Information

Maps May Soon Be Less Trustworthy Than Ever

Did you know that maps as we know them are remarkably skewed? Due to some centuries-old superiority complexes and prejudices, the maps we’ve all been raised looking at have never been completely accurate. However, this problem could soon be an element of cybercrime thanks to a developing technology that many have yet to take seriously, deepfake images, and how they could revolutionize cyberattacks moving forward.

What Are Deepfakes?

Deepfakes are manipulated images or videos that have been altered to revise the truth with the assistance of artificial intelligence. The Internet is full of lighthearted examples, where a comedian’s face is changed during an interview to be replaced with the celebrity who they are impersonating, or different actors are cast in classic movies. Mobile applications that allow you to create a rough lip-synch video from a still image are growing in popularity.

Of course, there are much more convincing examples of deepfake technology that we can point to. For instance: This Person Does Not Exist. This website pulls the results of a generative adversarial network trying to create the most convincing face it can possibly generate. Each time that page is refreshed, a new face pops up that looks just like a real person—despite no such person actually existing.

While these applications are quite entertaining, they undermine the real risks that deepfakes pose to security. Explicit deepfakes are already being generated that depict people in assorted adult situations without their consent to be used in blackmailing schemes. Deepfakes have also been spread to manipulate political impressions and sway the tides of some elections.

Unfortunately, there is an additional threat that these doctored images are now being used to support: geographic deepfakes.

What is a Geographic Deepfake?

Instead of manipulating someone’s face or the words they say, geographic deepfakes alter satellite imagery to manipulate our impression of the landscape and what is present. With deepfake technology as a whole improving all the time, geographic deepfakes could create some serious problems for businesses and governments alike.

How a Geographic Deepfake Could be Abused

Let’s run through a potential scenario for a moment, just to illustrate how serious this threat is:

A platoon of soldiers are out in the field, advancing on a target. All they need to do is reach a bridge that will take them to their objective. Satellite imaging shows a clear path to the bridge, but once the platoon reaches it, they actually find themselves face-to-face with the enemy, who has taken the bridge and created an ambush for them to walk right into—or perhaps they find no enemy troops, but also no bridge for them to cross… ruining their plan, and possibly many others that were contingent upon it. This latter possibility was actually proposed in 2019 by a National Geospatial-Intelligence Agency analyst named Todd Myers, as it draws from a tactic as old as cartography itself.

Maps Have Always Been Manipulated

History is full of times where maps have played a key role in disinformation campaigns and propaganda alike, in addition to providing a form of copyright protection for cartographers. By changing some details of a map—occasionally making up features and towns that didn’t actually exist there—a mapmaker could easily identify if their work had been copied.

Geographic deepfakes could simply add an additional level of complexity to such efforts, as the University of Washington recently explored in an academic study.

In this study, the researchers abbreviate the very long history of map manipulation and embellishment, starting from the Babylonian 5th century B.C. but focusing much more closely on the modern applications. Things like location spoofing and how they’re weaponized were covered, with practical examples provided by the researchers that they generated as a proof of concept. As a whole, the study makes it clear that such capabilities are very real, and very easy to abuse, but certainly not easy to identify when they are in use.

Exacerbating the issue further, most people don’t think to second-guess the maps they see, making these threats all the more dangerous. Furthermore, while the researchers were able to create a tool that could identify the deepfakes they generated, such tools will need to be updated constantly to keep up with the improvements that those who abuse these tools are sure to implement.

What Can Be Learned?

While these threats aren’t likely to come into mainstream use for some time yet, it pays off to predict how they could impact you in the future. Just think about the missing bridge example… What if the same concept was used on the supply chain, or on your business directly?

Furthermore, since cyberattacks often inspire others, an imaginative cybercriminal could very well come up with some other devious ways to use these capabilities.

For now, the best course of action is to take every opportunity to secure your business as best you can with the help of today’s technology solutions. While ignoring developing threats like the potential of deepfakes is shortsighted, overlooking present ones is worse.

Jackson Thornton Technologies is here to help you secure your technology. To find out what we’ll do for you, give us a call at 334-834-7660 and have a chat with us about your business.

 

What We Can Learn from Coca-Cola’s Insider Trade Secret Theft

Your business’ data is perhaps its most crucial resource—which is why it is so important that it remains protected against all threats (including those that come from within your own business). Consider, for a moment, the ongoing trial of Xiaorong You, going on in Greenville, Tennessee. Accused of stealing trade secrets and committing economic espionage, You allegedly stole various BPA-free technologies from various companies—including Coca-Cola and the Eastman Chemical Company, amongst others—to the tune of $119.6 million.

Let’s consider how the implementation of insider threat detection methods could have minimized the damages that You allegedly inflicted on these companies.

You’s Story

Xiaorong “Shannon” You, a naturalized US citizen and PhD in Polymer Science and Engineering, has worked in the industry since 1992. From December of 2012 to August of 2017, she worked for Coca-Cola as a principal engineer for global research, moving to the Eastman Chemical Company to work as a packaging application development manager from September of 2017 until June of 2018, when her employment was terminated.

During her tenure at both companies, You had access to secrets that a limited number of employees were privy to. In the case of Coca-Cola’s secrets, You had retained them (despite affirming that she hadn’t in writing) and submitted them to the People’s Republic of China as part of her application for the country’s The Thousand Talents program in 2017. This program has been used before to introduce advanced technologies to China, with the Department of Justice having had some success in prosecuting these cases.

What Xiaorong You Allegedly Did

According to the case that You now faces, she retained this information by simply uploading data to her personal Google Drive account—or when dealing with particularly sensitive documents and physical lab equipment, she simply used her smartphone’s camera to capture images (bypassing the scrutiny of her employers’ information security teams). Once she had secured this information, You worked with a Chinese national named Xiangchen Liu to form a company in China that would use these trade secrets to generate its own profits, using an Italian BPA-free manufacturer to incorporate the stolen technologies onto their own products.

The theft of this technology has had an impact on various companies, including Coca-Cola and the Eastman Chemical Company, as well as AkzoNobel, Dow Chemical, PPG, TSI, Sherwin Williams, and ToyoChem.

Originally brought up on charges involving the theft of trade secrets in Tennessee’s Eastern US District Court in February of 2019, You was subject to another indictment in August 2020 that filed charges of economic espionage.

How You’s Employers Could Have Stopped Such Activities

Let’s take another look at some of the dates we just went over:

You’s employment at Coca Cola ended in August of 2017, while her indictment for crimes that allegedly took place during her time there didn’t happen until February of 2019. This suggests that the discovery of her activities at Coca-Cola didn’t occur until long after the fact.

This fact is indicative of two reasonable hypotheses:

1. Coca-Cola lacked the tools to detect such activities in real-time, making it far more difficult to prevent protected and sensitive data from successfully leaving the corporate environment.

2. Coca-Cola also lacked the policies that could have prevented non-authorized devices from entering the workspace or otherwise being kept in proximity to sensitive company data or infrastructures. While old-fashioned, the concept of taking photographs of such information is no less effective for its age.

By comparison, You’s considerably rapid termination from the Eastman Chemical Company would suggest that their data protection standards were much more robust than Coca-Cola’s were at the time, enabling the company to identify a security issue and properly investigate it much faster.

Just imagine how much the total damages—which now equate to about $119.6 million, as a reminder—could have inflated if Eastman Chemical weren’t able to catch You’s alleged activities so quickly.

It unfortunately goes to show how anyone given the opportunity in tandem with the right motivation—in this case, recognition and financial windfall—could become a serious threat to any company’s data. This means that every company should have the tools in place to prevent these activities as often as possible, as well as the means to catch them if they are to take place.

Jackson Thornton Technologies is here to help facilitate that. Our remote monitoring and management services can help catch any suspicious activity on your business’ network, preventing both internal and external threats from taking root. We can also help keep your data on a need-to-know basis, preventing more data leaks—accidental or otherwise.

Learn more about how our solutions can assist you by calling 334-834-7660 today. 

 

 

Destigmatizing Some Popular IT Buzzwords

Nothing will annoy tech-savvy people more than listening to someone that basically doesn't know what they are talking about, but uses technology jargon to seem like they do. It’s pretty confusing for the non-technical too. This annoyance is largely due to the gap between using words and understanding complex and detailed technology processes. So, while there is some respect given to people who work to understand the terminology, most of the time, it’s just too much.

Today, we thought we would identify some phrases that we hear from people all the time either in improper context or simply just as an attempt to relate with us, and what they really mean. 

“Disruptive Technologies”

What it means: Any technology that undermines the effectiveness of the existing technology used in any scenario.

How it is used: Any new technology.

The fact of the matter is that any truly disruptive technology, will sufficiently disrupt the market in which it is prevalent. it’s not just a new technology that disrupts people’s view of technology. When it is used improperly, it suggests that the technology just appeared and took over what was a static existence beforehand.

Today, we hear the phrase “disruptive technology” far too much, and almost always out of context. Innovation takes time, and most technologies evolve to become the useful tech we use each day. Calling something disruptive when it has been in the pipeline for some time is incorrect.  

“Digital Transformation”

What is intended: When an analog system is transitioned into a digital system.

How it is used: Adding more IT.

One of the most overutilized terms we hear is “digital transformation”. This is because a true digital transformation happens when moving from an antiquated analog system to a digital one. Unnecessary upgrades to digital systems, isn't a digital transformation. A lot of the time, it’s just a waste of organizational resources. 

Technology is a tool, not the rule. Be sure that you have a specific strategy before transitioning any of your internal processes to digital. That way you can avoid the shortcomings that many businesses see when hastily—or unnecessarily—implementing new IT.

“5G”

What is intended: The fifth generation of wireless that brings impressive gigabit data speeds and extremely low latency.

How it is used: The technology that is going to save the world. 

“5G” is the buzziest of buzzwords. That’s because it is legitimately exciting. However, many people are taking the features and benefits of 5G way too far. In fact, a lot of the wireless carriers that are claiming 5G connectivity, don’t let potential customers in on the secret that 5G is only available in a very limited number of places. It’s actually just being used to boost their phone sales. Marketing a technology that you won’t have access to in the life of the device you are about to buy may seem shady, but that’s where we are. 

5G is also already a term related to the 5 GHz wireless band on modern Wi-Fi router. The 5 GHz on a router tends to have a faster speed, but a smaller coverage area, and has a harder time passing through walls in your home or office. Older devices might not support connecting to a 5 GHz wireless router, but for those that do, that faster speed can make a big difference.

“Machine Learning”

What is intended: A form of artificial intelligence that is able to compute huge data sets and handle them efficiently.

How it is used: A tool uses basic automation to complete a predefined task.

Automation is the future of many businesses, and your business should be looking for ways to automate some of your tasks, but many places people use the term “machine learning’ to describe any algorithmic approach to automation. This isn’t true. 

Machine learning is a feature that effectively allows the software to adjust to the input provided to get a more direct and positive outcome for whomever is using the tool. Essentially, the more data a system deals with, the more the software will adjust processes to adapt. It’s an exciting technology that is often confused with basic automation.

“Business Intelligence”

What is intended: Software that measures certain data through company-defined metrics to help improve operational stability and profitability.

How it is used: A tool to help predict what is going to happen with your business.

First of all, business intelligence is super useful. It not only uses the data your business creates to help you create more efficiency, it also provides insight into your business that simply isn’t possible without it. That said, it is not going to work to predict success for your business. Like any technology, it is a tool, and anyone that views it as anything other than that is going to be left with some degree of disappointment. 

Business intelligence can give you a great deal of insight into how your business functions, what works and what hasn’t in the past, who you should be marketing to, etc. In no way, however, is it able to predict what will happen in the future. 

Don’t Let Business Technology Be Something That It Is Not

Your business uses IT to make your business better, but no piece of technology is going to change your fortunes if you don’t understand the limitations that the technology you use has. If you would like more information about how technology can fit into your business instead of having your business fit around your technology, give the IT experts at Jackson Thornton Technologies a call today at 334-834-7660.