Tag Archives: cybersecurity

Sci-Tech

A Pathway To Trusted AI

Leave a comment

Artificial Intelligence (AI) has infiltrated our lives for decades, but since the public launch of ChatGPT showcasing generative AI in 2022, society has faced unprecedented technological evolution. 

With digital technology already a constant part of our lives, AI has the potential to alter the way we live, work, and play – but exponentially faster than conventional computers have. With AI comes staggering possibilities for both advancement and threat.

The AI industry creates unique and dangerous opportunities and challenges. AI can do amazing things humans can’t, but in many situations, referred to as the black box problem, experts cannot explain why particular decisions or sources of information are created. These outcomes can, sometimes, be inaccurate because of flawed data, bad decisions or infamous AI hallucinations. There is little regulation or guidance in software and effectively no regulations or guidelines in AI.

How do researchers find a way to build and deploy valuable, trusted AI when there are so many concerns about the technology’s reliability, accuracy and security?

That was the subject of a recent C.D. Howe Institute conference. In my keynote address, I commented that it all comes down to software. Software is already deeply intertwined in our lives, from health, banking, and communications to transportation and entertainment. Along with its benefits, there is huge potential for the disruption and tampering of societal structures: Power grids, airports, hospital systems, private data, trusted sources of information, and more.  

Consumers might not incur great consequences if a shopping application goes awry, but our transportation, financial or medical transactions demand rock-solid technology.

The good news is that experts have the knowledge and expertise to build reliable, secure, high-quality software, as demonstrated across Class A medical devices, airplanes, surgical robots, and more. The bad news is this is rarely standard practice. 

As a society, we have often tolerated compromised software for the sake of convenience. We trade privacy, security, and reliability for ease of use and corporate profitability. We have come to view software crashes, identity theft, cybersecurity breaches and the spread of misinformation as everyday occurrences. We are so used to these trade-offs with software that most users don’t even realize that reliable, secure solutions are possible.

With the expected potential of AI, creating trusted technology becomes ever more crucial. Allowing unverifiable AI in our frameworks is akin to building skyscrapers on silt. Security and functionality by design trump whack-a-mole retrofitting. Data must be accurate, protected, and used in the way it’s intended.

Striking a balance between security, quality, functionality, and profit is a complex dance. The BlackBerry phone, for example, set a standard for secure, trusted devices. Data was kept private, activities and information were secure, and operations were never hacked. Devices were used and trusted by prime ministers, CEOs and presidents worldwide. The security features it pioneered live on and are widely used in the devices that outcompeted Blackberry. 

Innovators have the know-how and expertise to create quality products. But often the drive for profits takes precedence over painstaking design. In the AI universe, however, where issues of data privacy, inaccuracies, generation of harmful content and exposure of vulnerabilities have far-reaching effects, trust is easily lost.

So, how do we build and maintain trust? Educating end-users and leaders is an excellent place to start. They need to be informed enough to demand better, and corporations need to strike a balance between caution and innovation.

Companies can build trust through a strong adherence to safe software practices, education in AI evolution and adherence to evolving regulations. Governments and corporate leaders can keep abreast of how other organizations and countries are enacting policies that support technological evolution, institute accreditation, and financial incentives that support best practices. Across the globe, countries and regions are already developing strategies and laws to encourage responsible use of AI. 

Recent years have seen the creation of codes of conduct and regulatory initiatives such as:

  • Canada’s Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, September 2023, signed by AI powerhouses such as the Vector Institute, Mila-Quebec Artificial Intelligence Institute and the Alberta Machine Intelligence Institute;
  • The Bletchley Declaration, Nov. 2023, an international agreement to cooperate on the development of safe AI, has been signed by 28 countries;
  • US President Biden’s 2023 executive order on the safe, secure and trustworthy development and use of AI; and
  • Governing AI for Humanity, UN Advisory Body Report, September 2024.

We have the expertise to build solid foundations for AI. It’s now up to leaders and corporations to ensure that much-needed practices, guidelines, policies and regulations are in place and followed. It is also up to end-users to demand quality and accountability. 

Now is the time to take steps to mitigate AI’s potential perils so we can build the trust that is needed to harness AI’s extraordinary potential. For the Silo, Charles Eagan. Charles Eagan is the former CTO of Blackberry and a technical advisor to AIE Inc.

Sci-Tech

In The Future Cyberwar Will Be Primary Theater For Superpowers

Leave a comment

Cybersecurity expert explains how virtual wars are fought

With the Russia-Ukraine war in full swing, cybersecurity experts point to a cyber front that had been forming online long before Russian troops crossed the border. Even in the months leading up to the outbreak of war, Ukrainian websites were attacked and altered to display threatening messages about the coming invasion.

“In response to Russian warfare actions, the hacking collective Anonymous launched a series of attacks against Russia, with the country’s state media being the main target. So we can see cyber warfare in action with new types of malware flooding both countries, thousands of sites crashing under DDoS (distributed denial-of-service) attacks, and hacktivism thriving on both sides of barricades,” Daniel Markuson, a cybersecurity expert at NordVPN, says.

The methods of cyberwarfare

In the past decade, the amount of time people spend online has risen drastically. Research by NordVPN has shown that Americans spend around 21 years of their lives online. With our life so dependent on the internet, cyber wars can cause very real damage. Some of the goals online “soldiers” are trying to pursue include:

  • Sabotage and terrorism

The intent of many cyber warfare actions is to sabotage and cause indiscriminate damage. From taking a site offline with a DDoS attack to defacing webpages with political messages, cyber terrorists launch multiple operations every year. One event that had the most impact happened in Turkey when Iranian hackers managed to knock out the power grid for around twelve hours, affecting more than 40 million people.

  • Espionage

While cyber espionage also occurs between corporations, with competitors vying for patents and sensitive information, it’s an essential strategy for governments engaging in covert warfare. Chinese intelligence services are regularly named as the culprits in such operations, although they consistently deny the accusations.

  • Civilian activism (hacktivism)

The growing trend of hacktivism has seen civilian cyber activists take on governments and authorities around the world. One example of hacktivism is Anonymous, a group that has claimed responsibility for assaults on government agencies in the US. In 2022, Anonymous began a targeted cyber campaign against Russia after it invaded Ukraine in an attempt to disrupt government systems and combat Russian propaganda.

  • Propaganda and disinformation

In 2020, 81 countries were found to have used some form of social media manipulation. This type of manipulation was usually ordered by government agencies, political parties, or politicians. Such campaigns, which largely involve the spread of fake news, tended to focus on three key goals – distract or divert conversations away from important issues, increase polarization between religious, political, or social groups, and suppress fundamental human rights, such as the right to freedom of expression or freedom of information.

The future of cyber warfare

“Governments, corporations, and the public need to understand this emerging landscape and protect themselves by taking care of their physical security as well as cybersecurity. From the mass cyberattacks of 2008’s Russo-Georgian War to the cyber onslaught faced by Ukraine today, this is the new battleground for both civil and international conflicts,” Daniel Markuson says.

Markuson predicts that in the future, cyber war will become the primary theater of war for global superpowers. He also thinks that terrorist cells may focus their efforts on targeting civilian infrastructure and other high-risk networks: terrorists would be even harder to detect and could launch attacks anywhere in the world. Lastly, Markuson thinks that activism will become more virtual and allow citizens to hold large governmental authorities to account.

A regular person can’t do much to fight in a cyber war or to protect themselves from the consequences.

However, educating yourself, paying attention to the reliability of sources of information, and maintaining a critical attitude  to everything you read online could help  increase your awareness and feel less affected by propaganda.  For the Silo, Darija Grobova.

Sci-Tech

Amidst Waves of Data Breaches, U.S. Gov Advised Agencies: Implement Zero Trust Architecture

Leave a comment

It’s been nearly two years since arguments and questions kept rising following the FAA outage that happened on January 11th, 2023, which resulted in the complete closure of the U.S. Airspace and most of the airspace here in Canada.

Although the FAA later confirmed that the outage was, in fact, caused by a contractor who unintentionally damaged a data file related to the Notices to Air Missions (NOTAM) system, the authenticity of the fact is still debated. 

The FAA initially urged airlines to ground domestic departures following the system glitch Credit: Reuters

“The FAA said it was due to one corrupted file – who believes this? Are there no safeguards against one file being corrupted, bringing everything down? Billions of Dollars are being spent on cybersecurity, yet this is going on – are there any other files that could be corrupted?” questions Walt Szablowski, Founder and Executive Chairman of Eracent, a company that specializes in providing IT and cybersecurity solutions to large organizations such as the USPS, Visa, U.S. Airforce, British Ministry of Defense — and dozens of Fortune 500 companies.

There has been a string of cybersecurity breaches across some high-profile organizations.

Last year, on January 19th, T-Mobile disclosed that a cyberattacker stole personal data pertaining to 37 million customers, December 2022 saw a trove of data on over 200 million Twitter users circulated among hackers. In November 2022, a hacker posted a dataset to BreachForums containing up-to-date personal information of 487 million WhatsApp users from 84 countries.

The Ponemon Institute in its 2021 Cost of a Data Breach Report analyzed data from 537 organizations around the world that had suffered a data breach. Note all of the following figures are in US dollars. They found that healthcare ($9.23 million ), financial ($5.72 million), pharmaceutical ($5.04 million), technology ($4.88 million), and energy organizations ($4.65 million) suffered the costliest data breaches.

The average total cost of a data breach was estimated to be $3.86 million in 2020, while it increased to $4.24 million in 2021.

“In the software business, 90% of the money is thrown away on software that doesn’t work as intended or as promised,” argues Szablowski“Due to the uncontrollable waves of costly network and data breaches, the U.S. Federal Government is mandating the implementation of the Zero Trust Architecture.

Eracent’s ClearArmor Zero Trust Resource Planning (ZTRP) consolidates and transforms the concept of Zero Trust Architecture into a complete implementation within an organization.

This image has an empty alt attribute; its file name is image-4.png

“Relying on the latest technology will not work if organizations do not evolve their thinking. Tools and technology alone are not the answer. Organizations must design a cybersecurity system that fits and supports each organization’s unique requirements,” concludes Szablowski. For the Silo, Karla Jo Helms.

Sci-Tech

USB Juice Jacking Is New Way Hackers Attack Travelers

Leave a comment

How to avoid being hacked during this Fall’s travel season. 

According to a recent study by cybersecurity firm NordVPN, one in four travelers has been hacked when using public Wi-Fi while traveling abroad. However, unsecured Wi-Fi is not the only factor travelers should be worried about. 

Last year, the FBI published a tweet (see below) warning users against smartphone charging stations in public places (airports, hotels, and shopping malls). Hackers may have modified the charging cables with the aim of installing malware on phones to perform an attack called juice jacking. 

“Digital information, although it exists virtually, can also be stolen using physical devices. So it is important to take a 360-degree approach and secure your device from both online and offline threats,” says Adrianus Warmenhoven, a cybersecurity advisor.

What is juice jacking?

Juice jacking is a cyberattack where a public USB charging port is used to steal data or install malware on a device. Juice jacking attacks allow hackers to steal users’ passwords, credit card information, addresses, names, and other data. Attackers can also install malware to track keystrokes, show ads, or add devices to a botnet.

Image

Is juice jacking detectable?

Juice jacking attacks can be difficult to detect. If your device has already been compromised, you may notice some suspicious activity – but that won’t always be the case.

For example, you may notice something you don’t recognize on your phone — like purchases you didn’t make or calls that look suspicious.

Your phone may also start working unusually slowly or feel hotter than usual. Chances are you may have picked up malware. For a full list of signs to watch out for read on and find out how to know if your phone is hacked.

How to protect yourself

Since no sign of juice jacking is 100% reliable, it is best to avoid falling victim to this attack by using the following the advice:

  • Get a power bank. Power banks are a safe and convenient way to charge your device on the go. Getting a portable power bank means that you’ll never have to use public charging stations where juice jacking attacks occur. Always ensure your power bank is fully charged so you can use it on the go.
     
  • Use a USB data blocker. A USB data blocker is a device that protects your phone from juice jacking when you’re using a public charging station. It plugs into the charging port on your phone and acts as a shield between the public charging station’s cord and your device.
     
  • Use a power socket instead. Juice jacking attacks only happen when you’re connected to a USB charger. If you absolutely need to charge your phone in public, avoid the risk of infected cables and USB ports and use a power outlet. This is typically a safe way to charge your mobile device and other devices in public.

For the Silo, Darija Grobova.

Sci-Tech

Study: Is your phone reading your mind? 33% of Canadians have noticed being tracked by their gadgets

Leave a comment

Digital privacy expert discusses the possible violation of privacy and security of cross-device tracking 

Third of Canadians (33%) have ever noticed an ad on their devices of something they recently spoke about or saw on TV (but hadn’t searched for), according to research by NordVPN, a leading cybersecurity company. A majority of them noticed such ads on their smartphones (76%), computers (49%), or tablets (29%). Moreover, such experience made more than 4 in 10 (46%) Canadians feel tracked/followed as well as scared (12%). 

“That’s due to ultrasonic cross-device tracking. That’s when smartphones have apps that are continuously listening to inaudible, high-frequency ultrasonic sounds from the surroundings and gather a lot of information about you — all without your knowledge. Later, they share this data across other devices,” says Adrianus Warmenhoven, a digital privacy expert.

While tracking people’s behavior across devices is beneficial to marketers, cross-device tracking is often questioned by privacy experts because of its lack of transparency, security and protection of sensitive consumers’ data. 

What do our American friends think?

Ultrasonic cross-device tracking — a trending rise 

Ultrasonic cross-device tracking is used as a method to link all the devices you own to track your behavior and location. These ultrasonic audio beacons can be embedded in many things we interact with daily: TV shows, online videos or websites, or apps on our phones.

Imagine you are watching TV and you see  chocolate being advertised. You pick up your phone, and the same chocolate ad appears on your screen. By using ultrasounds, audio beacons can detect when your phone is nearby, and apps on your phone can listen for approximate audio beacons to track what you are doing.

“Many apps currently ask for permission to access the smartphone’s microphone to incorporate a particular type of ultrasonic beacon to track them. Since it requires no mobile data or Wi-Fi connection but only microphone access to listen to beacons, tracking works even when you have disconnected your phone from the Internet.

“It’s not possible to stop ultrasonic beacons from emitting sound frequencies around you. Therefore, the best way to reduce the chance of your smartphone listening for beacons is to simply restrict unnecessary permissions you have granted to the apps installed on your device,” says Adrianus Warmenhoven.

How can you reduce cross-device tracking?

NordVPN research shows that 65% of Canadians don’t know how to restrict their smartphone’s permissions from listening to them. No one likes to be tracked. Therefore, Adrianus Warmenhoven suggest several ways people can reduce the incidence of this happening:

  • Use a VPN. One of the best ways to protect yourself from being tracked is by using a VPN. A VPN is a tool that encrypts every bit of information about your internet activity. It also stops IP-based tracking because it masks your IP address.
     
  • Use a privacy browser. If you want to keep yourself from tracking, it is best to use a private browser like Tor or DuckDuckGo rather than the incognito mode in Google Chrome. These browsers do not profile you or save any of your personal data for sharing with marketers.
     
  • Change app permissions. The apps on your smartphone may have some permissions that are not required. For instance, why would a photo-editing app need access to your microphone? If apps on your phone have such non-required permissions, you should revoke these permissions.

“The consolidation of power among large tech companies allows them to obtain large quantities of data about individuals across multiple platforms and devices. In this way, technology giants have even more opportunities to obtain deeper insights into individuals’ habits and preferences. Data consolidation through cross-device and platform tracking may also increase data security risks,” says Adrianus Warmenhoven. For the Silo, Darija Grobova/NordVPN.

Sci-Tech

Top sites data breached last year include linkedin

Leave a comment

Almost 6 billion accounts affected in data breaches in 2021 

The year 2021 was record-breaking in terms of the sheer size of data breaches. According to the data collected and analyzed by the Atlas VPN team, 5.9 billion accounts were affected by data breaches throughout 2021. 

Atlas VPN has retrieved and calculated the numbers of breached accounts based on multiple publicly available sources. The total count includes worldwide data breaches that took place from January 1st, 2021, to December 31st, 2021. 

Image

February saw the biggest data breach of all-time  COMB, or in other words, the Compilation of Many Breaches, which is responsible for the leak of a whopping 3.2 billion unique cleartext email and password combinations.

The breach was named this way because it is not a result of a single hack of a specific organization but rather combines leaked data from a number of different breaches spanning five years, including Netflix, LinkedIn, and others.

The breached data was first offered for sale on RaidForums, an underground database sharing and marketplace forum, for just $2 in February. Other breaches that made it to the top five biggest data leaks of 2021 include LinkedIn (700 million people), Facebook (533 million people), Brazil’s Ministry of Health (220 million people), and SocialArks (214 million people). 

Cybersecurity writer and researcher at Atlas VPN Ruta Cizinauskaite shares her thoughts on 2021 data breach trends: “Even with data breaches becoming a growing threat, it seems organizations are still not putting enough effort in protecting the personal information of their users. One of the first things every organization should do is evaluate the amount of sensitive user data it collects — the less sensitive data is stored, the lesser the risk of it being leaked.”