Congress Confronts Content Abuse as the Healthcare Care Industry Struggles To Suture Its Own Data Wounds
From national-level data leaks to the return of a deadly botnet, it’s been a busy week across the fraud landscape. This Week in Fraud News, September 20, 2019.
It’s a tough week in fraud news when data breaches go national, but that’s exactly what happened this week. Per news from ZDNet, a recent leak of data impacted … well, all of Ecuador, essentially:
“The personal records of most of Ecuador’s population, including children, has been left exposed online due to a misconfigured database.”
Regrettably, that wasn’t the only big number to hit the fraud news wires this week. From The Next Web we learned of more unsecured data, this time emerging from the healthcare arena:
“The issue that medical data is open for any threat actor to access should come as no surprise. The casual handling of personal health data, coupled with the proliferation of medical trackers and connected devices, have enabled companies to amass medical information on a scale that was previously unimaginable, making it a lucrative target for cybercriminals.”
News stories of the type shared above beg the question, what can be done? It’s an important question to ask, but the answers are troubling, what what’s supposed to be the answer, proves instead to be another problem! In other words, we got news this week of a supposed solution actually causing problems of the sort it was meant to solve:
“The developers behind popular password manager LastPass have patched a loophole that exposed your last used password. Originally discovered in August by Tavis Ormandy, a researcher from Google’s Project Zero, the security flaw allowed malicious websites to trick the browser extension into giving away credentials you entered on a previous site.”
From the user perspective, this kind of news can be pretty maddening. Here you are, trying to do the right thing, and your chosen solutions — which you rightly believed were trustworthy — are failing you.
Well, just when you might have given up on technology ever doing anything to protect you, along comes a fascinating story from MIT Technology Review, about deepfakes that are on your side:
“Face anonymization is used to protect the identity of someone, such as a whistleblower, in photos and footage. But traditional techniques, such as blurring and pixelation, run the risk of being incomplete (i.e., the person’s identity can be discovered anyway) or completely stripping away the person’s personality (i.e., by removing facial expressions). Because GANs don’t use the subject’s original face at all, they eliminate any risk of the former problem. They can also re-create facial expressions in high resolution, thus offering a solution to the latter … The technique also demonstrates a new value proposition for GANs, which have developed a bad reputation for lowering the barrier to producing persuasive misinformation.”
The MIT team is absolutely correct in noting the increasing prevalence of “persuasive misinformation” online, and tech giants like Facebook and Google have been at the center of deepfake — and other — controversies for quite some time now. One of the most serious concerns has been the issue of Content Abuse; specifically, content that is toxic, abusive, threatening, and dangerous. This week, we learned from the Washington Post that Congress is trying to do something about the problem:
“The effort reflects a growing push by members of Congress to combat online hate speech, disinformation and other harmful content online, including a hearing held Wednesday where Senate lawmakers questioned Facebook, Google and Twitter executives to probe whether their platforms have become conduits for real-world violence.”
Content Abuse takes on many forms, from the hate speech detailed in the Washington Post article, to “everyday” spam, scams, fake reviews, promo abuse, and more. It’s important to remember though, that while those latter examples may seem comparatively ordinary (and by inference, less harmful), this kind of “everyday” content abuse costs businesses a great deal. From Ars Technica this week, we got a highly informative article about how a famously destructive botnet works to threaten its targets:
“Emotet started out as a means for spreading a bank-fraud trojan, but over the years it morphed into a platform-for-hire that also spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into infected networks to maximize the damage they do. A post published on Tuesday by researchers from Cisco’s Talos security team helps explain how Emotet continues to threaten so many of its targets.”
It’s a complicated world out there, but if there’s one thing you can count on, it’s that we’re here to help you make sense of the latest fraud news. See you next week!
