Skip to main content

The Big Steal

I’m not here to predict the future;” quipped the novelist, Ray Bradbury. “I’m here to prevent it.” And the future looks much like one where giant corporations who hold the most data, the fastest servers, and the greatest processing power will drive all economic growth into the second half of the century.

We live in an unprecedented time. This in the sense that nobody knows what the world will look like in twenty years; one where making confident forecasts in the face of new technologies becomes a real challenge. Before this decade is over, business leaders will face regular and complex decisions about protecting their critical information and systems as more of the existing solutions they have relied upon are exposed as inadequate.

The few real certainties we have available surround the uninterrupted march of Moore’s Law - the notion that the number of transistors in the top-of-the-line processors doubles approximately every two years - and the unpredictability of human nature. Experience tells us that where new opportunities for fraud and financial crime exist, the ‘Dark market’ will expand to meet them. Asked why he robbed banks, the gangster John Dillinger replied: ‘Because that’s where the money is.’ Today is no different, other than a growing appetite for stealing data, offering potentially higher and safer returns to criminals than robbing banks.

It is clear that in the aggregate, our personal information – even relatively innocuous details such as our browser search history is worth a vast amount of money. Over the last twelve months, we have seen an alarming and growing trend, one which we have no reason to believe will not continue to expand. Sophisticated criminal gangs, perhaps even nation states, have been exfiltrating and harvesting ever larger volumes of data from businesses and government departments across the planet; in October 2016 hackers stole the personal data of 57 million customers and drivers from Uber and by far the biggest breach to date is India’s one billion public database of personal details in early 2018.

The question which vexes observers in the information security space; other than constantly trying to protect their assets, is why large and seemingly innocuous databases are hacked and stolen as regularly as attempts to compromise the most financially and personally sensitive? 

In March 2017, I remarked in The Guardian: “A rapid convergence in the data mining, algorithmic and granular analytics capabilities of companies like Cambridge Analytica and Facebook is creating powerful, unregulated and opaque ‘intelligence platforms”. However, these two influential and powerful companies are simply those whose interests and activities most visibly coincide in repurposing consumer data, aggregating and analysing it for profit.

Alexander Nix
There are many more unknown operations of a similar nature likely operating in the shadows; sharing, analysing and exploiting the huge volumes of data being stolen on a regular basis and for a whole spectrum of different and often criminal purposes. This is ‘Big Data’ raised to a further level of deep sophistication, with a new generation of powerful analytics services rented on the Amazon cloud and most commonly associated with the more advanced computing capabilities of western intelligence agencies.

There are three convergent trends, which projected-out to the near future, we should be wary of. These are Machine Learning and Artificial Intelligence in conjunction with rapid advances in Quantum Computing and new and cost-efficient cloud-hosted Big Data aggregation and advanced predictive analytics services. By 2020 there will be some 50 billion devices connected to the internet as the Internet of Things continues to expand at a near exponential rate. Every minor detail of our lives will silently deliver a stream of tracking and personal telemetry and data points which in isolation are worth nothing but in volume offer valuable insights when aggregated and analysed at scale. As an example, Google (Alphabet) alone is using 46 billion data points in one project to predict the medical outcomes of hospital patients.

 It is estimated that by 2020, we will have generated over 44 Zb (1 zettabyte = 1 trillion Gb) of data, and that amount will continue to grow at a rate of 1.7 Mb per person per second.

The scandal surrounding Cambridge Analytica and Facebook has arrived as a sharp wake-up call over the growing value of personal data. It’s entirely possible, that in anticipation of a breakthrough advances in the availability of cloud-hosted, quantum computing and analytics for rent, perhaps within the next five years, that well-funded, well organised and forward-looking criminals are simply storing the terabytes of encrypted information they have stolen, awaiting the day that fast, cryptography-breaking quantum computing-based algorithms are developed.

While it’s equally possible that much of that stolen information might be out of date by the time this new technology arrives, viewed at scale, it will still represent a treasure trove of enormous value to whoever might wish to exploit it to use in finely-crafted identity theft schemes, among other possibilities.

Data is the new oil’ wrote The Economist magazine in 2017. While this analogy might exaggerate its value, for organised crime, with a growing arsenal of cheap and powerful data mining and hacking tools at its disposal, data is most certainly where the money is and if you haven’t lost data to a passing hacker already, then you are likely overdue for a visit anytime in the near future.

Popular posts from this blog

Civilisational Data Mining

It’s a new expression I haven’t heard before. ‘Civilisational data mining.’

Let me start by putting it in some context. Every character, you or I have typed into the Google search engine or Facebook over the last decade, means something, to someone or perhaps ‘something,’ if it’s an algorithm.

In May 2014, journalists revealed that the United States National Security Agency, the NSA, was recording and archiving every single cell-phone conversation that took place in the Bahamas. In the process they managed to transform a significant proportion of a society’s day to day interactions into unstructured data; valuable information which can of course be analysed, correlated and transformed for whatever purpose the intelligence agency deems fit.

And today, I read that a GOP-hired data company in the United States has ‘leaked’ personal information, preferences and voting intentions on… wait for it… 198 million US citizens.

Within another decade or so, the cost of sequencing the human genome …

The Nature of Nurture?

Recently, I found myself in a fascinating four-way Twitter exchange, with Professor Adam Rutherford and two other science-minded friends The subject, frequently regarded as a delicate one, genetics and whether there could exist an unknown but contributory genetic factor(s) or influences in determining what we broadly understand or misunderstand as human intelligence.

I won’t discuss this subject in any great detail here, being completely unqualified to do so, but I’ll point you at the document we were discussing, and Rutherford’s excellent new book, ‘A Brief History of Everyone.”

What had sparked my own interest was the story of my own grandfather, Edmond Greville; unless you are an expert on the history of French cinema, you are unlikely to have ever hear of him but he still enjoys an almost cult-like following for his work, half a century after his death.

I've been enjoying the series "Genius" on National Geographic about the life of Albert Einstein. The four of us ha…
The Mandate of Heaven

eGov Monitor Version

“Parliament”, said my distinguished friend “has always leaked like a sieve”.

I’m researching the thorny issue of ‘Confidence in Public Sector Computing’ and we were discussing the dangers presented by the Internet. In his opinion, information security is an oxymoron, which has no place being discussed in a Parliament built upon the uninterrupted flow of information of every kind, from the politically sensitive to the most salacious and mundane.

With the threat of war hanging over us, I asked if MPs should be more aware of the risks that surround this new communications medium? More importantly, shouldn’t the same policies and precautions that any business might use to protect itself and its staff, be available to MPs?

What concerns me is that my well-respected friend mostly considers security in terms of guns, gates and guards. He now uses the Internet almost as much as he uses the telephone and the Fax machine and yet the growing collective t…