CTO at Faction Inc, leading the buildout of Faction’s multi-cloud data services platform.
getty
This is a public service announcement.
Recently Martin Casado, founder of Nicira and now a General Partner at Andreesen Horowitz (A16Z), tweeted:
"Just got off the phone with my dad. He had just spoken to "me" and was convinced I was in jail after a car accident and needed $10k bail. He was headed to the bank but decided to call me just in case (lucky I picked up, I’m in Japan). […]
"
In this era of ubiquitous AI, it’s time to make sure that we and our loved ones understand how easy it is to take advantage of us with naïve trust. If you’re an adult now, you’ve had a lot of years for your brain to build up trust that you could recognize people by their voice, or by sight. It’s time to unlearn that reflex.
The False Dmitry
AI may be enabling it, but history is peppered with tales of impostors, such as the story of the False Dmitriy in early 17th-century Russia. An audacious impersonator, he claimed to be the deceased son of Ivan the Terrible and leveraged a combination of cunning deceit and some peoples’ readiness to gather Polish support and eventually seize the Russian throne. Today’s imposters can do a lot with the tiniest fraction of that effort—but because their deceit is laser-targeted, and tries to immediately invoke fear to tamper with our rational thinking—they may be successful in coming after you or your family.
You’ve probably heard the term “deepfake”; a portmanteau of “deep learning,” which most of the AI models getting attention today are based on, and, well, "fake"—as in fake Dad, fake son, fake friend. These represent a quantum leap in the art of impersonation. Machine learning models have matured at a very rapid pace. The creation of realistic imitation voices has gone from possible to practical to easy in a matter of years. This isn’t the realm of the shadowy dark web—I use a media editor that can dub a realistic version of my voice on demand in seconds. This technology has come so far that a legitimate user can get video, translate the voice into a foreign language and sync the lips to the foreign language in real time.
That sets the stage—in our digitally connected world, a bad actor anywhere on earth can call you, and talk to you, without even speaking your language, with the voice, face and language of your loved one.
Time For An Old-School Defense
We’ve now probably all heard the story of “Shibboleth”; it was a password, but it was also effective because the people most likely to misappropriate it couldn’t pronounce it. In a world where SIM cards can be cloned along with your number, and your voice and likeness can be easily faked, what do you do to protect yourself and your loved ones?
You need your own authentication. But first and very importantly: remember that when you get contacted by someone claiming an identity, YOU need to do the authentication. Scammers already love to call you and pose as your bank or other institution, and then want you to give up your personal information because they “need to verify your identity.” Your first instinct any time someone calls you, and then wants to “verify” you should be that they are suspect. They initiated the conversation, so they knew who they were calling. But you should remember they could be anyone. That’s true whether they claim to be your bank or your Dad.
Do trade some pre-shared secrets with your loved ones. Only use them if other authentication methods aren’t available. Ideally, get the whole family using a free messaging service that supports two-factor authentication like WhatsApp, Telegram or Signal and ensure everyone commits to the two-factor authentication. Have a backup code, but if anyone has to use it, change it. When in doubt, get independent information and then verify it. If your loved one is calling from jail, find out what jail, then look up their number, then call them directly.
Educating Friends And Family
Awareness is the cornerstone of defense in the digital domain. It is imperative to inform friends, family and colleagues about the risks of digital impersonation and the value of passphrases. Providing them with the knowledge to recognize suspicious communications and the tools to verify identity can significantly reduce the risk of falling prey to digital deceit. This education is especially pertinent for those who may not be digital natives but are equally susceptible to such threats. This allows you to help protect the most vulnerable in your family; scammers often go after people who are less sophisticated with technology.
With easy access to such technology, it is looking increasingly like if we don’t educate ourselves, the scammers will do it by victimizing us. Take the time now to explain the dangers to your loved ones and set a pre-arranged secret in place that you can use if there’s no other way to verify someone’s identity. Show them some examples of deep fake-style tech at work—nothing like showing off real-time translation videos to amaze and educate—so they understand that for digital interactions, this is far from “Mission Impossible” technology now, it’s trivial and accessible.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
{Categories} *ALL*,_Category: Implications{/Categories}
{URL}https://www.forbes.com/sites/forbestechcouncil/2023/12/14/unlearning-trust-in-the-era-of-ai/{/URL}
{Author}Matthew Wallace, Forbes Councils Member{/Author}
{Image}https://imageio.forbes.com/specials-images/imageserve/63e292ad91acc2abf24c9763/0x0.jpg?format=jpg&height=600&width=1200&fit=bounds{/Image}
{Keywords}Innovation,/innovation,Innovation,/innovation,technology,standard{/Keywords}
{Source}Implications{/Source}
{Thumb}{/Thumb}