Marc Goodman (@futurecrimes) is a former Los Angeles police officer who started that department’s first Internet crime unit in the mid-1990s. After two decades spent working with Interpol, the United Nations, and NATO, Goodman founded the Future Crimes Institute to track how criminals use technology.
Malicious types of software, like viruses, worms, and trojans, are the main tools used to harvest personal data. Cyber criminals also use social engineering techniques, such as phishing emails populated with data gleaned from social networks, to trick people into providing further details. In the interview below, Goodman outlines some of the other ways organized criminals and terrorists are harnessing data for nefarious ends.
What motivates data criminals?
Marc Goodman: Anything that would motivate someone to join a startup would motivate a criminal. They want money, shares in the business, a challenge. They don’t want a 9-to-5 environment. They also want the respect of their peers. They have an us-against-them attitude; they’re highly innovative and adaptive, and they never take the head-on approach. They always find clever and imaginative ways to go about something that a good person would never have considered.
What type of personal data is most valuable to criminals?
Marc Goodman: The best value is a bank account takeover. A standard credit card might cost a criminal only $10, but for $700 they could buy details of a bank account with $50,000 in it, money that could be stolen in just one transaction.
European credit cards tend to cost more than American credit cards since Europeans are much better at guarding their data and have legislation in place, such as the European directive on data privacy, which prohibits the aggregation and long-term storage of personally identifiable information.There’s also a universal identifier for Americans — the social security number — but the same thing doesn’t exist from a pan-European perspective.
How is data crime more scalable than traditional crime?
Marc Goodman: Data crime can be scripted and automated. If you were to take a gun or a knife and stand on a street corner, there are only so many people you can rob. You have to do the crime, run away from the scene, worry about the police, etc. You can’t walk into Wembley Stadium with a gun and say, “Everybody, put your hands up,” but you can do the equivalent from a cyber-crime perspective.
One of the reasons why cyber crime thrives is that it’s totally international whereas law enforcement is totally national. Now, the person attacking you can be sitting in New York or Tokyo or Botswana. The ability to conduct business without getting on a plane is an awesome advantage for international organized crime.
How has cyber crime evolved?
Marc Goodman: In the 1970s, you had to be a clever hacker and create your own scripts. Now all of that stuff can be bought off the shelf. You can buy a package of crimeware and put in the email addresses or the domain that you want to attack via a nice user interface. It’s really plug-and-play criminality.
You claim that the 2008 Mumbai attackers used real-time data gathering from social networks and other media. How do terrorists use data?
Marc Goodman: Since the Internet arrived, terrorists have been advertising, doing PR, recruiting, and fundraising, all online. But this was the first time that we had seen terrorists use technology to the full extent that this group did during the incident. They had mobile phones and satellite phones. The terrorist war room they set up to monitor the media and feed back information in real time to the attackers was a really significant innovation.
They re-engineered the attack mid-incident to kill more people. They were constantly looking for new hostages. Organizations like the BBC and CNN were tweeting to ask people on the ground in Mumbai to contact a producer. People trapped in hotels called the TV stations. All of that information was being tracked by the terrorist war room. There was an Indian minister who was doing a live interview on the Indian Broadcast Network (IBN) while hiding in the kitchen of the ballroom of the Taj Mahal hotel. The war room picked this up and directed the attackers to that part of the hotel where they could find the minister.
What can be done to combat cyber crime?
Marc Goodman: The terrorism problem is very different from the cyber crime problem. Most acts of terrorism are carried out in the real world whereas cybercrime offenses take place in virtual spaces.Governments are pretty good at tracking the terrorists in their own countries, and there is decent international cooperation on terrorism.
What is making things more difficult for governments is that, in the old days, if you tapped somebody’s home phone, you had a good picture of what was going on. Now you don’t know where to look. Are they communicating on Facebook, on Twitter, or having a meeting in World of Warcraft?
Law enforcement needs to develop better systems to deal with the caophony of social media usage during a terrorist attack. The public is getting involved in ways that are, frankly, unhealthy. There was a hostage situation in the U.S. a couple of months ago where a man took a hostage and was sexually assaulting her. He had her trapped in a hotel room with guns and was posting live on Facebook and Twitter. Then the public started to interact with the hostage-taker, tweeting things like, “You wouldn’t kill her. You are not brave enough to do it.” In the past, police could close off several city blocks, put up yellow crime scene tape, close the airspace over the scene, and bring in a trained negotiator. How does law enforcement intervene when there can be a completely disintermediated conversation between the criminal or terrorist and the general public?
Marc Goodman discussed the business of illegal data at Strata New York 2011. His full presentation is available in the following video:
This interview was edited and condensed.