The death of the data age — How to hack a whole country
TL;DR In this blog post, I sketch the hypothetical hack of a whole country using fake science, market manipulation, and propaganda. The blog post is educative and is not meant to motivate rogue behavior.
Health data has historically been the ultimate field for a data scientist. Tough regulations and tough science requiring extreme technology.
So far, that’s probably nothing new to you. While the healthcare sector has its own rules regarding business and demands monopolies whenever possible, the technology sector is doing nothing better.
In my recent blog post, I outlined that the common safety mechanism, differential privacy, is everything, but secure. Especially on the size of classical health datasets.
In this blog post, I want to give you a picture of you the hypothetical plan to hack an entire country. I do explicitly state that I do this for journalistic reasons and not because I want that someone actually does that.
The goal of the article is — if something- to block such attempts from happening. Data leaks harm the individual on such a massive scale that it is sometimes equivalent to killing someone. Let’s stop that.
Phase 1 — Create an authority
First, you certainly create an authority. That could for example be an identity of a successful scientist, or a very innovative company.
With that authority, you do three things.
- Give it a lot of fame
- Give it enough power to influence opinions
- Support it via the media and politics
Phase 2 — Plant the seed
That phase is critical. We will make up some security mechanisms that are sounding extremely nice and fancy and complicated. Then we give our authority, which should have a lot of fame and is challenging to question by now, the task to publish the fake security mechanism.
In the next step, we convince other authorities to repeat the positive media buzz around our fake mechanism and try to shut down most criticism. In short, we do some good old propaganda.
For example, to every scientist who publishes something that questions our problematic security mechanism, we say that they are not scientific or try to rip them of their reputation etc.
If someone slips through our network of authorities, we will just make sure, that the criticism has less public attention than the fake science promoting our security measure.
We will do this for about 20 years. Then we go to our last phase.
Phase 3 — The Exploit
We make up a massive story on why our target has to be using loads of data and why everything should be digitalized.
For example, we could make fun in the media, how stupid it is to use secure technologies like fax. And how all successful countries are using big data etc.
What is the reason for this? We make our target work to involuntarily transfer its knowledge and the identity of their people to us.
When the work is about done, we start preparing another propaganda campaign that advises for secure data laws and how important it is to make sure everyone is safe (we are playing the good guys).
But why this move? It seems to be a move in another direction, but at the same time, we are creating a lot of buzz around technologies that need an infinite amount of data. We always make up stories about how great those technologies are and how much money they make.
Moreover, we publish propaganda of successful countries and people following the scheme.
That creates the need for using the technologies. However, we make sure that we are the only ones who have market access with the technologies by creating commercial as well as open-source products.
Our target by now is probably even unable to question all of this and thinks using our technology is the most natural thing ever and everyone should collect and use tons of data.
And then comes the exploit. As we created the big need and created solutions for the big data utilization and protection (that is not really protecting the data) our target will create a technology to fulfill this need with our spoiled technology.
The phase is critical, and we should send some propaganda soldiers to make sure no one is disturbing our target from voluntarily breaching all its data.
How? Two ways. We make sure the government of the country wants the technology that should be developed using our spoiled technology. Also we place a few agents into the project that make sure everything goes in the right direction.
While everything is developed, we, of course, repress any opinion, experiment, or publication that questions any of our pillars (those are: fake security, concept of data utilization, spoiled data processing algorithms).
And then it happens. Our target is ready to give us the data. The target finished a whole project, that brought all of its hospitals to one table to come up with a solution to use all of their data “securely”.
We then use some ultra-complicated big data algorithm (AI, machine learning, you name it) and request scientific data access to the hospital data.
Our target thinks: “Hey, nothing can go wrong as we are using that super safe technology and that scientist is super famous and that helps our institution to get more reputation……”
…… Aaaaaaaaand it’s gone. Boom. Completely hacked. End of story.
Helpful Resources
Yes, how nice they are, aren’t they?
