Sunday, 25 January 2015

Thursday, 22 January 2015

CaaS - Crime As A Service

Well, the title does seem appealing but you'd be surprised to know that it does not refer to anything fictitious. With everything getting connected on the Internet and devices turning smart, there is an emerging industry that operates underground, possibly an entire layer beneath the visible Internet. And it works hard to make sure that crime could be pretty innovate in the years to come.

So what exactly is CaaS? We've already heard about Internet homicides wherein a homicide was committed post a connection or association was established through the Internet. We've got dating websites and chatrooms for all that usual stuff. But CaaS takes the enigma to an all new level of deluge and mayhem. CaaS, while still being pretty nascent and crude, has already started tossing up ways in which one person can literally eliminate another, even without both of them ever meeting in person. i.e Internet is no more just a medium to get connected. In fact Internet is about to become the very medium for the execution of the crime.

EuroPol(Europe's combined criminal intelligence agency) has already warned of a cyber murder being around the corner. While they attribute it to the emergence of the IoT(Internet of Things) and the ways in which various Internet security protocols can be breached, CaaS will transcend beyond that.

Imagine one hypothetical situation for the former case. A person who has pacemaker or some other implant replacing or assisting a vital organ or system. Or just imagine a person who is on a life support system. All this modern equipment is connected to small personal area networks so that operations of these devices could be continually monitored, For example, data could be downloaded from an implant from time to time so that smooth operation of the device could be ensured by continuous scrutiny of readings and patterns.  And all one crackhead would need to break into these low range networks, is to hang around. Say a patient is in an ICU and one crackpot just dawdles around the hospital, breaks into this supposedly secured small network of multiple devices, and then wreaks havoc by toppling a few systems, thereby exterminating this patient without even being very close. 

Now that's a pretty primeval scenario with limited threats to the general public at large. But imagine a scenario from the future when humanoids would be commonplace and appliances too would be having IP addresses of their own. You'd have everything from a refrigerator, to your home's cooling system, fire alarm activation as well as furnace; all connected to the Internet. Now, with the vulnerabilities and flanks of network connected devices, all one would need to do to set an entire home ablaze would be to break into the wifi of one such house, impinge on the PAN network of these devices and then play and toy with all the temperature settings. With appropriate insight on how an overheated microwave or furnace can set fires, one would just need to control the fire alarms to prevent them from going on and then letting the house get extirpated while no one catches as much as a whiff. Well, ladies and gentlemen, you've got your first friendly cyber arson.

Leap back from the future and look around in the present. While we are not completely dependent on technology, we're already a little too involved and engulfed in the rigmarole. Your email, your cards, and even your dating and your social life. All of that's dependent on the Internet. You have multiple devices and multiple apps and multiple networks and before you know, you're already dependent on some combination of software and hardware all the time. Once again, apply some imagination and see how a seditious person seeking vengeance can expunge your happiness. All that person needs to do is to launch offensive at multiple fronts. He can hack your accounts, swindle money off your bank deposits, post egregious and offending stuff on your social accounts, screw your prospective date by means of revelations, and even commit other online felonies while duplicating your online identity. And all you'd be left with would be empty accounts and ignominy, thereby inciting either rage or anxiety and you're once again doing things which you shouldn't be doing and all at the behest of one single person who took it upon them to ruin your life. So while this is a far fetched scenario, technology can play the key to execution even today. 

So, what is CaaS finally? It's a little too broad and vague a set of services which experts of network infiltration can provide to the party which wants the damage. They are smart enough to escape the eye of everyone from international intelligence agencies to Internet watchdogs. They are experts at stealth and move furtively and leave no trace. And worse part is that the Deep Web, where they reside, it's their dominion to quite an extent. Internet has grown big enough to condescend to any rules or doctrines. Internet is evolving and exploding and ironically, Deep Web too is growing leaps and bounds. It's pretty obvious that the physical assault and bounties would soon turn into online carnage, but it'll be interesting to see how CaaS evolves and becomes a prevalent phenomenon, unlike the dungeon service that it works as today. Welcome to the future of crime, where the act is committed online.