A power plant goes offline after it is infected with a computer virus, a cybercriminal causes a crash by remotely disabling a vehicle’s brakes, an AI-psychologist picks potential victims of investment fraud, one hundred hacked smart lights attack and take down a smart home…
Most of these frightening but currently still theoretical scenarios will become reality in 10-20 years’ time. European analysts agree that recent efforts are no longer enough and also recommend Estonia considerably boost its capacity for fighting cybercrime.
Technology is developing rapidly and so is cybercrime. The Ministry of Internal Affairs commissioned an analysis from the RAND Europe think tank on cybercrime and technologies used (or that will soon be used) therein, things Estonia should keep in mind when contributing to crime prevention and their possible consequences. The report concludes that risks associated with digital systems and ICT in general will only grow in time.
Head of information security at the ministry Martin Sepp says that ICT concerns all walks of life today and every person and company might fall victim to malware and email scams. “Estonia has 99 percent digital services and our dependency on ICT is extraordinary when compared to many other countries. It is a matter of national security for the e-state to keep up with developments or – better yet – stay a few steps ahead. While that requires investments,” he says.
Pay quickly or die!
The trick with autonomous devices is getting them to do something that benefits the criminal instead of the user.
Imagine you are driving down the Tallinn-Tartu highway when suddenly your infotainment screen tells you that your brakes have been disabled and you will plow into a truck in three kilometers if you do not make a transfer now. If you make the transfer, you will be given back control over your car. What do you do?
Taking control over technology away form the user spells danger. Just how autonomous is this thing? Can you mechanically disable a vehicle when cruising down the motorway?
Investment scammers can make simultaneous calls to thousands of people. All they need is a computer. There are nearly seven billion potential victims worldwide. Algorithms help criminals target the most vulnerable among them.
Imagine receiving a call from an artificial intelligence offering you a risk-free investment opportunity. While you are either unemployed, having financial difficulties or a former investor who has lost a large sum of money and is looking to recover. The AI can tell based on the tone of your voice alone where you are emotionally to eventually forward you to a real person who proceeds to take you for everything you’ve got.
Head of the Police and Boarder Guard Board’s (PPA) cybercrime bureau Oskar Gross says that crime is not fully automated yet.
“I do not believe people will be left out of criminal schemes and be replaced by robots inside the next couple of decades. However, computers play an important role as they make it much easier to perpetrate crimes against a lot of people simultaneously. The cheaper computing power and the more capable machine learning algorithms become, the more likely that such attacks will succeed,” Gross explains.
Hacking a lightbulb
Home appliances that sport a Wi-Fi connection are already available in stores. For example, lightbulbs that connect to Google Home. These devices are not exactly secure and can be accessed with ease. What could happen were anyone to hack your lightbulb? It is possible to disrupt the way they function, facilitating extensive attacks. Defrosting your refrigerator from a distance is far from being the worst a criminal could do.
“The danger depends on the nature of the smart home device. Criminals can steal images from your TV or security camera and collect data on what people talk about or do at home,” Gross says.
Head of the State Information System Authority’s cyberincidents department (CERT-EE) Tõnu Tammer said that the first cybersecurity standards for smart appliances, telling manufacturers of smart lightbulbs what they need to keep in mind, were finished a year ago.
“However, nowhere does it say manufacturers have to comply with these standards. It will take time for regulations to catch up to standards. 99.9 percent of devices available do not meet the standards today. This means no one is ensuring data security at present. The snowball has been sent rolling. The question is how much damage will it manage to do before it reaches the foot of the hill,” the IT specialist ponders.