Journal Entries:
JE1:
“Review the NICE Workforce Framework. Are there certain areas that
you would want to focus your career on? Explain which areas would
appeal the most to you and which would appeal the least.”
The areas I’m interested in are Cyber Defense Analysis, Digital Forensics, Vulnerability Assessment, and Management. These appeal to me the most because their descriptions feel like something I could be interested in. For example, the Cyber Defense Analysis description mentions how you pull information from various sources and defensive measures to analyze and report on events that could or have occurred on the network. Another example would be Digital Forensics and using it to find data, information, and other computer-related evidence in support of network vulnerability mitigation, counterintelligence, fraud, or law enforcement. I remember having to recover data for some family before and the process to learn how things work and how data isn’t as gone as we think it is.
An area I am not interested in is software development. To be frank, programming isn’t my cup of tea. I only use it when my project would be in need of it but unless it’s something fun and practical for me and my projects, I can’t imagine myself programming for my career unless needed.
JE2:
“Explain how the principles of science relate to cybersecurity”
JE3:
“Visit PrivacyRights.org to see the types of publicly available information
about data breaches. How might researchers use this information to
study breaches? Enter a paragraph in your journal.”
I believe that Researchers can use this information to understand common traits between breaches and to archive and preserve old data breaches to see how breaches in the past are not exactly different from the ones we have now. On the graph within the website, if you were to search for breaches that involved a physical device, you’ll notice that out of the top five, four of the breaches were government-related and involved the mishandling of devices. The theft of a laptop, improperly disposed of hard drives, or a lost drive could lead to the potential risk of millions of government-affiliated individuals (Veterans, Employees, etc.) private information. Researchers could use information like these breaches to understand processes such as how hard drives that are not fully destroyed could still have the data inside of them recovered or how in server maintenance, devices could go missing causing the victims to be at risk of physical attacks, identity theft, or be victim of another data breach.
JE4:
JE5:
“Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.”
- Money
Money can be a big motivator for many people to commit crimes. With the barrier of entry into cybercrime requiring you to have the knowledge and an internet-connected device, The return of profit from ransomware, bug bounty, or hacking is enough for someone to become a criminal. - Political
Hackers with a political motivation for hacking also make sense whether it’s to attempt to force an entity to listen to their social/political cause or state-level hacking where they do it for espionage, forensics, or financial. Politics can motivate hackers to break into systems to cause change. - Revenge
This is a crime of passion that can motivate someone to hack. If a company fires a former employee, they might attack the company out of revenge for putting them out of a career. They want the organization/entity to go through bad things, such as DDoS attacks or releasing confidential documents. - Recognition
Some hack to gain recognition within the community and to make a name for themselves. Recognition could be good for hackers who also have a business within crime or in profession too. - Boredom
- Entertainment
- Ego
JE6:
“Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?”
There weren’t 3 examples but the 3 prominent fake sites I see and hear about are Discord, Cryptocurrency, and Social media.
Discord: These sites are usually near duplicates of the original site with minor changes such as having text replaced with “Free Nitro Campaign”. These sites compared to the original simply just change their domain to make it look reasonably legitimate such as “nitrogiveaway.com” or “discord.nitro.gg” to help make it look more legitimate.
Social Media: For fake websites in social media, phishing pages could be made to look like legitimate login pages. Each website is different and compared to the original, sometimes they can include spelling errors, and inconsistencies in the layout, or if the website changes its layout, it could be entirely wrong too. A fake Facebook login page could be different from a real one because it could be missing a few things such as the logo, incorrect colors, or change in looks that could tell you it’s fake.
Cryptocurrency: Cryptocurrency is an area that is full of scams. Fraudsters attempt to scam people by using phishing emails and pages that look similar to the original site such as MetaMask, Coinbase, and Crypto.com. As with other fake pages, they usually just copy the original site and change the domain slightly or replace a character with another one that looks similar to it (Punycode URL).
JE7:
“Review the following ten photos through a cybersecurity human systems integration framework. Create a meme explaining what is going on in the individual’s or individuals’ mind(s).”
JE8:
“After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity”
I believe that the media can make our understanding of cybersecurity skewed or misunderstood as they portray or use hacking as a device to solve technological needs when in reality, it can be a bit more complicated. Similar to how shows would use “enhance” to see blurry pictures as clear. Hacking is used in a way to solve plot inconveniences and I believe the only show I can think of that portrays hacking in a much more grounded way is Mr. Robot. The hacks and methods they use are definitely more realistic and grounded such as using a rubber ducky to exfiltrate data or using vulnerabilities and zero-days to attack systems.
JE9:
“Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?”
I only scored 1/9 (Displacement). I think the items on the scale don’t relate to me directly but I know others who they do relate to that make more sense to me. I believe that social media can be replaced with internet as I don’t know anyone who is on social media that much compared to just being on the internet.
I believe that in other parts of the world, the pattern will be different such as in Asia where hermits (hikikomori) spend all of their time sheltered in their homes or gaming/internet cafes. For those who are hikikomori and also use the internet, perhaps they will get a different score because they have a different lifestyle.
JE10:
“Watch this video. As you watch the video https://www.youtube.com/watch?v=iYtmuHbhmS0, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.”
JE11:
“A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings. “
JE12:
“Digital Forensics | Davin Teo | TEDxHongKongSalon – YouTube Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.”
I think its interesting how he go to that pathway. He was first an accountant that moved into digital forensics that I find the most interesting. A lot of people I know who are within IT or digital security don’t always come from those backgrounds but something like art, teaching, medical science, etc. My sister graduated from college with a degree in medical science but now she does IT which shows that anyone can get into the tech field even if they didn’t have that as their background.
Article Review 1:
The article I am reviewing today is titled “Understanding the Use of Artificial Intelligence in Cybercrime.” The article I’m reviewing takes from 2 other pieces that mention particular case uses of AI for cybercrime. I will be explicitly talking about “Victimization by Deepfake in Metaverse: Building a Practical Management Framework.” Within the past four years, the development and advancement of artificial intelligence and machine learning have started to bleed into our daily lives with the introduction of Chat-GPT, GPT-3 and 4, DALLE, Midjourney, and other similar technologies has brought new changes into our lives. With the creation of Chat-GPT, we are able to learn, engage, and interact with the internet via upgraded GPT-powered chatbots, expanded search inquiries, and programming help and advice from AI. Chat-GPT specifically, allows you to create snippets of code through prompts, and even create scripts to read. The issue with this is similar to a double-edged sword. An easy-to-access tool that could help you create code snippets and write scripts could also be used to create malware and make more believable text to help aid in a threat actor’s phishing campaign. This allows phishing and spam emails to be more believable to the untrained eye, more malware produced more campaigns to be created and executed, and extortion evidence to be fabricated or edited with AI, causing more issues for everyday people in our society.
The article’s hypothesis about identifying the use of illicit deep fakes can potentially contribute to cybercrime victimization. Deepfakes are a common example of AI being used for the purpose of monetary or selfish gains. Threat actors could take someone’s face, voice, and a source video to create DeepFake pornography to extort people who have never created pornography and be used to sexually harass people who never consented during this process. Threat actors could target anyone whether it’s for monetary gain. Money doesn’t need to be a motivator for criminals and it could be done out of boredom, revenge, or for social power gain. The challenge with this type of crime is that it could be hard to pull from the internet, it’s easily producible, and unless no one except yourself has pictures of your face, it could happen to anyone.
The article only reached out to 5 expert testimonies from South Korea and I believe that they could improve upon that a little more. I felt that they should have looked for sexual harassment victims from this area to see what they think of this and ways they could have better protected themselves from something like this. They also could have expanded this and asked people of interest who have also fallen victim to this to see what they think.
Sources:
https://vc.bridgew.edu/ijcic/vol6/iss2/1/
Article Review 2:
To continue with the theme from my last article review about AI and Deepfakes, I will be continuing this topic in this review. I recently read an article about the human ability to detect deepfakes and I found it an interesting topic to write about.
The article Introduces the user to the concept of what a Deepfake is. If you don’t know, a Deepfake is an entity or media created by complex algorithms computation to create synthetic media. This media can take the form of lip-syncs, face-swaps, or head puppetry. The article next mentions one example of a deepfake is the “style transfer” which uses machine learning to take a large data set (e.g. human selfies, portraits, faces) and use it to generate its human face from this data set. Now, to the meat and bones of this article, testing the human ability to detect deepfakes of the human face. The researchers in the article mentioned that their methodology of collecting 280 participants and asking them to judge images with an incentive of 6GBP/hr with an incentive to earn more if they were their performance was in the top 50%. The overall results were that the participants were 62.8% accurate on what was a deepfake and what was not. Now you may be wondering, “What influenced this decision?” One of the influences was the “impossible backgrounds” and another was “Accessories Don’t Make Sense” or “Asymmetric Earring.” The article concludes that while people are still good at being able to detect deepfakes, this still doesn’t get rid of the glaring issue of these AI-generated faces being used in places such as social media or dating apps to take advantage of people who couldn’t detect them.
As for my thoughts: I have known about deepfakes since around 2017 via the emerging use of them for pornography and at the time, they weren’t hard to tell when a deepfake was used to botch a video. At the time, this technology was new and different from other face-swapping technology. It was an interesting piece of technology to me but it felt like it wouldn’t have its uses today. Over the years, I have seen this technology develop more and more creating more realistic results that made it difficult to tell whether the video was real or fake. Fast-forward to today AI has improved to make this technology look really convincing that it was even used for political, social, financial, and political attacks.
Could you imagine a threat actor creating a fake identity through a synthetic face and voice to scam you? That’s very scary to me as this makes the motivation for those to harm be confirmed as the tools are now easily accessible and allow them to hide their tracks even better. Do you know the worst part about that? This has happened before as threat actors used a CEO’s voice to scam them out of $230k+. This means that our security now needs to be planned around knowing who you are, what you have, and what you know in order to prevent situations like this.
It surprised me that the participants were accurate as to me, there was always an uncanny valley with AI-generated pictures, especially with faces. I guess because I have seen this technology before, I have adjusted to it and made sure that what I’m seeing is real or synthetic. A video I watched mentioned that the AI we see today is the worst it’ll ever be and I couldn’t agree more. The videos I saw in 2017 will be the worst I have ever seen of this technology as over time I have watched it improve to the point where it’s extremely difficult to tell if the video is real or fake. I have to question myself “How likely is this video real?” This throws me back to the “Not everything you see on the internet is real” days, because back then most I had to fear was someone lying to me, now people can fabricate entire personalities and identities through easily
accessible tools. I fear the future of AI and its emerging uses in our world. This technology is one not to be messed with and as it improves, it only improves for the worse or better. In conclusion, I welcome our Robotic Overlords with open arms. Thank you and have a nice day.
Articles:
“A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 Testing human ability to detect ‘deepfake’ images of human faces”