Cyber Security & AI

From New Media Business Blog

Jump to: navigation, search


Existing Cyber Security Technologies

Hardware Authentication

Cyber security technologies are not limited to only software, algorithms, and applications pertaining to machine learning and artificial intelligence. In fact, many of the first security measures that were offered on the market fell under the umbrella of ‘hardware authentication’ tools. Simply put, hardware authentication tools are a security solution that uses a hardware device to grant access to users [1].

Some of early hardware authentication tools available were in the form of USB keys which would authenticate a particular user and allow them to access a computer’s system[2]. Other market offerings of this product type included paired keys; one of which would encrypt a user’s hard drive and the other would decrypt it.

Today, hardware and authentication techniques have evolved, particularly due to advancements in biometric technologies. Our smartphones, devices which we use every day, are loaded with biometric technologies which aid in restricting access to those of whom the phone doesn’t belong. The two most prominent biometric technologies are fingerprint recognition and retinal scanning.

Fingerprint Recognition

This technology has been available for several years, and exists in a couple of forms. One of the ways systems can capture data about a person's fingerprint is using an optical sensor which takes a 2D picture. Under this method, this authentication data is more prone to hacking because the 2D image is less detailed and therefore easier to hack.

The rising standard for fingerprint scanning as a form of authentication is recording data about the fingerprint using capacitive sensors. Here, the hardware uses “tiny capacitive circuits” to collect electric information about the fingerprint, ridges, etc[3]. This application of fingerprint technology is much harder to fool than 2D images because it’s not as easy to just use an image or a basic prosthetic to replicate the fingerprint.

Retinal Scanning

Retinal scanning is less popular biometric technology. While it hasn't hit the mainstream appeal for inclusion in our smartphones, it's application has been used by the FBI, CIA, and even NASA for granting access and tracking personnel. The basis of the technology is to capture a detailed image of the pattern of a persons red blood vessels on their retina. This pattern is entirely unique to each person and therefore functions similarly to fingerprint scanning.

Prisons have also applied retinal scanning technology to keep track of prisoners. There have also been applications of retinal scanning for access to ATM machines, and it’s also helped in preventing welfare fraud[4].

Malwares, Trojans, Worms, and Viruses

Virtually anyone who has owned a computer has faced the problem of finding their machine has become infected by some malicious virus. While there are software security programs - think Norton security software- which work to uphold the system security of your devices, there are also more than a handful of malicious software whose goal is to infiltrate your device and pull sensitive information. The abundance of these software is plentiful, and their purposes range from being a simple nuisance, to accessing banking information, to even infiltrating governmental nuclear control systems.

Rising in popularity have been ransomware, which are viruses which access confidential information or control of a system and demand payment in exchange for control to be given back to the administrator. Businesses, governments, and individuals have been victims to these attacks. The following some notable examples of aggressive worms and ransomware’s:

WannaCry 2017

This ransomware attack was one of the largest cyber attacks in modern history; affecting over 230 000 computer in 150 countries. The ransomware essentially encrypted personal information stored on an individual’s computer and demanded payment in exchange for the return of information. If the payment wasn’t made within 7 days, the encrypted files would be destroyed. What’s notable about this attack is that the attacker demanded that the $300 payment (per computer) in the form of bitcoin[5]. The attack also included parts of the British National Health Service, which forced them to cancel schedules appointments and deny service to some patients .

WannaCry deployed the attack through the use of a trojan, which is essentially a malicious software which is disguised as a harmless attachment, download, etc. Users unknowingly give the trojan access to their devices and from there it carries out it’s intended function. WannaCry primarily exploited un-patched windows devices. When it was successful in installation, it would change the background of the computer to a message that demanded the payment of $300 in bitcoin otherwise all files would be deleted[6].

Stuxnet 2010

Stuxnet is a malicious computer worm which was first discovered in 2010 through an attack on the Iranian Nuclear Program. It was developed for several years through a joint effort by the American and Israeli governments. Because it was developed by two national superpowers and deployed on a nations nuclear program, the Stuxnet is widely considered not only as a malicious worm but a sophisticated cyber weapon .

The Stuxnet worm was believed to have been transferred to the Iranian nuclear computer system through a USB drive. It’s invasive nature and replicability meant that it could download itself onto subsequent USB drives without the user knowing. Once the worm was fully deployed, it gave the hackers the ability to control different pieces of machinery at each of the 15 sites it affected. By the time it was discovered it had already destroyed 984 uranium centrifuges, which accounted for approximately 30% of the total centrifuges over the 15 Iranian facilities[7].

Duqu 2011 - 2018

Duqu is a computer worm that’s thought to be related to the Stuxnet and developed by the Israeli Intelligence Corps, Unit 8200. While Duqu, like Stuxnet, is designed to infiltrate industrial control systems. Unlike Stuxnet, Duqu isn’t designed to damage the system - only gain information from the system, which is then later used in a directed attack[8].

Though Duqu was intended for the infiltration of industrial control systems it’s modular nature meant that it could attack virtually any computer system. This means that Duqu is capable of even attacking personal computers. The implications of this malware existing in the public internet is terrifying. For example, a hacker working with Duqu or a Duqu variant could collect any information they want about you that is stored on your device. And because Duqu eliminates itself from a computer system after 36 days, there’s no sign that you’ve been attacked[9].

Flame 2012

Flame is a malware that was found in 2012 which was designed to attack the running windows operating system. At the time it was considered the “most complex malware ever found” and was capable of infecting computers through a LAN or USB drive. When discovered in 2012, Flame was infected in over 1000 computers which ranged from government officials to ordinary private citizens.

What was truly terrifying about Flame was that it was capable of recording audio, screenshots, keyboard activity, network activity, and even recorded skype calls. Flame was so sophisticated that it was even capable of turning computers into bluetooth beacons which could attempt to download personal information from nearby bluetooth devices[10].

Though Flame, like Duqu and Stuxnet, were funded and created by a government it’s hard not to ponder what devastating implications such a technology could have if it were deployed at the same scale as WannaCry[11].

Emerging Technologies

Enter the Blockchain

The blockchain is famously known as the backbone technology that’s enabled the rise of cryptocurrencies - the most popular being bitcoin. It’s also infamously known as an obscure concept that though will be influential to governments, business, and society moving forward, if widely misunderstood. In doing business in a new blockchain enabled world, it’s helpful to know just why the innovation is so much more secure than current encryption methodologies.

How the blockchain Works, and its inherent security superiority The following will attempt to explain what the blockchain is, at a level that should convey why the technology at its core enables better security measures[12]:

Imagine you have a ledger with 5000 lines. Each line was inputted one at a time. A line, for example, could read “John gave Alan 3 apples”. That line is converted to a hash-like value (a combination of mostly numbers, sometimes including letters) and is expressed as a string of numeral and alphabetic values ( eg. s89f8ds9aug80ds8aa8dfs…). “John gave Alan 3 apples” may be stored as a hash value of “45345jk4hjkbhjf34f6y778v9” and is stored as such in the ledger. With blockchain the subsequent entry will also be converted to, and stored as, a hash value. Let’s call this second entry “No apples were given to anyone today”. What's unique is that this second entry’s hash will be comprised of the it’s converted hash value as well as the hash value of the previous entry. This process continues for all 5000 lines in your ledger.

So let's say we’ve encoded the entire ledger in this way. Now let’s say we’re going share this ledger among 5000 computers scattered all over the world so that each computer holds a record of the original ledger. Now let’s say your friend decides he wants to be cheeky and screw up your ledger. He goes to the line “John gave Allan 3 apples“ and changes it to “John gave Allan 2 apple”. This change to the ledger prompts every single computer which holds the original ledger to check their records to evaluate the fidelity of the change. From here, each computer essentially casts a ‘vote' of whether or not the change reflects the actual records. A majority (50% + 1) is needed for a change to be made[13]. If a ledger holds at most 5000, as new entries surpass that threshold a new ledger, or ‘block’ will form. And since each block is inherently connected to each other, they're considered to be part of a chain. And thus the term blockchain came into existence.

This democratization of data storage and record keeping is exactly what makes the blockchain a superior technology regarding cyber security. As blockchain is an emerging technology, companies are looking to incorporate it into their business operations to reap the rewards of enhanced security measures as well as potentially tokenizing their blockchain.

Transparency is another feature of the blockchain. Since, referring to our example above, all computers who are a part of the blockchain have updated records of the ledger which means that the data itself isn’t particularly private (among those computers). Private blockchains have been developed and are seeing some early adoption and experimentation within industries such as banking.

Artificial Intelligence

Proactive Threat Detection and Deception Technologies

Threat detection software and services have been available for years now, and they’re generally okay in keeping computers and computer systems safe from attackers. Now with AI-enabled bots become more effective in infiltrating computer systems, there have bene advancements in leveraging AI and machine learning engines into existing vendor solutions. Paladion [14] and eSentire are investing in, and acquiring technology to enhance their threat detection solutions. eSentire has incorporated AI engines to allow systems administrators to more effectively respond to the growing number of cyber attacks[15]. Because of the volume of new attacks, AI is playing a role in preemptively identifying these attacks in real time, and because AI gets more sophisticated in tackling problems through simulations, the more the system deals with attacks the more powerful the solution becomes. Since eSentire is a leader in threat detection and prevention software, it seems to be that the future of cyber security as it relates to AI will comprise of a marriage between advanced automation enabled by AI and the expertise of security and network administrators[16].

Deception technologies and related solutions are a really interesting take on cyber security as it pertains to AI. In essence, deception technologies lay digital ‘mine fields’ which confuse the attacking malware or AI-backed malicious bot as they try to access a computer system. Once an attacker targets a decoy the system can identify it and track it as tries to learn the system. At that point administrators can shut down the attack[17].

Advancements in deception technologies may prove problematic for malicious AI’s. This is because AI’s are trained in a particular system and are really good at solving problems within that model or system the more they train. Therefore they have trouble instinctually understanding when they are being fooled by deception technologies, because it works within the system they were trained on to infiltrate.

Advanced User-Behavior Analytics

User behavior analytics is a field of cyber security technology where patterns of human behavior have an algorithm applied to detect anomalies in those patterns. Anomalies are indicative of a potential threat to the computer system[18].

For corporations this means collecting data about how each user is using their respective devices and how they access information on the corporate computing system. So when even a single user, out of perhaps a very large corporation, begin to behave atypically (like going through many folders that they shouldn’t be accessing) this can signal that the system is under attack[19].

While user behavior analytics and their applications can prove to be a strong threat detection solution for corporations and individuals, there are derivatives of this technology which have been adapted with maleficent intent.

In 2017, a cyber security firm called Darktrace identified an attack in India where AI was tracking the behavior and patterns of a user within a network. The AI was also able to parse parts of the users communication patterns. This means that that AI was working on understanding how the person communicated and could exploit their style in order to mimic them, then send messages using their writing voice[20].

Quantum Computing

A Brief Intro to Quantum Computing

Though this emerging and presently cutting-edge technology will have major implications to the future of computing, like the blockchain, it’s often misunderstood or entirely unknown to many of us. The core of quantum computing lays in redefining how information is stored and subsequently accessed at its most basic unit.

Computers today run on a linear programming model which uses bits. Bits are a basic unit or storage which hold a binary value, either a 1 or a 0. While our computers have become increasingly more powerful and capable of solving complex problems, exceptionally large and complex problems either take a very long time to solve or are unsolvable under current computing conditions.

Quantum computing is an exciting development not just for cybersecurity but for all industries. This is because the core technology is very different to our current computing model. Based on quantum mechanics and mathematics, under quantum computing these basic units of data (bits for current computers) are referred to as qubits[21].

Qubits are unique in that they can simultaneously hold multiple values at once. So while bits hold either a 1 or 0 exclusively, a qubit can hold BOTH a 1 and 0. Qubits which hold simultaneous values like this are said to be experiencing a superposition of values. The form of the qubit is realized only when it is observed, which means that depending on when you interrupt the qubit you will get a certain value. This means that when a quantum computer is asked to decode something or solve a problem, it’s able to do this much more efficiently because it doesn’t have to work sequentially as today’s computers must[22].

Quantum entanglement is a core of quantum computing and is regarded as the basis of what makes this innovation so groundbreaking. Another interesting difference between qubits and bits is that only qubits are capable of experiencing entanglement. Entanglement generally means that one qubit can be connected to other qubits through shared values. And because of the way multiple qubits are connected to each other any state of one qubit is known to the other qubits it’s connected to. This means that a single qubit can infer and use states of related qubits based on the value on which they are correlated. This allows a single qubit to leverage the values of the other qubits when performing a computation. Another fascinating note is that under the laws of quantum entanglement these qubits are able to stay connected to each other for up to 10km in distance (in some experiments)[23].

Quantum Key Distribution

Quantum computing is a bleeding edge innovation that will take many decades to see widespread market adoption. Small quantum computers can be purchased for research purposes for a nominal $15 million[24]. As this technology continues through the process of research and development, certainly many security applications will follow.

Today the most promising of these applications is in the form of Quantum Key Distribution, which is a cryptographic security process that involves quantum mechanics. A secret random key is created between two parties that is only known to each party involved in the data transmission. Because quantum computing involves the concept of superposition above, if a 3rd party were to try and intercept that message, both the parties would know because that qubit will have tried to be interrupted.

This is fundamentally different from current cryptographic techniques which use complex mathematical functions to secure an encrypted message between parties. It’s important to know that Quantum Key Distribution only creates the key and doesn’t send the data itself[25].

Cyber Security and Corporations

Cyber security in companies is a topic widely debated and researched due to the high stakes that are in play. In 2017, over 130 large-scale, targeted breaches were recorded in the U.S., and that number is growing by 27 percent per year. Generally speaking, companies are trying to tackle this issue in two main ways. In terms of reactiveness, they are aiming at getting the cyber security technologies more and more efficient in responding at the very early stages of an attack: countless tools can accurately detect an attack after it has started affecting its target, while in the current landscape there are very few of them that are able to act before it is too late. And second, in terms of prevention, companies are investigating the possibility of improving their results in the practice of spotting those mistakes in the code underlying their systems that are the basis for a big portion of the attacks[26].

The frameworks they are employing for deciding what strategies to focus on are the so-called “three lenses”: they have to pay attention to the external environment, and constantly monitor happenings and potential threats; they have to deal with the regulatory environment, which differs from country to country but currently seems to be far behind compared to the state of affairs; and they have to focus on the internal environment, which means making strategic decisions connected to cyber security such as adapting procedures, training employees, outsourcing, etc[27].

AI & Cyber Security in Companies

AI is one of the top tools companies are experimenting with in order to decrease their exposure, both for its high efficacy and for the fact that it reduces the need for human labour hours. Indeed, as for the need of well-trained talent in the field of cyber security, companies throughout many industries are signaling a talent “crunch”, because the stable (or slightly increasing) workforce in the area of cyber security is outgrown by far by the increasing volume of attacks and the consequent need for protection. Also, according to experts of the industry, AI could be a very suited tool for their needs because of its natural proficiency in dealing with big amounts of data, which is indeed one of the hotspots of cyber security operations. This could prove enormously beneficial for the aspect of prevention we mentioned earlier and for the retrospective analysis of what has happened in the case of hazardous activity. Though, as for what is defined as “adversarial situations” (such as during an attack), AI technologies may have significant pitfalls[28].

Downsides of AI use in Cyber Security

Though AI technologies are able to learn and adapt to change, their working is based on the notion that phenomena become relatively predictable is enough data is processed. In cyber security, the problem is that hackers do exactly the opposite of what the normal rules and trends would suggest, so that in most cases it would be just impossible for AI to adapt quickly enough. Also, AI technologies may be subject themselves to attacks whose effect would be difficult to perceive. If a hacker made even a tiny change in an AI’s basic algorithm, unprepared employees could fail to notice the change for a dangerous amount of time. That is also why cyber security firms are raising the issue that who was to put these technologies in activity should have quite a solid understanding of how they work, rather than seeing them as a closed-circuit tool that they do not want nor need to interact with[29].

Banking Sector

The banking sector is among the most exposed to cyber attacks because the data and assets that financial institutions deal with are remarkably valuable. Responses differ from institution to institution and a report recently published by Deloitte also confirms that there is no “one-size-fits-all” approach when it comes to cyber security because it is sensible to adapt one’s defensive measures in accordance with size, maturity, core operations, and other factors. Core practices throughout the sector include the use of multiple lines of defense, usually at front line units and within the cyber-risky internal operations. As for innovative tools, a recent development which seems quite promising is cyber deceiving technologies, where the defender writes an additional layer of coding between the data to protect and the point of contact with the exterior, with the objective of deceiving attacking systems by hiding the fact that some important data lie in the code underneath. Finally, more in general, we witness an increase in the use of insurance plans that financial firms can purchase to cover a huge deal of potential loss scenarios, and an alphabetization about cyber security throughout top management boards[30].

Also, financial institutions are reported to be more likely than companies in other sectors to cooperate and share information and resources when it comes to innovating and improving their cyber security processes. The threat is such that they are eager to collaborate for increasing everyone’s chances of successful defense. Particularly, in Canada, the Big Six banks are working hand in hand to have an increasingly strong alliance against cyber-attacks. Those kinds of initiatives consist of putting in common the incidents each institution has lived and the learning derived from them, as well as meticulously assessing the potential cyber risk of any joint initiatives[31].

Healthcare Sector

In the healthcare sector we witness a paradoxical contrast between the number of cyber attacks and the amount of resources invested by companies to defend themselves. Patient records are the central victims of many of these attacks, because of the extremely high value they have on the black market (up to 10 times the value of credit card information); healthcare organizations, on the other hand, are reported to invest only half of the spare that other industries devote to cyber security, making them a target both highly valued and highly vulnerable. The current situation speaks of increasing risks also for the patient themselves due to the proliferation of IoT devices[32].

An extreme and representative case can be when Dick Cheney’s doctors had to modify the functioning of his pacemaker due to concerns about potential hacks. Plus, the communication-intensive nature of the healthcare operations makes them a relatively easy target for ransomware, a kind of attack that consists of blocking some part of the institution’s processes and demanding a payment to loosen up the block. It is evident that the risks connected to a hospital/healthcare institution having his operations blocked by a cyber attack are so high that criminals know these organizations are relatively likely to pay almost any amount they could ask for.

Many experts advocate a deep change in the way healthcare organizations deal with cyber security, since an attack to such kind of institution is among the most immediately prejudicial for the general population. The current state of affairs, though, is that the improvements are still slow and marginal and, unless a sharp veering happened, the healthcare industry will only get more and more endangered as time goes by[33].


What is Cyberwarfare?

“Refers to the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant damage, death or destruction”[34]. It is defined as a between states, thus not individuals. This involves espionage, hackers, and cyberweapons. This kind of conflict is happening in the shadows, and because of that, it is hard to define. However, it is an area of conflict that is becoming progressively important and dangerous.

Every week there is a new breach or conflict that is detected, and one might argue that the cyberwars are the future. But the reality of it is that it is already here. Like a traditional military attack, the cyberwarfare comes in different sizes and shapes, because the tools is created out of code. These attacks can be launched from anywhere in the world, to anyone in the world. They are very hard to detect and trace back to where they came from, because of how the attacker can lead their data stream[35]. If they for example an attack is launched from the US, using a proxy from a server in Ukraine, to target a system in the UK, then they will perceive it as an attack the got launched from a server in Ukraine.

What is not Cyberwarfare?

To call every hack an act of cyberwarfare is wrong and unwise. But it can be hard to separate an attack against a company since it can be harmful for the entire country[36]. Lets consider if a hacker group cracks a bank’s system to steal some money, that would not be considered an act of cyberwarfare. But if the same attack happened and it were state-backed hackers that were behind it, it could be considered so. Because then it could be viewed as an act to destabilize a county’s economy. Thus, the targets nature and the scale of the attack is an indicator[37].

A recent example of this was when film studio Sony got hacked in 2014 by the group Guardians of Peace. The motive behind the attack was the film The Interview[38], where Seth Rogen and James Franco plays two journalists who are recruited by the CIA to assassin Kim Jong-un. Columbia Pictures received a threat about the movie in October but did nothing. Then, their parent company Sony received a threat in early November where the Guardians of Peace demanded that they withdraw the film[39].Threats were also delivered to the cinemas that showed the film. This resulted in major cinemas opting out to not release the film which forces Sony to release it as an online rental and purchase. Only a few selected cinemas released it. Because Sony still released it in some form, GoP crashed and leaked confidential data about the company. US intelligence secured evidence that this operation was backed by the North Korean government. It is debatable if it was an act of cyberwar. President Obama later on deemed it an act of cyber-vandalism[40].

Cyberwar Superpowers

According to Keith Breene from World Economic Forum[41]. these countries are seen as superpowers of cyberwarfare: United States, China, Russia, Israel, and United Kingdom. However, there are more than 30 nations that develop their capabilities in cyberattacks[42]. The reason for that more countries now starts to develop their security, is because it is a cheap weapon to have[43]. Breene explain further about the superpowers their capabilities:

The US has spent billions of dollars towards cyber security. Between 2014 and 2016 they went from 1800 personnel in staff, to 6000 in staff. China has also started to improve their capabilities to match the US. They empathizes that because of their economy now increasingly relies on digital infrastructure, the security in cyberspace from a national perspective must be strengthen.

Russia is known for its capabilities in cyber security. They have a highly advanced offensive cyber program, which have been used in attacks against Georgia in 2008 but also more recently against Ukraine in 2014.

Israel moves forward with their capabilities, having 10% of global sales of computer and network security technology. The British government has invested heavily in cyber security, making London as the center of cyberwar of Europe.

Other Big Players:

North Korea is one of the other big players. They were the ones behind the attack on Sony but were also allegedly the ones behind WannaCry ransomware that affected more than 200 000 computers across 150 nations[44].

Iran is also developing their cyber security and have been behind several attacks in the middle east. In 2012, they hacked Saudi Aramco, Saudi Arabia’s national oil company. They almost destroyed their entire IT infrastructure which were close to collapse the company[45].


The areas that becomes most vital in protecting and that will become increasingly important over time is the critical infrastructure such as: - Energy plants - Financial - Manufacturing - Transportation - Communication - Heath systems - Military systems are also one obvious target. Digital attacks bypasses governments and intelligence agencies traditional defense and can create just as dangerous as dropping a bomb. Because they can turn off the electricity, disrupt banking systems, or shut down the water system, which would do major damage to any economy[46].

Use of Force in Cyberwarfare

The formal definition of cyberwarfare is when digital attacks cause serious damage which can be equivalent of a physical attack[47]. That the attack on the computer systems causes destruction, disruption or loss of lives. This marks the threshold which under international law says that nations or states are allowed to use force when they’re under attack, to defend themselves[48]. There are also more diplomatic ways to approach such an attack, responding with sanctions or expelling diplomats. But nations can also choose a more aggressive approach. If a cyberattack of large scale were to happen, then they have the right to use their military arsenal to defend themselves, possibly dropping physical bombs[49].

The Tallinn Manual

It is argued that because cyber security is seen as a new concept and that it can be hard to define it, there is no international law that covers cyberwars. However, that is not true. The international law still covers cyberwars, but it is only parts of it that is applicable and even then, it is open to interpretation[50]. This grey area has resulted in states trying on different attacking techniques because other nations would be uncertain on how it would be applied under international law. This lack of legal framework is what created The Tallinn Manual, which is like a guideline for legal advisors to governments, military and intelligence agencies. The idea is to clear out the uncertainties about the international law currently in place[51]. There are two versions of it. The first version of the manual looked at attacks of the scale previously discussed, the ones that crosses the threshold into the area where the use of force is applicable. The second one looked at the smaller dayily attacks that happens. As stated, the idea of this is to make the law clearer, because in uncertainties leaders tend to overact and the risk for escalation increases.

Military Exercise

Locked Shields

The NATO cyber defense war-game, Locked Shields, let the nations involved prepare for a potential cyberwar. It involves 30 nationalities and around 1000 people [52]. For two days the teams have to deal with different attacks on their systems and drones. This is an event that happens annually since 2010 and each year the challenges changes, while the setting of Beryllia and rival Crimsonia remains the same. Those two are the fictive countries involved in the simulation. The master of scenario, Dr Rain Ottis, stated that they are trying to make the attack and hacking scenarios as real as possible, therefore they are taken from real life[53] . So that it is not just and abstract simulation, it is the same operating system as in real life which makes them practice their ability to tackle such attacks. Examples of attacks are, drones flying of course, contaminated water supply, shut off power supply. There are several other similar exercises, but not of this scale.

Election interference

US Election 2016

A recent attack that everyone that got a lot of media attention is the inference of the United States Election in 2016. A lot of digital evidence shows that this attack was ordered by the Russian government in order to get their preferred candidate to become the next president According to the assessment conducted by the American government it was concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.” . [54]No one knows exactly how vast the hack is but it is often said that the hack actually tamped with the votes. But there is no evidence of this. [55] What is evident is however is that the hackers compromised the voter registration database.[56]This database was a result of the Help America Vote Act which was an act to help states modernize their electoral systems with subsidies from the government. The act required the states to maintain an online database to help people register and maintain a record of the votes on a state level. [57] The databases where maintained on a local county level which is where the voting is conducted and was eventually where the hacks where targeted towards. In total, systems in 39 different states where affected. [58]

Cyber Espionage

Spear-Phishing map

In leaked documents from the NSA it its stated that the Russian GRU executed cyber espionage towards US based companies in order to obtain information about election related software and hardware solutions. [59] Cyber espionage is defined as – A form of cyber-attack that steals classified, sensitive data or intellectual property to gain an advantage over a competitive company or government entity.[60]

The GRU focused on getting information about parts of the voting system that was directly connected to the voter registration process. This voter registration process is under the responsibility of the local government organizations also known as a county which. This is where the Help America Vote Act provided the counties with databases (voter registration databases) with the intention of storing information about the voters. By using this the information gained from the cyber espionage, the GRU launched an email attack containing malware, also known as a spear-phishing attack targeted towards local election officials.

Spear Phishing

Spear-Phishing document

Spear phishing is defined as - Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear-phishing attempts are not typically initiated by random hackers, but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.[61]

The objective of the spear-phishing attack was simple, pose as e-voting vendor and trick the local government officials to open a document that was tainted with a malware that would give the hacker full control over the infected computers and network. With this method, the hackers got into the voter registration database and tried to alter and delete information about the voters.[62]

NSA leaked document

A leaked NSA document shows that their investigation have identified digital fingerprints that link the Russian to this hack, even though the it doesn’t show the underlying facts that the analysis is based on it provides interesting insights.[63]

NSA leaked document

Fake News

As stated earlier the overall goal from the Russian GRU was to manipulate the election process and another method that was used was Fake News.

Fake News are defined as – False stories that appear to be news, spread on the internet or using other media usually created to influence political views or as a joke[64] By using posting on social media it is believed that Russian backed content reached over 126 million Americans during the 2016 election process[65] The intention of the fake news was to denigrate Hillary Clinton as a president candidate and a study from Ohio State University proves that this probably played a significant role in the subsequent election win for Donald Trump. [66]

The study that was conducted by Richard Gunther, Paul A. Beck and Erik C. Nisbet for Ohio State University examined three popular fake news stories and investigated how many former democrats believed they were true and what the repercussion of this was. A fake news story that got a lot of attention was that Clinton had given approval of weapon sales to Islamic jihadists, “including ISIS” and from when the authors investigated a sample of 585 democrats, 20% believed that this was true story. The other fake news that were included in the study were that Pope Francis endorsed Trump and that Clinton was in “very poor health due to a serious illness”. [67] Overall, ¼ of the 2012 democrats believed one of these stories, and of that set, only 45 % voted for Clinton. On the other hand, those who did not believe any of the fake news, 89 % voted for Clinton. The study reveals that 23 % of the total sample did not vote for Clinton by either not voting at all or choosing another candidate, where 10 % voted for Trump. Even though this not might be enough to prove that former democrats beliefs in fake news defected them from candidate Clinton the study suggest that the exposure to fake news did have significant impact on voting decisions. [68]

Government Surveillance

Government surveillance is a topic that got a lot of discussion in the media after Edward Snowden revealed that the US government used a top secret program called PRISM to conduct worldwide surveillance

Prism & Social Credit System in China

The Prism program was brought to life in 2007 because of the Protect America Act under the Bush administration. The surveillance is possible due to the cooperation between of as many as 100 U.S companies including tech giants as Google, Microsoft, Apple, and Facebook. [69]The surveillance is conducted by gathering and copying information from the internet’s major pipelines when it enters and leaves the United States, specific information is then routed to the NSA for analysis. This whole process is possible by the Foreign Intelligence Surveillance Act (FISA) who authorize the collection of specific data from the cooperating companies. [70]

This program was government secret intended to protect America. Unlike the vast surveillance system China is setting up to track every single one of their 1.5 billion citizens. This growth of this surveillance system comes as a response to the Chinese governments roll-out of an enormous “social credit system” that will rank it citizens behavior and dole out rewards and punishments depending on their scores. [71]

There is not much information about exactly how the government will monitor their citizens for the social credit system but the existing technology in China today can be well applied for this purpose. The technology companies are required by law to share data with the government similarly to the leaked PRISM program.

The punishment of the credit system will for example be able to ban people from traveling. Already 9 million people with low scores have been hindered from purchasing tickets for domestic flights. [72]


Personal tools