The internet of things (IoT) world that is starting to take shape globally carries considerable promise—digitally linked appliances, from thermostats to home security devices to refrigerators will make lives easier. But, as a recent article in The Economist points out, IoT, among others, could also be a chink in the armour of our digital lives. As the spread of the internet grows on the back of innovation and cheap data-services and devices, users become sitting ducks—their webcams, home routers, tablets, etc, are transformed into weapons to “take down the internet”, to borrow a phrase from Bruce Schneier, a cyber-security expert cited in the Economist article. The article, in the backdrop of the October 21 DDoS (distributed denial of service) attack on Dyn, a key internet address firm, explains how software like Mirai are being used by cyber-criminals to destabilise the internet for huge pay-offs. Hacking into weakly-protected webcams, routers, etc, digital-saboteurs overwhelm servers with a flood of requests from these slave devices. DDoS attacks are getting more complex and targeted—Schneier likens this to looking for “the exact point of failure”. According to the latest report on DDoS trends from Verisign, the registrar for many popular top-level internet domains like .com and .net, in Q2 2016, there was a 214% increase in average peak attack size and 64% of the attacks used multiple attack-types, requiring that much more time and effort to respond to and neutralise.
Bloomberg columnist Noah Smith flags the same concern, of the increasing virtuosity of cyber-crime, with the example of ransomware—malicious software hiding in e-mails, links or files that seize the contents of the hard-drives. An unsuspecting user has to pay a ransom to free her content—Smith says it could cost users some $1 billion this year. What’s worse, this could get increasingly difficult to fight as cyber-criminals make greater use of artificial intelligence. The New York Times brings this out with a hypothetical scenario, one where a user gets a call from a software programme that has learnt, with voice recognition software becoming mainstream, to mimic a relative’s voice and is asking for crucial financial or personal data. When machines outsmart humans, the only defence would be better machines—and this would mean ceding digital space currently occupied by humans to intelligent programmes. That would also mean reliance on conventional cyber-security may no longer be sufficient. Devices and programmes already in the market would need to be “retrofitted” with more dynamic security systems. That, at least in the medium-run, would mean greater costs. But, by far, the most significant downside, as Smith points out, is the loss of the incredible consumer surplus from the internet and digital services being as cheap as they are now. Many services, from social media usage to online transactions, which have so far been free, won’t remain so. Consequently, the value derived from the large spread of consumers that cheap data and services sustain is what is really at stake.
