch-American team from recklessly publishing the genetic code of the more virulent strain of bird flu they'd created.
nytimes.com/2012/01/21/sci…
nytimes.com/2012/01/21/sci…
"Eureka! We made a disease more deadly to humans, so let's make it easy for terrorists to reproduce our results and start pandemic!"
—some asshole on the H5N1 research team
—some asshole on the H5N1 research team
Goldman's moved on to more "exotic" technology, such as satellites, spaceships, nanotech, etc. He just mentioned graphene, which I'm super excited for. I talked about it a little bit in an old blog post:
rubyduvall.com/blog/behind-sc…
rubyduvall.com/blog/behind-sc…
Yes!! I was hoping Goldman would mention the "gray goo" scenario—nanobots self-replicating out of control and thus turning the world into "gray goo". All it would take is one catastrophic programming error.
en.wikipedia.org/wiki/Grey_goo
en.wikipedia.org/wiki/Grey_goo
LOL, he's now going into quantum computing and this is my face right now:
Last section of "Future Crimes". Goodman talks a little about how it's Not Great that so few people understand how modern technology works, and therefore few people are even aware of the worst potential negative impacts. After the largely useless Facebook hearings, I gotta agree.
And the fact that this current admin dgaf about securing the US from cyberterrorism, this phrase from Goodman is especially alarming:
"Exponential times are leading to exponential crimes."
politico.com/story/2018/05/…
"Exponential times are leading to exponential crimes."
politico.com/story/2018/05/…
Hm, good point. I think it's becoming clear, even to non-tech-savvy people (but esp to people familiar with tech, not to mention those working in STEM) that a lot of programming really is messy. It's rife w bugs and security flaws. Goodman talks about how the IoT exacerbates this
LOL Goodman quotes a computer security researcher named Dan Kaminsky saying, "We are truly living through Code in the Age of Cholera." Which is perfect.
So I know a lot of big tech companies are doing better at offering competitive bounties for bugs, exploits, etc.—found by "non-employees", as it were—but I wonder if it's industry-wide or just the big players. I'm guessing the latter. And I'm guessing they could still do better.
HAAAA!!
Of the ubiquity of lengthy software TOS agreements, Goodman asks, "How is it that the software business has carved out an exception for itself for ever being responsible for anything?" He points out that we certainly don't let restaurants do the same wrt the safety of our food.
Goodman certainly isn't arguing for an avalanche of new laws (and neither am I, not when Congress failed so hard to really grill FB), but having next to NO consequences for crappy code also doesn't pass the smell test. Tech security can't be perfect but it can be better.
So. Many. Good. Quotes!!!
Goodman concedes that a determined hacker could bypass two-factor authentication (2FA) with a man-in-the-middle attack, but says 2FA will, for now, be a really good layer of protection for most civilian tech users. SO MAKE SURE YOU USE IT, EVERYBODY! Twitter has 2FA, go get it!
Holy crap, a quote from Robert Mueller!
Hubs suggests a change to that quote, though: "There are only two types of companies—those that have been hacked and those that don't yet know they've been hacked."
LOL, four months later~~~ Still got Part Three of "Future Crimes" to finish. That's what happens when you have twins! YOUR LIFE IS CONSUMED. Anyway... where were we. Ah yes, the section about encryption.
The section cites a couple studies, one by HP in 2014, that points to a huge issue with encryption: the fact that it's not used enough. For example, modern PC operating systems come with free hard-disk encryption tools, but which aren't on by default, so hardly anyone uses 'em.
Here's a reminder to start using a password on your mobile phones, y'all. And don't make it 1234.
Next section is about tech literacy. Not very long, but says the obvious: we should become more educated about how the technology we use works and how it can be exploited so that we can protect ourselves. Easier said than done. I can't even tell when a Russian bot is trolling me.
Ah yes, the "human factor" in tech security. There's variations on this acronym, but the one I'm familiar with is POBCAK: Problem Occurs Between Chair And Keyboard. To wit, a lot of security incidents involve human error. 95%, according to an IBM Security Services study.
Y'all of course remember the false missile alert in Hawaii earlier this year—geez, was that still in 2018? Anyway, the employee was apparently given misleading instructions during a drill and they then failed to cancel the alert in a timely manner. nytimes.com/2018/01/30/tec…
So, yes, the alert system has some UI problems but also... POBCAK.
Oof, and now Goodman is talking about military facilities that were supposed to be safe from the "Internet at large" thanks to zero physical connection to it, but then someone with an infected USB drive can walk right in—and have.
I once was talking to my dad about this kind of stuff, and he sounded so confident when he said something like, "Well what they need to do is keep the important machines"—the laptops, etc.—"separate. Only let qualified people into the room." On and on.
I said, "That person could get bribed, or their family threatened. They could get tricked into bringing a virus in on a USB stick. There's always a way. Nothing is perfectly secure." Or, they could be someone like Snowden.
Goodman goes on to say, "The goal here is not some elusive unicorn known as 'perfect security' but a significant improvement in our current state of affairs." Thus, he starts talking about human-centered design. Yes!
He talks a bit about "please don't make error messages super cryptic" and "think of better security solutions if your users can handle changing their complex passwords every two weeks" but doesn't go into much more detail. :<
Then he talks about "building an immune system for the internet", and a CS professor trying to use the swarming intelligence of ants to make a threat program for computer systems, and it's kind of vague and surface-level?? Bah.
Okay, now we're on to how law enforcement needs to step its game up. Not only are certain levels of LE laughably uneducated about tech security and online crime, but they're also hampered by rules, regs, jurisdictional issues, etc.
Goodman's not arguing for cops to have the kind of tools that some in LE would undoubtedly abuse, but for various levels of government to catch up with cyber-crime laws, processes for inter-jurisdictional (and international) cooperation, and training for LE.
Oh, and it would also help if the Olds in the upper levels of government would maybe care to understand wtf email is?
OooohhhHHHh, I like this part: "While criminals are using AI to script and automate crimes, police are responding to each crime manually. Crime is scaling, but law enforcement has not: we have AI crime bots, but where are the AI cop bots to counter them?"
Ughhhh this pun is horrible (and I love it). The next section goes into "Practicing Safe Techs." Anyway, Goodman cites four key strategies for protecting our networks and devices. 1. "Application white listing—only allow specifically authorized programs to run on your system ...
.. and block all unknown executable files and installation routines." I think I get the gist of this but I'm not sure if I'm misunderstanding. Does this basically just mean, "Don't install weird shit from shady sites?" (Feel free to reply, if anyone is still reading this thread.)
2. Update your PC apps (and, I assume, your mobile apps).
Goodman name-drops a few examples, such as Java (which I avoid like the plague). The big one he names is your internet browser.
Goodman name-drops a few examples, such as Java (which I avoid like the plague). The big one he names is your internet browser.
3. Allow automatic OS updates.
Yes, I know the internet loves to get its lols complaining about Windows Update, which has certainly boned me a few times, but take security updates seriously, y'all.
Yes, I know the internet loves to get its lols complaining about Windows Update, which has certainly boned me a few times, but take security updates seriously, y'all.
Number 4 is interesting. It says "Restrict administrative privileges on your computer and spend the majority of your time logged in as a basic user such as when e-mailing and Web browsing. ...
.. Doing so deprives adversaries of the admin privileges they often need to install malware and rummage through your network."
First off: lol @ "adversaries" - I dunno why that word choice makes me giggle
First off: lol @ "adversaries" - I dunno why that word choice makes me giggle
Second, it's not a bad idea, although I worry it's advice that a competent CS person would tell me is "not actually gonna do much" or something like that. Anyone want to chime in?
In the next section, Goodman advocates for a sort of "Internet Health Organization" (as opposed to the WHO) or, on a national level, a "cyber CDC." They'd provide education, monitor networks, study the spread of "digital disease", and provide "incident response."
Another in that list is "immunization...through software patches and system updates." I'm not sure exactly how a taxpayer funded entity would insert itself into software patching for corporations...
.. but I assume it would NOT be by buying a zero-day exploit and crafting a virus with it. 👀 en.wikipedia.org/wiki/Stuxnet
Goodman continues the disease metaphor by pointing out that discovering that mosquitoes breed in stagnant water and doing things to reduce that breeding did a lot to reduce the spread of malaria. Then there's the issue of not even knowing you (your device) is infected.
He then asks what the world's backup plan is if our information systems crash. How do we get money from our bank accounts, or make calls, or even get gas?
This is definitely something that alarms me. As Goodman said earlier, the US's electrical grid is pretty vulnerable.
This is definitely something that alarms me. As Goodman said earlier, the US's electrical grid is pretty vulnerable.
A new chapter in "Future Crimes". Goodman discusses the need to reduce the "time to detection." (One website called this "breach detection gap.") He earlier cited that most large data breaches aren't discovered for an average of over two hundred days. 😬
He goes on to talk about how corporations don't even have a firm grasp of the scope of their "information assets" and thus don't realize how weak their security and monitoring is. Goodman says, "[T]he more you keep, the more you have to protect."
One website (for a IT security company) said a majority of breaches are discovered by law enforcement. Of course, the security company then went on to say regular "penetration testing" would help save "millions" and won't you consider our services? But I digress...
Goodman goes on to say that hiding these data breaches, despite the hit to a company's image, only makes things worse because the ones who perpetrated the attack are free to move onto other targets with impunity.
wired.com/story/uber-pai…
wired.com/story/uber-pai…
Goodman then advocates for companies, including and especially those that develop software, to develop rapid-response systems *before* a breach occurs rather than create an ad-hoc response *during* a breach. "Security cannot be an afterthought."
He warns that "we are racing full speed ahead with synthetic biology, artificial intelligence, swarming robotics, and nanotechnology [while] dedicating precious few resources to understanding the concomitant risks of [these] technologies..." (obligatory Jeff Goldblum gif here)
(U.S.-centric here) Securing our internet-connected national infrastructure (e.g. the power grid) requires a much "more adaptive government," Goodman says. "Cabinet secretaries and Supreme Court justices who 'don't do email' simply won't do anymore."
(Throughout the entire book, Goodman has been pretty clearly frustrated with state and local government, law enforcement, and various agencies that have all continuously shrugged their shoulders at the myriad digital threats. He's not wrong, either.)
Haaaaaaaahahahah, he just went after the TSA.
"Though frisking four-year-olds and little old ladies in wheelchairs makes for fine 'security theater,' we're going to have to significantly up our game if we hope to prevent future terrorist attacks."
"Though frisking four-year-olds and little old ladies in wheelchairs makes for fine 'security theater,' we're going to have to significantly up our game if we hope to prevent future terrorist attacks."
He then gives a rundown of various groups and nonprofits who are trying to "redesign the problem-solving capabilities of government institutions." NYU's GovLab, the OS Fund, and various "public-private partnerships (PPP)." So far, a few PPPs have not been all that focused.
LOL, Goodman name-drops something called the Security Innovation Network, which shortens its name to "SINET" because the shorter acronym would be unfortunate. 🤣
Goodman circles back to the jurisdiction issue. "Policing is a closed system: it is nation based, while the threat is international. Our current paradigms of security—guns, border guards, and tall fences—are shockingly outdated."
So yeah, building a literal fucking wall is DUMB when it cannot "keep out the bits and bytes that can travel around the world at the speed of light." (It can't even defeat a fucking ladder.) Oh, and also: arstechnica.com/tech-policy/20…
Goodman is now advocating for "enabling ordinary citizens to combat the problem...through crowdsourcing." Reminds me of an article that went around not long ago about a Scandinavian country, I think, teaching its citizens media literacy—specifically how to spot fake news.
Anyway, he goes into a few examples and I hadn't heard of this one: editors at the Guardian got 25k volunteers to pore over 455k pages of data in order to find "flagrant expensive claim violations" by member of the U.K. Parliament. Here is the result.
en.wikipedia.org/wiki/United_Ki…
en.wikipedia.org/wiki/United_Ki…
Goodman thinks formalizing a sort of "National Cyber Civil Defense Corps" would go a long way to filling the 1-2 million person gap in talented cyber-security professionals needed to meet the digital threats of today.
Oh God, now Goodman is talking about "gameifying" threat response. He first cites this Network Challenge put on by DARPA in 2009.
en.wikipedia.org/wiki/DARPA_Net…
en.wikipedia.org/wiki/DARPA_Net…
Okay, so I'm skeptical af but he gives a couple other really interesting examples, a game called MalariaSpot that crowdsourced malaria diagnoses...
aws.amazon.com/blogs/publicse…
aws.amazon.com/blogs/publicse…
..and another called Foldit that led to the discovery of an enzyme that researchers had been working on modeling for fifteen years. (It took the players 10 days.) huffingtonpost.com/2011/09/19/aid…
Uhhhh. Okay so I've read ahead a little bit (we're almost to the end—although there's a postscript in this edition regarding an earlier edition of "Future Crimes.") Anyway, Goodman advocates for a "Manhattan Project for cyber", and I just...uhhhh 😬
On the one hand, yes, that project is an example of a major undertaking done in response to a dire threat, but on the other, it produced the U.S.'s first nuclear weapons?? Do we really want to start an initiative with that history in mind?? One seeking a digital nuke????
Goodman then talks about the space race and NASA and the need for a bold mission (and leader) that will inspire. He had earlier talked about "incentive competitions" such as XPRIZE and he name-dropped Musk and I'm all... sorry dude, fresh out of bold leaders in this here 2018.
Anyway, he wraps the book up with a call to action. To paraphrase: "we're outta fucking time, y'all. Let's get on this." Now for a postscript.
Looks like the hardcover of "Future Crimes" was past the point of no return when the Sony Pictures hack occurred. In the P.S., Goodman summarizes the likely motive for the hack, the likeliest perpetrators, and the devastating results.
en.wikipedia.org/wiki/Sony_Pict…
en.wikipedia.org/wiki/Sony_Pict…
He had hoped the hack would wake people up, but it didn't. Instead, more and larger breaches got headlines. Anthem Blue Cross lost ~80 million patient records, which they didn't bother to encrypt because law didn't require it. (Again: "Security shouldn't be an afterthought.")
Lololol now he's just listing all the new data breaches, including the Ashley Madison one. God, the news is so crazy that I had completely forgotten about that until now.
I've learned from Goodman's book, though, that Ashley Madison's ToS not only required a bunch of personal information from users but also refused to take any responsibility for securing that information. It also claimed it could sell that info, if the company wanted. lol wut
On a related note, here's a cool art installation. Check out "I Agree.", which shows the insane lengths, literally, of the ToS agreements for a few major social media sites.
designboom.com/readers/dima-y…
designboom.com/readers/dima-y…
Moving on. Goodman provides more examples of recent data breaches and digital heists. He cites a study by Juniper Research that estimates the global cost of computer breaches (to businesses alone) will be $2.1 trillion in 2019, "a fourfold increase...from 2015." YIKES.
More examples follow, one of which I'll highlight: "the 2015 hack of the...Office of Personnel Management (OPM.) The attack...pilfered the national security background records of more than twenty million U.S. citizens with a security clearance." HELLO BLACKMAIL MATERIAL holy cow
And that's about it! He quotes Article IV from the U.S. Constitution, which compels the government to "protect each state and its citizens against foreign invasions"—hacking certainly qualifies—but the book ends with another refrain of "seriously we gotta do something."
A very alarming read. I'll no doubt be going back and flipping through "Future Crimes" often. That is, after my twins can look after themselves for more than three minutes at a time. T_T
@threadreaderapp unroll
