Interesting forensics in connection with a serial killer arrest:

Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island—two areas connected to a “burner phone” they had tied to the killings. (In court, prosecutors later said the burner phone was identified via an email account used to “solicit and arrange for sexual activity.” The victims had all been Craigslist escorts, according to officials.)

They then narrowed records collected by cell towers to thousands, then to hundreds, and finally down to a handful of people who could match a suspect in the killings.

From there, authorities focused on people who lived in the area of the cell tower and also matched a physical description given by a witness who had seen the suspected killer.

In that narrowed pool, they searched for a connection to a green pickup truck that a witness had seen the suspect driving, the sources said.

Investigators eventually landed on Heuermann, who they say matched a witness’ physical description, lived close to the Long Island cell site and worked near the New York City cell sites that captured the other calls.

They also learned he had often driven a green pickup truck, registered to his brother, officials said. But they needed more than just circumstantial evidence.

Investigators were able to obtain DNA from an immediate family member and send it to a specialized lab, sources said. According to the lab report, Heuermann’s family member was shown to be related to a person who left DNA on a burlap sack containing one of the buried victims.

There’s nothing groundbreaking here; it’s casting a wide net with cell phone geolocation data and then winnowing it down using other evidence and investigative techniques. And right now, those are expensive and time consuming, so only used in major crimes like murder (or, in this case, murders).

What’s interesting to think about is what happens when this kind of thing becomes cheap and easy: when it can all be done through easily accessible databases, or even when an AI can do the sorting and make the inferences automatically. Cheaper digital forensics means more digital forensics, and we’ll start seeing this kind of thing for even routine crimes. That’s going to change things.

Read More

Artificial intelligence used to be reserved for the population’s most brilliant scientists and isolated in the world’s top laboratories. Now, AI is available to anyone with an internet connection. Tools like ChatGPT, Voice.ai, DALL-E, and others have brought AI into daily life, but sometimes the terms used to describe their capabilities and inner workings are anything but mainstream. 

Here are 10 common terms you’ll likely to hear in the same sentence as your favorite AI tool, on the nightly news, or by the water cooler. Keep this AI dictionary handy to stay informed about this popular (and sometimes controversial) topic. 

AI-generated Content 

AI-generated content is any piece of written, audio, or visual media that was created partially or completely by an artificial intelligence-powered tool. 

If someone uses AI to create something, it doesn’t automatically mean they cheated or irresponsibly cut corners. AI is often a great place to start when creating outlines, compiling thought-starters, or seeking a new way of looking at a problem.  

AI Hallucination 

When your question stumps an AI, it doesn’t always admit that it doesn’t know the answer. So, instead of not giving an answer, it’ll make one up that it thinks you want to hear. This made-up answer is known as an AI hallucination. 

One real-world case of a costly AI hallucination occurred in New York where a lawyer used ChatGPT to write a brief. The brief seemed complete and cited its sources, but it turns out that none of the sources existed.1 It was all a figment of the AI’s “imagination.”  

Black Box 

To understand the term black box, imagine the AI as a system of cogs, pulleys, and conveyer belts housed within a box. In a see-through box, you can see how the input is transformed into the final product; however, some AI are referred to as a black box. That means you don’t know how the AI arrived at its conclusions. The AI completely hides its reasoning process. A black box can be a problem if you’d like to doublecheck the AI’s work. 

Deepfake 

Deepfake is the manipulation of a photo, video, or audio clip to portray events that never happened. Often used for humorous social media skits and viral posts, unsavory characters are also leveraging deepfake to spread fake news reports or scam people.  

For example, people are inserting politicians into unflattering poses and photo backgrounds. Sometimes the deepfake is intended to get a laugh, but other times the deepfake creator intends to spark rumors that could lead to dissent or tarnish the reputation of the photo subject. One tip to spot a deepfake image is to look at the hands and faces of people in the background. Deepfakes often add or subtract fingers or distort facial expressions. 

AI-assisted audio impersonations – which are considered deepfakes – are also rising in believability. According to McAfee’s “Beware the Artificial Imposter” report, 25% of respondents globally said that a voice scam happened either to themselves or to someone they know. Seventy-seven percent of people who were targeted by a voice scam lost money as a result.  

Deep Learning 

The closer an AI’s thinking process is to the human brain, the more accurate the AI is likely to be. Deep learning involves training an AI to reason and recall information like a human, meaning that the machine can identify patterns and make predictions. 

Explainable AI 

Explainable AI – or white box – is the opposite of black box AI. An explainable AI model always shows its work and how it arrived at its conclusion. Explainable AI can boost your confidence in the final output because you can doublecheck what went into the answer. 

Generative AI 

Generative AI is the type of artificial intelligence that powers many of today’s mainstream AI tools, like ChatGPT, Bard, and Craiyon. Like a sponge, generative AI soaks up huge amounts of data and recalls it to inform every answer it creates. 

Machine Learning 

Machine learning is integral to AI, because it lets the AI learn and continually improve. Without explicit instructions to do so, machine learning within AI allows the AI to get smarter the more it’s used. 

Responsible AI 

People must not only use AI responsibly, but the people designing and programming AI must do so responsibly, too. Technologists must ensure that the data the AI depends on is accurate and free from bias. This diligence is necessary to confirm that the AI’s output is correct and without prejudice.  

Sentient 

Sentient is an adjective that means someone or some thing is aware of feelings, sensations, and emotions. In futuristic movies depicting AI, the characters’ world goes off the rails when the robots become sentient, or when they “feel” human-like emotions. While it makes for great Hollywood drama, today’s AI is not sentient. It doesn’t empathize or understand the true meanings of happiness, excitement, sadness, or fear. 

So, even if an AI composed a short story that is so beautiful it made you cry, the AI doesn’t know that what it created was touching. It was just fulfilling a prompt and used a pattern to determine which word to choose next.  

1The New York Times, “Here’s What Happens When Your Lawyer Uses ChatGPT” 

The post 10 Artificial Intelligence Buzzwords You Should Know appeared first on McAfee Blog.

Read More

A discussion paper from the European Policy Centre sets out recommendations for an EU quantum cybersecurity agenda

Read More

Man accused of aiding the Kremlin with dual-use tech

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As organizations across every sector come to rely more and more heavily on digital data storage, digital work platforms, and digital communications, cyber attacks are becoming increasingly common. Enterprising cyber attackers see opportunities abound with the widespread digital transformation across industries. Social engineering cyber attacks present a particularly potent threat to organizations. 

In this article, we will take a look at why training your employees to become aware of social engineering cyber attacks is key to protecting your business. We will explore the most common forms of social engineering attacks. Finally, we’ll also share key actionable advice to help educate and defend your employees against social engineering schemes. 

Why cybersecurity awareness is important

Oftentimes the most vulnerable element in any organization’s cybersecurity defense system is an unaware employee. When someone does not know the common features of a social engineering cyber attack they can easily fall for even the most widespread cyber attack schemes. 

Educating employees on signs to look out for that might indicate a hidden cyberattack attempt and training employees on security policies and appropriate responses is essential to creating a resilient company-wide cybersecurity policy. 

Three common types of social engineering attacks

To understand how to identify, trace, and respond to social engineering cyber attacks, it is important to get to know the most common forms that social engineering attacks can take. 

A social engineering attack occurs when a bad actor contacts an unsuspecting individual and attempts to trick them into providing sensitive information (such as credit card details or medical records) or completing a particular action (such as clicking on a contaminated link or signing up for a service). 

Social engineering attacks can be conducted over the phone, or via email, text message, or direct social media message. Let’s take a look at the three most common types of social engineering cyber attacks:

Phishing

Phishing is a type of social engineering attack that has bad actors posing as legitimate, and oftentimes familiar, contacts to extort valuable information from victims, such as bank account details or passwords. 

Phishing attacks can come in the form of emails claiming to be from legitimate sources- such as a government body, software company you use, or relative. Bad actors can hack someone’s legitimate account, making the communication seem more convincing, or they can impersonate an official organization, copying their logo and content style. 

Pretexting

Pretexting attacks occur when a bad actor invents a story to gain an unsuspecting victim’s trust. The bad actor then uses this trust to trick or convince the victim into sharing sensitive data, completing an action, or otherwise accidentally causing harm to themselves or their affiliated organizations. 

Bad actors may use pretexting to manipulate an individual into downloading malware or compromised software, sending money, or providing private information, including financial details. 

Baiting

Baiting is a similar type of social engineering attack to pretexting. While in a pretexting attack the bad actor lulls a victim into a sense of false security with a compelling narrative, a baiting attack uses enticing promises to trick a victim into completing an action or providing information. 

Essentially baiting involves a bad actor setting a trap for victims. This trap could be an email attachment or file sent through social media messaging that at first seems legitimate, but includes malware. Victims may not even be aware that they have fallen for a baiting scheme, as the malware could be downloaded onto their device without them knowing about it. Bad actors can also use baiting to steal bank details or other personal data from victims. 

How to educate employees to recognize social engineering attacks

Each employee should be able to adequately recognize and respond to social engineering attack attempts; when every employee knows how to do this your organization will have a robust level of human security defending the organization against cyber breaches. 

Conduct regular security awareness training

Make sure that cybersecurity is a priority for employee education. The more your employees are reminded of the importance of cybersecurity, the more likely they will be to remember the correct course of action to take in the event of an attack attempt. Include cybersecurity information posters on the walls of your office, upon which you can try integrating QR codes to provide a multimedia and more secure way for employees to access this information while on the go. 

Encourage employees to read up on the latest cybersecurity protocols and attack methods. And schedule regular mandatory cybersecurity training sessions to refresh employees on how to stay vigilant against cyber attacks and where to report suspicious activity when it occurs. 

Utilize Multi-factor Authentication

Multi-factor Authentication, or MFA, maintains a higher level of security against each attempt to access your company networks and files. Multi-factor authentication can require employees to answer security questions, provide a one-time-only code that is sent to their email or phone number, or pass through secure restricted access digital gateways using another method that verifies their identity and right to access that digital space. 

With multi-factor authentication in place, hackers who successfully access one employee’s phone number, login info, or email address will still not be able to compromise the security of the entire organization. 

Track company KPIs

Your organization should create a shared checklist that employees can consult and reference in the event of a suspected (or successful) cybersecurity breach. 

This document should contain all relevant security KPIs, or key performance indicators, that provide measurable metrics. Employees will be able to trace and evaluate the robustness of your organization’s security system based on whether or not these individual metrics are performing at the appropriate level. 

Implement strong password requirements

Ensure that every employee is maintaining good password hygiene. Each employee should utilize a unique combination of letters, numbers, and symbols, including both uppercase and lowercase levels. 

Employees should never use the same password for multiple accounts, and they should avoid using any phrases or words that may be easy for hackers to guess. Birthdays, anniversaries, pet names, and song lyrics should never be used as passwords. 

Establish company-wide cybersecurity policies

Confusion about your organization’s expectations and standards can lead to further weak spots, vulnerable points, and openings for enterprising cyber attackers to exploit. Make sure every employee has a clear understanding of company policies surrounding cybersecurity. 

Organizations that are hiring freelance employees, for example, will need to be on extra high alert. Freelancers or independent contractors your company works with may not always comply with the basic security guidelines and expectations that full-time employees hold to. 

To avoid this, establish clear cybersecurity expectations from the start of the professional working relationship by laying out cybersecurity policies in the freelancer contract. Look for freelancing contract templates that come with flexible customization options, so you can be sure to include the relevant section about cybersecurity policy agreements for freelancers and contractors. 

Use common sense

It may sound obvious, but following up on a hunch to double-check whether or not an offer or request seems legitimate is a great way to defend against social engineering scams. If you receive an email that seems suspicious, for example, try contacting the original sender- whether that was a colleague, a friend, or a company. Use another method to contact them and double-check whether it was indeed them trying to contact you. 

If a request seems suspect, there is a good chance it is a scam. If a bad actor is trying to scam you, then taking the extra time to verify can save you hours of cleanup, not to mention financial damages and reputation loss. Employees can report suspicious phone calls or text messages directly to their phone carriers, who may be able to track the perpetrator and restrict their access. Or employees can file a complaint with the FBI Internet Crime Complaint Center. 

Final thoughts

Defending against sophisticated social engineering attacks can be a daunting challenge for any organization. The best method of protecting sensitive data and preventing unwanted access to restricted organization networks is to implement a multilayered approach to cybersecurity. 

Provide each employee with the training and education that will eliminate accidental individual cybersecurity slip-ups and you will have a more robust, well-rounded, and dynamic cybersecurity defense system. 

Make use of common sense, encourage employees to report suspicious activity, conduct frequent employee security training sessions, track KPIs with shared checklists, and establish clear company-wide security policies. Ensure that every employee knows how to create a secure password, and set up multi-factor authentication procedures. 

With a highly aware workforce, your organization will be better equipped to prevent phishing, pretexting, baiting schemes, and other forms of social engineering cyber attacks.

Read More

NextGen Healthcare was accused of violating False Claims Act

Read More

Reports suggest personal debt behind Kemba Walden’s decision

Read More