Everybody has heard of business owners forced to pay "rent" to mobsters to ensure that their building doesn't "accidentally" burn to the ground or suffer some other deliberate misfortune.
But it could soon be average consumers who have to shell out $20 or more in Bitcoin every month to various digital "mobsters", just to make sure their car will start in the morning or the brakes won't fail on the highway, or so their home will stay locked during the day when they're at work.
That was the dystopian future envisioned by a group of experts earlier last month at a panel discussion titled, "High Tech Crimes of Tomorrow" — part of a Georgetown Law School conference titled, "Cybercrime 2020: The Future of Online Crime and Investigations."
They have seen the future of consumer cybercrime, and its name is "ransomware."
Not that ransomware is new — it exists now, but mainly at the enterprise or government level. "We've already seen it in network storage devices," said panelist Dino Dai Zovi, hacker-in-residence at New York University's Polytechnic School of Engineering.
In those cases, hackers generally break into a system, encrypt the data and then demand a ransom in exchange for the key to unlock the data.
Robert Shaker, senior manager, incident response at Symantec (not on the panel), agreed that this is a big problem at the enterprise level. "I can't tell you how many customers have called with this problem," he said. "It's rampant."
But now it is expected to trickle down to the consumer level, where Dai Zovi predicted that the payment demand would be small — more of a nuisance than a crippling financial hit — but offer enormous potential profit for criminals, given that billions more smart devices are connecting to the Internet every year.
There are several reasons for the predicted shift in crime tactics, panelists said. First, the U.S. is finally moving toward making its credit card system more secure, with so-called EMV or "Chip-and-PIN" technology. That will make credit card fraud more difficult.
Consumer ransomware is, "a business model that's going to scale, especially as we get control over more traditional cybercrime business models," Dai Zovi said. "They're (cyber criminals) basically entrepreneurs, and they're going to shift when a new market gives them better returns than an existing market, or their existing market goes away."
Another reason is that, as has been clear for some time, just because a device is "smart," does not mean it is secure. And embedded devices in the Internet of Things (IoT) are notoriously insecure.
Another panelist, Rick Howard, CSO of Palo Alto Networks, observed that even companies like Microsoft, which are good at security, have trouble with their software. "Car manufacturers have no idea how to do this," he said.
Sign up for CIO Asia eNewsletters.