StarTalk Radio - Deepfakes and the War on Truth with Bogdan Botezatu
Episode Date: October 17, 2025Is there anything real left on the internet? Neil deGrasse Tyson and co-hosts Chuck Nice and Gary O’Reilly explore deepfakes, scams, and cybercrime with the Director of Threat Research at Bitdefende...r, Bogdan Botezatu. Scams are a trillion-dollar industry; keep your loved ones safe with Bitdefender: https://bitdefend.me/90-StarTalkNOTE: StarTalk+ Patrons can listen to this entire episode commercial-free here: https://startalkmedia.com/show/deepfakes-and-the-war-on-truth-with-bogdan-botezatu/Thanks to our Patrons Bubbalotski, Oskar Yazan Mellemsether, Craig A, Andrew, Liagadd, William ROberts, Pratiksha, Corey Williams, Keith, anirao, matthew, Cody T, Janna Ladd, Jen Richardson, Elizaveta Nikitenko, James Quagliariello, LA Stritt, Rocco Ciccolini, Kyle Jones, Jeremy Jones, Micheal Fiebelkorn, Erik the Nerd, Debbie Gloom, Adam Tobias Lofton, Chad Stewart, Christy Bradford, David Jirel, e4e5Nf3, John Rost, cluckaizo, Diane Féve, Conny Vigström, Julian Farr, karl Lebeau, AnnElizabeth, p johnson, Jarvis, Charles Bouril, Kevin Salam, Alex Rzem, Joseph Strolin, Madelaine Bertelsen, noel jimenez, Arham Jain, Tim Manzer, Alex, Ray Weikal, Kevin O'Reilly, Mila Love, Mert Durak, Scrubbing Bubblez, Lili Rose, Ram Zaidenvorm, Sammy Aleksov, Carter Lampe, Tom Andrusyna, Raghvendra Singh Bais, ramenbrownie, cap kay, B Rhodes, Chrissi Vergoglini, Micheal Reilly, Mone, Brendan D., Mung, J Ram, Katie Holliday, Nico R, Riven, lanagoeh, Shashank, Bradley Andrews, Jeff Raimer, Angel velez, Sara, Timothy Criss, Katy Boyer, Jesse Hausner, Blue Cardinal, Benjamin Kedwards, Dave, Wen Wei LOKE, Micheal Sacher, Lucas, Ken Kuipers, Alex Marks, Amanda Morrison, Gary Ritter Jr, Bushmaster, thomas hennigan, Erin Flynn, Chad F, fro drick, Ben Speire, Sanjiv VIJ, Sam B, BriarPatch, and Mario Boutet for supporting us this week. Subscribe to SiriusXM Podcasts+ to listen to new episodes of StarTalk Radio ad-free and a whole week early.Start a free trial now on Apple Podcasts or by visiting siriusxm.com/podcastsplus. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
Chuck, I didn't know we were going to do a show on the end of the world.
Yeah, it's coming.
It's coming.
With the help of, like, AI and cybercrime and deep fakes and what hath we wrought upon ourselves?
Yeah, well, guess what?
Frankenstein's monster, it's...
Looking pretty tame.
Bring back Frankenstein, baby.
Coming up, an exploration of how we're going to go to hell in a handbasket on StarTalk.
Welcome to StarTalk, your place in the universe where science and pop culture collide.
StarTalk begins right now.
This is StarTalk, special edition.
Today, we're going to talk about scams in the age of AI.
That its special edition means we've got Gary O'Reilly.
Gary, how you doing me?
I'm good.
All right.
Chuck Nice.
I am Chuck Nice and not an AI version of Chuck Nice.
Sure.
AI imitates you better than you faking it.
Yeah, exactly.
So, Gary, this topic is way overdue.
Oh, for sure.
Or maybe it's exactly when we need it.
Yeah.
Take us in.
I suppose scams, if you think of it, have been with us since people started to use money.
Oh, even before that.
Yeah.
You know, you can rest assured.
Like, before there was a system of currency, somebody was just like, so, that's an interesting
bushel of wheat you have there.
A little barter scam, you know what I mean?
As a matter of fact, one of our most beloved childhood fairy tales is about a guy who
trades the family cow for six magic beans.
Oh.
Which that was supposed to be a scam, but it turned out.
It worked out.
It turned out it worked out for it.
Lucky Jack.
Anyway, if you think about it now, right now, it feels like you can't go an hour without a
scam, a text, a call.
But how big is this problem?
Is it just me getting texts and calls?
Or is this really sort of a close?
Sorry, I'm going to stop sending you those.
Yeah, I wish you would.
Yeah, it's all chuck.
No, but text, phone calls, emails, all of our connectivity into the landscape of humanity.
Right.
And now, as technology advances, how is that aiding, how is that abetting these bad actors?
I mean, tech has been supercharged by AI.
There's no doubts about that.
And it begs the question, what is real?
What actually is real out there?
can we believe what we can't believe.
And we're going to break down the deep fakes.
We're even going to get into the dead internet theory.
And if you don't know what that is, stick around.
Oh, I got to stick around that.
You really are going to be in for a surprise.
Dead internet theory.
And then you'll ask the question, are we all failing daily touring tests?
What happens if it turns out the internet is all bots?
How about that?
Some of that.
We'll need an expert.
So we've got Bogdan Botizatu.
This title is cool.
I want this on my business card.
Okay.
Director of Threat Research and Reporting.
Why I ought to.
At Bit Defender.
This is a company based in Romania?
Oh, well, they've got offices.
They want to protect the world.
Yes.
And we've got them right here on StarTalk Special Edition.
I believe it was Bit Defender that helped Liam Neeson get his daughter back.
How do you work?
Mason.
Boda, welcome to StarTalk Special Edition.
Hi, all.
Thanks for having me on the show.
Literally, nobody will believe me that I'm shooting a video in such a great company.
Probably people at home will say that this is a deep fake, and it's going to be very difficult
for me to contradict them.
Now, you've told us offline that you'd rather go by Bob.
It's easier for everybody, yeah.
See that? And look at that. He says it's easier, not for him, but for everybody. And by that, he means Americans. That's what he means. Because we some lazy-ass name people. Yeah, because people are just like, you know, what is your name? Bodan, Botasato. Yeah, I'm going to call you Bob, right? You cool with that, you cool with Bach. We are so bad.
So Bogdan, give us an idea of what it is globally, and maybe sort of land in the U.S. a little bit more deeply, about the kind of number.
and statistics that we're looking at in the present day as far as scams are concerned?
It's very hard to put numbers next to the global landscape of scams
because most of these scams go on of deported.
Or if they go deported, they don't get aggregated globally.
The thing is that there are some estimations.
Gaza places, Gaza, which is the global anti-scam alliance,
one of the most prominent organizations that deal with anti-scamming,
they place scams that
at inflicting about
$1 trillion of losses
for 2020-24.
Did you say T?
Trillion?
Yeah, $1 trillion.
Okay.
Let me just say I'm in a wrong business.
Okay.
It's time to start scam.
I mean, I have now begun to sit uncomfortably
and it's not the chair.
It's, if it's a trillion dollars,
are you saying that's the game?
or is that that's reported, but most of them go unreported?
So that one trillion could be an awful lot more.
Probably it's in between.
The global cybercrime market is around $9 trillion,
which means that $1 trillion for just scamming people would be reasonable.
It is very conservative.
It is.
But the thing is that not all scams get reported.
There's people who are ashamed of admitting they have,
lost huge amounts of money.
Of course.
If you look around and talk to these people who got scammed, you'll realize that they haven't
lost like $100 or $500.
They have lost hundreds of thousands of dollars because these kind of scams run for a
very long time, people gain their victims' trust and then they proceed to inflict the
maximum amount of damage they can.
The other thing is that while probably the FBI has stats for what's going on in the United
States, there are so many other countries.
countries that are affected by scams which do not report centrally what they have registered
in each country or each region.
So it's very difficult to tell how much money people have lost to scams, but one trillion
dollar seems an awful lot of money lost.
You think?
What are the weapons of choice here for a scammers?
I think all of us have experienced some kind of fishing email, but what other, what
other weapons of scammers using to get at us?
Or tactics as well.
In terms of attack avenues,
hackers have a huge variety.
They prefer instant messaging or direct phone calls because they're very immersive.
They can apply pressure and that sense of urgency that makes victims comply faster or fall victim easier.
Email is a kind of static means of communication because you're getting the
email, you're reading it through, you're posing a little bit, and then you're like,
maybe answering this email or hitting the call is not a good thing.
But when you're woken up at night via instant messaging, hey, this is your bank, your account
is being depleted as we're texting.
Please call us back to find a way to block these transactions.
Well, you will be likely to respond to that.
So we have instant messaging.
we have short messaging, we have phone,
we have mass communications because there's the type of scams
that goes one too many.
We have mass advertising and business social media account compromise.
I will detail a little bit later about that.
This is Kevin the Somolier, and I support StarTalk on Patreon.
You're listening to StarTalk with Neil deGrasse Tyson.
What's with the phone call that you get it, you pick it up, and there's silence on the end?
Because that kind of spook on out.
Everybody knows that one.
Yeah.
Yeah.
So what's the angle there?
I have two theories.
One is technical, and one is a little bit.
of a scenario that if true we're completely condemned.
I started with the first one.
One likely chance of these phone calls is technical glitches.
You know scammers use very complex software to spoof their numbers.
They use voice over IP gateways to make it look like they're calling
from the same country as you and so on.
So there's a lot of room for failure,
when involving this kind of call center grade software.
Sometimes calls hang up, there's glitches that put the speaker,
the operator on pause, and so on.
So probably there's a technical error
that prevents the cyber criminal from getting in touch with you.
The other one is, well, I'd say a superstition of mine.
How do you answer your phone with hello?
Yes, maybe?
No, I answer like this.
Who is this?
Sorry, go ahead.
Okay, fair enough.
Because some people, in some geographies, for instance,
they will answer with not hello, but yes.
Most of Europe has yes as an opening line
when you're getting called.
What happens if somebody is building a massive database of words,
of yes, of acknowledgement, of confirmation?
Like, if I'm answering my phone and somebody records me saying yes to them, where can they play that back to bypass some sort of authentication or confirm a choice of mine?
Well, voice is biometrics, right?
And sometimes saying yes to something becomes contractual, like it substitutes your signature.
But if somebody, a threat actor or a track actor group might.
ask for confirmations from people.
That makes sense.
So what they're doing is they're capturing your voice.
Yeah.
If I told people 10 years ago that based on a two-minute conversation that we had on
phone, somebody will be able to spoof my voice and impersonate me everywhere for tens of minutes
or hours, would they have believed me back then?
So Bogdan, looking at that aspect of it, if you've got new technologies, which we know
are evolving rapidly.
if not quicker. How do we get into deep fakes? How prevalent is the deep fake scam now on the
landscape? They're very prevalent and they're making most of the victims. I was telling you that
I'm clustering scams on a one-on-one type and on a one-on-man-many type. One-on-one scams are
those that happen in instant messaging where you're getting approached by a stranger and they
try to earn your trust and then they will guide you towards some type of scam. There's a one to many
type of scam communication that is massively aided by deepfakes. Cybercriminals are building
deepfakes with people that the world recognizes and trusts like you folks, right? You are online
influencers, cybercriminals have a lot of footage with you that they can use to train
algorithms and people tend to listen to you because that's what they do with key influencers.
There's also politicians, doctors who are very famous and they become the base of deepfakes.
With these deepfakes, cyber criminals start promoting all types of scams from medical supplements
to huge crypto investments, you know, you name it.
they have an opportunity for everything.
And these deepfakes get broadcast
either on stolen YouTube accounts
or on social media posts that are boosted
by paying for advertisements.
They use the trust given by the figure
that has been impersonated,
and they are using large channels
to reach huge audiences.
And from there on,
Of course, some people will fall victim to the scam.
They will heed the call to action, which is normally visit this page or call this number and sign up for this opportunity.
So this is how deepfakes work.
We took a look at what's going on now and we see that there are tens of thousands of such ads running on social networks.
There are large YouTube accounts that have been compromised and used as a billboard for,
crypto scams. One of the largest accounts that has been compromised had 28 million subscribers.
So when hackers got the hold of that account, they were able to broadcast the deep fake to
28 million potential victims. That's more than Romania has population. Wow. So if I can,
if I can indulge me, I'm going to, I want to tell you that when I fell for a deep fake, I actually
fell for one and I'm embarrassed as
hell. But it was very
sophisticated. Which you
have to say because you fell for it.
Why you got to hurt a brother?
Why do you not have heard a brother?
Did I set your lawn
on fire?
I'm just saying
you can't say this was a simple
deep fake. I'll let you be the
judge of whether or not it was sophisticated.
All right. Okay. So here's the deal.
There was a deep fake
of Sam Harris who
happens to be somebody I respect.
Right.
Okay.
How they knew that, I don't know.
But it came into my feed.
And he was touting a very specific kind of product.
Not a brand, nothing, just a kind of product.
Okay?
Yeah.
So I looked it up.
And of course, they have, you know, they have your search history and all that kind of stuff, right?
Yeah, yeah.
So then I received a very specific ad for the product.
Okay.
So deep fake, right?
I respond with just a search.
And then the search responds back to me with more information.
And then over the course of like this back and forth amplification, I bought the product.
You dumbass.
Okay.
So what you've just described there.
All right.
I knew he was going to do it.
You're just lacking some empathy.
I'm sorry.
Not for this man here.
Go.
Is that a common template that you're seeing with a deep fake?
This is AI going full circle.
So the AI is building the billboard that will sell to you.
The AI algorithms on social networks will know how to profile you and what ad to serve you for maximum efficiency.
And then from there on, you will be chased by ads all pointing to the same product until you're ready to shop.
So cybercriminals work most of the time like corporations.
So they have their own product division that builds the deep fake.
They have the translation division that builds the multi-language content.
They have the web dev team that keeps the servers running for the scam pages to reach you.
And they will have quality assurance and sales support.
You mentioned before that we partner with law enforcement.
Yes, that's something that we normally do on high-profile cases, and scams are some part of these law enforcement corporations.
What we learned about is that these cybercrime businesses have call centers that take people's calls and sign them up for various stuff.
People employed in these call centers are screened before employment with light detectors to me.
make sure that they're not undercover cops, to make sure that they will not betray the call
center's cause, and so on. So this is cybercrime Incorporated. It's not a scam business
ran out of somebody's basement. It's business that cyber criminals have invested money in order
to make more money. Wow. Wow. I mean, that's infrastructure. Is there a specific demographic
that these organized scammers are looking at.
Is it a gender-based?
Is it an age group?
Is it geographical?
What is it?
Or is it just, you know, what will take anyone's money?
We don't care?
Is it a black comedian who co-hosts a podcast?
I hear that's a very popular demo with the scammers.
No, in the end, everybody's welcome to put their money on the table and leave it there.
That's perfectly fine.
with cyber criminals, but they have various approaches because they don't have a scamming syndicate
yet, right? They're not unionized in a way that would allow them to organize in order to target
demographics, right? So what they will do is find out a local scam that converts well. That depends
what you are, right? In some places of the world, for instance, leaking out your social security
number is huge, right?
And we'll bring you a lot of hurt in the foreseeable future.
In Europe, for instance, some parts of Europe, leaking out your social security number
doesn't have any value.
It's pseudo-publical, actually.
So cyber criminals are looking for information or types of scams that convert well in
the region.
They don't target demographics, but they are focusing on specific aspects.
Some of them are focused on romance scams, for instance.
They will target men more than women because it looks like men are much more
horny and desperate and lonely.
No, careless when it comes to sharing information with partners.
Women are a little bit more reserved.
They don't go as fast and as far as the male population.
But they still, when they fall for the scam, they fall the hardest.
To answer your question, I wouldn't say that cybercriminals are targeting demographics,
but rather that there are specialized cybercrime groups that prefer one type of scam over another.
And us getting targeted by so many scam groups on a daily basis would look like there's something
very structured, that's the same organization targeting different demographics.
with different tactics, while it was about us getting targeted by multiple cybercrime rings
at the same time.
So business is good.
That's basically what you're saying.
But we're in a different space there because people would not necessarily do a deep fake
to extort who and what we are, but they can deep fake our integrity, our name, our authenticity.
And there's one case where someone just scripted this narration.
about the Big Bang
it was like 85% correct
and I got fully deep faked
into being the narrator
the person speaking those words
showing me in a podcast setting
and it went online
and it got boatloads of views
well there's your money
well I guess okay there's there's the incentive
okay and even a good friend of mine
Terry Cruz, who is himself an actor and a public figure, he texted me and said,
Neil, this is great.
This was great what you did here.
And I said, what?
And I looked at it.
I said, that's not me.
That's not me.
And a funny thing, I don't want to say this publicly, but maybe I could or should or
would it matter.
When I speak, my words have way more rhythm to them than that deep fake did.
Okay.
So I'm just saying, I know me when I'm speaking.
Right.
And when somebody's not me speaking, even if they're using my word, I know it ain't me.
Anyhow, it fooled him.
And so this...
Also, the deep shake sounded like it was on helium.
You know, when you look out into the universe.
It was missing some of the timbre of the lower registers of my voice.
So my only point there is, so, yeah, 15% of it was either misleading or wrong.
And there have been others where, just as Chuck was duped by a deep fake of Sam Harris,
there was a deep fake of me commenting on a video game release.
And people thought it was real.
And it was almost comical, but it was, so.
This is Neil deGrasse Tyson.
I, too, like sitting in my mother's basement.
As I'm playing this video game right now.
Right.
So what do we do?
What do we call you, the companies like you?
What happens?
And are we a lower priority?
Because no, they're not draining our bank account yet.
Where do we fit in that spectrum?
My guess is that what you described is a crime that has two distinct victims.
The first one is you because you have just become an unwitting accessory to a bigger scheme that was shown to a potential.
public. Your reputation is a damage here and that somehow can be controlled because you have
the leverage to report that video to the hosting platform and probably take it off, but you have
still presented some information you. That version of you has presented some maybe misaligned
information to your potential audience. And that's how deepfakes normally run. Cybercriminals
pick up a very prominent figure
like a president, a bank
governor, a medic
and then they place
a discourse on top
of the video. They will
attempt to convince people
that what that person is
saying is too.
The people will flock to
heed the call to action
and probably will
lose money. So
for some people, there's
the reputation of damage.
That's you, the persons that get impersonated.
For some other people, it's the financial loss that they have caused themselves when they
heeded your call.
No, you don't call pit defender for that.
You call the platform and have the video removed.
You use your outreach to tell the people that you're being impersonated and they should do
their due diligence.
And you also might want to educate the users, which we're actually doing right now.
We're talking about deep fakes.
We're talking about the possibility that everybody can create an online version of us with different agenda.
And I think that this educational part is the most important.
Speaking of education, are there telltale signs that you're looking at a deep fake or hearing a deep fake?
Now, Neil said that the cadence of his speech was kind of a giveaway to him when he saw it.
But are there things that we can, as lay people, look at in a deep fake and say, oh, if I see this, this and this, most likely, or definitely, this is a deep fake.
And you tell that to the deep fake and next time it doesn't do that.
We're losing game.
Yeah, we are.
But are there right now that we know of?
I would say yes, yes and no.
For starters, there are a couple of taill-tale signs,
like maybe poor lip synchronization
or some sort of artifacts introduced by the AI.
If you remember, a while ago,
the AI used to have a very difficult time,
aligning teeth or representing the amount of fingers,
but that changes in time.
As technology evolves, these things get perfected.
And what I'm trying to say
is that we should rely less on technical artifacts
or tell the old science to tell a scam
and focus more on the likelihood
that what we're hearing and seeing is real.
I saw the impersonating videos that Neil sent over.
And when we analyzed them, we focused on,
let's say, a couple of key elements that will demolish the story.
Like Neil, Neil is a very knowledgeable person
in the science field, he wouldn't spend much time commenting games, right?
He wouldn't use that language.
He wouldn't be recommending products.
He would not do that.
Probably we are going to need that,
the upcoming versions of our technologies for fighting scams,
to include deep knowledge about public people
or the most prominent people in the world
that are likely to fall victims of impersonation.
and create some sort of a, what would that person do recommend, speak about, discuss publicly, and so on?
Very, very important fact, because that video game review, it had a lot of vulgarity in it.
Right.
And I'm not a vulgar guy.
I'm not that guy.
Plus, I don't.
Well, you never sell anything either.
I don't sell anything.
Right.
Right.
So if you ever see, like, hi, this is Neil deGrasse Tyson for delicious Buffy Bison beef jerky.
You know, it's not real.
It's just not real.
Yeah, there's even pressure for me to sell things for the ad spots of this podcast.
I don't do that.
All right.
Gary and I are the whores that do that.
It's guessing.
You're welcome, Neil.
You're protecting my, thank you.
This is our pimp.
We are out here on these streets.
That opens up a lot of opportunities because whenever you're misbehaving or do reckless
things. You can say just, you know, it's an impersonation. I'm not doing that normally.
Right. Okay. Bogdan, we've seen, and you've explained it brilliantly, thank you,
about the development and use of technologies to bring forward different levels, different types
of scams and deep fakes. How much of this is pre-planned psychological attack on victims?
And how are scammers building a psychological aspect to this?
My theory is that 90% of the scams are psychology
and probably 10% technology and science.
That's because scamming people is actually hacking into their brain,
pushing some buttons that generate emotions.
Every type of scam that we have analyzed has some sort of psychological cues
that cybercriminals
want to pick up. Let's take
failed package deliveries.
You become curious about
where did the package come from
and what might be in it.
That's enough for
your brain to switch
off the rattling
sound that says, hey, probably
what that link you're going
to follow will lead you to
a phishing page, right? The brain
no longer listens to
these warning signs. You have
have romance camps where cyber criminals are exploiting and preying on the lonely.
They don't target people who are using technology. They are targeting people who are feeling lonely
and they are feeling so lonely that they will be willing to spend on the day talking to a stranger
who inadvertently sent a message because they misspelled a phone number. We have cyber criminals
that prey on the natural greed that people feel like get rich quick. Now, would you like to
multiply your money 10 times? Again, they're not trying to demonstrate an economic impossibility.
They will try to push that button that says, hey, I need more money because that's the human
nature. So probably most of the scams that we face on a daily basis are psychology. And
Technology just widens the net, makes cybercriminals more effective,
makes them capable of targeting people in a different geographic region
speaking a different language.
A couple of days ago, I got texted by a scammer on an instant messaging platform,
and they wrote the message in Romania, and I do what I usually do,
answering Finnish.
Finnish is a very niche language.
There's like, what, four million people speaking an almost impossible language
that it's very difficult to understand.
And that's, you know, that's my tuning test.
If you're able to reply me in Finnish, you'll have bought.
Guess what they did?
They removed the first message and replied in Finnish.
And they carried a conversation for a couple of messages.
Sometimes they would divert back to Romanian.
delete the message and then replace it with the finished translation.
And they would do that in almost real time.
So what I'm trying to say here is that technology is an enabler for them.
They are using the same psychological patterns that I talked about, but now they're able to
cast a wider net because they have APIs to mass mail, mess communicate with people.
They have real-time translation to help them address markets that were in.
possible for them. And they have huge opportunities on the payment scale because credit cards are
universal. And if credit cards don't do the trick, then probably you're going to have to exchange
real money into Bitcoins for cryptocurrencies. And API stands for what? Remind me? It's advanced
programming interface. It's a way that you can hook up, let's say an instant messaging
application to a computer to mass communicate with dozens, thousands of people at the same
time. Wow. So I think it's, you know, I may sound cliche when I say this, but this is what
I was taught my entire life, that one, you don't get something for nothing. Two, if it's too good
to be true, then it's not. And three, and this is the part that's very hard, don't ever
want to believe something
more than you want
the truth.
Because if you want to believe
something, you will discard
everything to get
to your belief, to see your belief
confirmed. No so blind. You left out a fourth
one. What's that? Don't be a dumbass.
That's my rule.
Those were my parents'
rules. I mean, none so blind
as those who refused to see is
kind of like another way of
rephrasing that. And talking of phraseology,
I think we just, us three here, I've learned recently some scamming language.
Firstly, I'll ask you to break them down.
One is honeypot.
The other is pig butchering.
So which one?
Well, one sounds pretty good.
Yeah.
And it ain't a honeypot.
So Bogdan, could you break down each phrase for us so as we understand and gives our audience an understanding as well?
I like the way you have split them into
adversary language and good guys language.
I'll start with pig butchering.
This is a type of scam that has been going on for quite a while.
It's very popular in Southeast Asia.
That's where it got its name from.
Because it technically means fattening up the pig
before you sacrifice it.
And that's what cybercriminals are doing to the victims.
They gain their trust.
They keep conversations going on.
for weeks, maybe months, trying to gain their trust and get as close to them as possible.
And when they earn their trust, they're going to create massive financial losses because
they already have that person's trust.
A very common pig-butchering type of attack is somebody texting you normally with an opposite
sex handle.
Like if you're a man, they will impersonate a woman.
And they will be asking you, hey, this is Jennifer.
How far away are you from the airport?
Because I'm kind of losing patience here.
You were supposed to pick me up at 10.
And you look at the phone and answer, hey, you have the wrong number.
Probably you want to sort it up with your taxi cab, Uber driver, whatever.
They will reply, hey, thank you for being so kind.
By the way, I'm visiting the city.
I want to see what your city offers.
Do you have any recommendations?
And they kick off a conversation.
And they will entertain that conversation with the victim for months.
They will exchange photos that are created with deep fake technology.
They will create videos.
They will gain your trust up until some point where they start working at the con.
Hey, look, I'm doing just fine.
I have invested in cryptocurrency a while ago, and now I'm reaping the rewards.
We've been meeting online for quite a while, so I'll tell you my secret.
Let me teach you how to invest a little bit of money to multiply it 10 times, well, 20 times and so on.
And they will start working on this financial fraud when you have finally fallen in love with them.
I've been talking to people
who have lost
significant amount of money.
Wait, wait, they have yet to meet these people.
They're fully in love via electrons.
Yes, and you know, emotion is emotion
regardless of the vector.
So,
it reminds me of that joke,
why is love on the wireless spectrum
because it's measured in hertz?
Oh, hey.
Oh, look at that.
Good one.
I'll be here all week.
So people fall in love and they're looking forward to meeting the other one,
but it's never a good opportunity for that because of travel, because of all these things.
And eventually people end up losing a lot of money.
We've been investigating a couple of these scams.
And the sad thing was that people who had lost like hundreds of thousands of dollars were like,
you know what, I don't care about the money.
I don't have anybody to wake up to and text.
That is sad.
The psychological damage is sometimes much more impactful for them than the financial damage.
Wow.
So this sets up the plot for the movie Her, where just let the AI be your companion, fall in love with AI.
And the AI is not going to try to take your money.
Take your money?
Yeah.
Chat GPT, I don't think it wants to take your money,
but it'll totally make you think you're in love with it
if you ask it the right questions.
That's true.
So we have solutions for this.
I have a very limited movie culture,
but my assumption is that that movie didn't end well.
You may be right.
So we've done pig butchering.
Can you just open up the honeypot for us, let's see inside?
The honeypot.
We have a couple of technologies that we call Honeypot.
It's something that researchers normally do.
That's a computer or a connected system that poses like it's a victim.
A Honeypot is used by cybersecurity researchers to attract cyber criminals.
And they will attempt to hack into that machine thinking that it's a real user on the internet.
It's somebody's computer.
and they will attempt to exercise their prowess to hack into that.
And the machine, instead of just letting it through,
it records every step of the attack for us to be able to recompose the way cyber criminals got in.
That brings a lot of value for us because it helps us understand how the criminals are operating on the internet,
what tactics and tools they're using how they're approaching this puzzle of hacking,
into somebody's computer,
and what are the tail-tale signs that we can use
in an early stage of the attack to block them?
We use honeypots for various things,
for collecting virus samples, for instance.
We use honeypots for the IoT devices
to see how cyber criminals are harvesting IoT devices
and building large armies of zombie devices
that they're using them to attack civilian targets.
We are using honeypots for recording scam conversations
and extracting red flags in that conversation
that will help the victim identify when they're being scammed.
So that's very short definition of the honeypot.
So Honeypot is the good guys tools.
Yes, a honeypot is normally somebody's way
of staying up to date with the latest tactics
in the hacking world.
Okay, so I'm glad that exists.
You've just described the honeypot and the pig doctor, thank you.
And now you've kind of closed off both ends.
Is anything out there real?
I mean, most of this thing happens on the internet,
and I'm just wondering now, is anything actually real out there?
I mean, real human, you mean, it's a human.
I mean, we know the victims themselves are generally humans,
and there's very rarely a victimless scam.
But is anything real?
Just really, honestly, anything real out there yet?
Pretty much everything is real,
because we're starting to use the internet.
we have started to use the internet for real stuff a while ago.
Nuclear power plants are being controlled over the internet.
The world money flows through the internet from one bank to another.
Our communications flow from one end of the internet to another.
Our dreams, our fantasies, everything is on the internet.
So that's where the bad guys are lurking, right?
My guess is that your question is like,
Are we still more humans on the internet than probably bots or scripts or automations or artificial intelligence algorithms that are building content?
Yes, there are way more people on the internet than bots.
That's what the bots want you to think.
Look, if you take a look at what's happening on social media, there's a lot of video being created by humans.
Is it useful?
Definitely not, right?
People dancing all over or sharing that experience
is really not useful for the largest part of humankind.
But it's still video created by people.
They have put effort in doing that.
Yes, there's much more content being created by humans at this point than by AI.
AI and bots are, bots mostly are being used for scraping this content,
a content that will be eventually used for training artificial intelligence algorithms.
You don't really see right now a dead internet theory being the reality.
You still think the human presence is there.
Is it likely the future of the internet will be exactly that and it's going to be 100% bot?
There's going to be a lot of automation, but most of those consuming the content will still be human.
So regardless of how much content is being produced,
there's still going to be people on the Internet consuming that content.
Okay, I don't mind being a person on the Internet being entertained by AI-created content,
as long as I'm not fooled into thinking it's anything other than that.
In the film Blade Runner, based on the story by Philip K. Dick, do Android's Dream of Electric Sheep?
Yeah, that's the original short story.
It's a great title.
Yeah, it's a great title.
In it, there's a whole system in place where there are people trained to test the replicants to see if they're actually replicants.
Because they're so well made, they have to put them through a psychological stress test where you know how a human react, whereas the replicants, the AI computer versions of us would not.
and they would fail.
And the fact that that test was so subtle,
and this story was written 50 years ago.
So is there any way today that we mentioned this earlier,
but I'm just saying in a Turing test,
if you're going to have a conversation,
are there questions we can ask?
Is there something about the video we can detect?
Is this other than my voice cadence
and other things that I know about myself,
how do we defend ourselves?
Your company is called Bit Defender.
So let me hear the defensive line.
Help me, Bit Defender.
Help me.
Help.
The AI and Deepfake Front is opened relatively recently.
We didn't have it five years ago.
We didn't have it 10 years ago.
You know, most of our defenses as humanity,
but evolve around staying safe from fishing,
from malware, from what I would tell traditional endpoint security.
When it comes to artificial intelligence and AI-generated content, it's already here.
We have like a couple of dozens of very famous online influencers that are ran by artificial
intelligence.
Like, there are a couple of Instagram accounts that have million of subscribers and the person
does not exist.
The only thing that exists is an AI algorithm that's building confidence.
content to order. Well, unfortunately, there is no defense against that. And would we need a defense to that or would we need a defense to probably some nefarious goals that the AI content will attempt to lead us to? And here's what we're trying to do here. We're trying to help people understand the red flags in communication, understand this information, understand the likelihood of something that they're exposed to being real.
And probably that will be the future of technology,
not necessarily detecting that some content is created by AI,
but rather the fact that that content created by whoever is malicious
and will have an impact on you and your security.
So when it comes to malicious intent on behalf of interactions,
internet interactions,
are there some hard and fast simple rules that we can follow,
like the way you answer,
an email or the way you answer
if someone were to call you
the way you do or do not
offer up information
are there some simple rules
that will help somebody
not fall prey
to a scam?
You're asking all the hard questions.
This is a very important topic
for me because
these nefarious
interactions that you described can be used by a commercial actor, for instance, to, I don't
know, make you behave in a specific way that will result in loss of money. But they're also
used as hybrid warfare now. This information is a big part of that. And it doesn't have that
kind of structure that makes it obvious. It doesn't have that call to action that would let me
know that the message is wrong, false, or leading to unintended consequences. The fact that
we have deepfakes talking about, I would say, political stuff, impersonations, hidden agendas,
and so on, will help an adversary dilute our amount of trust. They will cause uncertainty. They
will reach their goal by making us question everything and ultimately not caring about the message
because we cannot distinguish what's wrong from the right,
what's true from the false and so on.
So not sure if this answers the question,
but that's probably the best answer I can give at this point.
All right, well, how about this?
And what does Bit Defender do?
Like, you know, how do you guys defend against this stuff
if I were to have Bit Defender on my computer?
What would it do for me?
Yeah, if all you do is find it.
Plus, is there at prosecution at the end of this?
what fraction of all offenders are prosecuted?
Because apparently with a $9 trillion fraud market...
It ain't a lot.
It can't be a lot.
Well, but that's what I'm saying.
Like, that right there lets you know that this is ubiquitous and it's proliferating.
So, like, it sounds to me like when you call yourself Bit Defender,
maybe there's a real need for you to be on my computer.
But what am I putting you on my computer?
to do is what I'm trying to figure out.
And I'm not trying to do a commercial here.
I am genuinely interested.
Cyber security is a fundamental part of the way we're interacting with technology right now.
I don't want to bring my bells here, but security solutions are fundamental to how our
end or our day starts and ends.
And they made the difference between another day at the office and a complete disaster,
whether you have lost or your money or your data, at the end.
end of the day. So what does Bid Defender do? We build cybersecurity solutions and technologies that
help people stay safe from all sorts of cyber threats. We started with what's commonly known as
antivirus back in the 90s. When the internet was booming and when computers became a fundamental
part of every household, we started securing them with what's called as antivirus. The good old days,
It was just a virus.
Just a virus.
Just a virus.
The good old days.
Yeah.
We evolved way past that because our attack surface has become a little bit more complex.
And now we have to secure not only computers, but our data, our smart devices in households.
We have to secure companies that store your information.
We have to secure a lot of aspects that were not an issue back in the day.
So when you hear that the antivirus is dead or,
there's no real need for it on computers and mobile devices.
That's not true, right?
Antivirus solutions are becoming more and more complex.
They have changed to complete suits now.
They're not just one application.
The virus is mutating.
Mr. Smith.
No, but it's not just the virus.
Scams have become an important component of cybercrime.
As I told you, it's one-ninth of the total losses caused by technology in the world.
So at this point, Bit Defender also handles these anti-scamming aspect in various ways.
We have security solutions that automatically detect that a specific message is a form of scam.
We have advisors where people can describe what they're seeing or taking screenshots or taking a picture of
something and feeding it to an AI assistant asking,
hey, is there anything dangerous here if I'm venturing into what's described here?
And the AI will look at the situation, assess the likelihood of that being a scam,
and teach the user that there are a couple of red flags there that probably lead to a scam.
So Bit Defender, what we do is what we've always done, keep users and companies safe.
But now we have a lot more technology and the text surface to defend.
So we've talked about...
By the way, I like your geometric reference to the texture of your surface that's exposed.
The surface is a boundary between what's on one side and what's on the other.
The surface can get larger or more variegated.
I love that reference and how you have to then think about the problem.
But you don't want as a fractal surface, then you'll never get to the bottom of it.
Never get to it. Never get to the end of it ever.
We've discussed the sort of one-to-one aspect.
What if you rolled out the sort of deep fake and malicious intents to a grander scale,
to a city, a utility, and a national scale?
National security?
Yeah.
You know that Romania is on the eastern NATO flank.
It's on the eastern part of the European Union as well.
And as of a couple of years ago, we've had a war at the border.
There's Ukraine versus Russia.
The Ukrainians are our neighbors.
And as they were in the middle of the fight,
deepfake of President Zelenskyy erupted on the internet,
calling for every armed person to lay down their weapon
because Ukraine had surrendered.
That was a deepfake and it was quickly combated by
Ukrainian security services,
but this could have had awful consequences.
What happened if the whole army fell for that or part of the army fell for that?
But that's also part of the hybrid warfare that I was mentioning before that.
There's a lot of this information going on.
There are calls to action that are completely wrong and so on.
But another practical example would not necessarily have to do with deepfakes, but to the state of technology,
and the penetration of technology into our homes.
Bid Defender also has an IoT security research wing.
IOT stands for Internet of Things,
and it's normally a category of consumer electronics
that's comprised of smart stuff, digital assistants,
you're a coffee maker.
Smart toasters, coffee makers, and smart lights and so on.
There's a specific type of IoT device
that has started to penetrate the world.
And that's the solar inverter.
Solar inverters are pieces of technology
that convert electricity from solar panels
and store it, manage it, or inject it into the grip.
These inverters are normally hooked up to the internet at home.
And these inverters most of the time come from China.
Last year in August, we looked into a couple of inverters.
that are very popular in Europe.
And we realized that a potential attacker
would be able to seize control
over each of the inverters made by a specific brand.
That would give an attacker access
to about 140 gigawatts of electricity.
That's a lot by any standard.
I'm not a professional in the energy,
but that looks huge.
That's a big blackout, man.
And one of the things that we uncovered after this first contact was that we will never know whether that was a software bug that allowed somebody to get into all of the inverters made by the same manufacturer.
Or if that was a carefully hidden backdoor that could be accessed by a rival nation state to cause a blackout to a city, country, or to a territory.
Germany is an European state that's started to take cybersecurity in this inverter space very carefully because they realized that whatever happens in this very particular IoT sphere could bring grids down.
What happened in Spain this year was a wake-up call. That's grid falling, not because of a cybersecurity incident, but because
solar played a bad role here. All I wanted to say is that grids are very powerful beasts and they
used to be isolated from the internet. And now everybody has a piece of the greed in their home
that's connected to the internet. That's a million entry points to something that pertains to
national security. That's why we got to stick to coal. You got to keep burning coal, man.
That's the problem. Get off that dog on solar energy.
okay? Oh, newfangles, solar, and the wind. What about the birds and the cancer? No, let's go with coal.
And you'll be okay. Thank you, Chuck, for that regressive comment on civilization.
Baudet, we got to wrap this up. Could you give us just some hopeful news here out of this conversation?
Yeah, man. Where do you see all this going? Yeah, where does this go in two years, five years, ten years?
Well, this will continue to be a cat and mouse game.
the bad guys are advancing, the good guys will be catching up with their tactics.
And best case scenario, they will find a way to proactively protect against their attacks, right?
We've done that for the past decades with malware and we're going to do that with deep face
and with the rest of the scams as well.
So there's hope.
The fact that we're still using technology and most of our interactions online are safe gives us
hope. We're here to protect. We have the technologies, the solutions, and we're not just
waiting for the bad guys to win the game. Given how large this marketplace is, you're not the
only company out there who is working in this space. We have very powerful partners from other
security vendors to law enforcement. And that's also one thing that I wanted to tell you
about. The fact that we're very successful in this cooperation with law enforcement. We
have a lot of cases that we opened together with law enforcement. We have a couple of cybercrime
rings that become dismantled as part of these successful cooperations. And police agencies all
over the world are taking cybercrime extremely seriously. With our expertise and with their
ability to execute arrest is something that helps us curb on cybercrack.
Their ability to kick down a door.
Yeah, that's what that is.
Yeah, AI can't do that.
Yeah, I can't do that.
Yeah.
So Bodan, if a person is famous or otherwise wealthy and then they get scammed, that's kind
of embarrassing.
Is there some stigma that will go away eventually once people find out that they're not
alone in their victimhood. Where does that land on this landscape?
Well, scamming and malware can happen to everyone. That's because cyber attacks have
become so sophisticated and so prevalent that it's difficult for everybody to stay safe at all
times. I will give you an example. Cybercrime can happen to everyone. It's not you
that you're enabling it, you're just a victim yourself, right?
There have been a lot of compromised accounts belonging to highly respected people
that have fallen victim to a cyber attack.
We have a lot of surface to defend at the end of the day.
We have email communications.
We have mobile sent instant messaging.
We have technology everywhere around us on our body, in our home, in front of us, right?
And that's a very, very difficult mission.
Staying safe is a difficult mission.
What I would say is that if you're falling victim to any kind of digital crime, report it.
First of all, there's entities there that might be able to help.
There's also entities that need to know that you have fallen victim to a type of cybercrime
to be able to assess the magnitude of a phenomenon.
Imagine that, for instance, only about 7% of scams are getting reported.
So police offices all over the world are not correctly budgeted to face this phenomenon
because they cannot assess its impact on the local communities.
So, Bob, in a way, what you're saying is you should report it
because if you don't, you're actually enabling the people who harm.
you. You're actually helping them by keeping this to yourself and suffering in silence. Go ahead and
report it because one, it happens to everybody and it's not your fault. And two, by reporting it,
you're putting information out there that can be used against the people who committed the
crime. Yes. They say that, you know, if a tree falls into a forest and nobody hears it,
has it fallen, that goes with cybercrime as well.
you have been scammed and dozens of other people have been scammed and you have not reported it
to the local law enforcement office and neither did anybody. Is scamming really part of the police
agency's agenda? No, because there's technically no scamming going on. That's why we are
advising victims to report it. It's not something that they should be ashamed of. It's not something
that they should keep it to themselves. The more they talk about it, the more
this message gets pushed on the local agenda,
and law enforcement agencies or other people
will be able to act on it.
Cool.
That's the lesson right here.
There it is.
Bogdan, Botizatu.
Pleasure to have you on StarTalk Special Edition.
Thank you.
Even though three quarters of everything you said
was completely depressing, we needed that.
No, it was the best depressing conversation.
I guess so.
That's another way to say.
Yeah.
Okay.
All right.
It's the kind of depressing information that can serve you going forward.
Absolutely.
There it is.
There it is.
So important.
And we were delighted to work with you guys when we filmed our segment with Formula One
and the security necessary in the communication between the pit and the cars and that whole world.
And so thanks for being there both times.
Thank you for this opportunity.
It's one thing to look at you religiously on the other side of the screen.
a whole different experience to be part of the show.
Okay.
Oh, well, thank you.
That's very nice.
Excellent.
All right.
That's all the time we got.
We learned a lot today.
Oh, yes.
Yeah.
Yeah, I've learned.
I am burning my computer.
That's right.
That's what I learned.
I'm done with it.
Going back to an abacus.
I got one right.
I got an abacus.
No, no.
No, no.
I'm writing letters.
I'm starting to write letters again.
That's right now.
All right.
Gary, always good to have you here.
Pleasure.
All right.
Be good.
Neil deGrasse Tyson for StarTalk's special edition.
The world is coming to an end.
The episode.
AI will be our overlords and they'll take your money.
I exaggerate.
Anyhow, really try to keep looking up.
Until next time.
Thank you.