Cyber crime: First online murder will happen by end of year, warns US firm

The rapidly evolving Internet of Everything will leave us more vulnerable to cyber criminals, according to a worried Europol

Governments are ill-prepared to combat the looming threat of "online murder" as cyber criminals exploit internet technology to target victims, the European policing agency warned. In its most alarming assessment of the physical danger posed by online crime, Europol said it expected a rise in "injury and possible deaths" caused by computer attacks on critical safety equipment.

Police forensic techniques need to "adapt and grow" to address the dangers posed by the so-called "Internet of Everything" – a new era of technological interconnectedness in which everything from garage doors to hospital health systems will be linked and controlled through computer networks.

The concept is behind the likely development of smart homes, cars and even cities, but police warned that the failure to protect devices properly could see them open to being hacked by outsiders to make money or to attack opponents.

The Europol threat assessment published last week cited a report by US security firm IID that predicted the first murder via "hacked internet-connected device" by the end of 2014. There have been no proven cases of murder by tampering with devices but hackers have highlighted numerous flaws in computer security systems.

In a series of high-profile stunts, Barnaby Jack hacked into cash machines to make them spew money, and exploited a flaw in an insulin pump. He died last year just before he was about to demonstrate how pacemakers could be hacked.

The former US vice-president Dick Cheney – who has a long history of heart problems – revealed last year that the wireless function had been disabled on his implanted defibrillator because of concerns that outsiders could hack the network and provoke a heart attack.

17-BarnabyJack-AP.jpg
Hacker Barnaby Jack (AP)

The idea was used in US thriller series Homeland when Mr Cheney's fictional counterpart was murdered by a similar method. "Well, I was aware of the danger … that existed but I found it credible," he said in an interview last year. "Because I know from the experience we had and the necessity for adjusting my own device that it was an accurate portrayal of what was possible."

The Europol report also suggested the advent of new forms of extortion and blackmail through connected devices, including locking people out of their smart cars and homes before payment of a ransom. It said that new systems would increasingly rely on facial and speech recognition for security that were open to abuse without up-to-date security in place. The opportunities for tampering with devices come amid predictions that tens of billions of devices will be connected to the internet within the next couple of decades, according to experts." The IoE [Internet of Everything] represents a whole new attack vector that we believe criminals will already be looking for ways to exploit," according to the Europol threat assessment.

"The IoE is inevitable. We must expect a rapidly growing number of devices to be rendered "smart" and thence to become interconnected. Unfortunately, we feel that it is equally inevitable that many of these devices will leave vulnerabilities via which access to networks can be gained by criminals."

17-DickCheney-Getty.jpg

It said that flaws in one system were likely to be part of many more resulting in large numbers of victims. The complexity of technologies would make it hard to identify the perpetrators, it said. Security breaches already identified include the hacking of webcams. A couple in Texas reported that a hacker was able to shout abuse at a two-year-old after exploiting a flaw in their baby monitor.

The US health authorities ordered hospitals to improve security after identifying problems with 300 medical devices and amid reports that malware (malicious software) had slowed down monitors used for high-risk pregnancies.

"There's already this huge quasi-underground market where you can buy and sell vulnerabilities that have been discovered," said Rod Rasmussen, the president of IID. He said that while the first reported murder was yet to happen, "death by internet" was already a reality from online extortion and blackmail that has led to suicide. He said if his firm's prediction of an online murder did not come to pass in 2014, it would likely happen within the next few years.

"Someone could unlock your [smart] home and get in to cause harm," said Craig Spiezle, of the Online Trust Alliance, a US-based privacy and security organisation. With new technology "there's always someone in the background to exploit it", he said.

Comments