Firms specializing in technology security make it their business to scare potential customers, but that doesn’t make an Internet Identity (IID) report predicting cyber doom in 2014, highlighted today by Ray Kurzweil’s Accelerating Intelligence, any less spooky.
According to IID, looming cybersecurity threats in 2013–more mobile malware, increasingly aggressive hacktivism, attacks on the cloud–are “well-anticipated and mundane.”
Those “mundane” threats are nothing next to the bleak wasteland of death and destruction IID expects in 2014:
[By] 2014 significant new methods of cybercrime will emerge. These new threats include the utilization of Internet connected devices to actually carry out physical crimes, including murders and cybercriminals leveraging mobile device Near Field Communications (NFC) to wreak havoc with banking and e-commerce. IID also expects the industry to combat such threats with new platforms for sharing intelligence across researchers, commercial enterprises and government agencies.
IID elaborated on “Murder By Internet Connected Devices” with scenarios that sound pretty plausible. They predicted that criminals could use pacemakers with remote connections, control systems on Internet-connected vehicles or even connected machines that control IV drips to potentially carry out long-distance, untraceable crimes.
It sounds like hyperbole, but pacemakers (for example) are already hackable, and as Forbes noted in this early December post about the reality of compromised medical equipment, Homeland has already used a hacked pacemaker as a plot device.
IID also warned about the dangers of NFC-enabled smart phones. NFC, or near-field communication, allows information exchange between compatible devices. It’s pretty common on phones now but may one day even permit cars to talk to each other. Paul Ferguson, the company’s vice president of Threat Intelligence, says NFC could be “a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”
Additional threats IID believes may manifest in 2014 include an increase in state-sponsored malware, like Stuxnet, Flame and Duqu, a successful cyberattack on a power grid and an “exploit of a significant military assault system like drones.”
Not directly mentioned but already in the wild: hackers already taking advantage of poorly-secured supervisory control and data acquisition (SCADA) systems which have easily cracked web administration pages. At the moment SCADA vulnerabilities might just cause discomfort and disruption, but in 2014’s creepy killer web scenario, compromising a large-scale heating and cooling system might just be round one in an all-out infrastructure attack on a regional, even a national scale.
In posting a link to the Kurzweil write-up about IID’s dire warnings, Quartz’s Christopher Mims sounded the necessary note of caution needed after reading hints of a looming cyber-pocalypse:
Cybercriminals will straight-up kill you, says firm that profits massively by hyping threat. kurzweilai.net/murder-by-inte…
— Christopher Mims (@mims) January 4, 2013
Duly noted. However, if IID is correct, we’ve only got a year.
Cower and whimper accordingly.