Marc Goodman here with us.

Marc Goodman has spent a career in law enforcement

and technology.

He has served as a street police officer, senior advisor

to Interpol, and futurist in residence at the FBI.

As the founder of the Future Crimes Institute

and the chair for policy, law and ethics

at Silicon Valley's Singularity University,

he continues to investigate the intriguing and often

terrifying intersection of science and security,

uncovering nascent threats and combating

the darker sides of technology.

Let's give a warm welcome to Marc Goodman.

MARC GOODMAN: Thanks [INAUDIBLE].

Thank you very much.

Hi Google.

AUDIENCE: Hi.

MARC GOODMAN: Hey, how you guys doing?

Thanks so much for coming, I really appreciate it.

We need to also be thinking about the internet of things,

right, because we're going to be attaching a lot more things

to the internet.

So it's not just the internet of things,

it's just more crap to be hacked.

We're switching from IPv4 to IPv6,

that will mean that our network will grow from about 4

and a half billion simultaneous connections to 78 octillion,

or 78 billion billion billion.

To put it in perspective, today's internet

is the size of a golf ball, tomorrow's will

be the size of the sun.

That means every pet, plate, prisoner, knife, fork, chair,

every device will be going online with RFID and near field

communication, because they'll basically be free.

Our threat surface area is going to expand tremendously.

And guess who's excited about this?

General Petraeus of the CIA.

Right, we will spy on you through your dishwasher.

And you guys heard about this Samsung brouhaha?

Where Samsung-- who hasn't heard of this?

So right now, I have a smart television at home.

But in order to change the channel,

I have to push a button while I sit

my fat ass in a Barcalounger and might

burn a billionth of a calorie.

So Samsung has solved this problem

by allowing for voice interactive TVs.

But in order to do that, they had

to update their terms of service and say,

everything you say to your television

we're sending out to third parties.

We're processing it, we keep it, and the like.

It's in part of their terms of service.

And then they said, Samsung did, by the way,

if there's something sensitive you

want to discuss in your own home,

don't say it in front of the television

because we're listening.

Which didn't make people very happy,

so there's a big brouhaha about this.

"New York Times" talked about hacking everything

from vents to soda machines.

And do you guys remember that Target hack?

You remember how they got in?

Through the air conditioning.

Yeah, the HVAC system.

The HVAC was connected to the general network which

was connected to financial management which was connected

to the cash register which was connected

to the point of sale terminals.

When you have 78 octillion connections,

the system complexities are so great.

You have no idea what's connected to what.

And bad guys are good at finding this out.

Of course, refrigerators will be sending spam.

This has already happened.

This is already happening, right?

Oh, and by the way, this has happened too, I'm sorry to say.

So a lot of apps now have bitcoin mining malware in them.

This is from the Department of Things

Not to Connect to the Internet.

In Florida, they thought they'd save money

by connecting their prisons throughout the state online.

It turns out, somebody hacked them and they unlocked

all the doors at a maximum security prison in Miami,

leading to a riot.

Of course, cars are nothing more than computers on wheels,

right?

200 chips.

And people have hacked those, there

was a guy in Austin, Texas that remotely disabled 100 cars.

Everything from the air bag to the brakes to the steering

can be hacked.

And of course, we're putting computers,

we're not just writing computers,

but we're computers inside ourselves.

There are 60,000 pacemakers in the United States

and have an IP address and connect to the network.

300,000 implantable medical devices a year.

At hacker conferences like Black Hat and DEFCON

they're talking about how to hack them.

Diabetic pumps.

This is something called the Bluetooth Cannon.

From a distance of 300 feet, it can

find people that have got diabetic pumps

and take 45 days worth of insulin

and release it in five minutes.

Resulting in a condition known as--

AUDIENCE: Death.

MARC GOODMAN: That's very good.

Mostly irreversible, very hard to change.

This is my friend Bertolt Meyer.

He was born without a left hand.

He has one of the most advanced bionic arms and hands

in the world.

I said, Bertolt tell me how do you control

your arm if you need to fix it.

He was like, oh, I have an app on my iPhone

that controls my hand.

I said cool, can I see your phone?

He hands me his phone, I start pushing buttons,

his hand starts doing this.

His body is online.

By the way, I didn't need to have the phone

because it's Bluetooth.

I could have just used Blue Snarf or anything else

to hack it.

So again, our threat surface area is expanding.

And it's not just today's technologies

with ones and zeros, but there are other technologies.

All the stuff we've been talking today,

they've been hacking silicon.

But there was another operating system, the original operating

system, DNA.

We only coded in ones and zeroes because we

didn't understand DNA.

Now we do.

We can write software code in DNA.

There are bio hackers.

And you can take somebody else's DNA

that you recover from a left tissue or a comb or a drinking

glass and replicate it.

And you can take that DNA and leave it at a crime scene.

And according to a study, the cops can't tell the difference.

So if you really really hate the guy in the cubicle next to you,

this is a fun trick to play on them.

Plant their DNA at the scene of a crime.

And of course we will have new bio weapons

that will be permitted through synthetic biology.

Aum Shinrikyo, you guys remember them, subway attack in Tokyo?

These guys had a bio program.

They had $10 million that they spent from '85 to '95

trying to launch a bio attack.

The biology wasn't there, so they

went with a chemical attack.

Today it is.

And so we're going to have all of these new issues

to deal with, ranging from cloning to discrimination

to new forms of identity theft.

If you find any this bio hacking stuff interesting,

I did an article for "Wired" magazine.

That's my ugly mug on the / so every crime

that we have today with silicon ones and zeroes,

we will have in the future with bio.

What's the bottom line?

With all of this computing, going golf ball to sun,

we're increasingly connected.

We're dependent upon these systems, and we're vulnerable.

Computers run all our critical infrastructures,

from electricity to health care to 911 system.

And they're all hackable.

There's never been built a computer

system that couldn't be hacked.

And we keep rushing, connecting more and more stuff to the net,

but more connections equals more vulnerability.

So what do we do?

I'm not saying technology is bad, right?

I'm in Silicon Valley.

I love tech.

Tech is awesome.

Fire was the first technology.

It could keep you warm at night.

It could cook food in your cave, or you

could use it to burn down the village next to yours.

It's just how we're using it.

But make no mistake, there is a war afoot

between people that want to use tech for good

and people that want to use tech for evil.

And in exponential times, the ability of one person

to reach out to 100 million or a billion people

is a growing problem that we haven't

solved how to handle yet.

When the entire world is becoming a computer,

Marc Andreessen famously said software is eating the world.

When maps become GPS devices, when music becomes

Spotify and Netflix is movies.

Every physical object is becoming a computer.

And all computers are run by code.

So if you can control the code, in a world where

computers run the world, then you can control the world.

And the biggest problem is, unlike other times,

most people have no idea that they're a victim.

If you go out your garage in the morning and look for your car

and it's missing, you're like, holy cow, my car was stolen.

But when bad guys break into your computer, you don't know.

According to a study by the US Secret Service and Verizon,

only 6% of hacks of data breaches

are picked up by the system administrator.

94% of the time, it's because customers complain,

the FBI comes knocking at their door,

or a competitor was also hacked.

And this is a really scary statistic.

This is the time to discovery.

On average, it takes an American Fortune 500 company 211 days

to know that they're penetrated.

Which means that the bad guys are

living in your system for nearly seven months,

roaming around, putting in back doors,

leaving malware, watching and studying

everything that you're doing.

And in the same study, they said that 75%

of American corporations networks

could be penetrated in just 15 minutes.

So breaking into the information technologies of today

is a lot like a hot knife going through butter.

It's super easy.

And yet all of these computers are the foundations

of our modern world.

So when they fail, when they're hacked,

when that cyber crisis occurs, what is our backup plan?

We don't have one.

In effect, our modern society's is kind of

built on a digital house of cards

that can come falling down unless we start to care for.

This is how we handle cyber threats today.

We arrest people.

The problem is that NYPD officer cannot make an address right,

in Moscow, or in Canada.

Internet broke policing.

Policing only works city to city, country to country.

International law is horrible for these types

of investigations, and therefore we

will never investigate or arrest our way out of the cyber threat

problem.

The two systems are completely mismatched,

and yet this is the primary tool we use today.

Right, the cops, we're in charge.

We're going to handle this.

We need to break that paradigm of policing.

We need to get the public involved.

The bad guys have been really good at crowd sourcing offense.