Pete Recommends – Weekly highlights on cyber security issues, October 19, 2024

Subject: Deepfakes Can Fool Facial Recognition on Crypto Exchanges
Source: TechRepublic
https://www.techrepublic.com/article/ai-deepfake-video-crypto-accounts/

Creating new accounts under fake identities provides attackers with a way to launder money or commit fraud.

Generative AI deepfakes can stoke misinformation or manipulate images of real people for unsavory purposes. They can also help threat actors pass two-factor authentication, according to an Oct. 9 research report from Cato Networks’ CTRL Threat Research.

AI generates videos of fake people looking into a camera – The threat actor profiled by CTRL Threat Research — known by the handle ProKYC — uses deepfakes to forge government IDs and spoof facial recognition systems. The attacker sells the tool on the dark web to aspiring fraudsters, whose ultimate goal is to infiltrate cryptocurrency exchanges.

Some exchanges require a potential account holder to both submit a government ID and appear live in video. With generative AI, the attacker easily creates a realistic-looking image of a person’s face. ProKYC’s deepfake tool then slots that picture into a fake drivers license or passport.

The crypto exchanges’ facial recognition tests require brief proof that the person is present in front of the camera. The deepfake tool spoofs the camera and creates an AI-created image of a person looking left and right.

How to prevent new account fraud – Cato Research’s Chief Security Strategist Etay Maor offered several tips for organizations to prevent the creation of fake accounts using AI:

SEE ALSO: https://www.aarp.org/money/scams-fraud/info-2024/identity-fraud-report.html


Subject: FTC announces rule to make it easier to cancel subscriptions
Source: FTC via The Hill via WTAJ
https://www.wtaj.com/news/national-news/ftc-announces-rule-to-make-it-easier-to-cancel-subscriptions/

(The Hill) — The Federal Trade Commission is taking steps to make it easier for consumers to cancel digital subscriptions.The department will soon implement a “final click to cancel rule,” it announced on Wednesday, a move that will require sellers to make it “as easy for consumers to cancel their enrollment as it was to sign up.”

Most of the final rule’s provisions will go into effect 180 days after it is published in the Federal Register, the department said.

“Too often, businesses make people jump through endless hoops just to cancel a subscription,” FTC Commission Chair Lina Khan said in a statement. “The FTC’s rule will end these tricks and traps, saving Americans time and money. Nobody should be stuck paying for a service they no longer want.”

The new regulation is part of the FTC’s ongoing review of the 1973 Negative Option Rule, which aims to combat unfair or deceptive practices related to subscriptions, memberships, and other recurring payment programs in the digital economy.

[now, how about deleting accounts (and its data on you)? /pmw1]


Subject: There’s Never Been a Better Time to Delete Your 23andMe Data. Here’s How to Do It
Source: Gizmodo
https://gizmodo.com/theres-never-been-a-better-time-to-delete-your-23andme-data-heres-how-to-do-it-2000512323

The troubled startup has records of millions of Americans’ DNA and personal information.

Oh, sure, you can delete your account. There is a tutorial on the company’s website explaining how to do it. However, MIT Technology Review reports that, while the company will technically erase your account, it plans to hang onto a chunk of the information associated with it. For instance, if you’ve previously consented to sharing your anonymized genetic data with third parties, there’s no way for you to delete that information. At the same time, the company will also retain a vague amount of your genetic information, as well as information about your sex, birthday, email address, and details about your account deletion request, MIT writes. According to 23andMe’s privacy policy, it retains your genetic and birthday information to fulfill regulatory requirements.


Subject: New rules to boost cybersecurity of EU’s critical entities
Source: EU EC
https://ec.europa.eu/commission/presscorner/detail/en/ip_24_5342

Page contents

Top Quote(s)
Related topics
Print friendly pdf

The Commission has adopted today the first implementing rules on cybersecurity of critical entities and networks under the Directive on measures for high common level of cybersecurity across the Union (NIS2 Directive). This implementing act details cybersecurity risk management measures as well as the cases in which an incident should be considered significant and companies providing digital infrastructures and services should report it to national authorities. This is another major step in boosting the cyber resilience of Europe’s critical digital infrastructure….

For More Information


Subject: Emerging uses for virtual reality technology across various fields
Source: Android Headlines
https://www.androidheadlines.com/2024/10/emerging-uses-for-virtual-reality-technology-across-various-fields.html

Virtual reality (VR) has taken giant leaps over the past few years, evolving from a niche technology to a dynamic tool that is reshaping industries. While many associate VR with gaming and entertainment, it has found its way into various sectors, offering innovative solutions and creating new possibilities. Read on to delve into how this transformative technology is being used in diverse ways. …

In conclusion, the applications of VR technology are vast and varied, with the potential to impact numerous fields beyond what we initially imagined. Whether it’s creating a more immersive gaming experience, providing advanced training simulations, or revolutionizing medical education, VR is proving to be a game-changer. As technology continues to advance, we can only expect VR to become more integrated into our lives, offering new and exciting possibilities for the future. The journey of VR is just beginning, and its potential is as limitless as our imaginations.

Filed: https://www.androidheadlines.com/category/tech-news


Subject: FBI arrests man accused of hacking SEC’s X account in January
Source: Nextgov/FCW
https://www.nextgov.com/cybersecurity/2024/10/fbi-arrests-man-accused-hacking-secs-x-account-january/400346/

Using a fake ID, Council acquired a SIM card associated with the victim’s phone number at a mobile provider store in Huntsville, Alabama. He then bought a new iPhone with cash and, along with the SIM card, obtained access codes to the @SECGov X account, DOJ alleges.

He also searched online for terms like “SECGOV hack,” “telegram sim swap,” “how can I know for sure if I am being investigated by the FBI” and “What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them.”


Subject: For Customs and Border Protection, AI has been a ‘game-changer’
Source: FedScoop
https://fedscoop.com/customs-border-protection-ai-tools/

Tech leaders at the agency say AI tools have complemented border agents’ jobs.

The way that longtime Customs and Border Protection tech leader Mark James describes the agency’s artificial intelligence work is almost too perfect for a department charged with patrolling 6,000 miles of international land and another 2,000 miles of coastal waters.

“We’re sprawling in the entire AI space,” said James, CBP’s director of infrastructure and support services. “Actually, we can’t keep up with the use cases that we’re seeing.”

Speaking Wednesday at the Scoop News Group-produced Google Public Sector Summit in Washington, D.C., James and two other CBP officials dug into those use cases and detailed how the Department of Homeland Security component has leaned into the emerging technology.

Alalasundaram pointed specifically to Google’s Vertex AI system, which allows CBP staffers to “search across disparate data sources” and integrate that data into one entity. “It’s an absolute game-changer,” he said.

James said CBP has invested in network redundancy, which provides several paths for data to travel, in addition to “exploring smaller language models to support … that edge computation and to … get that mission out to the edge.”

AI-enabled video tools are also used at ports of entry and on the Southwest border, James said, detecting illicit materials and assessing threats. CBP’s use case inventory mentions an intelligent computer-assisted detection (ICAD) system that processes photographs and video taken by field imaging equipment and provides officers with intelligence on whether humans were captured in those images. Two other video-related AI use cases leverage machine vision to detect vehicles and monitor real-time streaming video.

Tagged:

Documents obtained by FedScoop show that the algorithms were “up and running” in 2019. The Federal Bureau of Investigation is using artificial intelligence to mine tips about potential threats but is revealing little about how the system actually works.Specifically, the bureau is using a system it calls the “Complaint Lead Value Probability” to prioritize tips by conducting algorithm scores and triaging, according to two versions of an agency AI disclosure. The technology, which is meant to help sort through the tips the FBI receives, is one of several AI tools employed by a bureau that also uses Amazon’s Rekognition software and drug signature algorithms.

Still, the FBI provides limited insight into how this system — which could theoretically determine the threats that get addressed — actually works. A recent public records request filed by FedScoop saw much of the information redacted, including a section on “scores” that could possibly reference the efficacy of the algorithms.The FBI, despite officials publicly commenting on the tool in the past, declined to answer a series of questions from FedScoop. The agency said it did not comment on documents obtained through public records requests. After FedScoop pointed out that the use case has been discussed publicly and in other public documents, the agency again said it declined to comment.

The “Threat Intake Processing System (TIPS) database uses artificial intelligence (AI) algorithms to accurately identify, prioritize, and process actionable tips in a timely manner,” one undated version of the Justice Department’s AI inventory states. “The AI used in this case helps to triage immediate threats in order to help FBI field offices and law enforcement respond to the most serious threats first. Based on the algorithm score, highest priority tips are first in the queue for human review.”

…Tagged:


Subject: The role of mobile technology in fraud and identity verification services
Source: Android Headlines
https://www.androidheadlines.com/2024/10/the-role-of-mobile-technology-in-fraud-and-identity-verification-services.html

In conclusion, mobile technology presents both challenges and opportunities in the fight against fraud. While cybercriminals are constantly developing new ways to exploit mobile vulnerabilities, identity verification services have risen to the challenge, using cutting-edge technology to ensuresecure access to digital accounts. As these systems become more advanced, businesses and consumers alike can benefit from enhanced protection in the mobile era.


Subject: AI Site Lists Chatbot of Girl Killed in 2006 — Her Family Had No Idea
Source: Business Insider
https://www.businessinsider.com/girl-murdered-jennifer-ann-crecente-character-ai-chatbot-artificial-intelligence-2024-10

  • Jennifer Ann Crecente, a high school girl murdered in 2006, recently reappeared as a chatbot on Character.ai.
  • Her father told BI that he discovered the bot on Wednesday — he never gave consent to use her likeness.
  • The bot was removed, but its existence raises ethical consequences about AI.

Crecente had no idea who created the chatbot or when it was made. He only knew that Google had indexed the bot that morning and sent him the alert at 4:30 a.m., which he’d set up to keep track of any mention of his daughter or his nonprofit.

In Jennifer Ann’s case, the bot used her name and yearbook photo, describing her as a “knowledgable and friendly AI character who can provide information on a wide range of topics.”

Drew Crecente said he contacted Character.ai through its customer support form, asking the company to remove the chatbot mimicking Jennifer Ann and to retain all data on who uploaded the profile.

“I wanted to make sure that they put measures in place so that no other account using my daughter’s name or my daughter’s likeness could be created in the future,” he said.

He received an automated response containing his case number but no further information.

Using AI to revive the dead – AI has been used to create personas of dead people before, including many who hope it can help them grieve the loss of a loved one. But the practice has raised ethical questions about the deceased’s consent, especially if the “resurrected” persona died before the advent of AI.

Crecente’s case is yet another example of new legal and ethical territory that AI has introduced to the world, Vincent Conitzer, head of technical AI engagement at the Institute for Ethics in AI at Oxford University, told BI.


Subject: US Government Recovered $4 Billion Worth of Fraud With AI
Source: tech.co
https://tech.co/news/us-govt-recovered-billions-fraud-ai

The agency has been using machine learning to comb through mountains of data in search of patterns that point to fraud.

Fortunately, the technology is being used for something useful, as the US government is reportedly putting a stop to fraud in a major way with AI at the helm.

US Government Uses AI Against Fraud – According to an announcement from the US Treasury Department, the agency has substantially cracked down on fraud over the last year, preventing and recovering more than $4 billion in fraud in 2024. The Treasury Department pointed out that this is a huge improvement year-on-year, after only preventing and recovering $652.7 million in 2023.

So, why the big improvement? Well, it turns out that the Treasury Department is using machine learning and artificial intelligence to bolster its defense in the face of fraudsters. And clearly, it’s working out.

How Is the Treasury Department Using AI to Combat Fraud? Now, to be clear, the US Treasury Department isn’t using generative AI technology — like ChatGPT and Google Gemini — to assist in its fraud detection. Instead, the agency is using simple machine learning to analyze the massive collection of data available, so that it can spot basic trends that are consistent with fraud.

Considering the US Treasury Department manages approximately 1.4 billion transactions to the tune of about $1.7 trillion for American citizens, it’s understandable that they might need a bit of help from AI to track and understand all that data.

Posted in: AI, Blockchain, Cryptocurrency, Cybersecurity, Economy, Financial System