Our President, @jfersec, had the privilege of Keynote during BSides PR 2019.

During our presentation, we discussed some hard truth’s around:

  • the way DeepFakes and “WeakFakes” are utilized
  • how we are good imitators and bad innovators in Puerto Rico
  • past efforts associated with Accelerated Disclosures for public and private companies in Puerto Rico
  • flaws associated with contract negotiations with the government of Puerto Rico
  • “That time we offered Secure Comms to the Rossello administration
  • The fallout associated with the lack of Secure Comms
  • How we provided initial Incident Response efforts to Hacienda during the 2017 Breach.

Slides from Keynote Talk

Perception is crucial for any organization. In our case, we identified how DeepFakes could be leveraged to simply generate controversy. After showing a video, @jfersec asked participants:

“Who was not offended?”

So Señor Trump hacked our server during the talk and had some choice words; here was the best

The problem with DeepFakes is not the quality, nor production value; it’s how people perceive and react to the contents. Think about every shaky camera recording of a politician stating controversial beliefs or ideas. Think about the staggering amount of disinformation available during an era of “Alternative Facts”. We have broken new ground on the limits of acceptable viewpoints across all demographics and populations. Our era is now sullied by the apex of technological advancements where anyone can produce DeepFakes or WeakFakes simply to misrepresent viewpoints and test the limits of free speech protections.

Two days after our presentation, a WeakFake including Mr. Trump’s likeness appeared as part of a campaign fundraiser where the likeness of members of the media and politicians become victims of an onslaught.

This is not a new problem

Misinformation and perception have always been key elements of any political campaign. We struggle determining which is worse: the fact it is real in the sense you can see and hear it or the fact that the subject used in the fakes would probably commit atrocities or perpetuate hatred at a similar level?

Legislation is a good start

California has proposed a bill to limit the use of visual and audio likeness of public figures. The issue with public figures is that there is generally more content available to train an ML system to produce such fakes; why can’t we enact similar legislation to cover all individuals? Simply because technology is present does not mean we cannot do anything about it. Think of private people, like yourself, where the absence of visual and audio content related to your likeness may not be as readily available, but it is still possible to gather based on what you share, communicate or even present during pod-casts, video conferencing, etc. This trend will get worse and will continue to escalate until we see more deaths related to cyber-bullying in conjunction with Deep and Weak Fakes. How does this affect memes for example, would this legislation be enforced at that level?

We have to do better

Free speech was never intended to protect violent and derogatory material. The US constitution was drafted, they could never have imagined the issues we are now facing in the digital age. However, we simply have to use our better judgment and simply ignore materials designed to be controversial in nature; this is difficult for most people.

“We often struggle whether we do more harm than good communicating CyberSecurity issues publicly”

No one likes to hear; your company/organization has security problems. No one.

During our presentation, we asked the individuals present to reflect on the Disclosure we did in 2018 related to Aeronet Wireless. This issue may have been present for over 11 years; we do not know. 25 participants voted with a 92% approval rating of the public disclosure. To our credit, albeit not-publicly acknowledged by Aeronet Wireless, the issue appears to be fixed due to this publication; you’re welcome…

We can’t make things better if you do not accept your reality”

We live in a complicated digital era. We have technology that “helps us communicate, but it does not help us connect with one another”. Because of this, intentions and purpose become difficult to manage as we are perceived by ever-diminishing attention spans that affect how we try to connect with other individuals.

BSides are community-driven events that foster the pursuit of truths”

We are always impressed by the difficulty associated with running any public event. BSides PR is an excellent example of a community-driven venue, spirited by hacker beliefs to improve problems around us. That being said, the lack of awareness of issues affects all of us collectively. We see the young IT students that can’t find employment, we see how amazing individuals receive little compensation despite incredible talent and potential; this depresses the local talent pool and hurts all of us. We are surprised that despite this event has existed for over 6 years, the local IT/Cyber companies do not show up and grow the local talent pool.

We live in an age of selfish-selflessness.

You have to serve the women, men, and children around you and expect nothing in return. We have to better those around us and it starts with you. We must all continue to grow, extend and accelerate our knowledge personally and collectively. We all must start incorporating the belief that we will serve others. That being said,

  • to the disenfranchised, we see you
  • to the serial failure, we understand
  • to those that feel that all of this is too much, you are not alone

“We need to solve the problems around us and it starts with you”

No one else can accomplish what you can. “It takes more than one idea, more than one person to fight the fight” but we need to encourage personal growth among our peers to improve our society. No one grew up a knowledgeable savant in anything, it takes time and practice. We need to foster our talent pool and provide the resources that they need to do so. Mentorship and council are desired, but we are all poor on the same resource; time.

“No one has time for anything”

We all have responsibilities, we all have stress, we all have limited time to accomplish X. If we don’t make time, we fail those around us. What impresses us most of the BSides communities is the number of volunteers that contribute to making the events possible. If we do not encourage growth, if we do not share with peers, if we horde information of public value; how are we actually making things better? We are not.

The BSides events are essential for growth, expansion and acceleration of talent

We had some interesting moments during the event. We had our first KLEARED4 subscriber (at an early adopter rate), networked and participated in some interesting off-net discussions. Near the end, our President, @jfersec, donated a BSides PR black-badge to a student in the crowd. “A student would benefit more from this, hopefully, this encourages professional growth”. All and all, we can’t wait for next year.