#AI and Security
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Women make up for the other 50% of Tumblr’s audience.
Text
The Debate Over Autonomous Weapons: Should AI Decide Life or Death?
In the U.S., a heated debate is brewing over the future of autonomous weapons—weapons powered by artificial intelligence (AI) that could potentially decide whether to kill humans without any human input. This issue raises deep moral, ethical, and technological questions. Should we allow machines to make life-or-death decisions? What Are Autonomous Weapons? Autonomous weapons, also known as…
#AI and Ethics#AI and Security#AI and Warfare#AI in Military#AI Weapon Regulation#AI Weapons Debate#Artificial Intelligence#Autonomous Systems#Autonomous Weapons#Ethics In AI#Future Of Warfare#Human Rights#Killer Robots#Military Technology#Stop Killer Robots
0 notes
Text
How I got scammed
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security
I wuz robbed.
More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!
Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).
A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.
That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).
I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.
"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"
He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.
We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.
I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.
One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.
"That was the fraudster," she said.
Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.
Wait a sec.
He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.
I'd given him my entire card number.
Goddammit.
The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:
https://us.macmillan.com/books/9781250865878/thebezzle
And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.
But I'd been conned.
Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:
https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/
That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.
Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.
I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.
Oh, shit, I'd been phished.
If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).
There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!
The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.
The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.
The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.
The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.
There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.
I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.
Not because AI is going to commit fraud, though.
One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":
https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week
I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.
As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.
This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:
https://web.archive.org/web/20090331094020/http://www.links.org/?p=591
This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.
I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.
This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.
On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.
So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.
Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:
https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security
Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg
CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en
10K notes
·
View notes
Text
You know, every so often I think I should update my pirated copy of CS2.
Then I see things like this, and remember that I don't need it more than I need it, you know?
Dated 3/22/23
#adobe#photoshop#privacy#ai#online security#adobe accounts#adobe photoshop#art#yes I know about all of the alternatives#but I'm old#so leave me alone dammit
24K notes
·
View notes
Text
AI Voice Scams - Don't Be Fooled, Your Trust is Their Playground!
Protect yourself from AI voice scams by staying vigilant and verifying sources. Let's fight back together! #AIVoiceScams #StaySafe
Your Voice, Their Weapon In today’s technologically advanced world, criminals are finding new ways to deceive and defraud unsuspecting individuals. One emerging threat is the rise of AI voice scams, where fraudsters employ artificial intelligence to mimic the voices of trusted individuals, aiming to trick victims into sharing personal information or parting with their hard-earned money. These…
View On WordPress
#AI and Security#AI Voice Scams#Beware Of AI#Cyber Crime#cyber security#Digital Threats#Fight Back Together#Fraud Awareness#Protect Yourself#Scam Alert#Scam Prevention#Stay Vigilant#Tech Safety#Verify Sources#Voice Scam Awareness
0 notes
Text
I caught si-fi brain worms so I turned em' into Spaceship AI. I'm mad, I'm going wild, crazy even
#security breach#five nights at freddy's#daycare attendant#sundrop#moondrop#fnaf#alternate universe#AI AU#moon fnaf#sun fnaf#eclipse#eclipse fnaf
3K notes
·
View notes
Text
Instead of using AI to replace artists we should use AI to make these guys
#fnaf#fnaf security breach#fnaf daycare attendant#lilly yapping#lilly yapping abt fnaf#sundrop#moondrop#anti ai
3K notes
·
View notes
Text
FNAF RUIN DOODLES
#five nights at freddy's#fnaf#fnaf security breach#security breach ruin#fnaf sb ruin#fnaf ruin#glamrock bonnie dead corpse#fnaf gregory#fnaf cassie#fnaf vanessa#glamrock animatronics#glamrock freddy#theory: freddy's ai is in helpy#fnaf roxy#roxanne wolf#fnaf eclipse#glamrock chica#monty gator#montgomery gator#cassie likes everyone BUT monty#SHE LITERALLY KILLED HIM#its fine tho cuz it was monty
4K notes
·
View notes
Text
I heart morally dubious AI
Viktor the Machine Herald is also pretty cool too but sadly no matter how much he wants to be he is not AI.
#ChatGpt not you#is this hoarding#evil Ai more like evil gay eye#wall e auto#ddlc#robo fizz#allied mastercomputer#herobrine#wreck it ralph#security breach#portal 2#giffany#edgar electric dreams#deltarune#courage the cowardly dog computer#hal 9000#the stanley parable#bender#did i forget anyone
197 notes
·
View notes
Text
thinking about the hlvrai acab stream
it’s everything to me
#half life but the ai is self aware#hlvrai#gordon feetman#security officer benny#hlvrai bubby#hlvrai dr coomer#tommy coolatta#lazy rendering#doodles
390 notes
·
View notes
Text
playing more fnaf security breach! took Freddy to parts and services and my favorite jester was right there to say hello <3
isn't he adorable?
next part was the basement levels with all the endos but I was more interested in all the Moon stuff that was there! plushies, posters, the tvs advertising moondrops. I think there was a theory that this was meant to be a boss battle with Moon where we took his battery to upgrade Freddy, it could be true? all these tunels and basements screams Moondrop
lets ignore the endo that was coming for me and focus on the little stars and the Moon plushie creeping on Freddy and Chika :D
this hallway is so so pretty, surely there is nothing waiting to kill me at the end of it-
damn it...
there are so much Moondrop things in here, I'd live in these tunnels happily for the rest of my life
last room before an army of endos chased me and had to run for my life lol
I hope I find more DCA thingies during the rest of the game!
in the meantime...
GET STUCK IDIOT!
#if you seen my posts of character ai chats. I used to chat with a Moondrop bot and mf locked me in a basement the first time I talked to him#that last room is where I imagined I was locked in lol im happy to finally see my prision#fnaf#fnaf sb#fnaf security breach#five nights at freddy's#five nights at freddy's security breach#moon#moondrop#fnaf moon#moon fnaf#dca#dca moon#dca fandom#dca moondrop#daycare attendant#fnaf daycare attendant#fnaf dca#fnaf sun#sun#sun fnaf#dca sun#dca fnaf#fnaf security breach gameplay#fnaf sb gameplay#security breach gameplay#fnaf gameplay#gameplay
211 notes
·
View notes
Text
she should've been problematic at the club
#rvb#red vs blue#south dakota#agent south dakota#rvb south#mine#*24#art#moden au bouncer/roadie/security guard south? 👀#instead of the ai thing she's pissed off at north bc he's all 'so when are you going to get a real job? i'm just worried you're#wasting your potential :( there's a community college near me i could talk to the teacher to let you in :)' treating her like a teenager#'you're not going to want to be throwing drunks out of bathrooms when you're forty south just be realistic' and south's just 🖕 die.#+ AU where south says fuck pfl and becomes a mercenary/bounty hunter? maybe teaming up with sharkface? she could end up at chorus too?#maybe she could get an actual ch arc and finally get out of her brothers shadow + grow as a person?? idk guyss....shes got potential
216 notes
·
View notes
Text
Ancient sentient security system GLOMA
It is powered by something mysterious. Gloma continues to guard the walls and inner workings of a kingdom despite it now being deserted for thousands upon thousands of years.
It guards the kingdom just as seriously as it did when the place was inhabited implying that either the kingdom still holds a grave secret or that Gloma itself is stuck in the past and simply following set instructions.
There is a lot of money offered to those who can figure out what lays within this dead kingdom. This interests Bunbaa
#oc#original character#sentient ai oc#robot oc#tv head#tv head oc#gloma#security system gloma#deity oc#god oc#bunbaa#the relentess bounty hunter bunbaa#princess formosus#sony sketch#twptwp
139 notes
·
View notes
Text
Okay, look, they talk to a Google rep in some of the video clips, but I give it a pass because this FREE course is a good baseline for personal internet safety that so many people just do not seem to have anymore. It's done in short video clip and article format (the videos average about a minute and a half). This is some super basic stuff like "What is PII and why you shouldn't put it on your twitter" and "what is a phishing scam?" Or "what is the difference between HTTP and HTTPS and why do you care?"
It's worrying to me how many people I meet or see online who just do not know even these absolute basic things, who are at constant risk of being scammed or hacked and losing everything. People who barely know how to turn their own computers on because corporations have made everything a proprietary app or exclusive hardware option that you must pay constant fees just to use. Especially young, somewhat isolated people who have never known a different world and don't realize they are being conditioned to be metaphorical prey animals in the digital landscape.
Anyway, this isn't the best internet safety course but it's free and easy to access. Gotta start somewhere.
Here's another short, easy, free online course about personal cyber security (GCFGlobal.org Introduction to Internet Safety)
Bonus videos:
youtube
(Jul 13, 2023, runtime 15:29)
"He didn't have anything to hide, he didn't do anything wrong, anything illegal, and yet he was still punished."
youtube
(Apr 20, 2023; runtime 9:24 minutes)
"At least 60% use their name or date of birth as a password, and that's something you should never do."
youtube
(March 4, 2020, runtime 11:18 minutes)
"Crossing the road safely is a basic life skill that every parent teaches their kids. I believe that cyber skills are the 21st century equivalent of road safety in the 20th century."
#you need to protect yourself#internet literacy#computer literacy#internet safety#privacy#online#password managers#security questions#identity theft#Facebook#browser safety#google#tesla#clearwater ai#people get arrested when google makes a mistake#lives are ruined because your Ring is spying on you#they aren't just stealing they are screwing you over#your alexa is not a woman it's a bug#planted by a supervillain who smirks at you#as they sell that info to your manager#oh you have nothing to hide?#then what's your credit card number?#listen I'm in a mood about this right now#Youtube
157 notes
·
View notes
Text
Connected
91 notes
·
View notes
Text
Big fan of whatever the hell this character archetype is
#AI alligators from indie projects covering existential horror that are drawn as either male strippers or la creatura?#idk but whatever it is i like it keep it up indie creators#tadc#the amazing digital circus#fnaf#five nights at freddy's#fnaf security breach#gummigoo#montgomery gator
142 notes
·
View notes
Text
I feel like I’ve kinda been avoiding posting sooooooooo,
Imma post this picture of my favorite characters from different fandoms
Also here is the incredibox polos with more accurate colors
:)
#paul leskowitz#petscop#petscop fanart#my art#belle leskowitz#incredibox fanart#regretevator#ai builds#animal investigator builds#regretevator unpleasant#regretevator art#hermitcraft#hermitcraft fanart#welsknight#there is blue text next to some of the characters#my eye hurts#fnaf security breach#fnaf fanart#incredibox tragibox#incredibox#incredibox monochrome#incredibox express
64 notes
·
View notes