Hackers Deepfaked the entire company board on a video call.
First, the millions, 25 of them. You may have seen the incredible story of the Hong Kong banker taken for $25 million after someone deepfaked the entire company board on a video call. Check out the story right here on my LinkedIn, and you’ll note my comment: – Technology has come a long way but I am not sure if I believe this story.
There’s a couple of things here. The first is that we should always maintain some level of scepticism with all the ‘fake news’, misinformation and disinformation flying around out there. There’s a lot of it where AI is concerned (the sky is falling, we’ll all be redundant this time next year, etc.), and yes, this is a technological groundswell which has implications for humanity which may range from the sublime to the ridiculous.
Sublime might be Elon Musk’s robot folding your clothes. Ridiculous might be someone falling for a deepfake discussion with the board.
The story goes that an unnamed exec working at an unnamed company wired $25 million after scammers staged ‘an authentic looking video call with multiple members of the company’s leadership team’.
Apparently the deepfakes were created using publicly available footage, with even the voices copied, with instructions for wiring a hefty $25 million made while avoiding interactive conversation.
Plausible? $25 million wire out of the blue with no cross checks? These execs feature in publicly accessible materials including their likenesses and voices, enabling the construction of deepfakes? I’m on a limb here, as they are anonymous, but I’m willing to bet they aren’t as popular as the likes of Taylor Swift and the Kardashians, making the faking somewhat less plausible.
The article itself concludes ‘the rapid advancements of generative AI mean that you can no longer believe anything you see or hear’. That may well be true, but not necessarily in the way intended. Did the dog really eat my homework? Was the crime committed using AI…or was AI used as a canard concealing an inside job? Occam’s Razor might tell us which scenario is more likely.
Microsoft Teams isn’t entirely secure
Now for the billions. Recently, also on LinkedIn, Jason Rebholz highlighted issues with Microsoft’s celebrated and much loved Teams. As most of you might know (and as most of us in cybersecurity certainly do!) default settings are often the devilish detail you really don’t want left alone.
Jason’s noted that anyone can inveigle their way into your Teams chats so long as you have their email address. You can imagine how this works: the hacker just gets a spoof mail through, even if it is by sending a legitimate email ‘by mistake’ or through any of the various phishing techniques. Suddenly, they’re sliding into your Teams, an (again, as Jason notes) bad things can happen.
Again, a couple of things. Microsoft telegraphs the billions it spends on cybersecurity and to be fair it has come a very long way from reputation for insecurity which dogged it through the early to mid-2000s. But, and most businesspeople probably have a far greater appreciation for this than, say, government departments do, spend is no measure of value.
Instead, the measure of value comes down to what you do with money spent (it isn’t an investment if the results of the spend don’t deliver expected or desirable outcomes). Spending on security is the same: always ask what you’re getting for your money.
And maybe make sure some of that goes towards appropriate configuration of software, services, and applications.
