
Fraudsters Used AI to Mimic CEO’s Voice - tosh
https://thenextweb.com/security/2019/09/02/fraudsters-deepfake-ceos-voice-to-trick-manager-into-transferring-243000/
======
FatalLogic
Wait, how does anyone know what technique the fraudsters used?

The source of that fact is probably a Wall Street Journal reporter, who heard
it from the victim's insurer, who heard it from the police.

If they didn't catch the criminals, how is it possible for the police to find
out they used "deepfake" or "AI"?

~~~
hanniabu
For records I'm sure the infer call approvals are recorded and then after a
dispute they went back to listen and realized there that it did sound
electronically produced, but those enough to where you don't notice if you're
not looking for it.

------
Traster
If your level of security is "This guy on the phone sure sounds like someone I
should wire several hundred thousand dollars for" you should probably look at
improving your security procedures.

Whilst it's funny these guys did this with AI I can't help but feel that they
could have done this with someone who is halfway decent at accents and saved
themselves a lot of effort.

~~~
ramblerman
I think you are seriously underestimating the difference.

Imagine getting a call from your wife. Do you doubt right now if it’s her or
something that just sounds similar.

This man could have know the ceo quite well.

~~~
xendo
I wouldn’t wire my wife $250k based solely on a phone conversation.

~~~
dgudkov
It's just a matter of scale. For some companies $250K is pocket lint.

Would you tell your wife your credit card number if she called you and told
you her card is blocked for some reason and she needs to refill the gas tank
or buy something?

~~~
Tade0
A while ago a friend who I hadn't seen since 2011 messaged me on Facebook
asking if I could take a look at his account on a guitar forum we both used to
frequent, because he thought his account was stolen, but couldn't check it for
activity without making a new one(and probably also having enough posts to be
considered "in").

So I asked who sold him that Music Man Petrucci 7-string in 2009(or so) and
after he answered correctly, I followed through with his request.

My point being: it helps to have such a question prepared for everyone - or
alternatively - a question concerning some fact about you that only people who
know you could answer.

------
sschueller
So if they start banning deepfakes. Will it become illegal for comedians to do
impressions? Some are really good at it.

~~~
comboy
How would banning help? Criminals don't care about bans.

------
_pmf_
I didn't even have fraud as a use case on my radar, but social engineering
attacks will be completely reimagined.

~~~
JohnJamesRambo
Imagine receiving a deepfake video with audio from your boss telling you to do
something.

~~~
ThePadawan
Woah there. Maybe I'm way off base here, but I wouldn't even come in to work
overtime on a weekend without written confirmation from my boss, never mind
touch anything money-related.

~~~
taneq
Imagine getting an email from your boss asking you to order in some supplies
from a new supplier. You think it sounds pfishy (hah) and so you call them to
confirm. They confirm.

Do you really think that most employees would need more than that?

~~~
ThePadawan
I might be biased since I live in a country famous for its amount of
bureaucracy (Switzerland).

But yes, at my current employer, I believe no one would do that just based on
an email and a phone call. But then I dare say that faking Swiss German is an
order of magnitude harder than faking English.

~~~
_pmf_
> But then I dare say that faking Swiss German is an order of magnitude harder
> than faking English.

Someone has compared the typical cadence of Schwyzerdütsch to riding a donkey
over very rough mountainous terrain, and I'm inclined to agree.

------
ConfusedDog
Deepfake voice is just making social engineering more available to non-
performing-artist type of attackers. Spear phishing is just getting to a new
level. This type of things gonna happen more to 'public' figures.

~~~
taneq
Guns just make violent crime more available to non-martial-arts-expert type of
attackers, too.

~~~
cobbzilla
Yes, there is an old American quote, probably apocryphal, that went something
like “God created man, and Samuel Colt made them equal”

------
xiphias2
Right now I don't know if banks offer the CEO to approve big transactions
easily on his mobile phone, but that would be a possible solution (email is
not structured enough for this).

Also while Bitcoin community is creating new standards for collaboration, like
multisig transactions and partially signed transaction format (which would
help here in creating a bank-independent solution), I don't see the same
standardization happening in the banking system.

------
candiodari
Can we now definitively say that AI has passed the Turing test ?

~~~
purple_ducks
No?

The Turing test is "determining whether or not a computer is capable of
thinking like a human being"

Not whether it can mimic the voice and speech patterns of one.

~~~
TheDong
Your definition is a little off.

A computer capable of thinking like a human is "strong ai", or "general AI",
or any of a few other poorly defined terms.

The turing test is a poor approximation of that goal. Computers can and will
pass the turing test long before they're actually capable of real human
thought.

Specifically, the turing test is merely having a human judge evaluate a free-
form text-based conversation with a partner, and them being unable to
distinguish a computer from a human in that scenario.

The main thing this instance lacks is the free-form nature of the
conversation. It also lacked the humans knowing that it was a test, so they
didn't properly "evaluate" it regardless.

