SPONSOR: Datametrex AI Limited (TSX-V: DM) A revenue generating small cap A.I. company that NATO and Canadian Defence are using to fight fake news & social media threats. The company announced three $1M contacts in Q3-2019. Click here for more info.

Deep Dive: Fake Profiles Threaten Social Media Networks

• Fake profiles run rampant on sites such as Facebook, Twitter and YouTube, accounting for up to 25 percent of all new accounts, according to some estimates
• The damage these fake profiles inflict is incalculable, resulting in billions of dollars lost or even altering the course of world politics.

By PYMNTS

Social media has become an integral part of everyday life, with a recent study finding that there were approximately 2.77 billion social media users around the world as of 2019. This number is projected to grow to more than 3 billion by the end of 2021 — almost half of the global population.

A good portion of these users is not real, however. Fake profiles run rampant on sites such as Facebook, Twitter and YouTube, accounting for up to 25 percent of all new accounts, according to some estimates. The damage these fake profiles inflict is incalculable, resulting in billions of dollars lost or even altering the course of world politics. Social media networks will need to step up their digital authentication games if they want to bring these fraudsters to heel.

How Fake Profiles Damage Social Media

Illegitimate social media profiles are strongly correlated with cybercrime, with researchers finding that bot-run fake profiles account for 75 percent of social media cyberattacks. Some of these crimes involve stealing personal information, like passwords and payment data, while others spread social propaganda or disseminate spam.

Social media networks are often negligent when removing fake profiles, too. Researchers at the NATO Strategic Communications Centre of Excellence conducted a study last year that tested the efficacy of Facebook’s, Google’s and Twitter’s fake profile detection protocols. The research team purchased 3,500 comments, 25,000 likes, 20,000 video views and 5,100 fake followers and found that 80 percent of their fake engagements were still online after one month. Approximately 95 percent of the remaining profiles were still online three weeks after the NATO team announced its findings to the public.

One might think that such an effort would cost a significant amount of time and money, but the study was relatively inexpensive. The researchers only spent €300 ($330) to purchase the comments, likes and followers — a Facebook ad of equivalent value would likely receive just 1,500 clicks. This makes fake profiles much more appealing to unscrupulous individuals and companies.

Fake social media profiles’ impacts became evident in the U.S. in 2016 when Russian hackers created thousands of fake Facebook and Twitter accounts to influence the former’s presidential election. These bots posted thousands of messages and fake news articles attacking candidate Hillary Clinton and sowing divisiveness within the Democratic Party, often promoting information from the Democratic National Committee’s (DNC) email hack.

Social sites often listed hashtags like #HillaryDown and #WarAgainstDemocrats as trending, inadvertently giving these bots a loudspeaker and letting their messages punch far above their weights. Special Counsel Robert Mueller’s 2018 investigation found that these hacker groups had multimillion-dollar budgets — a far cry from then-candidate Donald Trump’s characterization of the DNC hackers as “somebody sitting on their bed that weighs 400 pounds.”

Fake profiles’ threats are self-evident, but the solution to stopping them is not nearly as clear.

How Social Media Sites Can Fight Bots

Social media websites are reticent to disclose exactly how they identify and delete fake profiles — if fraudsters know too much about their prevention techniques, they will be able to circumvent them. Many brands, companies, advertisers and even congressional panels have demanded more information about how social media firms are working to stop the spread of fake profiles, however.

Third-party developers have also introduced solutions to curb the spread of illegitimate accounts, with many utilizing artificial intelligence (AI) and machine learning (ML). Thousands of social media profiles are created every day, making human analysis of each new registration impossible. AI and ML could reduce analytics teams’ burdens by employing pattern recognition to determine the details that all true profiles share, such as the frequency of their posts or what pages they tend to like. Profiles that do not adhere to this pattern could then be flagged for human review.

Social media networks could also utilize facial recognition biometrics to authenticate new accounts, requiring users to submit selfies or live smartphone videos for review to determine if their profiles are legitimate. Many new smartphones, including Apple’s iPhone 11, come with this technology right out of the box, meaning consumers are already familiar with it.

Facial recognition biometrics have fallen afoul of privacy advocates, however. Facebook has long been using facial recognition to identify its users in photographs — a practice that many condemned as privacy infringement. The website shifted this system to an opt-in model last year to appease these privacy advocates, meaning it would likely be reluctant to adopt facial biometrics during onboarding.

There is no obvious authentication solution that can completely prevent fake profiles. Social media sites, advertisers and governments all agree that they do need to be stopped; however — the next step is agreeing how to do it.

Source: https://www.pymnts.com/authentication/2020/fake-profiles-threaten-social-media-networks/

SPONSOR: Datametrex AI Limited (TSX-V: DM) A revenue generating small cap A.I. company that NATO and Canadian Defence are using to fight fake news & social media threats. The company announced three $1M contacts in Q3-2019. Click here for more info.

The technology that could save us from deepfake videos

Israeli startup Cyabra’s technology detects expertly doctored videos as well as the bots powering fake social-media profiles.

By Brian Blum

It’s November 2020, just days before the US presidential election, and a video clip comes out showing one of the leading candidates saying something inflammatory and out of character. The public is outraged, and the race is won by the other contender.

The only problem: the video wasn’t authentic. It’s a “deepfake,” where one person’s face is superimposed on another person’s body using sophisticated artificial intelligence and a misappropriated voice is added via smart audio dubbing.

The AI firm Deeptrace uncovered 15,000 deepfake videos online in September 2019, double what was available just nine months earlier.

The technology can be used by anyone with a relatively high-end computer to push out disinformation – in politics as well as other industries where credibility is key: banking, pharmaceuticals and entertainment.

Israeli startup Cyabra is one of the pioneers in identifying deepfakes fast, so they can be taken down before they snowball online.

Cyabra cofounder and CEO Dan Brahmy. Photo: courtesy

Cyabra CEO Dan Brahmy tells ISRAEL21c that there are two ways to train a computer algorithm to analyze the authenticity of a video.

“In a supervised approach, we give the algorithm a dataset of, say, 100,000 pictures of regular faces and face swaps,” he explains. “The algorithm can catch those kinds of swaps 95 percent of the time.”

The second methodology is an “unsupervised approach” inspired by a surprising field: agriculture.

“If you fly a drone over a field of corn and you want to know which crop is ready and which is not, the analysis will look at different colors or the way the wind is blowing,” Brahmy explains. “Is the corn turning towards its right side? Is it a bit more orange than other parts of the field? We look for those small patterns in videos and teach the algorithm to spot deepfakes.”

Cyabra’s approach is more sophisticated than traditional methods of ferreting out deepfakes – looking at metadata, for example, of where was the picture taken, what kind of camera was used and on what date it was shot.

“Our algorithm might not know the exact name of the manipulation used, but it will know that the video is not real,” Brahmy says.

Only a computer program can spot telltale signs the human eye would miss, such as eyeglasses that don’t fit perfectly or lip movements not perfectly synched with movements of the chin and Adam’s apple, Brahmy tells ISRAEL21c.

Staying a few steps ahead

Cyabra’s technology detects inauthentic nuances that the human eye would miss. Photo: courtesy

Deepfake detection technology must continually evolve.

In the early days – all the way back in 2017, when deepfakes first started appearing – fake faces didn’t blink normally. But no sooner had researchers alerted the public to watch for abnormal eye movements than deepfakes suddenly started blinking normally.

“To have a durable edge, you need to be a year or two ahead, to make sure no one can re-do what you just did,” Brahmy says.

That’s important both in catching the deepfakers and for a company like Cyabra to stay ahead of the competition.

Cyabra’s edge is that two of its four cofounders came out of IDF intelligence divisions where they looked for ways to foil terrorist groups trying to create fake profiles to connect with Israelis.

In addition, former Mossad deputy director Ram Ben Barak is on the company’s board of directors.

Fake social-media profiles

Cyabra’s deepfake detection technology was only released in the last month. For most of the past two years, since the company was founded, it has been focused on spotting fake social-media profiles.

Cyabra cofounder and COO Yossef Daar. Photo: courtesy

Brahmy cofounderYossef Daar claims there are 140 million fake accounts on Facebook, 38 million on LinkedIn, and 48 million bots on Twitter.

These, too, are not easy to detect.

Researchers from the University of Iowa discovered that some 100 million Facebook “likes” that appeared between 2015 and 2016 were created by spammers using around a million fake profiles.

Cyabra’s machine-learning algorithms run some 300 unique parameters to determine profile authenticity. A three-day-old profile with 700 friends whose user has no footprint outside of Facebook raises a red flag, for example.

In the 2016 U.S. elections, fake profiles on social media were the biggest problem – deepfakes didn’t exist yet.

By now, though, you’ve probably seen a few deepfakes yourself: Facebook CEO Mark Zuckerberg bragging about having “total control of billions of people’s stolen data,” former US President Obama using a profanity to describe President Trump or Jon Snow apologizing for the writing in season 8 of “Game of Thrones.”

Brahmy says the leadup to the 2020 election season is the right time to offer Cyabra’s solution.

Investors agree. Cyabra has raised $3 million from TAU Ventures and $1 million from the Israel Innovation Authority. The 15-person company started in The Bridge, a seven-month Tel Aviv-based accelerator sponsored by Coca-Cola, Turner and Mercedes. Now they’re based at TAU Ventures with a small presence in the United States as well.

Public and private sector clients

Cyabra’s clients prefer not to be named, although Brahmy did tell ISRAEL21c that 50% of its clients are in the public sector – governmental organizations or agencies – and the other half are “in the world of sensitive brands: consumer product, food and beverage, media conglomerates.”

“Imagine you’re in the business of providing unbiased information and suddenly 500 bots send you a message with a falsified picture and you’re ready to publish it. We want to be there five seconds before you pull the trigger, to let you know it’s false,” says Brahmy. This heatmap shows the level of doctoring done to a picture or frame in a video. Emphaized areas represent more heavily forged pieces of content. Image courtesy of Cyabra

Cyabra leaves the task of fact-checking content for “fake news” to other companies such as NewsGuard and FactMata. (Neither company is Israeli.)

There are also other companies dealing with deepfakes and fake profiles. But, Brahmy says, “we’re the only one doing both, with the technical capability to detect deepfakes along with cross-channel analysis to detect the bots [powering fake social media profiles], all under one roof.”

Facebook announced in January 2020 that it is banning deepfakes intended to mislead rather than entertain. But can Facebook really get ahead of all the deepfakes out there – and those to come?

If Cyabra and companies like it succeed, the next time you see a politician or celebrity saying something you find reprehensible, it might just be true.

Source: https://www.israel21c.org/the-technology-that-could-save-us-from-deepfake-videos/

SPONSOR: Datametrex AI Limited (TSX-V: DM) A revenue generating small cap A.I. company that NATO and Canadian Defence are using to fight fake news & social media threats. The company announced three $1M contacts in Q3-2019. Click here for more info.

Disinformation in 5.4 Billion Fake Accounts: A Lesson for the Private Sector

• Social media platforms are turning a new leaf to make online communities safer and happier places. Instagram turned off “likes,” but the biggest news came when Facebook shut down 5.4 billion fake accounts.

By: John Briar

Social media platforms are turning a new leaf to make online communities safer and happier places. Instagram turned off “likes,” but the biggest news came when Facebook shut down 5.4 billion fake accounts. The company reported that up to five percent of its monthly user base of nearly 2.5 billion consisted of fake accounts. They also noted that while the numbers are high, that doesn’t mean there is an equal amount of harmful information. They are just getting better at identifying the accounts.

The concerted effort to close fictitious accounts is shedding light on disinformation and misinformation campaigns. But it’s not a new tactic. It dates back to the early days of war when false content was spread with the intent to deceive, mislead, or manipulate a target or opponent. Where disinformation was once communicated by telegram, the modern version of vast, coordinated campaigns are now disseminated through social media with bots, Twitterbots and bot farms—at a scale humans could never perform.

Now, disinformation campaigns can be lodged by a government to influence stock prices in another country, or by a private company to degrade brand presence and consumer confidence. What’s worse is that bots can facilitate these campaigns en masse.

Understanding the Role Bots Play in Disinformation

On social media, you might be able to easily identify bots trolling users. Or maybe not—it’s often trickier than you’d expect. Sophisticated bots use several tactics that make them successful at disinformation and appearing human, including:

1. Speed and Amplification – Bots quickly spread low-credibility content to increase the likelihood information goes viral. The more humans see the disinformation campaigns, the more likely they are to spread it themselves.
2. Exploiting Human-Generated Content – Bots spread negative or polarizing content generated from real humans that prove to be credible to other humans.
3. Using Metadata – Bots used more metadata (comments, photo captions, etc.) to appear as human, which helps evade detection.

Whether fraudsters create false information or use existing misinformation, bots are the unstoppable force in the spread of disinformation. Even with platforms like Facebook dismantling campaigns, taking down bots is a pervasive game of whack-a-mole.

Business Interference: A Bot’s Expertise

How do we take the lessons learned and apply them to today’s businesses? For one thing, we know that identifying bots masquerading as customers, competitors, or the actual company is increasingly difficult.

Some attempts to deceive, mislead and manipulate customers use the same bot-driven propaganda techniques as we have seen on social media platforms. Bots can amplify and create negative reviews, spread misinformation about unrest in a company, or defame company leadership.

Beyond that, one of the biggest threats to businesses is content scraping. In this attack vector, bots are programmed to crawl and fetch any information that could be used “as is” or injected with misinformation before spreading. This could include prices, promotions, API data, articles, research and other pertinent information. Because of the open nature of the Internet, nothing is stopping bots from gaining access to websites and applications, unless bot detection and mitigation is in place.

Aside from what we have seen, what do company-targeted disinformation campaigns look like in the wild?

• Legitimate pricing sheets could be scraped by a bot, then distorted to become favorable to the competition before presenting to prospects.
• Articles are stolen, injected with misinformation and copied around the Internet—hurting businesses twofold—search engines assuming the company is trying to game SEO and lowering the ranking, and misleading content consumers.

Given that bots account for nearly half of web traffic, standard cybersecurity technologies that do not specialize in bots cannot prevent the onslaught of fraudulent traffic. If information reserved for customers and partners exists on company websites, even behind a portal, companies should expect bots to continue scraping their sites until they leave with valuable content. From all the data that has been studied, bad bots come early – days after a site is launched. They attack in waves, consistently trying and retrying to capture critical information.

The Future of Bots in 2020

If the headlines teach us anything, we can predict that 2020 will bring even more sophisticated bots in full force, leveraging artificial intelligence (AI) and getting smarter about how to behave like a human. To outpace fraudsters and their bot armies, the same advanced technologies like AI and machine learning along with behavioral analytics are required. Only then will it be possible to parse out traffic and allow humans through, while stopping bots before they can gather information for disinformation campaigns.

Source: https://www.securitymagazine.com/articles/91616-disinformation-in-54-billion-fake-accounts-a-lesson-for-the-private-sector

SPONSOR: Datametrex AI Limited (TSX-V: DM) A revenue generating small cap A.I. company that NATO and Canadian Defence are using to fight fake news & social media threats. The company announced three $1M contacts in Q3-2019. Click here for more info.

Data Privacy Day 2020: 5 Lessons From The Past To Better Secure The Future

(By David Higgins)

• Lawmakers claim Facebook “contravened the law by failing to safeguard people’s information” – and suffered the consequences.
• Now the US government is placing additional pressure on Facebook to stop the spread of fake news, foreign interference in elections and hate speech (or risk additional, larger fines)
• This Data Privacy Day urges individuals and organisations around the world to learn from the fallout of the mega-breaches of the recent past.

Until recently, data privacy was only considered critical in the digital world. But as the digital and physical worlds intersect, it is now integral not only to securing an individual or a corporation’s digital identity, but also to avoiding the safety of citizens being compromised. Data privacy considerations should underpin all company decisions, whether on the board level or on the shop floor and, this Data Privacy Day, organisations should encourage their entire workforce – not just IT teams – to re-evaluate how they secure and manage data.

It’s now well-established that data is the world’s most valuable asset, and a tempting target for malevolent hackers with varying motivations. More often than not, they are pursuing credentials that they can use to infiltrate businesses and target sensitive and valuable data. Attackers seek ways to cause irreparable damage across a whole range of industries, from seizing companies’ administration logins to hacking into medical data so as to hold individuals to ransom over the disclosure of sensitive personal information. As a tragic, but potentially realistic scenario, this could even result in a doctor being unable to perform a life-saving operation due to a lack of availability of the patient’s records for example.

Hackers will inevitably be successful from time to time. Addressing this threat and limiting how far they can infiltrate a network after a successful breach is imperative in order to safeguard national security. Infiltration or compromise of CNI, for instance, could plausibly result in the loss of control of public services such as utilities, healthcare and government, posing a severe risk to public safety. This Data Privacy Day, we need to take a step back to not only understand the value in the data we hold, but also the importance of only allowing individuals and systems that need it to access it.

Mega Breach lesson #1: Equifax Breach (reported in 2017) – Several tech failures in tandem–including a misconfigured device scanning encrypted traffic, and an automatic scan that failed to identify a vulnerable version of Apache Struts–ultimately led to the breach which impacted 145M customers in the US and 10M UK citizens.

Data Privacy Day Learning – get security basics right. Cyberattacks are growing more targeted and damaging but a good industry reminder from the Equifax breach is that standard security basics should never be ignored. Patches should be applied promptly, security certificates should be maintained, and so on. This breach also inspired elected officials to push for stronger legislation to tighten regulations on required protection for consumer data.

Mega Breach lesson #2: Uber Breach (reported in 2017) – In 2017 Uber revealed it had suffered a year-old breach that exposed personal information belonging to 57M drivers and customers.

Data Privacy Day Learning – don’t store code in a publicly accessible database. Uber data was exposed because the AWS access keys were embedded in code that was stored in an enterprise code repository by a third party contractor. A clear takeaway is that no code repository is a safe storage place for credentials.

Mega Breach lesson #3: Facebook’s Cambridge Analytica Breach (reported in 2018) – Cambridge Analytica harvested the personal data of millions of peoples’ Facebook profiles without their consent and used it for political advertising purposes. The scandal finally erupted in March 2018 with the emergence of a whistle-blower and Facebook was fined £500,000 ($663,000), which was the maximum fine allowed at the time of the breach.

Data Privacy Day Learning – protect user data (or pay up). Lawmakers claim Facebook “contravened the law by failing to safeguard people’s information” – and suffered the consequences. Now the US government is placing additional pressure on Facebook to stop the spread of fake news, foreign interference in elections and hate speech (or risk additional, larger fines).

Mega Breach lesson #4: Ecuadorian Breach (reported in 2019) – Data on approximately 17M Ecuadorian citizens, including 6.7M children, was breached due to a vulnerability on an unsecured AWS Elasticsearch server where Ecuador stores some of its data. A similar Elasticsearch server exposed the voter records of approximately 14.3 million people in Chile, around 80% of its population.

Data Privacy Day Learning – adhere to the shared responsibility model. Most cloud providers operate under a shared responsibility model, where the provider handles security up to a point and, beyond that, it becomes the responsibility of those using the service. As more and more government agencies look to the cloud to help them become more agile and better serve their citizens, it’s vital they continue to evolve their cloud security strategies to proactively protect against emerging threats – and reinforce trust among the citizens who rely on their services.

Mega Breach lesson #5: Desjardins Breach (reported in 2019) — The data breach that leaked info on 2.9M members wasn’t the result of an outside cyber attacker, but a malicious insider – someone within the company’s IT department who decided to go rogue and steal protected personal information from his employer.

Data Privacy Day Learning – be proactive in identifying unusual/unauthorized behaviour. While insider threats can be more difficult to identify, especially in a case where the user had privileged access rights, having a solution in place to monitor for unusual and unauthorized activities that can take automated remediation steps as needed can help reduce the amount of time it takes to stop an attack and minimize data exposure. This breach shows that a defence in depth security strategy that includes privileged access security, multi factor authentication, and the detection of anomalous behaviour with tools such as database activity monitoring has never been more crucial.

Source: https://www.expresscomputer.in/news/data-privacy-day-2020-5-lessons-from-the-past-to-better-secure-the-future/45933/