adobe twitter

Adobe, Twitter and NYT Team Up Against Deepfakes

Deepfakes, whether synthetic or manipulated, are rising at an alarming rate. They can cause immense damage as fake videos during the election period can cause false information to circulate. This can result in loss of lives and utter chaos. In order to combat image manipulation and deepfakes, Adobe has joined forces with Twitter and New York Times. 

During its Max conference in Los Angeles, Adobe introduced a new experimental feature that spontaneously let you know if an image is digitally manipulated. The feature also lets you undo the edits of the image. The tool, called ‘About Face’ allows you to upload an image and then it runs a detection algorithm to check if the image was tampered with or not.

 

Adobe, Twitter, and NYT

Adobe general counsel, Dana Rao, said about the deepfakes and transparency, 

“When it comes to the problem of deepfakes, we think the answer really is around ‘knowledge is power’ and transparency. We feel if we give people information about who and what to trust, we think they will have the ability to make good choices.”

About Face also lets you know the chances the image was manipulated. The tool doesn’t observe the image as a whole like a face detection algorithm, but rather looks at the individual pixels. Due to this, it also lets you know which parts of the image it thinks are exploited. The user is provided with a virtual heatmap of all the altered regions. About Face seems to be designed especially to detect changes made by Photoshop’s liquify tool. You can see where the pixels have been stretched, squished and interpolated. 

You can check out About Face in more detail at Adobe’s blog post here

Homeland Security expects to have biometric data on nearly 260 million people

Homeland Security expects to have biometric data on nearly 260 million people

The US Department of Homeland Security (DHS) will soon have face, fingerprint and iris scans of at least 259 million people in its biometric database by 2022. These statistics are reported in a recent presentation from the agency’s Office of Procurement Operations and is reviewed by Quartz. 

In 2017, the agency forecasted to have data on 220 million unique identities by 2022. The recent presentation shows an increase in stats by 40 million unique identities. The presentation shared on October 30, at Homeland Security’s industry day includes a detailed summary of what the system currently contains. It also gives a detailed presentation of what the next few years will deliver.  

The agency is making a transition from a legacy system called IDENT to HART, a cloud-based system. HART which stands for Homeland Advanced Recognition Technology is hosted by Amazon Web Services. Homeland Security has the world’s second-largest biometrics database, behind only India’s countrywide biometric ID network in size. The department also shares its traveler data with other US agencies, state and local law enforcement as well as foreign entities. 

Multi factor Authentication is being defeated warns FBI

Multi-factor Authentication is being defeated’ warns FBI

For years, online businesses and organizations have been adopting various strategies and defense mechanisms to protect themselves from every kind of cyberattack. Cybercriminals are actively embracing technology to conduct sophisticated attacks online. This increasing trend of data breaches and digital frauds is a striking example of growing cyberattacks. Defending against these attacks has become a new normal for businesses worldwide.

One of the widely used methods to prevent these frauds is multi-factor authentication (2-Factor being the most common one). Although businesses and organizations are proactively using multi-factor authentication to protect their systems and data from perpetual business email compromise (BEC) attacks, the new warning from the FBI has surprised them unanimously.

According to the FBI, cyberattacks are circumventing multi-factor authentication through various social engineering tactics and technical attacks. In multi-factor authentication, the use of a secondary token or one-time generated code verifies and authenticates the identity of the user. But with the FBI’s new warning, businesses are quite bewildered. 

FBI Warning: The Surprise Factor?

 

The reason for this perplexity is that businesses have yet to come across such attacks on MFA. So far, such attacks have been rare to witness. 

Microsoft azure claims that multi-factor authentication blocks an unbelievable 99.9% of enterprise account hacks. Adopting this method is the least the organizations can do to protect their accounts as the rate of compromise of accounts is less than 0.1% for the companies that are using any type of MFA.

Even with the least compromise rate, the use of MFA is uncommon with less than 10% of the users per month (for enterprise accounts) – claims Microsoft. This statistic alone contradicts the FBI’s threat of MFA compromise, and businesses were not expecting it. However, the FBI states that the use of one-time codes and secondary tokens is not enough to back up the user and his credentials, nor is it sufficient to protect his identity.

How MFA is vulnerable to cyberattacks

 

Despite the endless struggle of businesses to protect the user’s information, by making account access harder and complex through two-factor and multi-factor authentication, it can still be vulnerable to breach. There is a high-risk that cybercriminals can attack and trick users into disclosing their credentials and authentication codes through social engineering. Or, they can create an account for themselves through the use of technical interception.

Phishing

 

Phishing attacks are a great example of social engineering. They can be used to lure victims into providing their credentials through a fake login page. Due to readily available technology and APIs, it is not difficult for criminals to create a fake login page. Attackers make use of different social engineering tricks (for example emails, fake job alerts, etc.) through which they tempt the users to click the link which is a clone of the original login page.

When the victims enter their credentials, the hackers fetch that information and pass it to the real login page, henceforth triggering the multi-factor authentication procedure. The victim is shown fake prompt requiring the texted or mailed code. Just like before, the hackers catch the code and complete the authentication process. 

This is not as easy as it seems. Hackers need to be fast enough due to the limited time-factor associated with the code. But once the process is successful, there’s nothing that can stop them from carrying out their activities.

Password Reset

 

Many times, the authentication process can be bypassed through the “Forgot Password” procedure, if a hacker is in possession of “something you have” item (for example, email). 

If the criminal/hacker has gained access to the victim’s email account where the verification link or code is sent, the attacker can easily use the “Reset Password” link and change the passwords to something else by following the instructions. Moreover, once he has access to the account, he can even change the recovery email and phone number, giving him complete access. 

Third-Party Logins

 

The explosion of online platforms has introduced a new authentication process for enhanced user-experience – through third-party logins. 

In this process, the user is offered an option to log in using third-party accounts and bypass the 2-factor authentication procedure. An example of such a case is “Login with your Facebook Account” or “Login with your Gmail Account”. In this case, an attacker can easily take over the accounts once they have access to your Gmail or Facebook credentials (through phishing and forget password procedures).

Brute Force Attacks

 

With the advancement of technology and automated tools, hackers have the opportunity to obtain user passwords and verification codes through brute force attacks. Through brute force, the attackers can gain limited-characters tokens. The tokens or verification codes are quite useless if the attackers get enough time to apply brute force and obtain the token. 

Advanced Tools and Techniques

 

On the one hand, technology has helped organizations in securing their digital presence, while on the other, it has also contributed to the innovation of advanced hacking tools.

In its investigation, the FBI has highlighted different examples of tools and techniques that are being used to defeat multi-factor authentication. It includes web hacks, cyberattack tools like NecroBrowser and Muraen, not to forget straightforward SIM swapping. The main issue with MFA is that organizations find it an ultimate solution for the security of the institution.

Solutions to Cyberattacks

 

While massive data breaches and identity theft are on the rise, multi-factor authentication is becoming the standard procedure for most of the organizations to secure themselves from attackers. 

No doubt, it is quite a secure method but hackers are now finding ways to get around MFA. While the risks are rare, the fact that a growing reliance on MFA can lead to growing attacks on MFA can’t be ignored.

FBI states that as per research 99% of the attacks are triggered by the person’s activities i.e. through clicking the link and falling victim to phishing scams as well as social engineering hacks. The most effective solution is to educate employees and consumers to recognize the phishing attacks so that they can try to avoid them.

Use of Biometrics

 

Use of Biometrics

 

The multi-factor authentication can be secured just by adding an extra layer of security i.e. Biometrics. 

The hackers can access something you know (credentials) and something you have (authentication codes) but they can’t access something you are (biometrics). Biometrics are the unique features of a person that can’t be stolen or changed. Incorporating biometric verification with 2-factor authentication can provide the most effective and secure authentication process.

Reasons Why Brokerage Firms Need ID Verification

4 Reasons Why Brokerage Firms Need ID Verification?

According to Steve Grobman, Chief Technology Officer for McAfee, “The digital world has transformed almost every aspect of our lives but bought risks and crimes too. Crime is more efficient, less risky, more profitable and has never been easier to execute. Financial institutions of all stripes- banks, credit unions, brokerages, and payment companies need to take a layered approach to cybersecurity and fraud prevention.”

Moreover, the New Global Cybersecurity Report Reveals Cybercrime Takes Almost $600 Billion Toll on Global Economy. Financial institutions are required to abide by AML and KYC regulations. They are required to perform KYC and AML compliance. Financial institutions need to practice in-depth KYC and AML compliance to prevent themselves from falling prey to cyber scams like a data breach, money laundering, ransomware, etc.

An Insight to Brokerage Firms

Want to trade stocks? You’re going to need an online broker. Brokerage firms are financial institutions that help you buy and sell securities. They act as the middle man between the buyer and the seller. Depending on the brokerage firm type you choose, you can either make your investments via telephone, internet, or smartphone. Brokerage firms generally charge per buy or sell order. Online brokerage houses may not have any physical office at all. They operate via the internet only so they are more prone to falling for cyberattacks. Isn’t it? 

Online Identity verification can serve the best in this regard.

ID Verification- Requirement for Brokerage Firms

 

To comply with the US. government law, Brokers collects personal information from their customers. It may include tax identification and financial information. Rules imposed by a Self-Regulatory Organization (SROs) brokers request information from new customers as well as customers having a long-standing relationship with the firm. Also to fulfill the KYC and AML requirement they need to know who they are dealing with plus if they are exchanging the money between the right two parties. 

Following are a few reasons why ID verification is crucial for brokerage firms:

 

  • To Fulfill Suitability Law

 

According to FINRA suitability and SRO rule when a broker recommends that a customer buy or sell particular security he must have a reasonable basis for believing that its suitable for the customer. 

 

  • To Fulfill Record-keeping Requirement

 

SEC rule requires the brokerage firms to create a record for each account with an individual customer. It should cover name, address, DOB, government-issued ID information. To be sure about all the record brokerage firms need to verify all this information first. ID verification plays its part here. Brokerage firms need an online address verification tool to confirm that the person is not lying about his residence. Online ID verification is important for brokerage firms not only to combat fraudsters but also to fulfils the record-keeping requirement by SEC (Securities and Exchange Commission). Brokers must make a good faith effort to obtain and verify the information of their clients. 

 

  • To Combat Terrorist Financing:

 

Money laundering is committed to hiding the money trail or black money. Financial institutes are often deployed by criminals to launder black money in other countries for various purposes including terrorist financing. The brokerage firms can be a victim of this too. So to adhere to Counter Financing of Terrorism (CFT) brokerage firms need to know who they are dealing with and where the exchange is taking place. 

 

  • To Counter Fake Identities and Frauds:

 

According to a study, 3 million identities were stolen in 2018 and 1.4 million of those stolen identities were fraud-related. Criminals use fake identities to open accounts at financial institutions to conduct their illegal activities. The most common victims of identity thieves are the financial institutions because they serve well the money motive of criminals. Online KYC and AML solutions help the financial institutions in preventing the risk that comes from a diverse clientele. Identity thieves and money launderers can be identified at the very first stage and help the businesses in serving only legitimate businesses. 

Wrapping it up, the brokerage firms (online or physical) are common victims of criminals. The product of brokerage firms is exploited for hiding the black money or to transfer funds to the terrorists anonymously. Hence, the reason why brokerage firms are advised to run in-depth KYC and AML screening on their investors. It helps them onboard a secure clientele and getting a good credit rating due to regulatory compliance.