The concept of weaponizing new technologies is what Winn Schwartau covers in this section, focusing in particular on IPv6, voice simulation, and mobile.What we have to look at is life cycle (see right-hand image). One of the things that you get – there’s no magic here, there’s just standard life cycle curve – is the concept of “when an idea for a technology is developed.” Typically it’s done from profit-making or hopefully humanitarian aspects. And then there’s a proof of concept, and we finally end up with deployment. The issue has become, in my mind: at what point through life cycle does weaponization occur? At what point do we start looking at the hostile aspects of technology?
The argument is: “All new technologies will be weaponized.” I remember sitting with Al Gore in 1990 in Nashville, and he announced that “Oh, we now have the Information Superhighway!” And the cameras were rolling and I said: “Mr. Al, this is all really cool, with the Internet and all that. It’s going to be awesome, right? But what about…” and I laid out a few ideas on how the Internet would be weaponized. Gore leans over to somebody and says: “Who the hell is this guy? Get him out of here.” And that did actually make it on NBC, and that was kind of cool. But they were trying to only put the positive spin on stuff. Anybody here been to an Apple store and they ask how your MDM is? Seriously, Apple? This positive spin on everything is hurting us if we, as a community, have to readapt some of the thinking and look at the hostile way things are going to be occurring.IPv6 – we’re going to migrate (see right-hand image). What’s the migration number currently? Somebody gave you that number, and I don’t know, but no one is really arguing and I’ll stick with it. But was IPv6 really designed for functionality or security? It was designed largely for functionality, address space issues, and there’s an awful lot of null packets in there.
A bunch of IPv6 guys are saying: “Oh, we know how to weaponize this.” And so there is some cool stuff coming out of the weaponization of IPv6. There were some alternatives in the design of the protocol that were available at the time, using various types of defaults that could be modified later on for real application and utility. But, again, we did not think of this, because IPv6 was going to solve all of our IPv4 problems, and again, I don’t believe that for a minute.
When you’re online talking to your foreign people, is that a real woman that’s talking to you? Probably not. We’ve got all of that Siri and other droid voice stuff. Who are you talking to? Is it a computer or is it not a computer? And you’ve got an old phrase: “On the Internet you never know who is a dog,” or something like that. Now that we’re using this technology so much, how do you weaponize it? I’m not looking for answers this minute; I want your mind. You guys are the brilliant people in the community that figure this shit out before we get nailed by it.
We’re going to weaponize this stuff one way or another. I’d rather the community figured it out ahead of time, because only then can we start defending against the future instead of waiting for the bad guys to already implement it.Some other technology: how do we weaponize telephones? We’ve already done it. Back in those days, I grew up on those dial things; I got busted by the FBI for hacking three slot machines when I was 10 or 12 years old. And then we’ve got mobile. It’s a computer, and how do we treat these things? Like old Nokias. These are computers, and MDM solves all of our problems, because Apple told it so. Was security ever considered in any of these devices? Of course not, because it was only a consumer device. Consumerization is one of the worst things that’s ever happened to networks. And how many CEOs or board-level people said No to consumer devices? Any people in this room have your board level people just say No.
Weaponization of these is going to happen. It already is happening. Three billion of these sons of bitches are out there, and the bad guys are going to completely ignore it, aren’t they? They’re never going to go after casual users? If anybody’s interested, I do have some papers out called “Cyberwar 4G”, which covers an awful lot of the issues that are going on with mobile, and where we’re going to end up in the coming years.Oh, here’s the slide (see right-hand image), perfect. This gets into more and more, we’re going to get 20 billion of these things out by the end of the decade, some sort of mobile, IP-enabled stuff. Fundamental problem, really quickly: single-user, non-multitasking devices are wrong, because there’s only half a dozen, I think, 7 built-in native multitasking capabilities, and anything you need to make it multitask beyond that is called what? Jailbreaking. The numbers are already speaking for it. I remember three years ago I got one of the guys, and he made the statement that bad guys will never build malware for mobile. And my first comment, and I actually put this in the article: “Are you kidding me?”