Rowe, Neil C., and Julian Rrushi. Introduction to Cyberdeception (Springer, 2016).
Michael Russo, Clemson University
(December 15, 2017)
Suppose you are a criminal investigator interrogating a suspect. If you have reason to believe that your suspect is attempting to deceive you, then you will be on the lookout for certain telltale signs of a liar: vagueness, contradiction, hyperbole. Face-to-face, these marks of deception appear like a stain on a new shirt or like broccoli caught in the teeth. To your trained eye, the clues are impossible to ignore: sweaty palms, nervous fidgeting, lack of eye contact (it’s all too easy now, Detective Briscoe). If your suspect had watched more Law & Order, if she had learned to avoid the obvious missteps, she would perhaps have some chance at getting away with her deceptions.
Now suppose you are an investigator of cybercrime, looking for clues across digital space. Online avatars don’t fidget. Operating systems don’t have eyes (at least, not yet). The limited number of clues in cyberspace make it that much easier for criminals to deceive you. Yet according to Neil C. Rowe and Julian Rrushi, in their book, Introduction to Cyberdeception (2016), many of the traditional methods used to detect face-to-face lies remain applicable in online worlds. Such methods can be used to detect online scammers, suspicious algorithms, and shady software. Consider the Nigerian spammer who sends bulk emails replete with superfluous information, unexpected complications, incoherent logics. This sort of amateurish deception is generally easy to detect.
So how is it that acts of deception graduate from amateurish to professional? How is it that we are so often fooled into giving up our credit card numbers? How is it that humans and machines come together in a conspiracy to mislead us through lying? Introduction to Cyberdeception draws on a broad range of scholarship in effort to answer these difficult questions. Given Professor Rowe’s appointment at Naval Postgraduate School—where he researches and teaches techniques in cyberwarfare and cyberweaponry—it is unsurprising that large portions of this book are dedicated to the arts of military deception. In warfare, whether online or off, deception is an accepted practice essential to both offensive and defensive strategies. Implementing the work of previous military thinkers like Fowler and Nesbit—and paying respect to material efforts scratched out in digital trenches—the authors of Introduction to Cyberdeception offer a handbook of military-grade deception techniques for anyone interested in cyber-subterfuge.
Yet if this handbook included only military stratagems, it would fall woefully short of its purpose to protect and serve (a point to which the authors concede). The argument would be too myopic, too praetorian. In order to thoroughly tease out the myriad complexities involved in cyberdeception, Rowe and Rrushi discuss not just military tactics, but also the principles and practices of great orators, psychologists, stage magicians, and marketers. The taxonomies they develop overlap in fascinating ways, especially if you’re a scholar of digital rhetorics or the digital humanities. Placing the cyberattacker on the same stage as the sleight-of-hand magician, the marketer, and the rhetorician is a bold and fascinating gesture that shines limelight upon these actors’ inconspicuous similarities. As the authors are right to remind us, at the heart of every great lie is an entertaining narrative. Cyberspace might be its own world, but the roles we play in that world are analogous to the roles we play in any other story. Cyber-illusions are tied to the motivations of online avatars much as the way deceitful action is tied to the motivations of Shakespearean villains. This suggests that cyberdeception is much more effective when made elegant through humanistic practice.
In Rowe and Rrushi, deception is treated as an art form— as “techne,” even if the authors never use that term. Introduction to Cyberdeception focuses on the art of “negative persuasion,” persuading humans and machines not to do something, as when we want to persuade cyberattackers not to attack us (10). In this textbook on advanced security practices, chapters function as a sort of rhetorical topoi from which both the theorizer and practitioner of humanistic programming can construct effective arguments: of fakes, of delays, of camouflage, of false excuses. The dark arts of cyberdeception are presented in a clear, straightforward manner, with infrequent recourse to mathematics or morality. Cyberdeception is depicted as an amoral craft that can be performed in ways that either support or undermine the social contract. Additionally, and perhaps most interestingly, cyberdeception can be performed by either humans or machines, by way of spoken language or code.
When Rowe and Rrushi argue that software and cybersystems should be programmed to lie and cheat, they do so in a way that recalls Plato’s noble lie of the Republic. Just as Plato asserts that lying, deceit, and trickery are justified so long as deceptive practices are used for ends that are advantageous to the demos, Rowe and Rrushi assert that algorithmic lies are justified so long as they serve some public good. Great sections of the book are dedicated not only to defensive techniques, but also to offensive deception. In the battle against hackers and viruses, Introduction to Cyberdeception is an attempt to legitimate the building of duplicitous cybersystems in effort to confuse or exacerbate would-be attackers. The arguments presented here are matters of utility: decoy webservers and phantom I/O devices can be used to detect and remove malware before it does any damage to a host system; simulated electoral power plants and mirage architectures can be used to prevent espionage, extortion, or sabotage; strategically coded honeypots can be programmed to lure and catch lawbreakers. Weaponized cyberdeception is considered both useful and necessary in a world in a world where lying is already an accepted business practice. (Recall that Rowe teaches cybersecurity at the same university which graduated the Director of the National Counterterrorism Center, the Vice Director of the Defense Information Systems Agency, and Deputy Director of Operations for U.S. Cyber Command).
For those who buy this utilitarian argument, or for those merely frightened into reading and who now plan to program counter-deceptive techniques into their own software, this book is not without schematics, example code, and design details. Even though the publisher promises a “minimal use of programming details and mathematics,” at times the text is difficult to penetrate, almost incomprehensible to a hobby programmer. Nevertheless, the technical jargon is an easy enough obstacle to overcome—for the payoff is worth it. Introduction to Cyberdeception is essential reading to anyone wishing to better understand the dishonest nature of the internet and the manipulative practices of those who wish to mislead in digital spaces.
Students and scholars in the digital humanities, especially those interested in ethical implications of code, will find much to love about Rowe and Rrushi’s wide-ranging study on deception in the digital age. Accepting the authors’ claim that “deception is a kind of persuasion [that] differs from other methods of persuasion in that it attempts to manipulate a deceivee without their complete knowledge of facts and motives” (10), it almost seems foolish to enter digital space without at least a cursory understanding of the methods outlined in this book. Rhetorical motive, for better or worse, has always been associated with lies and trickery. To be attentive to the techne of cyberdeception is to be better prepared navigate an internet of fraudsters, counterfeiters, and crooks. It is also to learn how to be on the winning side of a cyberwar, and hopefully to practice deception in a way that is advantageous to both self and other, the programmer and programmed, the ally and enemy. The hard truth of Introduction to Cyberdeception is hostile and subversive: if you want to survive on the internet, then you better teach your computer to lie.