If It's Smart, It's Vulnerable E-Book

Table of Contents

Cover

Title Page

Foreword

Preface

Saab 9000 Turbo

The Good and the Bad of the Internet

Prehistoric Internet

The First Websites

Linux Is the World's Most Important System

iPhone vs. Supercomputer

Online Communities

Money Is Data

Codes All Around Us

Geopolitics

Security Tetris

Who Are We Fighting?

The Rolex

Malware—Then, Now, and in the Near Future

The History of Malware

Smartphones and Malware

Law Enforcement Malware

Ransomware Trojans

The Human Element

The Two Problems

The Heist

CEO Fraud

Protecting Company Networks

Bug Bounties

Wi-Fi Terms of Use

Mikko's Tips

Mikko's Tips for the Startup Entrepreneur

Boat for Sale

What If the Network Goes Down?

Electrical Networks

Security in Factories

Hypponen's Law

Dumb Devices

Regulation

Car Software Updates

Online Privacy

Life Without Google

Murder Charges Never Expire

Is Google Listening to You?

Gorillas

Startup Business Logic

Biometrics

Antisocial Media

Online Influencing and Elections

Privacy Is Dead

Before and After Gmail

Encryption Techniques

Data Is The New Uranium

CASE Vastaamo

Cryptocurrencies

The Value of Money

Blockchains

The Environmental Impacts of Bitcoin

Playing the Market

Ethereum, Monero, and Zcash

NFT

Bitcoin and Crime

Border Guards vs. Bitcoin

Technology, Espionage, and Warfare Online

Cyberweapons

Technology and Warfare

Under a False Flag

Concealability of Cyberweapons

The Fog of Cyberwar

Case Prykarpattyaoblenergo

Case Pyeongchang

Governments as Malware Authors

Russia and China

Case Stuxnet

Damage Coverage

Explosion at the White House

My Boycott of RSA, Inc.

The Future

Artificial Intelligence

Wolverines

AI Will Take Our Jobs

Smart Malware

Metaverse

The Technology of Warfare

“You Are Under Arrest for a Future Murder”

Those Who Can Adapt Will Prosper

Tesla

Trends in Technology

Coda

Index

Copyright

End User License Agreement

Guide

Cover

Table of Contents

Title Page

Copyright

Foreword

Preface

Saab 9000 Turbo

Begin Reading

Coda

Index

End User License Agreement

Pages

i

v

xiii

xiv

xv

xvii

xviii

xix

xxi

xxii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

vi

263

More Praise for If It’s Smart, It’s Vulnerable

“As the namesake of Hypponen's law, Mikko is the right person to explain how everything is getting connected, and what we should do to secure all devices on the internet — both the smart ones and the stupid ones.”

—Robert M. Lee,founder and CEO of Dragos Inc.

“A guided tour of the intersection between security and technology by the best kind of storyteller. Mikko lived it, shaped it, and now explains it.”

—John Lambert,Microsoft

“It's hard to understand a revolution when we are living in the middle of it. Mikko clearly explains the technology megatrends shaping our future and illustrates his points with fascinating real-world stories from his long career in infosec.”

—Dave DeWalt,Founder of NightDragon and former CEO of McAfee and FireEye/Mandiant

“Mikko uses his remarkable experience to give the reader an understanding of the challenges we as digital citizens face. If It's Smart, It's Vulnerable; no truer words have been said in this digital age.”

—Raj Samani,Senior Vice President and Chief Scientist at Rapid7

“Before the internet, people were not used to reality having multiple dimensions. Now that the globe is being connected at an exponential pace, we are lucky to have talented guys like Mikko Hypponen explain how we can move to the next step.”

—Marcelo Tas, Brazilian actor,author and TV host

If It’s Smart, It’s Vulnerable

Foreword

Jeff Moss

The Internet is both a familiar, comfortable place and a bottomless rabbit hole you can lose yourself in. From its inception, the Internet has always been like. The difference now is that the scale and consequences are almost immeasurable, and it tests the limits of human imagination. When you look into the mirror of the Internet, what you see reflected back depends on what you are looking for. It has become largely a reflection of yourself.

If you are a businessperson, you might see endless opportunities, new markets, new supply chain efficiency, new ways to market a product or collaborate with designers you would never have had access to before. You would think about the costs, the risks of doing business online, what regulations you would need to abide by, and the financial rewards.

If you have an inquisitive mind, you may see endless research opportunities, different perspectives to consider, online debates to have, and meaningful places to contribute your efforts. You can do this no matter your race, ethnicity, gender, age, orientation, or religion. Such freedom!

Policy makers see a new domain that needs oversight and regulation that would shape the Internet into a reflection of their governments' values and ideals. Governments see not only a way to communicate and collaborate with their citizens but also a new way to spy on each other. No need for James Bond; instead remotely break in and read their email to see if they are violating a treaty or planning an attack. Conspiracy theories thrive next to scientific research and fan-fiction sites, and criminals see a lower risk way to make money through theft or extortion—no need to expose yourself physically.

What's going on?

It has been said that in the 1700s the highest calling was the government, and it attracted the best and brightest. The 1800s saw the industrial revolution, and the 1900s attracted the best minds to Wall Street. Today it is the Internet and related industries that have the creative, financial, and emotional energy. How long will this phase last before people move on to genetics, nanotechnology, or even space?

The early days of the Internet were about building stuff: infrastructure such as networks and undersea cables to physically connect the servers. Next, it was bigger data centers, faster mobile technologies, and algorithms to try to understand and predict consumers.

By building better infrastructure, the creation of massive, global platforms became possible. Whole new business models were possible! Previously impossible global population tracking and influence campaigns were possible! This is the era when the Internet truly became pervasive enough to be a global good—and a global hazard. We are now in the age of Internet consequence, where what happens impacts billions of people a day and influences how nations behave, and there is little accountability.

One thing has become clear: Internet problems have become global problems, frequently larger than what a company or country can manage. It is now clear that these global problems require a global response. Trying to take down a botnet? Create rules for a social media platform? Set standards for the next generation of technology? All require participation in international forums and coordination in new ways from companies and governments but also from civil society, academics, researchers, and users who have to live with the world we have created. We need to bring together not just the builders and the regulators but everyone involved.

The Internet I describe is constantly evolving, connecting. There is a gravity, a sort of invisible hand, that is organizing the Internet to be more optimized, complex, fragile, centralized, and attractive to regulation. There is the trade-off between efficiency and resiliency, and efficiency almost always wins because it is more cost-efficient. But efficiency is not always what is best for a society. The consequences have become so great it is now apparent that governments have a legitimate interest in what happens online, and regulation invariably follows unchecked innovation.

It is up to us, those who understand the technology, for the sake of the generations that will inherit the Internet, to work toward better policy outcomes, fair and transparent algorithms, and inclusive and accountable environments.

Preface

The Internet is the best and the worst thing that has happened to us. The waves of the digital revolution are obvious everywhere in our everyday life. The Net brings us great benefits but also chilling new risks—risks which would not have even been possible before. And this revolution is still in its early days.

For over more than 30 years now, I've worked at the same company. First, at Data Fellows, which renamed itself to F-Secure. As I'm writing this, F-Secure is about to split into two companies: F-Secure and WithSecure. We have provided security software and solutions for companies around the world, and I've spent these years hunting online criminals. These 30+ years have been remarkable in technology history. It has been a privilege to live inside the Internet revolution.

I have not become unimaginably rich, but I've gotten the opportunity to see the firsthand effects of digitalization from the best seat in the house. I've been to places where few people go. I've met online criminals face-to-face. I've visited the headquarters of different national armed forces (such as the Pentagon) and the centers for different intelligence agencies. I've been in meetings at Microsoft, Google, and Apple, and I've given private briefings to the leadership teams of some of the biggest companies in the world. I've worked on online criminal cases with various police forces, and I've spent very long days at both Interpol and Europol offices. I've traveled more than I'd like to admit; the glamour of travel starts to wear off when you sustain a level of 140 flights a year.

The places I've been and the people I've seen have illustrated to me that we all are unusually lucky. We get to live during a time where massive technological revolutions change the world faster than anything ever before. I'm watching these trends from within a cybersecurity lab. As we analyze online attacks and reverse engineer malware samples, we get a unique view into the Internet underground.

What will historians of the future think about us and about our time? How will we be written about in the history books of the future? We will be remembered as the first people who went online. We're the first generation that is living part of our lives online and part of our lives in the real world.

Mankind has been roaming this planet for more than 100,000 years before the Internet. Now the Internet will be part of our future, maybe forever. You and I just happened to be around when this happened. So, if the online world sometimes feels foreign or weird or difficult, it's OK: this has never been done before.

This global Net brings information to us, in a very concrete way. In the 1990s, we simply could not check or confirm things like we do today. This feels almost foreign now. If you had an argument at the bar about who won the gold medal in the marathon in the Los Angeles 1984 Summer Olympics, there was no easy way to find the answer. You might be able to check it the next day by visiting a library (the gold went to Carlos Lopes of Portugal). Nowadays, anyone will find the right answer in seconds with their iPhone.

This book is about the Internet and us. The Internet has changed from a technical curiosity to a seamless part of our everyday life. Eventually, it will become invisible, something we take for granted and assume to be available always and everywhere. This is what happened with the electricity grid.

This book also tells about the things that threaten the future of the Internet: organized online crime gangs, governmental surveillance and censorship, and the fight over control of the Internet. It also tells about how law enforcement and intelligence agencies operate on the Internet, how money became data, and how we all carry a supercomputer in our pockets.

Saab 9000 Turbo

In my career, I have achieved more than I would ever have imagined. It is nevertheless good to stay grounded and remember that all experts' careers are characterized by failure.

During my first “proper” job at a software company, I was put in charge of an important customer project. I was 21 years old, and the customer was a ceramics factory in my home city of Helsinki, Finland. I was writing database software that would provide workers with instructions on various ceramics products. The software was fairly advanced by 1991 standards: it ran on Windows 3.0 and had a graphical user interface. It even had pictures of the various cups, mugs, and plates being made.

The project was extensive and kept growing during development. Schedules kept being pushed back. I spent the hot summer coding day and night in my student apartment, getting no closer to the finish line. Finally, the customer's chief information officer lost patience and demanded a meeting where I would confirm the project's stage of completion and demonstrate the software. I spent a nervous morning fine-tuning the software at our office, crammed my documents into my briefcase, and took a tram across Helsinki to meet the customer. When I arrived, the CIO and his assistants were waiting in a conference room with a desktop computer and large CRT screen for my demo.

I had barely sat down and opened my briefcase when I realized that I had left the floppy disk in my work PC's drive and did not have the software I was supposed to demonstrate. I confessed this to the CIO, and he went ballistic. In fact, he was sure that the software was nowhere near done, that this was an excuse to buy more time. Assuring him that I had the software on a floppy disk at the office, I proposed meeting again the next day.

Now even more annoyed than before, the CIO would not accept this. They would wait in the conference room while I fetched the missing disk. I agreed but warned them that the tram ride across Helsinki and back would take about an hour and a half. The red-faced CIO pondered the situation before giving me his car keys and telling me to use his car, a Saab 9000 Turbo, fresh off the showroom floor. Nervously, I set off for the streets of Helsinki—and crashed his new car.

When I told this story on Twitter, one of my followers asked how I ever got another job. I was happy to reply that, in fact, I didn't. The product card project I was working on in 1991 was with a small company called Data Fellows. The company forgave me, grew over the years, and focused on information security. Now, over 30 years later, I am still employed by them.

The application for the ceramics factory was eventually completed and was still being used in 2005.

The Good and the Bad of the Internet

We are living in an age of technological revolutions. The world is changing faster than ever. The Internet has shaped the world permanently, removing many geographical barriers, benefiting us massively, but presenting entirely new types of risks.

Prehistoric Internet

What is the Internet? It is the network of networks. It is a network built to survive nuclear war. It is a network that is older than most of us—and one that will be here after we are gone.

The history of the Internet began in the 1960s, when the U.S. defense administration started designing a new type of information network called the Advanced Research Projects Agency Network (ARPANET). Internet users may still encounter the name ARPANET. When searching for the sources of net addresses, you will occasionally see “in-addr.arpa” or “ip6.arpa.” This refers to the original network where it all started.

The first router was connected in August 1969. Being the only device on the network, it was unable to send data anywhere. The first data packet was transmitted on October 29, 1969, when researchers from the University of California – Los Angeles (UCLA) and Stanford University tested a new connection for the first time.

The initial data transfer protocols were slow and error-prone, problems that were solved by the development of Transmission Control Protocol/Internet Protocol (TCP/IP) and Ethernet in 1973. These networking standards formed the basis of the Internet. TCP/IP ensured that data packets were transmitted from sender to recipient, and Ethernet standardized the way our devices receive these packets. It was often joked that Ethernet worked better in practice than in theory, but the protocols did actually do their job.

The world did not change in the 1970s, because almost nobody had access to computers. Mainframes were only accessible to universities and large corporations. The 1980s saw the introduction of 8-bit home computers, such as the Apple II and Commodore 64, but they lacked proper network access. One more component was needed to change everything: an open, standardized personal computer. IBM, an IT giant known for its mainframes, introduced the IBM Personal Computer, or PC, in August 1981, with a central processing unit made by Intel and an operating system from a small startup called Microsoft.

Most importantly, the IBM PC was open—anyone could program it. Soon, hundreds of manufacturers were building compatible computers that could run the same software. The PC's operating system was not quite open source but was open enough. IBM itself was perhaps most surprised by the PC's success, as other PC manufacturers, such as HP and Dell, soon bypassed its sales volumes.

The PC was a unique, accidental success in terms of openness and standardization. Nowadays, we take it for granted that computers are compatible and open, and we are wrong to do so. In fact, most of our devices, such as cars, refrigerators, game consoles, and cameras, work in closed ecosystems. PCs are a happy exception to the rule. They gave rise to an open ecosystem that enabled freely developed software and accessories without limitations. Accessories included modems and network cards providing access to local area networks or bulletin board systems (BBSs).

The initially diverging paths of the Internet and PC revolutions developed a tendency to converge. One more agent of change was required. The study “Towards a National Research Network” of 1988 piqued the interest of U.S. Senator Al Gore. He began campaigning for federal funding of $600 million to research and develop applications for the information superhighway.

A year later, in Switzerland, Tim Berners-Lee developed the Hypertext Transfer Protocol (HTTP) and the Hypertext Markup Lanuage (HTML). These two combined to form the World Wide Web, or WWW for short. The first WWW server was coded by Berners-Lee, Ari Luotonen, and Henrik Nielsen.

However, the protocol and servers alone did not allow use of the WWW; users needed a browser. Browsers like the modern examples, Chrome and Safari, simply did not exist in the early 1990s. One of the earliest browser prototypes was developed at the Helsinki University of Technology. It was called Erwise. Tim Berners-Lee traveled to Finland to encourage the team to turn the browser into a product. Unfortunately, the project was never finished. One of the coders on the Erwise team was willing to finalize the browser as a summer project, but the university could not afford a summer intern. The Finnish browser was never finished.

The Mosaic browser was completed in 1993. For many people—like me—Mosaic was the first software to provide access to the brand new World Wide Web. Mosaic then branched off into an even more popular browser, Netscape, from which Firefox is directly descended. But who developed Mosaic? It was created at the National Center for Supercomputing Applications, supported by Al Gore's funding package.

As the 1990s progressed, Internet connections became common, and online services and shops multiplied. The first popular mobile phones lacked Internet connectivity, but its addition rapidly made phones the most common way to use online services.

The Internet shrunk distances. Young people now find the idea of long-distance or international calls strange. It is nevertheless true: before the Internet, the further you called, the more it cost. Nowadays, attending a Zoom meeting or sending a file costs the same, whether the other party is next door or across the world—pretty much zero, of course.

It is difficult even to imagine everyday life without the Internet. We were all given access to an open and unrestricted Internet. What kind of Internet we will be leaving for future generations is up to us.

The First Websites

The world's first three websites were in Switzerland, the United States, and the Netherlands. There were approximately 700 websites by early 1994.

Inspired by the wild prospects of the WWW, I set up a website for our company in April 1994, at the address datafellows.fi. Finland had only a couple of dozen websites, most of which belonged to universities or network operators. Nowadays, it would be impossible to create a list of all websites. There are almost half a million .fi domains alone, and more than 150 million .com domains.

Once I had set up our website, I proudly posted about the new service in the Internet newsgroup comp.infosystems.www.announce, giving details on how to access the website. In 1994, Windows did not support Internet and did not include a browser. The instructions provide a good picture of the effort needed to use the Internet back then:

In order to be able to access the Data Fellows WWW site, you will need the following:

Internet access. This can be a direct line or a SLIP or PPP connection. Some Unix users can also use a Term Connection.

A TCP-IP stack. PC users need a stack with Windows Sockets compatibility. Suitable products are Microsoft Wolverine, FTP Software's PC/TCP, PC-NFS, SuperTCP, Trumpet Winsock, etc.

A browser. This can be, for example, NCSA Mosaic, Cello, WinWeb, or Lynx. Most of these products are available for a variety of platforms. If you don't have a browser, but are able to telnet, you can use one of the text-based WWW gateways.

Most or all of the needed programs are available for free from FTP sites.

The Data Fellows WWW site is a public site, and the service is provided for free: no login is necessary.

In spring 1994, there was no Google or Wikipedia online. Microsoft, IBM, and Apple had yet to set up their websites.

Our website initially attracted just a few visitors per day, but the numbers kept growing. When the website was a few months old, I accidentally destroyed it; I was maintaining the server and deleted the wrong directory. Only on the next day did I notice that our website was blank. Mortified, I had to call the chief executive officer and explain that I had accidentally deleted our website from the Internet…and that we had no backup. Luckily, the service was fairly easy to reconstruct.

Linux Is the World's Most Important System

Linus Torvalds coded his own operating system while studying at the University of Helsinki in 1991. The OS was initially called Freax (freak unix), but the server administrator named the directory Linux when it was placed in public distribution, a name so good that it stuck.

A couple of years ago, I had a conversation about Linux with an elderly relative of mine, who expressed regret that it never became the success story originally foretold, being unable to compete with Microsoft. He arrived at our meeting in his car, whose navigation and infotainment system ran on Linux. The Samsung Android phone in his pocket ran on Linux. I know that he spends a lot of time on Facebook, which runs on Linux servers—just like Google, which he uses for email and maps. His old desktop computer certainly ran on a Windows operating system, but Windows was far behind in all other areas. Linux is by far the world's most common—and most important—operating system.

The vast majority of web servers run on Linux. Special effects in Hollywood movies are created on Linux. Amazon's cloud services run on Linux. About 85 percent of the world's smartphones run on Linux. Chromebooks running on Linux outsell Apple's Macbooks, and SpaceX rockets and Tesla cars also run on Linux. Linux can even be found on Mars!

Even Microsoft has now faced the facts and supports Linux. In Microsoft's Azure cloud services, the user can choose one of the seven most common Linux distributions. In 2019, Microsoft announced that the Windows Subsystem for Linux enables Linux software to be run on Windows and has developed its own version of Linux. Linus Torvalds took on Bill Gates and won.

Linux does more than just power web servers and smartphones. It is also one of the world's most common platforms for Internet of Things (IoT) devices. The most popular operating systems for smart TVs are Tizen, webOS, Android, Fire, and Roku. They are all based on Linux.

However, Windows and Linux are not the only operating systems. In many cars, for example, the user interface runs on QNX, an OS owned by Blackberry. BSD is a Unix operating system that comes in many variants, the key ones being Apple's macOS, iOS, and iPadOS. In practice, this means that all smartphones run on either Linux (Android) or BSD (iOS). The smallest IoT devices run on ultra-light operating systems such as Contiki, VxWorks, Nucleus, and RIOT.

Linux changed the world, and Linus Torvalds is the greatest Finn who ever lived. Our other national heroes are composers, soldiers, athletes, or politicians—but none come close to Torvalds. He has created more value and business than any other Finn—in just a few decades. Torvalds remains the key individual in the Linux project. The source code is open and free and is being developed by thousands of people around the world, but Torvalds supervises and approves changes made to the Linux kernel.

Torvalds has created another significant software project in addition to Linux: Git. Git is a system that allows the management of content being edited by several people at the same time. The most typical application is the management of software code—Git is currently used to manage Linux and Windows source code, no mean feat given the millions of lines of code in systems of their size.

Git was so important that it led to the creation of several new companies, such as GitHub, Bitbucket, and GitLab. It now has dozens of millions of users, which is one of the reasons why Microsoft purchased GitHub for $7.5 billion in 2018.

It should be noted that Microsoft did not purchase GitHub from Torvalds. Torvalds has made the idea and source code for Git free for anyone to use. The founders of GitHub Inc. did just that and later sold their company for billions of dollars. Linux has been released for public distribution in a similar way, and large corporations such as Google, Amazon, Siemens, and Boeing use it to make massive profits.

Linux would never have become a global success story if subjected to license terms or limitations or if its innovations had been patent-protected. Wired magazine once named Torvalds the leader of the free world.

Torvalds has received substantial acclaim. Asteroid 9793 is named after him, and in 2000, TIME magazine named him one of the 20 most important people of the last century. He is also one of only three Finns to give a TED talk.

iPhone vs. Supercomputer

The pace of technological development is astounding. Modern smartphones contain staggering amounts of computing power. In fact, an iPhone is faster than the fastest supercomputers of the 1990s.

At the end of the last century, the Cray-2, Thinking Machines CM5, and Paragon XP/S were among the fastest supercomputers. These van-sized behemoths needed water cooling systems. They cost millions and devoured electricity, but they enabled long-term weather forecasts and strength calculations for skyscrapers.

Now, 30 years later, everyone has the same computing power in their pocket.

As well as packing serious computing power, our phones went online. Some readers will recall the days when mobile phones were for calls and text messages only. By 2021, more web traffic was being sent by mobile phones than computers. Finland is the world's number one in mobile data: 4G and 5G connections are very fast and cheap in Finland, and there are no data caps. The mobile network is the only Internet connection for many single-family homes and is commonly used to watch movies on Netflix in 4K resolution. Soon, this will be the reality everywhere.

Online Communities

Each year, TIME magazine recognizes the Person of the Year. In 2006, that person was “You.” Social networks such as Myspace and online services such as YouTube were growing, and TIME had sensed a pending revolution in how we use media. People were no longer passive recipients watching TV or reading papers; now, anyone could share their opinions and views with the world.

However, this revolution has had its downsides: paranoid nutjobs and conspiracy theorists also had a chance to be heard.

The Web has been more transformative for minorities than for the mainstream population. In the 1990s, the only trans person in a small village felt very alone. Going online allowed them to find support and safety among peers. For sexual minorities, the Web can be a lifeline. In the same way, anyone with a rare hobby can find peer support, safety, and happiness online—model steam train collectors, for example, can effortlessly create worldwide online communities. This is the upside of online communities.

However, people with destructive fantasies, suicidal tendencies, and eating disorders—even potential school shooters—can also find validation online. This can be seen in the conspiracy theories and false information spread on the Internet. New rumors spread from one country and language to another faster than ever. The Web is more efficient at spreading information than any other means in history. Information can be useful or harmful, and we cannot prevent the spread of harmful information.

When the Internet became generally available, for a while it almost seemed utopian. We had created an open and free network that the entire planet could join, free of charge and limitations. No distances, no borders, no geography: one, unified world.

Now that we have lived the online life for a few decades, we realize that the Internet is no utopia. In many respects, it is more like a nightmare. The Internet is a reflection of the real world and shares in its wickedness and greed. It has become a place where criminals can seek victims across the globe, where elections are won and lost due to online influencing, and where fake news spreads faster than facts. Our real-world conflicts and wars are also expanding online.

Money Is Data

The Internet took money transactions online a long time ago. I paid my first bills with an online bank in 1990, using my 386DX-powered MS-DOS machine and 2400 bps modem to call text-based banking services.

Modern consumers see less and less cash. Many Asian countries, such as Japan and mainland China, have been pioneers in replacing cash. Even the smallest street vendor stall in Shanghai will have the WeChat or Alipay payment system for mobile payments.

In Europe, Sweden has been the pioneer. According to the Riksbank, Sweden's central bank, printed money makes up less than 1 percent of Sweden's annual gross domestic product, compared to 8 percent in the United States. Sweden has already gone as far as enacting a new law, in early 2020, requiring the largest banks to ensure the availability of cash. Cash continues to play an important role, particularly in emergencies. How else will you pay if the Internet or power grid fails?

Codes All Around Us

Nowadays, barcodes can be found in nearly every product we buy in stores. Developed in the 1950s, barcodes were originally based on Morse code. The square-shaped QR codes only became commonplace in the 1990s.

The Japanese spare parts manufacturer, Denso Wave, developed the quick response (QR) code for marking spare parts packages in 1994. Compared to the traditional barcode, the main benefit of the QR code is that it can contain any data: text, numbers, contact information, login information for a Wi-Fi access point, or web addresses. The QR standard supports QR codes of up to 2,953 bytes in size (luckily, you never see codes this massive). QR codes are even carved into tombstones.

In 2007, coder Justin Watt wrote an article on QR codes on his blog, with a sample image linked to his website, justinsomnia.org. Google published an updated version of its image search in the same year. The image in Justin's blog became the top result for the search term qr code. This led to a surprising outcome: Justin's QR code appeared on posters, T-shirts, and TV commercials around the world. Wanting to add a QR code to their productions, designers and advertising agencies had used the first QR code they could find as a placeholder for the design stage—that is, the one that was the top result on Google Image Search. Unfortunately, because barcodes and QR codes all look the same to us humans, the placeholder QR code (linking to the wrong website) was surprisingly often retained in the final advertisement or poster.

This happened to several well-known companies, such as Nokia, PayPal, and Blackberry. Justin managed to cash in on this by redirecting the advertiser to the correct page—for a fee. To the advertiser, this was easier than, say, printing and distributing thousands of posters all over again.

QR codes and scanning them have met with derision for many years, but the Covid-19 pandemic and covid passports have made them an everyday tool in many parts of the world.

Even the credit cards in our wallets contain a surprising range of codes. In the early days, their embossed credit card numbers were transferred using carbon paper and an imprinter upon payment. Later, a magnetic stripe, then an EMV chip and, finally, an RFID circuit made contactless payments possible. Many modern credit cards have all of these, making new credit cards compatible with the same “knuckle buster” imprinters used to process payments in the 1950s!

Barcodes, QR codes, and credit card markings are easy to spot, but we are also surrounded by countless invisible markings, such as the yellow ones created by printers or the EURion symbols found on paper money.

Practically all color printers leave a unique fingerprint on their output: they print nearly invisible, light yellow dots on every page. These dots give the time of the printing and the printer's unique identifier. In other words, if you print out controversial opinions, you could, in principle, be traced.

In 2017, there was a leak at the U.S. National Security Agency (NSA). An NSA employee had printed out information on Russia's attempts to influence the presidential election of 2016, and the documents were mailed to Intercept magazine. Intercept scanned the papers and published them on the Internet. The yellow dots left by the printer were difficult to see in the online materials, but they could be used to decode the key information: the informant had printed the classified information on printer 29535218 at 6:20 a.m. on May 9. The NSA's internal investigation team almost immediately arrested the 26-year-old Reality Leigh Winner, who was sentenced to five years in prison.

EURion is a pattern of five circles that has appeared on paper money in many countries since 1996. Resembling a constellation, this symbol is commonly hidden in the middle of other circles or similar symbols. However, look closely, and you will find it on every dollar bill and on euros, pounds, Chinese yuan, and Swedish crowns.

Most image-processing software and photocopiers will not process or copy an image that contains the EURion pattern, which makes counterfeiting more difficult. I once spoke with a man at a hacker conference who said he was considering having his face tattooed with the EURion pattern. This might make it difficult to process photos of him.

Money is data. Bank robberies were once a major problem. Heists, where armed robbers entered a bank and demanded cash, were still common all over the world in the 1990s. They are now consigned to history. Bank branches have all but disappeared, and those that remain hold minimal amounts of cash. Online bank heists are now the norm. Digitalization has changed the nature of bank robberies—like everything else.

Geopolitics

The Internet has been firmly controlled by the United States, the traditional seedbed of most popular services. People around the world use services—such as search engines, cloud services, and social media services—built in the United States.

This is actually somewhat counterintuitive, since the United States stopped being a major player on the Internet some time ago in terms of user numbers. More than half of all Internet users come from Asia. Europe is the second-largest area, with around 15 percent of users. Africa and Latin America each account for 10 percent, while only 6 percent of users come from the United States.

Europe seems to be a bigger player than the United States on nearly every count. It has twice the population and, based on national budgets, is a much larger area of economic activity. However, when we look at company valuations, the United States and Europe could be on different planets. The total market value of publicly listed technology companies in the United States exceeds that of all European publicly listed companies. In 2022, Apple alone is larger than all public companies from Germany.