Crackers. They are everywhere, and better than you can imagine. They're smarter than you, me, and even those geeky people down the hall with a dozen more certs than I have or could want, and 15 years longer in the game - combined. Worst part is, there's no way to stop them anymore, unless you shut off the internet, which we all know isn't going to happen. I miss the days when installing a firewall and Antivirus was all you needed to keep them at bay. Things were much simpler then.
Today, it's a completely different game. And it scares me to be honest. They're using AI and neural networks to power their cause to the nth level. These systems aggregate data from everywhere, and I mean everywhere - clearnet and deepweb - especially social media, and then building highly sophisticated malware campaigns, that use this massive trove of data to bounce from continent to continent, changing IP ranges faster than we can block them, with techniques that aren't detected by even advanced security systems, faster than we can comprehend what's actually happening. Using real-time language translation, following local colloquialisms (on the fly) for their phishing campaigns, across any platform, in ways that are indecernable from a human doing the same thing, just better, faster, and constantly. By the way, this process happens in minutes - not days, weeks, or even months or years.
We humanz are feeding these AI's willingly, and have been for decades now. Unfortunately, it's already too late to change the situation. If you're reading this article, you're part of the problem too, just like me. The best we can do is minimize our exposure, and control what data is put on the web moving forward. In fact, it's all we can do. I liken it to sitting on a lit stick of dynamite but you can't see the fuse. You know it will explode, badly, but never when. And when it does finally pop, you quickly realize that was just the distraction. There's so much more on the back side of that. Think iceberg meets Titanic...we're on the top, barely staying above the water line and think "oh that's it" when what's really happening is multitudes worse. Let that sink in for a second. Grasp that concept and embrace it. Thats the cyber wilderness today.
As humanz, we're only capable of doing so much in our day. We need rest and fuel to function at our best. We spend months or years training and retraining, and educating ourselves, inventing new systems/processes to enhance our general experiences. Problem is, criminals don't care about any of that. They already know our next ten moves. We find a way to block them? They find a zero-day. Plus, Computers don't have human restrictions. As long as the power is on, they're always on. They don't see "time", that is a human construct. All a system sees is 1's and 0's. To these incredibly intelligent systems, we're just another node on the net. Another tool for them to expand their botnets and proliferate their cause, which is chaos, regardless of the source code. Crackers build the source code, plug its methods into a construct, and let it go. It learns exponentially, without further human interaction. It functions at the speed of light. It carries out actions that we see as malicious intent. To these machines, it's just another line of code. They don't see the emotional impact of taking over a user's machine, deleting all of its data in place of its own code or harvesting login credentials, and then using this new zombie as a stage to proliferate its cause creating more zombies, simply following it's source code. Achieving its purpose, whatever that may be.
So the question that comes up now is how does one minimize their exposure? Outside of a complete disconnect, which isn't 100% possible anymore with the amount of surveillance equipment running globally and the fact that the person sitting next to you has a smart phone that is listening (yes, they all listen), one of the best methods is to delete your social media accounts. Another compliment to that is to unsubscribe from every newsletter or website that isn't necessary for you to live, which cleans up your inboxes. Now for many, deleting social media is simply not an option. I get it. You get an endorphin hit with every 'Like' or comment on your posts. That's how it's designed, that's not your fault. You get a rush with every argument you start online. Trust me, I get the psychological need for these activities to occur. It's not me, but I still get it. So, for those of you not willing to delete your social media accounts, how can you minimize your exposure? Here's some tips. Be extra mindful about what you post to any online medium: Facebook, Twitter, Tumblr, Reddit, Instagram, LinkedIn, deep web forums, etc. Anything you post publicly will be aggregated by these AI's. Pictures (from which They can develop a facial recognition data from), speech patterns in comments (from which They can develop develop language recognition and translation data from, including local collquialisms), friends posts (which can be used for Them to make social connections, providing additional attack vectors and 'friendly' associations with which to use against you, and anyone else connected to you and your connections), and so on. Just like law enforcement recommends to not post on Facebook that you're going on vacation so thieves know when to rob your home, the same concept goes with being more secure online in general. If you wouldn't tell a stranger 'something' in real life, or wouldn't share a picture with your boss in real life (for example), don't do it online. One of the differences between real life and the internet is once you post it on the internet, it's there forever. Your boss is likely to forget 'something' you told them or shared with them in a few minutes. Computers never forget, even when you do. Remember that.
Another tip is don't reuse passwords across sites. That way if a site is compromised, the criminals can't exploit your other accounts with credential reuse (one of the most common attacks) and you don't have to change every password for every account you own (because they all used the same password). Get yourself a password manager, whether online or offline (I prefer the later personally), point is use one. There are plenty of options out there, the most popular ones I have seen in use are DashLane, LastPass, myki, and 1Password. I personally use KeepassX which is a 100% offline solution. That's what works for me, do what's best for you. The point is you need to use complex passwords that are different for every site and service you use.
Another tip is to setup 2FA/MFA for every account you can, especially bank accounts and email accounts. This gives you an extra layer of security in that not only do you need a password, but also a random code to authenticate into a given site/service. You can use an app like Google Authenticator, or Microsoft Authenticator, to store your 2FA/MFA tokens. That way, even if someone were able to figure out your password, they would also have to physically have your phone in hand in order to get in to your account. I recommend using an authenticator app versus SMS verifications because of the well know (but hard to exploit) SS7 vulnerability inherit to all mobile networks globally.
The SS7 vulnerability is well documented, you can read articles about what that is and how it works with some simple Google searches, so I won't go into what that is here.
My final tips for minimizing your exposure to the super intelligent AI's is use nicknames where ever possible, and don't use your actual picture (showing your face) as your profile picture on any site anywhere.
Now that I've completely scared you (and I hope I have) this is not to say that all AI is bad. In fact quite the contrary is true. AI is empowering our future, here and now. I use it in my professional life to help thwart cyber threats, to make my colleagues more efficient at their jobs, and to intelligently route phone calls through my call center. Many of us are touched every moment of every day by helpful AI. Power companies use AI to not only deliver services to us, but also to predict outages, etc. Siri, Cortana, Bixbi, and Google Assistant are all very helpful and non-malicious AI constructs that most of us use all the time. Scientists are using AI to develop cures for cancers. Banks use AI to provide us with loan approvals in seconds, and protect our accounts from criminals. The list truly does go on with the positives that AI brings to our modern world.
My point of telling you this and scaring the shit out of you? Awareness. Most of the connected world is still very much oblivious to what is really going on and how their online interactions affect everyone else who is connected. In my career I watch the good, bad, and ugly of our digital world unfold at a rate of billions of bytes per second. I watch these newly born AI constructs attack and protect at the same time. And while the nerd in me loves the digital world we live in and are evolving into, the Geek in me is always playing devils advocate asking why and how. Ever questioning for the real answer.
This is the world we live in today, and it will only continue to evolve in this way as time goes on. Next we'll hear about an AI being dropped into a quantum computer...and there's literally no telling what that system will decide once it realizes it exists. There's plenty of theories and conjectures, but no one really knows until we get there.
Stay safe and #CyberAware everyone. As always, feel free to comment if you have questions or want to discuss another point in greater detail. Just be mindful of what you post. They're watching us, after all 😁
