Futurist: disruption top threat, not cyber
If you have visions of the world being plunged into chaos by a catastrophic cyberattack, you might want to adjust your expectations and consider some more probable scenarios.
Who says so? Futurist, inventor and hacker Pablos Holman.
But don't be too quick to breathe easy, because, while a cyber attack calamity worthy of an epic Hollywood disaster movie does not get top billing in Mr Holman's mind, something else does. And there's a very good chance that that something has already infiltrated your computer and is sitting quietly, doing nothing to attract attention, but watching.
Evoking the popular imagery of a cyberattack targeting a country's most vital infrastructure, Mr Holman said: “If I'm a sophisticated hacker and I get into your computer, am I going to shut down the power grid. Why?
“You are just going to reboot, kick me out, and six minutes later America would be back to normal.
“Catastrophic failures are improbable from an attacker's perspective. What I would do instead is, if I get into your machine, your power system, your company, I'm going to hide, and sit and watch and find something I can trade on. This is what is going on, this is what we need to worry about.”
The potential damage caused by a hacker secretly gathering data and trading on it was part of the message delivered by Mr Holman when he addressed attendees at the ILS Bermuda Convergence Conference. The American delivered a keynote speech at last week's event in the Hamilton Princess.
He said a smart hacker, once inside a computer or network, would probably not look to shut things down or cause damage because they would get found out and lose their position.
“So, a lot of the real threats that are sophisticated, you are not going to find them.”
He estimates every computer has probably been hacked.
“All of your machines have super vulnerable software; Adobe Flash, Adobe PDF, Java — all can run remote code.”
Hackers can embed malicious code into online ads, which then goes out to ad networks and onto websites, he explained. “You only have to surf the web and your computer is taken over.”
The computer user will be unaware their device has been infected, as a sophisticated hacker will not expose themselves. All the same, the hacker now has the ability to recruit the computer for a botnet attack, or search files and folders for credit card numbers, passwords or similar valuable data.
Mr Holman, whose speech described how technology and innovation will shape the future, said there was an analogy between the work of risk managers and that of computer security professionals.
“We sit there and think of all the things that can go wrong, and how we can prevent it or what we can do about it.”
Mr Holman noted that botnets had become more troublesome, as evident by last month's immense Mirai botnet. It was the biggest distributed denial of service in history and hit many high-profile websites, including Netflix, Twitter and Airbnb.
A botnet is a network of private computers infected with malicious software and controlled without the owner's knowledge. Mirai infected CCTV cameras, digital video recorders and Linux servers.
“Mirai is interesting because it's a new botnet operating at an unprecedented scale, and it is also the first one built of IoT's [Internet of Things} — that means non-PC things that we stuck on the internet,” said Mr Holman, who explained that for 15 years webcams were sold by the millions and could be plugged into the internet through a computer with an Ethernet connection.
“Webcams were invented before we introduced system update. Millions of these things don't have any kind of system update.
“Hackers figured out a bunch of flaws that existed in those things. One is that a lot of them have a default password, most users don't get around to changing the default password, and a bunch of them have a backdoor password that is baked into the software on the webcam, so you can't change that even if you want to.”
Hackers wrote programs that could systematically try the default password for the devices on every IP address on the internet “just to see what falls in their lap”.
Mr Holman said: “Some tried that and found a quarter of a million webcams fell into their lap. They are all connected to the IoT; they can start sending spurious traffic to Netflix for example.
“And if they get them all going to Netflix at once, it's even more traffic than Netflix can handle, and Netflix goes down. It was down for a bunch of minutes.”
Such attacks, known as distributed denial of service, are battles centred on who has the most bandwidth, “the good guy or the bad guy — the service provider or the attacker”, said Mr Holman.
However, the world of hacking is not all bleak news, because the skills and talents of hackers can be harnessed and, when bolstered with big data, artificial intelligence and other technological advances, achieve positive outcomes.
Mr Holman shared examples. He works at the Intellectual Ventures Laboratory, Washington state, where staff with a range of talents from science to technology, collaborate on inventions.
One project is a fission reactor powered by nuclear waste. Traditional nuclear reactors are only 0.7 per cent efficient. Mr Holman explained that the 99.3 per cent of energy still locked in the resulting depleted uranium can be utilised.
“Today's reactors were designed with pencils and slide rules 50 to 60 years ago. We can do better. With our giant supercomputer we literally model every neutron in the reactor, we know what is going to happen,” he said. He described how a chain reaction using enriched fuel could efficiently burn its way from one end of a shipping container-sized reactor's uranium supply to the other during the course of 60 years.
“There's never a critical mass of fissionable fuel, you don't need a fuel enrichment plant anywhere. It's a modern safe reactor. It can't meltdown and it recycles nuclear waste.”
A stockpile of such depleted uranium exists in Kentucky. The 700,000 metric tonnes of fuel, if processed in the way described, would meet all the world's power needs for the next 1,000 years, said Mr Holman.
Other inventions he has been involved with include a machine that redistributes warm water from the surface of the sea to a deeper level, thereby theoretically suppressing hurricanes; a fence-post mounted device that can accurately target malaria-carrying mosquitoes and shoot them down with a laser; and self-driving sewing machines that create garments on-the-spot, thereby negating the need for a long and expensive supply chain.
Mr Holman also described a powerless Thermos-type cooler that can be used in hot climates to keep vaccines frozen for weeks at a time, overcoming the high vaccine failure rate in such environments — failures that result from vaccines going off because they could not be stored at the correct temperature for long enough.
Mr Holman said hackers and inventors think differently from most people. If you give them a new gadget they will flip it over, dismantle it, and figure out what they can build from the rubble.
“It is that discovery process that is fundamental to invention and innovation; without it you never get anything new.
“They are good at figuring out what is technically possible. You never get a new invention by reading the directions. So we need these kind of creative minds to figure out what is possible.”
Having somewhat rehabilitated the image of hackers in the minds of the audience, Mr Holman said the number one risk is not cyberattack or hacking, it is disruption. He pointed to the arrival of supercomputers and the ways they are transforming the world.
“Our computational ability, for the first time in history, has surpassed our imagination. We are at the beginning, right now, of figuring out what computers are good for.
“Big data, artificial intelligence, computational modelling — all these things together mean we are going to flip our relationship between causations and correlation.”