The years between 2016 to 2028 are shaping up to be a bonanza for cyber criminals, a decade-long gold rush.
Why? Because most today's public and private digital infrastructure suffers from serious security vulnerabilities; because there aren't enough trained network security professionals available to close these vulnerabilities; and because most governments don't even have a central agency devoted to fighting cybercrime.
All-in-all, the rewards of cybercrime are great and the risk low. Globally, this amounts to businesses and individuals losing $400 billion each year to cybercrime.
And as more and more of the world becomes interconnected online, we forecast hacker syndicates will grow in size, number, and technical proficiency, creating the new cyber mafia of our modern age. Luckily, the good guys aren't completely defenseless against this threat. Future police and federal agencies will soon gain new tools that will turn the tide against the online criminal underworld.
The dark web: Where the future’s top criminals will reign supreme
In October 2013, the FBI shut down the Silkroad, a once thriving, online black market where individuals could purchase drugs, pharmaceuticals, and other illegal/restricted products in much the same fashion they could buy a cheap, Bluetooth shower speaker off of Amazon. At the time, this successful FBI operation was promoted as a devastating blow to the burgeoning cyber black market community … that is until Silkroad 2.0 launched to replace it shortly thereafter.
Silkroad 2.0 was itself shut down in November 2014, but within months was again replaced by dozens of competitor online black markets, with well over 50,000 drug listings collectively. Like cutting off a head of a hydra, the FBI found its battle against these online criminal networks to be far more complex than originally expected.
One big reason for the resilience of these networks revolves around where they are located.
You see, the Silkroad and all of its successors hide away in a part of the Internet called the dark web or darknet. ‘What is this cyber realm?’ you ask.
Put simply: The everyday user’s experience online involves their interaction with website content they can access by typing in a traditional URL into a browser—it’s content that’s accessible from a Google search engine query. However, this content only represents a tiny percentage of the content accessible online, the peak of a giant iceberg. What’s hidden (i.e. the ‘dark’ part of the web) is all the databases that power the Internet, the world’s digitally stored content, as well as password-protected private networks.
And it's that third part where criminals (as well as a range of well-meaning activists and journalists) roam. They use a variety of technologies, especially Tor (an anonymity network that protects its users' identities) to securely communicate and do business online.
Over the next decade, darknet usage will grow dramatically in response to the public’s rising fears about their government’s domestic online surveillance, especially among those living under authoritarian regimes. The Snowden leaks, as well as similar future leaks, will encourage the development of ever more powerful and user-friendly darknet tools that will allow even the average Internet user to access the darknet and communicate anonymously. (Read more in our upcoming Future of Privacy series.) But as you might expect, these future tools will also find their way into the toolkit of criminals.
Cybercrime as a service
While selling drugs online is the most popularized characterization of online crime, drug sales, in fact, represent a shrinking percentage of online criminal commerce. The savvier cyber criminals deal in far more complex criminal activity.
We go into detail about these different forms of cybercrime in our Future of Crime series, but to summarize here, top end cybercriminal syndicates make millions through their involvement in:
- The theft of millions of credit card records from all types of e-commerce companies—these records are then sold in bulk to fraudsters;
- Hacking the personal computers of high net worth or influential individuals to secure blackmail material that can be ransomed against the owner;
- The sale of instruction manuals and specialized software that novices can use to learn how to become effective hackers;
- The sale of ‘zero-day' vulnerabilities—these are software bugs that have yet to be discovered by the software developer, making it an easy access point for criminals and enemy states to hack into a user account or network.
Building off the last point, these hacker syndicates don't always operate independently. Many hackers also offer their specialized skill set and software as a service. Certain businesses, and even select nation states, use these hacker services against their competitors while keeping their liability minimal. For example, corporate and government contractors could use these hackers to:
- Attack a competitor’s website to take it offline;
- Hack a competitor’s database to steal or make public proprietary information;
- Hack a competitor’s building and factory controls to disable or destroy valuable equipment/assets.
This 'Crime-as-a-Service' business model is set to grow dramatically over the coming two decades. The growth of the Internet into the developing world, the rise of the Internet of Things, the aggressive uptick in smartphone-enabled mobile payments, these trends and more will create a wide range of cybercrime opportunities too lucrative for new and established criminal networks to overlook. Moreover, as computer literacy expands in the developing world, and as more advanced cybercrime software tools become available over the darknet, the entry barriers into cybercrime will fall at a steady rate.
Cybercrime policing takes center stage
For both governments and corporations, as more of their assets become controlled centrally and as more of their services are offered online, the scale of damage a web-based attack could wreak will become a liability that’s far too extreme. In response, by 2025, governments (with lobbying pressure from and cooperation with the private sector) will invest substantial sums into expanding the manpower and hardware needed to defend against cyber threats.
New state and city-level cybercrime offices will work directly with small-to-medium sized businesses to help them defend against cyber attacks and provide grants to improve their cyber security infrastructure. These offices will also coordinate with their national counterparts to protect public utilities and other infrastructure, as well as consumer data held by massive corporations. Governments will also employ this increased funding to infiltrate, disrupt and bring to justice individual hacker mercenaries and cybercrime syndicates globally.
By this point, some of you may wonder why 2025 is the year we forecast governments will get their act together on this chronically underfunded issue. Well, by 2025, a new technology will mature that’s set to change everything.
Quantum computing: The global zero-day vulnerability
At the turn of the millennium, computer experts warned about the digital apocalypse known as Y2K. Computer scientists feared that because the four-digit year was at the time only represented by its final two digits, that all manner technical meltdowns would occur when 1999's clock struck midnight for the very last time. Luckily, a solid effort by the public and private sectors headed off that threat through a fair amount of tedious reprogramming.
Today computer scientists are now fearing a similar digital apocalypse will occur by the mid to late 2020s due to a single invention: the quantum computer. We'll cover quantum computing in our upcoming Future of Quantum Computing series, but for the sake of time, we recommend watching this short video below by the team at Kurzgesagt who explain this complex innovation quite well:
To summarize, a quantum computer will soon become the most powerful computational device ever created. It will calculate in seconds problems that today's top supercomputers would need years to solve. This is great news for calculation intensive fields such as physics, logistics, and medicine, but it would also be hell for the digital security industry. Why? Because a quantum computer would crack almost every form of encryption currently in use. And without dependable encryption, all forms of digital payments and communication can no longer function.
As you can imagine, criminals and enemy states could do some serious damage should this tech ever fall into their hands. This is why quantum computers represent a future wildcard that’s hard to forecast. It’s also why governments will likely restrict access to quantum computers until scientists invent quantum-based encryption that can defend against these future computers.
AI powered cyber computing
For all the advantages modern hackers enjoy against outdated government and corporate IT systems, there is an emerging tech that will shift the balance back towards the good guys: artificial intelligence (AI).
Thanks to recent advances in AI and deep learning technology, scientists are now able to build a digital security AI that operates as a kind of cyber immune system. It works by modeling every network, device, and user within the organization, collaborates with human IT security administrators to understand said model's normal/peak operating nature, then proceeds to monitor the system 24/7. Should it detect an event that doesn't conform to the predefined model of how the organization's IT network should function, it will take steps to quarantine the issue (similar to your body's white blood cells) until the organization's human IT security administrator can review the matter further.
An experiment at MIT found his human-AI partnership was able to identify an impressive 86 per cent of attacks. These results stem from the strengths of both parties: volume-wise, the AI can analyze far more lines of code than a human can; whereas an AI may misinterpret every abnormality as hack, when in reality it could have been a harmless internal user error.
Bigger organizations will own their security AI, whereas smaller ones will subscribe to a security AI service, much like you would a subscription to a basic anti-virus software today. For example, IBM's Watson, previously a Jeopardy champion, is now being trained to work in cybersecurity. Once available to the public, the Watson cybersecurity AI will analyze an organization's network and trove of unstructured data to automatically detect vulnerabilities that hackers can exploit.
The other benefit of these security AIs is that once they detect security vulnerabilities within the organizations they are assigned to, they can suggest software patches or coding fixes to close those vulnerabilities. Given enough time, these security AIs will make attacks by human hackers next to impossible.
And bringing future police cybercrime departments back into the discussion, should a security AI detect an attack against an organization under its care, it will automatically alert these local cybercrime police and work with their police AI to track the hacker's location or sniff out other useful identification clues. This level of automated security coordination will deter most hackers from attacking high-value targets (e.g. banks, e-commerce sites), and over time will result in far less major hacks reported in the media … unless quantum computers don't muck everything up.
A safer online experience
In the previous chapter of this series, we discussed how our future surveillance state will make life in public safer.
By the late 2020s, future security AI will make life online equally as safe by blocking sophisticated attacks against government and financial organizations, as well as protecting novice internet users from basic viruses and online scams. Of course, this isn't to say that hackers will go extinct in the next decade, it just means the costs and time associated with criminal hacking will go up, forcing hackers to be more calculated about who they target.
Thus far in our Future of Policing series, we discussed how technology will help make our everyday experience safer off and online. But what if there was a way to go one step further? What if we could prevent crimes before they even happen? We'll discuss this and more in the next and final chapter.
Future of policing series
Militarize or disarm? Reforming the police for the 21st century: Future of policing P1
Automated policing within the surveillance state: Future of policing P2
Predicting crimes before they happen: Future of policing P4