Marc Goodman, a global security advisor, believes the anti-cyber crime community should mount a campaign against online criminals similar to President John F. Kennedy’s challenge to land a man on the moon.
“He made a bold declaration. … We don’t have anything like that for cyber security; yet we’re handing over every aspect of our lives over to these machines with no concept of protection. … We’re all going to have to do that,” he said. “And you folks from the ACFE have the right skill sets, the right knowledge, the right network to make that happen. I invite you to join me in that fight.”
Over the last 20 years, Goodman built his expertise in cyber crime, cyber terrorism and information warfare. He’s worked with Interpol, the United Nations, NATO, the Los Angeles Police Department and the U.S. federal government.
He founded the Future Crimes Institute to inspire and educate on the security and risk implications of newly emerging technologies. He also serves as the global security advisor and chair for policy and law at Silicon Valley’s Singularity University — a NASA- and Google-sponsored educational venture dedicated to using advanced science and technology to address humanity’s grand challenges.
“Technology can be awesome,” Goodman said. “It’s had a tremendous impact on the world. … But there’s a significant downside to technology and the ways bad guys use it. …
“All the technology change is leading to a paradigm shift in crime and in fraud. Crime used to be an easy affair; it was a good start-up business. You could go out and get a knife or a gun, hide in a dark alley and say ‘stick ‘em up.’ … But eventually criminals could only rob so many people in a day. New technology helps criminals rob more people,” Goodman said.
In the Target breach last December more than “one-third of America had its information compromised. … Now one person can rob 100 million people.” Also, Target had to spend $214 for each one of the accounts hacked. He said a recent Center for Strategic and International Affairs study said that the annual global cost for cyber crime is $400 billion — about 1 percent of the U.S. GDP.
He then shared some cyber crime developments. Here are just a few:
- Innovative Marketing Solutions, a company in Kiev, set loose a popup box that told computer users that they had a virus, and for $49 they could download malware protector software that would solve their problems. However, users actually never had infected computers until they paid their money and downloaded the software. Before the FBI and Interpol shut them down, the business ripped off $500 million.
- When we’re browsing on the Internet, we only see the “surface web” — underneath is the “Web Profunda” or “Deep Web,” which is 500 times larger than the web we know. “About 50 percent is involved with crime and fraud,” Goodman said. The Deep Web site, “Silk Road,” sold drugs, guns, fake IDs and hits for hire, among other nefarious goods and services. Before the site was taken down, 20 percent of all American drug users had purchased their drugs on the site, he said.
- Most flashlight apps on phones steal contact information.
- Those who think they’re calling their banks often are shunted via malware to criminal call centers that request, and often receive, personally identifiable information.
- Fraudsters are hacking pacemakers, insulin pumps and vehicle computer systems.
Goodman said that personally we should:
- Use different passwords for every system.
- Always use a VPN when connected to public networks.
- Always encrypt our data.
- Implement open-source intelligence programs. Go into the Dark Web.
- Place adults in charge of risk, fraud and security.
- If something is really important, don’t put it in a computer.
- “Red team” and test your assumptions; find problems before hackers do.
- Hackers are already in the system; hunt them out.
“Technology runs the world,” Goodman said. “ … When it fails, what’s our backup plan? We don’t have one.” He said we owe it to our children’s children to not leave them a scary cyber world.
Find more conference coverage at FraudConference.com.