Pages

16 February 2024

The Hidden Injustice of Cyberattacks

Nicole Tisdale

Talk about the promise and the peril of artificial intelligence is everywhere these days. But for many low-income families, communities of color, military veterans, people with disabilities, and immigrant communities, AI is a back-burner issue. Their day-to-day worries revolve around taking care of their health, navigating the economy, seeking educational opportunities, and upholding democracy. But their worries are also being amplified through advanced, persistent, and targeted cyberattacks.

Cyber operations are relentless, growing in scale, and exacerbate existing inequalities in health care, economic opportunities, education access, and democratic participation. And when these pillars of society become unstable, the consequences ripple through national and global communities. Collectively, cyberattacks have severe and long-term impacts on communities already on the margins of society. These attacks are not just a technological concern—they represent a growing civil rights crisis, disproportionately dismantling the safety and security for vulnerable groups and reinforcing systemic barriers of racism and classism. The United States currently lacks an assertive response to deter the continued weaponization of cyber operations and to secure digital access, equity, participation, and safety for marginalized communities.

Health Care

Cyberattacks on hospitals and health care organizations more than doubled in 2023, impacting over 39 million people in the first half of 2023. A late-November cyberattack at the Hillcrest Medical Center in Tulsa, Oklahoma, led to a system-wide shutdown, causing ambulances to reroute and life-saving surgeries to be canceled. These attacks impact patients' reliance and trust in health care systems, which may make them more hesitant to seek care, further endangering the health and safety of already vulnerable populations.

The scale and prevalence of these attacks weaken public trust—especially among communities of color who already have deep-rooted fears about our health care systems. The now-condemned Untreated Syphilis Study at Tuskegee, where researchers denied treatment to Black men without their knowledge or consent in order to observe the disease’s long-term effects, only ended 52 years ago. However, the study created a legacy of suspicion and mistrust of the medical community that continues today, leading to a decrease in the life expectancy of Black men and lower participation in medical research among Black Americans. The compounding fact that Black women are three to four times more likely, and American Indian and Alaska Native women are two times more likely, to die from pregnancy-related causes than White women only adds to mistrust.

Erosion of trust also extends to low-income people. Over a million young patients at Lurie Children's Surgical Foundation in Chicago had their names, Social Security numbers, and dates of birth exposed in an August 2023 breach. The hospital treats more children insured by Medicaid—an economic hardship indicator—than any other hospital in Illinois. Once breached, a child’s personal data could be used to commit identity fraud, which severely damages credit, jeopardizes education financial aid, and denies employment opportunities. While difficult for anyone, children from financially insecure households are least equipped to absorb or overcome these economic setbacks.

Economic Opportunity

Identity theft is not the only way cyberattacks exploit hard times. Cyberattacks also go after financially vulnerable individuals—and they are getting more sophisticated. In Maryland, hackers targeted Electronic Benefits Transfer cards—used to provide public assistance funds for food—to steal more than $2 million in 2022 and the first months of 2023. That’s an increase of more than 2,100 percent compared to the $90,000 of EBT funds stolen in 2021. Maryland’s income limit to qualify for the government’s food assistance program is $39,000 for a family of four in 2024, and only if they have less than $2,001 in their bank account. Unlike a credit card, which legally protects against fraudulent charges, EBT cards don’t have fraud protections. Efforts to help the victims are riddled with red tape: reimbursements are capped at two months of stolen benefits, and only within a specific time period.

Cybercriminals also target vulnerable populations, especially within older age groups. Since the last reporting in 2019, 40 percent of Asian Pacific Islander Desi Americans (APIDAs) aged 50 and older have reported experiencing financial fraud, with one-third of those victims losing an average of $15,000. From 2018 through 2023, Chinese Embassy Scam robocalls delivered automated messages and combined caller ID spoofing, a method where scammers disguise their phone display information, targeting Chinese immigrant communities. This resulted in more than 350 victims across 27 US states and financial losses averaging $164,000 per victim for a total of $40 million. And for five years, this scam just kept going. As these scams evolve, groups now face increasingly sophisticated AI-assisted calls, where scammers use technology to convincingly mimic loved ones' voices, further exploiting vulnerabilities, particularly among older adults—many of whom live on fixed incomes or live with economic insecurity.

While social movements have fought to promote economic equity, cybercriminals undermine these efforts by exacerbating financial vulnerabilities. From the 1960s La Causa movement advocating for migrant worker rights to the Poor People’s Campaign mobilizing across racial lines, activists have worked to dismantle systemic barriers, end poverty, and push for fair wages. Current attacks on financial systems, however, often target the very groups these movements aim to empower—perpetuating the disparities that advocates have fought against. Digital scams and fraud incidents disproportionately impact those least equipped to recover—including natural disaster victims, people with disabilities, older adults, young adults, military veterans, immigrant communities, and lower-income families. By stealing essential resources, cybercriminals compound hardships for those already struggling to make ends meet or those experiencing some of the worst hardships of their lives—pushing groups deeper into the margins.

Education Access

Education is another area where cybercrime has soared. One of the worst hacks of 2023 exploited a flaw in a file transfer software called MOVEit that multiple government entities, nonprofits, and other organizations use to manage data across systems. This includes the National Student Clearinghouse, which serves 3,600 colleges, representing 97 percent of college students in the US, to provide verification information to academic institutions, student loan providers, and employers.

Attacks on educational systems are devastating at all levels. A top target for ransomware attacks last year was K-12 schools. While the complete data is not available yet, by August 2023 ransomware attacks (where hackers lock an organization’s data and demand payment for its release) hit at least 48 US school districts—three more than in all of 2022. Schools already have limited resources, and cybersecurity can be expensive, so many have few defenses against sophisticated cyberattacks.

The data compromised in attacks against educational institutions includes identifying information and deeply sensitive student records, such as incidents of sexual abuse, mental health records, and reports of abusive parents. This information can affect future opportunities, college admissions, employment, and the mental health of students. The impacts are especially magnified for students from marginalized backgrounds, who already face discrimination in academic and employment opportunities. In 1954, the US Supreme Court struck down segregated public schools as unconstitutional in Brown v. Board of Education to address disparities based on race, but today’s threats to equitable and accessible education are being jeopardized through digital attacks.

Democratic Participation

Another foundational pillar of our civil rights is also under attack: democracy itself. Since 2016, foreign state actors and state-linked criminals have increasingly used sophisticated cyber operations to suppress minority democratic participation worldwide. The early warnings for the 2024 global elections are clear: Influence and disinformation threats will likely escalate—now enabled by AI-powered cyber operations. Unlike humans, AI systems have few limitations—they can spread disinformation and divisive content to a vast, multilingual, global audience across countless mediums, simultaneously and without rest. Worse, they can do so in an individualized, highly targeted manner.

The undermining of democracy is also more insidious, less about pushing communities toward a specific candidate than sowing distrust in the system itself—which leads fewer people to vote and otherwise suppresses civic participation. The concentration of these attacks on racial and ethnic minority groups means communities of color, who historically have not been in positions of power, will remain marginalized and disenfranchised. Consider a 2022 cyberattack on Mississippi’s election information website on that year’s Election Day—a significant event in a state without modern early voting options. The 2022 elections included crucial midterm elections that decided congressional representation, and Mississippi has the second-highest Black population (39.2 percent) in the US, behind only the District of Columbia—a jurisdiction without voting rights in Congress. The disruption also extended to state judicial elections, where most judges are elected in a single day, due to a lack of judicial primaries. In Mississippi, 11 percent of adults and 16 percent of Black voters could not cast a ballot because of past felony convictions. With the compounded challenges in Mississippi—no early voting, no judicial primaries, and the high rate of disenfranchisement—coupled with the opportunity of a pivotal Black voting bloc, access to voting information is imperative for those who can vote.

Weaponizing cyber operations for any form of voter suppression leaves marginalized groups further aggrieved and isolated. Worse, it takes away our only ability to address systemic inequities in wealth, health, and education: democratic participation.

These compounding problems require a new perspective on cyberattacks that looks beyond lost dollars, breached files, or doomsday debates over generative AI tools like ChatGPT or artificial general intelligence. Marginalized communities are suffering now and civil rights advocates cannot take on these burdens alone. To quote civil rights icon Fannie Lou Hamer, “The only thing we can do is work together.” Cybersecurity analysts, developers, journalists, researchers, and policymakers ​​must incorporate civil rights into our work by building inclusive defenses, understanding demographic trends in cyber attacks, deterring misuse of AI, and utilizing diverse teams.

Cyber operations are being used to attack the foundation of civil rights, democracy, and dignity around the world, and that is a problem that affects everyone.



No comments:

Post a Comment