This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
A recent report from Europol’s European Cybercrime Center includes a forecast that the world’s first “online murder” will likely occur before the end of 2014. Obviously this is a frightening concept and one that a number of news outlets quickly seized upon with ominous headlines. However, there’s a far more dangerous story that underlies this prediction, a story that illustrates some of the challenges of rapid, unrelenting progress.
The forecast was included in the Internet Organized Crime Threat Assessment (iOCTA) report that examines the growing commercialization of cybercrime. According to the report, the underground economy has been developing a “Crime-as-a-Service” (CaaS) business model in which skilled specialists create a wide range of products and services. These cover many different forms of criminal activity and are allowing those with few technical resources to readily enter into the world of cybercrime. Unfortunately for most of us, this wasn’t a bar that needed to be lowered.
So, is murder over the Internet actually feasible? Without a doubt. Years ago, I wrote about this possibility via poorly secured wi-fi in implantable medical devices (IMDs) such as pacemakers, ventricular assist devices and insulin pumps. Causing the intentional malfunction of such equipment could definitely result in a user’s death. By example, last year former Vice President Dick Cheney told 60 Minutes that he went so far as to have the wireless function in his own implanted defibrillator disabled in 2007, lest would-be assassins attempt to exploit the vulnerability.
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
In addition to risks from IMDs, even more security holes will inevitably emerge as body area networks – or BANs – become prevalent. A BAN is a communications network that is situated in, on or near the body and is based on standards established by IEEE 802.15.6. Of course, without adequate consideration, driverless cars and other autonomous vehicles will also become potential threats. As the Internet of Things exponentially increases the world’s current 10 billion Internet-connected devices, it will no doubt also bring with it new dangers. These are but a few examples of emerging technologies criminals could exploit for deadly purposes.
But who’s to say online murder hasn’t already happened? When hackers cause widespread power outages as they may have done in Brazil nearly a decade ago, isn’t it likely that someone among the millions affected will die due to a lack of electricity? True, such deaths wouldn’t have been specifically targeted, but to any victims and their families that distinction is of little comfort.
This alarming prediction and its near-term timeframe aren’t the truly important story here. What should really concern us is the potential for a vast increase in cybercrime due to the low barrier of entry that’s being created. Not only will this likely give rise to still more cybercriminal activity, it could also lead to a race to the bottom, with CaaS developers providing ever cheaper and easier to use tools and services.
From the futurist’s standpoint, however, all of this illustrates an even broader trend and threat – one we should be working to address much sooner than later. As technological progress continues to accelerate, we find ourselves having to deal with new innovations all the time. Nearly all of these are being developed for good, even altruistic reasons. Invariably they generate new opportunities and provide many competitive advantages. No one develops the Internet or automobiles or advances in medicine for nefarious purposes. But perhaps we need to learn to build this darker perspective into our development process and actually consider some of these possibilities? Not with the intention of halting the work, for that will never succeed. After all, when the time is right, an invention will inevitably come into the world. Just ask the 23 other early inventors of the incandescent light bulb whose names weren’t Edison.
No, the idea would be to give greater consideration to the negative and unanticipated consequences of our new technologies as early in their development as we possibly can, in order to better address their vulnerabilities and shortcomings. In doing this, we can potentially alleviate many of the significant, possibly even enormous costs and dangers we’ll otherwise have to face later down the road. Had such an approach been taken in the early days of the Internet, perhaps we wouldn’t now be dealing with a cybercrime problem that has an estimated global cost of $445 billion annually.
Of course, this will add to research and development costs at a stage when many businesses, especially startups, can least afford it. Perhaps one approach could be in the form of federal technology grants earmarked for just this purpose? Or separate consulting businesses that help envisage or even assist in mitigating anticipatable consequences? Whatever the solution, society would be well served if we were to apply better foresight to the early stages of developing new technologies. In light of this recent report, it’s becoming increasingly evident it would be a crime not to.