CRASHCOURSE SIX: BAD ACTORS

About the crashcourses  

There are 10 online crashcourses. These crashcourses are linked to the Technology Impact Cycle Tool (tict.io). This free online tool, powered by Fontys University, helps you design, invent, deploy or use technology that makes a (positive) impact on society. The tool offers quick scans, improvement scans and full questionnaires. The tool consists of 10 different categories.

You get the most out of the tool when you are informed on the different categories and, even better, inspired about the categories. That is the goal of this crashcourse: inform you and inspire you on BAD ACTORS, so you are better equipped to assess the impact of technology.  All crashcourses take an hour to compleet.

About this crashcourse
This online crashcourse is number six: bad actors. In the Technology Impact Cycle Tool is a category considering bad actors. Thinking about what bad actors can do with a technology and how to prevent that really helps you to assess, use or design a technology. In this crashcourse we are going to discuss a lot of different bad actors, to inform you and inspire you on the topic. This course, like every course, has one mandatory assignment to help you understand. During the course we will offer all kind of further optional suggested reading, watching and optional assignments for those who crave for more!

The goal of this course is to educate you! To inform you! To inspire you! To entertain you! To dazzle you! To make you think! That is why we did not design a boring crashcourse for beginners, or a basic course with just theory. We cherry picked our way through the topics with the aim to interest, inform and inspire you! If you think we failed you, no problem, we are open for improvements. Just sent us an e-mail on: info@technofilosofie.com.

Some time management directions 
Again: it will take you approximately one hour to complete this course. This course consists of text, articles, videos and assignments. Every section lists reading time, viewing time and assignment time, so you can plan accordingly. If it takes longer than one hour, maybe that means your slow, maybe it means we calculated poorly. You figure it out yourself.

ONLINE CRASHCOURSE SIX. BAD ACTORS

This 60 minute online crashcourse consists of the following sections:

  1. Meet the bad actors (8 minutes);
  2. Hackers (13 minutes);
  3. Identity Thieves (5 minutes);
  4. Abusers (13 minutes);
  5. Fakers (21 minutes).

MEET THE BAD ACTORS

Reading time: 2 minutes / viewing time: 6 minutes

It is pretty hard to determine what a bad actor really is. It depends on what you would describe as bad? Is a government that is spying on their citizins a bad actor? Or is this government just keeping people safe? The answer depends a lot on context and culture. For example, the surveillance system in China is very dystopian to citizins in Western countries, but a lot of Chinese people are very positive about it.

To get an impression on the Chinese Social Credit System, check this balanced video (6 minutes):

And what about companies? Is a company that is surveilling its users a bad actor? Or is it just a businessmodel that is also profitable for the users? This crashcourse is not about answering those questions. In this crashcourse we focus on people that are abusing a technology, not about organizations, companies or governments building the technology.

This crashcourse will list a lot of examples of people abusing technology. Some examples are:

  • Breaking the law;
  • Using technology to avoid the consequences of breaking the law;
  • Hurting people;
  • Identity theft;
  • Steal data;
  • Insult people;
  • Target ethnic groups;
  • Create societal unrest;
  • Pit certain groups against each other;
  • And the list goes on….

We could also make a very long list of potential bad actors, but to keep things simple, we classified them in a few categories. This is not a complete overview, but it will help you to get informed and inspired about what bad actors can do with (digital) technology. This information will help you think about using, designing or assessing technology with bad actors in mind. Let’s start with the hackers:

HACKERS

Reading time: 5 minutes / viewing time: 8 minutes

There are a lot of reasons hacking is such a big problem. In this crashcourse we will name three. Let’s start with our dependence on technology. We are more and more dependent on information technology. Both organizations and private persons rely on access to their technology. Suppose someone has disabled or locked your laptop or smartphone or cloudstorage, how much would you be willing to pay to have access again? How much would an organization be willing to pay to be operational again. A few years ago hackers were trying to frustrate organizations by overflowing their systems (so called distributed denial of service attacks – DDOS), but their methods have become more advanced. Now we see a lot of attacks with ransomware. The information systems of organizations are encrypted and you can only get the key if you pay.

Check this video on how ransomware works (3 minutes):

A famous example of an attack with ransomware software took place in 2019 at the University of Maastricht. This University paid between 200 thousand and 300 thousand euros to hackers who had blocked access to the university’s digital systems with ransomware. The university board was forced to pay because the university’s backups were also hijacked. The backups – stored on the university servers – contain research data and data from students and staff from the past decades.

On December 23rd, university employees discovered problems with the mail server. Shortly thereafter, the network turned out to be infected with Clop ransomware. Ransomware is a type of malware that blocks access to files and programs on a computer or network. These attackers blocked access to systems containing research data, financial information, email systems, the intranet, and the backups. The university eventually decided to pay up to regain access to its systems, the newspaper writes.

The second reason that hacking is such a problem is the importance of data. In a world with incredibly large data collections it is very, very tempting to steal that data. When people asked the famous bankrobber Willie Sutton”‘Why do you rob banks?” He simply replied: “because that’s where the money is.” The same goes for hackers. There is a lot of valuable data collected and stored and often it is not protected really wel. Hackers especially like data they can sell, like creditcard – information.

Some examples of large hacks:

Yahoo’s epic, historic data breach in 2013 compromised 3 billion people in total. The company revealed in 2017 that the accounts for every single customer during that time had been breached, including users of Tumblr and Flickr. Altaba, what’s left of Yahoo after the company sold most of its properties to Verizon, paid $35 million last year to settle charges that it misled investors about the hack.
First American Financial Corp., an American real estate and mortgage insurer, revealed in May 2019 that it left 900 million sensitive customer files exposed.
The trove of digital documents that could have been accessed included private information, such as Social Security numbers and bank accounts. But it’s not clear if any of the files were improperly accessed.
Marriott said last year that someone had gained “unauthorized access” to its guest reservations system for nearly five years. Approximately 500 million guests’ information could have been accessed, which includes names, passport numbers and credit card details. The hotel chain faces a $124 million fine for failing to protect customer data from UK regulators under Europe’s tough new privacy rules, called General Data Protection Regulation.
The examples above are about financial information, but you could also imagine hackers obtaining information of dating sites (already happened), Facebook (already happened a lot) or other personal information. Suppose some hacker would hack Google Search. Would you want people to know your last 200 Google searches?
The third reason hacking is a big problem is that everyone can do it. It is global. You can attack a Dutch University from a suburb in Belarus. You can start hacking with just a laptop. You can start hacking when your 12 years old. You can download tools from the web. Are you feeling ambitious? Check this video about how to become a hacker (5 minutes).

Everybody can be a hacker, but also everybody can be hacked. You can be hacked if you are a large company, but you also can be hacked if you are just a person with a smartphone, laptop and/or online bank-account. The fact that everybody can be a hacker, and everyone can be hacked, ads to the problem. Especially when you know that a lot of people still have passwords like 123456789 (really!).

So, when you are designing, using, inventing or assessing a technology, it is very important to think about hackers. How can you mitigate risks? How can you secure your system? Your data? How do you balance easy accessibility with great security? Which risks are acceptable and which are not? Important questions, because hackers are everywhere, and they are not the only bad actors…

Further optional suggestions:

  • This video on DDOS – attacks (3 minutes)
  • A video with the biggest hacks in history (16 minutes).
  • List with most common passwords;
  • A list with books on hackers;

Key Take Aways:

  • A technology is a real and large problem;
  • Because of our dependence on technology;
  • Because of the value of data;
  • Because hackers are everywhere and everyone can be hacked;
  • So, a technology should protect its users against hackers.

IDENTITY THIEVES

Reading time: 2 minutes / viewing time: 5 minutes

In this crashcourse we are looking at bad actors. This list is not complete, we are just visiting some highlights to inform and inspire you to think about these people when you are assessing a technology. First on the list were the hackers, now let’s take a look at identity thieves.

First watch this video to get things started (2 minutes):

It is simple. The more your identity is online, the easier it is to steal it or to impersonate you. Identity theft is often the result of a hack. The most common form is financial identity theft. Some hacker stole you creditcard information and sold it to someone else. Chances are real. Just think about the number of websites you entered your creditcard data. There are also other kinds of identity theft, for example related to your social media use. Suppose something is sending your friends awful messages or is tweeting hateful tweets with your account? Or sending threatening e-mails to your boss. Or using your WIFI to surf child porn websites. Research shows that half the victims of all identity theft cases know the person that is responsible. It is often a co-worker, a neighbor, a friend, or children that steal the creditcard data of the parents.

Identity theft can also be very stressfull. Just check this video (3 minutes):

There are some ways to defend yourself. The best tips are:

  • Keep things to a minimum. Use social media sparingly. Wow, that is hard. Still, try a alias. Or keep personal things to a minimum;
  • Use strong and different passwords;
  • Pay a service. Some services can check if your identity is still save;
  • Be self aware, check your credit card statements, for example;
  • Keep your computer up to date;
  • Browse safely.

These tips can also help you to assess a technology. Does a technology protect identies enough? Can it be used easily to impersonate someone? What is the impact and so on?

Further optional suggestions:

  • The truth about identity theft. Book from Jim Stickley;
  • Fifteen facts you have to know about identity theft;
  • Already in 1995, you had the movie The Net with Sandra Bullock, just check the trailer;

Key take aways:

  • Identities become digital, and can be stolen;
  • This can be financial, but more and more it can be even more harmfull;
  • That is why technology should be designed to protect you against that.

ABUSERS

Reading time: 3 minutes / viewing time: 10 minutes

The most interesting bad actors, I think, are abusers. They just use a certain technology, without hacking it, but for the wrong reasons. To find these people you really need to organize a brainstorm-session. Just take a technology and ask yourself how can this technology be abused? We will gave you some simple and extreme examples to get you going.

E-mail is a technology that is great for a lot of things, but it is also used by abusers to sent SPAM. Watch this fun video on replying to SPAM (10 minutes)

There is now a rat race between people who build SPAM filters and people who send SPAM. Both are getting better at what they do, which means that other perpetrators and victims are emerging. Another example of a technology that is being abused is crypto-currency. A technology, such as Bitcoin, which was meant to be able to reliably conduct economic transactions without a ‘man in the middle’, also proves to be an ideal solution for extortionists or the transfer of criminal money. Social media also proves to be great platforms for bullying! With systems that warn you about speed traps, you can of course ensure that you always keep to the speed, or just drive too fast where there are no warnings. Dating sites can be used by people who pretend to be someone they are not. AirBnB can be used by real estate sharks driving out original residents. And so on.

As said, the best way to find potential abusers is to have a brainstorm. Try to think: what can bad actors do with my technology? Remember, if it is possible, somebody will probable do it and the impact of one bad actor is often larger than thousands of people who use the system for good. When you know what potential abusers can do, you can take precautions, but there always have to be a balance. Can I prevent the damage the bad actor can do and at what costs? Often the solution is there. For example, if people would have imagined that airplanes can be used to fly into large buildings, it wouldn’t have been necessary to stop flying, but it would have been a great idea to lock the cabin doors.

And, of course, there is social media again. Originally designed to connect people, the platforms are often abused to pit groups against each other, often by using fake news, which we will talk about in the final section.

Further optional suggestions:

  • How abusers use technology (report, 6 pages);
  • Report on how to assess for technology abuse;

Key Take Aways:

  • Even if all intentions are good, technology can and will be abused;
  • Brainstorming about possible abuse helps you to find out if countermeasures are possible.

FAKERS

Reading time: 3 minutes / viewing time: 10 minutes / assignment time: 8 minutes

Fake News is a hot topic. There are millions of people that are making Fake News. Sometimes in an organized professional way, sometimes just for fun. There are four reasons that fake news is a large problem.

First of all it is pretty easy to make fake news (any one can do it!) and it is pretty hard to determine if something is fake or not. There are different types of fake news. You have misinformation, which can be for example sloppy journalism. The intent is not to deceive. You alse have disinformation, which is false information that is deliberately created to influence public opinion or obscure the truth. Most of the time these are made up stories. These made up stories can have serious consequences. A great example is Pizzagate, a fake news story that lead to real gunfire.

Watch this video (2 minutes):

Secondly there are a lot of reasons that people want to spread disinformation. First of all it is a great way to attract attention. Do you want clicks, likes, followers, retweets and so on, then fake news often is the way to go. Secondly spreading fake news helps to create chaos. It is a easy and cheap way to influence other people, organizations or countries. Third, this is reinforced by the algorithms of the large social media platforms. There has been a lot of research that shows that fake news travels faster than true stories. This can be explained by the fact that fake news story are often spectacular and they arouse emotions and interest, so people are more likely to click on it. Clicking leads to more traffic, which leads to more money for the platforms. You could say that the Russians weaponized the algorithms of Facebook and Twitter. Other people would argue that this is also fake news.

Finally, it is hard to spot fake news, even if you are a smart algorithm. Is it fake news or is it satirical news ? Is it fake news or is it a parody ? There are a lot of stories in which the algorithms got it totally wrong.

Mandatory assignment: Download this PowerPoint Template and fill out 6 ways how you spot fake news (8 minutes)

People creating fake news are a special kind of abusers of technology. They use technology like social media that was designed for connecting people and selling advertisements for spreading all kinds of opinions. In the future it will be even harder to spot fake news because of so called generative adverserial networks and deepfakes.

Let’s start this story in 2015. In that year Google gave the world a powerful open source artificial intelligence tool called Tensorflow. The idea was that people used this software to build technology that could have an impact as profound as electricity as Googled put it. With Tensorflow everyone could build something that would contribute to a better society. A lot of good came from that move, like people building cancer detection algorithms, but the most famous piece of software was built by a anonymous Reddit – user with the username deepfake. This person created software that automatically stitches any image of a face (nearly) seamlessly into a video. Deepfake used this to face-swap celebrity faces onto porn performers. Vice Magazine concluded when they noticed this: we are truly fucked!

Today this technology has gotten better and better and easier to use. You do not need a multi-million-dollar studio to create these videos, you can just download the software or an app. The results are impressive.

Watch this video (2 minutes):

Or this video, to see what this technology can do with your ‘trusted’ politician (2 minutes):

Another technology to be considered are so called Generative Adverserial Networks (Gans). These are artificial intelligence networks that can create new ‘things’. For example music, faces, images, designs, and so on.

A great example is: thispersondoesnotexist.com a website that generates faces from people that do not exist. The software uses the input of millions of pictures to imagine totally new people. Everytime you press refresh (F5) a new face of someone that does not exist appears. You can imagine how people can use this to generate fake profiles, for example in a dating app.

You can even use Gans to fake that you can dance.

Watch this amazing 3 minute video:

This technology is only getting better and better and this means in the future everything you see on a screen can not be trusted. The question is it fake or not will be harder to answer. Ironically this also could mean the end of fake news. After all, if everything can be fake, and there is no way to check it, maybe people will start looking for news that is true. The term fake news will be replaced for True News.

Or maybe not.

Further optional suggestions:

  • Research of MIT showing how fast fake news spreads;
  • Watch this video that explains deep fakes (8 minutes);
  • Watch this 14 minute explanation of Generative Adverserial Networks (GANS);

Key Take Aways:

  • Fakers are a special kind of abusers;
  • Fake News is hard to spot, and the spread is reinforced by the business model of the social media platforms;
  • Deep fakes make it even harder to spot fake news, which could be good news.

A VERY SHORT SUMMARY OF THIS CRASHCOURSE

Congratulations. You have completed crashcourse number six, so you got a very small taste of thinking about technology and the impact of bad actors. An appetizer, if you want. Maybe you did some further reading, so you started on the soup. Good for you. Remember: bad actors are everywhere. Know them and use your imagination if you are going to design, invent, use or assess a technology. If you can imagine how bad actors can use or abuse a technology you can also think about strategies to mitigate the risks and improve your technology accordingly.