Murder 2014: Colonel Mustard, in the chat room, with the Internet

colonel mustarg webIn a couple of years the Internet might just kill you. At least, that’s one of the 2014 predictions from one security company.

This is the time of year when everyone and their dog posts their predictions for what will happen in the wacky world of tech in 2013. The reason? Nobody wants to work over the holidays, and a predictions post is one of those you can whip up ahead of time and just pop in the microwave when it’s time to publish. (Look for one coming from me over the next week or so.)

But I gotta hand it to the folks at net security firm Internet Identity. They decided to beat the rush, skip right over their 2013 predictions and go straight to 2014.

What’s in store two years from now? Murder and mayhem – literally, says IID president and CTO Rod Rasmussen. He says, and I’m not making this up, that in 2014 we will see the first homicides committed remotely using the Internet as the murder weapon.

Per IID’s release:

With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders. Examples include a pacemaker that can be tuned remotely, an Internet-connected car that can have its control systems altered, or an IV drip that can be shut off with a click of a mouse.

“With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective. That’s horrifying,” continued Rasmussen. “Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used.”

I see a new TV spinoff: “CSI: Internet.” Quick, get me Brian Dennehy and Rene Russo. No, make that Shia LaBeouf and Khloe Kardashian.

To be fair, I have spoken with a number of security folks about the possibility of medical devices being turned against us, and they agree it is entirely possible. Then again, such devices have always been vulnerable to some kind of attack, says futurist Anders Sandberg, a research fellow at Oxford University’s Future of Humanity Institute.

“In the good old days the people who made these devices were just happy that they worked,” he says. “They didn’t think about security. The old pacemakers could be controlled by putting a magnet on someone’s chest and twisting it.”

The question, he says, is who would want to? OK, if you were in the same room with Dick Cheney, you might think about it. Otherwise, he says, the attacker’s motives are unclear.

If an hacker discovers a vulnerability within a particular medical device that can be exploited randomly, it’s theoretically possible they could use it to blackmail the manufacturer, adds Paul Koster, CEO and chief scientist at Cryptography Research. But it’s not very likely to pose a danger to patients, and the vulnerabilities aren’t likely to be around much longer in any case.

“Over the last couple of years, device makers have finally started to pay attention to the security of medical systems,” he says. “Having your pacemaker hacked makes for a good story, but climbing into a car and driving to the grocery store – or even the heart condition the pacemaker is there to fix – are greater risks to your health.”

IID’s other big prediction for 2014: Even if the Internet doesn’t kill you, it is likely to pick your pocket via insecure Near Field Communications apps.

“The [number] of banking and point of sale e-commerce apps that are being developed utilizing NFC is astronomical,” said IID Vice President of Threat Intelligence Paul Ferguson. “This is a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”

The company also predicts more widespread attacks from government generated malware, a successful hack attack on the power grid or other major infrastructure, and some attacker hijacking military drones.

Cheery folks, those guys at IID. And I bet you were worried about what awful things people were predicting for 2013. They don’t seem so bad now, compared to being killed by the Internet.

This post originally appeared on InfoWorld.

Trackback URI | Comments RSS

Leave a Reply