Q&A 'Future Crimes' author Marc Goodman

Where we're wired, we're vulnerable; watch out for 'car hacking'


If you don't get a shiver from the title of the unsettling new book by street detective-turned-cybersecurity expert Marc Goodman, you might want to check your pulse.

"Future Crimes: Everything Is Connected, Everyone Is Vulnerable, and What We Can Do About It" isn't so much a wake-up call as a Syfy miniseries devoted to the Internet of things, in which everything from your refrigerator to the family dog to the philodendron on the lanai will have an IP address to hack.

That world is about to explode, its plus-minus potential is vast, and it's going to become increasingly difficult to tell the good guys from the bad. As Goodman puts it, "We've wired the world, but failed to secure it."

A street-wise cybersecurity adviser to Interpol, Goodman has trained police forces in Asia, Africa, Europe, Latin America and the Middle East. He holds masters degrees from Harvard and the London School of Economics.

Worried about the security of your plastic? Rest easy; card forms will soon go the way of the VCR.

Here's what will replace them.



Technology is rapidly evolving and so is cybercrime. talks with Marc Goodman, author of "Future Crimes: Everything Is Connected, Everyone Is Vulnerable, and What We Can Do About It."

Q: Despite considerable dark content in "Future Crimes," you're far from a technology hater who advocates cutting up our credit cards and reverting to cash.  

A: That's what I tried to get across in the passage where I talk about fire being the very first technology. You could use it to keep warm at night in your cave, to cook your meal, or you could use it to burn down the village next door. It's all in how we use it.

This technology is awesome. We're going to use technology to bring 2 billion people out of poverty in the next few years, to radically extend life, to vastly reduce infant mortality and drive education in the developing world to where people can gain access to a Harvard or MIT education.

There's a ton of great stuff that comes from tech, so I'm very much a technophile. But there is this really dark downside that people are not protecting against that I want folks to be aware of.

Q: This fall will mark the long-awaited arrival of chip cards on these shores as fraud liability shifts from card issuers to merchants. Will chip cards be a notable security improvement over magnetic stripe (or "mag stripe") credit and debit cards?

A: I think chip-and-PIN will be a fine interim step. But beyond that, you are surely going to see little physical pieces of plastic go away, and you'll see those payment options embedded into other devices, most likely smartphones. So things like Apple Pay and Google Wallet will take off.

Q: Payment apps are more secure than plastic?

A: It's actually a safer transaction with apps like Apple Pay, because at no point do they provide your credit card details to a vendor. So when you go in and use Apple Pay at Whole Foods, they never see your credit card. All they get is a token from Apple that says, "Yes, you can authorize this transaction for the next 10 minutes or so," and then it goes away. So if Whole Foods gets hacked, you don't have to worry about it, because whatever the hacker would get of your transaction would be unusable to them.

Q: Has zero liability for cardholders been a blessing or curse from a security perspective?

A: I challenge the whole concept that the industry "covers" the consumer's loss. They "cover" it by charging you 27 percent interest instead of 18 percent interest! They just take those costs, tie it up in a package, put a pretty bow on it and give it right back to you. So you're paying for it, one way or the other. It's not that they're being magnanimous in taking these costs on; they just charge higher fees and rates and late payment penalties to their customers, you and me.

Q: You write that our physical world is being transformed into an Internet of things, in which every object in our lives will be online and talking to one another. Quoting here, "If today's Internet is the size of a golf ball, tomorrow's will be the size of the sun." How does this work, and how is it likely to affect how we pay for things?

A: In terms of payment, you'll be able to pay without the plastic because that payment option will be embedded directly into your mobile phone. But you may also have that payment option in your refrigerator, or your car. We already see that a little bit with EasyPass toll roads, where you don't need your credit card anymore; you just use EasyPass. So your car has become a form of payment. Beyond that, perhaps your own biometrics will be a form of payment, where you just put your fingerprint on something and pay.

Q: In fact, you mention that the next great frontier for hackers is DNA.

[Y]ou'll be able to pay without the plastic because that payment option will be embedded directly into your mobile phone. But you may also have that payment option in your refrigerator, or your car.

A: For sure. The thing about that is, you can change your credit card number, you can even change your Social Security number, but you can't change your fingerprints and you can't change your DNA. So when those get hacked, what's the backup plan?

 Q: Have you discovered one?

A: Don't have DNA (laughs).

Q: Given the landscape of the Internet of things you describe, financial hacking may be the least of our future worries. Case in point: car hacking.

A: Right. I've been talking about this for years, but there was finally a segment on "60 Minutes" where Leslie Stahl was driving a car and remotely the car is hacked; somebody else is slamming on the brakes, pushing on the accelerator, deploying the air bags. All of this stuff becomes possible.

People think cars are mechanical devices, but any modern Ford today is not the '55 Chevy or the '65 Camaro of yesteryear. These cars are nothing more than computers on wheels. The modern automobile has more than 200 chips in it, and those chips control everything from the windshield wipers to cruise control. A car is just a computer you ride in, and it's hackable, just like all other computers.

Q: In light of what's ahead, could offline communications become the only truly secure communications?

A: There are times when you definitely want to do that. When I talk to business audiences, I say, if you want to keep something secret, then it doesn't go in an electronic system. The Coca-Cola Company and KFC do not keep their secret recipes for Coke or Kentucky fried chicken in a computer system anywhere; they're written down on a piece of paper, locked away in a guarded vault in their company headquarters. So if there's something you want to keep secret, don't put it in an information system.

[I]f there's something you want to keep secret, don't put it in an information system.

Q: You also dare to say that Facebook is not our friend. Why not?

A: Because you are Facebook's product, right? You're working for Facebook for free. You're the thing that Facebook sells to other people. You are their product. You are their inventory.

Facebook is hacked 600,000 times a day, according to Facebook's own chief security officer. So even if you put something on there and use all the right types of privacy settings, the data is still leaking.

Q: What does the use of social media by terrorist organizations portend about the future of online sharing?

A: I get asked that question quite a bit. If you go back to the murder of Wall Street Journal reporter Daniel Pearl in 2002, that was put online on YouTube very purposefully for the purposes of propaganda, recruitment and to create terror. So bad guys have been doing this for some time. If you look at the Westgate Mall attack in Nairobi, Kenya, they were live-tweeting the attack over Twitter as they were shooting and killing people. They've been using this for a long time.

Q: How do you counter it?

A: There are two ways. The first is not to watch it. The other one is, make sure that people don't see it. YouTube should be able to take that content down very, very quickly to make sure that folks never get a chance to see it. As for those who like to spread this on social media, I think they're contributing to the problem.

Q: As you put it, "We've wired the world, but failed to secure it." What's holding us back?

A: Well, it's not so clear that our government is always on our side, or that the companies we deal with are always on our side. I wrote this book as a means to highlight what the criminals and terrorists were doing, but as I got more and more into it, I saw that the criminals and terrorists are just two of the groups that we need to be concerned about. There are other groups out there that are doing funky things with our technology that we need to be aware of.

Q: You propose that society at large use crowd sourcing as a means to drive out those who would misuse technology for their own purposes.

A: Exactly: I think there is every reason why we could do that. (Facebook co-founder) Mark Zuckerberg created a community of 1.3 billion people. That was not something that the government did, and it's the largest community of folks ever assembled in the history of humanity. If we can do that, we can use these same tools to protect ourselves and promote righteous good. We can make it better.

Q: How do we get that party started?

A: The challenge is, most folks aren't well-informed about this. The trick is, how do we teach people?

We know what safety looks like in physical space; you don't park your car and leave the keys in it and the ignition running when you go to Costco, or go to work in the morning and leave your front door wide open as an invitation to burglars. But folks don't know what that looks like in cyberspace. That's what we need to teach people.

Education needs to be better designed around these technologies. We're going to have to be much more intentional about it.

See related: 'Spam Nation' author Brian Krebs sheds light on card data black market, Don't be fooled by these 6 data breach myths, 4 ways to evaluate mobile shopping app privacy, security

Published: March 24, 2015

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Follow Us

Updated: 10-26-2016

Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.