Deepfakes and the War on Truth with Bogdan Botezatu

Chuck, I didn’t know we were going to do a show on the end of the world.

Yeah, it’s coming.

It’s coming.

But with the help of, like, AI and cybercrime and Deepfakes, and what hath we wrought upon ourselves?

Yeah, well, guess what?

Frankenstein’s monster, it’s…

Looking pretty tame.

Looking pretty tame.

Bring back Frankenstein.

Bring back Frankenstein, baby.

Coming up, an exploration of how we’re going to go to hell in a handbasket on StarTalk.

Welcome to StarTalk, your place in the universe where science and pop culture collide.

StarTalk begins right now.

This is StarTalk Special Edition.

Today, we’re going to talk about scams in the age of AI.

That it’s special edition means we’ve got Gary O’Reilly.

Gary, how are you doing?

I’m good.

All right.

Chuck Nice.

I am Chuck Nice and not an AI version of Chuck Nice.

AI imitates you better than you faking it.

Exactly.

So, Gary, this topic is way overdue or maybe it’s exactly when we need it.

Take us in.

I suppose scams, if you think of it, have been with us since people started to use money.

Oh, even before that, you can rest assured.

Before there was a system of currency, somebody was just like, so that’s an interesting bushel of wheat you have there.

A little barter scam.

Yeah, a little barter scam.

As a matter of fact, one of our most beloved childhood fairy tales is about a guy who trades the family cow for six magic beans.

Oh.

Which that was supposed to be a scam, but it turned out it worked out for him.

Lucky Jack.

Anyway, if you think about it now, right now, it feels like you can’t go an hour without a scam, a text, a call.

But how big is this problem?

Is it just me getting texts and calls, or is this really sort of a global problem?

I’m sorry, I’m gonna stop sending you those.

Yeah, I wish you would.

It’s all Chuck.

You know, but text, phone calls, emails, all of our connectivity into the landscape of humanity.

And now, as technology advances, how is that aiding, how is that abetting these bad actors?

I mean, tech has been supercharged by AI.

There’s no doubts about that.

And it begs the question, what is real?

What actually is real out there?

Can we believe what we can’t believe?

And we’re going to break down the Deepfakes.

We’re even going to get into the dead internet theory.

And if you don’t know what that is, stick around.

Oh, I got to stick around that.

You really are going to be in for a surprise.

Dead internet theory.

And then you’ll ask the question, are we all failing daily Turing tests?

What happens if it turns out the internet is all bots?

How about that?

Some of that, we’ll need an expert.

So we’ve got Bogdan Botezatu.

This title is cool.

I want this on my business card.

Director of Threat Research and Reporting.

Why I oughta.

At Bitdefender.

This is a company based in Romania.

But they’ve got offices, they want to protect the world.

And we’ve got them right here on StarTalk Special Edition.

I believe it was Bitdefender that helped Liam Neeson get his daughter back.

How do you work, Liam Neeson?

Welcome to StarTalk Special Edition.

Hi all, thanks for having me on the show.

Literally nobody will believe me that I’m shooting a video in such a great company.

Probably people at home will say that this is a deepfake and it’s going to be very difficult for me to contradict them.

Now, you’ve told us offline that you’d rather go by Bob.

It’s easier for everybody, yeah.

See that?

And look at that.

He says it’s easier, not for him, but for everybody.

And by that, he means Americans.

That’s what he means.

Because we’re some lazy and rash name people.

Yeah, because people are just like, you know, what is your name?

Bogdan Botezatu.

Yeah, I’m going to call you Bob.

You cool with that?

You cool with Bob?

We are so bad.

So, Bogdan, give us an idea of what it is globally, and maybe sort of land in the US a little bit more deeply, about the kind of numbers and statistics that we’re looking at in the present day as far as scams are concerned.

It’s very hard to put numbers next to the global landscape of scams because most of these scams go on deported.

Or if they go deported, they don’t get aggregated globally.

The thing is that there are some estimations.

GASA places, GASA which is the Global Anti-Scam Alliance, one of the most prominent organizations that deal with anti-scamming, they place scams at inflicting about $1 trillion of losses for 2024.

But…

Did you say T?

Yeah.

Trillion?

Yeah, $1 trillion.

Let me just say I’m in the wrong business.

OK.

It’s time to start scams.

I mean, I have now begun to sit uncomfortably.

And it’s not the chair.

It’s…

If it’s a trillion dollars, are you saying that’s the guess or is that that’s reported?

But most of them go unreported.

So that $1 trillion could be an awful lot more.

Probably it’s in between.

The global cybercrime market is around $9 trillion, which means that $1 trillion for just scamming people would be reasonable.

It is very conservative.

It is.

But the thing is that not all scams get reported.

There’s people who are ashamed of admitting they have lost huge amounts of money.

If you look around and talk to these people who got scammed, you’ll realize that they haven’t lost like $100 or $500.

They have lost hundreds of thousands of dollars.

Because these kinds of scams run for a very long time.

People gain their victim’s trust and then they proceed to inflict the maximum amount of damage they can.

The other thing is that while probably the FBI has stats for what’s going on in the United States, there are so many other countries that are affected by scams, which do not report centrally what they have registered in each country or each region.

So it’s very difficult to tell how much money people have lost to scams.

But one trillion dollar seems an awful lot of money lost.

You think?

What are the weapons of choice here for scammers?

I think all of us have experienced some kind of phishing email.

But what other weapons are scammers using to get at us?

Or tactics as well?

In terms of attack avenues, hackers have a huge variety.

They prefer instant messaging or direct phone calls because they’re very immersive.

They can apply pressure and that sense of urgency that makes victims comply faster or hold victim easier.

Email is a kind of static means of communication because you’re getting the email, you’re reading it through, you’re pausing a little bit and then you’re like hmm, maybe answering this email or healing the call is not a good thing.

But when you’re woken up at night via instant messaging, hey, this is your bank, your account is being depleted as we’re texting, please call us back to find a way to block these transactions.

Well, you will be likely to respond to that.

So we have instant messaging, we have short messaging, we have phone, we have mass communications because there’s a type of scams that goes one too many.

We have mass advertising and business social media account compromise.

I will detail a little bit later about that.

What’s with the phone call that you get it, you pick it up and there’s silence on the end?

Because that kind of spooks people out.

Everybody knows that one.

So what’s the angle there?

I have two theories.

One is technical and one is a little bit of a scenario that if true, we’re completely condemned.

I started with the first one.

One likely chance of these phone calls is technical glitches.

You know, scammers use very complex software to spoof their numbers.

They use voice over IP gateways to make it look like they’re calling from the same country as you and so on.

So there’s a lot of room for failure when involving this kind of call center grade software.

Sometimes calls hang up.

There’s glitches that put the speaker, the operator on pause and so on.

So probably there’s a technical error that prevents the cyber criminal from getting in touch with you.

The other one is, well, I’d say a superstition of mine.

How do you answer your phone with hello?

Yes?

Maybe?

No, I answer like this.

Who is this?

Sorry, go ahead.

Fair enough.

Because some people, in some geographies, for instance, they will answer with not hello, but yes.

Most of Europe has yes as an opening line when you’re getting called.

What happens if somebody is building a massive database of words, of yes, of acknowledgement, of confirmations?

If I’m answering my phone and somebody records me saying yes to them, where can they play that back to bypass some authentication or confirm a choice of mine?

Well, voice is biometrics, right?

Sometimes saying yes to something becomes contractual, like it substitutes your signature.

What if somebody, a threat actor or a threat actor group, might ask for confirmations from people?

No, that makes sense.

So what they’re doing is they’re capturing your voice.

Yeah.

If I told people 10 years ago that based on a two-minute conversation that we had on phone, somebody will be able to spoof my voice and impersonate me everywhere for tens of minutes or hours, would they have believed me back then?

So Bogdan, looking at that aspect of it, if you’ve got new technologies, which we know are evolving rapidly, if not quicker, how do we get into Deepfakes?

How prevalent is the Deepfakes scam now on the landscape?

They’re very prevalent and they’re making most of the victims.

I was telling you that I’m clustering scams on a one-on-one type and on many types.

One-on-one scams are those that happen in instant messaging where you’re getting approached by a stranger and they try to earn your trust and then they will guide you towards some type of scam.

There’s one to many types of scam communication that is massively aided by Deepfakes.

Cyber criminals are building Deepfakes with people that the world recognizes and trusts, like you folks, right?

Like you are online influencers.

Cyber criminals have a lot of footage with you that they can use to train algorithms and people tend to listen to you because that’s what they do with key influencers.

There’s also politicians, doctors who are very famous and they become the base of Deepfakes.

With these Deepfakes, cyber criminals start promoting all types of scams from medical supplements to huge crypto investments.

You name it, they have an opportunity for everything.

These Deepfakes get broadcast either on stolen YouTube accounts or on social media posts that are boosted by paying for advertisements.

They use the trust given by the figure that has been impersonated and they are using large channels to reach huge audiences.

And from there on, of course, some people will fall victim to the scam.

They will heed the call to action, which is normally visit this page or call this number and sign up for this opportunity.

So this is how Deepfakes work.

We took a look at what’s going on now and we see that there are tens of thousands of such ads running on social networks.

There are large YouTube accounts that have been compromised and used as a billboard for crypto scams.

One of the largest accounts that has been compromised had 28 million subscribers.

So when hackers got the hold of that account, they were able to broadcast the Deepfake to 28 million potential victims.

That’s more than Romania has population.

Wow.

So if you can indulge me, I want to tell you that when I fell for a Deepfake, I actually fell for one and I’m embarrassed as hell.

But it was very sophisticated.

Which you have to say because you fell for it.

Why you got to hurt a brother?

You know.

Why you got to hurt a brother?

Did I set your lawn on fire?

I’m just saying, you can’t say this was a simple Deepfake.

I’ll let you be the judge of whether or not it was sophisticated.

Okay.

So here’s the deal.

There was a Deepfake of Sam Harris, who happens to be somebody I respect, okay?

How they knew that, I don’t know.

But it came into my feed.

And he was touting a very specific kind of product, not a brand, nothing, just a kind of product, okay?

So I looked it up.

And of course, they have, you know, they have your search history and all that kind of stuff, right?

Yeah.

So then I received a very specific ad for the product, okay?

So Deepfake, right?

I respond with just a search.

And then the search responds back to me with more information.

And then over the course of like this back and forth amplification, I bought the product.

You dumbass.

Okay.

So Bogdan, what you’ve just described there.

I knew he was going to do it.

You’re just lacking some empathy, Neil.

I’m sorry.

Enough with this man here.

Go.

Is that a common template that you’re seeing with a Deepfake?

This is AI going full circle.

So the AI is building the billboard that will sell to you.

The AI algorithms on social networks will know how to profile you and what had to serve you for maximum efficiency.

And then from there on, you will be chased by ads, all pointing to the same product until you’re ready to shop.

So cyber criminals work most of the time like corporations.

So they have their own product division that builds the Deepfake.

They have the translation division that builds the multi-language content.

They have the web dev team that keeps the servers running for the scam pages to reach you.

And they will have quality assurance and sales support.

You mentioned before that we partner with law enforcement.

Yes, that’s something that we normally do on high profile cases.

And scams are some part of these law enforcement corporations.

What we learned about is that these cyber crime businesses have call centers that take people’s calls and sign them up for various stuff.

People employed in these call centers are screened before employment with lie detectors to make sure that they’re not undercover cops, to make sure that they will not betray the call center’s cause and so on.

So this is Cyber Crime Incorporated.

It’s not a scam business ran out of somebody’s basement.

It’s business that cyber criminals have invested money in order to make more money.

Wow.

I mean, that’s infrastructure.

Is there a specific demographic that these organized scammers are looking at?

Is it gender-based?

Is it an age group?

Is it geographical?

What is it?

Or is it just what will take anyone’s money, we don’t care?

Is it a black comedian who co-hosts the podcast?

I hear that’s a very popular demo with the scammers.

In the end, everybody is welcome to put their money on the table and leave it there.

That’s perfectly fine with cyber criminals, but they have various approaches because they don’t have a scamming syndicate yet.

They’re not unionized in a way that would allow them to organize in order to target demographics, right?

So what they will do is find out a local scam that converts well.

That depends where you are, right?

In some places of the world, for instance, leaking out your social security number is huge, right?

And will bring you a lot of hurt in the foreseeable future.

In Europe, for instance, some parts of Europe, leaking out your social security number doesn’t have any value.

It’s pseudo-publical, actually.

So cybercriminals are looking for information or types of scams that convert well in the region.

They don’t target demographics, but they are focusing on specific aspects.

Some of them are focused on non-man scams, for instance.

They will target men more than women because it looks like men are much more horny and desperate and lonely.

No, careless when it comes to sharing information with partners, right?

Women are a little bit more reserved.

They don’t go as fast and as far as the male population, but they still, when they fall for the scam, they fall the hardest.

To answer your question, I wouldn’t say that cybercriminals are targeting demographics, but rather that there are specialized cybercrime groups that prefer one type of scam over another.

And us getting targeted by so many scam groups on a daily basis would look like there’s something very structured as the same organization targeting different demographics with different tactics, while it was about us getting targeted by multiple cybercrime rings at the same time.

So business is good.

That’s basically what you’re saying.

No, but we’re in a different space there because people would not necessarily do a deepfake to extort who and what we are, but they can deepfake our integrity, our name, our authenticity.

And there’s one case where someone just scripted this narration about the Big Bang.

It was like 85% correct.

And I got fully deepfaked into being the narrator, the person speaking those words, showing me in a podcast setting.

And it went online and it got boatloads of views.

Well, there’s the money.

Well, I guess, okay.

So there’s the incentive.

And even a good friend of mine, Terry Crews, who is himself an actor and a public figure, he texted me and said, Neil, this is great.

This is great what you did here.

And I said, what?

And I looked at it and I said, that’s not me.

That’s not me.

And a funny thing, I don’t want to say this publicly, but maybe I could or should or will it matter.

When I speak, my words have way more rhythm to them than that Deepfake did.

Okay.

I’m just saying I know me when I’m speaking.

And when somebody’s not me speaking, even if they’re using my word, I know it ain’t me.

Anyhow, it fooled him.

And so this is-

Also the Deepfake sounded like it was on helium.

You know, when you look at it, it’s at the universe.

It was missing some of the timbre of the lower registers of my voice.

So my only point there is, so yeah, 15% of it was either misleading or wrong.

And there have been others where, just as Chuck was duped by a Deepfake of Sam Harris, there was a Deepfake of me commenting on a video game release.

And people thought it was real.

And it was almost comical, but it was, so-

This is Neil deGrasse Tyson.

I too like sitting in my mother’s basement.

As I’m playing this video game right now.

So what do we do?

We call you, the companies like you.

What happens?

And are we a lower priority?

Because no, they’re not draining our bank account yet.

Where do we fit in that spectrum?

My guess is that what you described is a crime that has two distinct victims.

The first one is you, because you have just become an unwitting accessory to a bigger scheme that was shown to a potential public.

Your reputation is at damage here, and that somehow can be controlled because you have the leverage to report that video to the hosting platform and probably take it off, but you have still presented some information you.

That version of you has presented some, maybe misaligned information to your potential audience.

And that’s how Deepfakes normally run.

Cybercriminals pick up a very prominent figure, like a president, a bank governor, a medic, and then they place a discourse on top of the video.

And they will attempt to convince people that what that person is saying is true, right?

The people will flock to heed the call to action and probably will lose money.

So for some people, there is the reputation of damage.

That’s you, the persons that get impersonated.

For some other people, it’s the financial loss that they have caused themselves when they heeded your call.

No, you don’t call Bitdefender for that.

You call the platform and have the video already moved.

You use your outreach to tell the people that you’re being impersonated and they should do their due diligence.

And you also might want to educate the users, which we are actually doing right now.

We’re talking about deepfakes.

We’re talking about the possibility that everybody can create an online version of us with different hidden agenda.

And I think that this educational part is the most important.

Speaking of education, are there telltale signs that you’re looking at a deepfake or hearing a deepfake?

Now, Neil said that the cadence of his speech was kind of a giveaway to him when he saw it, but are there things that we can as laypeople look at in a deepfake and say, oh, if I see this, this and this, most likely or definitely, this is a deepfake?

And you tell that to the deepfake and next time it doesn’t do that.

This is so crazy.

We’re never losing game.

Yeah, we are.

But are there right now that we know of?

I would say yes and no.

For starters, there are a couple of telltale signs, like maybe poor lip synchronization or some sort of artifacts introduced by the AI.

If you remember, a while ago, the AI used to have a very difficult time aligning teeth or representing the amount of fingers.

But that changes in time.

As technology evolves, these things get perfected.

And what I’m trying to say is that we should rely less on technical artifacts or telltale signs to tell a scam and focus more on the likelihood that what we’re hearing and seeing is real.

I saw the impersonating videos that Neil sent over.

And when we analyzed them, we focused on, let’s say, a couple of key elements that will demolish the story.

Like Neil, Neil is a very knowledgeable person in the science field.

He wouldn’t spend much time commenting games, right?

He wouldn’t use that language.

He wouldn’t be recommending products.

He would not do that.

Probably, we are going to need that, the upcoming versions of our technologies for fighting scams to include deep knowledge about public people or the most prominent people in the world that are likely to fall victims of impersonation and create some sort of a, what would that person do recommend, speak about, discuss publicly and so on.

Very, very important fact.

Because that video game review, it had a lot of vulgarity in it.

Right.

And I’m not a vulgar guy.

I’m not that guy.

Plus, I don’t.

Well, you never sell anything either.

I don’t sell anything.

Right.

So if you ever see like, hi, this is Neil deGrasse Tyson for delicious Buffy Bison beef jerky.

You know, it’s not real.

It’s just not real.

Yeah, there’s even pressure for me to sell things for the ad spots of this podcast.

I don’t do that.

All right.

Gary and I are the whores that do that.

It’s Gary.

You’re welcome, Neil.

You’re protecting my…

Thank you.

That was our pimp.

We are here on these streets.

That opens up a lot of opportunities because whenever you’re misbehaving or do reckless things, you can say, it’s an impersonation.

I’m not doing that normally.

Right.

Okay.

Bogdan, we’ve seen and you’ve explained it brilliantly, thank you, about the development and use of technologies to bring forward different levels, different types of scams and deepfakes.

How much of this is pre-planned psychological attack on victims?

And how is, how are scammers building in a psychological aspect to this?

My theory is that 90% of the scams are psychology and probably 10% technology and science.

That’s because scamming people is actually hacking into their brain, right?

Pushing some buttons that generate emotions.

Every type of scam that we have analyzed has some sort of psychological cues that cyber criminals want to pick up.

Let’s take failed package deliveries.

You become curious about where did the package come from and what might be in it.

That’s enough for your brain to switch off the rattling sound that says, hey, probably what that link you’re going to follow will lead you to a phishing page.

The brain no longer listens to these warning signs.

You have romance scams where cyber criminals are exploiting and preying on the lonely.

They don’t target people who are using technology.

They are targeting people who are feeling lonely and they are feeling so lonely that they will be willing to spend all the day talking to a stranger who inadvertently sent a message because they misspelt a phone number.

We have cyber criminals that prey on the natural greed that people feel, like get rich quick.

Now would you like to multiply your money 10 times?

They’re again, they’re not trying to demonstrate an economic impossibility.

They will try to push that button that says, hey, I need more money because that’s the human nature.

So probably most of the scams that we face on a daily basis are psychology and technology just widens the net, makes cyber criminals more effective, makes them capable of targeting people who are in a different geographic region speaking a different language.

A couple of days ago I got texted by a scammer on an instant messaging platform and they wrote the message in Romania.

And I do what I usually do, answering Finnish.

Finnish is a very niche language.

There’s like what, four million people speaking an almost impossible language that it’s very difficult to understand.

And that’s, you know, that’s my tuning test.

If you’re able to reply me in Finnish, you’re a bot.

Guess what they did?

They removed the first message and replied in Finnish.

And they carried the conversation for a couple of messages.

Sometimes they would revert back to Romanian, delete the message and then replace it with the Finnish translation.

And they would do that in almost real time.

So what I’m trying to say here is that technology is an enabler for them.

They are using the same psychological patterns that I talked about.

But now they’re able to cast a wider net because they have APIs to mass mail, mass communicate with people.

They have real time translation to help them address markets that were impossible for them.

And they have huge opportunities on the payment scale because credit cards are universal.

And if credit cards don’t do the trick, then probably you’re going to have to exchange real money into bitcoins for cryptocurrencies.

And API stands for what?

Remind me.

It’s Advanced Programming Interface.

It’s a way that you can hook up, let’s say, an instant messaging application to a computer to mass communicate with dozens, thousands of people at the same time.

Wow.

So I think it’s, you know, I may sound cliche when I say this, but this is what I was taught my entire life, that one, you don’t get something for nothing.

Two, if it’s too good to be true, then it’s not.

And three, and this is the part that’s very hard, don’t ever want to believe something more than you want the truth.

Because if you want to believe something, you will discard everything to get to your belief, to see your belief confirmed.

You left out a fourth one.

What’s that?

Don’t be a dumbass.

That’s my rule.

Those were my parents’ rules.

None so blind as those who refuse to see is kind of like another way of rephrasing that.

And talking of phraseology, I think we just, us three here, have learned recently some scamming language.

Firstly, I’ll ask you to break them down.

One is honeypot.

The other is pigbutchering.

So which one?

Well, one sounds pretty good.

Yeah.

And it ain’t a honeypot.

Oh.

So Bogdan, could you break down each phrase for us so we understand and gives our audience an understanding as well?

I like the way you have split them into adversarial language and good guys language.

I’ll start with pigbutchering.

This is a type of scam that has been going on for quite a while.

It’s very popular in Southeast Asia.

That’s where it got its name from.

Because it technically means fattening up the pig before you sacrifice it.

And that’s what cyber criminals are doing to the victims.

They gain their trust.

They keep conversations going on for weeks, maybe months, trying to gain their trust and get as close to them as possible.

And when they earn the trust, they’re going to create massive financial losses because they already have that person’s trust.

A very common pig butchering type of attack is somebody texting you normally with an opposite sex handle.

Like if you’re a man, they will impersonate a woman.

And they will be asking you, Hey, this is Jennifer.

How far away are you from the airport?

Because I’m kind of losing patience here.

You were supposed to pick me up at 10.

And you look at the phone and answer, Hey, you have the wrong number.

Probably you want to sort it out with your taxi cab, Uber driver, whatever.

They will reply, Hey, thank you for being so kind.

By the way, I’m visiting the city.

I want to see what your city offers.

Do you have any recommendations?

And they kick off a conversation.

And they will entertain that conversation with the victim for months.

They will exchange photos that are created with a deepfake technology.

They will create videos.

They will gain your trust up until some point where they start working at the con.

Hey, look, I’m doing just fine.

I have invested in cryptocurrency a while ago and now I’m reaping the rewards.

We’ve been meeting online for quite a while.

So I’ll tell you my secret.

Let me teach you how to invest a little bit of money to multiply it 10 times, well, 20 times and so on.

And they will start working on this financial fraud when you have finally finally fallen in love with them.

I’ve been talking to people who have lost significant amounts of money.

Wait, wait, they have yet to meet these people.

They fall in love via electrons.

Yes.

And you know, emotion is emotion regardless of the vector.

So reminds me of that joke.

Why is love on the wireless spectrum?

Because it’s measured in hertz.

Oh, look at that.

Good one.

I’ll be here all week.

So people fall in love and they’re looking forward to meeting the other one.

But it’s never a good opportunity for that because of travel, because of all these things.

And eventually people end up losing a lot of money.

We’ve been investigating a couple of these scams.

And the sad thing was that people who had lost hundreds of thousands of dollars were like, you know what, I don’t care about the money.

I don’t have anybody to wake up to and text.

Whoa.

That’s sad.

The psychological damage is sometimes much more impactful for them than the financial damage.

Wow.

Wow.

So, all right.

Wait, wait.

So this sets up the plot for the movie Her, where just let the AI be your companion.

Fall in love with AI.

And the AI is not going to try to take your money.

Take your money?

Yeah.

Chachie PT., I don’t think it wants to take your money, but it’ll totally make you think you’re in love with it if you ask it the right questions.

That’s true.

So we have solutions for this.

I have a very limited movie culture, but my assumption is that that movie didn’t end well.

Yeah.

You may be right.

So we’ve done pigbuttering.

Can you just open up the honeypot for us?

Let’s see inside.

The honeypot.

We have a couple of technologies that we call honeypots.

It’s something that researchers normally do.

That’s a computer or a connected system that poses like it’s a victim.

A honeypot is used by cybersecurity researchers to attract cybercriminals.

And they will attempt to hack into that machine, thinking that it’s a real user on the Internet.

It’s somebody’s computer.

And they will attempt to exercise the prowess to hack into that.

And the machine, instead of just letting it through, it records every step of the attack for us to be able to decompose the way cybercriminals got in.

That brings a lot of value for us because it helps us understand how the criminals are operating on the Internet, what tactics and tools they’re using, how they’re approaching this puzzle of hacking into somebody’s computer, and what are the telltale signs that we can use in an early stage of the attack to block them.

We use honeypots for various things, for collecting virus samples, for instance.

We use honeypots for IoT devices to see how cyber criminals are harvesting IoT devices and building large armies of zombie devices that are using them to attack civilian targets.

We are using honeypots for recording scam conversations and extracting red flags in that conversation that will help the victim identify when they’re being scammed.

So that’s a very short definition of the honeypot.

So honeypot is the good guys’ tools.

Yes, a honeypot is normally somebody’s way of staying up to date with the latest tactics in the hacking world.

Okay, so I’m glad that exists.

You’ve just described The Honeypot and The Pitbull Tremors.

Thank you.

And now you’ve kind of closed off both ends.

Is anything out there real?

I mean, most of this thing happens on the internet, and I’m just wondering now, is anything actually real out there?

Is it all great?

You mean real human?

You mean, is it human?

I mean, we know the victims themselves are generally humans, and there’s very rarely a victimless scam.

But is anything real?

Just really, honestly, anything real out there yet?

Yeah.

Pretty much everything is real because we’re starting to use the Internet.

We have started to use the Internet for real stuff a while ago.

Nuclear power plants are being controlled over the Internet.

The world money flows through the Internet from one bank to another.

Our communications flow from one end of the Internet to another.

Our dreams, our fantasies, everything is on the Internet.

So that’s where the bad guys are lurking, right?

My guess is that your question is like, are we still more humans on the Internet than probably bots or scripts or automations or artificial intelligence algorithms that are building content?

Yes, there are way more people on the Internet than bots.

That’s what the bots want you to think.

Look, if you take a look at what’s happening on social media, there’s a lot of video being created by humans.

Is it useful?

Definitely not, right?

People dancing all over or sharing that experience is really not useful for the largest part of humankind.

But it’s still video created by people.

They have put effort in doing that.

Yes, there’s much more content being created by humans at this point than by AI.

AI and bots are mostly being used for scraping this content, content that will be eventually used for training artificial intelligence algorithms.

You don’t really see right now a dead internet theory being the reality.

You still think the human presence is there.

Is it likely the future of the internet will be exactly that, and it’s going to be 100% bot?

There’s going to be a lot of automation, but most of those consuming the content will still be humans.

So regardless of how much content is being produced, there’s still going to be people on the internet consuming that content.

OK, I don’t mind being a person on the internet being entertained by AI-created content, as long as I’m not fooled into thinking it’s anything other than that.

In the film Blade Runner, based on the story by Philip K.

Dick, Do Androids Dream of Electric Sheep?

That’s the original short story.

It’s a great title.

Yeah, it’s a great title.

In it, there’s a whole system in place where there are people trained to test the replicants to see if they’re actually replicants.

Because they’re so well made, they have to put them through a psychological stress test where you know how a human would react, whereas the replicants, the AI computer versions of us would not and they would fail.

And the fact that that test was so subtle, and this move, this story was written 50 years ago.

So is there any way today that we mentioned this earlier, but I’m just saying in a Turing test, if you’re going to have a conversation, are there questions we can ask?

Is there something about the video we can detect?

Is this other than my voice cadence and other things that I know about myself?

How do we defend ourselves?

Your company is called Bitdefender.

So let me hear the defensive line.

Help me, Bitdefender.

Help me.

The AI and Deepfake front is opened relatively recently.

We didn’t have it five years ago.

We didn’t have it ten years ago.

You know, most of our defenses as humanity will evolve around staying safe from phishing links, from malware, from what I would tell traditional endpoint security.

When it comes to artificial intelligence and AI-generated content, it’s already here.

We have a couple of dozens of very famous online influencers that are ran by artificial intelligence.

There are a couple of Instagram accounts that have millions of subscribers and the person does not exist.

The only thing that exists is an AI algorithm that’s building content to order.

Well, unfortunately, there is no defense against that.

And would we need a defense to that?

Or would we need a defense to probably some nefarious goals that the AI content will attempt to lead us to?

And here’s what we’re trying to do here.

We’re trying to help people understand the red flags in communication, understand this information, understand the likelihood of something that they’re exposed to being real.

And probably that will be the future of technology.

Not necessarily detecting that some content is created by AI, but rather the fact that that content created by whoever is malicious and will have an impact on you and your security.

So when it comes to malicious intent on behalf of interactions, internet interactions, are there some hard and fast simple rules that we can follow, like the way you answer an email or the way you answer if someone were to call you, the way you do or do not offer up information?

Are there some simple rules that will help somebody not fall prey to a scam?

You are asking all the hard questions.

This is a very important topic for me because these nefarious interactions that you described can be used by a commercial actor, for instance, to make you behave in a specific way that will result in loss of money.

But they’re also used as hybrid warfare now.

This information is a big part of that.

It doesn’t have that kind of structure that makes it obvious.

It doesn’t have that call to action that would let me know that the message is wrong, false or leading to unintended consequences.

The fact that we have Deepfakes talking about, I would say, political stuff, impersonations, hidden agendas and so on, will help an adversary dilute our amount of trust.

They will cause uncertainty.

They will reach the goal by making us question everything and ultimately not caring about the message because we cannot distinguish what’s wrong from the right, what’s true from the false and so on.

So not sure if this answers the question, but that’s probably the best answer I can give at this point.

All right.

Well, how about this?

And maybe I should have done some research before we sat down for the show.

But what does Bitdefender do?

Like, you know, how do you guys defend against this stuff?

If I were to have Bitdefender on my computer, what would it do for me?

Yeah, if all you do is find it, and plus, is there prosecution at the end of this?

What fraction of all offenders are prosecuted?

Because apparently with a $9 trillion fraud market, it can’t be a lot.

It ain’t a lot.

Well, but that’s what I’m saying.

Like, that right there lets you know that this is ubiquitous and it’s proliferating.

So like, it sounds to me like when you call yourself Bitdefender, maybe there’s a real need for you to be on my computer.

But what am I putting you on my computer to do is what I’m trying to figure out.

And I’m not trying to do a commercial here.

I am genuinely interested.

Cybersecurity is a fundamental part of the way we’re interacting with technology right now.

I don’t want to ring my bells here, but security solutions are fundamental to how our end or our day starts and ends.

And they made a difference between another day at the office and the complete disaster where you have lost all your money or your data at the end of the day.

So what does Bitdefender do?

We build cybersecurity solutions and technologies that help people stay safe from all sorts of cyber threats.

We started with what’s commonly known as antivirus back in the 90s.

When the internet was booming and when computers became a fundamental part of every household, we started securing them with what’s called as antivirus.

The good old days.

It was just a virus.

Just a virus.

Just a virus.

The good old days.

Yeah.

We evolved way past that because our attack surface has become a little bit more complex and now we have to secure not only computers, but our data, our smart devices in households.

We have to secure companies that store your information.

We have to secure a lot of aspects that were not an issue back in the day.

So when you hear that the antivirus is dead or there’s no real need for it on computers and mobile devices, that’s not true, right?

And antivirus solutions are becoming more and more complex.

They have changed to complete suits now.

They’re not just one application.

The virus is mutating.

Mr.

Smith.

No, but it’s not just the virus.

Scams have become an important component of cybercrime.

As I told you, it’s one-ninth of the total losses caused by technology in the world.

So at this point, Bitdefender also handles these anti-scamming aspects in various ways.

We have security solutions that automatically detect that a specific message is a form of scam.

We have advisors where people can describe what they’re seeing or taking screenshots, or taking a picture of something and feeding it to an AI assistant, asking, hey, is there anything dangerous here if I’m venturing into what’s described here?

The AI will look at the situation, assess the likelihood of that being a scam, and teach the user that there are a couple of red flags there that probably leads to a scam.

So Bitdefender, what we do is what we’ve always done, keep users and companies safe, but now we have a lot more technology and a tech surface to defend.

So we’ve talked about…

By the way, I like your geometric reference to the texture of your surface that’s exposed.

The surface is a boundary between what’s on one side and what’s on the other.

The surface can get larger or more variegated.

So I love that reference and how you have to then think about the problem.

But you don’t want it as a fractal surface, then you’ll never get to the bottom of it.

You’ll never get to it, never get to the end of it ever.

We’ve discussed the sort of one-to-one aspect.

What if you rolled out the sort of deepfake and malicious intents to a grander scale, to a city, a utility, on a national scale?

National security?

Yeah, national security.

We’re under attack!

And that is why I am declaring a national emergency.

I’m also asking that everyone have McDonald’s for dinner.

Okay.

That’s one way to look at it.

But I’ll give you a little bit of more frightening insight into that.

You know that Romania is on the Eastern NATO flank?

It’s on the Eastern part of the European Union as well.

And as of a couple of years ago, we’ve had a war at the border.

There’s Ukraine versus Russia.

Ukrainians are our neighbors.

And as they were in the middle of the fight, Deepfake of President Zelensky erupted on the Internet, calling for every armed person to lay down their weapon because Ukraine had surrendered.

That was a deepfake, and it was quickly combated by Ukrainian security services.

But this could have had awful consequences.

What happened if the whole army fell for that?

Or part of the army fell for that?

But that’s also part of the hybrid warfare that I was mentioning before that.

There’s a lot of disinformation going on.

There are calls to action that are completely wrong and so on.

But another practical example would not necessarily have to do with deepfakes but to the state of technology and the penetration of technology into our homes.

Bitdefender also has an IoT security research wing.

IoT stands for the Internet of Things and it’s normally a category of consumer electronics that’s comprised of smart stuff, digital assistants, a coffee maker, smart toasters, coffee makers and smart lights and so on.

There’s a specific type of IoT device that has started to penetrate the world and that’s the solar inverter.

Solar inverters are pieces of technology that convert electricity from solar panels and store it, manage it or inject it into the grid.

These inverters are normally hooked up to the Internet at home.

And these inverters most of the time come from China.

Last year in August, we looked into a couple of inverters that are very popular in Europe.

And we realized that a potential attacker would be able to seize control over each of the inverters made by a specific brand.

That would give an attacker access to about 140 gigawatts of electricity.

That’s a lot by any standard.

I’m not a professional in the energy, but that looks huge.

That’s a big blackout, man.

And one of the things that we uncovered after this first contact was that we will never know whether that was a software bug that allowed somebody to get into all of the inverters made by the same manufacturer or if that was a carefully hidden bender that could be accessed by a nation, a rival nation state to cause a blackout to a city, country or to a territory.

Germany is an European state that’s started to take cyber security in this inverter space very carefully because they realized that whatever happens in this very particular IoT sphere could bring grids down.

What happened in Spain this year was a wake up call.

That’s greed falling, not because of a cyber security incident, but because solar played a bad role here.

All I wanted to say is that grids are very powerful beasts, and they used to be isolated from the Internet.

And now everybody has a piece of the grid in their home that’s connected to the Internet.

That’s a million entry points to something that pertains to national security.

That’s why we got to stick to coal.

We got to keep burning coal, man.

That’s the problem.

Get off that dog on solar energy.

Okay?

Oh, newfangled solar and wind.

What about the birds?

The cancer?

No, let’s go with coal.

You’ll be okay.

Thank you, Chuck, for that regressive comment on civilization.

All right, Bogdan, we got to wrap this up.

Could you give us just some hopeful news here out of this conversation?

Yeah, man.

Where do you see all this going?

Where’s this going in two years, five years, ten years?

This will continue to be a cat and mouse game where the bad guys are advancing, the good guys will be catching up with their tactics, and best-case scenario, they will find a way to proactively protect against their attacks, right?

We’ve done that for the past decades with malware, and we’re going to do that with Deepfakes and with the rest of the scams as well.

So there’s hope.

The fact that we’re still using technology and most of our interactions online are safe gives us hope.

We’re here to protect.

We have the technologies, the solutions, and we’re not just waiting for the bad guys to win the game, right?

Given how large this marketplace is, you’re not the only company out there who is working in this space.

We have very powerful partners, from other security vendors to law enforcement.

And that’s also one thing that I wanted to tell you about.

The fact that we’re very successful in this cooperation with law enforcement.

We have a lot of cases that we opened together with law enforcement.

We have a couple of cybercrime rings that became dismantled as part of these successful cooperations.

And police agencies all over the world are taking cybercrime extremely seriously.

With our expertise and with their ability to execute arrests is something that helps us curb on cybercrime.

The ability to kick down a door.

That’s what that is.

Yeah, AI can’t do that.

AI can’t do it.

Yeah.

So, Bogdan, if a person is famous or otherwise wealthy and then they get scammed, that’s kind of embarrassing.

Is there some stigma that will go away eventually once people find out that they’re not alone in their victimhood?

Where does that land on this landscape?

Well, scamming and malware can happen to everyone.

That’s because cyber attacks have become so sophisticated and so prevalent that it’s difficult for everybody to stay safe at all times.

I will give you an example.

Cybercrime can happen to everyone.

It’s not you that you’re enabling it.

You’re just a victim yourself, right?

There have been a lot of compromised accounts belonging to highly respected people that have fallen victim to a cyber attack.

We have a lot of surface to defend at the end of the day.

We have email communications.

We have mobiles and instant messaging.

We have technology everywhere around us, on our body, in our home, in front of us, right?

And that’s a very, very difficult mission.

Staying safe is a difficult mission.

What I would say is that if you’re falling victim to any kind of digital crime, report it.

First of all, there’s entities there that might be able to help.

There’s also entities that needs to know that you have fallen victim to a type of cybercrime to be able to assess the magnitude of a phenomenon.

Imagine that, for instance, only about 7% of scams are getting reported.

So police offices all over the world are not correctly budgeted to face this phenomenon because they cannot assess its impact on the local communities.

So Bob, in a way, what you’re saying is you should report it because if you don’t, you’re actually enabling the people who harmed you.

You’re actually helping them by keeping this to yourself and suffering in silence.

Go ahead and report it because one, it happens to everybody and it’s not your fault.

And two, by reporting it, you’re putting information out there that can be used against the people who committed the crime.

Yes.

They say that if a tree falls into a forest and nobody hears it, has it fallen?

That goes with cybercrime as well.

If you have been scammed and dozens of other people have been scammed and you have not reported it to the local law enforcement office, and neither did anybody, is scamming really part of the police agency’s agenda?

No, because there’s technically no scamming going on.

That’s why we are advising victims to report it.

It’s not something that they should be ashamed of.

It’s not something that they should keep it to themselves.

The more they talk about it, the more this message gets pushed on the local agenda.

And law enforcement agencies or other people will be able to act on it.

Cool.

That’s the lesson right here.

There it is.

Bogdan Botezatu, pleasure to have you on StarTalk Special Edition.

Thank you.

Even though three quarters of everything you said was completely depressing, we needed that.

No, it was the best depressing conversation we had.

I guess so.

That’s another way to say it.

Okay, all right.

It’s the kind of depressing information that can serve you going forward.

Absolutely.

Yes, there it is.

There it is.

So important.

We were delighted to work with you guys when we filmed our segment with Formula One and the security necessary in the communication between the pit and the cars and that whole world.

And so thanks for being there both times.

Thank you for this opportunity.

It’s one thing to look at you religiously on the other side of the screen and a whole different experience to be part of the show.

Okay.

Thank you.

That’s very nice.

Excellent.

All right.

That’s all the time we have.

We learned a lot today.

Oh, yes.

Yeah, we do.

Yeah, I’ve learned.

I am burning my computer.

That’s right.

That’s what I learned.

Going back to an abacus.

Abacus.

I got one right.

I got an abacus.

No, no, no.

I’m writing letters.

I’m starting to write letters again.

All right, Gary, always good to have you here.

All right, Chuck.

Always good to have you here.

Be good.

Neil deGrasse Tyson for StarTalk Special Edition.

The world is coming to an end.

It’s the end of the episode.

AI will be our overlords and they’ll take your money.

No, I exaggerate.

Anyhow, really try to keep looking up.

Until next time.