In part four of TechRepublic’s four-part series “Mastermind con man behind Catch Me If You Can talks cybersecurity (free PDF),” TechRepublic’s Karen Roby sat down with Frank Abagnale, the famous con man turned FBI Academy instructor, who inspired the Leonardo DiCaprio character in the movie Catch Me If You Can, to discuss his work at the FBI’s, blockchain, and cryptocurrency.
The following is an edited transcript of their interview held at Louisville’s Bowman Field Regional Airport.
SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (free PDF) (TechRepublic)
Thoughts on cryptocurrency
Frank Abagnale: I wouldn’t do anything with cryptocurrency right now. We’ve [the FBI] shut down 112 exchanges over the last year for fraud. We’ve had a lot of problems with people on the internet hacking into cryptocurrency sites and stealing everybody’s bitcoin. It’s not a real safe environment. So again, this is like any new technology where people see a lot of money, and they take a lot of risks, but it still has a lot of risks associated with it. And like any new technology, it’ll probably eventually get better, and there’ll be a more secure way of using cryptocurrency.
Blockchain: The wave of the future
Frank Abagnale: And this can be said about blockchain. I’m a big fan of blockchain. I do believe blockchain is the wave of the future. It’s where we’ll store data for banks and insurance companies, vital records for counties, and the city, and so on. But there are a lot of social issues that have to be worked out.
For example, there would be no witness protection program if there was blockchain because I could never hide the person from blockchain. People who change their sex and don’t want everyone to ever actually know what their real sex was, that would be impossible to do. So those kind of social issues, and again, like any new technology, you work through them, and you find solutions for them. But I have a lot more faith that blockchain will go a lot further than cryptocurrency, and cryptocurrency will take a long time to come along and be safe.
SEE: Blockchain: A cheat sheet (TechRepublic)
Password elimination and misuse of technology
Karen Roby: Is there a technology that you’re really excited about or is there a technology that you’re really scared of that’s on the horizon?
Frank Abagnale: Okay, let’s take both. I’m very excited about Trusona. I have to admit that I’ve been an adviser–but on the government’s behalf to Trusona–for five years because the government was very big about eliminating passwords, and we finally got there. It took a while, but we’ve got the ability now to identify someone from their device with 100% accuracy.
So we’ll be able now to eliminate passwords, and I’m a big, big supporter of getting rid of passwords. So I think that’s probably the greatest technology to come along in the last five years.
Up until now, cyber is all about money. It’s a financial crime. If you steal data, data is money, and it’s a financial crime. But the problem is we now have the power to shut someone’s pacemaker off, but we have to be within 35 feet of them, and we can speed it up. We can shut it off, so you can assassinate someone by simply walking by them on the sidewalk. That technology exists today.
We have the ability now to chase a vehicle down the interstate and get up within 35 feet of the vehicle, and we know that typical vehicle has 240 computer components in the car so we can overtake that car. We can shut the motor off. We can shut the power windows down. We can turn the airbag on. We can lock the person in the vehicle. But again, we’re restricted by distance. What’s very scary to me is that in five years you can do that from 500 miles away or 5,000 miles away. That’s what gets real scary. If I could shut your pacemaker off and be sitting in Russia or sitting just even 1,000 miles away, that’s where it gets real scary.
So I think unfortunately cyber is going to go from being a financial crime to a much more blacker type of crime for assassination purposes, for terrorism, and that’s very scary to me, and I think we’re heading down that road.
We designed a lot of great technology in this country, but we don’t ever go to the final step. We don’t say, “Okay, how would someone misuse this technology?”
So you have a device in your house, and you talk to her, and you say, “What time is it? What’s on TV tonight? Order me this from Amazon.”
That’s voice activated. All I have to do is a minor twitch, and then I hear everything you say in your house. The cameras you have on your home–that you watch your property on when you go away on your iPhone–those are open for hackers. Your refrigerator tells you how much milk you have in it, that’s an open door for hackers. Your Samsung TV, your remote control–all those things are hackers’ dreams come true because the developers never took that final step because they’re so convinced they need a return on their investment.
SEE: Eight things you should know before launching a cybersecurity career (free PDF) (TechRepublic)
So when I agreed to work with Trusona, that was the biggest thing to me. I’m not going to get involved in this unless we take it to the final step to make sure that no one can defeat it, and we won’t just end there. We’ll have to look at it every year and say, “That’s something that could come up that someone could do this with it.” And that’s what needs to be done, but unfortunately we develop a lot of technology without ever going to the final step.
Look at even remote debit capture. When it came out I said in an interview, “That’s the most stupid thing I’ve ever heard that someone could just scan a check and get immediate credit. What if I just take the check and then go cash the check? Now I’ve got twice the money.”
They’ve obviously lost millions and millions of dollars with remote debit capture, and then banks got smart. They set limits on it and started to control it. But they should’ve thought of that before they ever put it in the marketplace to begin with.
Karen Roby: Where is Trusona in the development and actually pushing it out?
Frank Abagnale: It’s out now and being used by banks, which are starting to convert their ATMs over to using it. A lot of companies like Delta Airlines has vetted it for two years with their 80,000 employees, and they’ll eventually move it out to their customer base. Most banks will vet things for a couple of years internally to make sure that it does what it says it does, and that it has no weaknesses to it. Aetna started it out for communicating with their doctors, but now Aetna is bringing it out to their base of insured customers. I think a lot of colleges and universities have already converted to no passwords with their students. I think its just a slow process of getting people to switch over.
And then companies like Microsoft–Trusona is backed by Microsoft, is funded by Microsoft–and I think that eventually every game you play, everything you do on it within Microsoft will be with no password. And that’s where the ultimate gain is, and we’re well on our way there, and certainly in my lifetime there will be no passwords.
SEE: Password managers: How and why to use them (free PDF) (TechRepublic)
Frank Abagnale: To sum that up, someone asked me, “Why did you get so involved with this?” And I said, “Really one reason. I have five grandchildren, the oldest being a 16-year-old girl, the youngest being a one-year-old girl.” I said, “I want one day in the very near future for them to walk into the car dealership and say, “I’d like to buy this car, but I’d like to finance it through a bank. I want to get the best interest rate.”
“All right, just press that app on your phone.”
That’s it. I don’t have to say where I live. I don’t have to say my social security number, or any personal information about me whatsoever. I press that app and they have everything they need and all that information is with the entity.
So for example, Trusona stores no data. So we know that if someone hacks into Trusona, they get nothing because they store no data. In the future that’s the only way for the bank to get to their customers. If you call the call center, they’ll simply say to you, “Sir, you have your phone?”
“You press the app on your phone? All right, how can I help you?”
They know it’s you, so they don’t have to say to me, “What’s the last four digits of your Social Security number, what’s your mother’s maiden name?” All those security questions go away, and that’s the main objective that keeps people from having to give out their personal information.