GUEST POST: Disinformation Is Big Business, So Don’t Be A Ġaħan

August 3, 2021 at 5:45 pm

[Lovin’ Malta]

As the poster girl for IT klutzes, I am in the perfect position to explain why and how we may be taken in by assorted tricksters, frauds, cheats, con artists, scammers, swindlers, charlatans and others of their ilk.

There was a time when Fake News consisted of letters from Nigerian Princes, widows of filthy rich Emirs, and American attorneys look for people with one’s (unspecified) surname, in Malta. The press still throws up occasional stories of women who were hoodwinked by someone purporting to be God’s gift to womenkind – but that is another story for another day.

What we have here is a ham-fisted attempt at cryptotypography, distypography or pseudotypography… call it what you will (people can create fake websites, so Henry Whelchel can create fake words…).

Are you a Ġaħan?

Sometimes, a fake website is created with finesse. There is a tactic called the IDN homograph attack, which basically consists of using a letter that looks like another – but isn’t, like when you use the upper case I instead of the lower case l, or Cyrillic α, or any other letter that looks like an a, instead of the English a. For instance, maybank2u.com is not mɑybɑnk2u.com, and citibank.com is not citibɑnk.com.

The ones that are sullying our ether are less likely to pass muster, if one is careful – they just spell names differently, or leave out letters when the real site’s address is used.

Sometimes, a homograph attack website is funny; in 2011, Completely Anonymous registered a domain name homographic to television station KBOI-TV. It was an April Fool’s Day joke reporting that the Governor of Idaho had issued a ban on the sale of music by Justin Bieber. We can safely say that anyone who clicked on the link was… Rick-Rolled.

A homograph website may be satire; and it falls into disuse when there is no longer the “need” for it.

Sometimes, it’s malicious and serious; in September 2017, security researcher Ankit Anubhav discovered an IDN homograph attack wherein the attackers registered adoḅe.com to deliver the Betabot trojan.

People behind fakes sites have a lot to win – and a lot to lose. But they think the game is worth the candle, especially if they have an agenda. It is anyone’s guess as to the who, what, and why, are behind the mushrooming local fake sites

But of course, fake sites are not the only way that fraudsters use to try and fool us into believing lies. In Maltese we say that people throw a stone and hide their hand… that is why people love sites that help you invent a new identity, to hide your actual one.

The identicon generator is a free online tool to generate visual representations of a hash value; it’s like an avatar that protects a user’s privacy… or, in plain language, make him anonymous.

Even the most streetwise punter turns into malleable putty at the hands of shrewd shysters. We have all seen the amusing advertisements that “allow” us to be a not-a-hair-out-of-place version of ourselves, or even Einstein or Mona Lisa, during video conferences, by using Ali Aliev’s invention. The ‘fact’ that anyone with an iPhone can do this is very worrying, and the implications are enormous.

Those of us who have had their Social Sites accounts hacked know what a hassle it is to get them back – this, however, is creepy.

Deepfake technology is Photoshop with bells and whistles. It is not just a visual trick that makes monsters roar and speak in films. It turns sinister when it is used to manipulate the public. Anyone who has the time, technology, and know-how can create videos of people – and this includes celebrities, journalists, and politicians – saying exactly what they want them to say; Barack Obama calling Donald Trump a ‘complete dipshit’; Mark Zuckerberg bragging about ‘having total control of billions of people’s stolen data’, and so forth. You can even ‘be’ the star in a film, by replacing the main actor’s face with your own. You can even create fictional people who would then be able to have Social Sites profiles… either for catfishing, or for spying, such as Maisy Kinsley or Katie Jones . Gone are the days when we watched in awe as the Mission:Impossible team deceived wrongdoers by putting on silicone masks.

How long will it be till we see the face-swap equivalents in Malta, despite our having less than the Six Degrees of Kevin Bacon Separation reality?

In my day, we spent hour splicing tapes to get exactly the Mix we wanted (cassette players made the job far easier!); but this is all done through manipulation of clips and data.

It used to be that someone on your e-mail address book list sent you a plea for money because they were stuck in Schiphol airport. Unless that someone would just have left your house (it happened to me!), you could well have believed the deceiver, and sent the cash… never to see it again.

These days, the smoke and mirrors scams go further.  Even audio can be deepfaked. There are voice-clones or voice-skins that are much better than those of imitators, because they are made from the voice of the person being ‘utilised’, himself.

This does not mean that the good old fake e-mail system has been forgotten, though; this, too has been turned up a good couple of notches. There are sites that let you send fake e-mails, and the recipient may well believe that the person who “signs” it is a turncoat, or has mental problems, is open to taking bribes, or is orchestrating a take-over bid in the industry. As an added bonus, you can even get a person to click on a phisher link.

Disinformation is big business.

• Look at the website / e-mail address. Do all the letters appear to be of the same font and size?
• Never click on a link; type out the address fully; by digit, by letter, and punctuation mark – by digit, by letter, and punctuation mark.
• Contact the person by phone, if you can, to check whether he really did send you “that”.
• If you suspect a website, e-mail address, or social site account are falsified or fake, do not be tempted to use them as a ‘test’, i.e to see whether / how the cheater will reply.
• Try putting an address in a Search Engine with the word ‘fake’ (without inverted commas) in front of it (leave a space) and see what comes up.
• Pay close attention to trends and agendas. Think about how The Incredible Hulk always seemed to have a replacement shirt after having torn the one he would have been wearing as Dr David Bannister.