Category: CyberSecurity

Social Dilemma Overexposure

The Problem: Our current society is one of overexposure.

Do we need a Hollywood blockbuster about the downside of social media? Several tech rockstars tell everybody about their work and how they look at their work in a retrospective. We don’t need another call to action to review whether WeChat sucks more than Facebook.

I couldn’t agree more with nearly any claim in this movie. But I think the Call to action is wrong, or better still open. “Like Our Movie, Forward It To A Friend, and Sign up for our Newsletter – so the message gets out and the algorithms learn” are precisely the tactics that work but support the machine that has created our dilemma – or precisely overexposure.” Overexposure drives Social Listening – but – as the artist, Banksy says: Invisibility is a superpower. Data Management Platforms can make our life better but still be in line with our moral standards. We can support your ambition in a guided onboarding.

ABOUT THE SOCIAL DILEMMA

The world has long recognized the positive applications of social media, from its role in empowering protesters to speak out against oppression during the Arab Spring uprisings almost a decade ago, to serving an instrumental role in fighting for equity and justice today. And in 2020, during an astonishing global pandemic, social media has become our lifeline to stay in touch with loved ones, as well as proving to be an asset for mobilizing civil rights protests. However, the system that connects us also invisibly controls us. The collective lack of understanding about how these platforms actually operate has led to hidden and often harmful consequences to society—consequences that are becoming more and more evident over time, and consequences that, the subjects in The Social Dilemma suggest, are an existential threat to humanity.

The Social Dilemma is a powerful exploration of the disproportionate impact that a relatively small number of engineers in Silicon Valley have over the way we think, act, and live our lives. The film deftly tackles an underlying cause of our viral conspiracy theories, teenage mental health issues, rampant misinformation and political polarization, and makes these issues visceral, understandable, and urgent. Through a unique combination of documentary investigation and entertaining narrative drama, award-winning filmmakers Jeff Orlowski (Chasing Ice, Chasing Coral) and Larissa Rhodes (Chasing Coral) have once again exposed the invisible in a manner that is both enlightening and harrowing as they disrupt the disrupters by unveiling the hidden machinations behind everyone’s favorite social media and search platforms.

The film features compelling interviews with high-profile tech whistleblowers and innovation leaders including Tristan Harris of the Center for Humane Technology; the co-inventor of the Facebook “Like” button, Justin Rosenstein; Tim Kendall, former President of Pinterest and former Director of Monetization at Facebook; Cathy O’Neil, author of Weapons of Math Destruction; Rashida Richardson, Director of Policy at the AI Now Institute, and many others. Demonstrating how social media affects consumers on a personal level, these fascinating insider insights are seamlessly woven into a captivating narrative, including Vincent Kartheiser (Mad Men), that illuminates the very real consequences these seemingly innocent technologies can have on our everyday lives.

Cellphone Spies – Eric Snowden on the State of Surveillance in 2020

I am a fan of data-driven analytics and have enjoyed working with brilliant minds in massive computing, network infrastructure, and targeting for 20 years. It’s a fundament of private communication and changed the way businesses and even governments interact. In any sense: Data has become vital to our life. No one wants to miss connected mobility or predictive health services in 2020.

But we have a problem, once an evil party misuses this power in lousy interest. Therefore, it’s essential to stay on top of what’s the 2020 State of Surveillance. Edward Snowden is undoubtedly an authority in this space. The interview gives us an overview of the 2020 state of ubiquitous data collection. The conclusion is straightforward: We need a professional and ethical discourse and mustn’t leave the discussion to the nerds.   

Play Video

Are you aware of the current state of surveillance, and what if anything has changed since your revelations? Yeah, I mean the big thing that’s changed. Since 2013 it’s now mobile-first everything. Mobile was still a big deal, right, and the intelligence community was very much grappling to get its hands around it and deal with it. Yet, now people are much less likely to use a laptop than use a desktop than then use, you know, God, any wired phone then they already use a smartphone. Unfortunately, both Apple and Android devices are not especially good at protecting your privacy right now. 

The Wolf – espionage showcase

Do you still believe, that in 2020 attackers still show up at your front door, wearing a mask? And do you still rely on a old fashioned set of IT stacks that does the job just good enough? And do you still believe that old email servers or unpatched vulnerabilities shouldn’t worry you?

You are wrong. With the right search listening framework, hackers can easily find out, what tech stack your organization is using. Some search engines like shodan will tell anyone about unpatched vulnerabilities and give anyone access to your core network. And with some time, it´s pretty easy to enter the core network and from there enter your mail system and manipulate internal communication.  

Hmm, sounds too complicated  to happen? It´s astonishing simple. HP has been leaning on cinematic creative to wow audiences. The movie centres heavily on technology, cyber-warfare and espionage – creating a platform with which to showcase HP products. Click to watch HP Studios and Christian Slater walk you through the story in 7 minutes. Hollywood style  … Fore! 

On Crime

The hunt continues

The second movie from printer and network specialists HP´s Hollywood-style implementation with Christian Slater. 

security dashboard image
Play Video

We have put some more background information and learnings from watchdog journalism to help companies protect their business a little bit better against threats from cybersecurity threats. 

C84 client stories can help you understand the obvious and protect yourself against threats. If you like to dig a little bit deeper, check out Device based Networks Analytics or directly connect with Axel Hoehnke.

Information warfare and Data Leaks

Table of Contents

What is information Warfare?

The process of Information Warfare comes in four simple steps. The procedure is neither complicated nor very expensive. While Steps 1 to 3 are standard processes in digital advertising, the intention and execution are against any code of conduct. Step 4 means that bot armies pump deceptive content into online information systems on a large scale. The dark art of machine learning is perfecting search listening and enables bots to feed material to people most likely to share faked media.  

Step 1: 👉 Gather Metadata.

Step 2: 👉 Build Profiles and Triggers.

Step 3: 👉 Create Campaigns.

Step 4: 👉 Run Campaigns

The information Warfare Attack Chain

the-information-warfare-attack-chain

What did Cambridge Analytica do?

Cambridge Analytica worked with the winning Brexit campaign, harvested millions of social media profiles and data leaks, and used them to build a powerful software program to predict and influence choices at the ballot box. They use the same methodology as we would to predict buying intent for a consumer product.

Cambridge Analytica used scraping techniques to collect and compute profiles from social networks. Scraping networks stand for automatically collecting data from publicly available social profiles and is an established practice. Cambridge Analytica worked with Donald Trump’s election team and the winning Brexit campaign harvested millions of social media profiles of US voters and used them to build a powerful software program to predict and influence choices at the ballot box.

Information Warfare by Cambridge Analytica used scraping and scoring to collect and compute profiles from social networks. Scraping networks stand for automatically collecting data from publicly available social profiles and is an established practice. Cambridge Analytica worked with Donald Trump’s election team. The winning Brexit campaign harvested millions of social media profiles of US voters. It used them to build a powerful software program to predict and influence choices at the ballot box. Cambridge Analytica’s marketing combined Behavioral Science, Big Data analysis, and personalized advertising.

Cambridge Analytica’s marketing is based on a combination of three elements: behavioral science, Big Data analysis, and ad targeting. Ad targeting, defined as personalized advertising, aligned as accurately as possible to the personality of an individual consumer

Cambridge Analytica CEO Alexander Nix

Other data leaks

According to the Kaspersky Report – “Can you keep a secret? A plethora of secrets, unprotected” we are facing a problem.  While 81% of the respondents believe that everyone has a secret they don’t want to reveal to others. And  75% think that in today’s connected world, keeping secrets private is more important than ever.  But, only 31% of respondents have strengthened their passwords. Only 37% have up-to-date security protection on all their devices

LinkedIn data leak

LinkedIn allows users to create profiles and then establish connections with other users. Users create a profile on the site; they can choose from various levels of privacy protection. They can keep their faces entirely private or make them viewable by their direct connections to a broader network of relationships with all other LinkedIn members or the entire public. When users choose the last option, their profiles are viewable by anyone online. LinkedIn also allows access to public profiles via search engines such as Google. Competitive Monitoring systematically reads data from LinkedIn.

Data analyst hiQ tells employers which of their employees are at the most significant being recruited away. The company sells information that hiQ generates through LinkedIn users” publicly available profiles.  HiQ could also make data from users available even after those users have removed it from their profiles or deleted their profiles altogether.

LinkedIn allows users to create profiles and then establish connections with other users. Users create a profile on the site; they can choose from various levels of privacy protection. They can keep their faces entirely private or make them viewable by their direct connections to a broader network of relationships with all other LinkedIn members or the entire public. When users choose the last option, their profiles are viewable by anyone online. LinkedIn also allows access to public profiles via vertical search engines. Competitive Monitoring listens to LinkedIn

  • LinkedIn points to the interest that some users may have in preventing employers or other parties from tracking changes they have made to their profiles. LinkedIn posts that when a user updates his countenance, that action may signal to his employer that he is looking for a new position.
  • LinkedIn states that over 50 million LinkedIn members have used a “Do Not Broadcast” feature that prevents the site from notifying other users when a member makes profile changes. This feature is available even when a profile is public.
  • LinkedIn also points to specific user complaints it has received objecting to the use of data by third parties. In particular, two users complained that they had previously featured on their profile but subsequently removed, remained viewable via third parties.
  • LinkedIn argues that both it and its users, therefore, face substantial harm absent an injunction; if hiQ can continue its data collection.

Yahoo data leak

Yahoo! affirmed in October 2017 that all 3 billion of its user accounts were impacted, considered the largest discovered data breach in the history of the Internet. McMillan, Robert; Knutson, Ryan (October 3, 2017). “Yahoo Triples Estimate of Breached Accounts to 3 Billion”. The Wall Street Journal. Retrieved October 3, 2017. Marissa Mayer, the person in charge, showed little awareness of security policies.

2012 Data Security Intrusions (Wall Street Journal) 

January through April 2012, malicious actors accessed Yahoo’s internal systems.

2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide. The documents taken included the names, email addresses, telephone numbers, birth dates, passwords, and Yahoo account holders’ security questions and answers. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, private information in users’ emails, calendars, and contacts.

2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide.

2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors could use cookies instead of a password to gain access to approximately 32 million Yahoo email accounts.

The Court granted final approval to the Yahoo! class action settlement and entered its judgment on July 22, 2020. In the order approving the settlement, the Court also awarded attorneys’ fees, costs, and expenses and service awards to the class representatives who brought the suit on behalf of the class.

What you should do

Do not share your personal information with strangers over the phone, email, or even text messages. These types of requests could very well be scams. A breached company should send you a data breach notification. However, if unusual notices via email or in the mail arrive under a different name, that can be a sign that you are a victim of identity theft.

  • Unique account, unique password: Creating strong and unique passwords for every account is the best first step to protecting yourself against a breach. Use a password generator to create passwords for you. Unique passwords ensure that a violation at one website doesn’t result in a stolen account at another.
  • Protect your email: If a hacker has access to your email account, they can use password resets at most sites to get into other accounts. Consider creating an alternate email address for online signups. And be sure to turn on multi-factor authentication for your email account.
  • Give fake answers to security questions: You know those silly security questions companies ask you so you can “prove” who you are? Don’t give real answers. Use the password generator to create random replies that you can then store in LastPass or similar tools.

Privacy

The use of these Internet pages is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, personal data processing could become necessary …