Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Sumona Banerji on how we are hardwired for vulnerability to online exploits - and how to overcome it.
If you're unaware of the emerging field of cyberpsycholgy, Sumona Banerji is one of the most interesting voices on the intersection of cybertechnology with the oldest computer in creation - the human brain. Here's a snippet from her insightful Medium post on the universality of human factors that enable all types of malicious online action, and "cognitive security", the factor she defines as remedial:
"The Universal Exploit: Why Phishing and Propaganda are the Same Attack"
Cognitive Security begins with a provocative realization: The most sophisticated firewall in the world cannot protect an organization, if the system itself is designed in direct opposition to how the human brain functions.
We often talk about “human error” as a bug. In reality, the “bug” isn’t in our cognition… it’s in the mismatch between our ancient biological hardware and our modern digital infrastructure. Our brains evolved for a world of small social groups and immediate physical threats, not for evaluating the authenticity of emails, detecting coordinated disinformation, or resisting carefully engineered persuasion. It evolved over millennia to prioritize social cohesion, respect for authority, and rapid pattern-matching. These aren't flaws; they are the "features" that allowed human civilization to thrive.
However, in the digital threat landscape, these same features are weaponized a.k.a ‘cognitive attacks’ to achieve objectives ranging from stealing credentials to reshaping geopolitical beliefs.
The Defender’s Dilemma: A technical vulnerability, once patched, is fixed. A cognitive vulnerability (like high altruism or deference to authority) cannot be ‘patched’. It can only be understood and compensated for. Cognitive security is focused on solving for this.
We often talk about “human error” as a bug. In reality, the “bug” isn’t in our cognition… it’s in the mismatch between our ancient biological hardware and our modern digital infrastructure. Our brains evolved for a world of small social groups and immediate physical threats, not for evaluating the authenticity of emails, detecting coordinated disinformation, or resisting carefully engineered persuasion. It evolved over millennia to prioritize social cohesion, respect for authority, and rapid pattern-matching. These aren't flaws; they are the "features" that allowed human civilization to thrive.
However, in the digital threat landscape, these same features are weaponized a.k.a ‘cognitive attacks’ to achieve objectives ranging from stealing credentials to reshaping geopolitical beliefs.
The Defender’s Dilemma: A technical vulnerability, once patched, is fixed. A cognitive vulnerability (like high altruism or deference to authority) cannot be ‘patched’. It can only be understood and compensated for. Cognitive security is focused on solving for this.
You might also find this post on "Narrative Laundering" relevant, as it's pretty much the water we're swimming in here in [Redacted]'s America:
"How Narrative Laundering “Washes” the Truth."
We are living through a massive, quiet shift in how information is weaponized. While we’ve become accustomed to spotting “fake news,” a more sophisticated technique has emerged that doesn’t just lie to us — it bypasses our logical defenses entirely.
It’s called Narrative Laundering, and it is the bridge between a simple lie and a society-wide delusion.
What is Narrative Laundering? Think of it like money laundering. In financial crime, you take “dirty” money from an illegal source and pass it through legitimate businesses until it looks “clean.”
Narrative Laundering does the same with information. An adversary takes a piece of “dirty” disinformation — perhaps originating from a state-sponsored troll farm or a fringe conspiracy site — and pushes it through layers of social media bots, fake “expert” accounts, and secondary news outlets. By the time it reaches your feed, the original, biased source is invisible. It looks like a mainstream, legitimate trend.
It’s called Narrative Laundering, and it is the bridge between a simple lie and a society-wide delusion.
What is Narrative Laundering? Think of it like money laundering. In financial crime, you take “dirty” money from an illegal source and pass it through legitimate businesses until it looks “clean.”
Narrative Laundering does the same with information. An adversary takes a piece of “dirty” disinformation — perhaps originating from a state-sponsored troll farm or a fringe conspiracy site — and pushes it through layers of social media bots, fake “expert” accounts, and secondary news outlets. By the time it reaches your feed, the original, biased source is invisible. It looks like a mainstream, legitimate trend.
This explains Russia's ongoing victory in the asymmetrical war they have been prosecuting on liberal democracies worldwide since they were able to shuck off the confining infrastructure of Soviet bureaucracy and the constrictions of its avowed ideology. And how their success has inspired the oligarchs created by the early victories in that warfare to become a fifth column, using their money and influence to increase our vulnerability to the continuous attacks.
The discipline of Cyberpsychology is just emerging as a factor across the world of Technology, and it's woefully behind in the rapid growth of AI, and the emerging development of quantum computing tools. While integrating cyberpsychology into the various designs and disciplines of cybersecurity and design is a long, difficult, and certain to be hard-fought goal in detoxifying the human/computer interface, Banerji's conceptualization of "cognitive security" is a broader, versatile tool. It can be promoted from multiple angles across multiple disciplines, and, while it will still face pushback and opposition from the monetizers who do not want to have to give up tools designed for maximum addiction, toxicity, and persistence, it can be applied in real-world settings to develop a set of immunizing tools.
I'm dismayed by the extent that technology has been allowed and encouraged to develop without the guardrails needed to keep it from becoming as toxic and weaponized as it is currently, and worse, the higher levels of damage it is on track to achieve in the next few years. But I'm heartened by the growing creativity advancing solutions. If we have time to implement them...
thoughtfully,
Bright
P.S. You might also find this webinar an interesting summary of the Cyberpsychology/Cognitive Security interface:
1 replies
= new reply since forum marked as read
= new reply since forum marked as read
that is a huge problem right there 