Mazhar Hamayun is a cyber security professional with over 20 years of hands-on technology and leadership experience. At Check Point Software, Mazhar works as a cyber security engineer and in the Office of the CTO, committed to helping different organizations achieve success in both strategic and technical initiatives while contributing to Check Point’s own security practices.
In this insightful interview, Check Point Security Engineer Mazhar Hamayun shares insights into misinformation, disinformation and why they are genuine cyber security issues.
What is a fake news, in your opinion?
I personally think that there is no such thing as “fake news.” If the information is fake, then it’s not news.
News, of course, should always be accurate, and where there is uncertainty or controversy – this should be made clear. More info here.
What’s the difference between disinformation and misinformation?
There are people who knowingly or mistakenly create or pass on information which is not accurate, and this can, more precisely, be referred to as “disinformation” and “misinformation.”
- Disinformation– like dishonest – means it’s deliberately false.
- Misinformation– like mistake – means there wasn’t a deliberate intention to create or pass on false or misleading information. It was a mistake.
What is the motivation for disinformation or misinformation?
It is worth considering why someone would want to create disinformation. This will help you identify it. You need to understand their motivations, which could largely be divided into two categories.
Financial gains
Will the instigator financially benefit? Are they trying to discredit a competitor or political rival? Are they a fervent believer of a certain way of thinking and trying to persuade others to share their views? Are they trying to frighten people or cause confusion with their content?
If the content is making a claim of commercial gain or large profits – investigate further.
Political disruption
When someone spreads malicious/fake information about a country or a public service organization, their motives may be to cause doubt about a particular entity.
If the information shared contains accusations of wrongdoing against an entity, it may cause social unrest, e.g. sharing some sort of corruption scandal or other wrongdoing.
How can we verify if it’s misinformation?
To identify misinformation or fake news, it’s very important to verify the source of information, how it’s getting shared and to also verify the authenticity of claim/information by looking around at known and credible news sites.
As an alternative way to verify the news, try to check the original website/news release of company/entity mentioned in the news.
Why disinformation is a cyber threat?
As per some recent work done by assorted organizations, cyber security focuses on protecting and defending the IT infrastructure and on preventing hackers from stealing confidential information and business records. Cyber security also focuses on keeping the critical system up and running for continuous operations.
Threat actors with malicious intent craft different attacks to compromise systems. Sometimes they craft phishing emails with some disinformation related to ongoing global events and use that as a possible entry point.
The difference between a disinformation attack and a traditional cyber attack is the target. Traditional cyber attacks are aimed at computer infrastructure, while disinformation exploits tend to target common users and mixture of these two techniques can be used as a successful attack. In traditional cyber security attacks, the tools are malware, viruses, Trojans, botnets, and social engineering. Disinformation attacks use manipulated, mis-contextualized, misappropriated information, deep fakes, cheap fakes, and so on.
What is cognitive hacking?
When we think of hacking, we think of a network being hacked remotely by a computer nerd sitting in a bedroom using code she’s written to steal personal data or money – or just to see if it is possible.
The idea behind a cognitive hack is simple: “Cognitive hack” refers to the use of a computer or information system (social media, etc.) to launch a different kind of attack. A cognitive attack relies on its effectiveness to change human users’ perceptions and corresponding behaviors to achieve success.
When we talk about misinformation, much of the time, we hear about impersonation attacks. What are they ?
Impersonation is the practice of pretending to be another person with the goal of obtaining information or access to a person, company, or computer system.
Can you share some of the lessons that you've learned from the cyber security world?
In the face of grave concerns about misinformation, social media networks and news organizations often employ fact-checkers to sort the real from the false. But fact-checkers can only assess a small portion of the stories floating around online.
Back in 2017, IEEE published an article to cover this topic, and the article is still relevant today. The article can be found here.
In past decade or so, media and technology professionals have experimented with ways to fight disinformation through machine learning and data science. That’s an important step. But as misinformation campaigns become increasingly sophisticated, we can’t forget about preparing the public to identify disinformation, too.
Facebook is experimenting with machine learning to fight disinformation. The company is also using algorithms to reduce the number of false news stories in users’ news feeds.
Google is working with the International Fact-Checking Network to offer free fact-checking tools and to hold training sessions. Additionally, Google’s tech incubator, Jigsaw, launched the Share the Facts widget, which allows publishers to highlight their fact-checks and verified information.
There are other tools to fight disinformation online. Spike and Hoaxy help to identify false news sites. Snopes, CpostdTangle, PHEME, Google Trends, and Meedan all assist in verifying breaking news. Le Décodex from the Le Monde database categorizes websites with tags such as real or fake.
We must treat disinformation as a cyber security issue in order to find effective countermeasures to cognitive hacking.
For more from Mazhar Hamayun, see CyberTalk.org's past coverage. Lastly, get engaging stories, expert analysis and real-world reports delivered to your inbox each week – subscribe to the CyberTalk.org newsletter.