{"id":16787,"date":"2019-10-04T15:22:38","date_gmt":"2019-10-04T14:22:38","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/machine-learning-fake-voice\/16787\/"},"modified":"2019-11-22T09:57:33","modified_gmt":"2019-11-22T09:57:33","slug":"machine-learning-fake-voice","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/machine-learning-fake-voice\/16787\/","title":{"rendered":"Machine learning\u2013aided scams"},"content":{"rendered":"

New technologies are clearly changing the world, but not the human psyche. As a result, evil geniuses are devising new technological innovations to target vulnerabilities in the human brain. One vivid example is the story of how scammers mimicked the voice of an international CEO<\/a> to trick the head of a subsidiary into transferring money to shady accounts.<\/p>\n

What happened?<\/h2>\n

The details of the attack are unknown, but the Wall Street Journal<\/em>, citing insurance firm Euler Hermes Group SA, describes the incident as follows:<\/p>\n

    \n
  1. Answering a phone call, the CEO of a U.K.-based energy firm thought he was speaking with his boss, the chief executive of the firm\u2019s German parent company, who asked him to send \u20ac220,000 to a (fictitious, as it later turned out) Hungarian supplier within an hour.<\/li>\n
  2. The British executive transferred the requested amount.<\/li>\n
  3. The attackers called again to say the parent company had transferred money to reimburse the U.K. firm.<\/li>\n
  4. They then made a third call later that day, again impersonating the CEO, and asked for a second payment.<\/li>\n
  5. Because the transfer reimbursing the funds hadn\u2019t yet arrived and the third call was from an Austrian phone number, not a German one, the executive became suspicious. He didn\u2019t make the second payment.<\/li>\n<\/ol>\n

    How was it done?<\/h2>\n

    Insurers are considering two possibilities. Either the attackers sifted through a vast number of recordings of the CEO and manually pieced together the voice messages, or (more likely) they unleashed a machine-learning algorithm on the recordings. The first method is very time-consuming and unreliable\u00a0\u2014 it is extremely difficult to assemble a cohesive sentence from separate words without jarring the ear. And according to the British victim, the speech was absolutely normal, with a clearly recognizable timbre and a slight German accent. So, the main suspect is AI. But the attack\u2019s success had less to do with the use of new technologies than with cognitive distortion, in this case submission to authority.<\/p>\n

    Psychological postmortem<\/h2>\n

    Social psychologists have conducted many experiments showing that even intelligent, experienced people are prone to obeying authority unquestioningly, even if doing so runs counter to personal convictions, common sense, or security considerations.<\/p>\n

    In his book The Lucifer Effect: Understanding How Good People Turn Evil, <\/em>Philip Zimbardo describes this type of experiment, in which nurses got a phone call from a doctor asking them to inject a patient with a dose of medicine twice the maximum allowable amount. Out of 22 nurses, 21 filled the syringe as instructed. In fact, almost half of nurses surveyed had followed a doctor\u2019s instructions that, in their opinions, could harm a patient. The obedient nurses believed they had less responsibility for the orders than a doctor with the legal authority to prescribe treatment to a patient.<\/p>\n

    Psychologist Stanley Milgram likewise explained the unquestioning obedience to authority using the theory of subjectivity,<\/em> the essence of which is that if people perceive themselves as tools for fulfilling the wills of others, they do not feel responsible for their actions.<\/p>\n

    What to do?<\/h2>\n

    You simply cannot know with 100% certainty who you are talking to on the phone\u00a0\u2014 especially if it\u2019s a public figure and recordings of their voice (interviews, speeches) are publicly available. Today it\u2019s rare, but as technology advances, such incidents will become more frequent.<\/p>\n

    By unquestioningly following instructions, you might be doing the bidding of cybercriminals. It\u2019s normal to obey the boss, of course, but it\u2019s also critical to question strange or illogical managerial decisions.<\/p>\n

    We can only advise discouraging employees from following instructions blindly. Try not to give orders without explaining the reason. That way, an employee is more likely to query an unusual order if there\u2019s no apparent justification.<\/p>\n

    From a technical point of view, we recommend:<\/p>\n