Cyber Security: When Crime Goes Online

Would you ever want to feel like you’re at the centre of a video game? Virtual reality is getting closer and closer to real life thanks to the introduction of touch sensors. Tech expert and Angel Investor Peter Cowley spoke to TImothy Revell...

Peter - Virtual reality is the concept where the image that one is viewing is completely computer generated. So it’s generated by graphics or it’s generated by one of these new 360 degree cameras.

Mixed reality, which is a term that’s disappearing gradually, is where you mix the actual scene around you as a human being with some computer generated scene. Augmented reality has not got the ability to interact with that so that in augmented reality you can’t necessarily push something and it will move. But augmented reality is the future where you’re interacting with something else in the environment.

Tim - Some people talk about starting to introduce touch into this equation. How does that work?

Peter - We’re using sight and sound and this is adding a third sense. So this is where some part of your body, whether it’s the chest or the arm, fingers, etc., is experiencing something which is mechanical, so it feels like you’re actually touching some subject or some object. That’s come about because of a whole stack of new technologies like these micro accelerometers in your phones etc., have all got very cheap, and connectivity, so it’s been put together to provide devices which are not necessarily on your skin - a thimble might do it, but also blowing air. There’s a great video on the internet of a butterfly floating around on somebody’s arm which is done by puffs of air from various directions hitting the skin of the arm.

Tim - Besides this being really cool, is this useful in some way?

Peter - Gaming has used it for a long time. In fact, if you go back further still, the stick shakers which were put on the vulcan bomber in the 50s if it was about to stall, that’s feedback into the system.

There’s a lot of new applications - for instance medical. I saw a medical robotics company in Cambridge on Friday which is allowing the surgeon to feel the tissue inside the body while he’s operating on it. Training for aircraft maintenance, military, etc. There’s a new one as well in teaching where you can get the students to understand something better like a three dimensional image if they can feel it at the same time as see it.

Tim - In terms of surgery - is this for robotic surgery? Could you also imagine a situation where you were practicing on a body that doesn’t even exist yet but you’re getting the same sorts of feelings you might do when you’re a surgeon?

Peter - Absolutely. For training purposes you could be inside the body doing things so that you get a feel for what’s it’s going to be like when you’ve got a real human being in front of you.

Tim - How far away is this from becoming normal or something we can actually use?

Peter - If you remember the Microsoft Kinect, which was a gaming device, that’s being used for the gait of horses or the gait of people, so applications come out of other things. At the moment it’s definitely strongly used in gaming. But the killer app, if there is a killer app, hasn’t been found yet. There’s a huge amount of technology and a huge amount of investment going into VR and AR headsets and the world will work out what the best use is for it, but it’s not that clear for me at the moment.

Could you imagine living elsewhere? We’re not talking about a new home or town but a different planet! Recently, Professor Stephen Hawking has said that we have 100 years left to colonise a new planet. He, along with other eminent scientists will be speaking at Starmus Festival in Trondheim later this month. This five day festival is a celebration of science and music, and it’ll be at Starmus where Professor Hawking will reveal just what the problem is. In the meantime, Izzie Clarke went to an event at the Royal Society in May to investigate what needs to be done to find an alternative Earth…

Stephen - I strongly believe we should start seeking alternative planets for possible habitation.

Izzie - Even from Professor Stephen Hawking himself, it sounds like an impossible challenge. Can we really find and colonise a new planet within the next century? With climate change and the global population continuing to increase, is there a plan - or planet - B? I spoke to astronomer and Director of Starmus Festival, Garik Israelian to found out what conditions we’d need to survive on an alternative Earth.

Garik - We were part of the evolution for millions of years. It’s very deep in our genes to have the daylight that we have, the magnetic field of the Earth that we have. We would need the same gravity, so we don’t really know, if you change those conditions slightly - lets say 10% of the magnetic field, 10% of the daylight - what will happen to us? How are we going to evolve as creatures?

Izzie - Are there any possible planets that we might be able to relocate to in the next 100 years?

Garik - No. We don’t know any now. The only thing that astronomers find from time to time are planets where you can have liquid water. But we have no idea about magnetic fields in those planets; we have no idea about atmospheres so all these parameters that we have for the Earth. But I don’t think that having a planet with the mass of the Earth and with liquid water is enough.

Izzie - So more research needs to be done into finding an alternative Earth. Earlier on in the year, scientists from the University of Cambridge found signs of water on a planet within Trappist 1, a planetary system 39 light years away. That’s quite a long way to go without knowing other environmental factors! But imagine if we had found the perfect planet - how do we get there? What, in terms of technology, is holding us back?

Claude - I’m Claude Nicollier. I was a European Space Agency astronaut for 25 years. The two major problems in technology development for the next few decades for going to the solar system will be protection against radiation and the proper propulsion system.

The problem is, if you go outside of the vicinity of the Earth towards the Moon, or Mars, or satellites of Jupiter or Saturn, we need to protect the crew against radiation. Once we are on the surface of another celestial body, we can build habitats where there is protection. If we are on Mars, we can use Mars material to cover the habitat so that we are protected, to a certain degree, against radiation.

For the rest we need, of course, propulsion systems that allow us to go from one place to another in the solar system using something other than chemical propulsion. Chemical propulsion doesn’t give us enough efficiency and capability to travel.

Izzie - Do you know of any further work that’s being done to reach that?

Claude - Lots of testing is being done on nuclear propulsion or, lets say, was done in the 60s mainly and then it was kind of abandoned. We are starting now again to look at new propulsion systems and once you are in space you can use electric propulsion where you ionise a material, then you accelerate the ions using an electric field. The problem with electric propulsion or what’s very efficient, is the thrust is very low. So you cannot leave the surface of a celestial body, be it the Earth, or Mars, or any other body in the solar system using electrical propulsion. But to go from one place to another, if you have enough time, you can do it.

Izzie - It’s safe to say we need to improve our propulsion systems and radiation protection. But what about the human body? Can it actually cope with such a long journey? I spoke to Simon Evetts, a space physiologist who’s creating the first commercial astronaut training centre Blue Abyss…

Simon - When we’re in space and gravity is taken away from us we have less need to contract our muscles. There aren’t heavy things to lift up and we don’t move our heavy body around, so our muscles and our bones decondition - they wither if you like.

Izzie - What are some of the other factors that will affect us living in space?

Simon - Radiation is currently one of the showstoppers, whether it be galactic cosmic radiation or solar flares. High energy particles can hit the body and hit the cells, and these can damage and mutate cells increasing the risk of cancer which is, of course, something we want to avoid. We see reductions in immune capability that occur over long periods in space. All of these things add up to basically deconditioning and degrading the body and our physicality.

Izzie - Can we live in deep space for a long period of time?

Simon - Using the same systems that we have now, then I would say no. It’s very unlikely that we would do so because the body de-conditions so much and the individuals involved would be in a weak state when they arrived at the planet, X number of months or years away.

What we need ideally is, rather than a number of systems and a number of devices to be able to help us, we need to take gravity with us. So we’re talking about spinning space ships, we’re talking about human centrifuges in space. Because if we’ve got artifical gravity with us then all of our systems are being affected and stimulated in the same way that we tend to find on Earth.

Izzie - Right. So all we have to do in the next 100 years is to find a new planet with the same mass, atmosphere, and magnetic field. Develop a new propulsion system and, ideally, have a spacecraft that generates artificial gravity and protects us against radiation!

Stephen - We are running out of space on Earth and we need to break through the technological limitations preventing us living elsewhere in the universe. I am not alone in this view and many of my colleagues will make further comments on this at Starmus next month.

A common complaint is that we often have different passwords for different accounts and devices; and to make them secure we have to make these passwords so complicated that then we can’t actually remember them! So it might be music to some people’s ears to hear that the password’s days are numbered because, increasingly, technology is shifting towards using biometric systems instead. But what are these, and are they any better? Nate Lanxon, head of European Technology News at Bloomberg spoke to Chris Smith…

Nate - One of the biggest problems with passwords is that people tend to prefer convenience over security. The most popular password in the world every year is “password,” closely followed by “1,2,3,4,5,6,” because they’re easy to remember. The problem is that with a large percentage of people using such a password it becomes very easy for a hacker to get many thousands of accounts on the assumption that some of them will use these passwords therefore they can get into them very easily. The same is similarly true for just very easy to remember words like summer and people’s names. They’re very easy and they’re hacked with what’s called a dictionary attack. Very easy, very simple, and very common sadly.

Chris - A biometric method of protection - what’s that instead?

Nate - The most commonly used one at the moment that I think most people would be familiar with is a fingerprint sensor on a smartphone. These are becoming increasingly popular since about 2014. A number of manufacturers now use these and essentially what it does is it overrides the need to use a password or a pin because only you have your fingerprint, generally speaking at least. You have the ability to unlock it just by tapping your finger against a phone. You don’t need to remember anything, you just need to be the same as you were when you set it up. You can combine that with a password or with another factor of verification or login - a technology called two factor authentication, so two forms of login together. That increases your level of security enormously and most big companies and large organisations will now try and get people to enable this kind of two factor security if possible.

Chris - Does it actually work like that though Nate? I know Hollywood is Hollywood but certainly I’ve seen films where people chop people’s thumbs off and use them to gain entry to a secure facility. I’ve also heard tell that people have taken photographs of themselves of their eye and then held it up to a security camera and the picture was enough to fool it into thinking it was looking at the individual's real eye.

Nate - It’s true and I will admit I have asked a doctor before now if a finger was cut off, how long would it take before it was useless against unlocking a phone, but I never tend to get a clear answer. The fact is though you are generally right, and away from Hollywood we have seen evidence that the very high resolution of cameras now can take pictures of a person’s iris with enough definition to trick some systems into believing it is the user.

Similar is true of facial recognition where it is looking at a person’s face and unless you’re tracking what’s called depth mapping where you’re not just looking at a photograph of somebody then, again, those can be a little easier to fool. But the key is that most of these systems, at least in the consumer space, they’re often paired with a second factor of authentication for the really important stuff like payment systems and things like that. At the moment they’re there for convenience. Some of them maybe can be fooled if you’re clever enough but they’re not posing a massive risk to security right now.

Chris - What about implementation of this, because it’s not as trivial when we’ve got phones that you can just quite quickly tap in a password into to have some kind of finger scanner or an eye scanner in those devices? Doesn’t this mean we need a regime shift in how all the devices are made and that’s going to take time which will, inevitably, hold things up?

Nate - One hundred percent and that’s exactly why the password is likely to stick around because while all these sensors are becoming more affordable because more people are buying the devices in the high end and that makes the next generation a little cheaper to be implemented in. At the end of the day, not everyone has the budget to buy a smartphone with a fingerprint sensor or an iris scanner in so you need a fallback for the people that don’t have access. That’s why we’ll still have passwords probably for the next 50 years. But it is also hopefully why people may be a little more savvy and aware that “password” in itself is the worst password you can possibly choose.

Evidence is showing that cybercrime is growing very rapidly and, in terms of scale, has overtaken traditional forms of crime and fraud. Ross Anderson is Professor of Security Engineering at Cambridge University; Chris Smith went to see him to hear how large this problem is, what policymakers need to do to stop it, and what other problems maybe laying in wait for us...

Ross - Most crime in Briain is now online. About 1 million British households this year will become victims of traditional property crime such as burglary and car theft. About 4 million households will be victims of fraud scams and abuses of various kinds, the great majority of which are online and electronic.

Chris - What is the relative value of those two crimes though?

Ross - The relative value is probably about the same, but online crime is increasing at a tremendous rate and it does have real psychological effects on people if they become victims of fraud and they’re not believed by their banks, and the police aren’t interested, and everybody just treats as if it was their fault.

Chris - If I come home and someone has broken into my house and ransacked the place, I know exactly what to do. I can phone up the police and they’ll probably send someone round. If I come home and find someone’s been in my bank account online, what do I do?

Ross - What the bank should do is make you good if you’re a victim of fraud; that’s the guidance from the Financial Conduct Authority. But very often banks don’t do that because they’ve got all sorts of small print in their terms and conditions and they’ll say then it’s not their fault, so it must be yours.

Chris - I can’t phone the police then?

Ross - You can phone the police if you like, but the problem is in 2005 and agreement was made between the banks and the police to the effect that fraud should be reported to the banks. As a result, the Home Office has been able to claim for the past dozen years that crime has been falling when, in fact, it’s just been moving on like everything else.

Chris - What can we do about this?

Ross - The police are going to have to put more effort in doing cybercrime enforcement because, at present, the online bad guys know that Britain is basically undefended. You can do cybercrime here, you won’t get pursued and you won’t get arrested except perhaps if the FBI get interested if you defraud Americans.

Chris - So America are much more hot on this than we are?

Ross - America’s much better at cybercrime enforcement than anywhere else. In fact, the American government spends as much on cybercrime enforcement as the next dozen governments put together.

Chris - Given the rate of growth of these sorts of technologies and the interconnectedness of the world we’ve got. The Internet of Things, we’ve got people buying mass produced gadgets from China for example, many of them with very poor security and admin passwords you can’t change, and the admin password is “admin,” for example. What does the government need to do urgently so we’re not continuing to sleepwalk into this nightmare?

Ross - The security problems of the Internet of Things will eventually, I believe, be fixed by players such as the European Union. Europe is already the world’s regulator for privacy, because Washington doesn’t care and nobody else is big enough to matter. I hope that it will become the world’s regulator for safety as well. So when you end up buying things like air conditioners from China or Korea, these will end up having to carry on them a CE mark which means that they comply with all applicable standards. We know have standards for vulnerability management and what that will mean is that you won’t be able to export your air conditioner to Europe unless you’ve got some way of patching vulnerabilities. Once Europe starts enforcing that standard vigorously, we should hopefully be beneficiaries of it even if we have left the EU by then.

Chris - What about transport Ross, because that’s one thing you haven’t mentioned yet? Transports massive - cars, planes and so on. What’s happening with them because they all have computer systems?

Ross - We’re beginning to see in the transport field firstly that some cars have been hacked and have even been driven off the road. What we’re also seeing is that some car makers, such as Tesla, are starting to patch their cars every month so that if vulnerabilities are found they can be fixed.

Chris - By “patch,” you mean the car has got to acquire a new piece of software code to address a problem that’s been identified?

Ross - Yes, that’s right. Your mobile phone and your laptop are typically patched every month. So a new software release come out from Microsoft, or Android, or Apple, or whoever and your laptop or your phone will install that automatically. In future, this is going to have to happen to cars too, and it also provides and opportunity for any safety flaws that arise in self-driving cars to be patched quickly and at skill without having to recall millions and millions of vehicles to the garage to have their software changed.

Chris - Well, that sounds good - what’s not to like?

Ross - The problem is when you start patching stuff every month, you need to maintain a software team which is offay with that particular product. My phone, for example, is a Google Nexus 5x which I bought last year and Google now tells me they’re going to stop security support in September next year, which I find very annoying. I don’t think it’s very good that I’ve only got two years secure life in that product.

If the same thing happens in a car that I buy in two years time, then I will be very annoyed indeed. Because if it becomes necessary to patch a car for it to remain safe, and if you’ve got a ten year old Mercedes and Mr Mercedes suddenly says sorry, it’s too expensive for us to patch cars that are more than ten years old because that would mean we’d have to keep test equipment and engineers current on dozens, and dozens, and dozens of all models, then that would mean that you car has to be taken away and scrapped. If suddenly cars are scrapped after ten years instead of twenty years, that’s going to double the CO2 emissions from the car industry and that’s surely not going to be acceptable.

Chris - What do the government need to do to address all of these very concerning points?

Ross - We did a big study last year for the European Commission because it’s not just cars; it’s medical devices; it’s electrical equipment; it’s all sorts of other things. And the European Union with 500 million people is a big enough market that if they say to Mr Ford, or Mr Samsung, or whoever sorry, unless you meet our standards your products can’t come into our market, then that actually matters. So that, I think, is the place where leverage is going to be applied and we’re going to end up having rules which will simply tell the car makers sorry, you’ve got to keep supplying security patches for 25 years on consumer protection grounds, and environmental grounds. If that’s going to be expensive, you’d better figure out how to do the engineering better, or you’d better have few models, or you’d better hire more engineers - your choice.