[PPT] - Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake PowerPoint Presentation

SLIDE 1

Cyber Frauds: Phishing, Astroturfing, Fake News, and Deepfake

Dongwon Lee

Penn State University, USA

dongwon@psu.edu

Oct. 24, 2019 @ ORAU Fraud Informatics Symposium

SLIDE 2

Fraud Informatics (FI) Project

l NSF SaTC EDU Grant (2018 – 2021) l Joint effort between Penn State and ORAU l To develop and evaluate materials to teach

modern types of cyber frauds to diverse audience

2

SLIDE 3

Objectives

l Cover latest modern types of cyber frauds l Cover latest research on the prevention and

detection of cyber frauds

l AI methods l Data-driven l Information-processing

l Develop media-rich hands-on materials

l Images and videos l Hands-on labs using games and tools

3

SLIDE 4

Formats of Delivery

1. 1-2 hour-long

l Fraud informatics “hygiene” l K12 students or general audience

4

2. 2-3 week long

l Special topic plug-in to other related classes l CompSci undergraduates

3. Semester-long

l Dedicated class on Fraud Informatics l CompSci undergraduates

SLIDE 5

What is “Fraud”?

l Oxford dictionary

l “wrongful or criminal deception intended to result

in financial or personal gain”

l Van Vlasselaer et al. (2015)

l “Fraud is an uncommon, well-considered,

imperceptibly concealed, time-evolving, and often carefully organized crime which appears in many types of forms”

l 5 characteristics

5

SLIDE 6

“Traditional” (Consumer) Frauds

l Credit card fraud l Insurance fraud l Product warranty

fraud

l Healthcare fraud l Money laundering l Identity theft l Telecommunications

fraud

6

Cyberspace

SLIDE 7

“Modern” Frauds in Cyberspace

l Spam/Phishing, and Social Engineering

Fraud

l Fake News l Deepfake l Astroturfing and Crowdturfing l Sockpuppet and Catfish l Academic Fraud l …

7

Other Important modern cyber frauds?

SLIDE 8

Fraud Informatics

l Modern frauds need to be solved and taught

in multiple disciplines and subjects

l Computer Science (and AI) l Cognitive Science l Business l Criminology l Law l Policy …

8

Avoid topics from traditional classes on Network, Systems, IoT securities

SLIDE 9

1. PHISHING

9

SLIDE 10

Terms

l Spamming: Unsolicited email/letter/SMS/… l Social Engineering Attack: Psychological

manipulation of victims for deception

l Phishing = “ph” + fishing l Vishing = Voice Phishing l Spear Phishing l Whaling l …

10

Targeted Personalized Human-written Small-scale è Higher success rate for attackers

SLIDE 11

Psychological Aspect

l Experiment in West Point, 2004 l Researchers sent a phishing email to 512

cadets, pretending it to be coming from a fictitious Colonel, asking them to click a malicious link regarding a grade change problem

l 80% of cadets clicked the link l WHY so high?

11

SLIDE 12

Phishing Email

12

SLIDE 13

Phishing Email

13

SLIDE 14

Spear Phishing Email

14

SLIDE 15

Spear Phishing Email

15

SLIDE 16

Vishing

16

https://www.youtube.com/watch?v=BEHl2lAuWCk

SLIDE 17

Personalized Attack

l How do attackers get information about

victims?

l Scavenger-hunting, Hacking l Data-driven guessing

l Eg, by analyzing one’s social media data, AI can

accurately predict diverse demographics of users

17

SLIDE 18

You Are What You LIKE

l Hypothesis: The LIKE pattern in social media

is correlated with one’s personal traits

18

SLIDE 19

19

Kosinski et. al., PNAS 2013

SLIDE 20

20

Kosinski et. al., PNAS 2013

SLIDE 21

Personality Prediction

21

Machine Accuracy

Youyou et. al., PNAS 2015

SLIDE 22

Scenario

l From LIKE data, an attacker predicted a

victim to be:

l An African American Christian female in her 20s

living in NYC…

l More personalized spear phishing email can be

written

22

Dear Ms. Jane Doe, pardon for this interruption. I am a pastor living in Queens ...

SLIDE 23

How to Spot Phishing Emails?

l Discussion

23

SLIDE 24

Lab: Domain Highlighting

24

https://www.ucl.ac.uk/cert/antiphishing/

SLIDE 25

Lab: Phishing

25

https://beinternetawesome.withgoogle.com/en/interland/landing/reality-river

SLIDE 26

Attack-Back #1

26

https://www.youtube.com/watch?v=_QdPW8JrYzQ

SLIDE 27

Attack-Back #2

27

https://www.youtube.com/watch?v=t7kSWvt3KXY

SLIDE 28

2. ASTROTURFING

28

SLIDE 29

Definition

l Astroturf: fake grass(roots) l Examples

l Fake LIKEs in facebook l Orchestrated fake reviews in amazon.com

29

SLIDE 30

Power of LIKE

30

SLIDE 31

LIKE Us or Get Out !

31

SLIDE 32

PBS Frontline, 2014

32

http://www.pbs.org/wgbh/pages/frontline/generation-like/

SLIDE 33

Fake LIKEs

l People buy and sell Likes l Huge commercial implications l Headache for SNS to maintain healthy eco-

system

33

SLIDE 34

34

SLIDE 35

35

SLIDE 36

Training Data for Machine Learning

36

Fake LIKE Legit LIKE

Broker-Initiated Market Buyer-Initiated Market

Satya et. al., CIKM 2016

SLIDE 37

Honeypot Page

37

SLIDE 38

38

http://www.bbc.com/news/technology-22166606

SLIDE 39

39

http://www.nytimes.com/2012/08/26/business/book-reviewers-for-hire-meet-a-demand-for-online-raves.html

SLIDE 40

Synthesized Amazon Reviews

40

Credit: Ben Zhao @ U. Chicago

SLIDE 41

41

SLIDE 42

LAB

l Using FakeSpot (https://www.fakespot.com/),

try a few Yelp restaurant reviews

l Any restaurants with B or lower grade? l Understand the analysis of low grade

l Using ReviewMeta (https://reviewmeta.com/),

try a few Amazon product reviews

l Any product with FAIL rating? l Understand the analysis of FAIL rating

42

SLIDE 43

43

SLIDE 44

44

SLIDE 45

3. FAKE NEWS

45

SLIDE 46

False Information

46

Source: Zhou et al., WSDM Tutorial 2019

Definitions of False Information

SLIDE 47

Types of False Information

47

Real News Commentary / Feature Writing Misreporting Native Advertisement Professional Political Content Citizen Journalism Satire / Clickbaits Polarizing and Sensationalist Content Fake News / Hoaxes

SLIDE 48

Surge of “Fake News”: Google Trend

48

Misinformation Fake News

US Election @ Nov. 2016

SLIDE 49

More Problems in Social Media?

1. Fundamental shift in communication:

Consumer as producer

2. Monetary incentives: Ads by Google/Facebook

49

SLIDE 50

More Problems in Social Media?

3. Source Layering

50

SLIDE 51

More Problems in Social Media?

4. Virality

51

Source: https://www.knightfoundation.org/features/misinfo

In 2016, social bots played a significant role in spreading false information

SLIDE 52

More Problems in Social Media?

4. Virality

52

Source: Vosoughi et al., Science 2018

SLIDE 53

To Detect False Information

l Human Based

l Manual fact-checking l Crowdsourcing based

l Machine Based

l AI approach l DB approach

53

Fake True True Fake

Query

SLIDE 54

AI: Machine Learning Approach

54

In Training In Deployment

l Learning

l P: Features from “fake” news l N: Features from “true” news

l Feed (P, N) to ML to build a model M l Feed a news story A to M l M determines if A is fake or true news story

SLIDE 55

LAB: Fake-O-Meter

l In your smartphone browser, go to

Kahoot.it

l Enter Game PIN, and Nickname to play

55

SLIDE 56

Educational Fake News Games

l http://factitious.augamestudio.com/ l https://www.fakeittomakeitgame.co

m/

l https://playfakenews.com/ l https://hoaxy.iuni.iu.edu/fake-

news-game/

l http://fakenews.game/ l https://boardgamegeek.com/board

game/235085/fake-news-or-not

56

SLIDE 57

57

https://www.fakeittomakeitgame.com/ LAB: Play Game (30 minutes)

SLIDE 58

4. DEEPFAKE

58

SLIDE 59

New Challenge: “Deepfakes”

1. AI method (GAN) generated artifacts
2. Manipulated artifacts hard to distinguish

l Not “Shallowfakes”

l Explosive effect ç When used in social

media together with:

l False information, Social bots, Clickbaits

59

SLIDE 60

Landscape of “Deepfakes”

l 14,678 deepfake videos [DeepTrace, 2019]

l 96% are pornographic videos

60

SLIDE 61

Eg, Deepfaked Text #1

61

Grover by

U. Washington

SLIDE 62

Eg, Deepfaked Text #2

62

GPT-2 by OpenAI

Human Machine

SLIDE 63

Eg, Deepfaked Image

63

SLIDE 64

64

http://thispersondoesnotexist.com

1 2 3 4 5 6 7 8 9 10 11 12

SLIDE 65

65

https://thisrentaldoesnotexist.com/

SLIDE 66

Eg, Deepfaked Video #1

66

SLIDE 67

Eg, Deepfaked Video #2

67

SLIDE 68

Eg, Deepfaked Video #3

68

SLIDE 69

Eg, Deepfaked Video #4

69

SLIDE 70

Eg, Deepfaked Video #4

70

SLIDE 71

Eg, Deepfaked Video #5

71

SLIDE 72

Potential Deepfake Scenario

72

single image 1-min audio Simple Animation hour-long video

Eg, Samsung AI

Synthesized Audio

Eg, Lyrebird AI

Synthesized Video

Eg, Stanford / UW / Albany AI methods

text transcript text transcript

SLIDE 73

If I were an Adversary …

l Human adversary

l Create a fake image/video l Write a fake news story l Plant it into social media (via bots)

l Machine adversary with deepfake capability

l BEGIN l Synthesize a fake image/video l Synthesize a fake news story l Plant it into social media (via bots) l END

73

Repeat Million times

SLIDE 74

Implications

l No known instances in which deepfakes have

actually been used in disinformation campaigns” – Deeptrace, 2019

l Documentation is no longer evidence

l “Implied false effect” l “Reality apathy” – Aviv Oyadya, 2019

74

“The Liar’s Dividend”

- Robert Chesney

and Danielle Citron

SLIDE 75

Arms Race against Deepfakes

75

SLIDE 76

Arms Race against Deepfakes

76

SLIDE 77

More Thoughts

l Technological solutions alone cannot solve

the problem of false information (and deepfakes)

1. Detection does not directly lead to removal

l Eg, slowed-down Pelosi video

2. Not fast enough

l Eg, virality of false information

3. Little help to real victims

l Eg, deepfaked porn videos

77

Source: Angela Chen, MIT Technology Review, 2019

SLIDE 78

More Thoughts

78

Detection Deterrence & Prevention Presentation & Acceptance Social Legal Education Policy

. . . Current focus of computational methods

False Information

SLIDE 79

Development Timeline

l Plan to release V1 of materials: Dec 15, 2019 l Recruit instructors to use part of materials in

their classes in Spring and Summer 2020

79

2-3 week long version

l Special topic plug-in to other related classes l CompSci undergraduates

SLIDE 80

Download of Materials

80