Raconteur

Fraud & Privacy 2020

Issue link: https://raconteur.uberflip.com/i/1271462

Contents of this Issue

Navigation

Page 4 of 15

R A C O N T E U R . N E T 05 tagging of some social media, according to Georgina Rowlands of The Dazzle Club, a UK-based privacy activist group inspired by Harvey. "We know the technique is still effective versus Facebook, Snapchat and Instagram's algorithms," says Rowlands, whose group lead monthly walks, adorned in their rather striking Bowie-esque face paint, around London to explore privacy and public space in the 21st century. "But we haven't been able to access more advanced systems such as the Metropolitan Police's, so we can't say if it's effective there." But evading the tech is only part of the story for The Dazzle Club. It's as much about raising awareness of the pervasiveness of facial recogni - tion software. As another member of the group Emily Roderick says: "It's about making that invisible technol- ogy visible and bringing out those discussions, especially as the Met Police are starting to deploy these cameras in the city." The real goal for many of these creators is regulation of facial rec- ognition technology companies and those who use the faceprints, to protect the privacy rights of the individual. So whether someone is at a protest or simply walking down the street, they can trust that their face, and all the data contained within it, remains their own and theirs alone. In the wake of the Black Lives Matter protests, IBM, Microsoft and Amazon announced they would no longer be allowing US police departments to access their facial recognition technology, for at least a year. The tech is arguably a tool of racial oppression. In 2018, Joy Buolamwini, a researcher at the MIT Media Lab, and Timnit Gebru, a member at Microsoft Research, showed that some facial analysis algorithms misclassified Black women almost 35 per cent of the time, while nearly always getting it right for white men. A further study by Joy Buolamwini and Deborah Raji demonstrated that Amazon's Rekognition tool had major issues identifying the gender of darker-skinned individuals, but made almost no errors with lighter-skinned people. Raji, who is a tech fellow at the AI Now Institute at New York University and an expert in computer vision bias, explains there are many ways in which facial recognition technology can be biased. "It could involve having a higher error rate for a minority group," she says. "Or it could label members of a particular group with a problematic label, so for example predicting people of colour are angrier than white or other people." Algorithmic flaws, which can be caused by a poor and narrow dataset, or inherent in the algorithm design itself, can have major repercussions for an individual. "Once you're in the system, it's very easy for the system to identify you in a variety of poses and angles, but the threat of being misidentified is quite large and, should that happen, you're going to face real-world consequences." This was the case for Robert Julian-Borchak Williams, who was wrongly arrested in front of his children and detained for 30 hours due to a faulty facial recognition match. Even without such high-profile mistakes, several studies have shown there is no compelling evidence that facial recognition technology is actually effective in policing. The backlash to facial recognition software chimes with a public weariness about how much they can trust police institutions, according to Raji. "Because of that, we're thinking should we be giving them this power to monitor and target people? Will they act responsibly with these tools?" Raji says the decisions on how to use the tech must be discussed and regulated, especially since it was found to have been used by the Hong Kong government to track and identify protestors. "Even if they did build it to find missing children, they now have that power and could easily re-orientate it. There are no safeguards in place to assure a certain amount of community input, or elective or democratic decision-making, before they use the tech for each different purpose," she says. Exploring the future for facial recognition development Qilai Shen/Bloomberg via Getty Images ecurity operations teams in large organisations around the world are struggling to defend their networks against ransom- ware, either from targeted human-op- erated attacks or highly automated opportunistic campaigns. Such threats will specifically target particular com- panies by spear-phishing key people or actively scanning their networks for vulnerabilities. Others adopt a spray- and-pray approach, such as sending malicious resumes to human resources teams or mass scanning the whole internet when new vulnerabilities are disclosed and actionable. The global ransomware supply chain is becoming increasingly advanced and optimised for attackers. In some cases, different people will conduct the phishing attacks or exploit vulnerabili - ties to gain access, selling it to cyber- criminals and fraudsters who wish to ransom businesses or steal their data. Once adversaries are inside a network, they escalate privileges and move to their target just like an insider threat. They use the same tools and com - mands as a disenfranchised system administrator might to encrypt the entire company network or exfil data. The only difference is, at early stages, they're not yet authenticated and they don't have legitimate cre - dentials. Therefore, attackers imme- diately seek to escalate privileges and move laterally to things that matter. In ransomware attacks, they race to an administrative level of credential- ing which allows them to very quickly broadcast malicious software to lock up key portions or even all a corporate network. Understanding how privi- lege escalation and lateral movement works is crucial because such tech- niques allow ransomware groups to get administrative rights and behav- ioural analysis solutions can't detect many of the key approaches. "The goal of an external attacker is to become authenticated traffic on a network. Once they do that, it's very When everybody acting maliciously on a network looks like an insider, how can companies validate and identify ransomware threats and defend themselves appropriately? difficult to differentiate them from legit- imate authenticated traffic," says Jason Crabtree, co-founder and chief execu- tive of technology company QOMPLX. "Authentication is fundamental to understanding who is doing what on a network, and whether or not actions and activities are being taken by the appropriate people. But simple perim- eter hygiene and edge-hardening activities will not prevent ransomware attacks. Though important, multi-fac- tor authentication is also insufficient on its own because of the plentiful ways of bypassing it, especially within enterprises that have directory ser- vices and single sign-on enabled, which is practically all of them." QOMPLX looks at all of the details that are associated with who did what to whom in the network, recording and validating every single log-on or authentication event. "We do that with a finer grain comb than any other provider," says Crabtree, "We don't just have the metadata, but we also analyse and validate things like the Kerberos protocol with stateful streaming analytics." The company then combines all of that data from active directory and authentication with other data feeds from existing security appliances to allow organisations to contextualise the information and achieve a greater understanding of the malicious activ - ity in their IT. Due to the growing fre- quency and severity of ransomware attacks, QOMPLX has also built an elite special situations advisory services group for helping large organisations respond to ransomware threats, while simultaneously aiding in containment, eradication, restoration and sustaina - ble uplift of security programmes. "QOMPLX's special situations advi- sory group is really focused on help- ing companies get well and stay well, as opposed to incident response or simply getting an audit, assessment or pen test," says Crabtree. "Those do not get to the core issues with sustainable programmes and practices supported by very advanced technology that pro- vides deep amounts of visibility and a single source of truth. "That truth has to be continually updated and remain ground truth, rather than outdated risk registers, which are often very optimistic views of the health and state of a network or security programme. Organisations can then look at contextual chal - lenges to re-authenticate, including with active measures triggered by our platform, like biometric multi-fac- tor re-authentication requests, but doing that before the basics is foolish because it's easily bypassed if the fun- damentals aren't right." For more information please visit qomplx.com S Commercial feature Insider or outsider: the ransomware conundrum The goal of an external attacker is to become authenticated traffic on a network 2020 Verizon DBIR the number of breaches documented by Verizon 4k the number of cyber incidents analysed by Verizon 157k median number of login attempts encountered by firms in credential stuffing attacks 922k of breaches involved the use of lost or stolen credentials or brute force attacks on credentials 80% 2020 DATA BREACH INVESTIGATIONS REPORT, VERIZON

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Fraud & Privacy 2020