.svg){kind=logo}
.jpg)
April 18, 2024
April 18, 2024
[Editor’s note: Mission North regularly conducts “Ask Me Anything” sessions with technology leaders, journalists and other industry stakeholders. The following blog is based on a recent AMA with Backchannel founder and security researcher Aaron DeVera. Included above is an avatar from the social simulation video game 'Animal Crossing,' which Aaron has shared with Mission North for this interview.]
Amid a rapidly evolving cybersecurity threat landscape, security researchers are on the frontlines in analyzing both the vulnerabilities and the black hats behind the keyboard. Aaron DeVera, founder of adversary intelligence firm Backchannel, also focuses on the impact cybersecurity has on individuals, whether within the industry, businesses, or consumers.
Instead of pursuing technology (or network security) for financial gain, Aaron told us recently, “I interpret cyber rather personally because we are so dependent on technology, and the security of the tech around us is a human issue.”
Mission North was thrilled to catch up with Aaron, as our agency has a thriving Trust Practice, which is passionate about DEI initiatives across the space, and partners with leading cyber firms to drive compelling, innovative and inclusive messaging. We help our clients and cyber and general business reporters quickly get to the crux of current and imminent security issues.
Aaron shared their insights with us on “ethical hacking” and outlined other web-based social justice initiatives, and the larger strides that need to be taken to make the cybersecurity industry more inclusive.
Understanding the ‘Who’ Behind a Breach
We kicked off our conversation by reviewing Aaron’s background and how they came to found Backchannel, along with their extensive cybersecurity efforts in the New York City tech scene.
As Backchannel’s founder, much of what Aaron aims to accomplish is accurate attribution, in other words, obtaining a better sense of who exactly is carrying out nefarious activity online. Aaron says the firm is developing a platform that will automate many of the “pains of attribution,” which requires “a lot of data and for stakeholders to understand” what information is held on specific threat actors, and why.
That’s not where Aaron’s security contributions end, however; in fact, it’s far from it.
Helping At-Risk Groups As the Tech Industry Focuses More on Human Issues, Ethics
Aaron is also the founder of a tech activist collective called Cabal, which is now over 100 members strong. The collective develops projects—from security assessments for at-risk groups to monitoring pervasive online threats—that help “advance values of online consent, privacy, equity and liberty.”
While they have seen scores of people join the tech industry because of its seismic growth and financial benefits, those moves often weren’t accompanied by a desire to address IT’s related human and ethical issues, Aaron told us. Still, “that’s come to a head in the past five years and more people are aware of tech’s impact,” they added.
For instance, the security expert noted that artificial intelligence is a quality example of this heel-turn. Ethical concerns about AI have been widely publicized and there is now a call for more diverse teams to both advance (and scrutinize) the technology’s capabilities.
<split-lines>"For a while, I’ve helped survivors of sexual abuse secure their devices, because oftentimes, there is a tech angle to the abuse they’re experiencing."<split-lines>
NYC Task Force, Spyware and Forum Scraping
The concept of ethical hacking—essentially uncovering a security workaround to proactively detect vulnerabilities, breaches or other nefarious activity—has taken on immense importance in recent years.
In addition to Aaron’s work with Backchannel, and their previous experience with HUMAN (formerly White Ops), which fights bots, fraud and account abuse, Aaron is also a member of the New York Cyber Sexual Abuse Taskforce. It’s a coalition of legal and non-legal professionals, survivors and others “committed to fighting cyber sexual abuse in all its forms.”
“For a while, I’ve helped survivors of sexual abuse secure their devices, because oftentimes, there is a tech angle to the abuse they’re experiencing,” Aaron told us.
Aaron called out the rising spyware manufacturing industry, specifically, where commercialized products have infiltrated app stores and smartphones and have become exceedingly easy to obtain and deploy, typically to snoop on other people.
Aaron noted that the privacy of children and their devices “has also come to a head lately.” That’s due in part to the off-the-shelf and ready-to-download nature of the spyware products, which require little training.
To help hinder the use of these tools for harm, Aaron is taking a unique approach: applying learnings “in a one-to-one setting” and making it “personal rather than company-driven.” Aaron is working to secure individuals’ devices and to understand users’ online presence so that these same end-users can then be more confident in their security footprints.
In recent years, and through different affiliations, Aaron has discovered and helped to mitigate a number of related incidents: including one involving tens of thousands of personal Tinder images being traded on a malicious software site. Aaron also uncovered a post on a hacking forum where a member illicitly shared a Google Drive full of adult-themed OnlyFans content.
To counteract this type of malicious activity, Aaron noted, the broader research community is employing novel and/or other proven tactics—including scraping forums, chat rooms and other web activities. Such efforts, they told us, may prevent the non-consensual sharing of personal, sensitive or explicit content.
<split-lines>"When all groups get lumped together into a single initiative, you lose out on the specific stories and voices that deserve their own time and place."<split-lines>
Making Cybersecurity More Inclusive
In the past, the hacker community has been accused of not equitably including women, LGBTQ individuals, and other groups. Awareness around this issue is now growing, although plenty of inclusivity outreach remains to be done.
“We started Cabal because we didn’t feel safe in hacker groups in New York City,” Aaron said. “Everyone who doesn’t feel comfortable within these traditional dynamics wants to take matters into their own hands.”
Aaron, who identifies as non-binary, added that they often get “tacked onto ‘women in tech’-type” meetings and other events.
“We’ve come far enough where there should be dedicated groups, like Employee Resource Groups (ERGs) within companies,” Aaron said. “These groups need to feel like they have a specific role and seat at the table, which is not just an aggregation of DEI [diversity, equity and inclusion]. When all groups get lumped together into a single initiative, you lose out on the specific stories and voices that deserve their own time and place.”
Luckily, Aaron confirmed, there has been progress within many cyber-circles. Along with peers’ and their own tech activism, broader efforts to diversify the cyber workforce are underway. Part of that engagement involves reaching a wider and younger demographic, including elementary school-age children. Here too, the takeaway is that the work continues.
