Deepfakes and the War on Truth with Bogdan Botezatu
Listen and follow along
Transcript
This episode is brought to you by 20th Century Studios' new film, Springsteen, Deliver Me from Nowhere.
Don't miss the movie critics are raving is the real deal, an intelligent, deliberate-paced journey into the soul of an artist.
Scott Cooper, director of the Academy Award-winning movie Crazy Heart, brings you the story of the most pivotal chapter in the life of an icon, Springsteen, Deliver Me from Nowhere.
Only in theaters, October 24th.
Get your tickets now.
This episode is brought to you by Progressive, where where drivers who save by switching save nearly $750 on average.
Plus, auto customers qualify for an average of seven discounts.
Quote now at progressive.com to see if you could save.
Progressive Casualty Insurance Company and affiliates national average 12-month savings of $744 by new customers surveyed who saved with Progressive between June 2022 and May 2023.
Potential savings will vary.
Discounts not available in all states and situations.
Chuck, I didn't know we were going to do a show on the end of the world.
Yeah, it's coming.
It's coming.
It's coming.
With the help of like AI and cybercrime and deep fakes and what hath we wrought upon ourselves?
Yeah, well, guess what?
Frankenstein's monster.
It's looking pretty tame.
Looking pretty tame.
Bring back Frankenstein.
Frankenstein, baby.
Coming up, an exploration of how we're going to go to hell in a handbasket on Star Talk.
Welcome to Star Talk,
your place in the universe where science and pop culture collide.
Star Talk begins right now.
This is Star Talk.
Special Edition.
Today, we're going to talk about scams in the age of AI.
That it's special edition means we've got Gary O'Reilly.
Gary, how you doing, man?
I'm good.
All right.
Chuck Nice.
I am Chuck Nice and not an AI version of Chuck Nice.
AI imitates you better than you faking it.
Exactly.
Yeah, exactly.
So, Gary,
this topic is way overdue.
Oh, for sure.
Or maybe it's exactly when we need it.
Yeah.
Take us in.
I suppose scams, if you think of it, have been with us since people started to use money.
Oh, even before that, yeah.
You know, you can rest assured that before there was a system of currency, somebody was just like,
So
that's an interesting bushel of wheat you have there.
Take it.
People barter scam, yeah, a little barter scam.
You know what I mean?
As a matter of fact,
one of our most beloved childhood fairy tales is about a guy who trades the family cow
for six magic beans.
Oh,
which that was supposed to be a scam, but
it worked out.
It turned out it worked out for him.
Lucky Jack.
Anyway, if you think about it now, right now, it feels like you can't go an hour without a scam, a text, a call.
But how big is this problem?
Is it just me getting texts and calls, or is this really sort of a global?
I'm sorry, I'm going to stop sending you.
I wish you would.
Yeah, it's all Chuck.
No, but texts, phone calls, emails,
all of our connectivity into the landscape of humanity.
And now, as technology advances, how is that aiding, how is that abetting these bad actors?
I mean, tech has been supercharged by AI.
There's no doubts about that.
And it begs the question, what is real?
What actually is real out there?
Can we believe what we can't believe?
And we're going to break down the deep fakes.
We're even going to get into the dead internet theory.
And if you don't know what that is, stick around because I got to stick around.
You really are going to be in for a surprise.
And then you'll ask the question, are we all failing daily Turing tests?
What happens if it turns out the Internet is all bots?
Well, how about that?
Some of that, we'll need an expert.
So we've got Bogdan Botezatu.
This title is cool.
I want this on on my business card.
Okay.
Director of Threat Research and Reporting.
Why IARTA.
At Bit Defender.
This is a company based in Romania.
Oh, wow.
But they've got offices all over.
They want to protect the world.
Yes.
And we've got them right here on Star Talk Special Edition.
I believe it was Bit Defender that helped Liam Meeson get his daughter back.
How do you work, Liam Meeson?
Bona, welcome to Star Talk Special Edition.
Hi, all.
Thanks for having me on the show.
Literally, nobody will believe me that I'm shooting a video in such a great company.
Probably people at home will say that this is a deep fake, and it's going to be very difficult for me to contradict them.
Now, you've told us offline that you'd rather go by Bob.
It's easier for everybody, yeah.
Oh, see that?
And look at that.
He says it's easier, not for him, but for everybody.
And by that, he means America.
That's what he means.
Because we're some lazy arrests.
Yeah, because people are just like, you know, what is your name?
Bodan Botesatu.
Yeah, I'm going to call you Bob, all right?
You cool with that?
You cool with Bob?
We are so bad.
So, Bogdan, give us an idea of what it is globally, and maybe...
sort of land in the U.S.
a little bit more deeply about the kind of numbers and statistics that we're looking at in the present day as far as scams scams are concerned.
It's very hard to put numbers next to the global landscape of scams because most of these scams go unreported.
Or if they go deported, they don't get aggregated globally.
Think is that there are some estimations.
GASA places GASA, which is the Global Anti-Scam Alliance, one of the most prominent organizations that deal with anti-scamming.
They place scams
at inflicting about $1 trillion of losses for 2024.
Did you say T?
Trillion?
Yeah, $1 trillion.
Okay.
Yeah, $3 trillion.
Let me just say, I'm in the wrong business.
Okay.
This town is terrible.
I have now begun to sit uncomfortably.
And it's not the chair.
If it's a trillion dollars,
are you saying that's the guess or is that that's reported, but most of them go unreported?
So that 1 trillion could be an awful lot more?
Probably it's in between.
The global cybercrime market is around 9 trillion, which means that $1 trillion
for just scamming people would be
very conservative.
It is.
But the thing is that not all scams get reported.
There's people who are ashamed of admitting they have lost huge amounts of money.
Of course.
If you look around and talk to these people who got scammed, you'll realize that they haven't lost like $100 or $500.
They have lost hundreds of thousands of dollars because these kind of scams run for a very long time.
People gain their victims' trust and then they proceed to inflict the maximum amount of damage they can.
The other thing is that while probably the FBI has stats for what's going on in the United States, there are so many other countries that are affected by scams which do not not report centrally what they have registered in each country or each region.
So it's very difficult to tell how much money people have lost to scams, but $1 trillion seems an awful lot of money lost.
You think?
What are the weapons of choice here for a scammers?
I think all of us have experienced some kind of phishing email, but
what other weapons are scammers using to get at us?
Or tactics as well.
In terms of attack avenues, hackers have a huge variety.
They prefer instant messaging or direct phone calls because they're very immersive.
They can apply pressure and that sense of urgency that makes victims comply faster or fall victim easier.
Email is a kind of static means of communication because you're getting the email, you're reading it through, you're pausing a little bit, and then you're like, hmm, maybe answering this email or healing the call is not a good thing.
But when you're woken up at night via instant messaging, hey, this is your bank, your account is being depleted as we're texting.
Please call us back to find a way to block these transactions.
Well, you will be likely to respond to that.
So we have instant messaging, we have short messaging, we have phone, we have mass communications because there's the type of scams that goes one too many.
We have mass advertising and
business social media account compromise.
I will detail a little bit later about that.
If you're an adult struggling with obesity, if you've struggled for years and years, you are not alone.
But Zeppdown Terzepatide is changing what's possible when it comes to weight loss, along with diet and exercise.
Proven to help lose weight and keep it off.
Zeppbound is a prescription medicine for adults with obesity or some adults with overweight who also have weight-related medical problems.
Zeppbound should be used with a reduced calorie diet and increased physical activity.
Zeppbound injection is approved as a 2.5, 5, 7.5, 10, 12.5, or 15 milligrams per 0.5 milliliters in single-dose pen or single-dose file.
Don't use with other terzepatide-containing products or any GLP-1 receptor agonist medicines.
It is not known if Zeppbound can be used in children.
Don't take Zeppbound if allergic to it or if you or someone in your family had medullary thyroid cancer or multiple endocrineoplasia syndrome type 2.
Tell your doctor if you get a lump or swelling in your neck.
Stop Zeppbound and call your doctor if you have severe stomach pain or a serious allergic reaction.
Severe side effects may include inflamed pancreas or gallbladder problems.
Tell your doctor if you experience vision changes, depression, or suicidal thoughts before scheduled procedures with anesthesia, if you're nursing, pregnant plantaby, or taking birth control pills.
Taking Zepbound with a sulfonylurea or insulin may cause low blood sugar.
Side effects include nausea, diarrhea, and vomiting, which can cause dehydration and worsen kidney problems.
Discover the weight loss you could be bound for.
Ask your healthcare provider about ZepBound or call 1-800-545-5979.
Explore savings options regardless of insurance status at saveonzeppbound.com.
Terms and conditions apply.
Introducing your new Dell PC with the Intel Core Ultra Processor.
It helps you handle a lot, even when your holiday to-do list gets to be a lot.
Like organizing your holiday shopping and searching for great holiday deals and customer questions and customers requesting custom things, plus planning the perfect holiday dinner for vegans, vegetarians, pescatarians, and Uncle Mike's carnivore diet.
Luckily, you can get a PC with all-day battery life to help you get it all done.
That's the power of a Dell PC with Intel Inside, backed by Dell's Price Match Guarantee.
Get yours today at dell.com/slash deals.
Terms and conditions apply.
See Dell.com for details.
The universe operates on elegant principles, from quantum mechanics to cosmic evolution.
But what happens when you want want to explore the deeper questions that keep you up at night?
Claude is the AI thinking partner for curious minds.
Whether you're modelling stellar formation or exploring the intersection of physics and philosophy, Claude helps you dive deeper into the cosmic puzzles that fascinate you.
Try Claude for free at claude.ai slash star talk and see why the world's best problem solvers choose Claude as their thinking partner.
Hey, this is Kevin the Sommelier, and I support StarTalk on Patreon.
You're listening to Star Talk with Neil deGrasse Tyson.
What's with the phone call that you get it, you pick it up, and there's silence on the end?
Because
that kind of speaks to you.
Everybody knows that one.
Yeah, yeah.
So what's the angle there?
I have two theories.
One is technical and one is a little bit of a scenario that if two, we're completely condemned.
I'll start with the first one.
One likely chance of these phone calls is technical glitches.
You know, scammers use very complex software to spoof their numbers.
They use voice over IP gateways to make it look like they're calling from the same country as you and so on.
So there's a lot of room for failure when involving this guy, this kind of uh call center-grade software.
Sometimes calls hang up, uh, there's glitches that uh put the speaker, the operator on pause, and so on.
So, probably, there's a technical error that prevents the cyber criminal from getting in touch with you.
The other one is well, I say a superstition of mine.
Um, how do you answer your phone
with hello?
Yes, maybe?
No, I answer like this.
Who is this?
Sorry, go ahead.
Okay, fair enough.
Because
some people in some in some geographies, for instance, they will answer with not hello, but yes.
Most of Europe has yes
as an opening line when you're getting called.
What happens if somebody is building a massive database
of words, of yes, of acknowledgements, of confirmations?
Like if I'm answering my phone and somebody records me saying yes to them, where can they play that back to bypass some sort of authentication or confirm a choice of mine?
Well, voice is biometrics, right?
And sometimes
saying yes to something becomes contractual, like it substitutes your signature.
What if somebody, a threat actor or a threat actor group might
ask for confirmations from people now that makes sense so what they're doing is they're capturing your voice yeah if i told people 10 years ago that uh based on a two-minute conversation that we had on phone somebody will be able to spoof my voice and impersonate me everywhere for tens of minutes or hours would they have believed me back then so bogdan Looking at that aspect of it, if you've got new technologies, which we know are evolving rapidly, if not quicker.
How do we get into deep fakes?
How prevalent is the deep fake scam now on the landscape?
They're very prevalent and they're making most of the victims.
I was telling you that I'm clustering scams on a one-on-one type and on a one-on-one type.
One-on-one scams are those that happen in instant messaging where you're getting approached by a stranger and they try to earn your trust and then they will guide you towards some type of scam.
There's a one-to-many type of scam communication that is massively aided by deepfakes.
Cyber criminals are building deepfakes with people that the world recognizes and trusts.
you folks right you are online influencers cyber criminals have a lot of footage with you that they can use to train algorithms and people tend to listen to you because that's what they do with key influencers.
There's also politicians, doctors who are very famous, and
they become the base of deepfakes.
With these deepfakes, cyber criminals start promoting all types of scams from medical supplements to huge crypto investments, you know, you name it,
they have an opportunity for everything.
And these deepfakes get broadcast
either on stolen YouTube accounts or on social media posts that are boosted by paying for advertisements.
They use the trust given by the figure that has been impersonated, and they are using large channels to reach huge audiences.
And from there on, of course, some people will fall victim to the scam.
They will heed the call to action, which is normally visit this page or call this number and sign up for this opportunity.
So, this is how deep fakes work.
We took a
look at what's going on now, and we see that there are tens of thousands of such ads running on social networks.
There are large YouTube accounts that had been compromised and used as a billboard for crypto scams.
One of the largest accounts that has been compromised had 28 million subscribers.
So, when hackers got a hold of that account they were able to broadcast that deep fake to 28 million potential victims that's more than romania has population wow so can i let me know uh if if i can if you can indulge me i'm gonna i want to tell you that when i fell for a deep fake
i actually fell for one and i'm embarrassed as hell but it was very sophisticated so which you have to say because you fell for it
why you gotta to hurt a brother?
Why you got to hurt a brother?
Did I set your lawn on fire?
I'm just saying.
Damn.
You can't say this was a simple deep fake.
I'll let you be the judge of whether or not it was sophisticated.
Okay.
So here's the deal.
There was a deep fake of Sam Harris, who happens to be somebody I respect.
Okay.
How they knew that, I don't know, but it came into my feed and he was touting a very specific kind of product, not a brand, nothing, just a kind of product.
Okay.
Yeah.
So I looked it up.
And of course, they have, you know, they have your search history and all that kind of stuff, right?
Yeah.
Yeah.
So then I received a very specific ad for the product.
Okay.
So deep fake, right?
I respond with just a search.
And then the search responds back to me with more information.
And then over the course of like this back and forth amplification, I bought the product.
You dumbass.
Okay.
So bugging what you just described.
I knew he was going to do it.
He's lacking some empathy here.
I'm sorry.
Enough from this man here.
Go.
Is that a common template that you're seeing with a deep fake?
This is AI going full circle.
So the AI is building the billboard that will sell to you.
The AI algorithms on social networks will know how to profile you and what ad to serve you for maximum efficiency.
And then from there on, you will be chased by ads all pointing to the same product until you're ready to shop.
So cyber criminals work most of the time like corporations.
So they have their own product division that builds the deepfake.
They have the translation division that builds the multi-language content.
They have the web dev team that keeps the servers running for the scam pages to reach you.
And they will have quality assurance and sales support.
You mentioned before that we partner with law enforcement.
Yes, that's something that we normally do on high profile cases.
And scams are some part of these law enforcement corporations.
What we learned about
is that these cybercrime businesses have call centers that take people's calls and sign them up for various stuff.
People
employed in these call centers are screened before employment with lie detectors to make sure that they're not undercover cops, to make sure that
they will not betray the call center's cause, and so on.
So, this is cybercrime incorporated.
It's not a scam business run out of somebody's basement.
It's business that cyber criminals have invested money in order to make more money.
Wow.
Wow.
I mean, that's infrastructure.
Is there a specific demographic that these organized scammers are looking at?
Is it a gender-based?
Is it an age group?
Is it geographical?
What is it?
Or is it just, you know what, we'll take anyone's money.
We don't care.
Is it a black comedian who co-hosts a podcast?
I hear that's a very popular demo with the scammers.
No, in the end, everybody's welcome to put their money on the table and leave it there.
That's perfectly fine with cyber criminals, but they have various approaches because they don't have a scamming syndicate yet, right?
They're not unionized in a way.
that would allow them to organize in order to target demographics, right?
So what they will do is find out a local scam that converts well.
That depends where you are, right?
In some places of the world, for instance, leaking out your social security number is huge, right?
And will bring you a lot of hurt in the foreseeable future.
In Europe, for instance, some parts of Europe, leaking out your social security number doesn't have any value.
It's pseudo-public.
actually.
So cyber criminals are looking for information or types of scams that convert well in the region.
They don't target demographics, but they are focusing on specific aspects.
Some of them are focused on no man's scams, for instance.
They will target men more than women
because it looks like men are much more horny and desperate and lonely.
No, careless when it comes
to sharing information with partners, right?
Women are a little bit more reserved.
They don't go as fast and as far as
the male population, but they still,
when they fall for the scam, they fall the hardest.
To answer your question, I wouldn't say that cyber criminals are targeting demographics, but rather that there are specialized cybercrime groups that prefer one type of scam over another.
And us getting targeted by so many scam groups on a daily basis would look like there's something very structured.
That's the same organization targeting different demographics with different tactics.
While it was about us getting targeted by multiple cybercrime rings at the same time.
So business is good.
That's basically what you're saying.
No, but we're in a different space there because people would not necessarily do a deep fake to extort.
who and what we are, but
they can deep fake our integrity, our name,
our authenticity.
And there's one case where someone just scripted this narration about the Big Bang.
It was like 85% correct.
And I got fully deep faked into being the narrator,
the person speaking those words, showing me in a podcast setting.
And
it went online and it got boatloads of views.
Well, there's your money.
Well, I guess, okay.
So
there's the incentive.
Okay.
Even a good friend of mine, Terry Cruz, who is himself an actor and a public figure, he texted me and said, Neil, this is great.
This is great what you did here.
And I said, what?
And I looked at it, I said, that's not me.
That's not me.
And a funny thing, I don't want to say this publicly, but maybe I could or should, or will it matter?
When I speak, my words have way more rhythm to them than that deep fake did.
So I'm just saying, I know me when I'm speaking.
And when somebody's not me speaking, even if they're using my word, I know it ain't me.
Anyhow, it fooled him.
And so this...
Also, the deep fake sounded like it was on helium.
You know, when you look out into the universe,
it was missing some of the timbre of the lower registers of my voice.
So my only point there is, so yeah, 15% of it was either misleading or wrong.
And there have been others where just as Chuck was duped by a deep fake of Sam Harris, there was a deep fake of me commenting on a video game release.
And then people thought it was real.
And it was almost comical, but it was so.
This is Neil deGrasse Tyson.
I too like sitting in my mother's basement.
As I'm playing this video game right now.
So
what do we do?
Do we call you?
Companies like you?
What happens?
And are we a lower priority?
Because, no, they're not draining our bank account yet?
Where do we fit in that spectrum?
My guess is that what you described is a crime that has two distinct victims.
The first one is you, because you have just become an unwitting accessory to a bigger scheme that was shown to a potential public.
Your reputation is at damage here, and
that somehow can be controlled because you have the leverage to report that video to the hosting platform and probably take it off, but you have still presented some information.
You,
that version of you has
presented some maybe misaligned information to your potential audience.
And that's how deep fakes normally run.
Cyber criminals pick up a very prominent figure, like a president, a bank governor, a medic,
and then they place a discourse on top of the video.
They will attempt to convince people that what that person is saying is true.
The people will flock to heed the call to action.
and probably will lose money.
So
for some people, there is the reputational damage.
That's you, the persons that get impersonated.
For some other people, it's the financial loss that they have caused themselves when they heeded your call.
No, you don't call BitDefender for that.
You call the platform and have the video removed.
You use your outreach.
to tell the people that you're being impersonated and
they should do their due diligence.
And you also
might want to educate the users, which we are actually doing right now.
We're talking about deep fakes.
We're talking about the possibility that everybody can create an online version of us with different hidden agenda.
And I think that this educational part is the most important.
Speaking of education.
Are there telltale signs that you're looking at a deep fake or hearing a deep fake?
Now, Neil said that the cadence of his speech was kind of a giveaway to him when he saw it.
But are there things that we can, as lay people, look at in a deep fake and say, oh, if I see this, this, and this, most likely or definitely, this is a deep fake.
And you tell that to the deep fake and next time it doesn't do that.
We're a losing game.
Yeah, we are.
But are there right now that we know of?
I would say yes, yes, and no.
For starters, there are a couple of tailtail signs, like maybe poor lip synchronization or some sort of artifacts introduced by the AI.
If you remember, a while ago, the AI used to have a very difficult time aligning teeth or representing the amount of fingers.
But that changes in time.
As technology evolves, these things get perfected.
And what I'm trying to say is that we should rely less on technical artifacts or telltale signs to tell a scam and focus more on the likelihood that what we're hearing and seeing is real.
I saw the impersonating videos that Neil sent over, and when we analyzed them, we focused on, let's say, a couple of key elements that will demolish the story.
Like Neil, Neil is a very knowledgeable person in the science field.
He wouldn't spend much time commenting games, right?
He wouldn't use that language.
He wouldn't be recommending products.
He would not do that.
Probably we are going to need that, the upcoming versions of our technologies for fighting scams to include deep knowledge about public people.
or the most prominent people in the world that are likely to fall victims of impersonation and create some sort of a what would that person do, recommend, speak about, discuss publicly, and so on?
Very, very important fact.
Because that video game review, it had a lot of vulgarity in it.
Right.
And I'm not a vulgar guy.
I'm not that guy.
Plus, I don't
sell anything.
I don't sell anything.
Right.
Right.
So if you ever see, like, hi, this is Neil deGrasse Tyson for delicious Buffy Bison beef jerky.
You know,
it's not real.
It's just not real.
Yeah, there's even pressure for me to sell things for the the ad spots of this podcast.
I don't do that.
Gary and I are the whores that do that.
It's Gary.
You're welcome, Neil.
You're protecting Manda.
Thank you.
This is our camp.
We are here on these streets.
That opens up a lot of opportunities because whenever you're misbehaving or do reckless things, you can say, Just, you know, it's an impersonation.
I'm not doing that normally.
Right.
Okay.
Bogdan, we've seen, and you've explained it brilliantly, thank you, about the development and use of technologies to bring forward different levels, different types of scams and deep fakes.
How much of this is pre-planned psychological attack on victims?
And
how are scammers building in a psychological aspect to this?
My theory is that 90% of the scams are psychology and probably 10%
technology and science.
That's because
scamming people is actually hacking into their brain, right?
Pushing some buttons
that generate emotions.
Every type of scam that we have analyzed has some sort of psychological cues that cyber criminals want to pick up.
Let's take failed package deliveries.
You become curious about where did that package come from and what might be in it.
That's enough for your brain to switch off
the rattling sound that says, hey, probably
that link you're going to follow will lead you to a phishing page, right?
The brain no longer listens to these warning signs.
You have romance cams where cyber criminals are exploiting and preying on the lonely.
They don't target people who are using technology.
They are targeting people who are feeling lonely and they are feeling so lonely that they will be willing to spend all the day talking to a stranger who inadvertently sent a message because they misspelled a phone number.
We have cyber criminals that prey on the nature natural greed that people feel, like get rich quick now.
Would you like to multiply your money 10 times?
Again, they're not trying to demonstrate an economic impossibility.
They will try to push that button that says, hey, I need more money because that's the human nature.
So probably most of the scams that we face on a daily basis are psychology.
And technology just widens the net, makes cyber criminals more effective, makes them capable of targeting people who are in a different geographic region speaking a different language.
A couple of days ago, I got texted by a scammer on an instant messaging platform, and they wrote the message in Romania.
And I do what I usually do, answer in Finnish.
Finnish is a very niche language.
There's like, what, four million people speaking an almost impossible language that it's very difficult to understand.
And that's, you know, that's my tuning test.
If you're able to reply me in Finnish, you'll abort, right?
And guess what they did?
They removed the first message and replied in Finnish.
And they carried the conversation for a couple of messages.
Sometimes they would revert back to Romanian, delete the message, and then replace it with the Finnish translation.
And they would do that in almost real time.
So
what I'm trying to say here is that technology is an enabler for them.
They are using the same psychological patterns that I talked about, but now they're able to cast a wider net because they have APIs to mass mail, mass communicate with people.
They have real-time translation to help them address markets that were impossible for them.
And they have huge opportunities on the payment scale because credit cards are universal.
And if credit cards don't do the trick, then probably you're going to have to exchange real money into Bitcoins for cryptocurrency.
And API stands for what?
Remind me?
It's an advanced programming interface.
It's a way that you can hook up, let's say, an instant messaging application to a computer to mass communicate with dozens, thousands of people at the same time.
Wow.
So I think it's, you know, I may sound cliche when I say this, but this is what I was taught my entire life, that one,
you don't get something for nothing.
Two, if it's too good to be true, then it's not.
And three, and this is the part that's very hard, don't ever want to believe something more than you want the truth.
Because if you want to believe something, you will discard everything to get to your belief, to see your belief confirmed.
None so blind.
You left out a fourth one.
What's that?
Don't be a dumbass.
That's my rule.
Those were my parents' rule.
I mean,
none so blind as those who refuse to see is kind of like like another way of rephrasing that.
And talking of phraseology, I think we, just us three here, have learned recently some scamming language.
Firstly, if, you know, I'll ask you to break them down.
One is honeypot.
The other is
pig butchering.
So which one?
Well, one sounds pretty good.
Yeah.
And it ain't the honeypot.
So Bogdan, could you break down each phrase for us so as we understand and gives our audience an understanding as well?
I like the way you have split them into adversary language and good guys language.
I'll start with pig butchering.
This is a type of scam that has been going on for quite a while.
It's very popular in Southeast Asia.
That's where it got its name from, because it...
technically means fattening up the pig before you sacrifice it.
And
that's what cyber criminals are doing to the victims.
They gain their trust.
They keep conversations going on for weeks, maybe months, trying to gain their trust and get as close to them as possible.
And when they earn their trust, they're going to create massive financial losses because they already have that person's trust.
A very common pig butchering type of attack is somebody texting you.
normally with
an opposite sex handle.
Like if you're a man, they will impersonate a woman and they will be asking you, hey, this is Jennifer.
How far away are you from the airport?
Because I'm kind of losing patience here.
You were supposed to pick me up at 10.
And you look at the phone and answer, hey, you have the wrong number.
Probably you want to sort it out with your taxi cab, Uber driver, whatever.
They will reply, hey, thank you for being so kind.
By the way, I'm visiting the city.
I want to see see what your city offers.
Do you have any recommendations?
And they kick off a conversation.
And they will entertain that conversation
with the victim for months.
They will exchange photos that are created with deepfake technology.
They will create videos.
They will gain your trust up until some point where they start working at the con.
Hey, look,
I'm doing just fine.
I have invested in cryptocurrency a while ago and now I'm reaping the rewards.
We've been meeting online for quite a while.
So I'll tell you my secret.
Let me teach you how to invest a little bit of money to multiply it 10 times, 12, 20 times, and so on.
And they will
start working on this financial fraud when you have finally fallen in love.
with them.
I've been talking to people who have lost significant amounts of money.
Wait, wait, they have yet to meet these people.
They're falling in love via electrons.
Yes.
And you know, emotion is emotion, regardless of the vector.
So
it reminds me of that joke.
Why is love on the wireless spectrum?
Because it's measured in hertz.
Good one.
I'll be here all week.
So people fall in love and they're looking forward to meeting the other one, but
it's never a good opportunity for that because of travel, because of all these things.
And eventually people end up losing a lot of money.
We've been investigating a couple of these scams.
And the sad thing was that people who had lost like hundreds of thousands of dollars were like, you know what?
I don't care about the money.
I don't have anybody to wake up to and text.
That's sad.
The psychological damage is sometimes much more impactful for them than the financial damage.
Wow.
Wow.
So, all right.
Wait, wait, so this sets up the plot for the movie Her, where just let the AI be your companion.
Fall in love with AI.
And the AI is not going to try to take your money.
Money?
Yeah.
Yeah.
Chat GPT, I don't think it wants to take your money, but it'll totally make you think you're in love with it if you ask it the right questions.
That's true.
So So we have solutions for this.
I have a very limited
movie culture, but my assumption is that that movie didn't end well.
You may be right.
So we've done pig butchering.
Can you just open up the honeypot for us?
Let's see inside.
The honeypot.
We have a couple of technologies that we call honeypot.
It's something that researchers normally do.
That's a computer or a connected system
that poses like it's a victim.
A honeypot is used by cybersecurity researchers to attract cyber criminals and they will attempt to hack into that machine thinking that it's a real user on the internet.
It's somebody's computer and they will attempt to exercise the prowess.
to hack into that.
And the machine, instead of just letting it through, it records every step of the attack for us to be able to decompose the way cyber criminals got in.
That brings a lot of value for us because it helps us understand how the criminals are operating on the internet, what tactics and tools they're using, how they're approaching this puzzle of hacking into somebody's computer.
And what are the telltale signs that we can use in an early stage of the attack to block them?
We use honeypots for various things, for collecting virus samples, for instance.
We use honeypots for the IoT devices to see how cyber criminals are harvesting IoT devices and building large armies of zombie devices that are using them to attack civilian targets.
We are using honeypots for recording scam conversations and extracting red flags in that conversation that will help the victim identify when they're being scammed.
So that's very short definition of the honeypot.
So, honeypot is the good guys' tools.
Yes, a honeypot is normally
somebody's
way of staying up to date with the latest tactics in the hacking world.
Okay, so I'm glad that exists.
Meet Saw.
His fantasy lineup not so great.
A no-name QB and an injured rookie running back.
But you know what is great?
Getting a single-line unlimited plan for $35 a month and a free Samsung Galaxy A15 5G at Cricket Wireless.
No injuries, just reliable service.
Cricket may temporarily sold beta speeds if the network is busy.
Must bring your number to Cricket on Select Unlimited Plan.
Pay $40 first month, new lines only.
First month service charge and tax due at sale.
Cricket 5G is not available everywhere.
Fees, terms, and restrictions apply.
See CricketWireless.com for details.
Go from skeptic to electric in the new Toyota BZ.
Hesitant about going all-electric?
OneDrive can change your mind.
With up to an EPA-estimated 314-mile range rating for front-wheel drive models and available all-wheel drive models with 338 horsepower, the Toyota BZ is built for confidence.
Conveniently charge at home or on the go with access to a wide range of compatible public charging networks, including Tesla superchargers.
Inside, enjoy a 14-inch touchscreen and an available panoramic view moonroof.
Learn more at toyota.com/slash BZ.
The new all-electric BZ.
Toyota, let's go places.
Staples presents.
That was easy.
So my sandwich shop was opening in a week and I needed signage.
A week is plenty of time.
Titanic.
I went to Staples.
They printed banners, posters, and flyers to promote my grand opening.
Oh, in time for your grand closing.
Nope, I had it same day.
I even got $125 off my order.
Hold the onions for all your business printing.
Staples.
That was easy.
Now save up to $125 on custom print orders in store and online.
Same day of order by 12 p.m.
It's 11-1 exclusive supply.
Visit staples.com/slash print for details.
You've just described the honeypot and the pig books to me.
Thank you.
And now you've kind of closed off both ends.
Is anything out there real?
I mean, most of this thing happens...
on the internet and I'm just wondering now is anything actually real out there?
Is it human?
I mean, we know the victims themselves are generally humans, and there's very rarely a victimless scam.
But is anything real?
Just really, honestly, anything real out there yet?
Yeah.
Pretty much everything is real because we're starting to use the internet.
We have started to use the internet for real stuff a while ago.
Nuclear power plants are being controlled over the internet.
The world money
flows through the internet from one bank to another.
Our communications flow from one end of the internet to another.
Our dreams, our fantasies, everything is on the internet.
So that's where the bad guys are lurking, right?
My guess is that your question is:
are we still more humans on the internet than probably bots or scripts or automations or artificial intelligence algorithms that are building content?
Yes, there are way more people on the internet than bots.
That's what the bots want you you to think.
Look,
if you take a look at what's happening on social media, there's a lot of video being created by humans.
Is it useful?
Definitely not, right?
People dancing all over or sharing that experience is really not useful for the largest part of humankind.
But it's still video created by people.
They have put effort in doing that.
Yes, there's much more content being created by humans at this point than by AI.
AI and bots are bots mostly are being used for scraping this content, content that will be eventually used for training artificial intelligence algorithms.
You don't really see right now a dead internet theory being the reality.
You still think the human presence is there.
Is it likely the future of the internet will be exactly that and it's going to be 100% bot?
There's going to be a lot of automation, but most of
those consuming the content will still be humans.
So regardless of how much
content is being produced, there's still going to be people on the internet consuming that content.
Okay, I don't mind being a person on the internet being entertained by AI-created content, as long as I'm not fooled into thinking it's anything other than that.
In the film Blade Runner, based on the story by Philip K.
Dick, do androids dream of electric sheep?
Yeah.
That's the original short story.
Yeah, it's a great title.
In it, there's a whole system in place where
there are people
trained to test the replicants to see if they're actually replicants.
Because they're so well made,
they have to put them through a psychological stress test where you know how a human would react, whereas the replicants, the AI computer versions of us would not and they would fail.
And the fact that that test was so subtle, and this story was written 50 years ago.
So is there any way today
that we mentioned this earlier, but I'm just saying
in a Turing test, if you're going to have a conversation, Are there questions we can ask?
Is there something about the video we can detect?
Is this other than my voice cadence and other things that I know about myself, how do we defend ourselves?
Your company is called Bit Defender.
So let me hear the defensive line.
Help me, Bit Defender.
Help me.
Help!
The AI and deep fake front is opened relatively recently.
We didn't have it five years ago.
We didn't have it 10 years ago.
You know, most of our defenses as humanity but evolve around staying safe from phishing links from malware from what i would tell traditional endpoint security when it comes to artificial intelligence and ai generated content it's already here we have like a couple of dozens of very famous uh online influencers that are ran by artificial intelligence.
Like there are a couple of Instagram accounts that have millions of subscribers and the person does not exist.
The only thing that exists is an AI algorithm that's building content to order.
Well, unfortunately, there is no defense against that.
And would we need a defense to that?
Or would we need a defense to probably some nefarious goals that the AI content will attempt to lead us to?
And
here's what we're trying to do here.
We're trying to help people understand the red flags in communication, understand this information, understand the likelihood of something that they're exposed to being real.
And probably that will be the future of technology.
Not necessarily detecting that some content is created by AI, but rather the fact that that content created by whoever is malicious and will have an impact on you and your security.
So, when it comes to malicious intent on behalf of interactions, internet interactions, are there some hard and fast, simple rules that we can follow?
Like the way you answer an email or the way you answer if someone were to call you, the way you do or do not offer up information.
Are there some simple rules that will help somebody not
fall prey to a scam?
You're asking all the hard questions.
This is a very important topic for me
because these nefarious interactions that you described can be used by a commercial actor, for instance, to, I don't know, make you behave in a specific way that will result in loss of money.
But they're also used as hybrid worker now.
Disinformation is a big part of that.
And it doesn't have that kind of structure that makes it obvious.
It doesn't have that
call to action that would let me know that that the message is wrong, false, or leading to unintended consequences.
The fact that we have deepfakes
talking about, I would say, political stuff, impersonations, hidden agendas, and so on, will help an adversary dilute our amount of trust.
They will cause uncertainty.
They will reach the goal by making us question everything and ultimately not caring about the message because we cannot distinguish what's wrong from the right, what's true from the false and so on.
So
not sure if this answers the question, but that's probably the best answer I can give at this point.
All right.
Well, how about this?
And
what does BitDefender do?
Like, you know, how do you guys defend against this stuff?
If I were to have BitDefender on my computer, what would it do for me?
Yeah, if all you do is find it, plus, is it prosecution at the end of this?
What fraction of all offenders are prosecuted?
Because apparently with a $9 trillion
fraud market,
it can't be a lot.
Well, but that's what I'm saying.
Like that right there lets you know that this is ubiquitous and it's proliferating.
So like it sounds to me like when you call yourself Bit Defender, maybe there's a real need for you to be on my computer.
But what am I putting you on my computer to do is what I'm trying to figure out.
And I'm not trying to do a commercial here.
I am genuinely interested.
Cybersecurity is a fundamental part of the way we're interacting with technology right now.
I don't want to ring my bells here, but security solutions are fundamental to how our end or our day starts and ends.
And they make the difference between another day at the office and the complete disaster when you have lost all your money or your data at the end of the day.
So what does BitDefender do?
We build cybersecurity solutions and technologies that help people stay safe from all sorts of cyber threats.
We started with what's commonly known as antivirus back in the 90s when the internet was booming and when computers became a fundamental part of every
household.
We started securing them with what's called as antivirus.
But the good old days.
It was just a virus.
Just a virus.
Just a virus.
The good old days.
Yeah.
We evolved way past that because our attack surface has become a little bit more complex.
And now we have to secure not only computers, but our data, our smart devices in households.
We have to secure companies that store your information.
We have to secure a lot of aspects that were not an issue back in the day.
So when you hear that the antivirus is dead or
there's no real need for it on computers and mobile devices, That's not true, right?
And antivirus solutions are becoming more and more complex.
They have changed to complete suits now.
They're not just one application.
The virus is mutating,
Mr.
Smith.
No, but
it's not just the virus.
Scams have become an important component of cybercrime.
As I told you, it's one-ninth of the total losses caused by technology
the world.
So at this point, BitDefender also handles these anti-scamming aspects in various ways.
We have security solutions that automatically detect that a specific message is a
form of scam.
We have advisors where people can describe what they're seeing or taking screenshots or taking a picture of something and feeding it to an AI assistant asking, hey, is there anything dangerous here if I'm venturing into what's described here?
And the AI will look at the situation, assess the likelihood of that being a scam, and teach the user that there are a couple of red flags there that
probably lead to a scam.
So BitDefender, what we do is what we've always done, keep users and companies safe, but now with a lot more technology and attack surface to defend.
So
I've talked about...
By the way, I like your geometric reference to the texture of your surface that's exposed.
A surface is a boundary between what's on one side and what's on the other.
And the surface can get larger or more variegated.
So I love that reference and how you have to then think about the problem.
Bogdan, we've discussed it.
What you don't want is a fractal surface.
Then we'll never get to the bottom of it.
Never get to it.
Never get to the end of it.
Ever.
We've discussed the sort of one-to-one aspect.
What if you rolled out the sort of deep fake and malicious intents to a grander scale to a city a utility on a national scale
national security yeah you know that romania is on the eastern nato flank it's on the eastern part of the european union as well and um as of a couple of years ago we've had a war at the border uh there's ukraine versus uh russia um
the ukrainians are our neighbors and uh as they were in the middle of of the fight, tipfake of President Zelensky erupted on the internet,
calling for every armed person to lay down their weapon because Ukraine had surrendered.
That was a tipfake, and it was quickly combated by the Ukrainian security services.
But this could have had awful consequences, right?
What happened if the whole army fell for that or a part of the army fell for that.
But that's also part of the
hybrid warfare that I was mentioning
before that.
There's a lot of disinformation going on.
There are calls to action that are completely wrong, and so on.
But another practical example would not necessarily have to do with deepfakes, but to the state of technology.
and the penetration of technology into our homes.
BitDefender also has an IoT security research wing.
IoT stands for for the Internet of Things and it's normally a category of
consumer electronics that's comprised of smart stuff, digital assistants,
smart toasters, coffee makers and smart lights and so on.
There's a specific type of IoT device that has started to penetrate the world and that's the solar inverter.
Solar inverters are pieces of technology that convert electricity from solar panels and store it, manage it, or inject it into the grid.
These inverters are normally hooked up to the internet at home.
And these inverters most of the time come from China.
Last year in August, we looked into a couple of inverters that are very popular in Europe.
And we realized that a potential attacker would be able to seize control over each of the inverters inverters made by a specific brand.
That would give an attacker access to about 140 gigawatts of electricity.
That's a lot by any standard.
I'm not a professional in the energy, but that looks huge.
That's a big blackout, man.
And one of the things that we uncovered after this first contact was that we will never know whether that was a software bug that that allowed somebody to get into all of the inverters made by the same manufacturer, or if that was a carefully hidden backdoor that could be accessed by a nation, by the nation state to cause a blackout to a city, country, or to a territory.
Germany is a new European state that's starting to take uh cybersecurity in this inverter space very carefully because they realize that whatever happens in uh in this very particular iot sphere could bring grids down um what happened in spain uh this year was a wake-up call uh that's grid falling not because of a cyber security incident but because solar played a bad role here.
All I wanted to say is that grids are very powerful beasts and they used to be isolated from the internet.
And now everybody has a piece of the grid in their home that's connected to the internet.
That's a million
entry points to something that pertains to national security.
That's why we got to stick to coal.
Got to keep burning coal, man.
That's the problem.
Get off that dog on solar energy.
Okay.
Oh, newfangle, solar and wind.
What about the birds?
You know, the cancer.
No, let's go with coal.
And you'll be okay.
Thank you, Chuck, for that regressive comment comment on civilization.
Bode, we got to wrap this up.
Could you give us just some hopeful news here out of this conversation?
Yeah, man.
Where do you see all this?
Yeah, where does this go in two years, five years, 10 years?
Well, this will continue to be a cat and mouse game where the bad guys are advancing.
The good guys will be catching up with their tactics.
And best case scenario, they will find a way to proactively protect against their their attacks, right?
We've done that for the past decades with malware, and we're going to do that with deepfakes and with the rest of the scams as well.
So there's hope.
The fact that we're still using technology and most of our interactions online are safe gives us hope.
We're here to protect.
We have the technologies, the solutions, and we're not just
waiting for the bad guys to
win the game.
Given how large this marketplace is, you're not the only company out there who is working in this space.
We have very powerful partners from other security vendors to law enforcement.
And that's also one thing that I wanted to
tell you about.
The fact that we're very successful in this cooperation with law enforcement.
We
have a lot of cases that we opened together with law enforcement.
We have a couple of cybercrime rings that become dismantled as part of these successful cooperations.
And police agencies all over the world are taking cybercrime extremely seriously.
With our expertise and with their ability to execute arrests is
something that
helps us curb on cybercrime.
Their ability to kick down a door.
That's what that is.
Yeah, AI can't do that.
AI can't do it.
So Bodin, if a person is famous or otherwise wealthy and then they get scammed, that's kind of embarrassing.
Is there some stigma that will go away eventually once people find out that they're not alone in their victimhood?
Where does that land on this landscape?
Well, scamming and
malware can happen to everyone.
That's because
cyber attacks have become so sophisticated and
so prevalent that it's difficult for everybody to stay safe at all times.
I will give you an example.
Cybercrime can happen to everyone.
It's not you that you're enabling it.
You're just a victim yourself, right?
There have been a lot of compromised accounts belonging to highly respected people that have fallen victim.
to a cyber attack.
We have a lot of surface to defend at the end of the day.
We have email communications.
We have mobile send instant messaging.
We have technology everywhere around us, on our body, in our home, in front of us, right?
And
that's a very, very difficult mission.
Staying safe is a difficult mission.
What I would say is that if you're falling victim to any kind of digital crime, report it.
First of all, there's entities there that might be able to
There's also entities that need to know that you have fallen victim to a type of cybercrime to be able to assess the magnitude of a phenomenon.
Imagine that, for instance,
only about 7%
of scams are getting reported.
So police offices all over the world are not correctly budgeted.
to face this phenomenon because they cannot assess its impact on the local communities.
So Bob, in a way, what you're saying is you should report it because if you don't, you're actually enabling the people who harmed you.
You're actually helping them by keeping this to yourself and suffering in silence.
Go ahead and report it because one, it happens to everybody and it's not your fault.
And two, by reporting it, you're putting information out there that can be used against the people who committed the crime.
Yes, they say that you know if a tree falls into a forest and nobody hears it has it fallen that's that that goes with cybercrime as well if you have been scammed and dozens of other people have been scammed and you have not reported it to the local uh law enforcement office and neither did anybody is scamming really part of the police uh agency's agenda no because there's technically no scamming going on.
That's why we are advising victims to report it.
It's not something that they should be ashamed of.
It's not something that they should keep it to themselves.
The more they talk about it, the more this message gets pushed on the local agenda and
law enforcement agencies or other people will be able to act on it.
Cool.
That's the lesson right here.
There it is.
Bogdan, Botasatu, pleasure to have you on Star Talk Special Edition.
Thank you.
Even though three-quarters of everything you said was completely depressing,
we needed that.
No, it was the best depressing conversation.
I guess so.
That's a lot of it.
Okay.
All right.
It's the kind of depressing information that can serve you going forward.
Absolutely.
There it is.
There it is.
So important.
And we were delighted to work with you guys when we filmed our segment with Formula One and the security necessary in the communication between
the pit and the cars and that whole world.
And so thanks for being there both times.
Thank you for this opportunity.
It's one thing to look at you religiously on the other side of the screen and a whole different experience to be part of the show.
Okay.
Oh, wow.
Thank you.
That's very nice.
Excellent.
All right.
That's all the time we got.
I learned a lot today.
Oh, yes.
Yeah.
Dude.
Yeah,
I've learned.
I am burning my computer.
Oh, yeah.
That's what I learned.
I am done with
going back to an abacus.
Abacus.
I got one right.
I got an abacus.
No, no, no, no.
I'm writing letters.
I'm starting to write letters again.
That's it.
All right, Gary, always good to have you here.
Pleasure, my friend.
All right, Chuck.
Always good.
All right, be good.
Neil deGrasse Tyson for Star Talk Special Edition.
The world is coming to an end.
Episode:
AI will be our overlords and they'll take your money.
No, I exaggerate.
Anyhow, really try to keep looking up.
Until next time.