Next-Generation Breaking and Entering
When everything is hackable, the bad guys will always be one step ahead, says cybercrime expert Marc Goodman ’87 — unless we act now.
by Gregory Zuckerman ’88
Marc Goodman ’87 never set out to be the Jeremiah of the information age, warning of impending disasters. As a Brandeis undergraduate, he had little understanding of high technology and was planning for a career in medicine.
Today, though, Goodman is one of the world’s most prominent experts on hacking, cybercrime, and the unintended and underappreciated risks of an increasingly interconnected world. His unlikely journey underscores how a range of emerging cyberthreats are upending society as a whole, far beyond the narrow world of technology.
Here’s the scariest part: Goodman is convinced greater risks lie ahead unless governments, corporations and individuals take immediate steps to get ready.
We are “wholly unprepared” for our hackable future, Goodman says.
If the impact of his 2015 book, “Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It” (Doubleday), is any indication, Goodman has touched a nerve of underlying anxiety. The book was a New York Times best-seller. It was selected by The Washington Post as one of the 10 best books of 2015. Amazon named it the best business book of the year.
“Future Crimes” is a well-timed caution signal. In the realm of technology, “the slave may become the master,” Goodman writes. “Our tools can be used against us.”
A cop at heart
Goodman grew up in New York City, where the 1970s and 1980s were dark years. Rampant poverty, violent crime, drug dealing, street robberies, arson and automobile break-ins plagued New York, which became a stark symbol of urban decay.
“Graffiti was on the subways, crime was going through the roof, and things were going downhill fast,” Goodman says.
He saw the city’s deterioration up close. He once watched as an elderly man was knocked down and robbed on a subway platform. Goodman reeled from the experience.
“I couldn’t get to him, and it was unbelievably frustrating,” he says. “I felt someone should do something, but no one did.”
Public service-oriented from a young age, Goodman, like many boys, dreamed of becoming a police officer.
“It seemed like an exciting job and a great way to help the community,” he says.
Yet in his first year at Brandeis, Goodman became a pre-med, convinced he would, like so many of his classmates, go on to medical school after graduation.
He would have preferred to be “pre-cop,” he recalls with a chuckle. That career path didn’t seem a realistic option, however. “No one in my family was in law enforcement.”
Goodman enjoyed his time at Brandeis, worked hard at his classes, and spent much of his free time volunteering at BEMCO, the campus emergency medical service.
“I liked being a paramedic, the emergencies and lights and sirens, and helping people,” he says. “But something was missing.”
Though Goodman was curious about computers and other emerging technologies, at that point there was little indication they would have much impact on the world.
“It was very early days,” he says.
Indeed, in the early 1980s, Brandeis was just beginning to build a computer lab, equipped with a few dot-matrix printers and Apple II computers. Spell checking a document meant a laborious process of inserting floppy disks. For most of his four years, Goodman lugged a typewriter around campus.
The Internet, email, texting and Facebook were foreign concepts. Hacking was done with an ax, not at a keyboard.
A cop at last
Throughout college, Goodman couldn’t stop thinking about New York’s deterioration. His childhood passion for law enforcement still unquenched, he also couldn’t stop pondering how he might be able to help.
One weekend during his senior year, Goodman took the Medical College Admission Test, then — without telling his parents — drove home to the Bronx to take a police academy admission test.
“In my heart, I knew I really wanted to be a cop,” he says.
Soon after graduation, Goodman started medical school. But in one of his first classes, he met another student who would change his life — a 52-year-old woman who had decided to pursue medicine much later in life. The experience was freeing; Goodman realized he could always come back to med school down the road. Conversely, he says, “chasing bad guys with guns over fences seemed to be a young person’s game.”
So, after a single semester in medical school, Goodman followed his law-enforcement dream and took a position in the Los Angeles Police Department. Los Angeles was dealing with a late-1980s crack-cocaine epidemic and was eager for new recruits.
He served on the Los Angeles police force for more than a decade, working as a street cop, an investigator, an undercover operator and an instructor at the department’s police academy.
His professional duties changed abruptly one day in 1995 when he was a 28-year-old investigator. From across a bustling squad room, a lieutenant screamed, “Goooooodman, get your ass over here!”
Goodman approached cautiously, worried he had done something wrong.
The lieutenant turned around with a confused look on his face. “Do you know how to spell check in WordPerfect?” he asked.
“Sure, boss. Just hit Control plus F2,” Goodman responded.
It didn’t take long before he had become the department’s resident technology expert.
“Knowing how to spell check in WordPerfect made me among the techno-elite of cops” at that point, he writes in “Future Crimes.”
page 2 of 3
Paradigm shift
Over time, Goodman was drawn to the intersection of technology and crime, getting in on the ground floor of an area about to see breakneck growth.
“Criminals are very much early adopters of technology,” he says.
Though Goodman sometimes spoke with others in the burgeoning computer field, he didn’t have many law-enforcement experts to lean on or tools with which to forensically examine computers. Instead, he began to discover his own methods of tracking and uncovering various crimes.
“It was just ‘get a computer and experiment,’” he says. “You made it up as you went along.”
After a decade in Los Angeles, Goodman left the LAPD to work with the international police organization Interpol, focusing on issues related to financial and high-tech crime.
Based in Europe and elsewhere, he traveled to more than 70 countries, providing investigative support to police around the world and tackling a range of cybercrimes. Some of his cases involved instances of kidnapping in which ransom notes were sent to family members over the Internet. Others involved child exploitation or human trafficking.
Years of putting handcuffs on people around the globe provided Goodman with a graduate-level education in how criminals think, he says.
In 2010, Goodman moved to Silicon Valley to immerse himself in the community of creators inventing the technological future in order to help them secure their inventions and creations. He founded the Future Crimes Institute, a network of law-enforcement officers, government officials and private-sector technologists focused on the growing risks posed by emerging technologies. Goodman runs the institute day to day, and serves as an adviser to the U.S. government, the FBI, Interpol and the United Nations, among other organizations.
He is also a global security adviser and the chair for public policy, law and ethics at Singularity University. Co-founded by NASA and Google, Singularity offers students from all over the world nondegree courses in such areas as robotics, nanotechnology, genetics and — Goodman’s own focus — public policy related to emerging technologies.
Outgunned by cybercriminals
Goodman’s increasing attention to various cyberthreats and technology’s underworld is matched only by his growing concern. The criminal elements seem a full step ahead of law enforcement.
“Time and time again, governments have proven their limited effectiveness in protecting both themselves and their citizenry from a new generation of criminals, terrorists and rogue groups,” he says. “The bad guys are out-innovating the good guys.”
What’s worse, the nature of the Internet enables small bands of criminals to do a lot of damage — to steal hundreds of millions of dollars, credit-card numbers or Social Security numbers, for instance.
“Defenders always have to be right, blocking every possible entranceway into a computer system,” Goodman says. “The bad guys only have to be right once to find a way in — a single chink in the armor.”
Too many people focus on hacking and other commonplace hazards, he argues. That’s why, years ago, he began helping organizations prepare for a range of mounting dangers on the horizon, many of which they never had considered.
Goodman’s early warnings about a coming surge of cyberattacks have proved prescient. In 2011, 2 million new pieces of malware, including viruses, spyware and other potentially dangerous software, were identified each month. Today, the AV-TEST Institute, an IT security firm, says it registers more than 390,000 malware programs every day.
A recent survey by Consumers Union, publisher of Consumer Reports magazine, said one-third of U.S. households had experienced a malicious infection over the previous year — and those were just the people who realized they had been attacked. Governments are under siege as well. Hackers in China, Russia and other countries are assumed to collect U.S. secrets on a regular basis.
“Our interconnected world is becoming an increasingly more dangerous place, and the more we incorporate assailable technologies into our lives, the more vulnerable we become,” Goodman writes in “Future Crimes.” “The Internet has lost its innocence.”
Public and private sectors are rushing to create better defenses. Annual spending on global-security software, which totaled nearly $20 billion in 2012, is expected to climb to $94 billion by 2017, according to the Gartner research company.
Goodman is convinced that not nearly enough is being done. As he argues in “Future Crimes,” the advent and embrace of nanotechnology, robotics, virtual reality, 3-D printing and artificial intelligence, among other developments, will deliver a great deal of good to society. But all these technologies bring an equal amount of risk.
“Everybody looks at cyberthreats in the rearview mirror,” Goodman says. “Everyone focuses on identity theft, credit-card fraud and cyberbullying. What most folks fail to understand is that these are but the earliest versions of the technology-related crimes we will see in the future. Cars, elevators, bridges, airplanes, pacemakers, tunnels, phones and television video-game consoles are the new targets of cybercriminals.”
page 3 of 3
Ties that harm
Governments are having a hard time catching up with organized crime’s technological advances, partly due to issues of jurisdiction and coordination. Criminals once targeted individuals; now they simultaneously attack millions all over the world.
“A police officer in Paris has no authority to make an arrest in São Paulo, but a Brazilian hacker can easily launch an attack on a French citizen,” Goodman notes.
To those who ignore the risks of technology, Goodman’s warnings can seem overheated. But he has enough real-life examples to support his concerns. He points to a recent example of how a Wired magazine reporter watched as his iPhone suddenly powered down, and his photographs, emails and more fell into the hands of a hacker. Years of data were slowly erased, and the reporter was helpless to stop it. He had made the mistake of linking his various accounts to one another and using the same credit-card account for all of them.
“Criminals love your iPhone more than you do,” Goodman says. “And they understand how it works.”
In 2013, in one of the biggest-known corporate breaches in U.S. history, hackers broke into Target’s computer network by stealing the login credentials of one of the company’s heating and air-conditioning contractors. Armed with a username and a password, the hackers moved through the network until they were able to steal 40 million credit- and debit-card numbers. Target wasn’t aware of the attack until federal investigators contacted the retailer.
When everything is run by computers, everything is hackable. And we’re all becoming more dependent on potentially vulnerable networks. We use Waze for directions, Facebook for social networking and Google for online searches. It doesn’t help that each of these products coaxes copious amounts of personal information from us, putting us in greater jeopardy.
“Everything can talk to everything else — you can check a crib with a cellphone, your iPhone can turn on the heat, your Nest thermostat turns on the air conditioner,” Goodman says. “And they all have bugs that can be exploited.”
Goodman, however, is no technology doomsayer. “I live and work in the heart of Silicon Valley and know firsthand the tremendously positive effect technology can have on our world,” he says. “Technology can bring billions of people out of poverty, radically extend human life, reduce disease and cut infant mortality by half. The trick is to ensure these tools inure to the greatest public benefit. But there are those who attempt to subvert our techno-future and use these tools to enrich themselves and harm others.”
That’s where Goodman steps in — a modern centurion walking a virtual beat.
Sidebar Story |
Goodman is actively working on developing technological tools that counter safety risks facing our world, including working with the XPRIZE Foundation in Los Angeles to launch a global crowdsourced campaign to develop more robust protection ideas and methods. For instance, he says, self-healing computer networks — think an immune system for the Internet — could be developed to detect and repair damage caused by hackers before they can do widespread harm.
Goodman urges individuals to boost their security measures (see sidebar), lawmakers to improve liability laws so software companies can no longer ship code with bugs, and governments and private industry to work together to fend off multinational hackers.
“All is not lost,” he writes in “Future Crimes.” “Now is the time to completely reevaluate all that we take for granted in this modern technology world and question our dependence on the ubiquitous machines that so few of us understand. If we do this now, our technological future can be very bright indeed.”
Gregory Zuckerman is a Wall Street Journal reporter and the author of the books “The Frackers” (2013) and “The Greatest Trade Ever” (2009).