Rogue states using fake GPT content to hack governments - ex-IDF cyber chief

Rogue nation states are “definitely” using generative fake content to hack governments and companies all over the world, former IDF Unit 8200 cyber commander Col. (res.) and Team8 Chief Ideation Officer Bobby Gilburd said in his first comprehensive English interview since leaving the IDF under a year ago.

“The world is more complex now in terms of blocking hackers whether they be nation-states or cyber criminals. Where there is money, they find capabilities. Cyber criminals are at a high level,” in some areas close to nation states, said the senior official now at one of Israel’s top cyber defense firms.

Asked about a series of cyber attacks on Israel attributed to Iran, the former top IDF Unit 8200 (Israel’s NSA) official said, “Sometimes they [hackers] are blurring the line between government hacking and cyber crime, and the line becomes gray. It has been published that Iran, Russia, China, and North Korea sometimes use cyber crime, which is sometimes just a cover.”

A recent high-profile cyber attack in Israel against “Maaynei Yeshua [Medical Center] may be cyber crime, it has those characteristics – and sometimes cyber criminals will attack a government body, like a hospital. They also do not always [carefully] direct a targeted attack, but may spray all over, and try to hit one out of 5,000 targets.”

“According to public information, around 10%-15% of hacked victim companies pay the ransom,” when hacked with ransomware, while “some give up on the data and some get the data back using backups.”

Gilburd added, “The attackers are very smart. They are like jailers [of the data] who know how to ask and know how much to ask for. They are doing business and want to make money. Some of the money then goes into Research and Development to build stronger attacks for the future.”

Next, he asked, “Why is there an increase in attacks? Ransomware almost always starts with a human factor. You get a ‘phishing’ email which looks very reliable. You open the link and they send in the ransomware. Phishing has gotten much more personalized.”

“It includes the correct person’s name and job title using a phishing auto-generated tool, and from GPT and other tools. In the past, you could flag mistakes in Hebrew, but now the translation which is publicly available for all languages is excellent,” he warned.

Problems presented with AI

Another problem with generative AI (artificial intelligence) being used to hack is that, “Attribution [of the cyber attacker] is getting even harder. In the past, there could have been a smoking gun or an error. Maybe someone writes something in Russian,” which tips off investigators to the hacker’s identity or maybe a foreign language word creeps in by mistake or to mislead investigators.

Other tip offs for attribution have been the work hours of the hackers relative to the time zones of certain countries, some kind of connection to specific holidays, and word usage, but none of this is 100% foolproof.  

Also, “Sometimes in malware you can see similar code or tactics which were previously attributed” to a specific actor.

“It was always an art, with forensics, some governments have more capabilities to do it, but in the end, there are still assumptions, and it does not meet the level of evidence for court,” said Gilburd.

But with generative AI, even a lot of these prior forensic footprint “holes” are being filled, making it even more difficult to learn who an attacker was.

The ideal of cyber intelligence is still to prevent being hacked by using advance warning signals, but realistically speaking Gilburd said, “no organization can completely avoid getting hit. You will be penetrated at some point.”

In that spirit, Team8 is now issuing a report, first seen by the Post, with a survey of around 150 CISOs (Chief Information Security Officers) from Fortune 500 companies, who said that AI security has jumped from being one of many concerns to being one of their top three concerns.

Next, the report said that a major expected decrease in cyber defense funding had not transpired.

Gilburd explained that at all times, “it’s hard to see the benefit of investing in cyber security until you get attacked. Then we saw there was a slow down [in cyber defense funding] as part of a broader global economic slowdown. Some countries are starting to emerge, but some are even still calling it a full recession. So we expected a drop in cyber security investment.”

“We were surprised by the organizations we work with in the latest survey of our village of 350 CISOs, 140 CISOs came, and though we expected a drop in cyber defense funding, the funding mostly stayed in the same place or went up slightly. Even in the small number of cases where there was a drop in funding, it was smaller than expected,” he said.

Also, Gilburd discussed a new spinoff AI threat in the social media realm.

“Now there are new threats against a company’s brand so there are brand protection defenses. This is a [concerted] social media influence attack campaign, it is a new type of attack,” he cautioned.

The former IDF Unit 8200 official said, “All cyber attacks and defenses are getting better with AI. There won’t be a definitive winner, just like there is no winner in the battle of viruses and antiviruses.”

Some people have warned that, “AI is the end, and now we will never know what is true. Some say” that GPT AI defense is “the end of fake news – neither is true,” since the two sides will continue to race forward.

In that vein, new AI defenses for brand protection “can automatically catch, identify and get posts removed” which are maliciously attacking your brand. Part of the process, he said, includes proving the bad actor is breaking the social media platform’s policy, whether Twitter, Facebook or otherwise, or is using a fake identity.

He said Team8 is looking for new ways to use automation for the identification and the removal of false malicious posts process by using generative AI. The automated process can even send letters to Twitter to remove a post and understand Twitter's response.

Gilburd did say that GPT versions three and four are already being “weaponized to such an extent that I believe future GPT versions five and six will  be cut off from the general public.”

This is because GPT can do high level fake voices and perform thousands of conversations with banks and customer service to steal information or even funds.

“It’s a cat and mouse game” competing over using AI for offense and defense. “Before we could see malware signatures, now we can detect it heuristically. Now all companies are using AI on defense for identifying content from a special search engine, which professors also use to prevent plagiarism.”

The heuristics method scores all materials against a standard set of rules. If an item is scored above a certain level, it is immediately identified as fake.

The report also showed CISOs concerned about third party vulnerabilities – where a provider for a company with weaker cyber defenses gets hacked, leading that company to be hacked, even if it had better defenses for itself. Finally, the report said CISOs continue to be worried about employees not being on guard enough against digital attempts to use them to get inside a company.

In terms of attacks on the public sector, Gilburd did give a vote of confidence to the Israel National Cyber Directorate (INCD.)

“The INCD does excellent work and has the opportunity to bring in people with great cyber experience. Many people who served with me at Unit 8200 chose to continue in the public sector. Many of them were involved in the cyber attack sector so they understand it and now bring that understanding to defense. This is great for Israel and is not trivial.”