Visits: 8
– “Deep fake” makes it possible to imitate your voice and call the boss. Hackers can either break into Storting or lock you out of the smart home.
Courtesy Oslo University by Elina Melteig: The latest in digital threats is the so-called Deep fake scam. It’s the use of artificial intelligence to imitate voices, or video to be very realistic. Few of us are prepared for this kind of counterfeiting and threats. According to Professor Audun Jøsang, from the Department of Informatics at the University of Oslo, this is something all companies should get used to.
“Soon we won’t be able to pick up the phone and hear a familiar voice, or click into a team meeting and see a familiar face, and easily assume it’s a person we know,” says Jøsang.
There are already known examples of deep bogus fraud: A bank’s CFO was called in by someone he thought was the director. He was asked to transfer a few million dollars for a transaction they were supposed to complete.
The fridge can also be a spy
“Increasing amounts of scanning are increasing the attack surface,” said Dr. Siri Bromander, head of research at the IT security company Mnemonic. At the same time, we see that digitization has many advantages, so it will be an eternal trade-off that we must make.
Because what actually happens if someone breaks into the fridge? It’s one thing that it’s possible to gather information about yourself, but Jøsang points out that a lot can go wrong.
– It’s a matter of reliability, where we suddenly become dependent on a very complicated infrastructure. One example is when smart home service providers had downtime and people didn’t go in, turn off lights or regulate heating. For this to scale, robustness and consideration for digital security must be a strong focus, believes Jøsang.
You can do this to protect yourself
According to Jøsang, one solution is to have methods to ensure that the person we’re talking to is who they pretend to be. It’s about having a good safety culture. We teach children to look both ways before crossing a street. We must also have these security rules digitally.
– Some important elements to protect us today are that we use good passwords, we protect our passwords and we use two-factor authentication. Also, our digital devices must be up to date, says Bromander.
This is how researchers work with digital threat targeting
– Intelligence in general is information about something that is somewhat hidden and usually originates from the spy industry, explains Jøsang.
According to him, this also applies largely to digital. His field of research is to allow our own machines and networks to understand a data breach and be able to respond in what he calls cyber-relevant time-that is, as soon as a digital attack occurs.
– The biggest difference between physical and digital intelligence is in the type of information we process, the amount and format of it, explains Bromander. In the physical world, the amount of intelligence information is relatively limited and manageable for humans, while digitally there can be vast amounts of data that only computers can handle.
Jøsang illustrates the similarities between physical and digital intelligence, as customs officials, for example, need information about smuggling attempts. So one type of information will be the smuggler’s plate. Unfortunately, it’s easy for smugglers to change cars, making registration information totally useless. This is also the digital case, where hackers can easily change the IP address with which the computer browses the web. Even more interesting is the long-term useful information. It can be information about objectives or how the various threat actors operate.
States, activists and money launderers can be threatening actors
– In the digital space, we classify actors according to the type of motivation they have, explains Jøsang.
The main categories are activists, profitable criminals and nation states. Activists, such as the Anonymous group, often seek to influence. Those seeking financial gain often use so-called ransomware viruses, in which you have to pay to access your own machines and networks.
– The last group are nation-states that frequently seek information over time or to sabotage. They are usually the most advanced, explains Bromander. The Storting attack in 2018 is a typical example of what we found then.
Hackers can be different types of groups and it can be difficult to know exactly who they are and where they belong. However, they are often characterized by the type of attack they carry out or how they behave. According to Jøsang, some of the players are called APT groupings, which means Advanced Persistent Threat. These groups have many resources at their disposal with employees who have hacking as an eight to four job.
– They can be employed in the state, or sponsored, or just tolerated by the state, as long as they don’t attack targets in the same state, explains Jøsang.
Hacking is patient and purposeful work.
He goes on to say that advanced players are patient. They may be willing to wait months or even years to reach their goals.
– Tools and techniques can change quickly, but your strategic goals are often consistent over time, says Bromander.
Actors with long-term goals are continually working to establish themselves in the IT infrastructure in places where they hope to find the information they are looking for. When a digital attack occurs, hackers must first get in, just like a physical theft. Then they can “search” what exists of networks and infrastructure, as a thief would in a large house to see what is most valuable to bring with them. Unlike thieves, hackers can gain access to the available system and wait until they really need the information.
– In some places, you can see that several menacing actors are inside and just waiting for them to find the information they are looking for or that something is happening in the political world that allows them to take advantage of that access, explains Bromander.
This is what researchers want to know about hackers
When those working in IT security discover unwanted activity, they first try to find out how they got in. Then they assess how much they can learn about hackers, their targets and who they are.
– The simple technical elements of an attack are easy to change for a threat actor, but if we can see how they actually behave, what commands follow each other, and what techniques they use and in what order, that’s harder for one. actor to change, Bromander explains.
This information can also give you an idea of who is behind this. Among the things that can reveal a hacker’s origins are text in special alphabets or the time zone in which they operate. Sometimes it will also be proven that hackers plant “false flags”. A false flag can work in the wrong time zone to make it look like someone else is behind it.
Your email is the most common entry.
– What we’re most looking for is the first access we get, whether it’s a memory card or an email, says Bromander.
According to her, it is important to know the method of entry so that they do not enter again. Also, it is important to know that the network is monitored so that it is possible to locate players who have already joined.
– It is certainly a paradox that the biggest attack vector today is email or other types of messages. The safety barrier to stop it is primarily our conscience, which unfortunately is unreliable, says Jøsang.
During a normal working day, most employees in Norway will receive numerous emails that contain attachments or links. That means it doesn’t take much to make a mistake.
– But we must realize that everyone, including me, can be deceived. If an email was made especially for me, for example, if I received an email from you about this meeting with a message to take a look at the attachment, then of course I would have clicked on it, says Jøsang.
Are you an interesting victim of digital threats?
Threat actors, given enough time and resources, will be able to make thorough preparations to map out the context in which different people live and then build near-perfect deceptive emails. Most of us have experienced phishing emails with content that tries to deceive us, but most of them are mass produced. On the other hand, people exposed to special threat attacks are not just random recipients.
– One of the things that determines whether you will receive targeted attacks against you generally lies in your role or whether you have power. A politician has. We know that politicians in Norway are of interest to foreign countries, among other things, says Bromander.
However, you, as an individual, should have good security routines, even if you are not a politician or responsible for large money transfers.
Europe’s security strategy
At the heart of Jøsang’s research is making information “machine readable”. When an attack occurs, a report is usually written later in pdf format. This is shared with those you work with, whether in an industry or a group of countries. This is very hostile to machines, and Jøsang’s goal is for the machines themselves to be able to share information with other machines in “cyber-relevant time”, meaning the time it takes for a cyber attack. So this is no time to write a document and send it to others for interpretation.
At the time of writing, Jøsang is collaborating with other researchers to create a European platform for the exchange of this type of information.
– This is an important part of Europe’s strategy for digital sovereignty, so that Europe can become more independent from the United States, explains Jøsang.
In addition, he has researched collaborations with companies like mnemonic, which work in IT security.
– It’s not just us who drive innovation. Threat actors are involved in threat innovation and are at least as smart as we are, says Jøsang.
Related article: DNA enabled the TV series Biohackers data storage
Leave a Reply