At 19, Gregory Tarr’s new techniques for identifying deepfakes won him BT Young Scientist of the Year 2021. In our latest video in the Young Bright Minds series, Tarr explains how he’s overcome some of the challenges of spotting this AI-created media at scale.
But some deepfakes are less obvious. They can spread fake news or otherwise fool people into thinking someone said or did something they didn’t.
Finding deepfakes in a heartbeat
Tarr radically improved existing processes for detecting deepfakes. “I was able to speed things up ten times.”
The deepfake detection method is fascinating. Tarr explains: “Photoplethysmography means graphing the light of the blood. Every time your face receives a pulse of blood, green and red hues change slightly. You can track that over time in a video.”
Scaling is the hardest part
“Many companies trying to detect these deepfakes have built models that work in lab environments,” says Tarr. “But because of the sheer size of the problem – hundreds of millions of videos – having the infrastructure and the computing power is a harder problem.”
Tarr is founder and CEO of Inferex. His business wants to work with companies’ deepfake detection models and deploy them across thousands of computers.
Tech no substitute for awareness
Tarr warns that technological solutions will only go so far in fighting fakes – we need to change how we think about what we see and read. “The only solution is that people wisen up. We need to be more aware that things we’re seeing or reading may or may not be true.”
Getting your head around endpoint protection for business isn’t easy. Matt White, CEO of software-as-a-service platform XaaS Ltd, has a knack for explaining it simply – with a balloon and a toothpick.
In Episode 4 of Hacker:HUNTER Behind the Screens, Endpoints: Friend or Foe? White blows up a balloon and pops it with a toothpick. The balloon is an organization’s expanded ‘attack surface’ and the toothpick is just one cybercriminal reducing it to shreds. In reality, White says, there are thousands of toothpicks trying to pop your balloon at any time.
And the toothpicks are getting stabbier. “Cybercriminals are now using AI and machine learning to make their attacks more sophisticated,” says Kaspersky senior security researcher Noushin Shabab.
What are endpoints and why do they need protecting?
Organizations’ attack surfaces are so big today because now almost anything is an ‘endpoint’ – a device connected to the network, from mobile phones, to webcams, to fridges. Together they make, as White puts it, “a total chaotic mess” from a security perspective.
“Endpoints are the heart of the risk. They’re the route in for your employees and the machinery you use for your work. But they’re also a route in for attackers.” Matt White, CEO, XaaS Ltd
While once businesses could rely on antivirus software to do the heavy lifting, White says they must go further to respond to a new threat landscape. “Endpoint detection and response (EDR) is like antivirus on steroids. It doesn’t just detect and identify, it isolates malicious code and repairs. Spending more on that kind of system is like an insurance policy – it may protect you from a lot more damage down the line.”
He likens endpoint detection and response to a COVID-19 vaccination. “You know you may still catch it, but you can make it far less serious by getting a vaccine upfront.”
White believes the new level of cyberthreats demands a new way of working. “It’s not just plugging in the latest shiny box that’s going to secure a network. Everyone has to work together – all parts of a company, regulators, financial authorities – to create collaboration. It’s a team game.”
2021 has been quite a year for all of us. While technology has helped us through the pandemic in many different ways, our reliance on tech is often not matched by our ability to protect ourselves from cybercrime.
Against this backdrop we’ve told stories about criminal gangs, explored immortality and asked whether it’s possible to fall in love with robots with the aim of stirring debate and entertaining hundreds of thousands of viewers around the world.
Join us as we take a look back at the highlights of this memorable year.
The controversial one. Imagine Beyond: Who Wants to Live Forever?
This film attracted the most comments on Tomorrow Unlocked’s YouTube channel in 2021 when we delved into one of humankind’s oldest themes: immortality. With advances in technology and a radical new global movement, living forever might be closer than we think. But is it something you would want? Watch and decide for yourself.
The edgy one. Imagine Beyond: Build me Somebody to Love
Could you fall in love with a robot? Will AI relationships be the norm in the future? As robots become ever more human, surely it’s only a matter of time before human-cyborg relations enter a whole new dimension. In this age-restricted video we explore these themes and meet those shaping the future of robotics.
The multi-award winning Imagine Beyond series offers new and exciting perspectives on what the future of technology could bring for what it means to be human. Stream all episodes on YouTube.
The one for true crime fans. hacker:HUNTER – Emotet
Emotet, the world’s biggest organised cybercrime gang, was responsible for a swathe of crimes and possibly deaths. A global coalition of law enforcement officers came together to take them down – no mean feat when the anonymous crime gang was constantly on the move. This episode of hacker:HUNTER tells the inside story of their demise through the eyes of the heroes who brought them to justice.
Choose your own adventure brought bang up to date with our first interactive film. This documentary takes viewers inside the Carbanak attack of 2013 which saw money flying out of ATMs around the world. Get ready to go behind the scenes of the biggest cyber heist in history.
The audio one. Fast Forward
In our first audio series we delve into the future of tech by looking at the recent past. Led by writer, broadcaster and cultural theorist Ken Hollings, the series includes insightful interviews with industry, media and academic tech experts who have an eye on the future.
The one that shows the future of industry. Young Bright Minds: The Autonomous Factory
Smart factories could fight climate change, save lives and help solve the supply chain crisis that we’ve seen in this year’s post-pandemic world.
Could they even represent the next industrial revolution? In this episode of Young Bright Minds we meet Theo Saville, CEO of CloudNC and pioneer of autonomous factories. Theo explains why connected manufacturing is the future and how optimizing machines could save lives.
The one that was most awarded. From Kurils With Love – Behind the Scenes
This year we took you behind the scenes of this extraordinary film. With previously unseen footage, filmmakers Renan Ozturk and Taylor Rees share what the apocalypse created by the eruption of the Raykoke Volcano meant to them and how it became a metaphor for the world’s experience during the global pandemic.
The one for business. hacker: HUNTER Behind the Screens – Lighting the Dark Web
The acclaimed hacker:HUNTER series took a new perspective in 2021 by shining a light on cybersecurity professionals and the work they do to fight the exponential rise of cybercrime.
In this inaugural episode we meet officers from the Yorkshire and Humber Regional Organised Crime Unit who talk us through the Dark Web crime they fight every day, detailing how they catch cybercriminals whose identity, location and organisation is constantly changing.
For our first foray into fiction we commissioned a collective of teenage Nigerian filmmakers, The Critics, to create a short film. The self-taught collective is gaining global attention with their sci-fi films. In this movie they look at cybercrime from the perspective of Mel, a hacker who lives with her sick mother while investigating the mysterious disappearance of her father.
The Tomorrow Unlocked Film Festival Winner: Terra Cene
Now in its second year, the Tomorrow Unlocked Film Festival gives up-and-coming independent filmmakers the opportunity to showcase their creativity and tell engaging stories about how technology influences our lives now and in the future. Directed by Nono Ayuso, the 2021 winner Terra Cene is a remembrance of things past and an observation of the interconnected nature of our time on Earth.
Things you least expect now connect to the internet, like lighting, fridges and cars. And this Internet of Things (IoT) is doing great work improving energy efficiency and maintenance. But in hacker:HUNTER Behind the Screens Episode 3, Chris Kubecka, CEO of Hypatec and distinguished chair of the Middle East Institute, shows how IoT security is behind the curve.
IoT is extra vulnerable
“These devices are becoming common in homes and industry,” says Kubecka. “But most are not properly security tested, and many use outdated operating systems. It’s easy for attackers to exploit those and bring down entire businesses.”
Other attacks are more domestic, like one Kubecka investigated in Saudi Arabia. “A company bought a bunch of new smart fridges from a supplier that didn’t security-test. A criminal gang managed to exploit these fridges and use them for spam and manipulating the stock market.”
It can be hard to investigate IoT-based cybercrime. “Many IoT devices don’t log activity, so police forensics can’t find much. Or they’re expecting to find a computer and don’t realize the computer is a fridge.”
While IoT makers are getting more security conscious, we already have homes full of smart devices that may not be secure. You can do a few things to protect IoT devices at home, like limiting what’s connecting to the internet and having strong passwords.
When someone has to die for the authorities act, the world really is a dark place. I am The Cavalry – a collective of white hat hackers – is shining a light into the darkness to save lives.
“No one is going to save us, so we have a job to do.”
When Josh Corman’s mum had a stroke, he thought it would primarily affect her speech. It ultimately took her life. At the same time as his mother’s life was ebbing away, Josh was pressing government authorities to take cybersecurity in connected devices more seriously. They refused to do so.
Tormented by both of these incidents, Josh realized the cavalry isn’t coming to save us. He had to do something. But what?
To enjoy privacy, you’ve got to be alive
The cavalry’s initial strategy was to go high and deep into governments to warn them that cyber-terrorism was a clear and present danger – in healthcare, automotive, agriculture, maritime and other spaces.
He told officials the issue was not one of privacy – like many people, Josh loves privacy, but he also wants to be alive to enjoy it. They didn’t listen, even when Josh told them that when ‘things’ are connected to the internet, people can die.
They said the public needed proof of harm before they could amass the political will to take action.
TriCk was killed by a drone strike
At the same time, a UK teenager was jailed for hacking the website of Tony Blair (former UK Prime Minister.) While in prison he was radicalized by militant group ISIS.
On his release he started the ISIS Cyber Caliphate, recruiting using his social media skills and showing his followers how easy hacking could be. Known online as TriCk, real name Junaid Hussain, he was eventually killed in a drone strike. But the Caliphate was now up and running, targeting connected devices within their campaigns of terror.
Are connected devices cyber-asbestos?
Josh likens connected devices to asbestos. When this natural mineral was first used in construction, it was lauded: what’s not to like about a material that is fire resistant, lightweight and cheap? But we later discovered that when it decays it causes cancer – an unintended consequence of what we believed to be progress.
Are we treading the same line with connected devices? Unchecked, will they become the next asbestos? I am The Cavalry has already shown how easy it is to hack an infusion pump remotely and deliver a 30-minute dose in just 30 seconds. If the white hat hacker demonstration team can do it, so can the black hats like TriCk.
Raising the alarm without being alarmist
Josh says that when we hear or read scary things about cybersecurity, it’s human nature to mentally switch off – our brains think it’s scaremongering.
But just because it’s scary, doesn’t mean it isn’t true.
The cavalry’s collective of over 1000 white hat hackers are engaged in the hard work now so when the scary times do come (which Josh firmly believes they will) we are “safer, sooner, together.”
In this episode of Defenders of Digital, Josh gives us the whole story on this life-saving volunteer group.
Russian Film Week is back in London cinemas for 8 days from November 28 – December 5 2021, the annual film festival features the best films produced in Russia or Russia-themed films produced globally. Tomorrow Unlocked Film Festival Finalist Cheat sheet for the princess by Vladimir Bukharov will be screened on Thursday, December 2. To celebrate, check out our favorite films about how technology influences our lives from Russia and beyond.
Cheat sheet for the princess
When an agent introduces his latest star to a film producer, things end bloody. But do they?
Terra Cene is a remembrance of things past and an observation of the interconnected nature of our time on Earth. Winner, Tomorrow Unlocked Film Festival 2021.
hacker:HUNTER – Wannacry: The Marcus Hutchins Story
In May 2017, computers around the world suddenly shut down. A malware called WannaCry asks for a ransom. The attack stops when researcher Marcus Hutchins finds the killswitch. What happens next for Marcus has to be seen to be believed.
Defenders of Digital – Inherited bias: The trouble with algorithms
These lawyers from Athens explains the dangers of today’s content moderation systems and explores how discrimination can occur when algorithms inherit the biases of their programmers.
hacker:HUNTER – Cashing In
ATMs hold cash, and that makes them attractive for criminals. While criminals around the world try to get to the money in cash machines with hammers, explosives, excavators, or other heavy gear, the Carbanak gang found a more elegant and stealthy way.
Defenders of Digital – Fighting every day to keep children safe from exploitation
Susie Hargreaves and her team at the Internet Watch Foundation hunt down child abuse images online and help identify children involved so that law enforcement can intervene.
Big businesses know they could be cybercrime targets, so they invest in cyber defenses like software, people and training. Now, cybercriminals have turned to their smaller suppliers as a way of getting to them. hacker:HUNTER Behind the Screens Episode 2 looks at supply chain attacks.
Supply chain attack targets retailer Target
The bigger the business, the more suppliers. And more internet-connected devices everywhere means cybercriminals have more ways in.
In this episode, Eliza-May Austin, CEO and co-founder of cybersecurity start-up th4ts3cur1ty.company (That Security Company,) explains how cybercriminals stole 40 million people’s card details from US retail giant Target with an attack that began in their air conditioning system.
You read that right. It started with an employee at Target’s air conditioning supplier clicking a link in a phishing email, injecting malware into their system. Target had remote access to monitor their air conditioning units, and that remote access was through the same network where cybercriminals could access personal data. They got inside point-of-sale devices and pulled customer card details from the machine’s memory. The attack cost Target some 61 million US dollars.
Energetic Bear was a significant attack on critical energy infrastructure. Cybercriminals began the attack with spear phishing – targeting specific people with customized emails and making a hit list of potentially vulnerable suppliers.
Sometimes, there is no clean version. Noushin Shabab, Senior Security Researcher at Kaspersky, explains how supply chain attacks can start as software is being developed. “Cyberattackers compromise software by getting inside software used by developers – the development environment. That way malicious code can end up on many businesses’ networks.”
How to protect against supply chain attacks
Eliza-May Austin works with suppliers to larger corporations to make sure the whole supply chain is ‘hardened,’ or better protected from attack.
Her advice is straightforward. “We can prevent about 80 percent of attacks with basic cyber-hygiene. Make sure your software and hardware is up to date. Limit your ‘attack surface’ – if something needn’t be online, don’t put it online. Audit passwords, making sure they’re complex. Have two-factor authentication. Employees can be the weakest link in a company, but if they have good cybersecurity training, they can be the strongest.”
Romanian web developer Cosmin Ciolacu has the amazing ability to see code in his head and know if it will work. A wheelchair user who isn’t able to use his arms and hands to type, Cosmin composes scripts in his mind then mentally error-checks them before dictating word by word, character by character to an assistant.
Using assistive technologies, he reviews code on screen for any transcribing errors. And he’s been making some impressive tech of his own.
Tech for greater good
Cosmin’s first project was designing and developing a user-friendly e-learning platform. Inspired by YouTube and Netflix, teachers can use it to upload educational videos and interact with students. Cosmin wants to make sure the tech is easy to use so that it can help more people.
The potential of future tech excites Cosmin, especially Elon Musk’s Neuralink, which lets users control devices with their minds through an implanted ‘neural lace.’See more videos about Young Bright Minds on our YouTube channel or Instagram.
The Dark Web: home of fraud, fake COVID-19 vaccines and illicit marketplaces selling everything from personal data to narcotics and child sexual abuse images.
In the first in our new series, Hacker: Hunter Behind the Screens, we head into the web’s criminal underbelly with the UK’s Yorkshire and Humber Regional Cybercrime Unit (RCCU).
Understanding the Dark Web
The Dark Web is a network of computers where web traffic is anonymized. Many use it to access marketplaces and other sites to facilitate and commit crime.
David Malkin, former Senior Investigating Officer at the RCCU, compares the Dark Web with taking a train. “On the Clear Web, you have a ticket from A to B. In between, someone can check your ticket and see where you’re coming from and where you’re going. On the Dark Web, tickets don’t give your origin or destination, and your route may be different each time.”
This encryption – and the risk-free environment created by the cloak of anonymity – has led the Dark Web to become a space for criminality: Kaspersky research shows that fake Covid vaccination certificates are for sale for just $20 on the Dark Web, while Statista research suggests 59% of listings on Dark Web marketplaces are for illicit drugs and drug-related chemicals.
But alongside illegal drugs, counterfeit goods and weapons, the sale of personal data is big business on the Dark Web. Fraudsters can buy names, dates of birth, credit card information and more at alarmingly low prices ($40 for online banking logins according to Forbes.com.)
Chris Spinks, Detective Sergeant in the RCCU’s Web Operations Team, says, “We’ve heard of people who’ve lost tens of thousands of pounds through fraud committing suicide, all because their private information was sold.”
Kaspersky reports the dark web can also be used for good. Dissidents, whistleblowers and investigative journalists use it to communicate anonymously online, and others use it to avoid online data collection.
Any kind of personal data can be sold on the Dark Web, so be sure to keep your passwords, physical addresses, bank account details and social security numbers safe and protected from potential leaks. If you’re concerned about a personal data breach, use a Dark Web monitoring service like Have I Been Pwned to tell you if your data is up for sale.
You’d think cybercriminals would hesitate before attacking organizations that care for the world’s poorest and most vulnerable – non-government organizations (NGOs,) humanitarian groups and healthcare institutions. But nothing could be further from the truth.
Cybercriminals know NGOs distribute billions in aid each year, and hold sensitive client and donor information. This makes them an attractive target.
With many people around the world relying on these vital organizations for food, work and education, a cyberattack can cost lives. CyberPeace Institute is out to protect those lives with creative ways to help NGOs protect themselves.
Mutual benefit from cyber help
Klara Jordan, Chief Public Policy Officer at CyberPeace Institute, says, “The not-for-profit sector, NGOs and healthcare institutions are under-resourced and under-equipped to deal with cyberthreats. The biggest risk is that an NGO will have to close.”
Stéphane Duguin, Chief Executive Officer, says cybercriminals often attack NGOs. “One in two NGOs have had a cyberattack, but four in five don’t have a cybersecurity plan.”
Data breaches are a particular risk because of the sensitive data NGOs and healthcare institutions hold. “NGOs need trust to operate. Without it, they can lose access to resources. If they can’t protect themselves from a cyberattack, they lose donors’ and funders’ trust,” says Jordan.
Founded in 2019, CyberPeace Institute has a unique way to help NGOs reduce their cyber risk. “Our program, CyberPeace Builders, means NGOs can get help from the private sector,” says Duguin. “Corporations want to exercise corporate social responsibility in cyberspace. We make sure their goodwill finds the right fit with NGOs in need.”
Asking world leaders to act
CyberPeace Institute is also concerned governments aren’t doing enough to fight cybercrime. Cybercrime gangs act with impunity from countries that shield them from prosecution and leaders don’t always have the political will to hold them accountable.
In May 2020, the Institute published a call to governments worldwide, demanding immediate action to stop cyberattacks on healthcare. They asked world leaders to work together to protect the critical sector.
Jordan believes secure technology can bring enormous benefits to all. “CyberPeace means the infrastructure we rely on is safe, secure and trustworthy. Then, we can benefit from these technologies without being endangered by using them. We can only unlock technology’s potential if it’s safe, secure and stable.”