Tech Friday with Dave Hatter - June 5th 2020 - SPONSORED BY INTRUST IT


  • The COVID-19 pandemic is turning some offices into a surveillance state:
    • A suicide problem in Japan caused some companies to install Enlighted sensors at work to monitor employees
    • These sensors are typically installed in light fixtures to detect the presence and motion of employees through the chips in their security badges
    • Managers can be sent alerts if people work too many hours or spend too much time alone
    • As a result of the coronavirus pandemic, some employers are looking to use similar technology to help ensure employees are safe
    • Enlighted, a subsidiary of Siemens, is marketing their software as a kind of contract tracing tool
    • It can monitor where employees have been, who they were in contact with, and where they may have spread the virus
    • A selling pitch is that money can be saved by knowing exactly where deep cleaning is required and the system can be used to institute social distancing
    • The system is currently installed in some of the largest Fortune 500 companies
    • Landing AI has created a tool that alerts when anyone is less than the desired distance from a colleague
    • Reuters recently reported Amazon is using similar software to keep tabs on whether warehouse employees are maintaining their distance
    • Some companies are using thermal cameras to take employees’ temperature when they enter a building, it a fever is detected, an alert can be issued and a person sent home. But these cameras can have an error margin of three degrees
    • "In some places, it’s not about controlling anything, like temperature or humidity, but on giving data so the company can come up with the best plan around cleaning and where and how to deploy resources: - Serene al-Momen, CEO of Senseware
    • While all of this technology may allow people to get back to work they are under constant surveillance
    • "This is a perfect storm of opportunistic vendors trying to profit off employers' fears; and employers' terrified of loss of further income, seeking solace in tech solutions" - Gus Hosein, executive director of Privacy International
    • "The truth of this environment is that you could be forced to lose income because of erroneous tech and data" - Gus Hosein
  • The societal dangers of Deepfakes:
    • Advances in computer power and machine learning have lead to technology that is making it hard to believe your own eyes and ears
    • State Farm recently ran a commercial that appeared to show footage of an ESPN analyst in 1998 making very accurate predictions about this year
    • The ad is not real, it is a harmless illustration of deepfake technology
    • The technology enables anyone with a computer and an Internet connection to fabricate photos and videos that are extremelky realistic
    • A combination of the phrases “deep learning” and “fake”, they began showing up in 2017
    • Per Deeptrace, deepfake content is growing rapidly. At the beginning of 2019 there were nearly 8,000 deepfake and by September, the number jumped to nearly 15,000
    • Websites dedicated specifically to deepfake pornography have emerged. Deepfake pornography is nearly always non-consensual, these explicit videos often feature famous celebrities or personal contacts
    • Pinscreen is a Los Angeles start-up that has created the technology
    • They believe these renderings will become so realistic that it will be virtually impossible to determine what is real
    • Thao Li, a leading researcher on computer-generated video at USC, founded Pinscreen in 2015. "With further deep-learning advancements, especially on mobile devices, we'll be able to produce completely photoreal avatars in real time"
    • FakeApp is one of several AI-powered synthesizing tools that doesn't require specialized hardware or skilled experts to create convincing fake videos
    • Software such as FakeApp can be used for fraud, forgery, and propaganda. FakeApp has been downloaded more than 100,000 times and been used to create many fake pornographic videos featuring celebrities and politicians
    • FakeApp is relatively easy to use, a user "trains" it with hundreds of photos of source and target faces. It relies on deep-learning algorithms to find patterns and similarities between the two faces
      • While the process isn't trival, you don't have to be a graphics or machine-learning expert to use FakeApp and it will run on relatively low-end systems
      • Nvidia has published a video showing AI algorithms generating photo-quality synthetic human faces. It may soon be capable of creating realistic-looking videos of non-existent "people"
    • "Ten years ago, if you wanted to fake something, you could, but you had to go to a VFX studio or people who could do computer graphics and possibly spend millions of dollars," says Dr. Tom Haines, lecturer in machine learning at University of Bath. "However, you couldn't keep it a secret, because you'd have to involve many people in the process."
    • University of Washington researchers recently demonstrated a similar technique to move President Obama's mouth to match a fake script
    • There are many possible applications for this technology and many of them are malicious. Imagine the capability to use fake videos for blackmail, revenge or propaganda
    • This technology could have a devastating impact on the use of audio and video evidence in court cases. "This goes far beyond 'fake news' because you are dealing with a medium, video, that we traditionally put a tremendous amount of weight on and trust in," said David Ryan Polgar, a writer and self-described tech ethicist
    • Hany Farid, a digital forensics expert at Dartmouth College, said watching for blood flow in the face can sometimes determine whether footage is real. He also said slight imperfections at the pixel level may reveal fakes
    • TheFakening, a YouTube channel dedicated to deepfakes, has a video of Elon Musk's face embedded into a viral video called "Cutest Baby Montage Ever"
    • There are many Musk deepfakes, but this one has Musk's adult face on a baby that eventually speaks with his adult voice. It's weird!
    • Imagine deepfake footage of a politician engaging in bribery or sexual assault right before an election; or of U.S. soldiers committing atrocities against civilians overseas; or of President Trump declaring the launch of nuclear weapons against North Korea. In a world where even some uncertainty exists as to whether such clips are authentic, the consequences could be catastrophic.
    • Such video could be created by anyone including state-sponsored actors, political groups, lone individuals using today's technology
    • The Brookings Institution recently reported on the on the dangers posed by deepfakes: “distorting democratic discourse; manipulating elections; eroding trust in institutions; weakening journalism; exacerbating social divisions; undermining public safety; and inflicting hard-to-repair damage on the reputation of prominent individuals, including elected officials and candidates for office.”
    • Last month, a political group in Belgium released a deepfake video of the Belgian prime minister giving a speech that linked the COVID-19 outbreak to environmental damage and called for drastic action on climate change. At least some viewers believed the speech was real.
    • deepfakes will make it increasingly difficult to determine what is real, a situation that political actors will likely exploit
    • Sadly, this works both ways: “People are already using the fact that deepfakes exist to discredit genuine video evidence,” said USC professor Hao Li. “Even though there’s footage of you doing or saying something, you can say it was a deepfake and it's very hard to prove otherwise.”
    • Watch it here and despair for our future:https://www.youtube.com/watch?time_continue=59&v=WHwQeetjLwk
  • Criminals are spoofing websites to fool you into handing over personal data:
    • "Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security." - Techopedia
    • There are many different ways that a spoofed website could be used to defraud you, and to mimicking government agencies and companies.
    • These spoofed websites are often coupled with Phishing, smishing and vishing to drive victims to them
    • Researchers at cybersecurity company Proofpoint have identified over 300 phishing campaigns designed to steal personal information and many are using sites that are indistinguishable from the real thing
    • One example is online job boards are being used to funnel job seekers to spoofed company websites offering "lucrative" jobs that are the basis for a scam
    • The FBI's Internet Crime Complaint Center (IC3) recently said "Since early 2019, victims have reported numerous examples of this scam to the FBI. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores"
    • Once an applicant "applies", they are contacted by the criminals posing as employees and offered jobs "usually in a work-at-home capacity."
    • The criminals typically ask for the same information as legitimate hiring companies
    • The FBI said "In order to appear legitimate, the criminals send victims an employment contract to physically sign, and also request a copy of the victims’ driver’s licenses, Social Security numbers, direct deposit information, and credit card information"
    • Victims may also be told that they are required to pay for background checks, training, supplies, etc., and they are told that any fees will be returned in their first check, which never comes
    • Hiring scams are not new, but spoofed websites used to capture victims' PII and steal their money is a new level of evil and complexity
    • Never provide PII or financial information to a potential employer unless you have verified they are legitimate
    • Never provide credit card information, bank information or wire transfer information to someone you have only met online
    • If you become a victim of this scam or any cybercrime, report it to the IC3 at:http://www.ic3.gov
    • You should also report it to the job site hosting the fake job listings and the real company that is being impersonated to help prevent this from happening to others
    • Additionally, you should contact your financial institutions to stop or reverse any charges as soon as possible
    • It has recently been reported that scammers are using caller ID spoofing to impersonate their victims and socially engineer the victims’ bank to get information about recent transactions
    • Experts say these scams are fueled by the sale of credit card records stolen from hacked online merchants
    • This data, known as “CVVs” and is sold for about $15 to $20 per record. It may contain information including name, address, phone number, email and full credit or debit card number, expiration date, and card verification value (CVV)
    • Fraud prevention company Next Caller recently reported that they have seen "massive increases in call volumes and high-risk calls across Fortune 500 companies as a result of COVID-19."
    • The only concrete way to protect yourself from these scams is to avoid answering calls from unknown numbers and NEVER trust an unsolicited call, email or text
    • “Both this and last week’s story illustrate why the only sane response to a call purporting to be from your bank is to hang up, look up your bank’s customer service number from their Web site or from the back of your card, and call them back yourself” - Brian Krebs
    • The FCC has a good video about Caller ID spoofing here:https://www.youtube.com/watch?time_continue=5&v=PS3llQfRLD8&feature=emb_logo
    • Read the FBI warning here:https://www.ic3.gov/media/2020/200121.asp