North Korean IT Scam + TikTok Zero Day + Consumer AI Gets Weird
Jun 16, 2024
auto_awesome
Discussing the North Korean IT scam using American virtual assistants, uncovering a complex money laundering scheme involving US companies, delving into North Korean transition to legitimate IT services, exploring scam text messages and cybersecurity threats, and analyzing the implications of AI and technology on memory and privacy concerns.
01:00:15
AI Summary
AI Chapters
Episode notes
auto_awesome
Podcast summary created with Snipd AI
Quick takeaways
Beware of fictitious business identities like Riley Park facilitating illicit activities with countries like North Korea.
North Korean IT scams in the US are operating through shell companies employing unaware Americans for remote access work.
Microsoft's data recall feature for AI training raised privacy concerns, leading to reevaluation due to significant backlash.
Deep dives
The Use of Fictional Personas for Business Registration
Multiple companies have been discovered to register under the fictional persona Riley Park, managed by a company aiding in anonymous business ownership. This revealed the potential misuse of fake identities for dubious reasons such as illicit dealings with countries like North Korea, which is illegal.
North Korean Scheme Involving Shell Companies and IT Scams
North Korean actors have been utilizing shell companies with fake identities like Riley Park to set up a large-scale IT scam in the US. By hiring Americans to facilitate remote access work, money from these operations funnels back to North Korea, possibly involving many unwitting companies.
Microsoft's Privacy Concerns with AI and Data Retrieval
Microsoft introduced a potential privacy concern with its recall feature, where encrypted screenshots on devices are used for AI data training. This raised alarm over the privacy implications and necessitated reevaluation following significant backlash.
Adobe's Controversial Terms of Service Leading to Concerns
Adobe faced backlash over new terms of service that granted perpetual rights to user-created content for AI training purposes. This sparked concerns about ownership of creative content and potential violations of client agreements.
Advanced AI Hacking Techniques Using GPT Models
Researchers used GPT models in a hierarchical structure to exploit security vulnerabilities successfully. The hierarchical planning and task-specific agents significantly boosted vulnerability discovery and exploitation rates, showcasing the potential of AI red teams.
Future Implications of Organizational Structures for AI
The use of hierarchical planning models leveraging AI for exploitation highlights the future focus on optimizing organizational structures for AI. The potential for enhanced efficiency and coordination in AI operations through structured management holds promise for future advancements in the field.
We discuss a bunch of stories, including the bizarre tale of how an anonymous business registration company let a massive IT scam unfold in the US, a TikTok zero day, Microsoft recall and Apple Private Cloud Compute, and a home-brew cell tower hack in the UK.
NOTE: I (JB) misspeak at about 18 minutes in. I say "US" when we're talking about the UK.