Authors: Mary Aiken
The Cyber Effect (36 page)
James has been a tireless campaigner on the subject of healthcare for nearly fifteen years. His latest book,
The Truth About Big Medicine
, discusses the flaws of the American healthcare industry, reveals unsafe medical practices, proposes ways to correct injustices, and includes discussions of imaging, medical devices, pharmaceuticals, hospital procedures, and medical negligence.
While these dangers inherent in the American healthcare system may
be responsible for a rise in the iatrogenic death rate, I would argue that another sort of effect may have intervened. The 1999 figure reflects a time prior to the prevalence of Internet medical search, and the escalation reported in 2013 more closely reflects the times we are living in now,
when as many as 60 percent of Americans search for health informationâ35 percent of those search for diagnostic information, and just over half proceed to make an appointment to see a physician. It cannot be coincidental. This may be a pipeline: Online health-related search leads to escalation in anxiety, which leads to unnecessary medical visits and unnecessary medical procedures, which in turn leads to an increase in iatrogenic deaths.
A new study conducted by patient-safety researchers at Johns Hopkins University School of Medicine and published in May 2016 reemphasizes the seriousness of this issue. The findings show that medical errors in hospitals and other health-care facilities are “incredibly common and may now be the third-leading cause of death in the United Statesâclaiming 251,000 lives every year, more than respiratory disease, accidents, stroke and Alzheimer's.”
If I take a few steps back, what I'm observing is a deadly cocktail: increased media coverage of health and medical stories that drives anxiety, TV commercials pushing pharmaceuticals that target health uncertainty, more medical testing to protect doctors from medical malpractice lawsuits, and then you can add in the cyber effect, online search.
This is something Yahoo, Bing, and Google surely know about and have been grappling with for some time. Just a few years ago, when you did a search and used a medical or physiological term, a disclaimer popped up, saying that this was “not a diagnosis.” This box disappeared, and then returned in the form of a probability statement. More recently, search sites have experimented with connecting medical searchers with actual doctors. I would like to think this is a positive step, in terms of an informed approach, and not just another way to monetize the miseries of the worried well.
While we can't know with certainty how many lives could have been spared over the past ten to fifteen years, we should ask this question: What would it take to create safer and more intelligent search protocols
for medical queries? What would it take to rethink media coverage and TV commercials so they didn't fuel health anxiety? And what about reforming medical malpractice protocols to discourage unnecessary testing?
The Internet offers so many advantages, yet with the emergence of cyberchondria and other technology-facilitated problems appearing on the horizon, we have to hope there's a way for medical ethics to be translated online.
The Google motto “Don't be evil” reminds me of a line often attributed to the Hippocratic oath,
primum non nocere
. This moral code for physicians translates as “
First, do no harm.” It is something advertisers, media, online search engines, health websites, and the legal community may want to embrace.
Imagination is a beautiful thing, but it can be fierce and unruly. We would be smart to be respectful of its power. The fearmongering and hysteria over the Ebola virus in 2014 is proof of how health anxiety, and health scares, can cause more problems than the illness itself. In a terrible cyber twist, the scammers who sent out fake emails from the World Health Organization, using subject lines like “Ebola Survival Guide” and “Ebola Outbreak Now WORSE Than We're Being Told,” managed to dupe thousands into surrendering control of their computers. Of course technology can have positive effects on healthcare and disease outbreaks. Recently, rival researchers studying the mosquito-borne Zika virus found a way to collaborate via Twitter.
Knowing everything about your body, your medical health, and the drugs you are taking is now de rigueur. But there's a lot of evidence to support my view that you can know too much.
This finds agreement in Japan, where a doctor will rarely, if ever, tell patients that they have cancer. And under no circumstances are they told their condition is hopeless. It is commonly believed that patients who are told they are terminal tend to die sooner than those who aren't.
But in the West, instead of less information, we have more and still moreânow made possible by search technologies. It wouldn't surprise
me if there was a cultural change of heart about this eventually. In recent years I've heard stories from women with breast cancer and other serious diagnoses who decided not to share this information with friends and extended family, lest their own young children find out and go online to search outcomes. Even if there is no transparency about how medical-search algorithms work, we know where it leads. The young and the vulnerable, now exposed to a range of morbid and serious content that they cannot process or understand, are the ones we need to protect most.
Here's my own motto:
caveat inquisitor
.
“Let the searcher beware.”
What Lies Beneath: The Deep Web
P
irates and buccaneers have been romantic fixtures in children's literature and Hollywood movies over the past century. They are often depicted as courageous figuresâswashbuckling thieves who roam the high seas with expert skill, defying governmental authority and living by their own “code of honor.” In the language of storytelling, this code signals a sense of morality and makes the pirates human and almost admirableâthe bad-but-good guys we can love.
Formal or informal codes of conduct actually exist for all groups, whether they are a family of primates or an underworld gang. Rules make everything work better. That's why it's called “organized” crime.
Most of us do not commit felonies in real life, or want to, but it can be fun to imagine living the lawless life of a pirate, navigating uncharted tropical waters and meting out our own brand of high-seas justice in the clash of a sword fight. Lawlessness mimics freedom, and the vicarious experience of watching it in a movie can be exhilarating. The golden age of piracy (about 1680â1730), as portrayed in the Pirates of the Caribbean filmsâwith all those beautiful shots of blue water and desert islands, not to mention Captain Jack Sparrow played
by Johnny Deppâis irresistible entertainment. It's easy to see why the very word
pirate
does not register as pejorative.
Where am I going with this?
The Deep Web is surely like the Caribbean of the seventeenth and eighteenth centuries, a vast uncharted sea that cybercriminals navigate skillfully, taking advantage of the current lack of governance and authorityâor adequate legal constructs to stop them. And like
the golden age of piracy, we are living in a time of upheaval and geopolitical changes both in real-world and cyber contexts, which can encourage a free-for-all of opportunism and a rise in lawlessness.
On the high seas of the Internet, secret hiding places for cybercriminals aboundâsafe harbors, concealed caves, and digital coves where they can sail in, drop anchor, and buy and barter for tools, weapons, and other contraband. For those needing accomplices, the bawdy pubs and tavern inns of the Colonial period have been replaced with covert forums, chat rooms, and criminal-networking sites, all of which are plentiful on the labyrinthine Deep Web. While you can find cybercriminals anywhere on the Internet, they have a much easier time operating in the murky waters of the darkest and deepest parts.
And just as the legitimate digital markets like Zappos and eBay have become more sophisticated about merchandising and sales, the online black market has grown increasingly efficient. I was a contributor to the Europol cybercrime threat assessment report in 2014, which described the emerging but hard-to-believe phenomenon of
crime as a service online
. Almost any kind of criminal activityâextortion, scams, hits, and prostitutionâcan be ordered up online now, thanks to well-run websites with shopping carts, concierge hospitality, and surprisingly great customer service.
This window of opportunity for cybercrime won't last forever. It can't. But until more laws to govern the open waters of the Internet are implemented and jurisdictions begin to coordinate across virtual bordersâthe way they do for sea and aviation lawsâwe will continue to live in a golden age of digital piracy, resulting in a
lawlessness that impacts all of us.
If you aren't exactly sure what the Deep Web is, you aren't alone. This part of the Internet is commonly discussed in law-enforcement and cyber-security circles, and is a source of fascination for the tech industry and media, but like so many aspects of the cyber environment, it has a feeling of being a “tech experts only” subject, as if it's too complicated for anybody else to fathom. When I'm on the road, whether I am speaking at conferences or discussing my work with people outside digital forensics, I am always stunned by how few people really understand this hidden part of the Internet or how it works.
The field called
cyber-security
is vast and pretty complicated. Nonexperts are puzzledâand left with only one sticky mantra in their heads:
Change your password
. Well, that turns out to be great advice. But how is anyone supposed to remember all of those codes, not to mention the new ones?
I like to say that your memory may be weak, but your passwords need to be strong. That means that you should avoid taking the easiest route of simply changing one character of your password, like adjusting the ending from a “7” to an “8.” Human beings are predisposed to gravitate to variations on a theme, due to the way human memory works. The ability to recall often is by association. Therefore, what seems clever and easy for you won't be enough to stump an identity thief. Let's not forget, one of the most impossible codes of all time, the Enigma code, was broken due to a similar mistake. Its Nazi operators got lazy. Instead of resetting the dials randomly of the Enigma machine every day, some operators changed a dial by only one notch, creating an easy pattern to crack.
Failed morals and antisocial personality traits aren't the only things that give cybercriminals an advantage over their victims. These con artists are expert observers of human behavior, especially cyberbehaviorâthey know how to exploit the natural human tendency to trust others, and how to manipulate people so they give up confidential information, or what is called a
socially engineered attack
. When it comes to
identity theft or cyber fraud, it is much easier to fool a person into giving you a password than it is to try to hack it (unless the password is really weak). This sort of social engineering is a crucial component of cybercriminal tactics, and usually involves persuading people to run their “
free” virus-laden malware or dangerous software by peddling a lot of frightening scenarios (which is why it's called
scareware
). Fear sells.
The quagmire of cyber-security is made only more complicated by all the interested parties trying to solve our problems. There's an industry of professional and amateur specialists promoting anti-malware, anti-spyware, and antivirus softwareâwhile flooding our in-boxes with a steady stream of cyber-security tips, delivered on every platform from blogs to YouTube. Due to the constantly evolving technology and information overload, the subject is now more mind-numbing than scary. Many people prefer to buy malware protection and just hope for the best.
But is that enough? You don't have to look far to find somebody who has been a victim of a cybercrimeâwhether it's credit card fraud, cellphone hacking, data hacking, data destruction, or cyber-extortion. Identity theft is now the number one consumer complaint at the U.S. Federal Trade Commission, and the U.S. intelligence community ranks cyber threats as one of the top global security concerns, along with terrorism, espionage, and WMDs.
So where are these cybercriminals hanging out?
The Deep Web. At one of my first meetings with CBS executives and the creative team of
CSI
to discuss my work in forensic cyberpsychology with law enforcement agencies worldwide, this mysterious place was one of the first things I had to explain. The
Deep Web
is often a misused term.
So what is it?
Simply put,
the Deep Web refers to the unindexed part of the Internet. It accounts for 96 to 99 percent of content on the Internet, vastly larger than the Surface Web, where regular traffic is occurring. Most of this content is pretty dry stuff, a combination of spam and storageâU.S. government databases, medical libraries, university records, classified
cellphone and email histories. And, just like the Surface Web, it is a place where content can be shared.
What makes it different? The content on the Deep Web can be shared without identity or location disclosure, without your computer's IP address and other common traces. The sites are not indexed and therefore not searchable if you're using a Surface Web browser like Chrome or Safari or Firefox. For software that protects your identity, an add-on browser like Tor is one of the most common ways in. The name Tor is an acronym for “the onion router” because of the layers of identity-obscuring rerouting.
Standing before the
CSI
team, as I prepared to describe the Deep Web, I told them to picture (as I do) the entire Internet as a giant ball of colored twine. “Only certain strands can be followed, but some cannot,” I said. “The strands of twine that cannot be followed are in the Deep Web.”
Looking around, I saw a room of perplexed faces. The visual metaphor that worked for me wasn't working for anybody else.
Strands of twine?
What is she talking about?
Trying another approach, I walked to a whiteboard on the wall and drew a long horizontal line. “Here's the horizon of the ocean,” I said. Then I drew the tip of an iceberg rising up from the ocean's surface.
“The tip is the Internet you knowâthe one that you regularly access and browse,” I said. “It seems unimaginably bigâdoesn't it?âlike an entire universe of information.”
Heads nodded.
“But content-wise, it's actually pretty small. What lies beneath is the Deep Web. It's almost one hundred times bigger.”
The room grew quiet. Trying to fathom the size of the Deep Web is kind of mind-blowing and takes a while to process. When I was a kid, I used to spend hours thinking about the universeâstruggling to comprehend the concept of infinity. I used to think about it until my brain hurt, hoping that eventually, if I thought long and hard enough, I would understand how to quantify it. But sometimes the best path to understanding is to grapple not with size but with characteristics. The universe
is truly limitless, but that doesn't keep us from being able to imagine a solar system or even a galaxy. What helps is creating a visual analogy, like twine, an icebergâor the endless blue waters of the Caribbean in 1699.
So let's discuss the characteristics of only one aspect of the Deep Web, where a lot of cybercrime operations are run, where the pirates sail and loot and bury treasure. It is called, somewhat romantically, the Darknet or Darknets. It is only a fraction of the Deep Web, and a tiny fraction of total Internet content. In network science, the word
dark
is used to describe anything that is hidden, untraceable, and unfindable. When a spy goes dark, he can't be located; when you go dark online the same thing happens.
Darknets refer to what is deliberately hidden. Quite a lot of what happens there is illegal.
How did illegal operations wind up there? The Deep Web was first used by the U.S. government, and the protocols for the browser Tor were developed with federal funds so that any individuals whose identity needed to be protectedâfrom counterintelligence agents to journalists to political dissenters in other countriesâcould communicate anonymously with the government in a safe and secure way. But since 2002, when the software for Tor became available as a free download, a
digital black market has grown there, a criminal netherworld populated by terrorist networks, criminal gangs, drug dealers, assassins for hire, and sexual predators looking for new images of children and new victims.
As explained in
one Darknet tutorial:
There are things like blogs, forums (from normal to revolutionary to blatantly illegal), Tor-enabled instant messaging and chat, anonymous file hosting, anonymous financing, anonymous tipping and information exchanges, information on computer security/anonymity, info on warez/cracks/hacking, all the books, music, movies you can possibly imagine, even links to sports betting and trade information, links to international drug markets, prostitution rings, assassin markets, black market products, [child abuse material]. Some of societies [
sic
] most deviant people use this network. Not just those that browse the sites on there but also those who create and manage them.
Some call the entry point or portal to Darknets “the gates of Hell,” because once you pass through, there's no telling what you'll encounter.
No exaggeration: Almost anything you can imagine or have seen in a Quentin Tarantino movie that's illegal, illicit, and contraband can be purchased on Darknets. This has led to flights of fantasy and myth about what exactly goes on there, because the whole thing seems so impossibly lawless and surreal. One of these Darknet rumors is the existence of fighting tournaments, Roman gladiatorâstyle, where brutally violent matches are live-streamed for high-paying customers. The matches are said to be skillfully produced and pit two professionally trained fighters against each other.
As
Thebot.ânet
explains:
It may seem surreal but they are guys that train with the best and want no part of UFC or any fight league. Dudes who really enjoy fighting to the deathâ¦it's not some barroom brawl. These things happen and a lot of millionaires pay big money to see them. Modern Gladiator battles. I heard there are some with humans vs. animals.
To the death?
Can that really be true?
In my work, I've had to become familiar with some dark corners of the Deep Web. The scope of human depravity there is unfathomable and deeply disturbing. But to visit for fun, for entertainment, on a dareâor even out of curiosityâis a serious mistake with potentially lasting repercussions. This isn't HBO. It's real. And can be dangerous.
This brings me to the next question I'm always asked: How can illegal operations thrive in the Deep Web? Isn't there a way to effectively monitor and police the space?
Size and scope is a problem. There is an almost infinite number of hiding places, and most illegal sites are in a constant state of relocation to new domains with yet another provisional address. Another matter that confounds law enforcement is that many of these sites do not use traceable credit cards or PayPal accounts. Instead, virtual currencies such as Bitcoin are traded.
Bitcoin is the solid-gold doubloon of the digital realmâonly betterâit's
untraceable, anonymous currency, or what law enforcement calls a
cryptocurrency
. Secret money, in other words. The cyber equivalent of unmarked bills. While it is traded by reputable entities for totally legal purposes, so far the existence of cryptocurrencies in general has not been a particularly positive thing for law enforcement. The effects of anonymous money on human behavior are similar to the effects of anonymity online in general. It can amplify and facilitate certain behaviorâin this case, covert behavior. The ramifications are enormous.
