LPRC - CrimeScience – The Weekly Review – Episode 113 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: July 28, 2022LPRC Supply Chain Summit Next Week! LinkedIn has a large phishing attack! In this week’s episode, our co-hosts discuss the application of research for the heterogenerity of situations, how Covid aff...ected crime after policy changes, T-Mobile’s data was breached, the LPRC Research team keeps on growing, and a look at a Saudi Arabian Twitter Spy. Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 113 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi, everyone, and welcome to Crime Science. In this podcast, we explore the science of
crime and the practical application of this science for loss prevention and asset protection
practitioners as well as other professionals.
Episode of Crime Science podcast from the LPRC. This is the latest in our weekly update
series and I'm joined today by colleagues Tony D'Onofrio and Tom Meehan and our producer Diego Rodriguez.
Diego's fresh off a four-day weekend, so we've just been joking with him.
Hopefully, he got a little bit of relaxation.
So just to update the thing that keeps on keeping on, and that's the global pandemic from the coronavirus.
global pandemic from the coronavirus. We know that it just continues to morph, to evolve in these Omicron different variants and the reinfections that are breaking all the rules. Just when it
appears the scientists working in this area, the virologists felt like they had a handle on how natural and vaccine and interaction of the two sometimes
created immunity and probably provided a lot of protection from reinfection for those that had
natural infection. But it turns out that people in all the above categories continually are getting
now reinfected. It looks like, again, according to data and what I've been
reading here, that the infections are increasingly less serious for most people. There are always
those exceptions, but they seem to be that case. I read a very interesting Wall Street Journal
article on think you've never been infected kind of headline. And I know myself, as far as I know,
I've not been infected. Kim's not. And really, in fact, almost nobody in my family, it seems,
or others. But in fact, probably they think right now still with these big meta-analyses where you
combine multiple studies and normalize and then analyze. So that about 40% of infected people
just are completely asymptomatic or the symptoms are so almost subclinical that you don't know.
And again, most people, even today, don't have access to testing, don't go and test if they
just don't feel right or for other reasons. So it it's just been very difficult. So, there are a couple of
labs they were talking about, a handful of labs in the United States that have the capability of
looking at antibodies because, again, antibodies are generated for a variety of proteins in these
viruses and so on, or the vaccines, right? That's what we're trying to do is launch that immune system and to tell whether these antibodies are specific for the virus itself or something else or parts
of the virus versus the vaccine that replicates the spike protein or parts of the spike protein.
Most labs and testing just don't know. can't discriminate so it's it's a very
puzzling question uh so some people are walking around thinking they're bulletproof um in other
words immune completely immune but may in fact have had it just lucked out didn't inhale a bunch
in fact one of our researchers from the university of florida that's been working on an NSF project with us. She's been Pfizer two doses plus the booster, a young lady
in her 20s, very healthy. And she then got the coronavirus and felt really bad for two weeks.
Now she's up and completely cleared. But it took a while also for the test to show that she was
cleared of the viral particles. And so now she's back in our lab,
at least working on virtual reality testing with Rochelle on our team. So it's very interesting
how this thing keeps going. All right. So moving on, we're looking at the infection rates remain
high. The seven-day average I just looked at was 128,000 new daily infections detected in a very
low testing period. So, I guess it indicates that there is a lot of infections still occurring.
Last year at this time, the seven-day average was 52,000. So, you know, way less than half
a year ago. So, we've more than doubled the infections that are being determined. And at
a time where testing is probably less frequent than before. So, no telling, but it looks like
it's pretty widespread and continuing to spread at a high level. Looking over at the vaccines,
I see that there's a charge by the government to try and pull together the vaccine manufacturers
to look ahead,
which seems sort of interesting to me. Maybe it's just a headline grabber,
because we keep talking about almost every week about the amount of new vaccines entering the pipeline all the time for the variants and for beyond and different ways to administer the
vaccine. We talked about through the nasal passage and so on to see if we can get more reduction in infection in addition to seriousness of the disease if you
are infected. So, they're currently tracked 123 clinical trials according to a New York Times
tracking survey. So, 123 vaccine candidates in clinical trials right now,
human clinical trials. There are 53 in phase 1, 48, about 50, in other words, in phase 2,
and 51 in phase 3. So, you can see there are a lot of these candidates entering the pipeline,
moving through the pipeline. We talked about how it's increasingly difficult to conduct some of
the bigger trials because everybody's either been infected or vaccinated or both.
So this is an interesting time.
The Novavax, which we've talked about for almost two years, it seems like now, is emergency use authorized in the United States.
The U.S. government three years ago, two years ago, contracted to buy several million doses. They just had more manufacturing issues to try and find the right places to do the manufacturing at the proper level of
sanitary conditions, maintain that each and every dose is highly efficacious and that there's not a
variation there and so on. I saw the one report in the U.S. Air Force is authorized now that Novavax,
I saw the one report in the U.S. Air Force is authorized now that Novavax, it's a different type of vaccine. And so the idea is that individuals that for whatever reason were opposed to or concerned about any way the mRNA vaccines, the Pfizer and Moderna, for example, might not have concerns because it's much more traditional vaccine type. And it does
appear to be highly efficacious. Testing already shows, though, like the other vaccines and
everything else, human immunity, natural immunity, the Omicron seems to be still an issue, but it
reduces, again, like the other vaccines, the seriousness of the disease on average. And again,
we've always got to look at studies that we work with in criminology studies that we look at in biological science. And they're
at the aggregate that's on average, on average this versus on average that. The individuals,
all of us are so different, which leads me kind of as we move out of the pandemic to talk a little
bit about our research and the science and things that we're doing at LPRC. And this idea of heterogeneity, that each and every one of us are different
from the other, and that even those differences change by us through time, how we perceive the
world, our health, our behavior, our activities. The same thing holds at a place level that those places change all the time.
Think about your favorite restaurants or bars or gathering places or the schools and who's at the
school or at the bars changes the names, the ownership, the patronage, the neighborhood around
them, the blocks and so on continually change and evolve. So not only are things and people
and places different from each
other, that makes it tough to study or to do something that works across the board, but those
can, they're continually changing. And that, that complexity is really what we look at at the LPRC
and try and understand the heterogeneity or the, the differences. It's not a homogeneous
display where everybody is age 30 and, you know, in other words, born in this year and look like this and so forth and do this and do that at the same time.
That's just not normal and that's not natural and that's not the reality on the ground.
So it makes it a little more difficult.
you'll see we'll try and get large samples randomly selected, randomly assign the overall sample to get treated or not get treated. In other words, something tested there or different
versions are randomly assigned to be tested versus not being tested and controlled,
kind of like a placebo arm. And so, that's part of the reason is that regardless of differences in individuals and places individually and over time, that if we randomly assign a large enough sample that we normally can overcome, the main systematic difference between the two groups is what we put in there or treat with or deploy, intervene and intervention.
So I wanted to kind of bring that out.
And that's the main reason, too, also, is it. So I wanted to kind of bring that out. And that's the main
reason, too, also, is it's a main call-out. Why a group like the LPRC is so critical to the industry,
to the world, really, is because we need a persistent, highly capable group of researchers,
a community of now 70 major retail corporations, 90 top-notch technology providers,
people like Procter & Gamble and so on, the retail associations in this community,
because we've got to maintain and continue research and research and development because
everything and every place is different and everything and every place continues to change.
And so we can't just come up with something, deploy it and put it out there. And you see with some of the so-called legacy
protective technologies and things like that, they still have a lifespan. They can be enhanced and
continually improved, but they can't just work well now and forever. And we all know that. And
we've certainly seen that with the virus and people are even, believe it or not, a little more complex than viruses are. So just a little quick primer or call out on the method to the madness as far as research goes, research and development and the LPRC, how we're instrumenting ourselves continually to do that, to take that into account, those factors. And so our group
is growing. We're adding retailers now. We came into the year to just about 60 retail corporations
because we've had turnover during the pandemic. We lost some retailers. They changed leadership
primarily as the main reason, some because of economic. Many of those have rejoined and then
many new ones. And we're talking about 35 additional
retailers right now. So we'll just see how this all rolls out. But the group is growing. We're
adding the same thing. We entered with about 70 technology. In other words, our solution partners
or providers, SPs. We're now at about 92 and more coming in. We're being very selective
because we're trying not to, we want to always have, we'll never have one-to-one ratio. It could
be 1.2 to one or something like that. So there may be a few more SPs than retail corporations, but
we see a very rapidly growing community right now. And so our team's growing. We're adding two new operational
people. It turns out Diego just can't do everything himself. And with Chad and Brian,
and now with Wilson, with Tom, Tom Keel, we're adding another person as well.
Getting coming up here, we've got two really, really good candidates for one slot. So it's
coming down to a few factors there.
And then on the research side, adding two more research scientists, which will be an incremental gain of one.
So we'll, in fact, now have hopefully myself here, but then five research scientists assigned.
One has accepted the offer.
We've got an offer out to another another even though we've got two more good
candidates and we're just continually looking for more funding because we need really we need
seven research scientists but we're continuing to grow plus Rochelle being our research associate
we need another Rochelle if you will on the team so but to take it on and to specialize but also
generalize. So,
what we're trying to do with these seven working groups, and again, we've got product or
merchandise protection, anti-theft working group. We've got the supply chain protection working
group, which by the way, has their annual summit on August 2nd in Philadelphia, a day and a half,
two-day summit there hosted by TGAX at their distribution center there.
So we're excited about that.
Diego is one of the main organizers of that supply chain protection working group and the summit itself.
So it looks like a great turnout, amazing agenda, probably the most complete, comprehensive agenda I've ever seen for one of our summits. But we've also got the
retail fraud working group, and that's where James Martin and others are working on an amazing in-store
and online typology of the different types of fraud that are being reported. The retailers
are helping to build that, and companies like APRIS, companies that are working in this fraud field are helping
us shape this too. So you're going to see a very comprehensive listing for the first time of the
different types of fraud. Some of the symptoms, how you might spot it, what are they doing?
So how does it work? How do we spot it? And then what are tools to prevent if that doesn't work to document and roll them up through investigations?
So I'm excited about what's happening in that group. DOG, Data Analytics Working Group that James heads up, you're seeing now mapping being incorporated in there.
And they're starting to do some really sophisticated data analytics in addition to the very important basic data analytics in addition to very important basic data analytics,
things like chi-square and t-test and regression and NOVA or MANOVA and things like that.
But now you're seeing ARIMA, which is looking at kind of forecasting its repeated measures over time
to help the retailers better understand how to use their information to get more out of it.
And by the way, we were just going through a big data set a retailer gave us.
And this is very, very typical.
The data set is very, very, very confusing.
And we all know this is normally a retail environment that the data sets come from all across the organization.
organization. People don't necessarily have what we call a code sheet or code book where for a variable, we list what this is, how it's measured, what type of variable,
and then there's a data label that's standardized and makes sense. It describes what this is.
So we have several of these things that have come in. In this huge, huge data set,
our team is going through and having multiple calls with the retailer because one group has no idea what this is or that is.
Some of them are mislabeled and all this kind of thing.
So this is normal, and that's the data analytics working group on top of, again, leveraging information and mapping that.
So you see Corey and James working on mapping all kind of information from the National Retail Security
Survey, from the National Organized Retail Crime Survey that Corey just conducted, and from the
ARCS survey that Corey's conducting where retailers are going down to that micro level and reporting
what's happening by location in addition to the National Retail Security Survey, which is an
aggregate or a roll-up of what each participant thinks is going
on. So you can see on that scale, getting this macro information down to somewhat micro information,
and then further being able to tap into NIBRS and other federal and state and local databases from
law enforcement, see how they match up, get a better picture of the world. What are we dealing
with? Get the context down. The Violent working group, again, working on the active assailant,
active killer shooter scenarios. We've written up or just about completed our first research and
action brief on that first tele-focus group with 11 retail chains with their threat assessment
people. We're getting ready to deploy some technology in
the lab that might increase survivability during an actual event. So, we're, again,
looking left of bang or left of contact, and then also at contact, how do we better survive,
in addition to, of course, how do we better prevent, all the way up till the actual kinetic attack happens. Going over and then taking a look
at the innovation working group, the way we're doing this is on the board of advisors, we have
an innovation committee, which is going to become the research and innovation committee.
That's a handful of our board. They volunteer to be on that committee to help us make sure that we're getting
the structure, the participation, the funding, and the resources, in other words, that we need
to carry out the research. The LPRC Innovate Advisory Panel is now going to 30 major retailers
and a handful of our solution partners that are funding this effort and allowing us to bring on two more
researchers and one network technician or net tech. That group is helping us set the standards.
There'll be eight contact points for them. In other words, at Ignite and Impact. So we'll book
in the physical meeting for the LPRC Innovate Working Group, or excuse me, advisory panel with six teams call engagements in between.
And it's going to be the right people talking about the right things.
And then finally, Innovation Working Group, where I started, that's think about the brains and arms and the legs to make it happen with us.
And so that's a few of the working groups and some of the activities going on.
I want to remind everybody about Impact Conference coming up again the 3rd through the 5th of October.
I would hardly recommend if you're an LPRC member and you've got two free slots that you book those
people in, both the travel, hotel room, and register because we're getting some record
enrollment here and we do have a capacity.
We do have a limit, physical space limit. So with that, let me turn it over to Tony D'Onofrio. And Tony, if you could take it away. Thank you very much, Reed. And again, really great updates on
what's going on with the pandemic and also with LPRC. And I'm looking forward to impact. So let me start this week by summarizing a new article
that I am publishing this week where I asked a question very relevant to this group,
is retail crime out of control? This is actually part one of a two-part series because there was
so much data available. And I started by saying that last late last year sensational flash rob
pre-holiday events uh elevated the concerns of uh retail crime on black friday alone last year
a crew of eight people made off for four hundred dollars worth of sledgehammers crowbars and hammers
from the home depot in lakewood california A group ransacked a Bottega Venega boutique in Los Angeles,
and roughly 30 people swarmed the Best Buy near Minneapolis,
Grabby Electronics.
And what I said is in the era of social media,
these events led to some really riveting television.
And in fact, in the article, I played the flash for Rob and Louis Vuitton in San Francisco.
Since we're in the summer,
it's probably not too early to think about
what's gonna happen this holiday season.
So the questions that I try to answer
in these two articles are,
what's been the impact of the pandemic
on retail crime statistics?
How has violence patterns, how have violence
patterns evolved, what are the profile of the folks in the criminal wave, how will inflation
and the potential recession impact retail crime, and if indeed retail crime is out of
control, what do we do about it?
So I started out with a summary of some crime
statistics, the latest ones available. And I started actually with the RELA 2021 report that
was published late last year, where they summarized the following. Nearly $69 billion worth of products were stored in for retailers in 2019, which was pre-COVID.
USA retail crime results in over $125 billion in lost economic activity and nearly 660,000
fewer jobs, paying more than just over $39 billion in wages and benefits to workers.
Retail theft cost the federal and state government
nearly $15 billion in personal and business tax revenues,
not including the lost sales tax.
Nearly 67% of asset protection managers,
a leading retailer, surveyed the report,
a moderate to considerable increase
in organized retail crime and 80% believe it will get worse in the future.
And then academic research has suggested that most retail theft represent crimes of opportunity.
We talk a lot about that here at the LPRC.
In other words, people steal when it's easy to do.
Other causes include poor economic condition and dissatisfaction among workers.
However, professional criminals identify the availability of anonymous online marketplaces
as ways to easily fence goods and prosecution changes as being major factors contributing
to the growth of organized
retail crime. In fact, a growth in online marketplaces is highly correlated,
61%, to the number of shoplifting events reported last year. In
addition, those retailers most affected by shoplifting, those retail items or
categories most subject to shoplifting activities are also the ones
most sought through those online marketplaces. According to the National Retail Federation,
ORC costs retailers an average of $720,000 for every billion dollars in sales in 2020, which was up dramatically from 450,000
five years earlier. ORC highlights in the national retail survey, which I'm glad to see we're getting
an updated read by the LPRC, for the 2021, they corroborated a lot of the data that came out of RELA. And in the National Retail Security Survey, about 69% of retailers said they have seen an increase in ORC activity over the past year.
They cited reasons such as COVID, policing, changes in sanity guidelines, and growth in online marketplaces with increase in the ORC activity.
marketplaces with increase in the ORC activity. Retailers report these gangs are more aggressive and violent than in past years. 65% of respondents know the increase in violence, while 37%
said ORC and gangs were much more aggressive than in the past.
Let me now talk about briefly in terms of what happened with 2Crime during the pandemic.
The latest retail TAF survey from Hayes International concluded that in 2021, retailers moved away from apprehensions and focused more on recoveries.
Shoplifting apprehensions were down just over 16%, while overall shoplifting recoveries were up a near staggering 31%.
In the article itself, you'll see the actual case value for each type of incidents, and
as you will see, they were up dramatically.
On average, the amount of theft by an unchecked dishonest employee will increase by 58% each
month. Interesting to continue focus on technology
to combat theft and dramatic changes in investment and people resources between 2020 and 2021. And
there's a chart that I show with the actual percentages in the article. In the 2021 NRF
security service, retailers also reported new risks and threats are now a priority,
which include mall store violence, shootings, cyber violence, cyber related incidents, internal theft, gift card fraud and return fraud.
Plus, all those new services that expanded during the pandemic are now carrying more risk in terms of fraud.
Retailers reported the most significant increase in fraud from multi-channel sales like Bopas or
buy online pickup in stores with 39% indicating it is a concern in 2021 compared to 19% in 2020.
percent in 2020. In-store sales fraud dropped from 49 percent to 28 percent from 2020-21, while online-only sales fraud remained steady at 26 percent. Finally, in this section, I pointed
out that this is not a big chain issue. Fifty-four percent of small businesses owners said they experienced increased sharp lifting in 2021.
And let me end this part by talking about how violence changed and what's happening
with violence and retail crime.
So this ends the part one and there'll be more in part two.
As we briefly indicated in the data I just cited from the ORC, violence is increasing and it's an increasing factor with retail crime.
Some new data that was actually in the 2021 RILA survey, which was interesting,
86% said that ORC criminals had verbally threatened and associated with bodily harm.
Nearly 76% reported that organized retail criminals have physically assaulted an associate
and nearly 76% said that a criminal has threatened the use of a weapon against an associate.
And then additional data that actually appeared in D&D 2021 was another violent year in retail with incidents up 9% and fatalities up
14% from the previous year. There were 595 fatalities in retail in 2021, which was up 18%.
18% of those were suspects, 53% were customers, 26% were store associates, and 3% were law enforcement, loss prevention, and security.
Alarmingly, both customer and associated deaths were up 24% each in 2021 when compared to 2020. 50% of the retail fatalities were inside the mall
or a store, 45% were in the parking lot,
and 5% died off premises, which again,
reinforces the importance of all those zones
that we talked about at LPRC.
And incidentally, 2021 was a reversal from 2020
when parking lots had the highest number of fatalities.
And finally, just some conclusion in terms of what does this do to employees. So looking at
some employee surveys, 80% of workers experienced or witnessed hostile behavior from customers
when staff tried enforcing COVID-19 safety measures. 39% of workers were leaving or already left their job because of
concerns with hostility and harassment from customers. And this survey was conducted between
October 2020 and May 2021. Safety is a major critical ingredient to successful deploying retail models.
And the alternatives can be very costly on multiple levels.
Just recently, Starbucks announced that they will close 16 U.S. stores,
mostly on the West Coast, by the end of the year because of safety concerns.
And that's the end of part one.
And again, this data is important here at LPRC,
and we're working together to actually address a lot of it. And with. And I would say it's around the board,
both negative and positive. It's interesting how social media gives a lot of people a larger voice.
And when a topic becomes viral, if you will, there's a lot of conversation about it. And
I would say that there are some noise, and I call it noise because it's not necessarily from reputable sources.
It's from regular folks just talking about how they see a trend of more stores closing and how there needs to be more done.
So definitely a topic that keeps coming up.
And I think in general, what we're seeing is more of that on the social media piece.
I wanted to just cover a couple of risk topics, kind of updates on some things that we've spoke about before.
And before I get started with that, there was a study done.
VentureBeats actually talked about this study. It says 75% of IT security professionals say they don't get the support they need.
Interestingly enough, the study was not just about IT support professionals.
It actually refers to security professionals in general and how it opens up as many security leaders, both in the IT space and outside of the IT space, are struggling to get the support they need.
I would say that just based on reading it, it's heavily, heavily driven towards IT security. And while it doesn't give the mix of non-IT security professionals, it does say that it went around a myriad of other security professionals.
And interestingly enough, that above 75% number talks about their specifics in IT, but then 63% of participants talk about overall physical security and not getting the support they need.
overall physical security and not getting the support they need. And I think it's important that this isn't necessarily, when you read the report, a one
size fits all.
Some of it talks about financial backing, some of it talks about resources needed, and
some of it also talks about buy-in from executives.
Eighty-four percent of the folks in the study reported that they're experiencing identity related breaches and attacks
using stolen credentials from the previous year and that the executive teams don't necessarily
support it. I think this is something that we often talk about here at the LPRC is defining
you know what buy-in is and support and using the data to help do that to gather that and
the reason I bring this report up is because I know that in my past,
when I was using research reports,
there would be this anecdotal feedback of that IT would be a challenge or a bottleneck.
And a lot of times, again, personal experience,
it was more about having the information and understanding the resource allocation
than it actually being an IT bottleneck.
So I wanted to just give an update on two things that occurred.
Actually, one of them occurred when Ignite was going on.
So Log4j, one of really the largest zero-day vulnerabilities that has ever been exposed.
that has ever been exposed.
And just to give a kind of a brief update,
update and overview,
Log4j is a piece of code that's a part of Apache.
And it spans hundreds of thousands of different software platforms out there.
And there've been some recent reports talking about how,
and we did cover this on the podcast when it first
came out, how essentially it's here to stay, that it is such a large, overreaching part of
what's going on that, you know, this happened, gosh, I feel like eight months ago was when it
happened. But the, you know, U.S. government believes that this will go on for
more than a decade, that it will be there. And the reason being is because this Log4j,
short for logging for Java, is involved in so many software platforms out there, both large and
small, that it's nearly impossible to patch all of them. And you may, if you're in the business world or the personal world,
you may have seen notifications of software going end of life and requiring updates.
Not recommending, but actually hard requirements for updates.
A lot of them have to do with LOD4J taking that vulnerability out.
So if you're running an online store or certain software,
you'll see that this is not optional, that they're actually ending support. But there are so many softwares,
and the scary part here is software that isn't necessarily being supported anymore. Software
that you and I use every day could be on many different things that the company has either
stopped supporting or there was not a
plan to conditionally support. So this is something when we talk about some of these more advanced
zero days and zero days, just also as a reminder, doesn't mean that there was any nefarious action.
It just means that there was a vulnerability that was found that wasn't previously known. So this
happens quite often in this space, in the cybersecurity
space, where there's something that's occurred, that there's a vulnerability that's found that
was never seen before. And then generally speaking, you hear a large, mad dash to do updates. In this
case, because it's so widespread, it continues to be a challenge.
Another thing that we talked about here on the podcast was the T-Mobile breach,
which was all over the news then. It's a massive data breach. The individual that was
responsible for it actually went online and talked about it, boasted about it,
was handing out samples, claimed that when he first did the
breach that it was for fun and then realized that he could monetize it and tried to sell it.
And if you don't remember, it affected more than 76 million people in this breach with
a very out of personal information. T-Mobile has agreed to basically a class action suit for roughly $350 million.
The reports are kind of far and wide.
You see most are talking about $350 million.
There are some reports at $500 million.
I think it's important to note that some reports are in euros and some are in U.S. dollars.
So as I was reading the news in the last week or so, I'm noticing that. So you're see some uh pieces
in the eu although it was a predominantly u.s customer base that was here so that was something
that we i think broke on the podcast in real time same as live4j so we have the luxury of doing
these tuesday mornings so a lot of times we're right in the kind of mucks of it.
And we see a lot of things happening.
So Twitter has been in the news a lot for Elon Musk and fake accounts and stock up and
down.
Well, Twitter, there's a Twitter worker that's accused of spying for the Saudi Arabian
government, and he is in trial.
We'll keep an eye on that now that the trial has
started. We'll see where that goes to. But I think as we talk about social media and some of the
ethics and things around it, I think we'll continue to see kind of a change in what we do
with social media. I think as we're trying to regulate it, I think this is that
slippery slope of big tech and what regulation means or could potentially mean for free speech.
Just in quick updates on ransomware and phishing attacks, LinkedIn had a pretty significant phishing
attack that targeted employees managing Facebook ad accounts. So this is interesting.
Talk about ransomware and
phishing evolving we're much more targeted approaches where the phishing attempt is not
only tailored towards the person but after specific data so i think that's a really interesting one
also there's been a rash of instagram and uh social media influencer accounts being basically stolen for ransom.
People are trying to take them and get into them.
So, Tony Reid, if you don't have your two-factor set up and you're not using app-based two-factor, do it when we get off here because people are definitely coming after it.
I saw over the weekend multiple attempts on my social media accounts.
attempts on my social media accounts. And I happen to read about what there's a method to the size of account that people are looking for. And they're going after accounts with followers to try to
monetize the return of these accounts. North Korea hackers attacked the EU with a canony rat malware. So we're continuing to see what is believed to be
nation-state actor-backed groups attacking high-level organizations
in the Czech Republic, Poland, and other European countries.
We continue to see this.
This is an interesting kind of piece of the puzzle
because of the conflict in the Ukraine.
We're starting to see other nations aggressively attacking.
This happens all the time, but I think there's a huge, huge difference that, you know, I think there's just a big, big difference that we're starting to see.
And it's interesting to see what other countries are involved here and the attention they're getting from traditional media.
That could be just a circumstance of the unfortunate events in the Ukraine, or there could be the fact that there is an increase.
It's very hard with these type of attacks because while they're heavily promoted on media, when you look at the back channels, they seem to be somewhat similar as the amount of chatter about them.
I actually just mentioned a little bit about looking at my notes, the hackers stealing Instagram accounts. So there was also 5.4 million users related to Twitter that were hacked. And basically, the ransom for that is $30,000
to release all of them. So there's quite a bit of information about this. This is in line,
although I don't know that it's connected with the Instagram attempts. And this is a verified
leak, meaning that there is information that is verified.
This individual who is trying to sell it is giving samples.
I always try to get samples to look at what the data sets look like.
These are account and credentials.
So, again, if you have a social media account, regardless of what you use it for, it is free to put on two-factor authentication. And my recommendation would not to do SMS-based and for more app-based, which means you just download an app that's free, you link it to it, and that would require you to actually physically look at the code on the app.
While it's not foolproof, it's as close as you're probably going to get with what you have here.
And then I'll end with this, which is kind of some interesting news, although it's been
in the news for a few months now. There was a Google software engineer who talked about his AI
and how sentient, which is when the artificial intelligence has the ability to feel. This
caught a lot of attention even in mainstream media when this
engineer talked about how he was having a conversation with the AI and that it had feelings.
Google and a couple other AI individuals came back and said that not only was the information false, that it was wholly
unfounded and inaccurate. Months have gone by since this initial piece, and this engineer has
been fired. And this is Bloomberg, and really almost every major news has had some sort of
piece about it in the last week or so, because I think it was two weeks ago that he was fired.
And then what they had Google had said is they confirmed that the engineer was no longer with them and that it was wholly unfounded and that the information that shared was confidential to third parties.
But this begs to kind of bring, and this is for
everybody, including us here in asset protection, and it's reminiscent of, I think Reid and I,
it might have been 10 years ago, having conversations about facial recognition,
maybe even longer than that, and where regulation will go and what it means for all of us as we have
the adoption of really prolific technology, technology that just couldn't even be fathomed before with AI and machine learning today.
What does the future hold?
How do we regulate it?
How do we control it?
We're already seeing a substantial implementation of machine learning and AI in the security space and both in computer vision and cybersecurity and physical security.
We're also seeing that nefarious actors are using AI and machine learning to defeat some of the
things we're putting in place. And now when we get into this kind of, I say, next level of AI and
machine learning, what happens when machines really do make decisions on their own today.
And this is something that in the innovation working group, we're working on a roadmap
for integration.
And part of that will be some case studies that we're going to do with the group.
And one of them will be on AI and integration and kind of defining that the traditional
sense, artificial intelligence means a computer replicating human behavior.
So computer replicating human behavior.
At its core principle, that's what artificial intelligence is.
So ATMs are a form of AI.
Most computers that we use today have a form of AI taking that human behavior and just replicating it.
When we get into some of the advanced neural networks with
machine learning and you have decisioning happening, at this stage, most of what we're
seeing is machine learning where there's a predetermined algorithm that was obviously
written by a human that learns. But it learns in sequential, or I shouldn't say sequential,
it doesn't because it's not linear, but it learns based on what it's already been told. When we start to talk about this article, it really talks
about the next level AI. So I think in the next three to five years, we're going to continue to
see a huge adoption in our space specifically. And with that, I believe that we'll see some
regulation or at least attempts in regulation, just as we did with facial recognition and some of
the other technologies out there. And with that, I will turn it back over to Reid.
All right. Thanks so much, Tom. And thanks, Tony, for all the information. And I too,
as you know, have been looking at, or our team has been looking at the value exchange component of any type of data collection.
What's the value that someone might exchange? And here, in other words, we've talked about
privacy really is a very complex and very interesting, flexible concept, you know,
construct and that everybody's sense of privacy changes. And we talked about at the beginning,
heterogeneity and evolution. So
we all the same thing. Well, I feel like this could be an intrusion of my privacy if they
collect information when I buy something on the internet or go through the, use my RFID
transponder to go to a toll booth to speed up my travel or make it more convenient and things like
that. So, you know, it's an interesting conversation. But again, we go back
to our baseline at LPRC that we're here first and foremost to safeguard vulnerable people and places
and work outwardly, not trampling on anybody's sense of privacy or concerns because they're
there, they're real, but they are transitory and they are transactional. And so how do we balance that?
And is there good research? And I saw online that the British have this ICO, which is their
information group. And what they're looking at is they're going to come out with rules,
but retailers in the UK are starting, just like pubs, public houses to deploy,
in the UK are starting, just like pubs, public houses, to deploy, leverage their existing camera structure, maybe add a few extra, and put in individuals that have started fights, that have
stolen, that have threatened, and so on, so that that individual is approaching their location or
entering that they have a heads up, and they can now make the decision. And so you see already
online, well, wait a minute, what's different than if you have a bouncer standing there or
security guard and the camera's doing it? And so I think the big difference is that in our opinion
right now, that if the technology says, hey, I think this person you're interested in may be
approaching or entering, that manager can now make the decision.
If it's a security guard or a bouncer, they may make their own decision.
It may not be as measured.
It may actually include more rather than less bias.
And Dr. Lowe, Corey on our team, has been conducting a lot of facial recognition research,
research and he's comparing, allowing the technology to detect Asian, African-American,
Caucasian, Hispanic, different types of male and female faces and seeing how well the technology performs in matching, feature matching compared to expert users. In other words, loss prevention
or asset protection people, particularly executives
that have got a lot of field experience to see. Because part of this, I think, equation two is
who's using the technology. Again, if it's a radiologist, a trained physician who's been to
all types of residency and fellowship and on-the-job training, they miss things and they miss things all the time or make the wrong call
on looking at slides and video and imagery that they're trained to look at as top-notch radiologists.
The AI technology now is helping them. The computer vision spot items and objects or lesions,
potential lesions and things like that. It's not making the decision. It's not rushing anybody into surgery, but it's saying to the doc, hey, hey doc, the physician, now here's what you need
to look at, or you might want to take another look or take another angle or take another
picture of this. And that's saving lives and it's speeding up the process. And I think the same
thing in life safety with what we're dealing with in reducing
aggression and violence and theft and fraud in these places, these gathering places called stores
and malls is, hey, this technology might spot somebody that's victimizing that place,
has victimized it before or victimized a related place. And so that the manager can now make the
call just like the physician
makes the call that the technology is not arresting anybody or causing anything other than,
Hey, take a second look or check this out so that that manager might lock the door,
maybe save somebody's life. So, um, we'll, we'll keep moving, but it's, you know, I can see all,
all sides, but we're just going to err a little bit on the life safety here as part of our research.
And we'll let others make the call on sort of ethics and data security.
Those are not our area of expertise, and they're both just as critical as what we're trying to do with life safety.
So thanks, Tom, for generating that and Tony for talking about some of the aggression.
And I'll end real quickly. We just got approved by the Institutional Review Board II for Behavioral Social Science
at UF for a store worker aggression and violence exposure study. And that's where we're going to
be looking at U.S. random samples of individuals that currently or recently worked in a storm environment
and then get their related experience with any type of aggression or ongoing theft, any type
of disruption and dishonesty in that workplace and get an idea how it affected them psychologically
and or physically and their perceptions of that place as a good place to work and shop
and so forth. So stay tuned on that, as well as
some of the aggressive street behavior exercised by people that might happen to be homeless.
Another critical issue that we're trying to understand, how do we work together?
How do we do things the right way? Do it gently, but at the same time, safeguard people's lives
and property and their psychological well-being. So a lot to look at, a lot to work on.
We're just trying to remain objective and leverage the scientific method wherever we can. So
everybody stay safe, stay connected. Check out lpresearch.org and let us know what you need or
want to hear about or better ways we can do things. Thanks, everybody.
Thanks for listening to the Crime Science Podcast presented by the Loss Prevention Research Council. about or better ways that we can do things. Thanks, everybody. legal, financial, or other advice. Views expressed by guests of the Crime Science Podcast are those
of the authors and do not reflect the opinions or positions of the Loss Prevention Research Council.