Quantum Jacking: Social & Big Data = security risks

Like the proverbial carrot - every organisation has a publicly visible, shareholder/customer relationship appearance that is carefully managed above ground. In this article I will demonstrate how Quantum computing can expose the hidden structure to both your competition and offer easy security targets, what sort of timescales are likely and what you can do to defend.I'm going to use Microsoft and this article as an example as Google's interactions with D-Wave are very public.

Since writing this in 2015, Microsoft has a quantum social analysis AI project in Feb 2017: https://www.microsoft.com/en-us/research/publication/distilling-outcomes-personal-experiences-propensity-scored-analysis-social-media/

What is Quantum computing?

Simple description - quantum computing delivers magnitudes in computing power. The complexity in bringing quantum computing to market is bridging the gap between today's computing languages and the hardware that works in a vastly different way.

What if you had a Quantum cloud service that took your existing developer code and data and performed all the magic automatically behind the scenes. 

For the more detail - Quantum computing needs to look at the problem, select the best form of quantum device hardware that then governs some of the particular effects (such as entanglement) that are available to create a processing solution to the problem. From a processing perspective think more like trees and probabilities initially and as techniques improve we're likely to see jumps with machine learning. The technology requires cooling to very low temperatures, near absolute zero to facilitate quantum effects used in processing. We'll come onto the data aspects in a minute.

Quantum Jacking

So lets look at Microsoft and do what I'm going to call Quantum Jacking (QJacking) in a very simple manual example. "Jacking" being slang for stealing, taking control and accessing a hidden web of information. Perhaps we'll uncover something interesting - don't worry this isn't going to result in a Snowdon-esque problem, the info for this is freely available and illustrates my point.

Quantum Jacking in this example is basically business intelligence to extrapolate something about Microsoft future strategy, the same can be applicable for organisation security. Couple Quantum computing with big data and you can form massive leaps in processing business and security intelligence - just using freely available Linkedin, Facebook, company financial public records, even TripIt (publishes travel info so people can meet up).

Let's QJack Linkedin - this is a network of connections, information about people and their roles and who they're interacting with. Sales people have used linkedin for years as a business intelligence tool - when someone connects to their customer, you start seeing what they're doing with that customer, what the company's capabilities may be - add to that it provides targets within the organisation that your competitor can use to introduce themselves with context.

QJacking the employee network, the links to suppliers and customers allows you to start creating an initially vague intel cloud. Quantum computing LOVES vague and can process masses of data that may not be completely linked to build up more concrete picture of relationships, stability of finances including those of suppliers. It also offers a very good hacker intel - infact you could even propose a "what is the easiest place to hack and what method" into quantum computation and get a lovely access plan into your target (that's omni-channel plan over architectural, business process, employee etc).

QJacking Microsoft's connections, it's possible to see their employees related to their Quantum Computation initiative. Bringing in google results (that's more free big data data) means you can see the focus on developing automatic technology to bridge the gap between programming languages and the quantum world - sound familiar?QJacking the PR in Microsoft's commitment to scalability in the cloud - this could mean Microsoft's next step is to provide Quantum Computing in Azure. Allowing Microsoft Developers to quickly deploy their existing code into a Quantum Computing cloud - facilitating far more costly data analysis and using the mass of data available. So now I know - but it doesn't stop their unfortunately, as the same knowledge has a dark side: what tactic do I need to do deliver the greatest damage? Target for recruitment?

So business intelligence software vendors will readily take up the challenge to deliver a QJacking system based on available Quantum Cloud.

Typically big data about customer experiences etc is limited by the cost of obtaining or accessing that data. However where data is freely available - this is no longer the case (although helps refine). In this very basic example the single threaded example of mining publicly available data using free big data.

Imagine performing that on the whole of your organisations freely available data - from the organisation itself, from it's employees, from it's suppliers and customers. No longer is your carrot showing it's lovely green tops to potential customers - it's instantaneously showing your organisations' underground structure providing intel on your business competitive and security to everyone else in a holistic sense to derive insight into your organisation.

Sacred of Quantum Jacking yet?

Quantum computing timescales

This is the difficult bit - one would assume given the announcements from Microsoft in prioritising on cloud based scalability that they, Google and others are pushing hard in this but there is time - mainstream available 15-20 years with leaps in cloud computation bringing mainstream risk far earlier. Specialised implementations causing risk occurring earlier.

Technical paragraph warning --- Currently systems are poor scaling, with considerable attention (finally) towards GPU based parallel processing. My experience with compute focus "General Purpose GPU" (GPGPU) started as an external ATI registered developer in 2005/6 time frame where I looked at what would be needed to integrate GPGPU into the GNU GCC compiler chain - a rewrite was the response following in-depth analysis (GPU Gather/Scatter kernel integration coordination need fundamental data dependancy resolved that small scale parallel SSE-style operations don't).Current compilers and developer technologies internally are developing as LLVM is slowly moving like a snail into the parallel age. Data bases and statistical languages such as R are far more adept as a syntactic problem description than a compiler that operates on focusing on function-by-function compilation including data dependancy analysis. When I say immature I mean that looping and applying processing based on a set based 'blocks' isn't really conducive to big data processing.

So, non-technically, with wide spread computer languages immature - I see additions of specialist toolkit libraries providing an API into the quantum cloud world, and parallel programmer skills in demand (already with statisticians and "data scientists"). First step will be simple GPU parallel processing - the driving force behind Google's "TensorFlow" technology that drives their search, translation and other algorithms. 

Early days, however within 10-15 years the quantum cloud can then slot into existing cloud processing, delivering a leap in processing that will provide commercially viable quantum computing. 

Specialist organisations and vendors currently offer initial forms at high cost as bespoke systems, akin to the mainframes of yesteryear - so the potential is becoming available now.

Data - the availability, the cost of access is one slowing factor for all big data, however data never truly disappears and becomes cheaper over time. Storing that data and then transporting that data to the processing is one of the fundamental speed humps in Quantum and GPU based processing. However that technology is accelerating just as fast as demand for more data capacities increases in step with processing.

Defending against Quantum Jacking

Freaked out yet? So how can you protect against or limit Quantum Jacking. Here's some ideas - keep in mind that Quantum Jacking is not new, it's simple intel but multiplied to the point where the sum is greater than it's parts.

Security strategy

Your existing Security strategy covers your exposure due to freely available information right?

Some companies may think that adding clauses in employee, supplier and customer contracts may minimise exposure, the attempts for corporates to "own" employer social media has  understandably resulted in a severe backlash and potentially high value millennial hires are highly likely to refuse offers because they know the value of holding their own social media.

So perhaps the best strategy is education - all your employees and suppliers should understand how social media can be used to QJack - teaching your agile development engineers or sales to explain to customers they will add them to their linkedin but following implementation or contract signature. Virtually all tech savvy organisations have a basic form of security training, teaching the next level will help.

Being completely open is another option - have no restrictions. Toyota famously used their speed in delivering to beat competitors even their strategy was clear. Maybe your organisation has attributes that can offset competitors knowledge. 

Inverse QJack

Using the hackers tools against your own organisation isn't new, so think about this as penetration testing for the Quantum age. Get someone to perform both competitive and security QJacking against your organisation to assess exposure - allowing your organisation to address the issues before they become business continuity issues.

Regulation

I would love to make the naive statement that having regulation about the use of personal data, company social data etc would solve a problem however there is no global law that is water tight. Law abiding states and organisations are one thing but not everyone plays by the fair rules as industrial espionage has shown.

Internal Tools

Existing tools and services are paramount, however you should ask how your supplier is realistically prepared in helping resolve this issue. Solving internal structure security doesn't make a difference if the data shape, change and movements outside of the organisation give heavy insights under statistical analysis.

Conclusion

Hopefully I have shown how advances in Big Data computing power and the ever growing freely available leak of information from organisations represents a  severe risk for competitive business and organisational security.

Although a distance away, the same techniques and discussion about solutions should be employed now - combatting existing business and hacking but also providing a safe path in a Quantum world.

With the security market being estimated at $170bn in 2020, I feel that this may be an underestimate when quantum computing becomes available, at each step of processing (GPU, then Quantum) feeding the rise should be progressive but steeper as people realise security is not just about infrastructure and look for products and services to address holistically.

#quantumcomputing #quantumjacking #bigdata #social #businessintelligence

Author

Geek. Open mind. Believer in We - and likes using those three to solve problems.

I'm looking for new opportunities; I see the future is bright for big data, security and IoT markets within the commercial sector with considerable inter-relationships between. If you're interested - please have a look at my profile. 

Matrix Revolutions image taken taken from the web as a depiction on how future big data processing techniques see more to the world. Unfortunately I've not managed to find a preverbial Matrix Carrot.