1. Home
  2. Live Updates
  3. Transcripts For CSPAN2 Book Discussion On Future Crimes 2015

Transcripts For CSPAN2 Book Discussion On Future Crimes 2015

Transcripts For CSPAN2 Book Discussion On Future Crimes 20150308

Hello everyone. Im glad to see all of you here tonight. What an impressive audience we are hosting to hear worldrenowned authority on the serious topic that affects all of us to matter what industry you are in, cyber crime. I am barry moskowitz. Before introducing our speaker i would like to invite our moderator. He anchors for National News channels in new york. Prior to the current broadcast television she worked for Deutsche Bank cibc and ernst young. She is a cpa and a graduate of Harvard Business school. Welcome. Now our featured speaker for the evening mr. Marc goodman. Marc is a global strategist author and consultant focused on the disruptive impact of advancing technologies on security, business and international affairs. In addition marc founded the future Crimes Institute to inspire and educate others on the security and risk implications of newly emerging technologies. Since 1999 mark his work extensively with enter poll where he is a Senior Adviser to the Steering Committee and Information Technology crime. In this capacity mark has Trained Police forces throughout the world and has chaired expert groups on nextgeneration security threats. Marc holds degrees from Harvard University in the school of economics. In his newest book, future crimes he provides insight into technological innovation and unintended consequences of the connected world. Im sure we will find out more as the evening unfolds. Before we begin please take a moment to silence your cell phones. If you do not do it yourself we may just do it for you. [laughter] also please note that this event is being recorded by cspan. During the q a there will be a microphone located in the center aisle. Please announce your name before speaking. We are also pleased to announce we have copies of his book right off the press available for sale right outside in the conference room. Thank you so much and please join me in welcoming marc. [applause] how is everybody feeling . Thats pretty perky. I dont have to ask twice. How many of you work in technology . Specifically in cybersecurity or security . Entrepreneurs . Financial services . I was like the second row here you guys look so excited. Be proud be proud and Harvard Business school of law alex Kennedy School . The only one. Harvard undergrad . Okay. What are you most curious about on this topic . A few hands. As a new yorker [inaudible] and i didnt go to target. [laughter] i would like to understand how thats happening. Im just really concerned. Knott. Okay, thank you. Briefly. [inaudible] okay, one more. [inaudible] so we will start with the big picture and drill into some of these issues you talked about definitely companies and technologies on the forefront specifically some other risks and issues you have talked about both operationally and defamation reputational. We will start with the big picture, pie in the sky and drill down. Marc, what does the future of crime and cyberterrorism look like . Wow what a gotcha question from a journalist. I cant believe it. The future of crime. Well it looks somewhat like today but it also looks quite different. The bad guys criminal terrorist rogue countries have been good at Adapting Technology for their own purposes. Criminals have been early adopters of Technology Savvy go back to chicago gangland murders of the 1930s those gangsters had cars while the cops were still on course and on foot. Fastforward today when a young Police Officer, we saw bad guys on the street corners carrying pagers and cell phones. Back in the days when doctors were the only people that had pagers and they were carrying these five pound brick phones. By the way i see some young people in the audience. At the pager was the device. Those were quite rare and when i saw streetlevel drug dealers carrying pagers and i guess that they warned physicians. They were in the pharmaceutical industry there was something going on here. So i got involved in cybercrime investigation and started telling the story of how that happened. And then i went on and on. What i saw was every new technology came out the bad guys were right there ready to go. They have research and development departments, the cartel for example has a 5 milliondollar budget just for robotics trying to figure out how to get autonomous drones laden with illicit drugs across the border. They do r d in a higher ph. D. S. There is a school of aviation in mexico and the drug dealers recruit Aviation Engineers for the purposes of building drums. As a whole bunch of new technologies come on line robotics Artificial Intelligence biology the internet of things and big data there will be a crime plot ready for all of them. What are the top three threats that you can think about right now . From a technological perspective. I would start out at the societal level and work down from there. The big single threat that i see is that we have wired the world that we have failed to protect it. We are very good at connecting things to the internet and we know how to do that. The internet protocols are set up quite well. Security, we will figure that out later. So i guess the broad overall threat i see is that we cannot even protect the things that we have on line today and we are running full speed ahead to put connect more stuff. There has never been built a Computer System that could not be hiked that somebody couldnt figure out a way into. Yet we are using computers not just the computers we think we are using desktops or laptops and smartphones but all that physical objects in the space around us are transforming themselves into Information Technology. An automobile, something they used to be a mechanical device is now a computer that you write in. It contains over 250 microchips that control everything from the brakes to the airbag to the Radio Station you listen to and its all they did a demonstration of this on 60 minutes. An elevator is a computer and the a pacemaker is a computer you implanted in your body. Marc andreesen the founder of netscape and running andreesen hardware said software is eating the world. When every physical object transforms into Information Technology things that never happened before. The cisco more specific. The perspective the country governments. Your mic is not on. The mic is not on . Thats the mic in your hand. It wont be the first time tonight. Apologies. Berry if you want to do the intro over again please. How is that . Better . Thank you. Getting into, lets go a little bit deeper. A few months ago i interviewed dave Dewalt Company that works on cybersecurity and he was talking about the three countries, the top three countries that are victims of Cyber Attacks, the United States, south korea and canada. We are number one. So when you think about those three countries what are they specifically under attack and what are the three biggest threats that governments are dealing with . You know i understand clearly you are asking for three specific things that we will till up we will do other countries and we will talk about what those may be. I want people to know and to really understand. It is all encompassing so how do we break it down and do something tangible that companys governments all of us need to know how to prepare better and respond to and ultimately business opportunities. We will definitely get into those opportunities for startups. Canada and south korea and the United States amongst the greatest victims of cybercrime. Does anyone have an idea of . Their users of the internet. They are the most wired countries in the world. If you think we have a lot of technology here look at south korea. They are light years ahead of us in terms of the speed up intranet the percentage of their population on line. They have a Strong Technology culture of very strong gaming culture so here you may go to a hockey game or a knicks game there are stadiums filled in south korea where people are playing video games across from each other. On the nightly news they are talking about who one lineage one or lineage two. Its a different culture and of course they face a nonfriendly neighbor to the north i believe it is which is very differently connected to the internet. In a sense its an asymmetric threat. The more technologically advanced you are the more you can be subject to attack. This was a concern during the invasion of afghanistan of the u. S. Government which is they have developed this whole cyber arsenal but if nobody is on line and there is no electricity what are they going to attack and of course thats an added exaggeration and overstatement. Thats the reason most countries are there and they also happen to be economically welloff countries. In response howard governments trying to respond . Guest howard governments responding . Very poorly. Whats interesting to me is one of the reasons why we created nationstates, if you go back to the treaty of westville yet we have clear border systems individual countrys sovereign rights borders gates guards and guns. This is the territory of United Kingdom and United States and south korea. The internet broke all of that. The role for which the government was brought together to be of service to his people particularly at the federal level in this country and others for the purpose of National Security has kind have been broken in the internet age. We have organizations of the u. S. Government armynavy air force and marines who are responsible for taking our borders. What does that look like in cyberspace . Nobody really the systems of control Border Guards gates customs air Traffic Control all of that stuff doesnt work on the internet so they are struggling to figure out what it looks like. The branches of government that would protect us that the nationstate level from a National Security perspective and then also the domestic level from a Law Enforcement perspective are completely by the internet and they havent figured out any good ways to respond. I will talk about the policing side. If you had it been properly robbery here in manhattan in times square guy walks and holds up a tailor and walks out with a bag of money. This is csi cspan edition here. What do we know about the crime . We know the criminal was physically present in the city of new york and that means theres a jurisdiction and we know its the banks of the fbi will be involved in the victim was in new york city new york city. The criminal was in new york city. There is code jurisdiction. Another may than evidence left evidence left behind because of fingerprints dna photographs taken at the scene. Those were the good old days. Now the same crime can be committed by someone in all salvador or someplace halfway around the world and we have very little evidential trails to follow up on. Even if we did and i experienced this myself when i was a Police Officer have identified a suspect when i was with the Police Department if i identified an l. A. P. D. Officer that a suspect was coming for them. For example did do you know how hard it is for a local company . Its about mutual Legal Assistance treaties. I had to fill out a form that went to my chief of detectives and the chief of police l. A. County sheriff California Department of justice fbi to the state department and served on the French Ministry of Foreign Affairs who would give it to the parisian police. That whole process was a twoyear process to find out who the owner was. We have technical people in the audience. Does it take two years to change an ip address . It takes two seconds of the systems are fundamentally mismatched and from a Public Policy and legal perspective and regulatory perspective we have got nothing on the horizon to sort this out. Nothing on the horizon. Nothing interesting. I was going to say what is the solution . What are the agencies and the specific groups that are lobbying, rallying to get the right action and . And its a combination of domestic response as well as working internationally. The challenge is on the National Security front and a Law Enforcement front is that your government has pretty much abdicated responsibility of this problem and i dont think its something that most citizens realize. If you came home and got for bigger house were burglarized the doors open and your stuff is all over you will call the cops and they will show up. They will send detectives into fingerprints and look for the bad guys. If you call up the nypd midtown south in queens and say ive got a virus, send a police car immediately i hate to disappoint you but think coming. You may have seen csi and everybody shows up with blue lights. That is not what happens on the internet so Law Enforcement has suddenly excluded itself from this game. You hear periodically about wanted suspects with one or two people subject to arrest. It is one 10,000th of the crimes committed on guessing committed ends up in a prosecution in any way. What we have seen in our government the response to the cyberthreat has been to build offense of capabilities. I dont know if you have heard of a guy named snowdon but there was this guy named snowdon who stole classified documents and release them and suggested the United States government was quite expert at offense if cyber operations. What most folks may not realize is the nsa is dual habit. They are the primary agency United States from an International Perspective responsible for cyber protecting our borders if you will. You have an organization Common Agency that is schizophrenic. Lets say part of the nsa that is here to defend us discovers a bug. Its a key part of the ssl certificate and you see that little lot. It turns out they have been vulnerable for years. The nsa knew about it. The nsa should have put out a notice to all american citizens to say hey attention we have a problem. Update your browser and get an ssl certificate but they didnt. Why . Another part of the nsa said we can use as operational and go after bad guys. That is exactly what happens of the offense of part is worrying about the defense of part which is why you run your awning Companies Like fire eye and dave dewald are very wealthy people. The opportunities are tremendous but i want you to understand your government is not doing much at all here. On that front you talk about fire i and other companies. What are the companies and who are the companies in the technology is at the forefront of fighting Cyber Attacks . How many of you use antivirus on your computer . Those are not the companies at the forefront fighting. I hate to disappoint you but i write about this in future crimes. There were some metastudy done of 40 antivirus networks and they looked at what their success rate was at detecting new viruses so they ran a bunch of new viruses through 40 different antivirus vendors and the detection it turns out as 5 . 5 of new viruses are detected by software, antivirus software. Eventually gets on board but that could be months and weeks later after everyone is infected. In future times if youre on immune system worked like an antivirus system youd be dead in 24 hours. We need better systems there. All those legacy players the same way that we saw brandnew startups like google and apple disrupt ibm we are seeing the same thing with that first generation of cybersecurity companies. Symantec and norton one of the largest is broken down into two separate companies. One focused on big data and Data Analytics and the others on security. Even security researchers. One of the most respected cybersecurity researchers in the world who runs an Antivirus Company said publicly the antivirus era is over. So what are those new companies . I would say the fire i is at the forefront and theres another Company Called crowd strike and they are more in the services perspective. You need to understand who the winners going to be by analyzing the technology. There are people here from Financial Services industries and they analyze trends all the time. We can talk about the technologies in the future like the internet of things and to get to that but for today its a services problem in a sense. What you mean when you say that . Your company gets hacked happening that is the ceo of your company i have the ceo of chief Information Officer and a chief Information Security officer. These guys are protecting me and if anything happens they will take care of it. You need only look at Jpmorgan Chase Anthem Blue Cross, target home depot aol Heartland Payment Systems and on and on to see that system does not work well. When Companies Like National News<\/a> channels in new york. Prior to the current broadcast television she worked for Deutsche Bank<\/a> cibc and ernst young. She is a cpa and a graduate of Harvard Business<\/a> school. Welcome. Now our featured speaker for the evening mr. Marc goodman. Marc is a global strategist author and consultant focused on the disruptive impact of advancing technologies on security, business and international affairs. In addition marc founded the future Crimes Institute<\/a> to inspire and educate others on the security and risk implications of newly emerging technologies. Since 1999 mark his work extensively with enter poll where he is a Senior Adviser<\/a> to the Steering Committee<\/a> and Information Technology<\/a> crime. In this capacity mark has Trained Police<\/a> forces throughout the world and has chaired expert groups on nextgeneration security threats. Marc holds degrees from Harvard University<\/a> in the school of economics. In his newest book, future crimes he provides insight into technological innovation and unintended consequences of the connected world. Im sure we will find out more as the evening unfolds. Before we begin please take a moment to silence your cell phones. If you do not do it yourself we may just do it for you. [laughter] also please note that this event is being recorded by cspan. During the q a there will be a microphone located in the center aisle. Please announce your name before speaking. We are also pleased to announce we have copies of his book right off the press available for sale right outside in the conference room. Thank you so much and please join me in welcoming marc. [applause] how is everybody feeling . Thats pretty perky. I dont have to ask twice. How many of you work in technology . Specifically in cybersecurity or security . Entrepreneurs . Financial services . I was like the second row here you guys look so excited. Be proud be proud and Harvard Business<\/a> school of law alex Kennedy School<\/a> . The only one. Harvard undergrad . Okay. What are you most curious about on this topic . A few hands. As a new yorker [inaudible] and i didnt go to target. [laughter] i would like to understand how thats happening. Im just really concerned. Knott. Okay, thank you. Briefly. [inaudible] okay, one more. [inaudible] so we will start with the big picture and drill into some of these issues you talked about definitely companies and technologies on the forefront specifically some other risks and issues you have talked about both operationally and defamation reputational. We will start with the big picture, pie in the sky and drill down. Marc, what does the future of crime and cyberterrorism look like . Wow what a gotcha question from a journalist. I cant believe it. The future of crime. Well it looks somewhat like today but it also looks quite different. The bad guys criminal terrorist rogue countries have been good at Adapting Technology<\/a> for their own purposes. Criminals have been early adopters of Technology Savvy<\/a> go back to chicago gangland murders of the 1930s those gangsters had cars while the cops were still on course and on foot. Fastforward today when a young Police Officer<\/a>, we saw bad guys on the street corners carrying pagers and cell phones. Back in the days when doctors were the only people that had pagers and they were carrying these five pound brick phones. By the way i see some young people in the audience. At the pager was the device. Those were quite rare and when i saw streetlevel drug dealers carrying pagers and i guess that they warned physicians. They were in the pharmaceutical industry there was something going on here. So i got involved in cybercrime investigation and started telling the story of how that happened. And then i went on and on. What i saw was every new technology came out the bad guys were right there ready to go. They have research and development departments, the cartel for example has a 5 milliondollar budget just for robotics trying to figure out how to get autonomous drones laden with illicit drugs across the border. They do r d in a higher ph. D. S. There is a school of aviation in mexico and the drug dealers recruit Aviation Engineers<\/a> for the purposes of building drums. As a whole bunch of new technologies come on line robotics Artificial Intelligence<\/a> biology the internet of things and big data there will be a crime plot ready for all of them. What are the top three threats that you can think about right now . From a technological perspective. I would start out at the societal level and work down from there. The big single threat that i see is that we have wired the world that we have failed to protect it. We are very good at connecting things to the internet and we know how to do that. The internet protocols are set up quite well. Security, we will figure that out later. So i guess the broad overall threat i see is that we cannot even protect the things that we have on line today and we are running full speed ahead to put connect more stuff. There has never been built a Computer System<\/a> that could not be hiked that somebody couldnt figure out a way into. Yet we are using computers not just the computers we think we are using desktops or laptops and smartphones but all that physical objects in the space around us are transforming themselves into Information Technology<\/a>. An automobile, something they used to be a mechanical device is now a computer that you write in. It contains over 250 microchips that control everything from the brakes to the airbag to the Radio Station<\/a> you listen to and its all they did a demonstration of this on 60 minutes. An elevator is a computer and the a pacemaker is a computer you implanted in your body. Marc andreesen the founder of netscape and running andreesen hardware said software is eating the world. When every physical object transforms into Information Technology<\/a> things that never happened before. The cisco more specific. The perspective the country governments. Your mic is not on. The mic is not on . Thats the mic in your hand. It wont be the first time tonight. Apologies. Berry if you want to do the intro over again please. How is that . Better . Thank you. Getting into, lets go a little bit deeper. A few months ago i interviewed dave Dewalt Company<\/a> that works on cybersecurity and he was talking about the three countries, the top three countries that are victims of Cyber Attacks<\/a>, the United States<\/a>, south korea and canada. We are number one. So when you think about those three countries what are they specifically under attack and what are the three biggest threats that governments are dealing with . You know i understand clearly you are asking for three specific things that we will till up we will do other countries and we will talk about what those may be. I want people to know and to really understand. It is all encompassing so how do we break it down and do something tangible that companys governments all of us need to know how to prepare better and respond to and ultimately business opportunities. We will definitely get into those opportunities for startups. Canada and south korea and the United States<\/a> amongst the greatest victims of cybercrime. Does anyone have an idea of . Their users of the internet. They are the most wired countries in the world. If you think we have a lot of technology here look at south korea. They are light years ahead of us in terms of the speed up intranet the percentage of their population on line. They have a Strong Technology<\/a> culture of very strong gaming culture so here you may go to a hockey game or a knicks game there are stadiums filled in south korea where people are playing video games across from each other. On the nightly news they are talking about who one lineage one or lineage two. Its a different culture and of course they face a nonfriendly neighbor to the north i believe it is which is very differently connected to the internet. In a sense its an asymmetric threat. The more technologically advanced you are the more you can be subject to attack. This was a concern during the invasion of afghanistan of the u. S. Government which is they have developed this whole cyber arsenal but if nobody is on line and there is no electricity what are they going to attack and of course thats an added exaggeration and overstatement. Thats the reason most countries are there and they also happen to be economically welloff countries. In response howard governments trying to respond . Guest howard governments responding . Very poorly. Whats interesting to me is one of the reasons why we created nationstates, if you go back to the treaty of westville yet we have clear border systems individual countrys sovereign rights borders gates guards and guns. This is the territory of United Kingdom<\/a> and United States<\/a> and south korea. The internet broke all of that. The role for which the government was brought together to be of service to his people particularly at the federal level in this country and others for the purpose of National Security<\/a> has kind have been broken in the internet age. We have organizations of the u. S. Government armynavy air force and marines who are responsible for taking our borders. What does that look like in cyberspace . Nobody really the systems of control Border Guards<\/a> gates customs air Traffic Control<\/a> all of that stuff doesnt work on the internet so they are struggling to figure out what it looks like. The branches of government that would protect us that the nationstate level from a National Security<\/a> perspective and then also the domestic level from a Law Enforcement<\/a> perspective are completely by the internet and they havent figured out any good ways to respond. I will talk about the policing side. If you had it been properly robbery here in manhattan in times square guy walks and holds up a tailor and walks out with a bag of money. This is csi cspan edition here. What do we know about the crime . We know the criminal was physically present in the city of new york and that means theres a jurisdiction and we know its the banks of the fbi will be involved in the victim was in new york city new york city. The criminal was in new york city. There is code jurisdiction. Another may than evidence left evidence left behind because of fingerprints dna photographs taken at the scene. Those were the good old days. Now the same crime can be committed by someone in all salvador or someplace halfway around the world and we have very little evidential trails to follow up on. Even if we did and i experienced this myself when i was a Police Officer<\/a> have identified a suspect when i was with the Police Department<\/a> if i identified an l. A. P. D. Officer that a suspect was coming for them. For example did do you know how hard it is for a local company . Its about mutual Legal Assistance<\/a> treaties. I had to fill out a form that went to my chief of detectives and the chief of police l. A. County sheriff California Department<\/a> of justice fbi to the state department and served on the French Ministry<\/a> of Foreign Affairs<\/a> who would give it to the parisian police. That whole process was a twoyear process to find out who the owner was. We have technical people in the audience. Does it take two years to change an ip address . It takes two seconds of the systems are fundamentally mismatched and from a Public Policy<\/a> and legal perspective and regulatory perspective we have got nothing on the horizon to sort this out. Nothing on the horizon. Nothing interesting. I was going to say what is the solution . What are the agencies and the specific groups that are lobbying, rallying to get the right action and . And its a combination of domestic response as well as working internationally. The challenge is on the National Security<\/a> front and a Law Enforcement<\/a> front is that your government has pretty much abdicated responsibility of this problem and i dont think its something that most citizens realize. If you came home and got for bigger house were burglarized the doors open and your stuff is all over you will call the cops and they will show up. They will send detectives into fingerprints and look for the bad guys. If you call up the nypd midtown south in queens and say ive got a virus, send a police car immediately i hate to disappoint you but think coming. You may have seen csi and everybody shows up with blue lights. That is not what happens on the internet so Law Enforcement<\/a> has suddenly excluded itself from this game. You hear periodically about wanted suspects with one or two people subject to arrest. It is one 10,000th of the crimes committed on guessing committed ends up in a prosecution in any way. What we have seen in our government the response to the cyberthreat has been to build offense of capabilities. I dont know if you have heard of a guy named snowdon but there was this guy named snowdon who stole classified documents and release them and suggested the United States<\/a> government was quite expert at offense if cyber operations. What most folks may not realize is the nsa is dual habit. They are the primary agency United States<\/a> from an International Perspective<\/a> responsible for cyber protecting our borders if you will. You have an organization Common Agency<\/a> that is schizophrenic. Lets say part of the nsa that is here to defend us discovers a bug. Its a key part of the ssl certificate and you see that little lot. It turns out they have been vulnerable for years. The nsa knew about it. The nsa should have put out a notice to all american citizens to say hey attention we have a problem. Update your browser and get an ssl certificate but they didnt. Why . Another part of the nsa said we can use as operational and go after bad guys. That is exactly what happens of the offense of part is worrying about the defense of part which is why you run your awning Companies Like<\/a> fire eye and dave dewald are very wealthy people. The opportunities are tremendous but i want you to understand your government is not doing much at all here. On that front you talk about fire i and other companies. What are the companies and who are the companies in the technology is at the forefront of fighting Cyber Attacks<\/a> . How many of you use antivirus on your computer . Those are not the companies at the forefront fighting. I hate to disappoint you but i write about this in future crimes. There were some metastudy done of 40 antivirus networks and they looked at what their success rate was at detecting new viruses so they ran a bunch of new viruses through 40 different antivirus vendors and the detection it turns out as 5 . 5 of new viruses are detected by software, antivirus software. Eventually gets on board but that could be months and weeks later after everyone is infected. In future times if youre on immune system worked like an antivirus system youd be dead in 24 hours. We need better systems there. All those legacy players the same way that we saw brandnew startups like google and apple disrupt ibm we are seeing the same thing with that first generation of cybersecurity companies. Symantec and norton one of the largest is broken down into two separate companies. One focused on big data and Data Analytics<\/a> and the others on security. Even security researchers. One of the most respected cybersecurity researchers in the world who runs an Antivirus Company<\/a> said publicly the antivirus era is over. So what are those new companies . I would say the fire i is at the forefront and theres another Company Called<\/a> crowd strike and they are more in the services perspective. You need to understand who the winners going to be by analyzing the technology. There are people here from Financial Services<\/a> industries and they analyze trends all the time. We can talk about the technologies in the future like the internet of things and to get to that but for today its a services problem in a sense. What you mean when you say that . Your company gets hacked happening that is the ceo of your company i have the ceo of chief Information Officer<\/a> and a chief Information Security<\/a> officer. These guys are protecting me and if anything happens they will take care of it. You need only look at Jpmorgan Chase<\/a> Anthem Blue Cross<\/a>, target home depot aol Heartland Payment Systems<\/a> and on and on to see that system does not work well. When Companies Like<\/a> Jpmorgan Chase<\/a> phil reese fairly wellresourced cant solve this problem than we have a real problem. It has a lot to do with the human factor. If you think technology will solve your cybersecurity problem then you dont understand technology and you dont understand security. At the end of the day many these problems come down to a human factor. Thats something that is really broken. Often it is where the hands me the keyboard that the problem occurs. If you get an email from a nigerian prince that says congratulations you are the one person on west 46th street that i trust from the nigerian industry that is not a technical technical technological problem. Theres a name for it. They call it picnic. Problem in chair, not in computer so there is a picnic problem we need to deal with. Even beyond that theres a massive dysfunction between the i. T. Shop of any organization and its users. Think about that term. The i. T. People call you the users. Who else called their customers users . Drug dealers refer to their customers as users. I. T. Were for her to their people as users. They think everything is a picnic issue and its you and not them. So the systems are designed for geeks by geeks. Who has had a Software Firewall<\/a> on a computer the popup that says somebody is trying to break into your computer . A lot of those popups say things like this warning extreme danger. Dll is requesting access to your exp do you wish to proceed . [laughter] that is not particularly useful. In physical space they say things like fire help earthquake tornado and we know what to do with that. Those error messages are horrible and not useful. One of the things i call for and im jumping ahead here is a johnny ives of security. Think about all the beautiful products we have in this world. Apple telephones in ferraris and rolex watches. What do theyll have in common . Beautiful design but there is no human centered design and cybersecurity so its really a problem. Enabling the user. We have come up with policies that say your password needs to be 67 digits long uppercase lowercase contain a hike to and the high school you went to in indonesia. They change it every two days and then they wonder why people take stickies and write down their password and put it on their screen. Its poor human centered design. Its a Services Issue<\/a> because theres this whole Human Element<\/a> that needs to be dealt with first. Two things, what does that human centered design look like . Lets go at that first. I think it is a work in progress. I dont think anybody has a clear idea of it. Who uses air bnb . Think how beautiful that designed interface looks and think about what most products are. I think of the guided people and took hackers cybergeek folks and compared them with the design team at apple im certain they could come up with something much better. Then that needs to scale on the corporate level. We were talking about companies having problems. Theres a statistic in future times where i say one third of all Security Products<\/a> purchased by a company that expensive koska millions of dollars are never used. Theyre called shelfware. They buy them because of go my god we need to to have an intimate on at the time to set it up. They are too busy and have other things going on. One third of the tools that are purchased are not even use. Talk about where a lot of the issues are with the human meeting the keyboard as a woman raised earlier with her five credit card since last summer. Moved to florida. What about the folks at target . It was the cybercriminals, not the consumers. So when you talk about a human hitting the keyboard. In that case how target ended up getting hacked was where they keys met the keyboard not on the individual site. I think you will get an understanding of whats going on here. Remember talk about the challenges of trying to get a warrant for evidence or subpoena for evidence . We have the same, the problem is even worse. The bad guys have automated the attacks and the good guys have done a terrible job of undoing the defenses and i will take you through that. That attack that occurred and by the way who was a victim of back . Probably not too many target shoppers here. There were over 100 Million People<\/a> that were victimized in that attack. One third of america was the victim of a crime perpetrated by a 17yearold kid in moscow. How was that carried out . Because the kid was a master hacker but because he bought software that committed crime. One of the key things i talk about in future crimes that most folks dont realize is crime is committed by computers and not by people. Its committed by algorithms and buy software and Artificial Intelligence<\/a>. That is why we are seeing it scale to the level that it does. In the old days the master hacker by way of keyboard drinking red bull staying up three days in a row, it still happens but in the case of the target hack a kid in moscow paid 2000 for a piece of software in a software sent fishing mag emails. He sent a fischer email to a company that was part of the target network. Targets pointofsale. Do all of you know what fischer is . Fishing mag is when you get an email this is hi this is the bank of america Security Team<\/a> in Security Team<\/a> and you have been locked out of your account. Click here and change your password. Dont do that. Its a trap. Dont be afraid but be aware. It was a fishing email and a spear fishing email. Spear fishing is a type of fishing targeted just for you. Thats because the bad guys are on your network and if your name is david and your cfo, and your ceo and cfo enters another says hey davy whats going on they will go ahead an mayor that language. They have gotten so much more sophisticated so they watch the network and patterns of communication so they can dupe people. We think with laptop is secured a 71 ince to have you and to go through encryption is and where will they to go through your Smart Television<\/a> or youre smart phone that is the weak link in the chain. I will not come in through the level they have other ways so that is what happened with target. The easiest way to get into the network . To make it depends. Each is unique. But often user devices so allow executives to bring their own global flows so you have a work laptop that the kids do homework or they may download the movie that is riddled with viruses but the point about target is that attack was not carried out by an cybergenius but it was software written by a cybergenius hacker the has a new Business Model<\/a> to sell criminal software the same way that adobe sells body shop there are companies that sell criminal spy where. Whole thing is automated and point and click. With interpol we were working outside the rio day janeiro and resolve the criminals that we thought were pirated movies that were dvd is but in fact, it was a crime where. The software was a dead city Theft Software<\/a> there were selling to lowerlevel peace without a computer background. It may sell familiar if you bought crime where the more you buy you get a discount. With every piece of software they seldom have the Service Level<\/a> agreement we guarantee 85 it will work or your money back. In the action had won 800 number for tech support. [laughter] that a criminal the calls trying to commit Identity Theft<\/a> but it is now working. Have you read you did your computer . [laughter] to make this is actually modifying to their benefit. Crime is committed by software. It used to be oneonone. Blige would get a knife for again to say stick them up. That is the great career to be a street robber purple you can make your own laws but what is the with the Business Model<\/a> . But what is the scale ability plan . The plan does not scale so then Technology Comes<\/a> along with a locomotive somebody invented a trade now you could do train robberies robbing too rigid people at a time that is the scale ability now with the internet when individual can hit 100 Million People<\/a> that is a fundamental paradigm shift with crime has ever been possible for one person to rob 100 million of anything . So crime has become all right automated in that is why we have this problem. And there is no solution. There are but it doesnt look anything like what is proposed today. Were doing very well on offense been very bad on defense there are a lot of solutions travel give you an example of the problem going to Business School<\/a> been trying to save the world and i talk about government this is not what government will solve by itself. Thaw in of course, individual citizens. But we had a zodiac the sony hack. Who did that . Kim jungun. We made a movie in so they hacked sony to say it is an attack against the United States<\/a> and i will talk about this that my state of the union and it thought finally be will get action. So i listened quite intently he gave the 6600 words speech during the state of the union of which 108 words were dedicated to sever security. There is poverty and Monetary Policy<\/a> but when i saw those 108 words i was not hardened. But then i listen closely to the president said that we need better information sharing with more penalties for dinner the thieves if you think increasing the penalty for three years up to six years will solve this problem he fundamentally do not understand this problem to claim that will protect us is like playing springsteen to sail protect you from a nuclear blast. [laughter] but to be hopeful because ever like to think of myself that we solve the big problems before we faced an existential threat from germany so how did we respond to that . We gathered 120,000 people working in classified facilities around the clock so before the germans could the takeaway point is a big difference is the existential threat that we face from the mass manipulation is they were serious about the threat before them and we are not. And it is of fundamental misunderstanding of the technology is between nine and 13 percent approval rate with respect to though lawyers in the audience but if you looked at the chinese ruling the 10 members there all have a ph. D. In Electrical Engineering<\/a> so fundamentally they and the stand the lack of stem literacy on part of the National Leadership<\/a> that will be a big problem that leads to National Security<\/a>. You earlier talked about the subtitle of your book everything is connected and only getting more connected. With the concept of local whole social so many new Companies Like<\/a> twitter is all about local mobile social that is to invite or facilitate cybercrime. One could draw that conclusion but i do agree. We are creating tremendous amounts the date gropper was arrested by the fbi lied you rob banks . Because that is where the money is. Why would you rob a Lemonade Stand<\/a> . The World Economic<\/a> forum that data is the new oil. That is a value we are creating if you look at the evaluation of gross when his face looks Main Business<\/a> . It is in shooting birds than the Business Model<\/a> is to get data out of view. The challenge with that it goes where the money is. Then we should not be surprised. Have you heard of moores law . Pieces that computer Processing Power<\/a> is between eight and 24 runs. Even the same with the desktop. And that explains much of the of work that i do. The more organized crime comes through. The more data you keep the more it will leak because it there is no such thing as a fundamentally secure computer in a society where is bill on Critical Infrastructure<\/a> for air Traffic Control<\/a> whereby electrical. You can see all the great case studies about big Data Analytics<\/a> but the fact is if Anthem Blue Cross<\/a> has patient records and will line crept it it will be by the basic level and we should not be surprised if you went to a Doctors Office<\/a> ever done little pieces of paper that now goes on line and. So the Big Data Companies<\/a> for those that want to come to this conclusion that it would be those bad criminals look at what theyre doing. But with that process i have to see the role of Technology Companies<\/a> or personal Media Companies<\/a> and how much of your data leaks through them. Theyre understand so how much you pay to use facebook or google . Most people say ive a facebook customer. What do you pay . They say nothing. If you Call American Airlines<\/a> say have already hundred number. You dont get free dresses. You pay for that. You pay for all of this with your own data. What people dont understand is they are bad stewards of your data it is packed not a nuclear monthly the daily. That is for the facebook phone t Security Officer<\/a> you think the data is protected but conversely is taking data that you are providing with a group of data of brokers. But you talk about going against the wave that is happening to be practical. We have technology to be more efficient with Record Keeping<\/a> and it is also more environmentally friendly but it is inevitable they have to for their personal records but then Going Forward<\/a> but with big data is a vicious cycle series talkgteiabout some of the solutions what are those . I am introducing all of the data that is great and we have not seen the company beat up too badly but yet for every record from the is to tear it cost to madrid 6 that is to investigate, plug holes, finding new equipment , notify customers, replace them bring in the pre p. R. Crisis management defend a lawsuit hire outside counsel , and then go to the regular tour in shareholder lawsuits so they lose 100 million records, that isnt chump change. But as to the solutions at the social and societal level we already talked about one of those for cyber. It is something that has the intention the publicprivate sector. Is the Software Industry<\/a> just took a 1 of the gross profit or net profit into a fund then we could solve a problem into a lot. The other thing we can do is we handle crimes as lawenforcement but talk about computer viruses and infection what happens if somebody has measles . We treat them and isolate them for that epidemiological Public Health<\/a> model is a much better way to go. The gold should be to make sure i dont get a virus. So it is the proven models we need a national cyberreserve board with the marine and air force and navy. That will hurt because that disaster will come in and when it does we dont have a plan. Rather than during the disaster or after. Fortunately think theres a huge opportunity lets take a 20 million pot to incentivize embassy who can figure this out because the smartest guy is not in the room with you. They could be halfway around the world and lastly at the social level is this solvable . Inevitably. Egest takes attention with a moderate amount of resources in the president kennedy who sit in the 60s by the end of the decade we will put a man on the mood the marin that just a few millennia ago we were apes walking upright now we put a man on the moon . Then surely we could figure out and virus the problem is were not focused on an. [applause] i think animal little more pessimistic i dont think you can solve the problem because we are human to get 6 billion people who have passwords to not do the wrong thing on the keyboard even if you incentivize to find problems in the network with new digital labels tomorrow, to leave the problem is lets talk about how you find these guys. They are the anonymous bitcoin and that cannot be tracked with all these things being developed. That is a great question and a great point i dont fundamentally disagree but one of the Biggest Challenges<\/a> is trying to figure out who is responsible for the attack. Did sony really get hacked by the North Koreans<\/a> are was internal . Maybe it was somebody else. It is hard. Why . Because it shows he will route the calls to other places but it is routed through afghanistan really he is around the corner from the police station. That is what hackers do you for north korea allegedly tax sony. They will not go to sony. Com they will go to thousands of boxes so it is hard to trace the back. But as to this human factor money suggests that we could solve the problem there is no such thing as perfect security the cost of liberty and personal freedom is great but those to pursue security have neither. So the challenge for us is not perfect security but better security in a realworld example is to park it in a neighborhood with a dark street and no light leaving the bmw running with the hazards on an 10,000 cash . In the bronx you may not be surprised if your car was gone. But you could still have your car stolen. So they could come by to take your car. I am just trying to get people to understand how to lock the front doors of their house and not leave their keys in the car. We could make a massive difference. I talk about. Is specific steps regarding password in the you will drop your several risk by 85 percent suitcase and ever calling for a perfect security but i think we could do better for. Better. Spee rick you have questions , lineup. Digest poll the book off the of bookshelf. It is a template for what youre advocating to gather all the physicist he could find in they found at m. I. T. To establish radar for airplane to airplane then shipped to bear then airplane into the boat. The british sent a team but for them to solve in the period they choose period but we have been focusing Space Technologies<\/a> the today with biology and genetics in what is the next threat . The much like the net to exceed a place they did not get a budget released in resaw in the 70s, the genetic code to have new forms of life perverted is about but they have all come out quite publicly about Artificial Intelligence<\/a> but though last invention of man is. So i have to agree that i am not usher them encouraged said it could make it difficult for the hacker sprue quality is packed six times. Maybe two times. [laughter] the other day vast reference and most are is that tax base that if i told you if you get off facebook and twitter into a tube for three months isis cannot be head of the next 10 people they are looking for. The set of course, i will not. Once said i will think about it. That is why an observation but 20 years ago you will agree think that these bad guys did not have any of these mediums to propagate. So my question is where not on these Big Companies<\/a> to come up with ways they will prevent cyberterrorism . Now they are trying where they put in 1 percent of the net income i dont really buy that because and it becomes manage with by Committee Facebook<\/a> and apple will hate each other and all think it will work better understand why facebook themselves that is very rich company, why would they not put in 1 of there net income to attack this problem . The report of the things i talk about in future crimes is your suggestion. A and i talk about the possibility of considering may be thinking of a little bit of regulation. Weather data privacy or every business rules and that is the way ever country runs. But they have not face any consequences. Your sister is just ship it. We know it is full of bugs and we will deal with the leaders in the county have said that your flashes saturday . This is so lovely way of saying you have been hosed until we figured out there are bugs in the system and now you need to fix that. The model has no consequences for the software then they dont need to fix it. Line is the term of service. But they were prevented on the average year it would take 78 days to read that filed for of of press facebook start off with 1,000 words. Paypal has the largest terms of service in the industry at 36,000 words in shakespeares hamlet is only 32,000. It is an interesting read. Barrett is a Company Called<\/a> the team stopped in the u. K. And vague to arrive at 44 with the terms and conditions of the site. To have permanent ownership of my immortal soul from now into the trinity. [laughter] so that is a big problem. Talking about the Auto Industry<\/a> for 70 their older you might remember ralph nader in the 1950s, unsafe at any speed. Cars were not particularly faith. But it was the most positive Public Health<\/a> impact of the 21st century. Therefore there is room to rent a big step for word. Care years have. More will of the partnership with nasa in the relationship . But we have funding from nokia but it is a completely Fake University<\/a> but in the blessed is not accredited the you will learn so much more. It is about the Artificial Intelligence<\/a> instead of biology to have one mission and but then their super crazy cool people but i do it and it kills you in your sleep. [laughter] so it seems based on what i have read a lot could have been invented by security measures in target as the company for their authentication in you dash its his but it has to be prevented. Some of it with a of them in the sony but the public his head and when its taken this into is could of been avoided. Do we really need to a Huge Investment<\/a> in the Manhattan Free<\/a> fundamentally i agree. Like but all of those very obvious things should be there before we get to another level. But the ability of companies to do with no disrespect but their fundamental understanding of the threat and opposition and i will point out the business opportunities. According to a study there will be though 100 billion of six top cybersecurity. When her billion locally. A sheriff the hansard some of your questions the faq for being with us tonight. [applause] thinks. Nice to meet you the 1900 storm struck galveston saturday September September<\/a> 8, 1900. Is started at noon increasing in intensity then tapered off before midnight that evening. This hurricane was instill is the deadliest in the history of the United States<\/a>. The destruction was 30 million but the death toll is why we remember this. It can happen again. Saturday 1900 people would thronged to the beach. The rising tide and the wind drew them. They watched in amazement. At that time there was the low wooden bathhouse and we had piers and the huge pavilion. As a store and increased in intensity for those ever turn into matchsticks by the hurricane people didnt realize it would increase so rapidly so they took refuge in their home especially south of broadway they would offer refuge but of little did they know thats the storm would increase and the estimated when guest is 120 Miles Per Hour<\/a> were. By the time they realized this is a birdseye map. But it gives a good idea of the fiscal layout. You can also see the really there wasnt much distance but they would build large structures north of broadway but self the broadway the house his word but to go over the city in the moon is. There is a period of silence. With a sunday morning and it was thistly put those less did casualtys with the loss of life ahead gilda still with six doesnt put to the corrugated it is estimated the loss of life in galveston alone is approximately 1,000. Many people at that time were businessmen conducting business over the weekend end you had vacationers who were in the gulf of mexico. En there included among the several though some people we cannot account for. There is no accurate or complete 1900 storm documents. We only had 199 official death threat does records most of the people who died in a the hurricane were from wordofmouth. But this will face those to our rapidly acting. The recovery was a homegrown effort but there are thousands upon elses of workers to pay the bill so those bodies bring disease. At the same time they had to provide housing for the survivors, the people couldnt take refuge at their home and also secure food, water, communication but luckily. Of penn potential for destruction is always kept in mind. It was one of the gateways learning from galveston but it is a","publisher":{"@type":"Organization","name":"archive.org","logo":{"@type":"ImageObject","width":"800","height":"600","url":"\/\/ia800508.us.archive.org\/31\/items\/CSPAN2_20150308_040000_Book_Discussion_on_Future_Crimes\/CSPAN2_20150308_040000_Book_Discussion_on_Future_Crimes.thumbs\/CSPAN2_20150308_040000_Book_Discussion_on_Future_Crimes_000001.jpg"}},"autauthor":{"@type":"Organization"},"author":{"sameAs":"archive.org","name":"archive.org"}}],"coverageEndTime":"20240621T12:35:10+00:00"}

© 2025 Vimarsana