The holiday season is a great time to spend with your family and friends, and to take a well-deserved break from the pressures of work and worry.

I hope you will enjoy it.

I also have a gift to give you on this holiday that you may not have even thought about.

Many of you or members of your family will receive gifts of technology. An increasing number of items now allow them to be connected to your network, usually with either Wi-Fi or Bluetooth.

One of the most popular gifts last year, and probably this year will be smart home speakers and controllers.

Your children may receive connected toys that communicate via Wi-Fi, and some of them now come with voice recognition to allow the youngster to “talk” with the toy. I have seen connected dolls and stuffed animals that allow the child to carry on a conversation with the doll, but most people don’t understand how the technology works, and the information that is transmitted to make the conversation possible.

Almost every smartphone and tablet comes with a personal assistant, along with many new vehicles. Do you know how they work?

Connected televisions have built-in microphones and cameras, along with many other entertainment and communication apps. Some of them even set up a separate wireless access point that you may not have realized.

New wireless home security systems now allow a homeowner to set up a system without the need for running power cables to every device connected to the system. Many of these don’t encrypt their data, even the data that’s transmitted back to the developer.

Smart thermostats, smoke detectors, and even kitchen appliances are becoming connected to make your lives more convenient. Do you know what data do they collect and how is it used?

We’ll talk about the Internet of Things in more detail in future blogs next year. But you should also be aware that many of these devices have been hacked, or could raise serious privacy concerns related to the type of data they collect, how they transmit the data, or potentially could even provide a back door access point to your network.

Convenience almost always wins over security and privacy.

So during the holidays, just keep this in mind when you see a new gift that can connect to your network, and think about whether it is “naughty” or “nice.”

My gift to you is a new awareness of security and privacy risks and things you can do to minimize the risks by giving you our Smart Home and Mobile Device Security Checklist at our website in our Free Content Library.

The checklist is a gift to you, and even if you don’t act on every recommendation it will at least make you more aware of possible risks related to the technology you use.

Once again, best wishes for this holiday season and for a great 2018!

Introduction:

I hope you enjoyed the previous post “Techno-crime and the Evolution of Investigations.” If you haven’t read it, feel free to follow the link.

Now do you have a different perspective on how serious the problem with techno-crimes already is?

Why do we need to change how we deal with techno-crimes?

Because Current Approaches Aren’t Working

Technology is growing at an exponential rate.

Law enforcement, legal systems, and computer security don’t.

Throughout history, who had technology first…the crooks or the cops?

Investigations and security have tended to grow at a more gradual, linear pace, as you see in the graph below.

 

Historically, we have always been reactive.

If we could be more proactive, would that be enough to close this gap?

To be honest, I’m not really sure.

As Daniel Burrus says in his amazing book, “Flash Foresight: See The Invisible To Do The Impossible:” “But in the twenty-first century, being proactive has outlived its usefulness. It’s too late to be proactive: we need to become preactive.”

The problem is, it’s now becoming exponentially harder for us to even be reactive, much less proactive or “preactive,” because of how fast technology is changing.

We have limitations that the criminals, and even the terrorists of the world don’t.

We are limited by:

• Current international systems of law and legal case precedents;
• Sophisticated technology that will require increased specialization;
• Demand for investigative and security specialists that we can’t satisfy, even today;
• Increased costs to hire specialized technology investigators;
• The exploding costs for specialized equipment, software and training requirements;
• Governments and agencies that don’t fully communicate and share information or resources.

When you think about it, the success of most investigations is based on either time or money.

If we can throw enough resources at an investigation or security program for a long enough time, we have a better chance of success.

But if the crooks and terrorists use technology to make it more time-consuming and expensive for us, the odds shift in their favor that we’ll never catch them.

They don’t have to “play by the rules.”

They can use every type of criminal enterprise to raise more money to pay for better technology…and that’s just what they are doing today.

What Can We Do?

We are at a critical tipping point for the future. In fact, unless we develop a completely new mindset to deal with techno-crime, we could be left behind.

But there are lots of serious questions to be discussed:

• Do we really want a world where we are no longer capable of investigating techno-crime or unable to protect our personal and business data?
• How do we balance the need for data protection (more than likely using encryption) with the need for law enforcement to obtain criminal evidence, or government intelligence agencies’ national security concerns?
• Is there a way to satisfy these legitimate needs while protecting our own privacy?
• Will our legal systems require change to deal with these issues?
• If we require more investigative and security technology specialists, where are they going to come from and how will be find the specific ones we need for every situation?

Final Thoughts:

It’s not good enough to just “try to keep up” with techno-crimes.

We need to evolve to get ahead of these technologies by developing new expertise, new tools, and new training that may not even exist today.

Investigators and security professionals may think that the best practices you are using today are still working fine for cases involving these technologies, but you’re probably wrong.

Let me just ask, how many data breaches have there been in the last couple of years?

How many more will happen before we realize (or admit) that the problem is already out of control?

Are you really confident that you’re prepared to handle every investigation or security incident involving every type of technology?

We need to start thinking about the best practices we’ll need for the technologies of tomorrow, our efforts won’t be effective anymore.

But together we have the knowledge and experience to make a difference.

But we can’t wait.

Technology is moving too fast.

We need something bigger than change. We need an evolution.

Evolve with me to talk about ways that we can close the gap between where we are today and the technical criminals in the world.

Evolve with me to prove to the world that we can even be better than they are.

Evolve with me so we can win the battle against techno-crime.

I’m curious to hear what you think about this problem. Continue the discussion with me and join us. Together, we can change the world and create a better future.

Introduction:

I’ve been involved with law enforcement and investigations for almost 40 years, and with techno-crime investigations for much of my career.

The reason for starting this series of posts is to help you understand how the explosive growth of technology is creating new types of crime that we haven’t seen before.

Technology is also gives the crooks new tools to make their jobs easier.

The risk from techno-crimes is already bigger than you realize, and will touch every person and organization in ways you probably haven’t even imagined.

That’s my job.

To help you envision how you will live and work in this new environment.

To help you imagine how techno-crimes will impact the world of investigations.

Some of the topics we’ll talk about in future posts:

Darknets

A drug dealer sells her merchandise on a darknet market, exchanging heroin for a cryptocurrency named ZCash, which is more difficult to trace. Criminals can conduct business from anywhere in the world without being too afraid of law enforcement or competition, since no one knows who or where they are.

The biggest darknet markets sell drugs, military grade weapons, forged identification and documents, counterfeit currency, along with stolen financial and credit information and hacking tools. Think of these markets as an equivalent to Amazon for crime.

The Internet of Things

You are using your new smart home controller (Amazon Echo, Google Home). You love the convenience of giving voice commands or asking questions for the device to answer, never knowing that someone has tapped into the wireless signal and can listen to everything you say.

Your new smart refrigerator has been hacked, giving the attacker complete access to every other device connected to your home network.

In the new world where everything is always watching and listening, and where these devices are “smart” and also talking to each other, will face-to-face crime be eliminated? How will that impact law enforcement and investigations?

Cryptocurrencies (like Bitcoin)

Your young nephew has been kidnapped. The ransom is demanded in a cryptocurrencies called Monero, which is much more of a challenge to track. When the ransom is received, the kidnappers can convert the digital funds into any one of over 6700 alternate currencies and transfer them anywhere in the world (number according to https://www.coinmarketcap.com as of 9-3-2020).

Medical device hacking

A hacker intercepts the wireless signal from your glucose implant, and now can control your insulin dosage.

A connected MRI machine in your hospital has been hacked, giving the hacker the power to see and change patient records, along with complete access to all of the data stored on the hospital computer network.

Car hacking

The car carrying a government official to an important meeting is hacked and the attacker accelerates the car to 100 miles per hour before crashing into a bridge support.

The signal for your OnStar vehicle emergency service account is intercepted, giving the intruder the ability to listen to the conversations within range of the microphone.

Robots and crime

A robot the size of a cockroach crawls into the office of your CIO while she is at lunch and connects to her computer USB port. After using built-in hacking tools, the robot copies the most confidential and valuable files before scurrying back out of the building.

The latest models of your industrial manufacturing robots have been infected with malware, instructing the robots to make changes to your products that will create serious safety malfunctions.

Mobile Device Fraud

Many of your employees have downloaded a popular free gaming app, without realizing the Terms of Service for the app allows the developer to upload all of the contacts on their mobile devices. The app can also now track users continuously with GPS, and also has access to all data stored on or transmitted by all devices that use the app.

When you fly you connect to the airplane Wi-Fi so you can continue to be productive during the flight. You aren’t aware that another passenger can see all the data transmitted by or stored on your connected device.

The vulnerabilities of increasing biometric data collection

A security surveillance camera captured snapshot of you walking down the street. A sophisticated facial recognition system matched the photo with your Facebook profile within seconds.

Several recordings of your voice have been analyzed by a new artificial intelligence system, and it can now instantaneously create an exact duplicate of your voice to say anything.

Crime in virtual worlds

The digital currency and virtual goods used by your avatar have been stolen. Where can you report the crime, and will any law enforcement agency be willing to help you recover your property?

The suspect in your investigation has multiple identities in virtual worlds and on several social media platforms. How will you find out which of the identities are real and recover whatever related evidence they might provide?

Medical identity theft

Your medical identity has been sold on a darknet market to a drug user. The buyer then uses your identity to have several medical procedures done, and files with your insurance for payment. Now all of their medical records become mixed with yours. Your next application for medical insurance is denied because “your” records now show a history of drug abuse.

Cosmos Computing

Encrypted Wi-Fi signals will provide Internet service networks of satellites to cover the globe. Hackers will then attack your networks using their choice of multiple signals and satellite-based servers. Will you be able to find an investigator with the expertise to investigate a network intrusion?

3D Printing

Currency counterfeiters will use 3D printing technology to produce counterfeit bills that are exact duplicates of legitimate currency that may make traditional fiat currency obsolete.

Any item with a valuable brand name will be duplicated with 3D printing unless new security measures are built in to the construction of the products.

Final Thoughts:

How many of these scenarios or problems did you know about?

Do you know which of them are already possible?

What’s coming next?

I believe that techno-crimes will transform the investigations, auditing and security professions into something completely different than we have today.

But the first step is to realize how big the problem already is.

The second step is to start talking about the new solutions we’ll need to deal with the techno-crimes of the future.

 

Click here to see the second post in this series: Techno-crime and Why We Need a New Vision