• United States




Cyber crime in 2025: New threats mingle with old risks

Jan 17, 20127 mins
Data and Information SecuritySecurity

As our physical and digital worlds become more networked, cyber thieves will use time-tested techniques to pull off scams

With the new year upon us, I’m pulling out my crystal ball to predict the computer security threats of tomorrow — and I don’t mean 2012. I’m looking ahead to 2022 or 2032. Over the next couple of decades, technology will surely continue to evolve, and if the past is any guide, we can expect that today’s security problems — buffer overflows, misconfigurations, poor authentication implementations, and data malformation — won’t much change; they’ll just move to the latest gadgets.

Think, first, about how much our lives have changed in the past couple of decades. My kids wouldn’t understand how tough it was to choose between a 10MB and a 24MB hard drive when all I really needed were two floppy drives to get the computer up and running. They’d say, “What’s a megabyte?” Or for that matter, “What’s a floppy drive?”

[ Learn why Roger A. Grimes deemed 2011 as the year of the cyber criminal. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]

Try to remember what life was like pre-iPod, pre-iPad, or before you could rent thousands of movies directly to your TV. Could you have imagined that you’d carry around a thousand of your favorite albums (and movies and podcasts) on a device not much larger than a postage stamp? That’s the trouble with predicting a decade or two out: It’s bound to be less exciting in some ways than you had imagined — we still lack inexpensive flying cars or jet packs — yet exceed your expectations in ways you couldn’t predict.

Technology of tomorrow I’m fairly confident of what to expect in the next decade. User profiles will roam everywhere. All applications will be “Webized.” Computers will be wearable. Everything will be networked and trackable. Human-enabled UIs will be ubiquitous. Next-gen search will be built into everything.

I don’t have to be a superintelligent soothsayer because lots of fantastically bright people already figured this stuff out two decades ago. The exploration and patents have been long in process. It’s all about the right vendor introducing the right product at the right time — it’s not like the iPod was the first portable digital media player.

For starters, most observers already understand that everything that isn’t “Webized” today will become “Webized.” If you’re working on an app that doesn’t encode directly to HTML or XML, it won’t be around a decade from now.

Everything and everyone will be networked and tracked using IPv6 (or later), and we’ll beg for it. There are clear advantages: A parent, for example, would know instantly that Johnny’s getting off the bus in front of the house, and he has an elevated temp. Also, we’d know if we needed more eggs for Sunday morning’s breakfast. Those pluses will override most people’s fears of privacy invasion. I anticipate, in fact, that most people won’t even understand the term “privacy invasion.”

Within the next 20 years, the days of seeing one desktop on your work PC and one on your home PC will have ended. Rather, your desktop and profile will follow you from machine to machine. Both desktops will blend and always appear when the computer’s “eye” recognizes you. Sign in at an airport kiosk and your desktop profile is there. Look at your mobile device and you’ll find the same profile — but fit to a smaller form factor. You won’t have to save anything because everything you do is saved. Make a mistake and you’ll be able to undo the problem, going as far back as you need.

One guaranteed innovation is next-generation Internet search. In the near future, everything you see or hear (digitally at first, then beyond) will be augmented by a built-in search experience, through which you’ll be able to call up more information or even make an immediate purchase. During your favorite sitcom, you may see an oversized coffee cup you want. With a touch, you’ll be able to purchase the item. Watching an NBA game on television, you’ll be able to select your favorite player to view his stats, buy his jersey, or get tickets to his next game. A bit further down the road, you may see the perfect bike go by. You’ll be able to immediately get information about the bike and learn where you can buy it at the lowest price.

The days of seeing something interesting and having to go back to your computer to manually search for information will seem passé. Our grandkids will laugh to hear that we had to conjure up the best search terms and hope for relevant results. Do you have a Victrola and a fireside chat to go with that?

Cyber threats of tomorrow This highly connected, uber-augmented world will bring a host of different security threats — though they won’t be far too different from the threats we see today.

A positive note: In a couple of decades, we’ll surely have Internet trust under control. The Internet simply can’t continue growing without better security prevailing. I’m convinced the future Internet will be more like the peaceful, quaint world of Mayberry than the chaotic, post-apocalyptic dystopia of “Mad Max.”

The bad guys will be attacking protocols instead applications. A Web 10.0 world will have many operating systems and platforms. Attacking a single app won’t get you much — but since every app will share the same protocols, that’s where they money resides. Think XML worms, OpenAuth attacks, and more.

Forget cyber crimes where large sums of money are swiped all at once. Within the next couple of decades, big money holders will have figured out how to catch the overly brazen thieves. More likely, malicious hackers will pull off crimes such as modifying micropayments across a million customers, raking in a sizable haul one half-cent at a time.

Adware scams will become augmented-reality interceptions. When you try to learn about a subject or make a purchase online (such as the oversized mug you saw on TV), a form of malware will, unbeknownst to you, reroute you to another provider. You won’t get the best price after all.

Our wearable computers will readily transmit transaction information through our bodies and our clothes. Will that enable robbers to steal from you by simply brushing against you? Bluetooth interception will probably seem quaint compared to what future cyber thieves will dream up.

Will attackers be able to overpower law enforcement’s ability to stop cars dead in their tracks to begin heists? Will those same attackers be able to disable all the law enforcement cars coming to your aid?

Will cyber detectives spend time tracking down attackers that initiated murder remotely, like manipulating a pacemaker or causing the autosteering function in someone’s car to prematurely disengage?

Will cyber viruses cause real illness? It’s not as far-fetched as you might think. As we continue to blur the line between humans and computers with the ultimate human interfaces, what’s to stop cyber organisms from crossing the blood-membrane barrier?

One thing I know is that cyber crime will not be zero, not as long as there is some semblance of freedom in the world.

The big question: Will we remember these days fondly because things will be so much worse? Or, as I hope, will we reach an era of greater security and view this age as a romanticized time, equivalent to days of the Wild West?

This story, “Cyber crime in 2025: New threats mingle with old risks,” was originally published at Keep up on the latest developments in network security and read more of Roger Grimes’s Security Adviser blog at For the latest business technology news, follow on Twitter.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author