How Taylor Swift Saves the 2024 Elections from Cybercriminals
Beyond the conspiracy nonsense about Taylor Swift, the NFL, and the election, the AI-generated fake nude photos of the singer circulated on X underline an even bigger threat than pop stars being deepfaked. After all, 4 billion people in more than 50 nations — almost half the world’s population — are set to vote in national elections, with the outcomes likely to shape global politics for years or decades to come. What’s critical in facing these events is knowing from the outset that authoritarian nation-state actors from Russia to China will probably use Generative AI-enabled cyber threats to disrupt elections. What if Taylor Swift herself could be part of the solution?
According to a U.S. government report in December, Russia, China, and Iran have a clear interest in putting their finger on the scale using disinformation through any means including using AI to disrupt.
As the New York Times discussed in its December analysis, “With Republican opposition to Ukraine funding growing, it’s believed that Moscow is likely to try to interfere even more in 2024.” No doubt last week’s disclosure that the chief Republican witness for President Biden’s impeachment was a liar armed with disinformation from Russian intelligence presages the disinformation to come this year.
There are three key cyber threats particularly menacing private and public organizations in the current climate:
- Multifaceted Extortion: We are quickly moving past the days of mere data encryption and ransomware attacks which are still rampant.
Today’s threat actors employ a chilling toolkit of intimidation, targeting not just organizations but their executives and families.
Psychological warfare adds a new layer of complexity to the extortion equation, demanding a nuanced response that goes beyond traditional cybersecurity measures. All organizations must be stridently focused on this newer menace.
Vulnerable Edges: Endpoint detection and response (EDR) software solutions continuously monitor and analyze activity on endpoints (devices like laptops, desktops, servers, and mobile devices) to detect and respond to threats. While EDR solutions have become the cornerstone of cyber defense, blind spots remain. Nation-states and cyber gangs are exploiting zero-day vulnerabilities (holes in software and hardware that vendors do not know exist). Zero days are most often launched against “edge products” like routers and firewalls, systems often lacking EDR support. These invisible fortresses act as entry points for malicious actors, necessitating a broader security net that encompasses the entire IT infrastructure.
Geopolitical Tensions: China, Russia, Iran, and North Korea use hordes of hackers within their military and associated cyber gangs to upset the West’s political and economic stability with extortion, ransomware, phishing, and more.
The end goal of these cyber corps at a minimum is to discredit democracy to their own citizens who are deprived of the free flow of information and unable to know any better. It is well known that Russia played a role in trying to tip the 2016 election to Donald Trump, and cyber warfare has already been used in international conflicts from Gaza to Ukraine. Despite Israel’s significant military and technological advantage in the bloody Gaza conflict, pro-Palestinian hackers were recently able to breach the computer systems of the Israeli Air Force.
Cyber warfare’s reality is that existing access points, gained through past intrusions, are being weaponized for more disruptive attacks as geopolitical tensions escalate. China is believed to have gained knowledge of vulnerabilities in a large number of networks and is stealthily waiting for the right opportunity to unleash surprise attacks.
Professor Hany Farid at Cal Berkeley, arguably the foremost expert on digital forensics and deepfakes cites three factors that explain why manipulated images are evolving from good enough to exceptional quickly: 1) the underlying pace of improvement in GenAI tools 2) the ubiquity and access to these tools, and 3) the ability to distribute manufactured content widely and effortlessly via X, TikTok, Instagram, and Discord.
What is most ironic is that deepfakes are not illegal per se (only if non-consensual), and the tools for making them are widely available for free.
No doubt, the Disrupt Explicit Forged Images and Non-Consensual Edits Act, introduced by Democratic Sen. Dick Durbin two weeks ago in response to the Swift deepfakes would give victims of this digital abuse the right to sue for damages from anyone who “knowingly produced or possessed the digital forgery with intent to disclose it.” But what if you can’t find the offender as is the case in the vast majority?
The faked Biden robocall urging Democrats not to bother voting in the New Hampshire voting took place a couple of days before the January vote, giving the media plenty of time to uncover the call as not real. Imagine deepfaked videos of President Biden admitting he profited from his son Hunter’s business dealings dropped on election eve. The form and substance of deepfakes and manufactured emails can tip the 2024 races.
At the Munich Security Conference two weeks ago, twenty leading technology companies, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon, and Adobe vowed to help prevent deceptive uses of artificial intelligence from interfering with global elections. And while that is a noble effort at prevention, who can educate the public to know how to separate reality from deception when a cascade of these is successfully launched in the last days of campaigning?
The Taylor Swift episode calls to mind the need for a public education campaign akin to what we did with PSAs urging the public to stop littering, bullying, cigarette smoking, and forest fires. Yes, Smokey the Bear 80 years ago. If free and fair elections are at risk from Adversarial AI, we need a Cyber Smokey now to prevent the spread of disinformation fires. If Taylor Swift can get 35,000 people to register to vote with just one Instagram post as she did last September, why not partner with her (damn the conspiracy believers) to be the ambassador of democracy in 2024? After all, she urged voters on Super Tuesday today to cast their ballot regardless of which candidates they voted for.
Working with the Cybersecurity Infrastructure and Security Agency’s (CISA), hip and dynamic leader Jen Easterly, Swift could engage Swifties globally, championing a massive social media campaign to educate the free world to critically discern reality from cyber threats such as manufactured emails and audio and video deepfakes.
Together they can also encourage girls and women to enter the ranks of cybersecurity professionals. Given the massive underrepresentation of women in cybersecurity, Miss Swift and Ms. Easterly could be engaged to encourage a swath of Swifties to get the skills to go into high-income-earning security careers where female engagement is not simply a DEI gesture but a must-have, and incorporating Beyonce into this effort would create the ultimate super trio for cyber safety and women’s empowerment.
From managing cybersecurity academies at the industry leaders, I strongly believe we need all these hands on deck to have a chance against the persistently accelerating rate of cyber threats.
The role of bringing the other 50 percent of the population into cybersecurity can bolster Western defenses in a cat-and-mouse game against threat actors that will continue through the end of time. It will also drive massive cyber threat awareness globally in this critical election year and help save democracy.
Taylor Swift can score wins in both of these vital efforts. No doubt that would make her anything but an Anti-Hero.
