Cyber Security Story Time - Don’t Be Cadence

By Unlimited Technology | Aug 08, 2019

Don’t Be Cadence

 

Cadence was too shocked to think clearly. She couldn’t answer any of the investigator’s questions. All she knew was that she wasn’t guilty of fraud. She wasn’t even terribly internet savvy, so how could she have orchestrated elaborate schemes to dupe people into donating to fake campaigns for charities and political candidates? When Cadence asked the investigator for evidence, he showed her several fake sites, all with images of her in them, all asking for donations. Although the settings were different, she recognized the images of her. They were images of her during her wedding week, 2 years ago. Then another realization came into focus: these were some of the dozens of images from her wedding that she had uploaded to MugSnap and posted to her social media accounts. She replayed in her mind how fun it was to transform her friends, family and new husband using the app, seeing how they would all look as they grew older together. She thought it was both hilarious and sweet. She did not realize, however, that she had signed over all rights to the original photos when downloading the app and she was just now consciously realizing that her face was in all the photos uploaded. Now her face was seamlessly stitched into different settings she never visited – an image of her with her arm around Jim at the rehearsal dinner now showed her with an arm around a political candidate on a fake political donations page. Another image of her giving instructions to the flower girl now showed her chatting with children on a fake homeless shelter donations page.

She had, ironically, locked down her social media account from public view so she had to ask the investigator for her phone long enough to pull up her account and show him the original photos. When she was able to match all the images of her in fake settings to the images of her at her wedding, the investigator sighed. “You know, I’ve never seen this before. I guess it was just a matter of time though. The images are quite convincing. And we can’t prosecute the perpetrators because the MugSnap app was not developed in the United States.”

Cadence was relieved to be off the hook but angry that this had happened and frustrated that prosecution seemed unlikely.

Lessons: Be careful with your biometrics. You only have 10 fingers, two retinas and one face. Don’t unnecessarily share irreplaceable data. This scenario and the company are fictional, but several apps exist that ask you to share images and one popular app, FaceApp which is used by many to manipulate facial images using AI states the following in their image use policy: “You grant [us] a perpetual, irrevocable, nonexclusive royalty-free, worldwide, fully-paid, transferable sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you….”

Don’t be Cadence. Don’t allow apps access to confidential data for a few minutes of entertainment.

Unlimited Technology cares about everyone’s cyber safety. We hope these stories are thought provoking as well as entertaining.

 

Amy Williams, PhD, CISSP is VP of Cyber for PSB and Exec. Mgr. of Unlimited Technology Associates in Rockland and Augusta. She served as the Dir. of Cyber for the NYC Crime Commission.

Comments (0)
If you wish to comment, please login.