News of additional cyber crimes on pipelines, healthcare facilities, and the federal response against the perpetrators is only getting warmed up. In just the past month everything from the New York City Subway to meatpacking plants to oil pipelines and Martha’s Vineyard have been attacked with ransomware.
What seemed like — or to many may still feel like — “crimes of the future” are here now.
Marc Goodman is a veteran law enforcement officer who researches emerging technologies and their criminal implications.
Goodman was among the first, for example, to identify ways criminals could kidnap business travelers for ransom or their life. One method involves identifying airline employees on social media, assessing whether they’re disgruntled or just underpaid, then bribing them for flight manifests. By Googling each name you can find the people with high net worth, connections, or are otherwise lucrative targets with drivers ready at their destination.
The kidnapping occurs when the criminals arrive early to the airport, bribe the driver sent to pick them up, and swap in a criminal. “The executive flying in from New York, San Francisco, or London would get off the plane, see the piece of cardboard with their name on it, walk up to the person who was dressed like a limousine driver, get into a car, and get kidnapped as a result,” writes Goodman in his book, Future Crimes: Inside the Digital Underground.
This is why securing your own rideshare or taxi is preferable, even if traveling in the United States. It doesn’t eliminate the risk but does create a trail of evidence.
“I’ll give you another example. There’s a medicine called Warfarin, which is blood thinner. There’s a certain small percentage of people who have a genetic marker that makes them allergic to that, and it’s deadly if taken,” writes Goodwin. He explains this is a serious issue for DNA testing and genetic information sharing. The US and most other countries lack the regulatory and oversight mechanisms to ensure the privacy of genetic information, whether gathered by private companies through genealogical research sites or medical facilities performing lab work.
These personalized “bioweapons” might not seem like a substantial worry to most of us but as a threat against a future political leader, executive, or high-value target, they can be.
Today, the single largest threat against healthcare facilities and companies isn’t a disgruntled patient or employee, though that is a real risk. The larger threat is a cyber attack that holds patient records hostage, seizes billings and revenue streams, or causes next-level financial ruin. Even with insurance covering some of the security risks, premiums are a significant financial impact, too.
“This stuff is not going away”, says Rick Ball. Ball is Cyber/Continuity of Operations Branch Director at Vantage Point Consulting. New classes, exercises, and in-person or online cybersecurity trainings are available now.