Future Crimes Subrahmanya Boda guptabs 1 DISDISDISCLAIMER 2

Future Crimes Subrahmanya Boda @guptabs 1

DISDISDISCLAIMER 2

Content v Technology in Criminal World v Mumbai Attacks v Dawn of Artificial Intelligence v Code and Vulnerabilities v What can I do? 3

Evolution of Virus to powerful malware • First Computer Virus • – Brain Virus – Lahore, Pakistan – Amjad Farooq Alvi and Basit Farooq Alvi • “Welcome to Dungeon © 1986 Brain & Amjads (pvt. ), Brain Computer Services 703 Nizam Block, Allama Iqbal Town, Lahore, Pakistan • Many firsts. . – Copyrighted – Address given for payment to clear Virus Today’s Malware is “Ransom. Ware” – Stealthy – Organized and – 1000+ Variants / Day • • Requires to pay in Crypto Currency (like Bitcoin) Business model yields very high Ro. I 5

Mumbai Attack 2008 and Dawn of Cyber Terrorism • Traditional terrorist used: • Mumbai Attackers – Guns – Granades – Rockets etc – Participants – 10 – Damage: Held Mumbai Captive for 2 Days – 160+ Deaths and 600+ Injuries • Technology aided Terrorist attack – – GPS + Hi-res Maps on CDs Blackberry / Cellphones Sat Phones Back. Ops w. Social Media + Media monitoring • Objective is to cause damage • Objective : Maximize Damage 6

Mumbai Attack 2008 and Dawn of Cyber Terrorism (Contd) • Taj Hotel Room # 632 • • At about 11 p. m. , knock on the door, “Room service, ” / “Shoe Polish” Tried to hide in Toilet, accidentally bangs door The two gunmen blasted the room door’s lock open and entered tied Guest’s hands and feet Terrorist phones their Pakistani base, with name, obtains photo from net – – – – • • Funding of Terrorism is no longer extortion • Cyber. Security as a weapon to “fund” terrorist activities • Phillipines Cell Your Hostage, is he heavy set? Yes Is he bald in front? Yes Does he wear Glasses? Yes What shall we do with him? “Kill him!” Search Engine determines who lives!!! 7

Exponential rise in Power of Computing & Artificial Intelligence • Mobile Phone • More power than NASA using computer to land on moon 40 years back and also cheaper • Artificial Intelligence • 1996. . Chess. . World Champion (Garry Kasparov) is beaten • 2011. . Jeopardy. . Computer emerges as champion, pitted against Brad Rutter • 2016. . Go (Most complex game) … World Champion beaten (Lee Sedol) • Prediction by Kurzweil • By 2045 computer intelligence will exceed human intelligence • Doors open for “Intelligent” bots • Siri assisted concealing a murder • “Where can you hide a dead body? ”. . Swamps, Marshes, and rivers. 8

Exploits and Vulnerabilities • Poland Tram Crash (2008) • 14 year old with infrared control, played with real trams (play train set) • SCADA ( System Control & Data Acquisition) • • Nantanz Uranium enrichment facility, Iran through Stuxnet (2008) Water treatment plant in Texas (2011) German Steel Plant (2014 Dec) Ukraine Power Grid Attack (2015 Dec). . Coordianted • Saudi Aramco (Retaliation attack? ) • Oil and Gas installation (2012) • Through USB injected virus- Shamoon & 30, 000 computers data erased replaced with burning American flag 9

(Software) Code is the new perimeter • • • Apollo landing 145 KLOC (1969) Space shuttle 400 KLOC (1980) Nuclear Plant 5000 KLOC (2000) MS Office 45000 KLOC (2013) Modern Car 100000 KLOC (2014) Health. gov 500000 KLOC (2016) KLOC – Kilo Lines of Code 20 – 30 Defects / KLOC (Avg) 20 K– 30 K bugs in 1000 KLOC More Bugs, More Exploits Cars are the computers we ride in Reuse of the code is the power attribute of software. Heartbleed vulnerability discovered in such reused code affected nearly 60% of web servers on internet and many unknown intranet 10

You are the Product • Patientslikeme. com(2004) • 2, 000 patients diagnosed with 1500 unique disease • Free sites – Facebook(2004), Google(1998) • • • Google Doodle looks innocent 2012 merged all data across 70 services All searches made kept for indefinite period Does not forget, does not delete Average 64 cookies are left by each site to trace and surveil your online activity • Dictionary. Com • Leaves 234 tracking files 11

Terms of Service- Terms of Abuse • 50 pages disclaimers • It would take 76 full working days • Linked. In: • Rights: • • • Irrevocable Perpetual Unlimited Assignable…. Activity: • • • Copy Distribute Commercialise…… • Instagram can use your photo for advertising • J K Rowling if written Harry Potter in Google Docs 12

Terms of Service- Terms of Abuse • Mobile phones have replaced • • Computer Camera Calendar Books Television Radio Games • Electronic tags on prisoners • Constantly signalling to world your location, activity • Google created Android for this opportunity 13

What can I do? - UPDATE Update • OS, Applications, Apps Password • Long containing variants Download • From official sites • Careful about free apps Administrator • Need based use Turnoff Encrypt • Data • Avoid public Wi. Fi 14

Road Ahead- Additional • Email/Message from known sources • USB post virus check • Backup data • Cover up camera • Think before sharing in social networking • Banking transaction in own device 15