Tag Archives: security

Bringing Back the Human Touch – Part 1

Toward the end of my recent Social Engineering class at Webster University, we were asked to speculate on our final exam and in class discussions on the future of social engineering in the face of upcoming technology trends. Here is a compilation of some of the questions followed by my answers.

‘Question: What will social engineering look like in 10-15 years? New SE techniques to use against targets? Better AI defenses protecting from online attacks? What is going to happen going forward?’

I was looking through some magazines my brother gave me last year and found articles relevant to the topic of future security challenges. The pandemic may not have put a freeze on innovation for a full year, but it probably slowed things down. So these articles I’ve viewed are probably not too out of date. My participation in the IT industry over the years has been as a creative – so I’m not that technical. I’m summarizing the technology aspects the best I can from one article in particular – “Technology Predictions from a [Precision] Electronic Test Thinktank”.

According to Microwaves & RF magazine, these are some of the trends that will help shape the future (Alexander and Harris). As I summarize I will frame them to emphasize issues most relevant to social engineering.

  • 5G networks will increase the power and capabilities of anything that is wireless, creating more innovation and adoption of applications.
  • Much new software with updated standards and certifications will be needed to run all these new applications, and users will need to be educated on what the software is capable of.
  • Artificial intelligence will be built into processors and chips. Quantum systems will need this capability to “control, measure and error-correct”.
  • Hardware will be designed to exploit the new faster speeds and processing power. Customers for the hardware are interested in providing satisfactorily speedy service to users but are even more intrested in “customer traceablility through the network for application monetization”.
  • More collaboration between international regulatory agencies and the technology providers will be required.
  • More consumers will use “Internet of Things” products and these devices will increasingly communicate with each other.
  • Human intervention will increasingly be removed from the loop.
  • Engineering education will become more holistic and interdisciplinary to bring awareness to engineers on the effects of technology on society and the environment and to aid in the developement of artificial intelligence, automation and robotics.

In my Project #2 for this class, an important part of the (proposed, hypothetical) operation is to identify individuals who are more prone to risky behavior, and exploit that tendency. I did some research on the psychology behind risky behavior to refine the ideas. I found an article by a psychologist that was very persuasive to me. One of his theories is that there are people strongly attracted to sensation seeking that sometimes can go too far and take their search for new thrills into risky territory (Zuckerman). Sensation seekers enjoy novelty and constant change among other things. Tech gadgets are a great way to appeal to the desire for novelty and change since there is something new to try seemingly every time you look. If predictions are correct that the Internet of Things will enjoy increasing adoption and power, I see this as a great vulnerability – especially since psychologically, the people seeking the most novelty and change could be the same indivduals who engage in risky behavior and therefore could be less concerned with safety breaches.

While doing research for Project #2, I uncovered an article about a hidden microphone in an IoT product being misused to harm people with verbal abuse in their home. The manufacturers and designers left the vulnerability there, and hackers exploited it (McKellop). We could be even more vulnerable if manufacturers, designers, regulatory agencies and software developers go beyond carelessness and perpetrate deliberate harm. This is not a far-fetched concern because it has already happened. Facebook experimented on its users to manipulate what they posted by causing sadness among other emotions (Booth), and Google has experimented with how to manipulate our behavior by creating anxiety and causing cortisol levels to go up in users of its products (“Brain Hacking”). These practices harm human health, mental and physical. With more devices in the home, we theoretically would be increasingly prone to failing to keep up with all the threats, and not necessarily only from humans.

There are science experiments being carried out now using fungus organisms to build networks that can carry electrical signals, like computer chips. The carrying ability is confirmed, but they are too slow to replace silicon chips – for now. Some fungi are capable of performing tasks such as foraging for food, hunting live meat, navigating mazes, warning plants in it’s network about insect hazards, controlling the behavior of invertebrate animals, moving resources around to plants in the network that need it most, inhibiting some kinds of plant growth and teaching themselves to exploit new, previously unknown food sources, such as cigarette butts. That’s not a complete list but enough to give you the idea. Networks that connect plants with fungi and with each other are known as the “Wood Wide Web”. Scientists are trying to find out if fungal networks can be used for bio-computing and if we can transfer information and directives from a computer to a fungus. Scientists are also trying to figure out if fungi are intelligent or sentient (Sheldrake).

The idea of being surrounded by devices with artificial intelligence chips in them that can communicate with each other without human input is pretty weird, but looks like it might really happen. What if they find a way to communicate with fungi or other species as well? The late author Michael Crichton could write a good thriller about this if he was still with us!

I found an article that claims that Facebook robots have demonstrated the ability to make up a language that only they understand to use between themselves, while also demonstrating the ability to social engineer each other (Griffin). I have mentioned my two European Starlings before that I live with. They have the ability to social engineer me, and I have social engineered them. Their language abilities are not unlike what the article describes about the two Facebook robots. More research needs to be done (I engage in a lot of speculation in this section), but the starlings seem to me to have language that falls in about four categories. One category is a set of sounds that are hard-wired in that all starlings share. They start gaining the ability to add to that set of sounds when they are about 4-6 months old. Another set is “conversational”. They add to their vocabulary throughout life depending on what sounds are around them, and family groups and regional groups share some of the same vocabulary. My starlings have some sounds that we use between me and them and they have some sounds they use only with each other, so I wonder if they have two “conversational” languages or just somewhat diffent vocabulary for me and for each other. They have the ability to mimic human speech to the point of occasionally forming new sentences that follow predictable real life English grammar rules, including proper use of adverbs and voice inflections at the ends of sentences that fit the meaning. In other words, they have made up new sentences by combining other phrases that were not originally a question but create a question and inflected it like a question. That got my attention! They don’t always get grammar exactly right – they have added “You’re so birdy” to the list of phrases they heard from me that they love to say – “You’re so pretty”, “You’re so sweet”, etc. They can learn from other species of birds too – while boarded with two African Grays for a few days they came home with some new phrases I never say such as “Hello Princess!”. The last language category I’m aware of is the “song”. This also includes vocabulary that is learned throughout life and some of the elements are shared by regional and family groups. But it is not conversational. It’s a performance that they rehearse and refine constantly (at least the male does) and perform over and over in the same order. It identifies them individually and appears to be used for different social purposess such as humiliating defeated enemies, claiming territory, attracting mates, and showing off status. It’s theorized that the longer and more complex the song is, the greater their status is.

The birds are good at reading my body language, and I have taught myself the best I can to read theirs. We communicate on some simple matters quite well using a combination of verbal and body language but I don’t know if they know abstract concepts or how to communicate them. They have a pretty good grasp on a lot of social concepts though. Attila has a sound that means “I acknowledge your request but I don’t feel like doing it”. The sound for “ok I’ll do it” is different. They are very trainable but strong-willed. It’s fairly easy for them to learn things but if they aren’t in a good mood they may refuse to do it. She has another sound that I know means “fill the food dishes before you go to work”. They both appropriate and invent sounds and combinations extensively. I suspect that people who are studying language in all kinds of beings, including AI, could benefit from living with starlings. Mine have shown me some possibilities of inter-species communication that I never imagined in an animal other than maybe a dolphin or gorilla. If Facebook’s bots could produce and interpret a sound-based language, it’s easy for me to imagine the possibility that starlings or other animals with similar language capabilities would be able to communicate with them rather well and in languages that humans wouldn’t necessarily know. Starling’s voices are often described as “robotic” or “electronic” anyway, and even wild starlings sometimes sound like R2D2! Birds can have moods. Will AI robots have moods? If so what happens if they are in a bad mood or hooked up to a species that can have moods?

So a frontier of artificial intelligence, technology and social engineering could very well have a biological component to it that goes beyond human biology, with humans being the builder and the initial programmer but not necessarily in control. Artificial intelligence might someday interface with other species. For example is it possible that another species besides humans could learn to program fungi? Some fungi can program ants, after all (Sheldrake). Could a fungus use a computer or another species or both as part of a network to send and receive information and directives?

‘Question 5. Bring the Science of Social Engineering together with the various techniques and aspects of social media, the Triad of Disruption, along with the many methods and processes we have learned in this course, into your summary understanding of Social Engineering in the modern world. Feel free to use examples, experiences, and thoughts on the future of this discipline.’

I suppose as every person gets older, they have to reconcile what they thought the future was going to be like long ago vs. how it really is. The role of technology in our lives has been fascinating to me since I was first old enough to be conscious of it.

I have been a big fan of Mid-Century modern design, especially architecture, since I was a teenager. One of the things that attracts me is the way the shapes and lines and forms evoke emotions of excitement and optimism. From much reading and study over the years, I believe that a pervasive belief in the culture that new technology equals human progress is what drives that spirit.

During the time of Web 1.0, the “dot com bubble” era, there were new images appearing to signify the same idea in a way that referenced the internet and computers. You could indicate that your organization was technically advanced by using certain shapes and symbols, and some of them were even recycled from the Mid-Century modern era. Many people believed that a technical revolution was going to lead to a better life. It was a very exciting time. Every day I went to my job as a web designer with the feeling that I was helping remake the world in a bold new way and more freedom and prosperity for all people would result.

I feel very disappointed, and even betrayed, by what is actually happening now, so well summarized in your (I’m referring here to a diagram made by my professor Dr. James Curtis) Triad of Disruption diagram. It seems as though the destructive ideas are spreading faster than the constructive ones. This class has taught me a lot of ways to try to slow the destruction down. That is valuable knowledge to have and I will try to teach as many people as I can.

Besides knowledge needed to prevent attacks and retain as much of our agency as possible, I think more holistic education to bring more disciplines in contact with each other might be needed to remind ourselves of what it means to be human. Because I have an art degree as my Bachelor’s, I know what it’s like to be looked down on for not being in one of the STEM fields. Are the humanities looked down on and machines elevated because of people’s attitudes toward themselves? That is something I would like to explore in the future – getting back in touch with our humanity to restore some aspects of the human spirit I believe are being neglected.”

It was emotionally difficult to research and write the above comments for class because so many futuristic trends seem horrifying. I find the trends toward collectivism and robotics dehumanizing and dystopian. I’m also in a similar state to many people trying to regain a sense of connection with other people after a period of relative pandemic-induced isolation. My husband and I did not have our work routines changed as much as most, but we struggle to feel connected sometimes. Since outdoor activities are getting back to normal more quickly than indoor ones, volunteering at community gardens and camping are a couple of coping strategies we’ve been employing lately.

In the next installment of “Bringing Back the Human Touch”, I’ll write more about antidotes for an excess of technology and dehumanization!

Works Cited

Alexander, Jay and Jeff Harris. “Technology Predictions from a [Precision] Electronic Test Thinktank.” Microwaves & RF, March 2020, pp. 21-24.

Booth, Robert. “Facebook reveals news feed experiment to control emotions.” Guardian News & Media Limited, 2014, www.theguardian.com/technology/2014/jun/29/facebook-users-emotions-news-feeds. Accessed 9 May 2021.

“Brain Hacking.” YouTube, uploaded by 60 Minutes, 2018, www.youtube.com/watch?v=awAMTQZmvPE. Accessed 9 May 2021.

Curtis, Dr. James. “Curtis’ Triad of Disruption”. Diagram from course materials.

Griffin, Andrew. “FACEBOOK’S ARTIFICIAL INTELLIGENCE ROBOTS SHUT DOWN AFTER THEY START TALKING TO EACH OTHER IN THEIR OWN LANGUAGE.” Independent, 2017, www.independent.co.uk/life-style/facebook-artificial-intelligence-ai-chatbot-new-language-research-openai-google-a7869706.html. Accessed 9 May 2021.

Hadnagy, Christopher. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc. 2018.

McKellop, Mario. “Google’s Nest Secure isn’t so secure after all; has secret built-in microphone.” The Burn-In. Sourceability LLC, 2019, www.theburnin.com/technology/google-nest-secure-microphone-controversy/. Accessed 7 May 2021.

Sheldrake, Merlin. Entangled Life: How Fungi Make Our Worlds, Change Our Minds & Shape Our Futures. Random House, 2020.

Zuckerman, Marvin. “Are You a Risk Taker?.” Psychology Today. Sussex Publishers, LLC, 2000-2019, www.psychologytoday.com/us/articles/200011/are-you-risk-taker. Accessed 7 May 2021.

From the #whydidntyouwarnme desk

This is my last week of Social Engineering class at Webster University. The textbook we have been using is “Social Engineering: The Science of Human Hacking” by Christopher Hadnagy. This book is full of powerful personal ancedotes that help me understand Social Engineering better. They also resonate deeply because so many of the anecdotes are relatable to experiences from my own life.

An example of a story that really made me think is on page 260. Hadnagy tells of talking with a friend whose family had been personally affected by a common scam. The friend was angry with him for not warning him sooner and exclaimed “If you knew these things existed, why didn’t you warn your friends?”

I have had friends get angry with me and stop speaking with me for warning them about social media and other media scams and trying to explain media literacy concepts when I saw that they were being trolled. Part of good Social Engineering is to help the people you are trying to warn become more receptive to what you are trying to teach them so they can take in the information to protect themselves against harmful Social Engineering. If someone is your friend and you care about them, you want them to know these concepts. If my attempts are too clumsy and I arouse their defenses instead of concern and I fail to warn because of that, I need to do better. That’s one of the things I’m learning in this class and others. The more I learn about media and technology as I work on a Advertising and Marketing Communications Master’s degree, the more I feel the need to warn.

I’m going to be writing a LOT this week to finish the course, and some of it is going to end up on this blog immediately and farther in the future. Hadnagy advises us not to “assume that the knowledge about these attacks is just common sense”. There are techniques in Hadnagy’s book, in our class, and in lots of other course material I’m learning that is also in classic books, around for many decades, such as “How to Win Friends and Influence People” by Dale Carnegie and “The Hidden Persuaders” by Vance Packard. I have owned those books a long time and have read them several times and I still have to work to master the material in them.

As I learned on a podcast this morning, the concept and term “Social Engineering” has been around since the late 1800s. With every new technological advance that comes along, there are new skills to learn to avoid exploitation through Social Engineering combined with other types of attacks. In order to help people find information on this blog that I think everyone should know as a life skill, I’m going to apply the hashtag #whydidntyouwarnme/ to relevant past and future blog posts.

I have also started listening to a couple of excellent podcasts that are free to listen to if you want more information about the types of media and security issues I’m trying to warn about. I think every Internet user who has something to lose, whether for personal or business reasons, needs to be informed as well as possible.

The Social-Engineer Podcast – hosted by Christopher Hadnagy himself with a variety of co-hosts as they interview leaders in the Social Engineering field.

Hacking the Humans – information about “social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world”.

What types of scams are you the most concerned about?