WEBVTT 1 00:00:00.160 --> 00:00:02.759 Have you ever really stopped to think about just how 2 00:00:03.000 --> 00:00:06.719 huge the Internet actually is, the part you use every day. 3 00:00:06.759 --> 00:00:09.400 It's well, it's way bigger and more layered than most 4 00:00:09.439 --> 00:00:12.160 of us. Picture what you typically see, you know, what 5 00:00:12.240 --> 00:00:15.119 Google shows you. That's really just the surface, a very 6 00:00:15.199 --> 00:00:17.440 tip of this massive digital iceberg. 7 00:00:17.640 --> 00:00:19.800 That's a great way to put it. And today, yeah, 8 00:00:19.839 --> 00:00:22.719 we're going beneath that surface, dive in deep Exactly. We're 9 00:00:22.719 --> 00:00:26.199 doing a deep dive into the Internet's hidden layers and 10 00:00:27.280 --> 00:00:32.920 the really complex, sometimes quite alarming world of cybercrime that 11 00:00:33.039 --> 00:00:34.200 thrives in those shadows. 12 00:00:34.320 --> 00:00:35.439 So what's the mission here? 13 00:00:36.359 --> 00:00:38.640 Our mission is basically to pull back the curtain. We 14 00:00:38.679 --> 00:00:41.399 want to look at digital criminal activity where it hides, 15 00:00:41.840 --> 00:00:46.039 the sophisticated tricks attackers use, and the global efforts trying 16 00:00:46.039 --> 00:00:48.320 to fight back. Okay, and we're drawing all this from 17 00:00:48.359 --> 00:00:51.439 a really comprehensive source we've been digging into called the 18 00:00:51.560 --> 00:00:55.479 Encyclopedia of Criminal Activities, and the Deep Web sounds thorough 19 00:00:55.600 --> 00:00:57.640 it is the main goal here is to give you 20 00:00:57.679 --> 00:01:00.399 the insights you need to stay well, not just aware, 21 00:01:00.439 --> 00:01:04.599 but genuinely secure in this digital world that's always always changing. 22 00:01:04.840 --> 00:01:07.959 Okay, So let's really get into that iceberg idea. You 23 00:01:08.000 --> 00:01:10.719 mentioned the tip. That's the surface web, right right. 24 00:01:10.760 --> 00:01:14.200 That's everything the standard search engines like Google can easily 25 00:01:14.239 --> 00:01:20.239 find an index your news, websites, online stores, social media feeds, 26 00:01:20.439 --> 00:01:23.519 every day stuff, the every day stuff. But here's the kicker, 27 00:01:23.599 --> 00:01:27.480 the part that's kind of mind bending. Our sources suggest 28 00:01:27.560 --> 00:01:31.040 this accessible bit the surface web, it holds less than 29 00:01:31.079 --> 00:01:33.439 twenty percent of all the information online. 30 00:01:33.480 --> 00:01:35.239 Wow, less than twenty percent. 31 00:01:35.480 --> 00:01:37.599 Yeah, it's really just the very very peak. 32 00:01:37.680 --> 00:01:38.680 So what lies beneath? 33 00:01:38.840 --> 00:01:41.359 Okay, so below that you get into the deep web. Now, 34 00:01:41.400 --> 00:01:43.280 this isn't automatically shady or anything. 35 00:01:43.480 --> 00:01:46.200 I think people hear deep web and immediately think bad things. 36 00:01:46.040 --> 00:01:48.959 Exactly, But it's mostly just content that needs, you know, 37 00:01:49.000 --> 00:01:51.920 a log in or a direct link. Stuff search engines 38 00:01:51.959 --> 00:01:55.959 don't index because it's private. Think about your email inbox, 39 00:01:56.079 --> 00:02:01.840 your online banking, cloud storage, your private accounts. Precisely, it's legitimate, 40 00:02:01.920 --> 00:02:05.879 necessary information, kept secure, just not open for any web 41 00:02:05.920 --> 00:02:06.680 crawler to find. 42 00:02:06.799 --> 00:02:08.879 Got it. And then deeper still. 43 00:02:08.840 --> 00:02:11.560 Then you reach the layer that yeah, sparks the most 44 00:02:11.560 --> 00:02:15.000 curiosity and frankly the most concern, the dark web. 45 00:02:15.080 --> 00:02:16.719 Okay, this is where it gets really hidden. 46 00:02:16.800 --> 00:02:18.919 This is where the digital shadows really get long. It's 47 00:02:18.919 --> 00:02:22.680 an encrypted network. You mostly access it using special software. 48 00:02:23.800 --> 00:02:26.319 The most famous one is probably Tour, the Onion router. 49 00:02:26.560 --> 00:02:28.680 The Onion router what onion. 50 00:02:28.400 --> 00:02:31.560 Because it wraps your Internet traffic in multiple layers of 51 00:02:31.639 --> 00:02:34.520 encryption like an onion. It bounces your connection through a 52 00:02:34.560 --> 00:02:36.639 whole series of volunteer relays around. 53 00:02:36.439 --> 00:02:38.719 The world, ah making it hard to trace. 54 00:02:38.680 --> 00:02:41.000 Incredibly difficult. It's like trying to follow a letter that's 55 00:02:41.039 --> 00:02:44.560 been rerouted through a thousand different post offices, each putting 56 00:02:44.560 --> 00:02:46.000 on a new anonymous label. 57 00:02:46.080 --> 00:02:49.120 Clever is Tour the only way in not the only one. 58 00:02:49.479 --> 00:02:53.680 There's another network called I two P, the Invisible Internet Project. 59 00:02:54.479 --> 00:02:58.439 It uses slightly different methods like unidirectional tunnels to add 60 00:02:58.479 --> 00:03:02.599 even more layers of anonymity, makes users almost like digital ghosts, 61 00:03:03.120 --> 00:03:04.199 very hard to track down. 62 00:03:05.479 --> 00:03:08.560 But these tools they're not just for criminals, are. 63 00:03:08.400 --> 00:03:11.599 They Absolutely not? And that's the crucial point, the kind 64 00:03:11.599 --> 00:03:15.840 of paradox here. These privacy networks have a dual use. 65 00:03:16.719 --> 00:03:22.039 They're vital tools for people living under oppressive regimes, activists, journalists, 66 00:03:22.159 --> 00:03:26.879 ordinary citizens, allowing them to communicate and access information without 67 00:03:26.919 --> 00:03:27.639 being watched. 68 00:03:27.919 --> 00:03:30.960 So essential for free speech in some places. 69 00:03:30.599 --> 00:03:36.039 Definitely, But that same powerful anonymity, that cloak of invisibility, well, 70 00:03:36.280 --> 00:03:39.319 it also makes these networks a perfect breeding ground for 71 00:03:39.439 --> 00:03:40.400 illegal activities. 72 00:03:40.479 --> 00:03:42.439 Okay, so what kind of illegal activities are we talking 73 00:03:42.479 --> 00:03:43.479 about finding down there? 74 00:03:43.639 --> 00:03:45.960 Well, the sources we looked at paint a pretty grim 75 00:03:46.000 --> 00:03:48.719 picture of a thriving black market. You could find all 76 00:03:48.759 --> 00:03:52.080 sorts of illicit goods and services. Drugs obviously, people might 77 00:03:52.120 --> 00:03:54.280 remember the Silk Road marketplace. 78 00:03:53.759 --> 00:03:55.520 Fiasca now that made big news. 79 00:03:55.280 --> 00:03:59.360 Big news, but also firearms, huge amounts of stolen confidential data, 80 00:03:59.360 --> 00:04:03.680 credit card numbers, bank logins, even complete identity packages with 81 00:04:03.719 --> 00:04:07.599 social security numbers. You can buy services that create fake receipts, 82 00:04:07.919 --> 00:04:10.639 you know, tailored to look real for almost any online purchase. 83 00:04:10.879 --> 00:04:12.879 Just unbelievable the scale. 84 00:04:12.479 --> 00:04:15.680 Of it it is. But maybe the most disturbing thing, 85 00:04:15.800 --> 00:04:19.000 and something we absolutely have to mention, is that our 86 00:04:19.040 --> 00:04:22.680 sources report the production and sharing of child pornography is 87 00:04:23.040 --> 00:04:27.240 well common on these protected networks. Oh that's awful. It's horrific. 88 00:04:27.600 --> 00:04:31.680 The very anonymity designed to protect the vulnerable is tragically 89 00:04:31.759 --> 00:04:34.959 twisted to facilitate some of the worst crimes. Imaginable. 90 00:04:35.120 --> 00:04:38.120 That really is sobering. Okay, so we understand a bit 91 00:04:38.160 --> 00:04:41.120 more about where this happens. Let's shift to the how 92 00:04:41.439 --> 00:04:44.360 how do we define cybercrime broadly and what are the 93 00:04:44.399 --> 00:04:46.279 common tactics these criminals use? 94 00:04:46.360 --> 00:04:49.680 Okay, So cybercrime in general, it's any kind of online 95 00:04:49.720 --> 00:04:54.839 threat targeting computer devices, networks, it systems. Usually, almost always, 96 00:04:54.920 --> 00:04:58.399 it involves some kind of malicious software, malware viruses used 97 00:04:58.399 --> 00:05:00.519 to getting where they shouldn't or to cause image and. 98 00:05:00.480 --> 00:05:02.360 It covers a lot of ground, a huge. 99 00:05:02.240 --> 00:05:06.480 Range, everything from stealing intellectual property like company secrets, to 100 00:05:07.079 --> 00:05:11.399 damaging or wiping out critical data, stealing personal info, financial fraud, 101 00:05:11.439 --> 00:05:15.279 identity theft, even causing serious harm to someone's reputation online. 102 00:05:15.720 --> 00:05:19.560 The key goals are usually penetrating controlled systems, and crucially 103 00:05:19.560 --> 00:05:21.600 for the criminal, staying untraceable. 104 00:05:21.759 --> 00:05:25.040 Makes sense? And what's driving them? Is it always just 105 00:05:25.040 --> 00:05:26.000 about making money? 106 00:05:26.319 --> 00:05:29.360 Money is definitely a huge factor, right, probably the biggest 107 00:05:29.360 --> 00:05:32.920 motivator we see, but it's not the only one. Revenge 108 00:05:32.959 --> 00:05:36.959 is a powerful driver too. Revenge Like how think about 109 00:05:37.000 --> 00:05:40.920 say an employee who got fired and feels wronged, maybe 110 00:05:40.920 --> 00:05:44.920 publicly humiliated if they have insider knowledge of the company systems. 111 00:05:45.079 --> 00:05:47.639 They might use it to cause damage, leak data, hurt 112 00:05:47.639 --> 00:05:50.160 the company's reputation or finances. 113 00:05:49.839 --> 00:05:52.360 Right, weaponizing their access exactly. 114 00:05:52.759 --> 00:05:55.639 And then there are other motives, sometimes purely emotional, like 115 00:05:55.759 --> 00:05:58.720 hate crimes carried out online or driven by ideology. 116 00:05:59.120 --> 00:06:01.319 But yeah, bottom line, and every cyber criminal has an 117 00:06:01.319 --> 00:06:03.879 objective money, revenge, disruption, something. 118 00:06:04.319 --> 00:06:07.759 Okay, let's get into the tactics, the playbook, so to speak. 119 00:06:08.000 --> 00:06:10.519 Where do they often start. I guess social engineering like 120 00:06:10.600 --> 00:06:13.199 phishing is pretty common. We've probably all seen those emails 121 00:06:13.199 --> 00:06:14.519 that look a bit off. 122 00:06:14.639 --> 00:06:17.800 Oh. Absolutely. Phishing is basically the art of deception online, 123 00:06:17.959 --> 00:06:20.839 tricking you into giving up sensitive info credit card details, 124 00:06:20.920 --> 00:06:23.800 bank logins, usually through fake websites or emails designed to 125 00:06:23.800 --> 00:06:25.480 look exactly like the real thing. 126 00:06:25.480 --> 00:06:29.360 Very convincing. Sometimes they can be incredibly convincing. Now there's 127 00:06:29.439 --> 00:06:32.439 mass phishing, which is like casting a wide net hoping 128 00:06:32.480 --> 00:06:35.079 to catch anyone. But then there's spearfishing. 129 00:06:35.160 --> 00:06:37.120 Spearfishing sounds more targeted. 130 00:06:37.439 --> 00:06:40.720 It is much more targeted and much more dangerous. Here, 131 00:06:40.879 --> 00:06:45.399 the criminals research specific individuals, they find public information, maybe 132 00:06:45.399 --> 00:06:49.560 from social media or company websites, and craft personalized emails, 133 00:06:49.720 --> 00:06:53.560 often with malware hidden and attachments the email it's legitimate, 134 00:06:53.680 --> 00:06:56.000 maybe like it's from a colleague or a known contact, 135 00:06:56.360 --> 00:06:59.160 designed purely to build trust and get that one specific 136 00:06:59.199 --> 00:06:59.959 person to click. 137 00:07:00.199 --> 00:07:01.639 Wow. That takes more effort. 138 00:07:01.839 --> 00:07:04.959 It does require more human effort than automated mass fishing, 139 00:07:05.439 --> 00:07:07.720 but the success rate can be alarmingly high because it 140 00:07:07.759 --> 00:07:09.360 feels so personal and credible. 141 00:07:09.439 --> 00:07:12.920 I remember those early four nineteen Nigerian scams. That was 142 00:07:13.000 --> 00:07:15.639 pure deception, wasn't it a form of identity theft built 143 00:07:15.639 --> 00:07:16.079 on a lie? 144 00:07:16.399 --> 00:07:19.160 Exactly, a classic example of social engineering before it got 145 00:07:19.279 --> 00:07:23.600 quite so technically sophisticated. But yeah, beyond trickery, malware itself 146 00:07:23.639 --> 00:07:25.639 is a massive, constantly evolving threat. 147 00:07:25.839 --> 00:07:28.079 Malware the malicious software umbrella. 148 00:07:28.120 --> 00:07:30.920 What falls under that lots of things, but one of 149 00:07:30.959 --> 00:07:35.319 the most notorious types is ransomware. I think petya want 150 00:07:35.319 --> 00:07:37.160 to cry those big outbreak. 151 00:07:36.839 --> 00:07:39.319 Right, and I remember those they locked up computers, didn't they? 152 00:07:39.360 --> 00:07:43.519 Precisely. Ransomware takes your data hostage. It encrypts your files 153 00:07:43.600 --> 00:07:46.800 or locks your whole computer, and then demands a ransom payment, 154 00:07:46.959 --> 00:07:49.480 usually in cryptocurrency, to give you access back. 155 00:07:49.800 --> 00:07:51.519 And that's becoming more common. 156 00:07:51.240 --> 00:07:55.000 Dramatically so our sources showed the frequency jumping from attacks 157 00:07:55.040 --> 00:07:58.920 happening every forty seconds back in twenty seventeen to ever 158 00:07:59.040 --> 00:08:01.199 twenty four seconds twenty nineteen. 159 00:08:00.959 --> 00:08:03.439 Every twenty four seconds. That's terrified. 160 00:08:03.560 --> 00:08:06.480 It's a staggering acceleration. It means for a lot of 161 00:08:06.519 --> 00:08:09.000 people and businesses it's less a question of if they'll 162 00:08:09.000 --> 00:08:11.600 get hit and more when, which really changes how you 163 00:08:11.639 --> 00:08:14.879 have to think about defense. The impact just on healthcare 164 00:08:14.920 --> 00:08:17.680 alone was projected to quadruple by twenty twenty. 165 00:08:17.519 --> 00:08:21.279 Just devastating for critical services. Any other major malware types. 166 00:08:21.079 --> 00:08:24.560 Well, you also have computer worms. These are nasty because 167 00:08:24.600 --> 00:08:28.240 they can copy themselves and spread across networks automatically, without 168 00:08:28.319 --> 00:08:31.800 needing you to click anything specific. They just quietly infect 169 00:08:32.039 --> 00:08:35.480 machine after machine. And interestingly, we're seeing a bit of 170 00:08:35.480 --> 00:08:39.240 a shift to away from purely automated malware towards attacks 171 00:08:39.279 --> 00:08:42.559 where humans manually deploy the malware, making them more precise 172 00:08:42.600 --> 00:08:44.039 and harder to detect initially. 173 00:08:44.120 --> 00:08:47.120 Okay, what about attacks that don't necessarily steal data but 174 00:08:47.200 --> 00:08:49.960 just disrupt things like denial of service? I think most 175 00:08:50.000 --> 00:08:53.200 of us have experienced a website just not loading. 176 00:08:53.559 --> 00:08:56.480 Yeah, that frustration is often a denial of service or 177 00:08:56.720 --> 00:08:59.600 DOS attack. It basically floods a server with so much 178 00:08:59.679 --> 00:09:03.440 traffic that it gets overwhelmed and can't respond to legitimate users. 179 00:09:03.559 --> 00:09:04.960 Just one attacker causing that. 180 00:09:04.960 --> 00:09:08.240 That's a basic DOS. But then you have didas distributed 181 00:09:08.279 --> 00:09:11.279 denial of service that's way more powerful distributed. 182 00:09:11.320 --> 00:09:12.320 How does that work? 183 00:09:12.519 --> 00:09:15.159 Imagine instead of one person knocking on the door, you 184 00:09:15.200 --> 00:09:19.200 have a huge mob, maybe millions of computers all hammering 185 00:09:19.240 --> 00:09:23.200 the website at once. These are usually bots, computers that 186 00:09:23.240 --> 00:09:26.320 have been secretly compromised and are controlled by the attacker. 187 00:09:26.919 --> 00:09:30.399 They create this overwhelming flood of traffic that just forces 188 00:09:30.440 --> 00:09:31.519 the site offline. 189 00:09:31.559 --> 00:09:32.840 A digital mob. 190 00:09:33.159 --> 00:09:36.919 Pretty much, and the scale is increasing. DDoS attacks in 191 00:09:36.960 --> 00:09:40.320 twenty seventeen were reportedly four times larger than just two 192 00:09:40.399 --> 00:09:45.279 years earlier. These digital moms are getting bigger and more sophisticated. 193 00:09:44.600 --> 00:09:47.600 And then there's a newer one. You mentioned. Cryptojacking sounds 194 00:09:47.639 --> 00:09:49.120 like something from science fiction. 195 00:09:49.080 --> 00:09:53.159 Doesn't, but it's very real. Cryptojacking is basically hijacking someone 196 00:09:53.159 --> 00:09:57.879 else's computer processing power without their knowledge, to mind cryptocurrency, So. 197 00:09:57.879 --> 00:10:00.360 My computer could be working for a criminal eventually. 198 00:10:00.480 --> 00:10:03.960 Yes, they run mining scripts hidden on websites or delivered 199 00:10:04.039 --> 00:10:08.000 via malware. It's stealthy, low risk for the criminal compared 200 00:10:08.159 --> 00:10:10.919 to setting up their own mining rigs, and they target 201 00:10:11.000 --> 00:10:14.720 anything with processing power. High traffic websites are prime targets. 202 00:10:15.120 --> 00:10:17.600 There was one piece of malware some mom and rou 203 00:10:18.000 --> 00:10:22.120 that compromised something like half a million machines just for crypto. 204 00:10:21.799 --> 00:10:25.879 Mining, turning unsuspecting users into unwitting accomplices. 205 00:10:25.360 --> 00:10:28.559 Essentially yes, using their electricity and computer resources. 206 00:10:28.720 --> 00:10:31.559 The real world consequences of all this are just huge, 207 00:10:31.559 --> 00:10:33.639 aren't they? And it's not just the big corporations or 208 00:10:33.679 --> 00:10:34.559 governments getting hit. 209 00:10:34.639 --> 00:10:37.240 No, that's a key point from our sources. While big 210 00:10:37.279 --> 00:10:40.559 breaches make headlines, the majority of cyber attacks actually target 211 00:10:40.639 --> 00:10:41.519 small businesses. 212 00:10:41.639 --> 00:10:42.080 Why them? 213 00:10:42.360 --> 00:10:46.039 Often because they have fewer resources for robust cybersecurity defenses, 214 00:10:46.399 --> 00:10:47.799 they're seen as easier targets. 215 00:10:47.919 --> 00:10:49.799 Makes sense. Are their stats on this? 216 00:10:50.240 --> 00:10:53.440 Yeah? The FDI tracks something called Business Email compromise or 217 00:10:53.480 --> 00:10:57.720 BC that's often targeted fishing, leading to fraudulent wire transfers. 218 00:10:58.200 --> 00:11:01.440 The report showed losses exploding by thirteen hundred percent since 219 00:11:01.480 --> 00:11:04.799 twenty fifteen, adding up to over three billion dollars. 220 00:11:04.840 --> 00:11:08.200 Three billion just from tricking people into sending money. 221 00:11:08.000 --> 00:11:11.840 It's staggering, and it hits individuals too. Microsoft did a 222 00:11:11.879 --> 00:11:14.000 survey finding that two out of three people had run 223 00:11:14.039 --> 00:11:16.279 into a technical support scam in the previous year. 224 00:11:16.720 --> 00:11:18.919 The fake Microsoft support calls. 225 00:11:18.759 --> 00:11:21.799 Exactly or pop up saying your computer's infected. And behind 226 00:11:21.799 --> 00:11:24.679 the scenes, cyber criminals are turning out something like one 227 00:11:24.720 --> 00:11:29.840 point four million phishing websites, constantly trying to mimic legitimate 228 00:11:29.919 --> 00:11:32.000 sites to steal your logins or money. 229 00:11:32.120 --> 00:11:35.440 It really paints a picture of a constant, ongoing battle, 230 00:11:35.440 --> 00:11:39.519 which leads us perfectly into the next part. Vulnerabilities, both 231 00:11:39.559 --> 00:11:42.639 the humankind and the technical kind, the manipulations, and how 232 00:11:42.679 --> 00:11:46.799 this whole threat landscape keeps evolving. I suspect a lot 233 00:11:46.840 --> 00:11:49.639 of this comes down to us, doesn't it our behavior online? 234 00:11:49.679 --> 00:11:52.399 It absolutely does. Think about how much we willingly share 235 00:11:52.399 --> 00:11:55.840 on social media, birthdays, where we live, pictures of our family, 236 00:11:55.879 --> 00:11:57.200 are pets, names. 237 00:11:57.039 --> 00:11:59.320 Yeah, the stuff security questions often ask about. 238 00:11:59.480 --> 00:12:04.240 Precisely. Cyber criminals can easily gather this seemingly harmless info 239 00:12:04.639 --> 00:12:08.559 and piece together detailed profiles. It puts individuals and even 240 00:12:08.559 --> 00:12:12.080 their families at real risk. And there's this other factor too, 241 00:12:12.399 --> 00:12:14.080 something called privacy fatigue. 242 00:12:14.200 --> 00:12:15.840 Privacy fatigue. What's that. 243 00:12:16.120 --> 00:12:18.679 It's basically where people just get tired of worrying about 244 00:12:18.679 --> 00:12:22.039 online privacy all the time. There are so many data breaches, 245 00:12:22.159 --> 00:12:25.360 so many complex settings, that they kind of give up 246 00:12:25.440 --> 00:12:29.200 and just accept the risks in return for say, personalized 247 00:12:29.200 --> 00:12:30.679 ads or convenient services. 248 00:12:30.759 --> 00:12:33.679 I can see that happening, just feeling overwhelmed exactly. 249 00:12:33.759 --> 00:12:36.799 It's a trade off people make often without fully realizing 250 00:12:36.879 --> 00:12:38.480 the potential consequences, and. 251 00:12:38.399 --> 00:12:41.559 That fatigue, that willingness to share it opens the door 252 00:12:41.600 --> 00:12:45.679 for more direct exploitation, right like online harassment. 253 00:12:45.320 --> 00:12:48.600 Definitely, things like cyber stocking where someone uses repeated online 254 00:12:48.600 --> 00:12:51.440 messages or emails to frighten a harass a victim, or 255 00:12:51.559 --> 00:12:54.600 cyber bullying using the internet to bully others, which can 256 00:12:54.679 --> 00:12:58.360 even happen in the workplace, and cyber defamation spreading lies 257 00:12:58.440 --> 00:13:00.559 online to wreck someone's reputation. 258 00:13:01.000 --> 00:13:03.919 It's weaponizing information and access, it is. 259 00:13:04.159 --> 00:13:07.000 And it can go to some really dark places. Our 260 00:13:07.039 --> 00:13:11.080 sources mention things like Internet death groups which prey on 261 00:13:11.320 --> 00:13:15.639 vulnerable young people, maybe exploiting feelings of hopelessness or disillusionment. 262 00:13:15.799 --> 00:13:17.000 That's deeply disturbing. 263 00:13:17.200 --> 00:13:20.080 It is, And on a different note, technology also makes 264 00:13:20.120 --> 00:13:24.480 things like academic cheating easier, or even document forgery, like 265 00:13:24.519 --> 00:13:26.919 faking papers to help someone leave their home country under 266 00:13:26.919 --> 00:13:31.159 false pretenses. It's interesting too, how views on academic integrity 267 00:13:31.200 --> 00:13:32.879 can really differ across cultures. 268 00:13:33.200 --> 00:13:37.200 We've also seen these massive data breaches become almost routine news. 269 00:13:37.279 --> 00:13:38.559 You mentioned Yahoo earlier. 270 00:13:38.720 --> 00:13:41.679 Yeah, the twenty fourteen Yahoo breach was enormous, three billion 271 00:13:41.799 --> 00:13:45.960 user accounts affected. That's set a terrifying record. Then Facebook 272 00:13:45.960 --> 00:13:49.720 had its big data leak in twenty eighteen involving Cambridge Analytica, 273 00:13:49.759 --> 00:13:50.759 impacting millions. 274 00:13:50.799 --> 00:13:52.120 And it's not just tech companies. 275 00:13:52.399 --> 00:13:56.840 Healthcare too, Absolutely critical sectors are prime targets. Singapore had 276 00:13:56.879 --> 00:13:59.120 a major cyber attack on its health system, affecting one 277 00:13:59.159 --> 00:14:02.720 point five million patients, including their prime minister. The UK's 278 00:14:02.799 --> 00:14:06.480 NHS has faced numerous data breaches. These aren't just technical glitches. 279 00:14:06.720 --> 00:14:08.480 They seriously erode public trust. 280 00:14:08.720 --> 00:14:11.720 And now we're seeing artificial intelligence enter the picture, making 281 00:14:11.720 --> 00:14:13.240 things even more complex. 282 00:14:13.399 --> 00:14:16.480 Right. AI is becoming a powerful tool. Unfortunately for criminals too. 283 00:14:16.960 --> 00:14:19.240 We're seeing AI used to create. 284 00:14:19.200 --> 00:14:22.639 Deep fakes, those fake videos that look incredibly real. 285 00:14:22.559 --> 00:14:28.080 Exactly generating convincing but totally fabricated video and audio. There 286 00:14:28.080 --> 00:14:30.279 are huge concerns about how this could be used for 287 00:14:30.360 --> 00:14:37.240 political disinformation scams, or even horrifyingly, to create synthetic child pornography. 288 00:14:37.399 --> 00:14:39.440 That's a nightmare scenario, it is. 289 00:14:39.639 --> 00:14:42.799 And researchers have even developed something called deep master prints. 290 00:14:43.120 --> 00:14:46.639 These are AI generated sort of universal fingerprint templates that 291 00:14:46.679 --> 00:14:50.080 can actually match a significant percentage of real fingerprints in 292 00:14:50.120 --> 00:14:53.159 a database. One study showed they could match seventy seven 293 00:14:53.240 --> 00:14:55.919 percent of users with only a one percent false match rate. 294 00:14:56.039 --> 00:14:59.080 Wow. So much for biometric security being foolproof. 295 00:14:59.240 --> 00:15:02.159 It raises seria questions, and beyond that, AI is being 296 00:15:02.200 --> 00:15:05.200 programmed to act as intelligent scanners, not just looking for 297 00:15:05.279 --> 00:15:10.159 known security holes, but actively finding new undiscovered vulnerabilities in software. 298 00:15:10.279 --> 00:15:14.399 It's like weaponizing AI's learning ability against our own defenses. 299 00:15:14.120 --> 00:15:17.919 Which brings us straight to fake news and disinformation That 300 00:15:18.159 --> 00:15:21.840 really exploded into public consciousness around the twenty sixteen US election, 301 00:15:21.919 --> 00:15:22.440 didn't it. 302 00:15:22.440 --> 00:15:26.039 It certainly gained huge prominence then, and it's incredibly damaging. 303 00:15:26.200 --> 00:15:28.960 It's not just about spreading falsehoods. It's used to actively 304 00:15:29.039 --> 00:15:33.840 undermine trust in institutions, fuel social tensions, and interfere directly 305 00:15:33.840 --> 00:15:35.320 in political processes and. 306 00:15:35.279 --> 00:15:37.159 Social media plays a big role. 307 00:15:37.080 --> 00:15:39.879 A massive role. Social media often acts like an echo 308 00:15:40.000 --> 00:15:42.639 chamber where you mainly see views you already agree with, 309 00:15:42.799 --> 00:15:46.960 reinforcing your biases. And it's also an amplifier, spreading information 310 00:15:47.120 --> 00:15:51.399 true or false incredibly quickly and widely. This combination really 311 00:15:51.480 --> 00:15:52.799 fuels political polarization. 312 00:15:53.080 --> 00:15:56.679 We saw documented cases of state actors getting involved too. 313 00:15:56.960 --> 00:15:59.799 Yes, the Russian state sponsored internet interference in the twenty 314 00:15:59.799 --> 00:16:03.399 six US election is a prime example of how disinformation 315 00:16:03.440 --> 00:16:06.600 can be used as a tool in sort of hybrid warfare. 316 00:16:06.679 --> 00:16:09.240 It's cheap, it's easy to spread via social media, and 317 00:16:09.279 --> 00:16:10.279 it can be very effective. 318 00:16:10.600 --> 00:16:13.879 And maybe the most disturbing intersection of technology and crime 319 00:16:13.960 --> 00:16:16.799 is how it's used in human trafficking and child exploitation. 320 00:16:17.240 --> 00:16:21.440 This is a truly devastating area. Traffickers exploit the Internet's 321 00:16:21.440 --> 00:16:25.480 global reach for both recruiting victims and advertising them. They 322 00:16:25.559 --> 00:16:29.039 use social media, chat rooms, online classified ads like the 323 00:16:29.080 --> 00:16:33.440 now defunct backpage dot com to find, lure, and sell 324 00:16:33.759 --> 00:16:34.720 vulnerable people. 325 00:16:35.120 --> 00:16:37.080 Are there numbers on how prevalent this is. 326 00:16:37.799 --> 00:16:41.840 One INNGO Thorn reported that a shocking sixty three percent 327 00:16:41.879 --> 00:16:46.399 of identified child victims were advertised online. Sixty three percent. 328 00:16:46.559 --> 00:16:49.240 That's horrific. How do they manipulate victims online? 329 00:16:49.279 --> 00:16:53.320 There's something called luring communication theory LCT. It outlines the 330 00:16:53.360 --> 00:16:57.000 steps online predators often take. It usually starts with grooming, 331 00:16:57.320 --> 00:17:01.440 building trust, making the victim feel special, isolating them. Then 332 00:17:01.480 --> 00:17:06.359 they might move to communicative desensitization, gradually introducing inappropriate topics 333 00:17:06.359 --> 00:17:09.319 and make them seem normal, and finally using verbal lead ins, 334 00:17:09.400 --> 00:17:13.519 pushing boundaries with sexually suggestive language. It's a calculated, manipulative 335 00:17:13.519 --> 00:17:14.440 process that's awful. 336 00:17:14.440 --> 00:17:17.039 It's clear the threats are huge, constantly changing, and coming 337 00:17:17.079 --> 00:17:19.079 from all angles. So face with all this, the big 338 00:17:19.160 --> 00:17:21.079 question is what can we actually do? How do we 339 00:17:21.079 --> 00:17:23.880 defend ourselves or businesses or society on this digital frontier. 340 00:17:24.000 --> 00:17:27.359 It's a multi layered answer. Starting with individual actions, there 341 00:17:27.400 --> 00:17:30.759 are some basic but absolutely crucial best practices. 342 00:17:30.839 --> 00:17:32.000 Okay, what are the essentials? 343 00:17:32.519 --> 00:17:37.200 First, be incredibly suspicious of unknown links or attachments in emails. 344 00:17:37.519 --> 00:17:40.880 That's ground zero for phishing and malware. Don't click if 345 00:17:40.920 --> 00:17:44.880 you're unsure. Second, keep your software updated, your operating system, 346 00:17:44.920 --> 00:17:49.000 your browser, everything. Those updates often contain vital security patches 347 00:17:49.200 --> 00:17:50.319 that fix known. 348 00:17:50.119 --> 00:17:52.519 Holes, like digital vaccines exactly. 349 00:17:52.880 --> 00:17:56.039 Third, use a firewall. It acts like a filter, blocking 350 00:17:56.079 --> 00:17:59.799 malicious traffic trying to get into your network. Fourth, passwords, 351 00:18:00.079 --> 00:18:02.920 Please please use strong, unique passwords. 352 00:18:02.440 --> 00:18:05.519 Not password one two three or one two, three, four, five, six. 353 00:18:05.720 --> 00:18:09.599 Definitely not think long at least ten maybe fifteen characters, 354 00:18:09.839 --> 00:18:13.240 mix uppercase, lowercase numbers, symbols, or even better, use a 355 00:18:13.240 --> 00:18:16.400 pass hraise a short, memorable sentence, and don't reuse passwords 356 00:18:16.400 --> 00:18:17.359 across different sites. 357 00:18:17.400 --> 00:18:18.559 Good advice anything else? 358 00:18:18.559 --> 00:18:22.759 For individuals, Yes, backups Regularly backup your important data, photos, documents, 359 00:18:22.799 --> 00:18:25.759 whatever matters to an external drive or secure cloud service. 360 00:18:25.960 --> 00:18:28.519 If ransomware hits, having a backup means you don't have 361 00:18:28.559 --> 00:18:29.759 to pay to get your stuff back. 362 00:18:29.920 --> 00:18:33.279 Okay, that's the individual level. What about organizations? They face 363 00:18:33.279 --> 00:18:35.759 bigger threats, presumably need bigger defenses. 364 00:18:36.000 --> 00:18:40.319 They absolutely do. For organizations, it's about continuous risk assessment 365 00:18:40.640 --> 00:18:44.359 and implementing robust security controls across the board. Making sure 366 00:18:44.400 --> 00:18:48.480 all hardware and software is updated, including antivirus is baseline. 367 00:18:48.599 --> 00:18:50.519 Moving beyond just passwords too. 368 00:18:50.640 --> 00:18:55.680 Yes, definitely using more complex authentication is key. Multi factor 369 00:18:55.720 --> 00:19:00.599 authentication MFA should be standard wherever possible, combining something you 370 00:19:00.720 --> 00:19:03.200 know password with something you have like a code from 371 00:19:03.240 --> 00:19:06.720 your phone or something you are like a fingerprint. There's 372 00:19:06.720 --> 00:19:10.519 even advanced stuff like keystroke biometrics analyzing the unique rhythm 373 00:19:10.599 --> 00:19:11.400 of how you type. 374 00:19:11.599 --> 00:19:15.440 Wow, and specific industries like banking must have extra layers, 375 00:19:15.480 --> 00:19:16.039 oh for sure. 376 00:19:16.480 --> 00:19:20.599 Debunking relies heavily on things like SSL certificates for encrypted connections, 377 00:19:20.759 --> 00:19:25.039 strict security hitters, and systems like certificate transparency to constantly 378 00:19:25.119 --> 00:19:28.440 verify website identities and prevents spoofing or man of the 379 00:19:28.480 --> 00:19:30.240 moddle attacks where someone intercepts. 380 00:19:29.839 --> 00:19:32.559 Your connection and I guess AI is being used defensively too. 381 00:19:32.960 --> 00:19:37.160 Yes, Increasingly, deep learning and machine learning are powering advanced 382 00:19:37.200 --> 00:19:41.480 anti fraud systems. They can analyze transaction patterns in real time, 383 00:19:41.759 --> 00:19:45.759 spotting anomalies and suspicious behavior much faster than humans could. 384 00:19:45.920 --> 00:19:48.519 What about things like blockchain and smart contracts? They have 385 00:19:48.599 --> 00:19:50.240 vulnerabilities too, right they do. 386 00:19:50.400 --> 00:19:54.400 Smart contract code needs rigorous auditing. Bugs can be catastrophic. 387 00:19:55.400 --> 00:19:59.559 Remember that Ethereum contract flawback in twenty sixteen cost about 388 00:19:59.559 --> 00:20:02.839 eighty mins million dollars due to a vulnerability, and even 389 00:20:02.920 --> 00:20:06.799 similar tools like capchas those prove your human tests are 390 00:20:06.839 --> 00:20:10.079 important for stopping automated bots. From scraping websites or launching 391 00:20:10.079 --> 00:20:10.759 brute force. 392 00:20:10.599 --> 00:20:13.599 Attacks, So lots of technical defenses. But you mentioned earlier 393 00:20:13.720 --> 00:20:17.960 cybercrime ignores borders while laws are usually national. That sounds 394 00:20:17.960 --> 00:20:19.000 like a huge mismatch. 395 00:20:19.079 --> 00:20:22.440 It's a fundamental challenge. The borderless nature of cybercrime makes 396 00:20:22.480 --> 00:20:26.720 international cooperation absolutely essential, but it's really difficult to achieve 397 00:20:26.720 --> 00:20:31.039 effectively because legal systems, investigative powers, and even definitions of 398 00:20:31.119 --> 00:20:33.599 crimes vary so much from country to country. 399 00:20:33.839 --> 00:20:36.000 So what does the legal landscape actually look like? Is 400 00:20:36.039 --> 00:20:37.240 there any global standard? 401 00:20:37.359 --> 00:20:40.359