The Future of Fake News

We have seen the future of fake news and it's Artificial Intelligence. MIT Technology Review did a series on AI and disinformation and here's a quote from their newsletter:

The big change: AI now makes it possible for anyone with a decent computer and a few hours to spare to do what only used to be possible at a big-budget movie studio: create believable, but totally fake video footage. Further machine-learning advances will make even more complex deception possible--and make fakery harder to spot.
Deep fakes and politics: Convincing AI enabled face swaps—called deepfakes—that threaten to further blur the line between truth and fiction in politics. “Deepfakes have the potential to derail political discourse,” says Charles Seife, a professor at NYU. “Technology is altering our perception of reality at an alarming rate.”
Easy to fake: Tools for creating these false videos are becoming increasing easy to use. Our own Will Knight easily stitched Ted Cruz's face onto Paul Rudd. As he writes, perhaps the greatest risk is that the technology will further undermine truth and objectivity. It’s not that the truth won’t still be out there—it’s that we might not know it when we see it. 
            
Here are a couple of videos that illustrate the issues.



The first one allows any klutz to superimpose cool dance moves onto his or her frame. That's fun! And the authors explain how they did it.


This presents an unsettling view of the future. Is there anything that can be done? Or more specifically, can technology rescue us from the danger it has created?

There is a possibility that technology can come to the rescue. Wired describes a Darpa program called MediFor—Media Forensics. Remember, the Defense Advanced Research Programs Agency (DARPA) gave us the initial structure of the internet. The program is a national security effort, so that suggests it is well funded. 

The DARPA effort includes many complex technologies like facial recognition, but the Wired article is easily comprehensible to the layperson. I urge you to read it in its entirety--it has good news as well as bad.

That's a fitting note on which to end my #CyberAware posts. But I'll be following up on many of these topics in the very near future.

I hope you've enjoyed this month of posts and

Stay Safe!

Related Content:
Deep fake of Mark Zuckerberg 

Tools For Identifying Fake News

It's important to remember that the internet/social media did not invent fake news. It's been around forever. However, it is equally true that the internet distributes fake news at an incredible speed and social media is the main, but not the only, culprit. Hence, yesterday's post about how to identify fake news in social media.

If you found that a bit disappointing--the advice is not terribly different from that for identifying fake news in any context--you are exactly right. It's reasonable to ask whether there are any tools that could be helpful.

Before a brief listing of tools, a word about fake news itself. Most of us have read ad nauseum about foreign interference. A lot of it is alarmist and lacking in factual data. I've found two thoughtful reports if you want to review them to be sure what you're looking for. A recent report that is detailed and factual comes from Ars Technica. I took the graphic from there; it was the least repugnant one in that set; you are welcome to look further. The other is a brief post from Axios about uses of social media by various governments.

Now on to tools The best known is one called Botcheck.me. Just a visit there is interesting because it shows the trending hashtags and most active Twitter accounts for the past 24 hours. It's easy to put your Twitter account name in and find out if you have suspicious patterns suggesting the presence of fake news sites. Mine didn't show any, which is not surprising, because I follow mostly business news sites. There are a few more but most, like Botcheck.me which only works on Twitter, are somewhat specialized.

Facebook also has a tool that let you see whether you've followed or liked any suspicious pages. 

The most used tools are probably the fact-checking sites.These have been around for awhile. I've used them all and find them to be reliable:

• FactCheck.org
• Snopes
• Politifact
• Fact Check by the Washington Post

They all have interesting posts about the stories they research. It's worth following one or two of them just to keep up with what's out there.

Tomorrow is the last #CyberAware day. The month has flown by!

Stay Safe!
Updated 10/25, 11:45 am

How to Identify Fake News in Social Media

Identifying fake news on social media platforms is difficult for the individual user, primarily because it comes from trusted friends. It is also particularly dangerous for the same reason; the trusted source makes it more likely to be believable.

Analytics site Statista has an interesting page that highlights numerous pieces of data about fake news. The data in this first chart should surprise no one. As a single site Facebook is still king of the hill when it comes to fake news, although Twitter is not that far behind.

If you too feel surrounded by fake news, the second chart will be interesting. It shows the U.S. to be considerably behind three other countries in terms of exposure to fake news. There may be reasons why various countries have different levels of exposure to fake news, but they are not evident upon simple inspection.





NBC news explains a bit how bots work to distribute fake news and gives some tips for recognizing a fake news post when you see it. The advice may seem a bit familiar, but it is good. Remember that the source of fake news is something fake. Their recommendations have some good commentary:

• "Question the source. If a story comes from a newspaper, is it from a reputable site? The Denver Guardian, cited often in 2016, never existed and listed an empty car park as its address.
• Look for confirmation. If you don’t see a story across mainstream media, there’s probably a good reason why. “Mainstream media is motivated by getting an audience.” Huxley* says.
• Check the facts with third-party sites like Snopes and Politifact. Admittedly, though, fact checking has its limits. By the time a claim is researched and proven false, it may have already reached millions of accounts.
• Call out fake news you see in your network — but do it privately. “What polarizes people further is calling them out publicly. Then people get defensive because it makes them look stupid or gullible for posting it in the first place.” Huxley says." 

*Sam Huxley. practice chair of risk and business strategy, for the communications firm LEVICK.

 
Those are good suggestions, and we should all be following them. The article has another good idea, though, "Burst your own bubble." We all live in self-created bubbles these days. In following content we enjoy we have surrounded ourselves with content we agree with. Subscribe to some feeds that provide alternative points of view. Your own perspectives will be stronger after some reflection.

There are other sites and a few tools that can help in this challenging endeavor. I'll discuss some of those tomorrow.

Stay safe!

How Can You Tell It's Fake News?

Fake news is not new. Apparently the Ancient Greeks were masters of it. However, the Ancient Greeks didn't have the internet. We all know that fake news flourishes there. Problem is, how do we spot it.

Here's an infographic from the IFLA with 8 good tips. And the infographic itself provides several good lessons.

https://www.ifla.org/publications/node/11174

Lesson 1. It's from the International Federation of Library Institutions and Associations. That's a mouthful, so the acronym is much appreciated. But it's easy to look up (search for) with almost 3 million results. The first ten, at least, look entirely reputable.

Lesson 2. The infographic has the name of the organization as part of the graphic. That's not a solid clue because some fake news organizations like to promote their names and make it easy to find their content also. However, checking on the origin of the publication is important if you have any doubt at all, and making it easy is good.

Lesson 3. I've put the URL for the link in the caption anyway. It's a .org, not some kind of flaky URL. That's super important. That's the key issue, but the name of the organization in the link is also correct and straightforward. No deception here.

Lesson 4.  The website itself is solid, not a thrown-together mishmash. It has a really interesting set of pages on their vision for the future of libraries. More relevant to the current issue, the article has a link to FactCheck.org, which is a well-known fact-checking group.

Lesson 5.  Finally, I'll give the advice I've been giving my students for years. Use the golden rule of journalism. Two sources are necessary. Three is the gold standard. If three reputable publishers agree on the facts, there's a good chance they are true.

If there are opposing arguments, keep on reading. That's one thing we do too little of these days--listening to arguments from opposing sides. 

Hint: it gets more difficult from here on in. Tomorrow I'm going to tackle how to identify fake news on social media feeds.

Stay Safe!

Related Updates
Good example of fake news targeting the Red Cross
How fake news happens 

Last Week of NCSAM - Protect Our Infrastructure

Week 4 of #CyberAware week has an important theme -- protecting the nation's critical cyber infrastructure. I'm devoting the week's first post to that subject, but then I'm going to move on to a subject more appropriate to the target audience of this blog.

Recognizing fake news is a topic on which I've been collecting information since I started this blog. The subject just continues to get more complex. I'll never wrap my arms around it in a single post, so I've decided to do a week's worth of smaller, more focused posts on the topic. Perhaps after that some sort of a summary of the current situation will emerge.

The subject of our nation's critical infrastructure should be of importance to every one of us and all of us should be pressuring governments at all levels to strengthen and protect cyber infrastructure. Today I'm going to just deal with two aspects, business cybersecurity and our voting network.

Like other issues of strategic importance the security of the business's communications infrastructure should be a concern of the CEO and all other executives. Vigilance must start at the top. One CEO magazine says, “It all starts with acknowledging the problem is real – and that the threat is increasing.” CEOs must:

1. Improve Visibility: You can’t protect what you can’t see.
2. Incorporate Modern Cyber Defenses: AI and machine learning take center stage. See an earlier post on one AI approach.
3. Ensure Preparedness by treating cybersecurity as a strategic priority in terms of both organization and resources.

The infrastructure issue of overriding importance to all of us is the security of our voting infrastructure. Some towns, cities and states have worked hard on it. Others are using questionable tech or insufficient backup. We are more aware but probably little better protected than we were in 2016. The Electronic Frontier Foundation has an objective perspective on the subject. The National Academies have prepared a report that looks ahead to 2020. Among its recommendations:

All U.S. Elections Should Use Paper Ballots by 2020 Presidential Election; 

Internet Voting Should Not Be Used at This Time 

This page has links to several presentations of the findings including an interesting infographic. 

 

Stay Safe!

Sunday Advice: What's a Suspicious Email?

A suspicious email is any message designed to get the recipient to provide personal data. Phishing is the most common method. Here is a definition of phishing from StaySafeOnline:

A phishing attack is a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague.

Their advice on how to spot phishing emails is:

1. The email asks you to confirm personal information
2. The web and email addresses do not look genuine
3. It’s poorly written
4. There’s a suspicious attachment
5. The message is designed to make you panic.

It often takes a technical specialist to conclusively determine whether an email is a phishing attack or just something stupid. The layperson should not worry about being sure it is phishing. Just being suspicious is enough to take the appropriate action

When in doubt, throw it out! 

Don't want to run the risk of alienating a friend or colleague? Compose a new message using your own contact information. Briefly explain that the email looked funny and you discarded it to be on the safe side. If it was important, they can reply to your email. 

Watch for suspicious emails

and

Stay Safe!

Jobs Are Plentiful in Cybersecurity

Cybersecurity is one of the booming employment fields and there's no reason to believe that won't continue, perhaps get even better. Download the entire infographic from StaySafeOnline to get all the detail. 

I've already given some important advice on this topic:

1. Test your interest in and aptitude for the cybersecurity profession by taking a MOOC.
2. Consider one of the many certification programs available in cybersecurity. I suggest you think seriously before enrolling in a for-profit certification program. I'm sure some of them are good, but there are too many instances of for-profits not living up to their promises. Here is a link with 30 of the best programs. Notice two things:
1. It mixes degree and certificate programs. Be clear about what you're looking for.
2. It doesn't take long for the for-profits to begin to show up in listings. Do your research! Make sure you're going to get what you pay for!

Far be it from a retired college professor to recommend against a college degree, though! If you are currently a student, think about a major in some aspect of cybersecurity. If you are changing jobs, think about a certification to get you in the door. Then you can profit from the advice I used to give all my students--now see if your employer will pay for your next certification or degree!

Stay Safe!

Related Updates
Teaching cybersecurity in the college classroom 
Shortage of cybersecurity personnel 2019
 

Importance of Employee CyberSecurity Training

The Society for Human Resources Management is on the cybersecurity bandwagon also. It has recommendations for business training of employees. One through 3 apply to all businesses, regardless of size.

1. Show everyone how to spot scams, especially phishing in all its variants. Top execs, including the CEO are important in this effort, because they are privy to sensitive business information.
2. Train employees consistently.
3. Use multi-factor authentication wherever possible. 

Only firms with resources and expertise should consider

      4. Penetration testing. This is hiring skilled hackers to try to penetrate the business system. It's a    demanding process and a lot can go wrong. SMBs may be better off hiring a security firm to work with them on identified risks.

Consider the importance of employee training: "Every time a company trains, its risk of falling prey to a successful phishing attack decreases by 20 percent, according to Sharon Nelson, attorney and president of cybersecurity firm Sensei Enterprises Inc. in Fairfax, Va."

TechRepublic says, "People are the largest security vulnerability in any organization." Keeping them engaged in cybersecurity protection, however, is no small task. The post offers suggestions for keeping the subject vibrant. 

Stay Safe!

Free Cybersecurity Tools

I found this set of mobile security guidelines on twitter. They are excellent for businesses as well as for individuals.

It led me to the site of KnowBe4, a cybersecurity firm. There I found a set of free tools that can be used to assess specific cyber risks.

https://www.knowbe4.com/

Some risks can be mitigated by cybersecurity training--phishing  (and smishing and vishing!) is high up on that list--awareness of the danger is key. Some may require paid services. The point is to determine where your business is vulnerable before making investments in cybersecurity.

A hint to the wise: if I found these free tools on one try; there are undoubtedly more out there. Don't hesitate to broaden the search and become well-versed in the nature of cyber risks and how your firm can deal with them.

Stay Safe!