Young bright mind detects deepfakes in a heartbeat

At 19, Gregory Tarr’s new techniques for identifying deepfakes won him BT Young Scientist of the Year 2021. In our latest video in the Young Bright Minds series, Tarr explains how he’s overcome some of the challenges of spotting this AI-created media at scale.

What are deepfakes?

A deepfake is any media (usually video) with one person’s voice or face mapped onto another’s using AI-based software. They’re often meant to be funny or satirical, like placing Donald Trump in criminal underworld TV series Breaking Bad or critiquing Facebook’s data collection seemingly from the top

But some deepfakes are less obvious. They can spread fake news or otherwise fool people into thinking someone said or did something they didn’t.

Finding deepfakes in a heartbeat

Tarr radically improved existing processes for detecting deepfakes. “I was able to speed things up ten times.”

The deepfake detection method is fascinating. Tarr explains: “Photoplethysmography means graphing the light of the blood. Every time your face receives a pulse of blood, green and red hues change slightly. You can track that over time in a video.”

Scaling is the hardest part

“Many companies trying to detect these deepfakes have built models that work in lab environments,” says Tarr. “But because of the sheer size of the problem – hundreds of millions of videos – having the infrastructure and the computing power is a harder problem.”

Tarr is founder and CEO of Inferex. His business wants to work with companies’ deepfake detection models and deploy them across thousands of computers.

Tech no substitute for awareness

Tarr warns that technological solutions will only go so far in fighting fakes – we need to change how we think about what we see and read. “The only solution is that people wisen up. We need to be more aware that things we’re seeing or reading may or may not be true.”

For more videos about Young Bright Minds, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.

Could you be fooled by a deepfake?

Why endpoint detection and response is the future

Getting your head around endpoint protection for business isn’t easy. Matt White, CEO of software-as-a-service platform XaaS Ltd, has a knack for explaining it simply – with a balloon and a toothpick.

In Episode 4 of Hacker:HUNTER Behind the Screens, Endpoints: Friend or Foe? White blows up a balloon and pops it with a toothpick. The balloon is an organization’s expanded ‘attack surface’ and the toothpick is just one cybercriminal reducing it to shreds. In reality, White says, there are thousands of toothpicks trying to pop your balloon at any time.

And the toothpicks are getting stabbier. “Cybercriminals are now using AI and machine learning to make their attacks more sophisticated,” says Kaspersky senior security researcher Noushin Shabab.

What are endpoints and why do they need protecting?

Organizations’ attack surfaces are so big today because now almost anything is an ‘endpoint’ – a device connected to the network, from mobile phones, to webcams, to fridges. Together they make, as White puts it, “a total chaotic mess” from a security perspective.

“Endpoints are the heart of the risk. They’re the route in for your employees and the machinery you use for your work. But they’re also a route in for attackers.” Matt White, CEO, XaaS Ltd

It’s clear endpoints are cybercriminals’ favorite way to enter infrastructure. Market data analysis firm IDC’s 2019 study found 70 percent of breaches started on an endpoint.

What’s the best way to protect endpoints?

While once businesses could rely on antivirus software to do the heavy lifting, White says they must go further to respond to a new threat landscape. “Endpoint detection and response (EDR) is like antivirus on steroids. It doesn’t just detect and identify, it isolates malicious code and repairs. Spending more on that kind of system is like an insurance policy – it may protect you from a lot more damage down the line.”

He likens endpoint detection and response to a COVID-19 vaccination. “You know you may still catch it, but you can make it far less serious by getting a vaccine upfront.”

Businesses should check what level of endpoint protection they need.

White believes the new level of cyberthreats demands a new way of working. “It’s not just plugging in the latest shiny box that’s going to secure a network. Everyone has to work together – all parts of a company, regulators, financial authorities – to create collaboration. It’s a team game.”

And that might be a good thing for business on the whole, as well as cybersecurity.For more videos on protecting tomorrow, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.

Is antivirus enough to protect businesses today?

Our brightest films of 2021

2021 has been quite a year for all of us. While technology has helped us through the pandemic in many different ways, our reliance on tech is often not matched by our ability to protect ourselves from cybercrime. 

Against this backdrop we’ve told stories about criminal gangs, explored immortality and asked whether it’s possible to fall in love with robots with the aim of stirring debate and entertaining hundreds of thousands of viewers around the world. 

Join us as we take a look back at the highlights of this memorable year.

The controversial one. Imagine Beyond: Who Wants to Live Forever?

This film attracted the most comments on Tomorrow Unlocked’s YouTube channel in 2021 when we delved into one of humankind’s oldest themes: immortality. With advances in technology and a radical new global movement, living forever might be closer than we think. But is it something you would want? Watch and decide for yourself. 

Check out other stories about AI, robotics and future tech in Imagine Beyond on YouTube.

The edgy one. Imagine Beyond: Build me Somebody to Love

Could you fall in love with a robot? Will AI relationships be the norm in the future? As robots become ever more human, surely it’s only a matter of time before human-cyborg relations enter a whole new dimension. In this age-restricted video we explore these themes and meet those shaping the future of robotics. 

The multi-award winning Imagine Beyond series offers new and exciting perspectives on what the future of technology could bring for what it means to be human. Stream all episodes on YouTube.

The one for true crime fans. hacker:HUNTER – Emotet

Emotet, the world’s biggest organised cybercrime gang, was responsible for a swathe of crimes and possibly deaths. A global coalition of law enforcement officers came together to take them down – no mean feat when the anonymous crime gang was constantly on the move. This episode of hacker:HUNTER tells the inside story of their demise through the eyes of the heroes who brought them to justice.

hacker:HUNTER looks at outstanding moments of hacking and cybercrime from a deeply human angle. Enjoy all the episodes here.

The interactive one. hacker:HUNTER – Carbanak

Choose your own adventure brought bang up to date with our first interactive film. This documentary takes viewers inside the Carbanak attack of 2013 which saw money flying out of ATMs around the world. Get ready to go behind the scenes of the biggest cyber heist in history.

The audio one. Fast Forward

In our first audio series we delve into the future of tech by looking at the recent past. Led by writer, broadcaster and cultural theorist Ken Hollings, the series includes insightful interviews with industry, media and academic tech experts who have an eye on the future. 

Listen to all episodes of this CMA 2021 silver award-winning audio series

The one that might make you cry. Defenders of Digital: I am the Cavalry

Josh Corman leads a collective of white hat hackers, The Cavalry. Driven by the pain of losing his mother, Josh and his global collective are on a mission to make every

connected device safe, from medical infusion pumps to cars. This film inspires and terrifies in equal measure.  

Watch all 3 series of Defenders of Digital to hear from the heroes who fight to keep digital fair, open, free and functional.

The one that shows the future of industry. Young Bright Minds: The Autonomous Factory

Smart factories could fight climate change, save lives and help solve the supply chain crisis that we’ve seen in this year’s post-pandemic world. 

Could they even represent the next industrial revolution? In this episode of Young Bright Minds we meet Theo Saville, CEO of CloudNC and pioneer of autonomous factories. Theo explains why connected manufacturing is the future and how optimizing machines could save lives.

The one that was most awarded. From Kurils With Love – Behind the Scenes

The original From Kurils With Love documentary scooped 4 global awards in 2020, and in 2021 picked up a prestigious nomination for a Webby – the international awards that honor excellence on the internet.

This year we took you behind the scenes of this extraordinary film. With previously unseen footage, filmmakers Renan Ozturk and Taylor Rees share what the apocalypse created by the eruption of the Raykoke Volcano meant to them and how it became a metaphor for the world’s experience during the global pandemic.

The one for business. hacker: HUNTER Behind the Screens – Lighting the Dark Web

The acclaimed hacker:HUNTER series took a new perspective in 2021 by shining a light on cybersecurity professionals and the work they do to fight the exponential rise of cybercrime.

In this inaugural episode we meet officers from the Yorkshire and Humber Regional Organised Crime Unit who talk us through the Dark Web crime they fight every day, detailing how they catch cybercriminals whose identity, location and organisation is constantly changing. 

Ready for more captivating stories from frontline crime fighters? Stream more episodes of hacker:HUNTER Behind the Screens here.

The drama film. Click

For our first foray into fiction we commissioned a collective of teenage Nigerian filmmakers, The Critics, to create a short film. The self-taught collective is gaining global attention with their sci-fi films. In this movie they look at cybercrime from the perspective of Mel, a hacker who lives with her sick mother while investigating the mysterious disappearance of her father.

For more videos on inspiring tech innovation, subscribe to Tomorrow Unlocked on YouTube.

The Tomorrow Unlocked Film Festival Winner: Terra Cene

Now in its second year, the Tomorrow Unlocked Film Festival gives up-and-coming independent filmmakers the opportunity to showcase their creativity and tell engaging stories about how technology influences our lives now and in the future. Directed by Nono Ayuso, the 2021 winner Terra Cene is a remembrance of things past and an observation of the interconnected nature of our time on Earth.

Check out the 2021 Tomorrow Unlocked Film Festival finalists.

Young Nigerians’ movie Clicks with Kaspersky

A collective of Nigerian teenagers called The Critics is making waves across the world. They make their groundbreaking movies using recycled smartphones and things they’ve learned in online tutorials.

Their recent short Z: THE BEGINNING went viral, catching global film heavyweight attention with its creativity and homemade special effects.

Tomorrow Unlocked is among the first brands to have commissioned The Critics to make a new film, The Click, written and directed by Godwin Gaza Josiah.

The Click: Plot Summary

Mel, played by Esther Ukata, lives with her sick mother and works a repetitive job, all the while investigating her father’s mysterious disappearance.

When an old acquaintance offers Mel a lucrative job hacking elite cybercrime gang The Click, she’s reluctant to get involved. But when her mother’s condition worsens, stress gets the better of Mel and she takes the job.

Remembering skills she learned from her father, Mel succeeds in breaking through the gang’s defenses. But they won’t take this lying down. Will Mel find out what happened to her father?

For more videos on inspiring tech innovation, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.

Is it ethical to hack a cybercrime gang?

Why would cybercriminals hack a fridge?

Things you least expect now connect to the internet, like lighting, fridges and cars. And this Internet of Things (IoT) is doing great work improving energy efficiency and maintenance. But in hacker:HUNTER Behind the Screens Episode 3, Chris Kubecka, CEO of Hypatec and distinguished chair of the Middle East Institute, shows how IoT security is behind the curve.

IoT is extra vulnerable

“These devices are becoming common in homes and industry,” says Kubecka. “But most are not properly security tested, and many use outdated operating systems. It’s easy for attackers to exploit those and bring down entire businesses.”

Noushin Shabab, Senior Security Researcher at Kaspersky, says, “The industrial Internet of Things could be worth a trillion US dollars by 2025. Companies like Airbus use IoT for predictive maintenance sensors in aircraft. It’s high risk – devices not regularly connected can’t receive updates, so are more easily hacked.”

Hacked ‘things’ can kill

Kubecka describes how in 2014, the German government reported a fatal hack into the network of a steel mill. Attackers flooded the network, and safety systems couldn’t operate. Three people were killed and many injured.

Other attacks are more domestic, like one Kubecka investigated in Saudi Arabia. “A company bought a bunch of new smart fridges from a supplier that didn’t security-test. A criminal gang managed to exploit these fridges and use them for spam and manipulating the stock market.”

It can be hard to investigate IoT-based cybercrime. “Many IoT devices don’t log activity, so police forensics can’t find much. Or they’re expecting to find a computer and don’t realize the computer is a fridge.”

Kubecka says businesses shut down by IoT attacks often didn’t think they’d be a target. But cybercriminals can use anyone’s data and systems for fraud and other money-making schemes, like mining bitcoin.

How to secure smart devices

Makers and sellers of IoT devices must do their part to secure them,” says Kaspersky’s Shabab. She recommends they audit code, test for vulnerabilities and let users update and patch devices themselves rather than updating remotely.

Kubecka says manufacturers should be open about attacks they’ve suffered, sharing how it happened so others can learn.

Using security expertise helped smart prosthetic limb makers Motorica, who asked Kaspersky to review their device security. Kaspersky’s researchers identified several vulnerabilities, letting Motorica protect their customers by closing security holes.

While IoT makers are getting more security conscious, we already have homes full of smart devices that may not be secure. You can do a few things to protect IoT devices at home, like limiting what’s connecting to the internet and having strong passwords.

For more videos on those defending the world against cybercrime, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.

Too many things are connected to the internet now – agree or disagree?

The cavalry isn’t coming. What will you do?

When someone has to die for the authorities act, the world really is a dark place. I am The Cavalry – a collective of white hat hackers – is shining a light into the darkness to save lives.

“No one is going to save us, so we have a job to do.”

When Josh Corman’s mum had a stroke, he thought it would primarily affect her speech. It ultimately took her life. At the same time as his mother’s life was ebbing away, Josh was pressing government authorities to take cybersecurity in connected devices more seriously. They refused to do so. 

Tormented by both of these incidents, Josh realized the cavalry isn’t coming to save us. He had to do something. But what?

To enjoy privacy, you’ve got to be alive

The cavalry’s initial strategy was to go high and deep into governments to warn them that cyber-terrorism was a clear and present danger – in healthcare, automotive, agriculture, maritime and other spaces. 

He told officials the issue was not one of privacy – like many people, Josh loves privacy, but he also wants to be alive to enjoy it. They didn’t listen, even when Josh told them that when ‘things’ are connected to the internet, people can die.

They said the public needed proof of harm before they could amass the political will to take action.

TriCk was killed by a drone strike

At the same time, a UK teenager was jailed for hacking the website of Tony Blair (former UK Prime Minister.) While in prison he was radicalized by militant group ISIS. 

On his release he started the ISIS Cyber Caliphate, recruiting using his social media skills and showing his followers how easy hacking could be. Known online as TriCk, real name Junaid Hussain, he was eventually killed in a drone strike. But the Caliphate was now up and running, targeting connected devices within their campaigns of terror.

Are connected devices cyber-asbestos?

Josh likens connected devices to asbestos. When this natural mineral was first used in construction, it was lauded: what’s not to like about a material that is fire resistant, lightweight and cheap? But we later discovered that when it decays it causes cancer – an unintended consequence of what we believed to be progress.

Are we treading the same line with connected devices? Unchecked, will they become the next asbestos? I am The Cavalry has already shown how easy it is to hack an infusion pump remotely and deliver a 30-minute dose in just 30 seconds. If the white hat hacker demonstration team can do it, so can the black hats like TriCk.

Raising the alarm without being alarmist

Josh says that when we hear or read scary things about cybersecurity, it’s human nature to mentally switch off – our brains think it’s scaremongering. 

But just because it’s scary, doesn’t mean it isn’t true. 

The cavalry’s collective of over 1000 white hat hackers are engaged in the hard work now so when the scary times do come (which Josh firmly believes they will) we are “safer, sooner, together.” 

In this episode of Defenders of Digital, Josh gives us the whole story on this life-saving volunteer group.

Are you worried about our dependence on connected technology?

Check out the best of Russian Film Week and beyond

Russian Film Week is back in London cinemas for 8 days from November 28 – December 5 2021, the annual film festival features the best films produced in Russia or Russia-themed films produced globally. Tomorrow Unlocked Film Festival Finalist Cheat sheet for the princess by Vladimir Bukharov will be screened on Thursday, December 2. To celebrate, check out our favorite films about how technology influences our lives from Russia and beyond.

Cheat sheet for the princess

When an agent introduces his latest star to a film producer, things end bloody. But do they?

Terra Cene

Terra Cene is a remembrance of things past and an observation of the interconnected nature of our time on Earth. Winner, Tomorrow Unlocked Film Festival 2021.  

hacker:HUNTER – Wannacry: The Marcus Hutchins Story

In May 2017, computers around the world suddenly shut down. A malware called WannaCry asks for a ransom. The attack stops when researcher Marcus Hutchins finds the killswitch. What happens next for Marcus has to be seen to be believed.

Defenders of Digital – Inherited bias: The trouble with algorithms

These lawyers from Athens explains the dangers of today’s content moderation systems and explores how discrimination can occur when algorithms inherit the biases of their programmers.

hacker:HUNTER – Cashing In

ATMs hold cash, and that makes them attractive for criminals. While criminals around the world try to get to the money in cash machines with hammers, explosives, excavators, or other heavy gear, the Carbanak gang found a more elegant and stealthy way. 

Defenders of Digital – Fighting every day to keep children safe from exploitation

Susie Hargreaves and her team at the Internet Watch Foundation hunt down child abuse images online and help identify children involved so that law enforcement can intervene.

Visit the Russian Film Week website to see the complete film program along with details of exhibitions, talks, masterclasses, and other special events.

Would you watch a film if the star was an AI actor?

How Target’s air conditioning let in a cyberattack

Big businesses know they could be cybercrime targets, so they invest in cyber defenses like software, people and training. Now, cybercriminals have turned to their smaller suppliers as a way of getting to them. hacker:HUNTER Behind the Screens Episode 2 looks at supply chain attacks.

Supply chain attack targets retailer Target

The bigger the business, the more suppliers. And more internet-connected devices everywhere means cybercriminals have more ways in.

In this episode, Eliza-May Austin, CEO and co-founder of cybersecurity start-up (That Security Company,) explains how cybercriminals stole 40 million people’s card details from US retail giant Target with an attack that began in their air conditioning system.

You read that right. It started with an employee at Target’s air conditioning supplier clicking a link in a phishing email, injecting malware into their system. Target had remote access to monitor their air conditioning units, and that remote access was through the same network where cybercriminals could access personal data. They got inside point-of-sale devices and pulled customer card details from the machine’s memory. The attack cost Target some 61 million US dollars.

What is a supply chain attack?

These kinds of attacks aren’t new, but they’re becoming more common and harder to detect. Apple and computer hardware makers ASUS are among those who’ve been targeted.

Energetic Bear was a significant attack on critical energy infrastructure. Cybercriminals began the attack with spear phishing – targeting specific people with customized emails and making a hit list of potentially vulnerable suppliers.

In 2017, Kaspersky researchers discovered a ‘backdoor’ (dubbed ShadowPad) in server management software hundreds of large businesses use. When activated, the backdoor let attackers download malicious modules and steal data. The researchers notified the suppliers, NetSarang, who pulled down the compromised software and replaced it with an earlier clean version.

Sometimes, there is no clean version. Noushin Shabab, Senior Security Researcher at Kaspersky, explains how supply chain attacks can start as software is being developed. “Cyberattackers compromise software by getting inside software used by developers – the development environment. That way malicious code can end up on many businesses’ networks.”

How to protect against supply chain attacks

Eliza-May Austin works with suppliers to larger corporations to make sure the whole supply chain is ‘hardened,’ or better protected from attack.

Her advice is straightforward. “We can prevent about 80 percent of attacks with basic cyber-hygiene. Make sure your software and hardware is up to date. Limit your ‘attack surface’ – if something needn’t be online, don’t put it online. Audit passwords, making sure they’re complex. Have two-factor authentication. Employees can be the weakest link in a company, but if they have good cybersecurity training, they can be the strongest.”

For more videos talking to those dedicated to stopping cybercrime, subscribe to the Tomorrow Unlocked YouTube Channel or follow us on Instagram.

One web developer with an exceptional ability

Visualizing code

Romanian web developer Cosmin Ciolacu has the amazing ability to see code in his head and know if it will work. A wheelchair user who isn’t able to use his arms and hands to type, Cosmin composes scripts in his mind then mentally error-checks them before dictating word by word, character by character to an assistant.

Using assistive technologies, he reviews code on screen for any transcribing errors. And he’s been making some impressive tech of his own.

Tech for greater good

Cosmin’s first project was designing and developing a user-friendly e-learning platform. Inspired by YouTube and Netflix, teachers can use it to upload educational videos and interact with students. Cosmin wants to make sure the tech is easy to use so that it can help more people.

The potential of future tech excites Cosmin, especially Elon Musk’s Neuralink, which lets users control devices with their minds through an implanted ‘neural lace.’See more videos about Young Bright Minds on our YouTube channel or Instagram.

Would you have a brain implant that lets you control devices?

These police officers are lighting up the dark web

The Dark Web: home of fraud, fake COVID-19 vaccines and illicit marketplaces selling everything from personal data to narcotics and child sexual abuse images. 

In the first in our new series, Hacker: Hunter Behind the Screens, we head into the web’s criminal underbelly with the UK’s Yorkshire and Humber Regional Cybercrime Unit (RCCU).

Understanding the Dark Web

The Dark Web is a network of computers where web traffic is anonymized. Many use it to access marketplaces and other sites to facilitate and commit crime.

David Malkin, former Senior Investigating Officer at the RCCU, compares the Dark Web with taking a train. “On the Clear Web, you have a ticket from A to B. In between, someone can check your ticket and see where you’re coming from and where you’re going. On the Dark Web, tickets don’t give your origin or destination, and your route may be different each time.” 

This encryption – and the risk-free environment created by the cloak of anonymity – has led the Dark Web to become a space for criminality: Kaspersky research shows that fake Covid vaccination certificates are for sale for just $20 on the Dark Web, while Statista research suggests 59% of listings on Dark Web marketplaces are for illicit drugs and drug-related chemicals.

But alongside illegal drugs, counterfeit goods and weapons, the sale of personal data is big business on the Dark Web. Fraudsters can buy names, dates of birth, credit card information and more at alarmingly low prices ($40 for online banking logins according to 

The FBI reports losses from online fraud topped 4 billion US dollars in 2020, and these losses destroy lives. 

Chris Spinks, Detective Sergeant in the RCCU’s Web Operations Team, says, “We’ve heard of people who’ve lost tens of thousands of pounds through fraud committing suicide, all because their private information was sold.”

Kaspersky reports the dark web can also be used for good. Dissidents, whistleblowers and investigative journalists use it to communicate anonymously online, and others use it to avoid online data collection.

How to protect yourself from the Dark Web

Kaspersky explains how the Dark Web poses two key threats to everyday internet users – having your identity stolen or your device becoming infected with malware.

Any kind of personal data can be sold on the Dark Web, so be sure to keep your passwords, physical addresses, bank account details and social security numbers safe and protected from potential leaks. If you’re concerned about a personal data breach, use a Dark Web monitoring service like Have I Been Pwned to tell you if your data is up for sale.

The Dark Web is full of information that’s been stolen via malware – tools like keyloggers (that keep a record of everything you type on your keyboard without you realising) and spyware (code that steals your private information, like passwords) can infect your devices without warning. Consider installing anti-virus software like Kaspersky Security Cloud to stay safe online. For more videos about the people fighting cybercrime and how they do it, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.

Should the dark web be illegal?