Foreword: The Language of Deception
Foreword: The Language of Deception
Foreword by Stuart McClure
Since the dawn of the Jedi, in a galaxy far, far away, a wise person once said: “Think evil. Do good.” The premise was simple, but became the rallying cry for the Hacking Exposed franchise. To defend yourself from cyberattacks, you must know how the bad guys work. Your strongest defense is a knowledgeable offense. And so the red team and hacker mindset was born.
As defenders (through offensive knowledge) we got better at understanding and preventing attacks. But the bad guys got better too, especially at automating and building intelligence into their attacks to bypass the controls put in place by the defenders. Now, with the near ubiquitous use of AI and ML around the world, the bad guy is once again one step ahead, leveraging these technologies to their malicious ends. And around and around we go.
We are at the dawn of AI/ML's application to social engineering and we need to understand it better. Our adversaries are turning to language as a weapon, and they are weaponizing it through social intelligence and creating an illusion of conversation that can bypass 99 percent of human reasoning. And with automated systems like AutoGPT and Pentest GPT coming on line, the likelihood of a fully automated synthetic hack sequence using AI/ML is clearly upon us.
With the social engineering attacks of 2023 at MGM, Caesars, and Clorox, and Ethereum-based market maker Balancer, the world now knows what we as cybersecurity professionals have known for decades: that humans (users and administrators alike) are the weakest link. If adversaries can leverage systems to help them gain access to and control of systems and networks simply by using our own human intelligence (or lack thereof) against us in an automated way, that would spell more than a “spot of bother” for the defenders.
Justin has built an amazing primer codifying the brief history of our transformation from knuckle-dragging human to hunched-over nerd (and troll), and more importantly how the technology we built to make our lives better has the potential to bring us a world of overwhelming challenge.
The bad guys are leveraging AI in new and dangerous ways. Automating this powerful hacker tool called social engineering is their inevitable next step. As defenders we have to understand its power in order to thwart tomorrow's attacks. The Language of Deception is a powerful primer on this next attack category and may be your only bridge between victimhood and survival.
Foreword by Stuart McClure
Since the dawn of the Jedi, in a galaxy far, far away, a wise person once said: “Think evil. Do good.” The premise was simple, but became the rallying cry for the Hacking Exposed franchise. To defend yourself from cyberattacks, you must know how the bad guys work. Your strongest defense is a knowledgeable offense. And so the red team and hacker mindset was born.
As defenders (through offensive knowledge) we got better at understanding and preventing attacks. But the bad guys got better too, especially at automating and building intelligence into their attacks to bypass the controls put in place by the defenders. Now, with the near ubiquitous use of AI and ML around the world, the bad guy is once again one step ahead, leveraging these technologies to their malicious ends. And around and around we go.
We are at the dawn of AI/ML's application to social engineering and we need to understand it better. Our adversaries are turning to language as a weapon, and they are weaponizing it through social intelligence and creating an illusion of conversation that can bypass 99 percent of human reasoning. And with automated systems like AutoGPT and Pentest GPT coming on line, the likelihood of a fully automated synthetic hack sequence using AI/ML is clearly upon us.
With the social engineering attacks of 2023 at MGM, Caesars, and Clorox, and Ethereum-based market maker Balancer, the world now knows what we as cybersecurity professionals have known for decades: that humans (users and administrators alike) are the weakest link. If adversaries can leverage systems to help them gain access to and control of systems and networks simply by using our own human intelligence (or lack thereof) against us in an automated way, that would spell more than a “spot of bother” for the defenders.
Justin has built an amazing primer codifying the brief history of our transformation from knuckle-dragging human to hunched-over nerd (and troll), and more importantly how the technology we built to make our lives better has the potential to bring us a world of overwhelming challenge.
The bad guys are leveraging AI in new and dangerous ways. Automating this powerful hacker tool called social engineering is their inevitable next step. As defenders we have to understand its power in order to thwart tomorrow's attacks. The Language of Deception is a powerful primer on this next attack category and may be your only bridge between victimhood and survival.
Foreword by Stuart McClure
Since the dawn of the Jedi, in a galaxy far, far away, a wise person once said: “Think evil. Do good.” The premise was simple, but became the rallying cry for the Hacking Exposed franchise. To defend yourself from cyberattacks, you must know how the bad guys work. Your strongest defense is a knowledgeable offense. And so the red team and hacker mindset was born.
As defenders (through offensive knowledge) we got better at understanding and preventing attacks. But the bad guys got better too, especially at automating and building intelligence into their attacks to bypass the controls put in place by the defenders. Now, with the near ubiquitous use of AI and ML around the world, the bad guy is once again one step ahead, leveraging these technologies to their malicious ends. And around and around we go.
We are at the dawn of AI/ML's application to social engineering and we need to understand it better. Our adversaries are turning to language as a weapon, and they are weaponizing it through social intelligence and creating an illusion of conversation that can bypass 99 percent of human reasoning. And with automated systems like AutoGPT and Pentest GPT coming on line, the likelihood of a fully automated synthetic hack sequence using AI/ML is clearly upon us.
With the social engineering attacks of 2023 at MGM, Caesars, and Clorox, and Ethereum-based market maker Balancer, the world now knows what we as cybersecurity professionals have known for decades: that humans (users and administrators alike) are the weakest link. If adversaries can leverage systems to help them gain access to and control of systems and networks simply by using our own human intelligence (or lack thereof) against us in an automated way, that would spell more than a “spot of bother” for the defenders.
Justin has built an amazing primer codifying the brief history of our transformation from knuckle-dragging human to hunched-over nerd (and troll), and more importantly how the technology we built to make our lives better has the potential to bring us a world of overwhelming challenge.
The bad guys are leveraging AI in new and dangerous ways. Automating this powerful hacker tool called social engineering is their inevitable next step. As defenders we have to understand its power in order to thwart tomorrow's attacks. The Language of Deception is a powerful primer on this next attack category and may be your only bridge between victimhood and survival.