[Chronique de Alain McKenna] A loyalty card for cybercriminals

“Use our ransomware web platform and get a 10% discount on your next order!” » Is this a joke? No. This is the state of the not-so-obscure market for cybercrime tools, whose popularity will only cease the day we take cyberthreats more seriously.

In any case, this was said in mid-October, during the MTL connect conference, Bronwyn Boyle, IT security specialist for the German banking platform Mambu. Mme Boyle goes even further and warns that our ever more reckless use of platforms like the social network TikTok is attracting a lot of people with rather suspicious intentions like cybercriminal groups.

By using its filters, we are helping to improve TikTok’s (video trick) algorithms and, in the process, we are refining the tools that cybercriminals use to trap potential victims.

“By 2025, the technology of deepfakes will be used to create filters on TikTok,” predicts Bronwyn Boyle. “TikTok improves the algorithms behind these fake videos based on the use we make of its application. »

An alarming popularity

Fake videos are not just a cybercrime tool. The American actor Bruce Willis recently indicated that he was thinking of selling his image to an agency which could then produce videos that would star him forever. He will be able to pocket part of the royalties generated by these videos without even leaving his chair (or his possible coffin).

Lovers of Star Wars may also be reassured to learn that James Earl Jones, the actor who lends his voice to Darth Vader, has licensed his inimitable intonations so that an artificial intelligence reproduces them and so that the Sith Lord does not lose his voice when James Earl Jones loses his.

This technology also opens the door a little more to counterfeit content to take advantage of the naivety of the public or companies. For example, a bank manager receives a call and recognizes at the end of the line the voice of an important customer who confirms a transfer request that has just been sent to him by e-mail.

What the bank representative does not know is that both email and voice are generated by deceptive algorithms. He is the target of bank fraud. This phenomenon is not science fiction: frauds of this type have already made it possible to divert more than 26 billion US dollars from companies that are a little too naive, according to the firm Terranova Security.

The geopolitical implication of these rigged technologies is just as great. In early March, a counterfeit video of Ukrainian President Volodymyr Zelensky was released encouraging the Ukrainian military to lay down their arms and welcome the Russian army with open arms.

The day when an army will take such a bait may not be so far away…

The worst: there is no way to prevent the evolution of these cyber threats. A powerlessness reinforced by the emergence of cryptocurrencies which are ultimately financial tools that escape the authorities and, therefore, any form of protection and recourse for the public in the event of fraud.

And fraud, there are more than you think. We only have to cite the example of OneCoin, a cryptocurrency fraud that occurred in 2017 and which allowed its authors to steal 4 billion US dollars from Internet users who were a little too naive. We are still looking for the mastermind behind this operation.

“We can only talk about them and alert the public to their existence,” says specialist Bronwyn Boyle.

A beginning

This is unfortunately only the beginning. The next step is identification by eye shape and movement. This is the technique favored by companies like Meta to authenticate transactions that may one day occur in virtual or augmented reality environments. It will be enough to point a camera towards the face of the users to identify them.

The Quest Pro, the headset that Meta released in late October, already has everything it takes to do just that.

The problem is simple, adds Mme Boyle. “There is no way to prove that the algorithms used to identify people by their eyes will not also be available to cybercriminals who want to thwart the biometric systems of banks or other companies by stealing the identity of their customers. »

The solution may seem complicated, but it can be summed up simply: take these threats seriously before they become their next victim. Terranova Security recalls that two-thirds of workers do not care a bit about the security of the data they handle when they are in the office. It’s the IT department’s responsibility, not theirs, they say.

Same thing at home: thinking yourself unimportant enough to be the target of a sophisticated attack opens the door to schemes like fake videos and ransomware.

“As long as we continue to use the default password of our wifi router, hackers will have it very easy,” concludes Bronwyn Boyle.

It can hardly be easier than this: buy ten ransomware, get the eleventh free.

To see in video


source site-43

Latest