Last week, I told you I'd bet $5 on the championship hopes of the NFL team of your choosing.
You weirdos picked the Cleveland Browns. Welcome to Codebook, the patron newsletter of lost causes.
We got 15-to-1 odds! Go Browns!
Today's Smart Brevity: 1,453 words, 5 minute read
Illustration: Aïda Amer/Axios
Despite the sharp alarms being sounded over deepfakes — uncannily realistic AI-generated videos showing real people doing and saying fictional things —security experts believe that the videos ultimately don't offer propagandists much advantage compared to the simpler forms of disinformation they are likely to use.
Why it matters: It’s easy to see how a viral video that appears to show, say, the U.S. president declaring war would cause panic — until, of course, the video was debunked. But deepfakes are not an efficient form of a long-term disinformation campaign.
Deepfakes are detectable. Deepfakes are only undetectable to humans, not computers. In fact, a leading online reputation security firm, ZeroFOX, announced last week it would begin offering a proactive deepfake detection service.
But, but, but: If we have learned anything from the manipulated Nancy Pelosi video and years of work from conservative provocateur James O’Keefe, it's this: A lot of people will go on believing manipulative content rather than demonstrable truth if the manipulation brings them comfort. It doesn’t take high-tech lying to do that.
The intrigue: As Camille François, chief innovation officer at Graphika, a firm used by the Senate Intelligence Committee to analyze Russian disinformation on social media, told Codebook, “When I consider the problem, I don’t worry about deepfakes first.”
When disinformation groups do use fake media in their campaigns, it usually takes the form of fake images presented in a misleading context — so-called "shallow fakes." François uses the example of denying the reality of a chemical weapons attack by tweeting a photo of the same area that predates the attack.
The bottom line: Deepfakes take advantage of human vulnerabilities that can be exploited much more efficiently by other means.
The nonprofit Global Cyber Alliance released AIDE, a clever threat analysis tool, to assist in the study of cyber threats to internet-connected devices.
The big picture: Security researchers often use decoy systems known as "honeypots" to learn how hackers would try to break into authentic systems. The GCA project allows internet-connected device honeypots to be operated at scale (known as a "honeyfarm") without investing in a ton of devices.
How it works: The GCA ProxyPot allows a single device, anything from a toaster to the systems running nuclear power plants, to be connected to the internet dozens of times, with each connection appearing on the internet to be a unique, hackable target.
Attivo Networks, a security firm, is already working with GCA to build a farm of industrial monitoring computers known as SCADA systems.
"Hacker summer camp," as the 2 consecutive Las Vegas conferences are known, continued after the release of last week's Codebook. Here are some last gasps of knowledge from this year's experience.
Win an internship by beating the Air Force: Heck, win 2 internships by beating the Air Force. Firmware security company Red Balloon and the Air Force teamed up to offer an elaborate simulation with a grand prize of a 6-month internship at the Air Force's research labs and Red Balloon.
Hardware drivers aren't great: Eclypsium reported discovering security problems in more than 40 hardware drivers certified by Microsoft Windows.
The hip industrial threat is oil and gas: Sergio Caltagirone, vice president of threat intelligence at Dragos, told Codebook there was a sea change happening in the world of industrial threats.
A massive study of firmware security shows there hasn't been much improvement in firmware security in the last 15 years. Firmware is the low-level software that's embedded inside hardware. Read Security Ledger's writeup here.
Elevator phreaking: In a DEF CON talk, Wired went deep into "elevator phreaking," ways to illicitly call the emergency phones in elevators.
Spending a week in Las Vegas is a lot of Las Vegas: This is true every year. It's the most blinky city in the United States.
Brazilian firm IDEIA Big Data — the subject of a recent story in Quartz — reminds people of Cambridge Analytica, based on slides from the presentation used to pitch new clients. The deck seems to claim IDEIA worked with the Democratic National Committee, which does not appear to have been the case.
Details: In one of the slides listing clients, the DNC’s logo appears. While the DNC didn’t comment in the Quartz story, it denied working with IDEIA to Axios — and a search of OpenSecrets shows no U.S. political expenditures by any party or candidate at IDEIA.
The parallels between IDEIA and Cambridge Analytica aren't exact, at least according to what the Quartz story could confirm.
Codebook will return next week. Browns season kicks off 9/8 against the Titans.