Skynet or Meatnet? Social Engineering and the Future.
I have talked about IoT and how that future can be a little grim. Of course the ultimate bad outcome of misapplied computing resources is the rogue AI that controls the world to the detriment of humanity. Remember Skynet?
In The Terminator, Skynet was a computer system developed for the U.S. military by the defense company Cyberdyne Systems, designed by Miles Bennett Dyson and his team. Skynet was originally built as a “Global Information Grid/Digitizal Defense Network”, and later given command over all computerized military hardware and systems, including the B-2 stealth bomber fleet and America’s entire nuclear weapons arsenal. The strategy behind Skynet’s creation was to remove the possibility of human error and slow reaction time to guarantee a fast, efficient response to enemy attack. – Wikipedia
Part of the problem here was the fact that the computer system developed ‘artificial consciousness’ that allowed it to act independently. Once able to do that, it ‘decided’ humanity was the threat that needed to be eliminated.
Today AI is a hot topic with a variety of applications. Machine learning is spurring advances in many endeavors, such as the contribution by a person known as deepfakes. This person has created an application that uses AI / machine learning to allow someone with no skills to put anyone’s face on any actors face in a film clip. As is unfortunately true with many technical advances, porn is the target. The first usage was to put well known legitimate actresses faces on the bodies of porn actresses.
Another application of machine learning is cited in this article. Combine the extensive reach of botnets with machine learning. Specifically the ability to
“ use swarm technology to leverage massive databases of expert knowledge comprised of billions of constantly updated bits of data in order to make accurate predictions.”
What does this allow botnets to do?
“botnets will evolve into hivenets, a type of attack that is able to leverage peer-based self-learning to target vulnerable systems with minimal supervision. “
So rather than wait around for some slow poke of a bot herder to decide what weakness to try to exploit, the hivenet will build a database of activity and what works and use that to decide how to proceed. Now without a need to sleep, the attacks can morph and increase at machine speed. Keep in mind the projections that IoT devices will continue to increase at a high rate, and since price is the driver we can expect poor security to continue to be an issue. This allows this increasing army of devices to be easy pickings for anyone looking for recruits.
Why did I mention deepfakes earlier? Well, let’s imagine our hivenet deciding that this might be a catchy subject for spam “I didn’t know you were in porn!!” and in the email is a link to click to see what is being referenced. Would you click on the link? Will your employees? Even if they don’t click on the links, these fakes could eventually be seen and used to manipulate someone.
In the Terminator franchise the battle was between Skynet and the human resistance. Even in the face of overwhelming fire power and computing power, the humans won out. There were casualties but Skynet was defeated.
What about the battle with the bad guys today? If you are going to do business today, you need to connect to the internet and you must allow email to come in and your employees / family members to get out on the ‘net. The bad guys are always learning how to attack and the hivenets will do likewise. Are you learning? Do you know what the common social engineering attacks are? This article lists six that work well.
While technology changes in a variety of ways, people are still people and social engineering still works. I suspect that much of what Kevin Mitnik did in the 70’s and 80’s would still work quite well today. The new technology just makes it easier.
Properly educated users can minimize (not eliminate completely) the damage that the bad guys can do. There will still be software bugs and hardware glitches but making users aware of how social engineering works and what the common attacks are and especially the ones that might be aimed at your business is essential. If you are going to win, you need your Meatnet at full strength. It is going to be a long war.