BBC: Game of Drones

Here’s the BBC World Service version of my Reuters piece on drones from a few months back. Transcript below:

America may still be the tech centre of the world — and it is — but regulatory dithering over whether and how to allow drones — or unmanned aerial vehicles as most call them — in its airspace is throwing up opportunities for other countries to get a head-start.

And that’s no small thing, for a couple of reasons. One is that drones as an industry is moving amazingly quickly. Some liken it to the PC: the technology is getting better, smaller, cheaper, and prices are falling so rapidly that everyone can have one, and the gap between what constitutes a serious drone and a toy has narrowed considerably.

There’s another element in this, and it’s also comparable to the PC era. Back then we knew we all wanted a PC but we weren’t quite sure what we wanted it for. We bought one anyway, and felt slightly guilty that it sat in the corner gathering dust. Naysayers questioned the future of an industry that seemed to revolve around convincing people to buy something even when they couldn’t give them a reason to do so.

Sound familiar? A lot of folk, including my self, have bought a drone in the past year. Mine was a tiny one and upon its maiden flight floated high into the air and disappeared into next door’s garden. Its second landed in a gutter that could only be reached by small children and my wife drew the line at sending our daughter up there. So I’m now drone-less.

This is the bigger issue with drones — not whether to propel reluctant tikes up ladders, but to figure out what they’re good for. And this is where companies in Europe and Asia are stealing a march on their U.S. cousins. The hardware is all well and good but the future of drones, like that of computers, is going to be about harnessing their unique capabilities to solving problems, developing use cases, building ecosystems (sorry, I’m obliged by contract to use that word at least once a week) .

So, for example, a company here in Singapore is working with companies and government agencies around the region on a range of interesting things — what they and others are calling drones as a service. So if you’re flying over a palm oil plantation in Malaysia doing something quite basic like mapping where, exactly, the edges of the property are, why not calibrate your cameras so they can also measure moisture level — and likely yield — of individual trees?

And rather than have building engineers hang dangerously out of skyscrapers to check structural damage, why not have a drone do it? Not only do you save on safety, you also have a virtual model of your building you can refer back to. Tired of despatching dog catchers in response to citizens’ complaints? Deploy a drone above the target areas and build a heat map of their movements so you know when best to pounce, and how many leads you’re going to need.

There’s lots of other opportunities being explored out there beyond the obvious ones. The trick is going to build business models around theses services so when companies see drones they don’t think ‘toy I play with at the weekend’ but ‘this could really help me do something I’ve long thought impossible’.

No question, of course, that the U.S. will be the centre of drone innovation. It already is, if you think in terms of developing the technologies and absorbing venture capital. But it may yet be companies beyond American shores which make the most of their head-start that emerge into major players as drones become as commonplace in business, if not homes, as computers are.

BBC – Cybercrime: One of the Biggest Ever

My contribution to the BBC World Service – Business Daily, Cybercrime: One of the Biggest Ever

Transcript below. Original Reuters story here

If you think that all this cybersecurity stuff doesn’t concern you, you’re probably right. If you don’t have any dealings with government, don’t work for an organisation or company, and you never use the Internet. Or an ATM. Or go to the doctor. Or have health insurance. Or a pension.

You get the picture. These reports of so-called data breaches — essentially when some bad guy gets into a computer network and steals information — are becoming more commonplace. And that’s your data they’re stealing, and it will end up in the hands of people you try hard not to let into your house, your car, your bank account, your passport drawer, your office, your safe. They may be thieves, or spies, or activists, or a combination of all three.

And chances are you won’t ever know they were there. They hide well, they spend a long time rooting around. And then when they’ve got what they want, they’re gone. Not leaving a trace.

In fact, a lot of the time we only know they were there when we stumble upon them looking for something else. It’s as if you were looking for a mouse in the cellar and instead stumbled across a SWAT team in between riffling through your boxes, cooking dinner and watching TV on a sofa and flat screen they’d smuggled in when you were out.

Take for example, the case uncovered by researchers at a cybersecurity company called RSA. RSA was called in by a technology company in early 2014 to look at an unrelated security problem. The RSA guys quickly realized there was a much bigger one at hand: hackers were inside the company’s network. And had been, unnoticed, for six months.

Indeed, as the RSA team went through all the files and pieced together what had happened, they realised the attack went back even further.

For months the hackers — almost certainly from China — had probed the company’s defenses with software, until they found a small hole.

On July 10, 2013, they set up a fake user account at an engineering website. They loaded what is called malware — a virus, basically — to another a site. The trap was set. Now for the bait. Forty minutes later, the fake account sent emails to company employees, hoping to fool one into clicking on a link which in turn would download the malware and open the door.

Once an employee fell for the email, the hackers were in, and within hours were wandering the company’s network. For the next 50 days they mapped the network, sending their findings back to their paymasters. It would be they who would have the technical knowledge, not about hacking, but about what documents they wanted to steal.

Then in early September they returned, with specific targets. For weeks they mined the company’s computers, copying gigabytes of data. They were still at it when the RSA team discovered them nearly five months later.

Having pieced it all together, now the RSA team needed to kick the hackers out. But that would take two months, painstakingly retracing their movements, noting where they had been in the networks and what they had stolen. Then they locked all the doors at once.

Even then, the hackers were back within days, launching hundreds of assaults through backdoors, malware and webshells. They’re still at it, months later. They’re probably still at it somewhere near you too.