Sana Afouaiz is an award-winning gender expert, women’s advocate, and public speaker on global feminism and women’s issues in the MENA region. For the past five years, she has advised the United Nations, the European Commission, corporate institutions, and organizations on gender issues. In 2016, she established Womenpreneur Initiative, an organization with a community of 10,000 across 20 countries, which aims to advance women in the entrepreneurial scene, technology, innovation, and society. In recognition of her achievements, Afouaiz was named an influential woman by the World Bank. On July 17, 2020 she spoke as a role model at UNIDO’s International Online Conference “Women in Industry and Innovation,” organized in cooperation with UN Women and FAO.
You said that the cultural environment you lived in made discrimination perfectly acceptable and visible. Can you give us an example?
I grew up in Morocco, in a family of eight girls, and my sister and I have always been treated as if something was missing and that something was a man, a brother. This really hurt my sisters, who felt like we were not complete, we felt guilty because of our gender. I let all this make me stronger and inspire my work.
Do you still experience gender-based discrimination?
I do, every day. For instance, I’m quite direct, and in the culture I grew up in it is men who are supposed to be assertive. Women should rather be soft and sweet, and therefore they feel limited in terms of exploring discussions at a certain level. This reminds me a bit of the time when Aristotle and other eminent ancient thinkers would say that women were not capable of contributing to philosophical debate. It happened at a different time but it’s the same vision many have today.
I also face discrimination because of my age. Sometimes it is difficult for men to take me seriously when I’m looking for funds. I don’t mind people asking about my age when I am presenting a project to be sponsored but I do mind when that is the first question asked and the second is about my marital status. I don’t think men are usually asked those questions, no matter how young they are.
In Morocco, only 5% of firms have a female top manager and only 10% of entrepreneurs are women. And in the whole MENA region, things are not any better. In your opinion, what holds female entrepreneurs back, at any level?
Different issues come into play. And it is not the same in each country of the MENA region. In the eyes of westerners, the MENA region is perceived as one entity, but it is a very non-homogenous group and encompasses many countries, with a different history, culture, and political conditions.
If you take countries like Morocco, Lebanon, and Tunisia you will find that women have achieved certain rights, they are visible at some level and the lack of women’s participation in the economy is related mostly to the social atmosphere and the general mindset.
As a matter of fact, there are a great number of female STEM graduates across the whole region. Yet, very few of them achieve entrepreneurial careers. How should this problem be addressed?
You can’t fix gender issues in the MENA region by merely giving women funds and teaching them how to become entrepreneurs, for instance. It has been done for years now and it just doesn’t work. Female entrepreneurs are still very few, they operate in informal markets and face constant discrimination. Those who are successful make it abroad, not in their country. Further problems are technical issues such as accessing the right human resources or the fact that the bureaucracy in the region is very complex. It’s a tricky process and in the end, female entrepreneurs get tired and give up.
Another problem with the MENA region is women’s limited access to financing and most of it is microfinance. That’s why female-led startups are not thriving as they should. If we really want to support women, we should financially support their projects. With Womenpreneur we did training with some investors to make them understand the gender bias because sometimes it is internalized. The investors don’t feel like they are intentionally excluding women, but they do because it’s ingrained in their minds.
What other factors may cause such imbalance?
A big issue is the access to resources and opportunities, which is a struggle for all entrepreneurs—men and women. We have Dubai, where you can find many huge investors and all the entrepreneurs want to go there to be funded and start their companies, but if you look at Arab startups you can see that they don’t last.
The best example is Careem, the Uber of the Arab world. It was a huge success funded in Dubai and a product of the MENA region. But it was sold to Uber last year. The problem is that we don’t have a structured ecosystem that can help create innovative startups and make them last.
Then you have the lack of a legal framework to explain and facilitate the creation of startups, companies, and entrepreneurial projects that could help boost the economy.
Can you give us more details about specific countries in the MENA region?
Some countries have a more developed approach than others. Tunisia, for instance, is a very good ecosystem, I find it dynamic, active, very supportive.
Moreover, a very interesting initiative was started, when a group made of private and public institutions and entrepreneurs created a legal framework project explaining what is needed by different entrepreneurs to succeed with their startups in Tunisia. It was presented to the government and they accepted it. Today it is called Startup Act and is becoming a space that provides legal information, the right resources, the right contacts, the right business support and I think that’s amazing.
But again, even in this space women are invisible, and female startup founders are few. But I believe in Tunisia’s effort to change that.
In 2019 Womenpreneur went on tour to map and visit the female entrepreneurial talents of three countries: Morocco, Tunisia, and Jordan. Did you get new ideas or find new starting-points from this journey?
It was an amazing tour, we also did a policy paper study and roadshow events in each country. We traveled to different cities, meeting female tech entrepreneurs who developed interesting startups and companies, who raised huge funds inside their countries and have half of their offices across different countries, especially in Northern Africa and Sub-Saharan Africa.
We have also conducted surveys with many women entrepreneurs in different countries, and we had meetings with experts from the financial sector, the public sector, and the government, to really have an overview of the baseline for women in tech. Afterwards, we published a document recommendation that also provides interesting propositions to improve the ecosystem for women in the region and I think it’s one of our tour’s highlights.
Through our tour we connected more than 2,000 people and published engaging content through our media platform, reaching out to more than 500,000 people.
Many businesses have been disrupted by Covid-19 and you are trying to share your experience through webinars and online events. Can you tell us more about your support for women entrepreneurs from the MENA region during the pandemic?
The first thing we did was set up an online space for women to access information and understand what they could do in the short term to revive their businesses and initiatives.
Meanwhile, we’ve been running a research study in the MENA region about the impact of Covid-19 on women at different levels: social, economical, and political. The research was run by our experts and through that, we developed different possible projects we are going to implement in the region. One of them is a program dedicated to supporting female entrepreneurs in understanding how to cope with the crisis. The program has been finalized and we are going to start it by December targeting women from 10 countries in the Mediterranean.
We have also launched Generation W, an online six-month acceleration program to support women who are impacted by Covid-19, to help them find a job or develop a project. We’ve seen that the pandemic has heavily impacted the job market and it has created a lot of unemployment, 80% of which is affecting women.
We focused on providing women with high-tech skills, and this will make it easier for them to find a new job. The program is ending at the end of November with a total of 140 activities developed with more than 20 national and international partners.
How will developing tech skills help those women through the crisis and possibly afterwards?
Coronavirus has heavily hit the economy but we’ve also seen that a lot of jobs are not necessary anymore. The digital revolution is rapidly changing our economic systems. During the outbreak, robots have been used to clean hospitals in Japan, and unfortunately, that has cost many people their jobs. But robots have also been used a lot in the medical field.
Coronavirus is just one of the many crises we’re going to live through and women may always be the frontline victims. That’s why we need to help these women acquire tech skills to survive and this is something we do through advocacy and lobbying, also advising international organizations. Women have been the face of Covid-19, they’ve been the ones saving people, from nurses to doctors to food providers, and it saddens me how different countries try to manage the crisis. When you see that there is no budget dedicated to women, even though they represent more than 50% in each country across the globe, it does say a lot.
Failure. Failing to achieve your intent, not accomplishing your desired goal. In essence, having an idea and not being able to implement it. It’s frustrating and hard to accept, to the point that the fear of negative consequences often dampens the innovative drive of many individuals and organizations. Held back by the fear of failure.
Sometimes, however, missing a target can be a great stroke of luck because perhaps you miss the first one, but you score a bigger one right beside it, or because that mistake has repercussions that enable you to achieve something extraordinary. This must be why people sometimes let themselves go and take risks anyway, and organizations say they want to foster a corporate culture that celebrates error and failure. At least in words.
I wonder if Dharma Jeremy had the same opinion. He was born in Canada, raised in a log cabin without running water and electricity, and later became a computer enthusiast with a master’s degree in philosophy. While playing a video game, he got a crush on a girl who he never got to meet, a circumstance that probably led him to become passionate about the phenomenon of interactions in virtual spaces.
In the early 2000s, just before the dotcom collapse, he decided to found a startup to develop a game that had no real purpose, except that of helping people interact: and in fact, he called it Game Neverending. The idea was inexplicably unsuccessful, but before shutting down the startup, he drew on a part of the technology that he had developed and created a concept in which people exchanged boxes of photos and then commented on them. After all, this, too, was a social interaction that was not very different from a game that has no real purpose. The idea took off, and within a matter of months, it attracted Yahoo’s attention, which acquired it for a few tens of millions of dollars.
After working at Yahoo for a few years, Dharma Jeremy decided that big business was not for him: too much politics and too many delays, and too little growth. He left and decided to launch another massive game without a real purpose—only it was much nicer and better looking than his first one. This time he thought big; he raised a lot of funds from Venture Capitalists and put together a strong team of game animators, designers, and developers for another shot at what he had failed doing the first time.
But this second attempt didn’t work either. The game didn’t catch on, even if it did build up a small community of diehard gamers. But in order to work together, the team developed an internal chat system that changed the way a team worked together, exchanging messages and documents. After all, this is also a form of social interaction that is not very different from a game that has no real purpose.
When they shut down the game project, they realized that they wouldn’t be able to use their communication tool anymore, and the fact that this displeased them made them think that maybe they had something in their hands that could capture a market. They asked their venture capitalists if they could use the remaining funds to turn their prototype into a product. They pivoted their focus to the new product and fired 80% of their employees; in style, however, helping them swiftly find new jobs. After a short while, they launched the product and turned it into one of the fastest-growing corporate software applications at the time. In just a few months, the company reached a billion dollars in market value, went public after a few years, and is now worth $16 billion. Not bad for a failure.
Dharma Jeremy Butterfield changed his name to Stewart at the age of 12. Now he is a charismatic CEO, as well as a pleasant and engaging philosopher as he tells his stories. In his interviews, you can see that he has connected the dots of his experiences and that his successes result from his mistakes and failures, but not everything happened by chance. He says that he has always been guided by his passions and his sense of responsibility towards colleagues, investors, and end-users. And following these guidelines, he tried and changed until he found a solution.
By the way, the two failures that Butterfield turned into successes are called Flickr and Slack.
Nowadays hackers seem to be everywhere. They could be behind you in line at the supermarket, sitting next to you on the tram, or they could even be you. Yes, that’s not a mistake: if we stick to the original meaning of the term hack, it means finding an unconventional solution to a complex problem.
We’ve all done at least one ‘hack’ in our lives but not all of us are hackers as we generally conceive of them in our culture. But primarily, not even hackers agree with each other on what hacking is. Books and movies, however, shape our imagination and provide us with several examples of what a hacker is—or more precisely a partial look at what our society thinks about them. One of the most famous depictions is from the movie that in 2020 turned 25 years old: Hackers.
A techno-thriller in which young, rollerblading, computer geniuses manage to ruin the enemy’s plans. Since then, Hackers has evolved into a cult favorite and seems to describe the attitude of hackers, which in the movie is highlighted with very direct slogans such as “Hack the Planet,” and “There is no right and wrong/There’s only fun and boring”).
This description of hackers certainly clashes with the hacker we’re all afraid of and that is usually stereotyped as the white, middle class, overweight male kid with a hoodie, clicking at sidereal speed on the keys of his computer with rivers of acid-green lines of code running incessantly on the screen, which is the only source of light to illuminate his dark little room. Usually, this figure is intent on committing computer crimes, destroying systems and infrastructures, and jeopardizing the security of our democracies.
News reports seem to confirm this notion of hackers as criminals: one of the most recent and consequential hacker attacks was that of Guccifer2.0, a moniker used by some Russian agents who hacked the Democratic National Convention systems in 2016, publishing data online and thus contributing to the destabilization of American elections. But there have also been hacker attacks with more concrete consequences, as in the case of Stuxnet malware in 2010. Then, hackers linked to the U.S. and Israeli governments infiltrated computer systems of the uranium enrichment facility at Natanz, in Iran, to sabotage the centrifuges and to slow down and damage the uranium enrichment plant. Because of its capabilities, Stuxnet has been called the world’s first digital weapon.
Hackers have always been sitting between these two extremes: brilliant saviours of the world or dark and heinous criminals of cyberspace. Or at least this is the lazy dichotomy we like to apply to a much more complex world that shows all the different nuances of hacker culture.
The first references to this world can be found in the late ‘50s and early ‘60s: at the Massachusetts Institute of Technology (MIT) the term was related to MIT’s Tech Model Railroad Club (TMRC): students used to have fun fiddling around with electrical systems and messing around. But hacking doesn’t have a single root, in fact in the same years phone phreakers were already actively hacking systems. We can consider them as direct ancestors to the underground hacker. They were people interested in the operation of the phone system, they studied its architecture and tried to exploit the system to route calls for their own benefit—most of the time this means to make free phone calls.
The best definition of a hacker is suggested by Gabriella Coleman, an anthropologist and academic and one of the greatest experts of the hacking world: “A hacker is a technologist with a love for computing and a ‘hack’ is a clever technical solution arrived through non-obvious means.” In those MIT years, students enjoyed demonstrating their technical aptitude and cleverness.
The lack of defined origins is however an important signal of what came next: in those years, thanks also to the widespread adoption of electronic technologies and of the digital sphere—the internet network was born in 1966 and the first computers connected to the ARPANET network appeared in 1969—a certain type of world vision, with shared ideals, emerged.
This hacker ethic is found in Steven Levy’s book titled Hackers: Heroes of the Computer Revolution. Hackers are convinced that computers can improve our lives, that all information should be free, that in order to pursue knowledge access to computers and anything that might teach you something about the way the world works should be unlimited and total. And also that people can create art and beauty on a computer. At the same time there was an ultra-push to adopt meritocracy: “Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.”
Positioning these hacker ethic principles at the center, however, risks flattening the historical differences between the movements that have emerged since then and the problems they carry with them. As Coleman recalls, this ethic is often invoked in simplified terms, “whitewashing the most fascinating ethical dimensions that flow out of computer hacking.” And it also risks hiding sometimes under the carpet some systemic problems of this culture: such as episodes of sexism, misogyny, sexual harassment and raping happening all around security conferences or in hacker camps—and involving prominent figures of the hacking scene.
However, the genealogical tree of the history of hacking, starting from multiple roots, continues to branch out into multiple ways that sometimes flow together, sometimes ignore each other and sometimes even end up colliding.
Hackers helped invent the field of computer security: that is, those computer researchers who look for vulnerabilities in systems and report through a ‘responsible disclosure’ process to companies in order to let them fix the bugs found. These hackers usually call themselves ‘grey-hat’ and ‘white-hat’ in complete opposition to ‘black hats’ who are mainly hackers that carry out illegal activities.
But the differentiation doesn’t stop there and the confusion increases, there are hackers that have absorbed a more political and activist approach: so called ‘hacktivism’ and ‘anti-security’ are born.
First coined in 1995, the hacktivism label encompasses all those practices of resistance rooted in political ideals. We have hackers located primarily in Latin America, North America, and Europe, who have set up collectives often influenced by the political philosophy of anarchism.
Among the actions carried out by this hacktivist, we recall the acts of ‘electronic civil disobedience’ to draw attention to the Zapatistas in the 1990s. Hackers built a tool called FloodNet that would flood a targeted website with traffic: those were the digital version of mass strikes that usually happen in real life, but in this case they were aimed against websites and online services.
At the same time, another type of hacker is asserting itself, trying to exploit the vulnerabilities of computer systems for its own benefit: adopting the anti-security mantra in order to infiltrate government systems, steal data, and publish them online.
This is the birthplace of one of the most fascinating and active movements in recent history: Anonymous. In the early 2020s this collective of hackers inflicted attacks everywhere: against the Church of Scientology, DDoS attacks on several government sites, data leaks and attacks against Visa and Mastercard. After a series of arrests that sank the collective in 2011, recently during the uprisings of the Black Lives Matter movement in the USA, Anonymous emerged once again ready to strike.
This kind of activism exploits technical vulnerabilities in order to exfiltrate documents in the public interest and shame governments, corporations and public figures.
Nowadays, from the wrongfully-depicted darkness of their rooms, hackers have actually reached even political positions: Beto O’Rourke, the Texas Democrat who dropped out of the primary on October 2019, was a member of a famous group of hacktivists: Cult of the Dead Cow (cDc). And one of the cDc slogans shows how relegating the history of hacking to solely the sphere of technology is in turn limiting: “Global domination through media saturation.” They weren’t simply hacking software systems, they were also hacking media narratives.
And counteracting media narratives is still a constant struggle for hackers nowadays. Some of them have turned into full-time security specialists working for big corporations, others are immersed in the academic world, while others still run loose trying to steal personal data, credit card information and selling them online for profit.
Despite this multifaceted hacking world, a large part of the population still considers them only criminals and it seems that not much has changed since 1986 when an essay by a hacker known as The Mentor, titled The Conscience of a Hacker—universally known as The Hacker Manifesto—depicted a public outcry:
“We explore… and you call us criminals. We seek knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you call us criminals. [….] Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto.”
The Covid-19 pandemic stopped the world, causing thousands of deaths around the globe, and questioning the structures of our societies, economics, and cultures. Following the quarantine requirements, human sociality progressively moved online. As a consequence, digital infrastructures were under severe stress for a few weeks, following a massive increase in data consumption and connectivity demand. More people online for more time also meant more chances for cybercriminals to spread malware and other viruses exploiting code vulnerabilities and human weaknesses. In the face of this full-force technical gale, computer security expert Mikko Hyppönen tweeted out a warning to internet criminals: “Public message to ransomware gangs: Stay the F away from medical organizations. If you target hospital computer systems during the pandemic, we will use all of our resources to hunt you down.”
What follows is a conversation in lockdown, in March 2020, between Philip Di Salvo—an academic and journalist who covers surveillance, hacks, and leaks—and Salvatore Vitale—a visual artist who works on security imagery and the politics of data, who recently infected a computer for art’s sake.
Philip di Salvo: In these first days of quarantine in Northern Italy, I was thinking about how frequently I used the term “virus” in a technological context, compared to a medical, biological one. It strikes me now, to see this term gaining such a crucial meaning in that regard.
Salvatore Vitale: I’ve been thinking about it a lot too during the past few days. We are all witnessing the limits of our political and economic systems, therefore their social impact somehow reflects the way we, as humans, aren’t fully aware of how those systems work. This brings me back to high school, when, during biology class, my teacher was trying to hold the attention of a bunch of young students, while explaining how the human body and its immune system work: We all know we have one, we all, more or less, know the parts that constitute it, but many of us aren’t fully aware of its functioning. Can you find some similarities if we compare it to technology and safety online? Technological apparatuses, although cultural objects, go far beyond our understanding of their functioning. I see some similarities with the recent events concerning the pandemic, caused by an unknown enemy.
As I watch cases of Covid-19 increase in my region, I’m constantly thinking about how easily we spread computer viruses or malware, sometimes without even noticing it. We have all received at least one email from a random contact with a dodgy link or attachment. That reminds me of asymptomatic people spreading Covid-19 without any awareness or chance of avoiding it. Have you ever worked on these issues?
I recently read an article about the increase of cyber attacks due to Covid-19. As more and more people are experiencing quarantine, online activity becomes a primary source of information and entertainment, as well as a tool to pursue social and professional interactions. This massive online presence triggers a series of criminal activities against a huge amount of potential victims. IT security has a lot to do with human behavior, a topic which is discussed in psychology. Back in 2018, talking about psychology and IT security at the festival Transmediale, Stefan Schumacher, president of the Magdeburg Institute for Security Research and editor of the Magdeburg Journal for Security Research, addressed some questions related to hand washing and disinfection: Everyone knows how to wash their hands, but many don’t know how to do it properly. That’s an interesting fact, as recently we’ve been bombarded by tutorials on “How to wash your hands,” promoted by governments, celebrities, and influencers in an attempt to educate the population to avoid the spread of Covid-19. There is, indeed, a similarity between hand washing and IT security, as both actions imply a certain level of self-awareness and perception of personal expertise, which inevitably leads to decision-making. And decision-making is affected by experiences and individual behaviors. Therefore, psychology plays a major role in the study of these phenomena. Let’s take as an example the use of passwords. Users don’t perceive a direct threat when they are requested to set up their passwords. The majority of them use weak passwords, often because they don’t consider IT security relevant. This has a lot to do with individual perception and acceptance of risk. When something (or someone) appears to be abstract, or—as in the case of computer malware or a biological virus—difficult to be comprehended, risk is not perceived, therefore, security measures for prevention will be weak. The complexity of cybernetic systems leads to various collateral and/or unintended effects on socio- and political-technological levels. However, these modulations, and thereby the relation between the modulator and modulated, are rarely fully transparent. This leads to action and reaction patterns with delayed or obscured cause-and-effect mechanisms, often resulting in a black box for lay users. This logic, as such, reflects the internet, but as we have seen, also both the computing of security and the securing of computing. Actions and non-actions, of users, super-users, bots, and robots, in connection with the networked world, require a regime of policing and securitization. Starting from these assumptions and the basic question, “what does malware look like?” I worked on The Reservoir, an installation used as a trigger to experience the non-linear cause-and-effect relationship that occurs while browsing the internet. By interacting with a sensor field in the sound installation, the audience disturbs and modulates an audio track, while a real-time infection of a Macintosh-running virtual machine connected to the internet triggers a visual simulation of human online activities and malware responses. Photography, sound, video, and interactions work together to underline and evoke the construction of a certain kind of awareness concerning safety in cyberspace.
In information security, it is widely accepted that the weakest knot in a system is usually human behavior. For instance, you can use the best state-of-the-art encryption technology and still jeopardize your security by doing something banal outside of the internet. Also, most hacking is more social engineering than technological expertise. I re-thought about it the other day when I saw a tweet from a white-hat hacker warning that in a lot of pictures on social media showing smart-working it was possible to spot passwords handwritten on post-its, etc. It is always fascinating to see how much humans tend to think about technology as if it was in isolation from other human, physical, or even biological factors. But tell me more about the project, what did you find out?
It is worth mentioning that as of yet there is no official research devoted to the visualization of cyberspace as a whole, though the researcher and academic, Myriam Dunn Cavelty, has attempted to specifically trace the visualization of cyber threats in visual culture through the analysis of movies and TV series. Ultimately, visual culture remains the only site that influences how digital is read and made readable. Within it we can observe a rapidly growing interest in the understanding and representation of the digital world we live in. A long list of blockbuster movies, for instance, deals with the representation of the intangible, which each time is presented and represented in a more or less physical, more or less ephemeral, futuristic, or post apocalyptic way. This is especially true in the realm of science fiction. Hyperreality plays a role here. The perception of the digital is often channeled into a series of factors that make its specificity explicit. However, the real is increasingly imbued with digital elements, therefore it becomes increasingly difficult to make a clear distinction. Hito Steyerl argues that the “internet is dead” because it crossed borders and became too real. The world we live in is shaped by the internet and the internet shapes the world we live in. It is actually a good exercise, to stop for a moment and notice how every single aspect of our life is regulated by images, screens, 3D models, videos, devices. Indeed, this is nothing new and many words have been shared about and around this topic. But Steyerl takes it to another level, she says: “Data, sounds, and images are now routinely transitioning beyond screens into a different state of matter. They surpass the boundaries of data channels and manifest materially. They incarnate as riots or products, as lens flares, high-rises, or pixelated tanks. Images become unplugged and unhinged and start crowding off-screen space. They invade cities, transforming spaces into sites, and reality into realty.” How can we blame her? The subtle line that separates what is digital from what is physical triggers a whole series of behaviors and reactions, which inevitably lead to situations such as the one you mentioned in your passwords example. However, as I was mentioning earlier, I witnessed a big gap between reality and representation. Our understanding of the digital is mostly based on patterns coming from a speculative process. Digital as such is highly abstract, therefore, it becomes difficult to visualize its functioning. When I had the occasion to collaborate with the The Reporting and Analysis Centre for Information Assurance (MELANI), I immediately realized how much this problem was also present in the work of those who produce and ensure IT security. In this sense, metaphors and allegorical representations of subjects are used, which often are far from providing exhaustive resources that grant access to wider audiences. I started, then, to wonder how to get rid of the limitations brought by the use of such a representative media as photography is, embracing different points of view, allowing it to play on an experiential level, but still underlining a visual narrative. Indeed, there are several examples in this sense, especially if we look back at internet art in the ‘90s and early ‘00s, as a precursor to internet aesthetics such as ASCII art—which is still used in some cases to design the visual look of software such as malware. In my installation, therefore, I put together those elements, creating a narrative which underlines both the functioning and the aesthetic of malware– a quite visual ransomware called Petya to be specific—relying on the viewer’s individual experience to design a speculative process filling the gap between understanding and representation.
The malware that has mostly attracted my attention has been Mirai, which made the news in 2016. I’ve been fascinated with it ever since. The name means “future” in Japanese and the software itself has been at the core of one of the most widespread cyber attacks of recent times. Hackers used it to infect an army of products: cameras, printers, coffee machines, and other items that are connected to the internet for no serious reasons. The malware created an enormous botnet of “zombie” devices which were used to launch various Denial-of-service attacks against websites and web infrastructure, such as the DNS service provider, Dyn. Human users had no idea about what was going on with their devices but they were unconsciously helping to almost shut down the internet. I can’t really think of anything more similar to the Covid-19 pandemic.
Internet of things… the not-so-new-frontier for hackers. You made a point here, as the expansion of internet services is also a point to consider during the Covid-19 crisis. Suddenly, we are aware of the fact that the network isn’t unlimited and, as with any kind of infrastructure, it relies on limited resources. As previously said, we can definitely trace a correlation among the spread of a biological virus and the increase of cyber attacks. A major part of the world population is massively using internet services, the infrastructure is under pressure, and user behaviors shift to patterns that facilitate the spread of digital viruses. Since its very beginning and despite its borderless promises, internet logic mostly referred to groups and closed dynamics. Therefore, in the context we’re discussing here, the concept of community plays a role. Community building is, indeed, one of the main goals for any online service, both for a marketing and communication strategy. This became even more visible with the rise of Web 2.0 and the new dynamics introduced with the development of participatory content fostering bottom down engagement strategies, and consequently, community empowerment. Recently, I read about an interesting study—by Laurent Hébert-Dufresne, Samuel V. Scarpino, and Jean-Gabriel Young, published in Nature Physics—aiming at demonstrating how complex contagions (such as political ideas, fake news, and new technologies) are spread via a process of social reinforcement while, on the contrary, biological contagions are thought to be spread as simple contagions (where the infection is not directly related to the social context in which it happens). They also mention another study on the spread of memes within and across communities, demonstrating how “the spread within highly clustered communities is enhanced, while diffusion across communities is hampered.” Hence, contagions benefit from network clustering. This was also said by a Google IT security expert who I met while working on my project. Talking about user behaviors and policies to avoid the spread of digital attacks, they underlined how the company is mainly working on bottom down strategies devoted to educating users to recognize threats and foster individual awareness within their communities.
My university inbox was recently targeted by a phishing attack coming from a compromised account related to an organization that I’ve been in touch with. The text tried to persuade me to download an “important” text file. The file was called “safety measures in regards to Covid-19.”
Closing the circle! I bet you downloaded it. Jokes aside, I am still fascinated by how phishing techniques somehow maintain this old-fashioned nature. Between.txt files, stock photos of self-styled white collars impersonating CEOs of big and famous companies and institutions, improbable wins, and requests for information, the question remains the same: “Who’s going to trust it?”According to KnowBe4, one of the world’s largest security awareness training and simulated phishing platforms, 91% of cyberattacks begin with phishing emails. However, in some cases, it is possible to assist in successful cyber security awareness campaigns and, suddenly, many users seem to understand some of the dynamics of popular attacks and start to protect themselves. It is very common, for instance, to see laptops with webcams covered—sometimes in a creative way—by any kind of sticker, post-it, colorful tape, and so on. This makes me think that, perhaps, when the risk threatens the personal sphere in a more or less visual way, users are more inclined to adopt defense strategies. Of course, there are many kinds of cyber threats as, to stick to the parallelism we are discussing, there are many different infectious agents. But, among the most effective ones we can definitely mention the Zero-Day, a bug in a system unknown to developers that is targeted for system attacks. It is called Zero-Day because, after the vulnerability is discovered, the developer has zero days to fix it. In a way—and to play with analogies—it makes me think about the concept of patient zero: The sooner you find them, the faster you can find out how an epidemic was spread and develop measures to contain it.