1
00:00:00,131 --> 00:00:13,060
Host: We are joined once again today by Peter Warmka, a former CIA agent that specialized in what he calls human hacking and now uses that knowledge to help businesses assess their vulnerability to foreign intelligence groups, criminals, and other threats.

2
00:00:13,589 --> 00:00:20,529
Peter is a professor at Webster University where he lectures on counterintelligence and cyber security and is the founder of the Counterintelligence Institute.

3
00:00:20,950 --> 00:00:28,470
Since you last joined the program back in February of last year, there's been an artificial intelligence explosion with ChatGPT leading the charge.

4
00:00:28,619 --> 00:00:32,629
How have AI tools changed the sort of threats we should be looking out for?

5
00:00:32,679 --> 00:00:34,199
Peter Warmka: AI goes back to the 1950s.

6
00:00:34,389 --> 00:00:36,720
It was coined when the first computers came out, right?

7
00:00:36,910 --> 00:00:37,920
Artificial intelligence.

8
00:00:37,929 --> 00:00:52,839
So a lot of this was developing, but it really wasn't out in public, you know, the public, the general public didn't know very much about it until all of a sudden you had, uh, Chad GPT, you know, released back in November, then all of a sudden it was like, it was instant everything, right?

9
00:00:53,165 --> 00:00:58,645
And now you get to the point where people are looking at doom and gloom, that the machines are going to take over mankind.

10
00:00:58,645 --> 00:00:59,865
I don't see that happening.

11
00:01:00,214 --> 00:01:02,675
Technology, uh, is neither good nor evil.

12
00:01:02,675 --> 00:01:07,164
It depends on the intent of the person, the human behind the technology, right?

13
00:01:07,565 --> 00:01:13,945
Well, we can already see in an area that I, you know, I focus in a lot in regard to human hacking, social engineering.

14
00:01:14,419 --> 00:01:57,045
Where, first of all, we, we try to gather as much information as possible on a target, whether it's an individual or a company, and some of these features such as, um, FAPTPT, they want to, there's certain things they regulate to ensure that it's not used for malicious intent, they would not allow you to do extensive searches on ordinary individuals to collect on them, they might give you information about, you know, people that are celebrities, high profile individuals, but the general, you know, Joe and Sally, they're not pulling that information, but the technology is already existing to do it and that technology in the hands of someone else can easily pull up a lot more information on all of us that can be used for these types of operations.

15
00:01:57,045 --> 00:02:03,735
We see for a long time now, one of the biggest areas for spear phishing has been the use of social media, especially like LinkedIn accounts.

16
00:02:04,164 --> 00:02:09,695
LinkedIn profiles are currently like 930 million out of which 5 to 7 percent of them are fake.

17
00:02:10,035 --> 00:02:24,464
A lot of those fake profiles are made by foreign intelligence services, criminal groups, and a lot of them, English is not their native language, so you might be able to find some that are not quite well worded, or they copied and pasted that text from somewhere else, and it's perfect.

18
00:02:24,634 --> 00:02:25,364
It's just so much.

19
00:02:25,394 --> 00:02:31,174
But now with GPT Chat, they can utilize that and come up with a great profile, well worded profile.

20
00:02:31,465 --> 00:02:46,944
The pictures previously were taken from other people's profiles, and by doing a reverse engineering, reverse image search, you can find that picture in someone else's name, but now computer, uh, uh, computer generated, uh, pictures of people are one of a kind, and they're almost near perfect.

21
00:02:47,215 --> 00:02:54,145
So these profiles are stronger, easier to make, they're going to be used more and more to reach out to people, uh, for social engineering attacks.

22
00:02:54,305 --> 00:02:55,025
The scene.

23
00:02:55,329 --> 00:03:20,025
If you're a people, if people don't know what vision is, it's about using the telephone to impersonate whoever the, the, the threat actor wants to impersonate, whether it's your boss, whether it's a coworker, whether it's your client, whether it's a, you know, your financial advisor to ask specific sensitive question, you know, trying to procure sensitive information, or getting an individual to take an action that could be very detrimental, such as, you know, sending that wire transfer.

24
00:03:20,025 --> 00:03:22,625
The boss calls, you know, we need to make this urgent wire transfer.

25
00:03:22,625 --> 00:03:24,005
And there's been a lot of cases of that.

26
00:03:24,305 --> 00:03:29,095
But now with voice cloning, this is becoming much more dangerous.

27
00:03:29,115 --> 00:03:34,275
And there's been cases already, a bank manager in Hong UAE.

28
00:03:36,430 --> 00:03:43,300
Spoof the caller ID number and also clone the voice of the client and requested 35 million transfer.

29
00:03:43,310 --> 00:03:44,410
The money was transferred out.

30
00:03:44,640 --> 00:03:50,560
And it's sort of like, you know, people hear a business email compromise of creating that email that looks like it's coming from the boss here.

31
00:03:50,660 --> 00:03:55,564
This is much more effective because you're getting somebody online who believes it's you.

32
00:03:55,715 --> 00:03:56,665
to hear your voice.

33
00:03:56,905 --> 00:04:02,655
For example, if you ask me a question or if I see that you're kind of hesitating, I can talk you into it with an email.

34
00:04:02,665 --> 00:04:03,495
It's just a one shot.

35
00:04:03,624 --> 00:04:08,135
And I don't know if you're going to do it or not, but with a voice, I can hear you and I can, you know, walk you through it.

36
00:04:08,135 --> 00:04:12,195
And, and almost with certainty, I can get you to undertake the action that I want you to.

37
00:04:12,195 --> 00:04:14,374
So voice cloning is huge.

38
00:04:14,655 --> 00:04:20,565
About a year ago, it took maybe 50, 60 seconds of sampling the voice to clone it.

39
00:04:20,584 --> 00:04:23,165
Now it's a matter of two seconds, three seconds.

40
00:04:23,489 --> 00:04:24,590
And how can I get your voice?

41
00:04:24,590 --> 00:04:27,599
If you're, if I, you know, maybe if you're on podcast, I can get your voice.

42
00:04:27,599 --> 00:04:27,869
Right.

43
00:04:28,009 --> 00:04:32,609
But the average citizen, the average person is probably not out there very much on podcasts or on YouTube.

44
00:04:32,869 --> 00:04:35,890
So I just call your phone number when it goes to voicemail.

45
00:04:35,900 --> 00:04:38,429
A lot of people are using their own voice for voicemail.

46
00:04:38,439 --> 00:04:45,819
I mean, so it's not that hard to get samplings of people's voices, but technology is making it easier and easier and easier for.

47
00:04:45,989 --> 00:04:47,369
For threat actors to be effective.

48
00:04:47,940 --> 00:04:51,850
Host: So is the best  defense against AI just more AI?

49
00:04:51,850 --> 00:04:56,920
, 
Peter Warmka: Yeah,  in the short I mean, long term we could develop, and there are being developed, uh, different types of AI detection.

50
00:04:56,949 --> 00:05:00,740
I mean, uh, deepfakes, if you want to call them deepfake, detection tools.

51
00:05:01,025 --> 00:05:08,545
Those are rolling out, but they're always going to be behind, you know, they're not going to be ever necessarily catch up to the other technology that's being, that's coming out.

52
00:05:08,735 --> 00:05:10,905
And the other problem is lack of regulation.

53
00:05:11,135 --> 00:05:11,425
The U.

54
00:05:11,425 --> 00:05:11,755
S.

55
00:05:11,865 --> 00:05:16,544
is so far behind in proper regulation, whether it's by states or the federal government.

56
00:05:16,625 --> 00:05:19,895
So, right now the biggest, the most important thing is that public awareness.

57
00:05:20,295 --> 00:05:25,455
Increasing the public awareness, uh, to be able to recognize and question, is this real or is this not?

58
00:05:26,015 --> 00:05:30,584
Host: So how can we tell if who or what we are dealing with is actually another person or AI?

59
00:05:30,634 --> 00:05:32,224
Peter Warmka: There's very few tells anymore.

60
00:05:32,524 --> 00:05:34,274
I think the, the important thing is the following.

61
00:05:34,284 --> 00:05:37,464
The threat is not when we reach out to somebody else.

62
00:05:37,504 --> 00:05:39,294
The threat is when we have something incoming.

63
00:05:39,544 --> 00:05:45,954
Whether it's an email, text message, or a message on, you know, approach via social media, or a phone call.

64
00:05:46,279 --> 00:05:57,309
Or even a face to face encounter, the threat is not when we reach out at the threat is when potential threat is when someone else reaches out to us, we don't know, or who maybe is impersonating somebody who we think they are, right?

65
00:05:57,309 --> 00:05:58,189
Like the voice.

66
00:05:58,749 --> 00:06:01,429
We have to decide when do we need to verify.

67
00:06:01,849 --> 00:06:02,999
And when does it really matter?

68
00:06:03,019 --> 00:06:46,374
Because if it's coming in and they're asking very sensitive information, asking questions for very sensitive information, or if they're asking you to do something that, if fraudulent, could be very detrimental to you or the firm, such as wire transfer or, for example, issuing a facility access Passed to a very sensitive area of the company, and if that's fraudulent, you know, if you have a threat actor that all of a sudden is wandering around in your company or grants access onto the IT networks, if those are the cases, you have to sit back and say, Let me first verify before trusting, that's what we have to do, but there is a segment of the population that we're, that I'm looking at that, that really is the most vulnerable and victimized in society.

69
00:06:46,374 --> 00:06:47,594
And that's, that's our seniors.

70
00:06:47,914 --> 00:06:54,884
A lot of times they're not, not quite up to date on this type of technology and these different things that can happen to their, their more trusting.

71
00:06:55,264 --> 00:06:57,934
And also they are the most attractive targets, right?

72
00:06:57,934 --> 00:06:58,744
They have a lot of money.

73
00:06:58,969 --> 00:06:59,919
They're so accessible.

74
00:07:00,249 --> 00:07:02,729
What's really growing are these grandparents scams.

75
00:07:02,769 --> 00:07:07,929
And you've heard maybe a few of these coming out, talking about them, but it's also using the voice cloning.

76
00:07:08,319 --> 00:07:13,179
Where all of a sudden the grandparent will get a telephone call that sounds like it's coming from their grandchild.

77
00:07:13,349 --> 00:07:16,799
You know, saying, you know, Hey, I got this issue, an emergency issue.

78
00:07:17,009 --> 00:07:20,459
I've been arrested or, you know, I'm in a car crash.

79
00:07:20,499 --> 00:07:21,999
This is what's really, really growing now.

80
00:07:22,009 --> 00:07:25,389
Considerably are these types AI, the voice cloning.

81
00:07:25,694 --> 00:07:50,884
Using the influence technique of fear, there's a problem whether it's a family member that's in trouble and you want, and they need your help or they might be in trouble, you know, because you hear these scams that maybe the calls from the, the, from the social security administration or from the IRS or something that you're, you know, they're in trouble and, and it's totally like the fear factor that really, really gets their attention and, and gets them to do something quickly without really assessing it.

82
00:07:51,094 --> 00:07:54,784
You know, if they had time, they would think it through, but using the fear, right.

83
00:07:54,984 --> 00:07:58,544
They call it a scarcity technique, that if you don't resolve this issue right now, it's gonna get worse.

84
00:07:58,734 --> 00:08:00,464
Those scams seem to be working very, very well.

85
00:08:00,939 --> 00:08:03,279
Host: Is there  any seasonality to scams?

86
00:08:03,409 --> 00:08:06,489
Are people more likely to be targeted at particular times of the year?

87
00:08:06,539 --> 00:08:10,259
Peter Warmka: One of the biggest factors is when, it depends on what's going on in the world, right?

88
00:08:10,259 --> 00:08:18,869
And especially if there's been a major event that's taken place, like a natural disaster, like a, like an earthquake in some location, or, or the fires, or where people...

89
00:08:19,184 --> 00:08:22,234
There's a, there's a need now to collect money from people to help.

90
00:08:22,394 --> 00:08:30,654
So then, you know, all of a sudden you'll get all kinds of, uh, approaches to people claiming to be, you know, representing non profit groups that are collecting these money.

91
00:08:30,654 --> 00:08:33,304
So especially when it comes to seniors, that's very effective, right?

92
00:08:33,304 --> 00:08:37,344
The events are one thing, the, uh, also time of year for the elections.

93
00:08:37,704 --> 00:08:42,804
When, uh, COVID started, there were people were, were, were hungry for information.

94
00:08:43,024 --> 00:08:45,754
Everybody was getting out and trying to find as much information as possible.

95
00:08:46,004 --> 00:08:56,834
And that was a huge bump in, in, in scams and hacking attempts because of people getting that and, and, and pursuing information from sources that were not trustworthy.

96
00:08:57,204 --> 00:09:06,924
Times, you know, different things at times of the year, probably, you know, for the holidays, for specific times of the year when it, but more so when it comes to, uh, consumer shopping scams, you know, if you get a line looking for something.

97
00:09:07,379 --> 00:09:16,849
Even at Google, it's going to show you all the different companies compared to shopping at the prices and some of them might be almost identical across multiple outlets, but all of a sudden there's one that's like half the price.

98
00:09:17,139 --> 00:09:23,519
You click on that link, and if you just go immediately to buy it, you're giving your credit card, your name and your address and that's it.

99
00:09:23,709 --> 00:09:27,299
And if you do a further research into the website, there's probably not even a physical address.

100
00:09:27,449 --> 00:09:28,469
It's just a name, right?

101
00:09:28,799 --> 00:09:35,149
One of the problems in my, my opinion is that fortunately or unfortunately is that people are so used to not having to really pay for fraud.

102
00:09:35,359 --> 00:09:38,589
It's the credit card companies or it's the insurance that pays the price.

103
00:09:38,589 --> 00:09:50,579
And so I think if people, you know, were more accountable and feeling the financial burden when it comes to this type of consumer fraud, right, using a credit card, uh, there might be a little bit of a more, more concern.

104
00:09:51,384 --> 00:09:55,634
Host: You've  just released a new book aimed at one of the most vulnerable parts of the population.

105
00:09:55,764 --> 00:09:58,254
What's it called and where can people find it?

106
00:09:58,304 --> 00:10:00,794
Peter Warmka: The name of the book is called Why Are You Messing With Me?

107
00:10:01,034 --> 00:10:05,334
Senior Survival Guide on Fraud, Privacy, and Security.

108
00:10:05,554 --> 00:10:11,969
And it kind of starts with privacy, because the more that's known about us, The more we can be approached by different fraudsters.

109
00:10:12,219 --> 00:10:18,109
And it goes through security issues regarding physical security in your home, physical security on the street.

110
00:10:18,329 --> 00:10:25,649
And it goes through all the different types of security, how you might be approached via telephone or online and the different types of scams.

111
00:10:25,819 --> 00:10:32,589
Each of these areas is broken down to different chapters and it starts out with a story, a real story of what's happened to a victim.

112
00:10:32,749 --> 00:10:37,789
It provides the best practices and also ones that you might decide to incorporate in your life right now.

113
00:10:37,919 --> 00:10:39,189
And it's available on Amazon.

114
00:10:39,464 --> 00:10:43,434
Host: Peter, thanks for joining  us once again and stay safe out there.

115
00:10:43,484 --> 00:10:44,534
Peter Warmka: Well, thank you very much.

116
00:10:44,584 --> 00:10:45,074
Take care.