Deepfakes and the War on Truth with Bogdan Botezatu

Chuck, I didn't know we were gonna do a show on the end of the world. Yeah, it's coming. It's coming. But with the help of AI and cybercrime and deep fakes and what hath we wrought upon ourselves. Yeah, well guess what? Frankenstein's monster. It's looking pretty tame. Looking pretty tame. Bring back Frankenstein. Frankenstein, baby. Coming up, an exploration of how we're gonna go to Hell in a Hand Basket on Star Talk. Welcome to Star Talk, your place in the universe where science and pop culture collide. Star Talk begins right now. This is Star Talk, special edition. Today we're gonna talk about scams in the age of AI. That it's special edition means we've got Gary O'Reilly. Gary, how you doing, man? I'm good. All right. I'm Chuck Nice and not an AI version of Chuck Nice. Sure. AI imitates you better than you faking it. Exactly. So, Gary. Yes. This topic is way overdue. Oh, for sure. Or maybe it's exactly when we need it. Yeah. Take us in. I suppose scams, if you think of it, have been with us since people started to use money. Oh, even before that. Yeah. You can rest assured, before there was a system of currency, somebody was just like, so that's an interesting bushel of wheat you have there. Oh, yeah. A little barter scam. Yeah, a little barter scam, you know what I mean? As a matter of fact, one of our most beloved childhood fairy tales is about a guy who trades the family cow for six magic beans. Oh. Which was supposed to be a scam, but turned out it worked out for him. Lucky Jack. Anyway, if you think about it now, right now, it feels like you can't go an hour without a scam, a text, a call. But how big is this problem? Is it just me getting texts and calls or is this really sort of a global problem? I'm sorry, I'm going to stop sending you those. Yeah, I wish you would. It's all chucks. You have a text, phone calls, emails, all of our connectivity into the landscape of humanity. And now, as technology advances, how is that aiding, how is that abetting these bad actors? I mean, tech has been supercharged by AI. There's no doubts about that. And it begs the question, what is real? What actually is real out there? Can we believe what we can't believe? And we're going to break down the deep fakes. We're even going to get into the dead internet theory. And if you don't know what that is, stick around. Oh, I got to stick around there. You really are going to be in for a surprise. Internet theory. And then you'll ask the question, are we all failing daily, chewing tests? What happens if it turns out the internet is all bots? How about that? Hmm. For that, we'll need an expert. So we've got Bogdan Botezatu. This title is cool. I want this on my business card. OK, director of threat research and reporting. Why I ought to. That bit defender is a company based in Romania. Oh, well, they've got offices all over. They they want to protect the world. Yes. And we've got them right here on a StarTalk special edition. I believe it was bit defender that helped Liam Meason get his daughter back. How do you work? Liam Meason. Welcome to StarTalk special edition. Hi, all. Thanks for having me on the show. Literally, nobody will believe me that I'm shooting a video in such a great company. Probably people at home will say that this is a deep fake. And it's going to be very difficult for me to contradict them. Oh, now you've told us offline that you'd rather go by Bob. It's easier for everybody. Yeah. Oh, see that. And look at that. He says it's easier not not for him, but for everybody. And by that, he means Americans. That's what he means. Because we some lazy name people. Because people are just like, you know, what is your name? Bogdan Botezatu. Yeah, I'm going to call you Bob. You cool with that? You cool with Bob? We are so bad. So Bogdan, give us an idea of what it is globally and maybe sort of land in the US a little bit more deeply about the kind of numbers and statistics that we're looking at in the present day as far as scams are concerned. It's very hard to put numbers next to the global landscape of scams, because most of these scams go on of the ported. Or if they go deported, they don't get aggregated globally. I think is that there are some estimations. GASA places GASA, which is the Global Anti-Scam Alliance, one of the most prominent organizations that deal with anti-scamming. They place scams at a lot of at inflicting about one trillion dollars of losses for 2024. But did you see T? Yeah, trillion. Yeah, one trillion dollars. OK. Yeah. Trillion. Let me just say I'm in the wrong business. OK. It's time to start. I have now begun to sit uncomfortably and it's not the chair. It's if it's a trillion dollars, are you saying that's the guess or is that that's reported? But most of them go unreported. So that one trillion could be an awful lot more. Probably it's in between. The global cyber crime market is around nine trillion. Which means that one trillion dollars for just scamming people would be reasonable. It is very conservative. It is. But the thing is that not all scams get reported. There's people who are ashamed of admitting they have lost huge amounts of money. Of course. If you look around and talk to these people who got scammed, you'll realize that they haven't lost like one hundred dollars or five hundred dollars. They have lost hundreds of thousands of dollars because these kind of scams run for a very long time. People gain their victims trust and then they proceed to inflict the maximum amount of damage they can. The other thing is that while probably the FBI has stats for what's going on in the United States, there are so many other countries that are affected by scams, which do not report centrally what they have registered in. Each country or each region. So it's very difficult to tell how much money people have lost to scams. But one trillion dollar seems an awful lot of money lost. You think? What are the weapons of choice here for scammers? I think all of us have experienced some kind of phishing email. But what are the weapons of scammers using to get at us? Or tactics as well. Yeah. In terms of attack avenues, hackers have a huge variety. They prefer instant messaging or direct phone calls because they're very immersive. They can apply pressure and that sense of urgency that makes victims comply faster or fall victim easier. Email is a kind of static means of communication because you're getting the email, you're reading it through, you're pausing a little bit. And then you're like, maybe answering this email or hearing the call is not a good thing. But when you're woken up at night via instant messaging, hey, this is your bank, your account is being depleted as we're texting. Please call us back to find a way to block these transactions. Well, you will be likely to respond to that. So we have instant messaging. We have short messaging. We have phone. We have mass communications because there's a type of scams that goes one to many. We have mass advertising and business social media account compromise. I will detail a little bit later about that. Hey, this is Kevin de Samolier. And I support StarTalk on Patreon. You're listening to StarTalk with Neil deGrasse Tyson. What's with the phone call that you get it? You pick it up and there's silence on the end. Because that kind of spits people out. Everybody knows that one. Yeah. So what's the angle there? I have two theories. One is technical and one is a little bit of a scenario that if true, we're completely condemned. I thought it was the first one. One likely chance of these phone calls is technical glitches. You know, scammers use very complex software to spoof their numbers. They use voice over IP gateways to make it look like they're calling from the same country as you and so on. So there's a lot of room for failure when evolving this kind of call center grade software. Sometimes calls hang up. There's glitches that will put the speaker, the operator on pause and so on. So probably there's a technical error that prevents the cyber criminal from getting in touch with you. The other one is, well, I'd say a superstition of mine. How do you answer your phone? With hello? Yes, maybe? No, I answer like this. Who is this? Sorry, go ahead. Okay. Fair enough. Because some people in some geographies, for instance, they will answer with not hello, but yes. Most of Europe has yes as an opening line when you're getting called. What happens if somebody is building a massive database of words, of yes, of acknowledgement, of confirmations? Like if I'm answering my phone and somebody records me saying yes to them, where can they play that back to bypass some sort of authentication or confirm a choice of mine? Well, voice is biometrics, right? And sometimes saying yes to something becomes contractual. Like it substitutes your signature. But if somebody, a threat actor or a threat actor group might ask for confirmations from people. That makes sense. So what they're doing is they're capturing your voice. Yeah. If I told people 10 years ago that based on a two minute conversation that we had on phone, somebody will be able to spoof my voice and impersonate me everywhere for 10s of minutes or hours. Would they have believed me back then? So Bogdan, looking at that aspect of it, if you've got new technologies which we know are evolving rapidly, if not quicker, how do we get into deep fakes? How prevalent is the deep fakes scam now on the landscape? They're very prevalent and they are making most of the victims. I was telling you that I'm clustering scams on a one-on-one type and on one-on-many type. One-on-one scams are those that happen in instant messaging where you're getting approached by a stranger and they try to earn your trust. And then they will guide you to the next step. There's one too many type of scam communication that is massively aided by deep fakes. Cyber criminals are building deep fakes with people that the world recognizes and trusts like you folks. You are online influencers. Cyber criminals have a lot of footage with you that they can use to train algorithms. And they're also using the same technology that they use to train people. They're using the same technology that they use to train algorithms. And people tend to listen to you because that's what they do with key influencers. There's also politicians, doctors who are very famous and they become the base of deep fakes. With these deep fakes, cyber criminals start promoting all types of scams from medical supplements to huge crypto investments. And these deep fakes get broadcast either on stolen YouTube accounts or on social media posts that are boosted by paying for advertisements. They use the trust given by the figure that has been impersonated and they are using large channels to reach huge audiences. And from there on, of course, some people will fall victim to the scam. They will heed the call to action, which is normally a visit this page or call this number and sign up for this opportunity. So this is how deep fakes work. We took a look at what's going on now and we see that there are tens of thousands of such ads running on social networks. There are large YouTube accounts that have been compromised and used as a billboard for crypto scams. One of the largest accounts that has been compromised had 28 million subscribers. So when hackers got the hold of that account, they were able to broadcast the deep fake to 28 million potential victims. That's more than Romania has population. Wow. So if you can indulge me, I want to tell you that when I fell for a deep fake, I actually fell for one and I'm embarrassed as hell. But it was very sophisticated. Which you have to say because you fell for it. Why you got to hurt a brother? Why you not hurt a brother? Did I set your lawn on fire? I'm just saying. You can't say this was a simple deep fake. I'll let you be the judge of whether or not it was sophisticated. OK, so here's the deal. There was a deep fake of Sam Harris who happens to be somebody I respect. OK, how they knew that I don't know. But it came into my feed and he was touting a very specific kind of product. Not a brand, nothing, just a kind of product. OK, so I looked it up and of course, they have, you know, they have your search history and all that kind of stuff. Right. Yeah. So then I received a very specific ad for the product. OK, so deep fake, right? I respond with just a search and then the search responds back to me with more information. And then over the course of like this back and forth amplification, I bought the product. You dumbass. So what you've just described there. All right. I knew he was going to do it. Lacking some empathy. I'm sorry. I mean, is that a common template that you're seeing with a deep fake? This is AI going full circle. So the AI is building the billboard that will sell to you. The AI algorithms on social networks will know how to profile you and what had to serve you for maximum efficiency. And then from there on, you will be chased by ads all pointing to the same product until you're ready to shop. So cyber criminals work most of the time like corporations. So they have their own product division that builds the deep fake. They have the translation division that builds the multi language content. They have the web dev team that keeps the servers running for the scam pages to reach you. And they will have quality assurance and sales support. You mentioned before that we partner with law enforcement. Yes, that's something that we normally do on high profile cases. And scams are some part of these law enforcement corporations. What we learned about is that these cyber crime businesses have call centers that take people's calls and sign them up for various stuff. People employed in these call centers are screened before employment. We have lie detectors to make sure that they're not undercover cops to make sure that they will not betray the call centers cause and so on. So this is cyber crime incorporated. It's not a scam business ran out of somebody's basement. It's business that cyber criminals have invested money in order to make more money. Wow. Wow. I mean, that's infrastructure. Is there a specific demographic that these organized scammers are looking at? Is it a gender based? Is it an age group? Is it geographical? Is what is what is it? Or is it just, you know, what will take anyone's money? We don't care. Is it a black comedian who co-hosts the podcast? I hear that's a very popular demo with the scammers. No, in the end, everybody's welcome to put their money on the table and live in there. That's perfectly fine with cyber criminals, but they have various approaches because they don't have a scamming syndicate yet. Right. They're not unionized in a way that would allow them to organize in order to target demographics. Right. So what they will do is find out a local scam that converts well, that depends where you are. Right. In some places of the world, for instance, leaking out your social security number is huge. Right. And will bring you a lot of hurt in the foreseeable future. In Europe, for instance, some parts of Europe, leaking out your social security number doesn't have any value. It's pseudo-publical, actually. So cyber criminals are looking for information or types of scams that convert well in the region. They don't target demographics, but they are focusing on specific aspects. Some of them are focused on non-man scams, for instance. They will target men more than women because it looks like men are much more... Horny and desperate and lonely. No, careless when it comes to sharing information with partners. Right. Women are a little bit more reserved. They don't go as fast and as far as the male population. But they still... When they fall for the scam, they fall the hardest. To answer your question, I wouldn't say that cyber criminals are targeting demographics, but rather that there are specialized cyber crime groups that prefer one type of scam over another. And us getting targeted by so many scam groups on a daily basis would look like there's something very structured. That's the same organization targeting different demographics with different tactics, while it was about us getting targeted by multiple cyber crime greenings at the same time. So business is good. That's basically what you're saying. But we're in a different space there because people would not necessarily do a deep fake to extort who and what we are, but they can deep fake our integrity, our name, our authenticity. And there's one case where someone just scripted this narration about the Big Bang. It was like 85% correct. And I got fully deep faked into being the narrator, the person speaking those words, showing me in a podcast setting. And it went online and it got boatloads of views. Well, there's your money. Well, I guess, okay. So there's the incentive. Okay. And even a good friend of mine, Terry Cruz, who is himself an actor and a public figure, he texted me and said, Neil, this is great. This is great what you did here. And I said, what? And I looked at it and I said, that's not me. That's not me. And a funny thing, I don't want to say this publicly, but maybe I could or should or it would matter. When I speak, my words have way more rhythm to them than that deep fake did. I'm just saying, I know me when I'm speaking. And when somebody's not me speaking, even if they're using my word, I know it ain't me. Anyhow, it fooled him. And so this... Also the deep fake sounded like it was on helium. You know, when you look at it, it's in the universe. It was missing some of the timbre of the lower registers of my voice. So my only point there is, so yeah, 15% of it was either misleading or wrong. And there have been others where just as Chuck was duped by a deep fake of Sam Harris, there was a deep fake of me commenting on a video game release. And people thought it was real. And it was almost comical. But it was so... This is Neil deGrasse Tyson. I too like sitting in my mother's basement. As I'm playing this video game right now. So what do we do? But do we call you the companies like you? What happens? Are we a lower priority? Because no, they're not draining our bank account yet. Where do we fit in that spectrum? My guess is that what you described is a crime that has two distinct victims. The first one is you, because you have just become an unwitting accessory to a bigger scheme that was shown to a potential public. Your reputation is at damage here. And that somehow can be controlled because you have the leverage to report that video to the hosting platform and probably take it off. But you have still presented some information. That version of you has presented some maybe misaligned information to your potential audience. And that's how deepfakes normally run. Cyber criminals pick up a very prominent figure like a president, a bank governor, a medic. And then they place a discourse on top of the video. They will attempt to convince people that what that person is saying is true. The people will flock to heed the call to action and probably will lose money. So for some people, there is the reputation of damage. That's you, the persons that get impersonated. For some other people, it's the financial loss that they have caused themselves when they heeded your call. No, you don't call a big defender for that. You call the platform and have the video removed. You use your outreach to tell the people that you're being impersonated. And they should do the due diligence. And you also might want to educate the users, which we're actually doing right now. We're talking about deepfakes. We're talking about the possibility that everybody can create an online version of us with different agenda. And I think that this educational part is the most important. Speaking of education, are there telltale signs that you're looking at a deepfake or hearing a deepfake? Now Neil said that the cadence of his speech was kind of a giveaway to him when he saw it. But are there things that we can as laypeople look at in a deepfake and say, oh, if I see this, this and this, most likely or definitely this is a deepfake? And you tell that to the deepfake and next time it doesn't do that. We're losing game. Yeah, we are. But are there right now that we know of? I would say yes and no. For starters, there are a couple of telltale signs, like maybe poor lip synchronization or some sort of artifact introduced by the AI. If you remember a while ago, the AI used to have a very difficult time aligning teeth or representing the amount of fingers. But that changes in time as technology evolves, these things get perfected. And what I'm trying to say is that we should rely less on technical artifacts or telltale signs to tell a scam and focus more on the likelihood that what we're hearing and seeing is real. I saw the impersonating videos that Neil sent over. And when we analyze them, we focused on, let's say, a couple of key elements that will demolish the story. Neil is a very knowledgeable person in the science field. He wouldn't spend much time commenting games. He wouldn't use that language. He wouldn't be recommending products. He would not do that. Probably we are going to need that, the upcoming versions of our technologies for fighting scams to include deep knowledge about public people or the most prominent people in the world that are likely to fall victim sub impersonation and create some sort of a, what would that person do recommend, speak about, discuss publicly and so on? Very important fact, because that video game review, it had a lot of vulgarity in it. And I'm not a vulgar guy. I'm not that guy. Plus, I don't sell products. Well, you never sell anything either. I don't sell anything. Right. You never see like, hi, this is Neil DeGrasse Tyson for delicious Buffy Bison beef jerky. You know, it's not real. It's not real. Yeah, there's even pressure for me to sell things for the ad spots of this podcast. I don't do that. Right. Gary and I are the whores that do that. It's Gary. You're welcome, Neil. You're protecting my, thank you. That's it. That's our camp. We are here on these streets. That always up a lot of opportunities because whenever you're misbehaving or do reckless things, you can say, just, you know, it's an impersonation. I'm not doing that normally. Right. Okay. Bogdan, we've seen and you've explained it brilliantly. Thank you about the development and use of technologies to bring forward different levels, different types of scams and deep fakes. How much of this is pre-planned psychological attack on victims? And how is, how are scammers building in a psychological aspect to this? My theory is that 90% of the scams are psychology and probably 10% technology and science. That's because scamming people is actually hacking into their own body. Right. Pushing some buttons. It's a congame. That generate emotions. Every type of scam that we have analyzed has some sort of psychological cues that cyber criminals want to pick up. Let's take failed package deliveries. You become curious about where did the package come from and what might be in it. That's enough for your brain to switch off the rattling sound that says, hey, probably what that link you're going to follow will lead you to a phishing page. Right. The brain no longer listens to these warning signs. You have romance scams where cyber criminals are exploiting and preying on the lonely. They don't target people who are using technology. They are targeting the people who are using technology. They are targeting people who are feeling lonely and they are feeling so lonely that they will be willing to spend all the day talking to a stranger who inadvertently sent a message because they misspelled a phone number. We have cyber criminals that prey on the natural greed that people feel like get rich quick. Now, would you like to multiply your money 10 times? Again, they're not trying to demonstrate an economic impossibility. They will try to push that button that says, hey, I need more money because that's the human nature. Probably most of the scams that we face on a daily basis are psychology. Technology just widens the net, makes cyber criminals more effective, makes them capable of targeting people in a different geographic region speaking a different language. A couple of days ago, I got texted by a scammer on an instant messaging platform and they wrote the message in Romania and I do what I usually do, answering Finnish. Finnish is a very niche language. There's like what, 4 million people speaking an almost impossible language that it's very difficult to understand. And that's my tooling test. If you're able to reply me in Finnish, you're a bot. Guess what they did? They removed the first message and replied in Finnish. And they carried the conversation for a couple of messages. Sometimes they would divert back to Romanian, delete the message and then replace it with the Finnish translation. And they would do that in almost real time. So what I'm trying to say here is that technology is an enabler for them. They are using the same psychological patterns that I talked about, but now they're able to cast a wider net because they have APIs to mass mail, mass communicate with people. They have real time translation to help them address markets that were impossible for them. And they have huge opportunities on the payment scale because credit cards are universal. And if credit cards don't do the trick, then probably you're going to have to exchange real money into Bitcoins for cryptocurrencies. And API stands for what? Remind me? It's advanced programming interface. It's a way that you can hook up, let's say an instant messaging application to a computer to mass communicate with thousands of people at the same time. So I think it's, you know, I may sound cliche when I say this, but this is what I was taught my entire life, that one, you don't get something for nothing. Two, if it's too good to be true, then it's not. And three, and this is the part that's very hard, don't ever want to believe something more than you want the truth. Because if you want to believe something, you will discard everything to get to your belief, to see your belief confirmed. You left out a fourth one. What's that? Don't be a dumbass. That's my rule. Those were my parents' rules. None so blind as those who refuse to see is kind of like another way of rephrasing that. And talking of phraseology, I think we just thus three here have learned recently some scamming language. Firstly, if I know you could, I'll ask you to break them down. One is honeypot. The other is pig butchering. So which one? Well, one sounds pretty good. Yeah. And it ain't a honeypot. Oh, could you break down each phrase for us so as we understand and give our audience an understanding as well? I like the way you have split them into adversary language and good guys language. I'll start with pig butchering. This is a type of scam that has been going on for quite a while. It's very popular in Southeast Asia. That's where it got its name from. Because it technically means fattening up the pig before you sacrifice it. And that's what cyber criminals are doing to the victims. They gain their trust. They keep conversations going on for weeks, maybe months, trying to gain their trust and get as close to them as possible. And when they earn their trust, they're going to create massive financial losses because they already have that person's trust. A very common pig butchering type of attack is somebody texting you normally with an opposite sex handle. Like if you're a man, they will impersonate a woman. And they will be asking you, hey, this is Jennifer. How far away are you from the airport? Because I'm kind of losing patience here. You were supposed to pick me up at 10. And you look at the phone and answer, hey, you have the wrong number. Probably you want to sort it out with your taxi cab, Uber driver, whatever. They will reply, hey, thank you for being so kind. By the way, I'm visiting the city. I want to see what your city offers. Do you have any recommendations? And they kick off a conversation. And they will entertain that conversation with the victim for months. They will exchange photos that are created with deep fake technology. They will create videos. They will gain your trust up until some point where they start working at the con. Hey, look, I'm doing just fine. I have invested in cryptocurrency a while ago and now I'm reaping the rewards. We've been meeting online for quite a while. So I'll tell you my secret. Let me teach you how to invest a little bit of money to multiply it 10 times, well, 20 times, and so on. They will start working on this financial fraud when you have finally fallen in love with them. I've been talking to people who have lost significant amounts of money. Wait, wait, they have yet to meet these people. They're falling in love by electrons. Yes, and you know, emotion is emotion regardless of the vector. So it reminds me of that joke. Why is love on the wireless spectrum? Because it's measured in hertz. I'll be here all week. OK. So people fall in love and they're looking forward to meeting the other one, but it's never a good opportunity for that because of travel, because of all these things. And eventually people end up losing a lot of money. We've been investigating a couple of these scams. And the sad thing was that people who had lost hundreds of thousands of dollars were like, you know what, I don't care about the money. I don't have anybody to wake up to and text. That is sad. The psychological damage is sometimes much more impactful for them than the financial damage. Wow. So all right. Wait, wait, so this sets up the plot for the movie Her where just let the AI be your companion, fall in love with AI. And AI is not going to try to take your money. Take your money. Yeah. Chat GPT. I don't think it wants to take your money, but it'll totally make you think you're in love with it if you ask it the right questions. That's true. So we have solutions for this. I have a very limited movie culture. But my assumption is that that movie didn't end well. You may be right. So we've done pig butchering. Can you just open up the honeypot for us? Let's see inside. The honeypot. We have a couple of technologies that we call honeypot. It's something that researchers normally do. That's a computer or a connected system that poses like it's a victim. A honeypot is used by cybersecurity researchers to attract cyber criminals. And they will attempt to hack into that machine thinking that it's a real user on the internet. It's somebody's computer. And they will attempt to exercise the prowess to hack into that. And the machine, instead of just letting it through, it records every step of the attack for us to be able to decompose the way cyber criminals got in. That brings a lot of value for us because it helps us understand how the criminals are operating on the internet, what's tactics and tools that are using, how they're approaching this puzzle of hacking into somebody's computer. And what are the telltale signs that we can use in an early stage of the attack to block them? We use honeypots for various things, for collecting virus samples, for instance. We use honeypots for IoT devices to see how cyber criminals are harvesting IoT devices and building large armies of zombie devices that they're using then to attack civilian targets. We are using honeypots for recording scam conversations and extracting red flags in that conversation that will help the victim identify when they're being scammed. So that's very short definition of the honeypot. So honeypot is the good guy's tools? Yes. A honeypot is normally somebody's way of staying up to date with the latest tactics in the hacking world. OK, so I'm glad that exists. You've just described the honeypot in the pick-up trimmer. Thank you. And now you've kind of closed off both ends. Is anything out there real? I mean, most of this thing happens on the internet and I'm just wondering now, is anything actually real out there? I mean, real human. You mean, is it human? Yes. I mean, we know the victims themselves are generally humans and there's very rarely a victimless scam. But is anything real? Just really, honestly, anything real out there yet? Yeah. Pretty much everything is real because we're starting to use the internet. We have started to use the internet for real stuff a while ago. Nuclear power plants are being controlled over the internet. The world money flows through the internet from one bank to another. Our communications flow from one end of the internet to another. Our dreams, our fantasies, everything is on the internet. So that's where the bad guys are lurking. My guess is that your question is like, are we still more humans on the internet than probably bots or scripts or automations or artificial intelligence algorithms that are building content? Yes. There are way more people on the internet than bots. That's what the bots want you to think. Look, if you take a look at what's happening on social media, there's a lot of video being created by humans. Is it useful? Definitely not. Social dancing all over or sharing that experience is really not useful for the largest part of humankind. But it's still video created by people. They have put effort in doing that. Yes. There's much more content being created by humans at this point than by AI. AI and bots mostly are being used for scraping this content, a content that will be eventually used for training artificial intelligence algorithms. You don't really see right now a dead internet theory being the reality. You still think the human presence is there. Is it likely the future of the internet will be exactly that and it's going to be 100% bot? There's going to be a lot of automation, but most of those consuming the content will still be humans. So regardless of how much content is being produced, there's still going to be people on the internet consuming that content. Okay. I don't mind being a person on the internet being entertained by AI created content as long as I'm not fooled into thinking it's anything other than that. In the film Blade Runner, based on the story by Philip K. Dick, do androids dream of electric sheep? That's the original short story. It's a great title. Yeah, it's a great title. In it, there's a whole system in place where there are people trained to test the replicants to see if they're actually replicants because they're so well made they have to put them through a psychological stress test where you know how a human would react whereas the replicants, the AI computer versions of us would not and they would fail. And the fact that that test was so subtle, and this story was written 50 years ago, so is there any way today that we mentioned this earlier, but I'm just saying in a Turing test if you're going to have a conversation, are there questions we can ask? Is there something about the video we can detect? Is this other than my voice cadence and other things that I know about myself, how do we defend ourselves? Your company's called Bit Defender. So let me hear the defensive line. Help me, Bit Defender. Help me. Help. The AI and DeepFake Front is opened relatively recently. We didn't have it five years ago. We didn't have it 10 years ago. Most of our defenses as humanity evolve around staying safe from fishing links, from malware, from what I would tell traditional endpoint security. When it comes to artificial intelligence and AI generated content, it's already here. We have like a couple of dozens of very famous online influencers that are ran by artificial intelligence. There are a couple of Instagram accounts that have million of subscribers and the person does not exist. The only thing that exists is an AI algorithm that's building content to order. Well, unfortunately, there is no defense against that. And would we need a defense to that or would we need a defense to probably some nefarious goals that the AI content will attempt to lead us to? And here's what we're trying to do here. We're trying to help people understand the red flags in communication, understand this information, understand the likelihood of something that they're exposed to being real. Probably that will be the future of technology. Not necessarily detecting that some content is created by AI, but rather the fact that that content created by whoever is malicious and will have an impact on you and your security. So when it comes to malicious intent on behalf of interactions, internet interactions, are there some hard and fast simple rules that we can follow like the way you answer an email or the way you answer if someone were to call you, the way you do or do not offer up information? Are there some simple rules that will help somebody not fall prey to a scam? You're asking all the hard questions. This is a very important topic for me because these nefarious interactions that you described can be used by a commercial actor, for instance, to make you behave in a specific way that will result in loss of money. But they're also used as hybrid warfare now. This information is a big part of that. And it doesn't have that kind of structure that makes it obvious. It doesn't have that call to action that would let me know that the message is wrong, false, or leading to unintended consequences. The fact that we have deepfakes talking about, I would say, political stuff, impersonations, hidden agendas, and so on, will help an adversary dilute our amount of trust. They will cause uncertainty. They will reach the goal by making us question everything and ultimately not caring about the message because we cannot distinguish what's wrong from the right, what's true from the false and so on. So not sure if this answers the question, but that's probably the best answer I can give at this point. All right. Well, how about this? What does Bitdefender do? How do you guys defend against this stuff if I were to have Bitdefender on my computer? What would it do for me? Yeah, if all you do is find it, plus is it prosecution at the end of this? That fraction of all offenders are prosecuted because apparently with a $9 trillion fraud market... It ain't a lot. It can't be a lot. Well, but that's what I'm saying. That right there lets you know that this is ubiquitous and it's proliferating. So it sounds to me like when you call yourself Bitdefender, maybe there's a real need for you to be on my computer. But what am I putting you on my computer to do is what I'm trying to figure out. And I'm not trying to do a commercial here. I am genuinely interested. Cyber security is a fundamental part of the way we're interacting with technology right now. I don't want to ring my bells here, but security solutions are fundamental to how our end or our day starts and ends. And they make the difference between another day at the office and the complete disaster, where you have lost all your money or your data at the end of the day. So what does Bitdefender do? We build cybersecurity solutions and technologies that help people stay safe from all sorts of cyber threats. We started with what's commonly known as antivirus back in the 90s. When the internet was booming and when computers became a fundamental part of every household, we started securing them with what's called as antivirus. The good old days, it was just a virus. Just a virus. Just a virus, the good old days. We evolved way past that because our attack surface has become a little bit more complex and now we have to secure not only computers, but our data, our smart devices in households, we have to secure companies that store your information. We have to secure a lot of aspects that were not an issue back in the day. So when you hear that the antivirus is dead or there's no real need for it on computers and mobile devices, that's not true. And antivirus solutions are becoming more and more complex. They have changed to complete suits now. They're not just one application. The virus is mutating. Mr. Smith. No, but it's not just the virus. Scams have become an important component of cybercrime. As I told you, it's one ninth of the total losses caused by technology in the world. So at this point, Bitdefender also hand us these anti-scamming aspects in various ways. We have security solutions that automatically detect that a specific message is a form of scam. We have advisors where people can describe what they're seeing or taking screenshots or taking a picture of something and feeding it to an AI assistant asking, hey, is there anything dangerous here if I'm venturing into what's described here? And I will look at the situation, assess the likelihood of that being a scam, and teach the user that there are a couple of red flags there that probably lead to a scam. So Bitdefender, what we do is what we've always done, keep users and companies safe, but now with a lot more technology and a tech surface to defend. So we've talked about... By the way, I like your geometric reference to the texture of your surface that's exposed. The surface is a boundary between what's on one side and what's on the other. The surface can get larger or more variegated. I love that reference and how you have to then think about the problem. But you don't want it as a fractal surface. Then you'll never get to the bottom of it. Yes, I'll never get to the end of it ever. We've discussed the sort of one-to-one aspect. What if you rolled out the sort of deepfake and malicious intent to a grander scale, to a city, a utility, on a national scale? National security. Yeah. You know that Romania is on the Eastern NATO flank. It's on the Eastern part of the European Union as well. And as of a couple of years ago, we've had a war at the border. There's Ukraine versus Russia. The Ukrainians are our neighbors. And as they were in the middle of the fight, deepfake of President Zelensky erupted on the Internet, calling for every armed person to lay down their weapon because Ukraine had surrendered. That was a deepfake and it was quickly combated by Ukrainian security services. But this could have had awful consequences. Right? What happened if the whole army fell for that? Or part of the army fell for that? But that's also part of the hybrid warfare that I was mentioning before that. There's a lot of this information going on. There are calls to action that are completely wrong and so on. But another practical example would not necessarily have to do with deepfakes, but to the state of technology and the penetration of technology into our homes. Biddefender also has an IoT security research wing. IoT stands for the Internet of Things and it's normally a category of consumer electronics that's comprised of smart stuff, digital assistance, smart toasters, coffee makers, and smart lights, and so on. There's a specific type of IoT device that has started to penetrate the world. That's the solar inverter. Solar inverters are pieces of technology that convert electricity from solar panels and store it, manage it, or inject it into the grid. These inverters are normally hooked up to the Internet at home. These inverters most of the time come from China. Last year in August, we looked into a couple of inverters that are very popular in Europe. We realized that a potential attacker would be able to seize control over each of the inverters made by a specific brand. That would give an attacker access to about 140 gigawatts of electricity. That's a lot by any standard. I'm not a professional in the energy, but that looks huge. That's a big blackout, man. One of the things that we uncovered after this first contact was that we will never know whether that was a software bug that allowed somebody to get into all of the inverters made by the same manufacturer, or if that was a carefully hidden Bangor that could be accessed by a rival nation state to cause a blackout to a city, country, or to a territory. The city is a European state that's starting to take cybersecurity in this inverter space very carefully because they realized that whatever happens in this very particular IoT sphere could bring grids down. What happened in Spain this year was a wake-up call. Not because of a cybersecurity incident, but because solar played a bad role here. All I wanted to say is that grids are very powerful beasts, and they used to be isolated from the internet. Now everybody has a piece of the grid in their home that's connected to the internet. That's a million entry points to something that pertains to national security. That's why we gotta stick to coal. Gotta keep burning coal, man. That's the problem. Get off that dog on solar energy. Okay? Newfangled solar wind. What about the birds and the cancer? No, let's go with coal, and you'll be okay. Thank you, Chuck, for that regressive comment on civilization. Bode, we gotta wrap this up. Could you give us just some hopeful news here out of this conversation? Yeah, man. Where do you see all this going? Yeah, where does this go in two years, five years, 10 years? This will continue to be a cat and mouse game, where the bad guys are advancing. The good guys will be catching up with their tactics, and in best case scenario, they will find a way to proactively protect against their attacks. We've done that for the past decades with malware, and we're going to do that with deep face and with the rest of the scams as well. There's hope, the fact that we're still using technology, and most of our interactions online are safe gives us hope. We're here to protect. We have the technologies, the solutions, and we're not just waiting for the bad guys to win the game, right? Given how large this marketplace is, you're not the only company out there who is working in this space. We have very powerful partners from other security vendors to law enforcement. That's also one thing that I wanted to tell you about. The fact that we're very successful in this cooperation with law enforcement. We have a lot of cases that we opened together with law enforcement. We have a couple of cybercrime rings that become dismantled as part of these successful corporations. Police agencies all over the world are taking cybercrime extremely seriously with our expertise and with their ability to execute arrests is something that helps us curb on cybercrime. The ability to kick down a door. That's what that is. Yeah, AI can't do that. AI can't do that. Yeah. So, Bota, if a person is famous or otherwise wealthy and then they get scammed, that's kind of embarrassing. Is there some stigma that will go away eventually once people find out that they're not alone in their victimhood? Where does that land on this landscape? Scamming and malware can happen to everyone. This is because cyber attacks have become so sophisticated and so prevalent that it's difficult for everybody to stay safe at all times. I will give you an example. Cybercrime can happen to everyone. It's not you that you're enabling it. You're just a victim yourself, right? There have been a lot of compromised accounts belonging to highly respected people that have fallen victim to a cyber attack. We have a lot of surface to defend at the end of the day. We have email communications. We have mobile and instant messaging. We have technology everywhere around us on our body, in our home, in front of us, right? And that's a very, very difficult mission. Staying safe is a difficult mission. What I would say is that if you're falling victim to any kind of digital crime reported, first of all, there's entities there that might be able to help. There's also entities that need to know that you have fallen victim to a type of cybercrime to be able to assess the magnitude of a phenomenon. Imagine that, for instance, only about 7% of scams are getting reported. So police offices all over the world are not correctly budgeted to face this phenomenon because they cannot assess its impact on the local communities. So Bob, in a way, what you're saying is you should report it because if you don't, you're actually enabling the people who harmed you. You're actually helping them by keeping this to yourself and suffering in silence. Go ahead and report it because, one, it happens to everybody and it's not your fault. And two, by reporting it, you're putting information out there that can be used against the people who committed the crime. Yes. They say that if a tree falls into a forest and nobody hears it, has it fallen? That goes with cybercrime as well. If you have been scammed and dozens of other people have been scammed and you have not reported it to the local law enforcement office and neither did anybody. Is scamming really part of the police agency's agenda? No, because there's technically no scamming going on. That's why we are advising victims to report it. It's not something that they should be ashamed of. It's not something that they should keep it to themselves. The more they talk about it, the more this message gets pushed on the local agenda and law enforcement agencies or other people will be able to act on it. Cool. That's the lesson right here. There it is. Bogdan, Botezatu, pleasure to have you on StarTalk Special Edition. Thank you. Even though three quarters of everything you said was completely depressing, we needed that. I know. It was the best depressing conversation we had. I guess so. That's what we're not allowed to say. Okay. The depressing information that can serve you going forward. Absolutely. There it is. There it is. So important. We were delighted to work with you guys when we filmed our segment with Formula One and the security necessary in the communication between the pit and the cars and that whole world. Thanks for being there both times. Thank you for this opportunity. It's one thing to look at you religiously on the other side of the screen and a whole different experience to be part of the show. Okay. Wow. Thank you. That's very nice. Excellent. All right. That's all the time we have. Learned a lot today. Oh, yes. Yeah. Dude. Yeah, I've learned. I am burning my computer. That's what I learned. Done. We're going back to an abacus. Abacus. I got one right. I got abacus. No, no, no. I'm writing letters. I'm writing letters again. That's a hell of a thing. All right, Gary. It was good to have you here. Pleasure, my friend. All right, Chuck. Always a pleasure. Be good. Neil deGrasse Tyson for Start Talk Special Edition. The world is coming to an end. It's an episode. AI will be our overlords and they'll take your money. No, I exaggerate. Anyhow, really try to keep looking up. Until next time.