“Pandora’s Box has been opened with today’s artificial intelligence”, ethical hacker claims
Artificial intelligence has opened up a pandora’s box of opportunity for cybercriminals, according to an anonymous ethical hacker speaking at UK Cyber Week in London this week.
Privacy and security are at stake, even to the most secure companies, said the hacker, and nothing will “ever be the same from now on.”
Speaking at a keynote, the cyber professional detailed how he and his ethical hacking team have been able to access sensitive company information using, what he describes, every person’s greatest weakness – “human emotion.”
“You might have the latest threat intelligence block, you might have the software… you may have everything patched,” said the expert, but “the human factor is what is killing whole security systems, and it is the first line of attack for some cybercriminals”.
In a line of confessions, the anonymous security specialist described how he and his team have taken to LinkedIn, dating websites, and using robot babies, to hack into firms’ security systems.
In one mission, the ethical hackers targeted a security researcher whom he described as an “Iron Lady,” because it was impossible to get past her.
According to the ethical hacker, she worked in a “super secure facility, that was part of national critical infrastructure”.
“This facility had multiple layers of physical security, and it was impossible to get inside” and access their target, according to the hacker.
Learned knowledge of the reception area found that the locked-off corridor that lead to the targeted office, also hosted a single disabled toilet.
On a more personal note, the team also discovered that the “Iron Lady” had only just become a grandmother two months prior.
With this information, the team dressed up a female colleague as a pregnant woman, and placed her in the foyer of the offices, with the instructions to act upset over her baby (which was actually a realistic robot) which needed its nappy changed.
Timed to be there at the same time as the “Iron Lady”, they succeeded in swaying the security officer’s empathy and she allowed them to access the building.
Once inside, the team successfully installed a black box which, in brief, was “carefully designed” to scan and test the full target system.
“The operation was a true success,” said the ethical hacker.
In another task, the ethical hackers used the public LinkedIn profile of a chief security officer to gather enough information about his location, interests, and romantic life in order to find out that he was single and actively using dating websites.
“So we decided to cross the country, and make a profile that matched the target requirements and special wishes,” he said. They added classical music, fine food and wine, and used a female ethical hackers face for the profile.
After a few weeks, the team matched with the CSO and were soon invited around to his house for dinner, where they managed to discretely access his personal laptop and mobile using intelligent charging cables and USB devices in order to track and access his sensitive information.
“By securing a weakness in a human being, and using a combination of social engineering and surveillance techniques, we are able to penetrate top security systems,” enthused the hacker.
Using AI, such as a robot baby, or perhaps a fake face, voice, and person on a dating app, this kind of human manipulation could be a lot easier.
“It is important to understand your digital footprint,” determined the hacker, so his advice is to keep your public profiles as private as possible. On top of that, “mark your personal chargers with pastel colours, and ensure your Bluetooth and Wifi is switched off,” in public locations, he concluded.
Subscribe to our Editor's weekly newsletter