The Great Hack

It would appear that the furore over Facebook / Cambridge Analytica and manipulation of elections hasn’t died down that much. I recently watched a documentary on Netflix called The Great Hack, and I’d recommend that you do too, if you can.

The programme provided a lot of the backstory to who was involved, how and when, as told by some of the people who were there. This included:

  • Brittany Kaiser was the Director for Business Development at Cambridge Analytica, and had previously worked on Barack Obama’s presidential campaigns.  She comes across as very naive at times, though towards the end of the show it becomes obvious that the penny drops and the seriousness of the situation is made apparent;
  • David Caroll, a professor who not unreasonably asked for a copy of all data that Cambridge Analytica held on him.  If not for him, the whole situation might not have escalated as it did;
  • Julian Whitehead, the former CFO at Cambridge Analytica. I was concerned at how little he seemed bothered by the morality of what was carried out by his company; and
  • Carole Cadwalladr is an investigative journalist at The Guardian and Observer newspapers in the UK.  She did a lot of the digging and legwork, trying to find people who would and could talk to her about things that had gone on.  Carole was the reporter who broke the news, and who continued to find and release fresh information as time went on.

Perhaps the most shocking aspect of the programme was the revelation that Cambridge Analytica had been involved in some way in elections around the world since the mid-2000s.  There was an expose of how their work influenced the elections in Trinidad and Tobago which showed how manipulative Facebook posts could be, as well as discussions of how the same techniques were used both for the Brexit campaign and for Trump’s election in 2016.

It was notable that Alexander Nix, the former head of Cambridge Analytica, declined to be interviewed, and also that Julian Assange / Wikileaks should be a part of the story. I didn’t know until I watched this that Steve Bannon, erstwhile Strategist at the White House under Donald Trump and former executive chairman of Breitbart news was a cofounder of Cambridge Analytica, or that Nigel Farage was closely linked with him.

It’s worth checking out Carole Cadwalladr’s TED talk in Silicon Valley, where she asks the heads of the big tech companies whether they are happy with the world they are creating. She suggests that it is now impossible to have a free and fair election because of abuse of their technologies.

She illustrated this ably by talking to people in South Wales to ask why they voted for Brexit: many had said they worried about immigration (she also spoke to someone who thought they were the only immigrants in the area), while others said the EU had done nothing for them yet they were surrounded by construction and facilities paid for by well advertised EU funding.

I’ve mentioned the perils of taking part in online quizzes and personality profiles “for fun” on Facebook. This documentary provides the evidence of how that information can be harvested and used to target specific people – never mind groups – who are deemed to be persuadable and who can swing an election result one way or another.

 

How did Cambridge Analytica do what they did?

I wasn’t going to post any more on this topic, but found a really good video on the BBC which explains the psychology behind targeted adverts etc. I thought it might be helpful for you to see how it worked, so check out the video here.

One thing I really like about the video is that it’s very clear: it explains things in simple terms which is, after all, what this site is about.

Let me know what you think of it.

Cambridge Analytica – who knew?

Err, we did!

Regular readers will have seen my post last year which talked about the dangers of over sharing. It described pretty much exactly what’s happened with Cambridge Analytica, on a massive scale.

I’m not going to go into detail on what they did – there’s a lot of news coverage you can check out – but basically an individual’s details and those of their friends were harvested and used for targeted advertising with the aim of swaying voting in the US election in 2016. Other elections may also have been influenced in this way.

This is a great example of why you should regularly check your privacy settings on social media, and be careful what information you decide to share.

Things you do on Social Media which you shouldn’t

As a regular and long time Facebook user, I’m often surprised at some of the behaviour that goes on there. I’m not just talking about the harassment and ridicule of people, the cat videos and all that, but there are a number of things which are putting you and other users at risk. I’ll going to explain what some of those risky behaviours are here. 

If it sounds too good to be true, it probably is…

1. Competitions where you simply have to “Like” and share a page to enter in order to win a free Maserati or holiday to Bora Bora, things like that. I talked about this in my previous article, but it’s worth reiterating. You have access to Facebook, Google etc for free, and the price you pay for that free access is that your data is shared with their partners. You then start to receive targeted advertising for products they know you’re likely to want. When you “like” one of these targeted adverts that decision also gets added to the data they hold on you, which gets sold on. Have you ever personally known anyone win one of these contests? The advertisers are paying the likes of Facebook and Google because you clicked a link and what do you get? More and more adverts! 

If all you get is more adverts, that’s harmless though, isn’t it? I’m afraid not. Some unscrupulous businesses will use this as a means to target you with scams, with malware, with all sorts of things with the aim of ripping you off, infecting your machine or getting access to all your contacts. 

2. Images of starving or sick children and animals, asking you type “amen” etc rather than scroll by. This is just another way of getting your details, for the same reasons as above. Click on enough of these and your changes of being sent some sort of scam mail asking you to donate money to help prevent starvation etc increase. 

This may sound cruel and heartless, but for the bad guys this is just a numbers game, it’s just business to them. They. Don’t. Care. The more people they can sign up, the more money they can make. Manipulation is the name of the game. 

3. Lists where you have to fill in details like have you ever been in a police car, had a tattoo, been whale watching etc. Part of the information you give up (and the fact you participated) feed into 1 above, with the attendant consequences. You’ve just given advertisers a good idea of the sort of things you like to do, or are prepared to participate in. They can work out what level of risk you’re prepared to take, what sort of person you are – and that means they can target your vulnerabilities and weaknesses and work out what you’re likely to fall for.

Some of these lists can be quite long and hidden within them are questions which you may have used for your security information with your bank or other online services. These include questions like what your first pet’s name was, what your first school was etc. These can then be used to try to steal your identity, get access to your accounts, open credit cards in your name and so on.

4. Offers of free software or add-ons to existing products, which I’ve seen more and more often on LinkedIn. Even seasoned security professionals are clicking to “like” the post, or reply with “yes”. This is no different from 1 above, and these people should know better. I often feel like chiming in to remind them of what they’re doing –  but my responses would also be captured and I’d be targeted in a different way! 

It’s worth pointing out here that 1-4 are sometimes known as “click baiting”, because it’s a bit like fishing. The bad guys put bait on their hook, cast it out into the water and see who or what bites. 

5.  Adverts for products you may be interested in may just be the advertisers confirming what they think they know about you. Or, it could be less subtle with the adverts taking you to fake sites in order to obtain your credit card details, or offering you goods which don’t appear or are substandard. The links you click on may contain malware, or may take you to a site which is infected. If you really want that product, go to a reputable web site that you know to be genuine and buy from there. 

6. Another favourite is when you get a friend request on the likes of Facebook or LinkedIn. What do you to do to verify that the request is from who they say they are? What happens if you’re already friends with that person? Could their account have been cloned? Do you check by another route to see if the request is legitimate? Do you just accept the request because they’re connected to other people you know? This is all potentially dangerous and may leave you open to a variety of different attacks, from the click baiting sort of thing we’ve seen above, to social engineering and requests for money / other assistance. 

Hopefully this hasn’t all scared you, but has made you more aware of the risks of doing the things listed above. Think before you click on that link, or before “liking” that post. One of the things the bad guys do is try to elicit a reaction from you by preying on your emotional responses. So leave your computer, tablet or mobile device for a minute or two and give yourself a chance to think. Just remember the adage: “if it sounds too good to be true, it probably is”.