Similar Posts
By

SINGAPORE – A group of Singapore Sports School students were caught and punished in November for creating and circulating deepfake nude images of their female schoolmates.

Their actions have ignited discussions about how the young – especially young girls – can best protect themselves from such online harms, and how they can respond if they are victimised by deepfakes.

This is, of course, a global issue.

In South Korea, for instance, a Telegram channel with more than 220,000 members was reportedly used to create and share AI-generated pornographic images.

In its 2023 Survey on Online Harms in Singapore, non-profit group SG Her Empowerment (SHE) reported that 9 per cent of the 1056 Singaporean residents older than 15 surveyed experienced image-based sexual abuse, including via altered images or videos.

Yet, SHE’s Safeguarding Online Spaces survey, also conducted in 2023, found that four in 10 young people reported low awareness of self-help tools for online harms, while five in 10 reported low awareness of legal recourse options.

If you are unsure where to go and what to do if you have been targeted by deepfakes, here are some answers by experts to pressing questions you might have.

Q: What’s the first thing to do if I become the target of deepfake nudes?

A: The most important first step is to document evidence, said experts interviewed.

Taking screenshots of posts or videos, recording links or URLs, and saving messages and timestamps all go a long way when reporting the incident to authorities or social media platforms.

Singapore University of Technology and Design Professor Roy Lee, who specialises in artificial intelligence, emphasised that while the knee-jerk reaction may be to report the image or video as soon as possible to have it removed, recording as much evidence as possible serves crucial purposes.

He said: “Harmful content can be deleted, altered or moved by the perpetrator, making it difficult to prove that the incident occurred. Screenshots act as a timestamped record, ensuring that the evidence is not lost.

“Platforms and authorities (also) often require concrete evidence when investigating cases of online harm. Having screenshots can strengthen the case and increase the likelihood of action being taken against the offender.”

But even if you don’t take a screenshot, all is not lost.

Centre head for SheCares@SCWO Support Centre Lorraine Lim said that “law enforcement will do their best to investigate using the information available” and “police may collaborate with platforms to retrieve relevant data if possible”.

A: Experts say you should report harmful content to the social media platform that is hosting it. Many platforms have policies against such content, and each has its own mechanisms for reporting.

Director of advocacy and research at the Association of Women for Action and Research (Aware) Sugidha Nithiananthan said: “Familiarising yourself with online platforms’ policies for reporting and removing harmful content beforehand can save precious time if you need to act quickly.”

For instance, Facebook and Instagram include a ‘Report’ link on nearly every post for users to report content that violates policy. WhatsApp only allows users to report other users and groups, but not individual messages. Conversely, Telegram users can only flag individual messages and images.

You should also make a police report if you have been targeted by deepfake nudes or have been the victim of online harms. A police spokesperson told The Straits Times that these harms may fall under a variety of offences including the Protection from Harassment Act (Poha) and sexual-and-voyeurism-related offences.

If there is no urgency, you are advised to visit the nearest police station or file a police report online if the matter does not require immediate police attention.

While in-person reporting at the police station allows officers to ask questions that provide helpful and relevant context, some victims may be too distressed to share their experience verbally, and typing an online report might be more comfortable for them.

Investigation officers will follow up on submitted reports to gather additional details when necessary.

Q: What are my next steps if I want to pursue legal action against the perpetrators?

A: There are laws within the Penal Code, Films Act and Poha that exist to protect victims of deepfake nudes and other forms of image-based sexual abuse.

Experts said that those who want to pursue immediate legal action should file a protection order under Poha – a court order that protects victims of harassment by prohibiting perpetrators from continuing harassment behaviour.

Director of Guardian Law Liane Yong explained that Poha protects victims by criminalising behaviour or communication that both intentionally and unintentionally “causes harassment, alarm or distress”.

To file a court order, one must be at least 21 years old; applications for all victims below 21 must be done through an older representative.

Before filing a court order, those targeted should complete a pre-filing assessment on the Community Justice and Tribunals System (CJTS) e-platform to determine the complexity of their cases. This will determine the e-platform (CTJS for simplified cases or eLitigation for more complex cases) that victims submit their applications to.

Victims must then submit applications to the respective e-platforms. Applications generally include details about the harassment, relevant evidence and information about the types of remedies sought. Application fees range from $30 to upwards of $100 based on the platform and type of claim.

A: You can reach out to trusted adults – parents and teachers – for support. Many non-profit organisations also provide emotional, legal and technical support for victims of such online harm.

The SheCares@SCWO support centre is Singapore’s first support centre for online harms. It provides free legal advice through clinics with volunteer lawyers, free counselling support and even accompanies victims down to the police station to file police reports if need be.

Similarly, the Aware Sexual Assault Care Centre provides support for victims, including a free legal clinic, assistance with gathering evidence, filing police reports or Magistrate’s complaints, and applying for Poha court orders.

Q: How do I avoid becoming a victim of deepfake nudes and other online harms?

A: “With advanced technology such as AI tools becoming widely available and easier to use, anyone with an online presence is vulnerable, so it’s important to exercise caution when navigating the online world,” said Ms Lim.

She advised limiting who can see posts through privacy settings and avoiding sharing highly personal information such as full names or addresses. She also warned young people to be wary of unfamiliar follower requests and suspicious behaviour on social media.

Ms Lim said: “Be aware of overly-friendly accounts, or accounts that are quick to offer gifts or offers that are too good to be true.”

“Love-bombing tactics – providing excessive attention, making grand gestures or offering exorbitant gifts, pushing for commitment or exhibiting controlling behaviour – are a sign that something is wrong.”

But while these steps may help reduce your chances of becoming a victim, it always remains a possibility.

Ms Nithiananthan said: “There is very little a person can do to entirely protect themselves from violence and harm, both online and offline.

“When we place too much emphasis on the victim protecting herself, we imply that it is her duty to avoid this abuse. It is this type of thinking that downplays the accountability of perpetrators and wrongly shifts focus to the victim’s actions.”

Experts agreed that over-focusing on what an individual can do to protect themselves may make victims believe that what they experienced was their fault, and stand in the way of them making official reports.

Prof Lee said one of the best ways to reduce deepfakes and online harms is the act of reporting harmful content itself.

“Reporting… contributes to preventing harm to the next potential victim.

“I encourage victims to take action – for themselves and for the community. Together, we can improve online safety if each of us stands up against malicious content.”
By

WASHINGTON – Russian hackers are going after US government officials, defence workers and others in a new email phishing campaign targeting thousands of people, according to Microsoft Corp.

The hackers have sent “a series of highly targeted spearphishing emails” to thousands of people in more than 100 organisations since Oct 22, according to a blog post from Microsoft Threat Intelligence published on Oct 29. 

The latest campaign will add to mounting concerns over US failures to outwit suspected Russian and Chinese hackers.

The FBI said on Oct 25 it is investigating unauthorised access by Chinese state-affiliated hackers targeting the commercial telecommunications sector.

In some of the emails that were part of the latest campaign, the senders impersonated Microsoft employees, according to the blog.

Spearphishing involves sending tailored emails to individuals, including links to malicious websites that can then steal information.

It wasn’t immediately clear how many of the attacks, if any, were successful.

Microsoft has said the attacks are perpetrated by a sophisticated Russian nation-state group it calls Midnight Blizzard, which US and UK governments have connected to the SVR, the Russian foreign intelligence service. 

The company said in January that the group attacked its corporate systems, getting into a “small number” of email accounts, including senior leadership and employees who work in cybersecurity and legal.

In April, US federal agencies were ordered to analyse emails, reset compromised credentials and work to secure Microsoft accounts.

At the time, the Cybersecurity and Infrastructure Security Agency (Cisa) said the incident represented a “grave and unacceptable risk” to agencies, according to the April directive. 

Cisa and US State Department didn’t immediately respond to requests for comment.

The Russian Embassy in Washington didn’t immediately respond to a request for comment. BLOOMBERG
By

DUBLIN – Ireland’s data protection commission has fined LinkedIn €310 million (S$442 million) for illegally processing the personal data of users within the European Union to deliver targeted advertising.

The decision also includes an order for Microsoft Corp-owned LinkedIn to bring its data processing into compliance with the EU’s General Data Protection Regulation (GDPR), according to a statement by the Irish Data Protection Commission (IDPC) on Oct 24. 

Deputy Commissioner Graham Doyle said in a statement that LinkedIn’s processing of personal data without an appropriate legal basis was a “clear and serious violation of data subjects’ fundamental right to data protection”.

It is the sixth-largest fine to be issued under GDPR since it was introduced in 2018.

The Irish regulator has issued hefty fines to several social media companies for GDPR violations in recent years.

Facebook and Instagram parent Meta Platforms Inc has faced the brunt of the penalties, including a record €1.2 billion charge in May 2023 for transferring EU users’ data to the US. The commission fined ByteDance Ltd’s TikTok €345 million in September 2023 over its handling of children’s data.

It is part of a broader crackdown on Big Tech companies by the EU over a range of issues including data privacy, competition and disinformation.

LinkedIn said the case relates to claims from 2018 about some of its digital advertising efforts in the EU. 

“While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline,” a spokesperson said in a statement.

Ireland’s data protection commission launched an inquiry into LinkedIn’s data processing practices following a complaint made to the French data regulator. LinkedIn, like many other big tech companies, has its European headquarters in Ireland, which means that local regulators are tasked with enforcing EU rules. BLOOMBERG
By

PETALING JAYA – The National Cyber Security Agency (Nacsa) says it is currently investigating reports alleging that the MyKad, or Malaysian identity card, data of 17 million Malaysians has been leaked and is being sold on the dark web.

“We understand this is a concerning issue for the public and want to assure you that we are taking it very seriously,” said a spokesperson in a statement issued Dec 4 to LifestyleTech.

“Our experts are investigating the situation thoroughly to verify the authenticity of these claims and assess the extent of any potential compromise.

“Nacsa is committed to safeguarding personal data and will take necessary action based on our findings.”

Dark web threat intelligence firm StealthMole first highlighted the issue on Dec 3 on X, stating that threat actors claim to be in possession of MyKad data belonging to 17 million Malaysians and are offering it up for sale on the dark web.

“As proof, they have publicly shared samples of Malaysian ID cards on the dark web,” the company wrote in the post.

“This massive data breach raises concerns as it could lead to serious crimes like identity theft and financial fraud.”

Nacsa said it will provide updates as more information becomes available while also urging the public to “avoid spreading unconfirmed reports and only refer to verified information from the authorities”.

It further advises monitoring bank accounts and credit reports for suspicious activity, remaining cautious of unsolicited communications, refraining from clicking on links or opening attachments from unknown senders, using strong passwords, keeping software up to date, and practising good cyber hygiene. THE STAR/ASIA NEWS NETWORK
By

WASHINGTON – Chinese state-affiliated hackers intercepted audio from the phone calls of US political figures including an unnamed campaign adviser of Republican presidential candidate Donald Trump, the Washington Post reported on Oct 27.

The FBI and the US Cybersecurity and Infrastructure Security Agency said on Oct 25 they were investigating unauthorised access to commercial telecommunications infrastructure by people associated with China.

Trump’s campaign and the FBI did not immediately respond to a request for comment.

The Post also reported the hackers were able to access unencrypted communications like text messages, of the individual.

Reuters reported on Oct 25 that Chinese hackers also targeted phones used by people affiliated with the campaign of Democratic presidential candidate Kamala Harris.

Trump and his running mate, J.D. Vance, were targeted, various media outlets reported last week.

The Trump campaign was made aware last week that Trump and Mr Vance were among a number of people inside and outside of government whose phone numbers were targeted through the infiltration of Verizon phone systems, the New York Times reported on Oct 25.

The Trump campaign was hacked earlier in 2024. The US Justice Department charged three members of Iran’s Revolutionary Guard Corps with the hack, accusing them of trying to disrupt the Nov 5 election.

Verizon said on Oct 25 it was aware of a sophisticated attempt to target US telecoms and gather intelligence and is working with law enforcement.

Congress is also investigating and earlier this month U.S. lawmakers asked AT&T, Verizon and Lumen Technologies to answer questions about reports Chinese hackers accessed the networks of U.S. broadband providers.

The Chinese embassy in Washington said last week it was unaware of the specific situation but said China opposes and combats cyber attacks and cyber thefts in all forms. REUTERS

By

The World Health Organisation (WHO) and some 50 countries issued a warning on Nov 8 at the United Nations about the rise of ransomware attacks against hospitals, with the United States specifically blaming Russia.

Ransomware is a type of digital blackmail in which hackers encrypt the data of victims – individuals, companies or institutions – and demand money as a “ransom” in order to restore it.

Such attacks on hospitals “can be issues of life and death,” according to WHO head Tedros Adhanom Ghebreyesus, who addressed the UN Security Council during a meeting on Nov 8 called by the United States.

“Surveys have shown that attacks on the healthcare sector have increased in both scale and frequency,” Dr Ghebreyesus said, emphasising the importance of international cooperation to combat them.

“Cybercrime, including ransomware, poses a serious threat to international security,” he added, calling on the Security Council to consider it as such.

A joint statement co-signed by over 50 countries – including South Korea, Ukraine, Japan, Argentina, France, Germany and the United Kingdom – offered a similar warning.

“These attacks pose direct threats to public safety and endanger human lives by delaying critical healthcare services, cause significant economic harm, and can pose a threat to international peace and security,” read the statement, shared by US Deputy National Security Advisor Anne Neuberger.

The statement also condemned nations which “knowingly” allow those responsible for ransomware attacks to operate from.

At the meeting, Ms Neuberger directly called out Moscow, saying: “Some states – most notably Russia – continue to allow ransomware actors to operate from their territory with impunity.”

France and South Korea also pointed the finger at North Korea.

Russia defended itself by claiming the Security Council was not the appropriate forum to address cybercrime.

“We believe that today’s meeting can hardly be deemed a reasonable use of the Council’s time and resources,” said Russian ambassador Vassili Nebenzia.

“If our Western colleagues wish to discuss the security of healthcare facilities,” he continued, “they should agree in the Security Council upon specific steps to stop the horrific… attacks by Israel on hospitals in the Gaza Strip.” AFP

Leave a Reply

Your email address will not be published. Required fields are marked *