The Weekly Breach Breakdown Podcast by ITRC - School's Not Out - S5E5

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 9, 2024. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we talk about how criminals are using artificial intelligence (AI) to improve English and commit identity theft and other crimes.

When our podcast host Alex Achten was in school, he remembered the bell ringing at the end of the last class on the last day before summer break. It was glorious! He and his friends would do their best Alice Cooper impression of the song “School’s Out.” They would specifically hum or sing the lyrics “School’s out for summer… school’s out forever.” They were off for three months – until the next year. Do you know who does not take time off from learning? Identity thieves – and defenders of their attacks – especially in the new day and age of AI.

AI Identity Theft Becoming More Common

As many know, AI continues to become more prominent as the days, months and years go by. At the ITRC, we have talked about how phishing emails and messages are becoming harder to identify due to AI. Bad actors generate better bogus messages because AI does not have the grammatical errors we have all been trained to look for to spot a fake email. AI identity theft attacks have changed a lot.

Impact of AI on Identity Theft Attacks & the Defense Against Them

National Security Agency (NSA) Director of Cybersecurity, Rob Joyce, spoke at last month’s International Conference on Cyber Security at Fordham and highlighted three key points.

1. AI is leading to better English-language outreach. We discussed how identity criminals are using it in phishing attacks. Joyce says he is also starting to see less capable people use AI to guide their hacking operations to make them better at the technical aspects of a hack. However, he believes law enforcement is also improving using AI to find malicious activity. He says the NSA has been watching Chinese officials attempt to disrupt critical infrastructure in the U.S. by exploiting flaws in a system’s design to take over or create accounts that appear authorized. However, AI has helped surface those activities because the accounts do not behave like the normal business operators.
2. Cybersecurity officials are facing challenges in understanding who is conducting cyberattacks and why. Joyce says while cyber officials have seen a rise in hackers who are activists, also known as “hacktivists,” they have seen more foreign governments backing them and posing as them.
3. The NSA has decided to shift its stance around sharing its intelligence because, as Joyce says, “what we know is not nearly as sensitive as how we know it. Knowing something really does not matter if you do not do anything about it.” According to Joyce, the NSA now shares classified information with the private sector because “industry is the first that can do something about it.”

Contact the ITRC

AI is defying the lyrics of Alice Cooper’s hit and keeping everyone in school year-round to keep up with its evolution. Identity criminals will continue to use it to improve their English and attempt to attack and commit crimes successfully, while others will work with AI to use it to stop those attacks.

If you want to know more about how to protect your business or personal information, AI identity theft attacks, or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Be sure to check out our sister podcast, the Fraudian Slip, where we review the record-shattering number of data breaches in 2023 and the trends behind the rise in compromises. We will return next week with another episode of the Weekly Breach Breakdown.