A Digital World prone to human weaknesses

Throughout history new developments have always brought new risks with them. New forms of transportation brought along new types of incidents, for instance car crashes. New weapons have brought new forms of destruction, most notably the atomic bomb. Nowadays the development of cyberspace within of our digital world is bringing about new dangers as well. Identity theft, online scamming, doxxing, blackmailing, and phishing are just a few examples. As a student of security studies such cases have provided interesting reading material about the darker side of our relationship with digital media and consequently, its weaknesses.

So, what are those?

Humans have always been susceptible to threats, especially when acting without the necessary safety measures. Crossing the street without checking for cars increases the change to get hit by one, and in the same way entering cyberspace and engaging with digital media without the necessary knowledge and safety measures increases your chance of being a victim of cybercrime. Although you have most likely already been hacked at least once in your life, most people would sleep a little more comfortable knowing not everyone has access to that one secret folder hidden on your computer or even your internet search history. Using a VPN and two-step authentication is the bare minimum a person can do to protect their online data. Once a weak spot is found and exploited however, there is little the average person can do to stop malicious malware from infiltrating their systems unless they happen to be a highly skilled themselves.

As attacks increase in both number and severity, we as a society simultaneously become more resilient to them. Our increasing knowledge and the available tools help us to protect the digital aspects of our lives. However, with the increasing development of cyberspace and its role in our daily lives, the types of cybercrime change with it. When looking at the current state of our digital world, its threats and its flaws, it appears that the biggest weakness are humans themselves. This makes sense considering human error is common, leading to flaws in the infrastructure that provides us with the tools to create our digital lives. Besides unintentional mistakes, criminals use human weakness as a tool to access encrypted information commonly via social engineering. This is the exploitation of human weakness to access information that should otherwise be limited to the owner/user. On a basic level this could be entering a building that’s only accessible with a special card by tailing somebody, so they’ll hold the door for you. After all we’re all Hodors and the general person wants to be polite to others to be liked. This is one such example of exploiting human weakness. Another way is through the impersonation of and usage of tricks that disarm the other person. Namely, consider this video of a woman getting access to a guy’s information via his phone company by pretending to be his wife: https://www.youtube.com/watch?v=lc7scxvKQOo. A notable detail here and example of human weakness being exploited is the sound of a crying baby, through which the criminal is preying on the phone operator’s human natural sympathy. This is currently a very popular method of operation for criminals.

An interesting fact is that there’s a possibility for companies to test their vulnerability to such attacks via – please keep a professional mind – penetration testers. If you want to know more about that I can recommend this podcast episode

Storytime: Once upon a time a friend of mine was looking for festival tickets that she wanted to go with her three friends. On Facebook she saw that a her colleague was selling tickets to that specific festival, so naturally she sent him a message letting him know that she would gladly like to buy his tickets. Since they were colleagues she asked if he was working that evening so they could figure everything out then. He let her know he wasn’t scheduled to work that evening so they closed the deal via messenger. Later that evening she arrived to work and saw the guy was there! While saying hi and asking what he was doing there since he said he wouldn’t be, the colleague acted surprised and seemed to have no knowledge of their deal whatsoever. Long story short, she transferred a massive amount of money for the festival tickets to an online scammer. This happened not too long ago and it’s hard to trace such a guy back so she was forced  to say bye to her money. What is impressive about such a scam is that the criminal in this case can convincingly portray them self to be another person, even in the way they talk online.

So, what should we do?

I know how to solve this problem as much as I know how to solve climate change (assuming everybody believes its real). Each individual can protect their own data by the necessary measure – as previously mentioned using a VPN etc. – and educating people on the risks could help. Such little things can help the situation, but in the end I actually have no cure-all solution for the issue at hand here. Perhaps we ought to just take a step back, and I mean a huge step back, and go back centuries ago as life was before the digital age arrived. In this way, perhaps we could also halt climate change… but that’s an issue for another time  (and planet?).