The 2014 iOCTA (Internet Organized Crime Threat Assessment), published in September by Europol’s European Cybercrime Centre (EC3), describes an increased commercialization of cybercrime and predicts that online crime is going to move from things like identity theft to actual first-degree murder. Maybe even this year.
In related news, Pew predicts that an internet-based attack will result in major loss of life in the next decade.
Both assess that intelligence and law enforcement organizations are in no way ready.
How do you kill someone online?
Well, you can internet-bully them until they commit suicide, but Europol, going off an IID report, is talking about online murder being murder via a hacked internet-connected device. Europol seems to take this pretty seriously; you can read the whole iOCTA or the summary.
This has been possible since at least 2011, when a diabetic hacker demonstrated that he could take remote control of his implanted insulin pump and either stop it or dump the whole load. With the growth of the Internet of Things, implanted medical devices are no longer near-field only, just able to send and receive with their host’s phone.
That, combined with people’s generally lax security, the lack of regulations and control on implanted medial devices, and the growth of Crime as a Service (CaaS) all combine to suggest that the access information for thousands of implanted medical devices is online, along with tips on how to use one to kill its owner.
I think killing someone by taking control of their car would also count.
How else do you kill someone online?
The Pew study is about cyber war, and similar in the sense that rather than one individual’s internet-connect support device, the target is the internet-connected support of a region or a nation. Imagine the deaths in New England if the power grid went down this winter for days or weeks. Imagine the deaths anywhere if traffic controls failed. Attacks with less instant gratification could include manipulations of water treatment facilities, or simply stopping the flow of water to an area like Southern California.
But it’s possible the worst attack would be against the trading bots of Wall Street. That would throw the world into chaos and affect exactly the WEIRD world command and control structures you’d want distracted, if you were, say, Russia and decided to, say, invade one or more of your neighbors.
Fortunately the financial systems are pretty hardened against attacks, but most government-managed systems, in the US or elsewhere, are not.