WingNews logo WingNews
top | item 39254041

(no title)

skriticos2 | 2 years ago

Security through obscurity does not work. As soon as deepfakes have proliferated on TikTok for stupid stuff, they'd inevitably be used for this kind of exploits by any adversary that is motivated enough to do a directed operation on a high value target.

The researchers really just raise awareness on where things are going, but ultimately the solution will be to improve process and verify anything that has to do with money through specific internal company channels that are hard to forge - and anybody in a call like this that would not use them needs to automatically raise an alarm by procedure.

discuss

order

jacquesm|2 years ago

Inventing new tech that has very obvious negative uses and zero positive ones isn't 'security through obscurity', it is security through responsible behavior to say 'maybe I shouldn't'. Just because you can doesn't mean you should.

Just the idea that the perps in this case had the ability to code this all up by themselves is ridiculous, 99.99% of the cyber crime out there is point-and-click from some downloaded tool and maybe 0.01% 'hackers' that use their own tools. Releasing all this junk in easy to use form is a very large factor in the rise of cybercrime. Imagine an outlet on every streetcorner where advanced weapons were given away freely and then to make the claim that since someone could theoretically come up with any of these there is no reason why we shouldn't be giving them out for free. That's roughly the level where we are at.

There is some middle ground between researching how things could be done and releasing those tools to every wannabe criminal on the planet, many of who are in places that you'll never be able to reach from a legal point of view. 1000's of businesses are hacked every day by tools released by 'researchers' to prove that they are oh-so-smart without a shred of consideration for the consequences.

skriticos2|2 years ago

I'm still not sure what you suggest. Do you want to police the world of software, only allowing stuff to be released that has obvious use and limited negative effects? That won't really fly in a liberal society.. people will tinker unless you want to go the dystopian path.

I mean sure, you can nicely ask or try to shame people, but when did that ever do anything of note?