The attack began shortly after 9 in the evening. Two men emerged from a corridor in Chhatrapati Shivaji Terminus, Mumbai’s grand, cathedral-like railway station. They wore black T-shirts and beige cargo pants. Backpacks loaded with a few hundred rounds of ammunition, grenades, fake IDs, Indian and American currency, and dried fruit were slung over their shoulders. Clasping Russian-made AK-47s, they opened fire into the balmy November night.
Within minutes, a wave of coordinated explosions and shootings began tearing through a neighboring cafe, school, hospital, synagogue, and two hotels. Over the next two days, fire and chaos spread down the island city’s southern peninsula as one of the world’s busiest financial centers spiraled into a maelstrom.
The grisly November 26, 2008, Mumbai attacks killed more than 160 people and wounded some 300 others. Sometimes called the 26/11 attacks to evoke the tragedy of 9/11, the episode sent global communities reeling. Skittish world leaders simultaneously grieved for India and trembled at the thought of the political consequences, as the killings had been planned in Pakistan. Less than a decade after the World Trade Center disaster, the attacks served as a stark reminder of how quickly criminals and terrorists could transform a peaceful, democratic metropolis into a den of mayhem.
To Marc Goodman, a global security advisor and researcher, the attacks were something worse. As details of the attackers’ plans materialized, Goodman saw glimmers into the future of criminality. In the Mumbai attacks, one of the most technologically savvy ever, he read a kind of felonious prehistory. He saw indications of how technology is transforming crime, including easy access to global information networks, mobile communications, and biological enhancement to wreak sustained havoc.
The Mumbai attacks had been planned using Google Earth’s three-dimensional models, enabling the 10 gunmen to choose optimal routes and defensive positions. In mid-melee, the attackers used phones equipped with swappable SIM cards to coordinate with a Pakistan-based nerve center, a sinister version of the White House’s situation room. This command post monitored news of the attacks and provided tactical direction to the assailants. When an onlooker tweeted a photo of commandos rappelling from a helicopter onto a nearby roof, the center alerted the attackers. They then ambushed the law enforcers in a stairwell.
The Threat of Unintended Consequences
Goodman doesn’t look like a cop. With his thin, rimless glasses; Pete Campbell (from Mad Men) haircut; and friendly, V-shaped smile, he looks more like a hip high school science teacher. But once Goodman starts talking about global crime, it’s easy to believe he spent years training Interpol forces and working with the United Nations on cyber warfare. His work chronicles sprawling underworlds ranging from Russian gangsters’ use of secret chat rooms to customizable biological weapons. “We’re at the very early stages,” Goodman said on the phone. “What’s coming next will make today’s crime look like kids’ stuff.”
The chairman for policy and law at Silicon Valley’s Singularity University, Goodman is a jovial master of nightmare scenarios. In his TEDGlobal talk, Goodman traced the arc of the last 100 years. While a gang of outlaws could once rob a train of 200 people, in last year’s Sony PlayStation hack, 100 million people were simultaneously affected. “When in history,” Goodman asked his audience, “was it ever possible for one person to rob 100 million?”
Goodman argues that, until now, cyber crime has been largely invisible. “It’s been mostly two-dimensional, hidden behind the screen, people moving around 1s and 0s,” he said in an interview. “What’s coming next is three-dimensional crime.” By that, Goodman means that as more and more objects—cars, home appliances, elevators, street lights, even pacemakers and insulin pumps—become connected, the threat of hacking is moving beyond computer systems and into the real world. “Almost nothing will be offline in the future,” he explained. “The so-called Internet of Things will become the Internet of Things to be hacked.”
Underlying almost all of Goodman’s scenarios is one concept: unintended consequences. Goodman is not a technophobe; he says the positive aspects of the Web are manifest and has a penchant for excitedly calling new technologies “awesome.” But he is apprehensive about the headlong drive toward connecting everything without much regard for the risks or vulnerabilities in such a world. “The question is,” he put it on the phone, “should we really be marching blindly forward without serious consideration of the implications?”
Challenging how technology is used (and abused)
So far, governments appear to be placing hope in technology as a force of crime prevention. Palantir Technologies, one of the most subtle success stories in Silicon Valley, has built a roster of customers that includes the U.S. Army, Air Force, CIA, Department of Defense, FBI, and the Marines, as well as the police departments of New York and Los Angeles. Founded in 2004, the California-based company provides a tool that allows security agencies to interpret reams of data created by digital surveillance. Its software essentially connects the dots, disparate pieces of information that, if arranged correctly, can tell the story of impending crimes.
But according to Shyam Sankar, a data intelligence agent working at Palantir, making sense of the vast amounts of data requires finding ways to improve the often fraught human-computer relationship. “Instead of thinking how the computer can solve the problem, design the process around what the human can do with it,” he said at TEDGlobal. “When you do this, you’ll find you spend most of your time on the interface.” In other words, how technology is used is as important as any given hardware or software’s inherent capabilities.
This kind of contextual design and use of technology is not the norm, however. Major cities such as London have responded in the wake of the terrorist attacks like those in Mumbai by increasing the number of security cameras and other sensors in public areas. The problem, according to Heather Brooke, an author and freedom of information activist, is that much like connected devices, connected security services are vulnerable to attack. “Governments think technology can do the heavy lifting,” she said in an interview, “but just having collected all this data means it can be hacked.”
Brooke, who led a five-year campaign to disclose the expenses of British members of Parliament, leading to massive reforms, has become a champion to information freedom fighters. Her articles and books have shined a harsh spotlight on the rights of citizens in a world where governments are fighting increasingly technological crime with…more technology.
“Technology is always changing, and security services always have giant lobbying groups,” she said. “But the public doesn’t always have that legislative influence [to protect itself].” What’s more, there are real concerns about living in a society where everyone assumes he or she is almost always being watched.
Brooke prescribes a blend of skepticism and humility to balance these concerns. “We must always be challenging,” she told the audience at TEDGlobal. Meanwhile, the human penchant for making mistakes must be recognized. “If you don’t, it’s a short journey from reformer to autocrat. Read Animal Farm to get the message about how power corrupts people.”
The never-ending development of technology certainly offers all of us unprecedented personal power. The lessons of the Mumbai attacks and their aftermath illustrate that crime fighters and potential victims, and not just criminals, must always carefully consider the darkest possible outcomes of how we collect and share information. We can try our best to predict a future in which both crime and crime fighting are permanently reordered by rapidly evolving technologies, but as Mumbai showed us, it’s a future that’s already here.