AI and CyberCrime in 2025
The entanglement gets more complex.
Hello All,
I was on a hiatus for a few weeks. I am back in the new year with more of the same stuff and some new stuff.
The universe conspired (if you believe that sort of thing) to give me my first post of the year. Read this Apple Intelligence generated transcript first and then we can talk about it:
This screenshot sublimely explains what I think 2025 will be about - More Cybercrime (and hence more cybersecurity) and more AI. We will talk about both.
CyberCrime
The message is how the most popular scam in India begins — the Digital Arrest Scam. India is suffering from a cybercrime pandemic - and remember, I am using the word pandemic after the pandemic, if you get what I mean!
Fake Digital Arrests
You get an IVR based phone call that eventually leads you to be digitally ‘arrested’ and extorted. The IVR can be about various things — your parcel caught with contraband, your phone used for malicious purposes, etc. Then someone pretends to be a police official and digitally ‘arrests’ you. You have to sit in front of your digital device and try to ‘settle’ the matter by paying fines or bribes.
From high profile social media influencers to retired pensioners, everyone is falling for this scam. See this video from a social media influencer who was digitally arrested.
In hindsight, many people find it silly that they fell for such a scam and lost their money. One news anchor recounts her harrowing experience and the way she snapped out of it when her boss reminded her “But you are at home and are free to go anywhere. How can you be arrested at all?”
The said journalist put up a 30 minute YouTube video about her experience, but it is in Hindi. If you are interested, you can look it up here:
The scam is so widespread that the prime minister of India had to warn Indians about it. This type of digital arrest scam is not very common outside India.
The root cause could be the inherent fear Indians have towards government officials who wield power and particularly towards law enforcement authorities. I remember someone tweeting “The problem with police brutality in India is that people do not think it is problem”.
Meanwhile, there are public awareness campaigns being run on television and social media to raise awareness levels and hope that people do not fall for these scams.
And now AI
If you read the transcript, you would have figured that Apple Intelligence is not as intelligent as they make it out to be. In a rush to adopt AI and monetize it, companies are releasing half baked products in the market. A half baked product is a cybersecurity nightmare.
And to top that, we have AI stalwarts making claims that we cannot verify. Sam Altman (of OpenAI fame) claimed that “we are now confident we know how to build AGI”. For those of you living under a rock, AGI or Artificial General Intelligence, is when AI acquires human level skills — a sort of general intelligence.
And then there are statements about the “singularity” as well, where AGI has self awareness and is smarter than humans as well — all those Sci Fi movies we watched growing up.
When the twain meet…
Combine cybercrime with AI and we have a potential for explosive growth of crime. The phishing emails will be much more realistic, much more believable and scam more people. On the defensive side, we will not be able to catch up on using AI so soon. The smartest use case we have so far is using AI to triage logs. Other times we use AI for much more mundane and less time critical tasks like “Generate a BYOD policy that me” or “Give me the details of CVE ID xxx”.
I have, recently, used Notebook LM to upload India’s DPDP law and the newly released draft DPDP rules to try and make sense of it. We’ve used GenAI to parse large logs during forensic exercises (helpful tip: if you have servers across time zones, AI does a great job at syncing up time zones of the logs for easier analysis)
And then we have started ditching fact checkers (Meta has started doing) to reduce our trust on the Internet. Read my post on LinkedIn about 2025 being the year where the battle for trust begins.
All in all, 2025 promises to be an interesting year for both cybersecurity and AI.