The perceived trustworthiness of an inmate’s face may determine the severity of the sentence he receives, according to new research using photos and sentencing data for inmates in the state of Florida. The research, published in Psychological Science, a journal of the Association for Psychological Science, reveals that inmates whose faces were rated as low in trustworthiness by independent observers were more likely to have received the death sentence than inmates whose faces were perceived as more trustworthy, even when the inmates were later exonerated of the crime.
“The American justice system is built on the idea that it is blind to all but the objective facts, as exemplified by the great lengths we go to make sure that jurors enter the courts unbiased and are protected from outside influences during their service. Of course, this ideal does not always match reality,” say psychological scientists John Paul Wilson and Nicholas Rule of the University of Toronto, co-authors on the study.
“Here, we’ve shown that facial biases unfortunately leak into what should be the most reflective and careful decision that juries and judges can make — whether to execute someone.”
Previous research had documented a bias against faces perceived as untrustworthy, but much of the research had relied on study participants contemplating criminal verdicts hypothetically. Wilson and Rule were interested in knowing whether this bias extended beyond the lab to a very real, and consequential, decision: whether to sentence someone to life in prison or to death.
The researchers capitalized on the fact that the state of Florida maintains a comprehensive database of photos of all its inmates; Florida is also one of the states that still regularly delivers death sentences.
The researchers obtained photos of 371 male inmates on death row in Florida — 226 of the inmates were white, 145 were black, and all were convicted of first-degree murder. They converted the photos to gray scale to minimize any variations in the images and asked an online panel of 208 American adults to look at the photos and rate them on trustworthiness using a scale from 1 (not at all trustworthy) to 8 (very trustworthy). The raters also evaluated photos of age- and race-matched inmates who had also been convicted of first-degree murder but received a sentence of life in prison instead of death. Importantly, the raters did not know what sentence an inmate had received, or even that the photos depicted inmates.
Wilson and Rule found that inmates who had received the death sentence tended to be perceived as less trustworthy than those sentenced to life in prison; in fact, their analyses showed that the less trustworthy a face was deemed, the more likely it was that the inmate received the death sentence.
This association remained even after the researchers took various other factors — such as facial maturity, attractiveness, and the width-to-height ratio of the face — into account.
The researchers point out that the inmates in the two groups had committed crimes that were technically equally severe, and neither sentence would have allowed for the inmates to return to society — as such, the motivation to protect society could not explain the harsher punishment doled out to the less trustworthy looking individuals.
“Any effect of facial trustworthiness, then, seems like it would have to come from a premium in wanting to punish people who simply look less trustworthy,” they explain.
More striking, a follow-up study showed that the link between perceived trustworthiness and sentencing emerged even when participants rated photos of inmates who had been sentenced but who were actually innocent and were later exonerated.
“This finding shows that these effects aren’t just due to more odious criminals advertising their malice through their faces but, rather, suggests that these really are biases that might mislead people independent of any potential kernels of truth,” say Wilson and Rule.
The research ultimately shows just how powerful appearances can be in guiding judgment and decision making, influencing outcomes in situations that are literally a matter of life and death.
“In a few states, like Florida, it only takes a majority of jurors to sentence someone to death. In Alabama, judges even have the power to override juries that choose a life sentence by unilaterally replacing that sentence with the death penalty, which actually happens with some regularity,” the researchers note.
“We think it is critical that people know and understand that these biases exist, else they might not have the presence of mind to police their thoughts and overcome them,” they add. “Every jury-eligible citizen is subject to participating in the process of delivering justice to others, meaning that the majority of people have a stake in better understanding how peripheral information like facial appearance can bias their ability to perform their civic duty.”
**
This research was funded by the Social Sciences and Humanities Research Council of Canada.
All data and materials have been made publicly available via Open Science Framework and can be accessed at https://osf.io/54skn/files/
Crimes of opportunity lead the average hacker to valuable data. 
By: Steve SnelgroveYou might think hackers selectively pick each business they hack. While this may be true in high profile or hacktivism cases, I estimate 90% of hacking is done based on a system’s general lack of security. Hackers don’t think, “Today I’m going to hack Acme Hardware across the street.” They scan for the most vulnerable system and start digging.To defend against attacks, it is important to understand that hackers have different motivations and capabilities.The Opportunist Hacker
Brute forcingSomewhat less effective, but still pervasive, are brute force attacks. In these attacks, attackers control an army of computers infected with malware (known as botnets or zombie computers). The attacker is able to control this network of computers, and these do the attacker’s dirty work for them.The attacker uses botnets to access systems by guessing usernames and passwords in millions of combinations until the right combination is guessed. It’s not very effective. But, as my dad always said, “even a blind squirrel will find a nut every once and a while.”Hackers use botnets so each hack attempt is nearly impossible to trace back to the actual hacker.
How do I defend against this attack?The two best ways to avoid this attack is by monitoring your logs and regularly creating new passwords.If a botnet tries to access your system through a brute force attack, your logs should record these actions. If your logs record 1,000’s of failed login attempts on your system, you’re probably being attacked.The reason brute force attacks work so well is because millions of user credentials (usernames and passwords) have been dumped online in publicly available lists. Password lists are effective because the majority of people do not change their passwords, and use the same passwords on multiple sites/systems. To avoid this attack, change your personal and business passwords every 90 days, and never reuse passwords.SEE ALSO: Vendor-Supplied Defaults Are A Serious ThreatHackers have different motivations and capabilities. But these are their main methods.
TweetWhat do hackers do after they get into a system?Now the hacker starts prospecting. Remember, before this point the hacker still doesn’t know if he’s hacked a business or a personal computer. Now, he looks for evidence that the system is doing commerce, which means credit cards, healthcare information, or other valuable data might be present. To find this data, he starts running keyword searches on the file systems and memory of the system.For example, if his keyword searches discover that the system he’s hacked is a Micros system, he knows he has gained access to a business that accepts credit cards. (Micros is a point of sale software used by many restaurants and hotels.) He will probably try Micros default passwords to try to get into their server and thus expand the range of the attack.Install malwareIf the hacker is successful in breaching the point of sale system, he can possibly install malware. The whole point of malware is to gain access to valuable and sensitive information, such as credit card numbers, early on in the data processing stream, and attempt to divert this sensitive information so cybercriminals can reproduce cards or sell the stolen data on the black market.Depending on the malware installed, every single customer credit card transaction made on that computer (and perhaps on the entire network) could be at risk.PivotBy now, the hacker in this scenario has probably filtered through enough company data to realize who he’s hacked.Perhaps the hacker has managed to attack and gain access to a national business with a chain of stores. If he finds remnant data on the system that includes the IP addresses of other chain locations, that chain will be in some serious trouble as these chain locations may have less security measures in place, and access to these associated networks could provide valuable information to the attacker.Remnant data left on systems does occur in real world examples. In a forensic investigation my colleague David Ellis conducted, a point-of-sale equipment installer left a partial client list on each and every point-of-sale system he had installed during that year. Some 28 businesses were hacked because of the poor security awareness of that careless installer.Leave no traceAt this point, it’s time for the hacker to get out of the hacked system. Most hackers cover their tracks to avoid detection. They encrypt card data before transferring it out of a system, erase or modify security logs, and run malware from RAM instead of the hard drive, which often goes undetected by most anti-virus software.SEE ALSO: Hacking Trends of 2014Hackers don’t care who you are. They just care how rich you can make them.Read about 5 commonly overlooked security errors for tips to avoid being attacked.Steven Snelgrove (CISSP) has been a Security Analyst at SecurityMetrics for over 7 years. Since 1980, Snelgrove has worked in the computer and telecommunications industry, and has familiarity with programming, software engineering, and network security. His current responsibilities includes the manual assessment of web applications and corporate networks, conducting ethical hacking to analyze security architecture, and consulting with organizations to help remediate issues. Snelgrove received a degree in Computer Science from Brigham Young University, and holds a CISSP (Certified Information Systems Security Professional) certification.