Code Words Are Back
In what should surprise nobody, AI masking has already been moving at a rapid pace. In only one year’s time, techniques that used to be bulletproof for detecting if somebody was pretending to be somebody else via AI, now is questionable as to whether or not it will actually work.
This post is going to be discussing some of the advances that have been made as far as lighting and facial expressions and kind of getting out of that uncanny valley aspect of AI masking and AI people and just how expressive and how a lot of this can be done in real time now rather than do it preemptively before the video call.
The Problem
The first generation of AI masking wasn’t even live. You would have to take an image or images of a person or a subject that you were trying to impersonate, take a video of you doing X, Y, or Z, create the facial mask, and then use that in a video recording or something else, and hopefully it lined up. And that has obvious problems with it.
When the live AI masking finally came out, it was good and it was pretty convincing so long as you didn’t have artifacts in front of the object like fingers or anything that would obstruct the camera from the subject. That was okay.
Getting the person to actually turn their head to extreme angles was another one that was very quickly and very obviously could break up the mask because the mask no longer has those facial landmarks that they can use to differentiate or try to put the mask over the person’s face.
And for the most part, as of right now, today, at the time of this recording, both of these methods will still work for the most part, because in order to do live AI facial masking, you still need a good line of sight between the camera and the subject. So as of right now, whether you have somebody move their head in an extreme angle or put something especially disruptive things like fingers, if you put a solid object like a book in front of somebody’s face, it may actually be still convincing. But if you put something that’s disruptive, smoke, fingers that are opened or something else, it still works pretty well.
That said, some of these features on some of the more advanced AI masking techniques actually are starting to fail because you can have differential lighting, you can have more extreme angles, you can have better irises.
Irises used to be one of the ways that you could detect people. That really isn’t the case anymore with some of the more advanced features. And so some of these techniques are actually getting to the point where you can’t tell anymore.
You can see that the language, the lip tracking, the irises, the lighting, the movement, the facial expressions, all of this looks pretty good and pretty convincing today.
Luckily, we don’t have to rely solely on visuals. We can actually rely on audio. So one of the things to keep in mind is that while this sounds okay, it sounds okay because it’s a generic voice. When you’re trying to actually clone voices in people, oftentimes you’re trying to clone someone specific. Here you can see what it sounds like when I try to take Joe Rogan’s voice and I try to get him to say something, and you’ll see the discrepancies.
But probably the best gotcha when it comes to AI is that it still doesn’t do lists very well, especially off-the-cuffed lists, because if you’re trying to do this live, it will not know ahead of time how to say certain things.
The Hong Kong Case
The Hong Kong incident is the cleanest corporate example because it shows how the pieces fit together.
Understanding that it would be a little suspicious if the CFO called you up one day and just said, Hey, transfer $25 million.
So what the scammers did was they had what seemed to be a Teams call between an entire team of employees, including the CFO, and all of them in real time were discussing to transfer this money and everything else.
And then the guy who had been scammed thought that he had been talking to an entire team of employees, which alleviated a lot of suspicion.
According to CNN,
Chan said the worker had grown suspicious after he received a message that was purportedly from the company’s UK-based chief financial officer. Initially, the worker suspected it was a phishing email, as it talked of the need for a secret transaction to be carried out.
However, the worker put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized, Chan said.
Unfortunately, now believing that the money transfer was a legitimate request, the employee authorized the transfer of 26 million dollars.
But this demonstrates the use of clever AI masking, some quality OSINT and social engineering can defraud people and companies.
Code Words
One of the things that everybody today in modern society has grown accustomed to is the concept of two-factor authentication when you sign in to things or try to transfer large sums of money out of your bank account. It’s no longer a surprise when you go to log in and you have to use your phone to say, yes, it was me who attempted to log in, or go to your email to click on a link or some variation thereof.
The default two-factor authentication used to be listening to somebody’s voice or seeing them in a video call, and that used to be all that we needed. But obviously, having read this article, you understand that that is ever increasingly not true.
So, one of the oldest school tricks is coming back today, and that is the use of code words. Simply telling somebody ahead of time, in person, what a code word or phrase would be for certain transactions.
Basically, this is a form of two-factor authentication as a safety mechanism to say, look, this is how I prove that I am me. Because no matter how much OSINT you do on somebody, if you agreed on a code word in a private office or somewhere similar, it’s very unlikely you will ever be able to discover what this is.
In the case of our Hong Kong fraud victim, having a code word may have actually saved this company from $26 million fraud and probably kept that employee’s job, because I assume that he was fired soon thereafter, despite the fact that it was a very clever ruse.
Unfortunately, this type of AI masking is not just being used against industry, it’s also being used for personal reasons.
Pretending to be a loved one, pretending that a loved one has been kidnapped, or any derivative thereof, has actually started to come out. And as a result, code words and things like it would be an easy way to verify if someone is who they claim to be.
One of the problems with code words is that if you just ask somebody for their code word, then the attacker knows moving forward that you, your company, your organization, or your family uses these and to start looking for them.
An easy workaround for this is not necessarily a code word itself, but more of a challenge response. So instead of asking somebody outright for the code word, you may say a very specific provocative statement and then have somebody respond in a very specific way.
While I wouldn’t recommend something this obvious, it is an example from the movie the shadow.
Now while you may look at that clip and think its ridiculous or childish, here is former CIA case officer John Kiriakou, discussing the topic
Now, like all things, this obviously isn’t bulletproof. Through social engineering, eavesdropping, or other mechanisms, you may be able to find out what a code word is, or you may be able to put enough emotional pressure on somebody that they just forego the code word altogether.
So obviously, nothing is going to solve all problems, but this old-school, low-tech method may be a fantastic way of actually adding some form of two-factor authentication that, as of right now, AI cannot duplicate.
Conclusion
As Ed Calderon correctly said, “If you want to beat high tech, go low tech.”
While technology is going to get better and better day by day, and that’s fine, things like this, going back to old school guile and code words, is something that AI will have a very difficult, if not impossible time deciphering because it’s not something that’s in their database.
Whether you choose to use code words in your daily or professional life is obviously up to you … but either way, stay safe out there.
Training Resources:
For individuals looking for a hands on training that includes all of the above topics, Covert Access Team (covertaccessteam.com) provides training courses focused on physical penetration testing, lockpicking, bypassing techniques, social engineering and other essential skills.
Covert Access Training - 5 day hands on course designed to train individuals and groups to become Covert Entry Specialists
Physical Audit Training - 2 day course on how to setup and run a physical security audit
Elicitation Toolbox Course - 2 day course of that primarily focuses on elicitation and social engineering as critical aspects of Black Teaming
Strategic Operations for Lone Operators - Advanced course for those who are interested in learning how to become a one man infiltration team.
Counter Elicitation - 2 day course on how to recognize and prevent elicitation attempts, and safegaurd your secrets.
Cyber Bootcamp for Black Teams - 2 day course designed explicitly for physical penetration testers who need vital cyber skills to add to their toolbox.
Private Instruction - Focused learning & training based on your needs .
I wonder how courts will deal with AI masking as court evidence. It is getting harder to tell the difference.