No cameras, no crew—just code.

Maria Varmazes

You're listening to the Cyberwire Network, powered by N2K. Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Maria Varmazes, and yet again I am subbing in for Dave Bittner, who is at his son's high school graduation right now. Congratulations to the Bitners. And with me is the one and only the goat, may I say, of chickens and other things.

Joe Kerrigan

The goat of chickens.

Maria Varmazes

The goat of chickens, Joe Kerrigan. Hi, Joe.

Joe Kerrigan

Hi, Maria. How you doing?

Maria Varmazes

Good. Again. How are your chick. Your chick. The chickens are good.

Joe Kerrigan

The chickens, actually, I. The chickens, doing fantastic. They are. They're doing very well. They're getting very big. We have to work on that coop this weekend because it's getting. It's going to be time to put them out there soon. And I'm also. I've got to broach the. I can't remember who. Aaron. Was it Aaron last week that said put an electric fence up around.

Maria Varmazes

Oh, yeah. Yep.

Joe Kerrigan

Yeah. I've got to pitch that idea because I think. I think that's a good idea. Especially, I mean, I am shocked, shocked that we have coyotes in our area, but we do. It's Maryland. And growing up, coyotes was never a concern.

Maria Varmazes

Oh, yeah, no, they're. They're all over the eastern seaboard now. In the US I'm sure in Canada, too. Yeah, they're everywhere now.

Joe Kerrigan

And I'm. I'm worried they're going to mistake my chickens for roadrunners and try to drop.

Maria Varmazes

Anvils on them and such an Acme anvil. Well, Joe, I gotta tell you, we had so many comments from listeners about your chickens. I think I was telling you offline before we recording. My husband was listening to the show and texted me for work. Oh, no, Joe's chickens. So everyone's been very concerned about your chickens. So I'm very glad that they're okay.

Joe Kerrigan

The new batch of chickens are doing very well. They're. They're huge. It's hard to, you know, it's hard to. To grab them and. And pick them up anymore. They're too big. So we have to. We have to keep. Yeah, they're in that awkward teenage stage, I guess.

Maria Varmazes

Yeah.

Joe Kerrigan

You know, they don't teeth. You know, they're too big for their heads. You remember, you remember going through that?

Maria Varmazes

It's real me. Yes.

Joe Kerrigan

Right.

Maria Varmazes

When you were a kid, you lost.

Joe Kerrigan

Your baby teeth and you had the big. How are you?

Maria Varmazes

Big goofy teeth. Yeah. What are their names?

Joe Kerrigan

We haven't named any of them yet.

Maria Varmazes

You got to give them like malware names or something. Something. Yeah, one's Fancy Bear or something. Fancy Bear, the chicken. You gotta give him something fun. I got. You got. This is the challenge. I'm throwing down the gauntlet. It's gotta be something really, really funny. Excellent.

Joe Kerrigan

It is funny to try to watch them establish their pecking order. They actually have a pecking order that is. You know when you hear the term pecking order, that comes from chickens. There is one chicken that is in charge and that chicken will peck any other chicken and no chicken will peck it. And then below that there are chickens that will peck down. They peck down, but they don't peck up. That's the way it works.

Maria Varmazes

Yeah, it's like with Mike. I have three cats and they established a bapping order. It's the same idea. Yeah. It's amazing how that works. I love that. It's really fun to watch. Anyway, so this has been chicken talk. I listen. Everybody's really invested. So it was the first thing I had to ask you, Joe. Anyway, so we have actual human related stories that we are going to share this week and we will be right back after this message from our show sponsor.

Sponsor Voice

And now a few thoughts from our sponsors. At ThreatLocker, the tactics used by cybercriminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back.

Maria Varmazes

So we do have some follow up from our listeners. We have a lot of follow up and not all of it was chicken related, which was quite amazing. So we have. Yes. You know, I do appreciate that from time to time. So here's a really interesting bit of follow up from a listener who I think would choose to remain anonymous. So I'm just going to read their their message and says hi, Hacking Humans team. I love the show and listen regular, religiously, not regularly religiously. I just listened to your discussion about the class action question you received from a listener. And this was an episode, I want to say, two or three weeks back. So in the nearish distant future. Right?

Joe Kerrigan

Yeah. The question was how do you verify that? How do you know that you're actually part of a class action or part of a class in a class action lawsuit? And how do you know this isn't a scam.

Maria Varmazes

Yeah, in the US I do not know about other countries, but in the US we frequently get these either mailers or in a lot of cases now, just emails that say, hey, you're part of a class action lawsuit. You didn't know this, but you are. And you're going to get a whole bunch of money. But you have to verify you are who you say you are. And the whole bunch of money is usually like 50 cents. Don't get excited.

Joe Kerrigan

But it's not a lot of money.

Maria Varmazes

It's not a lot of money. But if you do want some money coming your way, you have to verify you are who you say you are. And as you can imagine, a lot of us look at these askance. Anyway, so let me get back to the letter. I am a class action attorney and I cannot verify this listeners, but I'm going to take this writer at their word. The best way to verify whether a class action notice is real is to contact the firm that represents the class, that is the attorneys, that represents the plaintiffs. And judging by this writer's use of ie, I'm going to guess that they are indeed an attorney. If the website for the class action is real, there will be some kind of link to a court document, likely either the complaint or the final settlement agreement. The attorney's contact information should be on that document. The person who received the notice should just call the law firm and ask about the settlement. I receive calls and emails from people asking about pending settlements. If it involves my firm, I'll make sure that the caller or emailer gets the information that they need. Also to comment about attorneys getting the uncollected funds. Attorneys do not get that money. It remains in an account and it is then dispersed again to to those who collect. Okay, today I learned. Thank you to that listener. That is very good to know. Thank you to our listeners in these professions who are happy to clarify us when we say things that are wildly incorrect.

Joe Kerrigan

Wildly incorrect and ignorant. Yeah, ignorant's a good word. We should, we should preface everything with I'm not a lawyer. You know, maybe whenever we're talking about lawyers, we need to have Ben Yellen on honestly.

Maria Varmazes

Yes. Because the, the disclaimer of not only are we not a lawyer, we are not your lawyer, we don't know anything about law. So yes, thank you to our attorney listeners who are only too happy to clarify what they do. Thank you to that listener. Okay, so I am up in the pecking order. It's me first today. Yay. And I'm going to keep my question slash story short because I really want to get to what I think Joe's going to be talking about today. So here's mine. I'm going to take a listener question and I'm going to be reading yet again an email that we just received. Afternoon Hackin Humans crew. Actually, it is the afternoon. Thank you very much. I'll refrain from making any chicken references, as it's already been done extensively, but.

Joe Kerrigan

He won't stop himself from making a pun, which I appreciate, by the way.

Maria Varmazes

Yeah, yeah, yeah, we do. We do appreciate a good chicken pun. Thought I'd share this phishing scam as well as inquire how best to handle the associated calendar invitation. The email creates a meeting request on my calendar. The only way I know how to remove the invitation is to decline it, which I'm not sure is the best way to proceed. Aside from deleting the email, what would be the best way to proceed to remove the calendar invitation? Is there a way to keep them from showing up in my calendar in the first place? This is hardly the first one I've received. Thanks. Love the show. Cheers. Bob rabner from Princeton, New Jersey. P.S. could use a new T shirt as the one I received several years ago has been quote unquote, adopted by my wife. I get that completely. We'll be in touch, Bob. Don't worry. So Bob very helpfully sent some screenshots of the phenomenon. So to back up a little bit, Joe, have you been getting spammy calendar invites in any of your calendars of choices?

Joe Kerrigan

I have not seen this happen, but I've heard about this happening like in Gmail, that you can get a Gmail calendar invite and what happens is that that's a way to get around spam filters is because somebody already has a when you sign up for Gmail or Google account, you get everything. You get Gmail and then you get a Google Calendar and then I can go on my Google Calendar and invite you to some event. And that just completely circumvents all of the spam filters. There's no protection on those messages arriving.

Maria Varmazes

Or at least there wasn't.

Joe Kerrigan

Or at least there wasn't. Correct?

Maria Varmazes

Yeah.

Joe Kerrigan

I mean I guess now there's protections they've Google is not one to take that kind of thing lying down. Their user experience is pretty important to them, if not support experiences because they understand that if the user experience becomes garbage, people will leave.

Maria Varmazes

Yes, unlike Microsoft, which is where people are kind of locked in because of work. That doesn't seem Microsoft is a sponsor of some of our stuff so maybe I shouldn't say that.

Joe Kerrigan

Anyway, everybody always here. I'll be Microsoft's advocate here. I am a big fan of their Office products and I'm not their Windows system. Their operating system is pretty good. I'm considering switching to Linux but I've never had a problem with any of the professional level operating systems since nt so it's wow.

Maria Varmazes

I think wow nt. My goodness. We're going back a little bit there.

Joe Kerrigan

How far I go back my good.

Maria Varmazes

Well.

Joe Kerrigan

I go back farther actually I.

Maria Varmazes

Was going to say you must go back further than nt. Come on. I do but Joe, I've heard it's the year of Linux on the desktop so you know, maybe it's. Sorry, it's an extremely nerdy joke Anyway.

Joe Kerrigan

It'S been the year of Linux on the desktop for what, 20 years now?

Maria Varmazes

Yes, something like that. Sorry, that. All right, I'm going to move on from that. So the screenshot that Bob sent us was specifically for Microsoft Outlook and I. And in this you see a spammy email that says we were unable to renew your Microsoft 365 subscription and then there's a maybe decline except series of buttons. This is for events that a lot of us are familiar with. There's no option to just delete this. I mean one can just delete the email but there's no option to say I choose to do none of these three options. I remember getting a lot of this kind of spam maybe two years ago through Apple icloud as well. I don't know if they have stopped doing it or I have just stopped receiving this kind of spam but it was pretty bad for a time and I believe nowadays when I do get that and it comes through I can just hit delete and mark as spam without giving an event response because you definitely do not want to hit decline on this because you're validating that your email is working and that you're going to be responding to stuff like this. So if you can just hit delete that's what I would do for sure.

Joe Kerrigan

Yeah I'm looking at this thing and normally when I do this at work because I don't use Outlook at home for my mail I use either the Yahoo web client or the Gmail whatever web client I'm using. But when I get one of these at work I can press and hold decline and it will say do not send a response. You know, send a response now edit a response before sending or do not send a response and I can, I can do that and that will get it removed from my calendar. But how do I know I'm not being socially engineered here? I mean, if I would have to be careful because that's up in the Ribbon portion of the message. The ribbon? Is that part of the interface that Microsoft likes to call it that? Oh yeah, those three buttons are there. This doesn't look like that. This looks like these buttons are in the email, as if they are HTML buttons and they may be.

Maria Varmazes

I think it's just a shortcut that Outlook has. Yeah, or maybe it's a shortcut. I think it's just a shortcut because Gmail has a similar behavior where it has sort of a convenient option to hit yes, no, maybe just in. In the sort of email preview. I imagine it's going to depend on the client you're using, if you're using web interface versus a native desktop version or something, and also what version you're running. And maybe in the case of Outlook, you know what your email admin has set up, what your corporation or organization's permissions are and how they've customized it. So there's going to be a lot of. Your mileage may vary on this. I did do the most cursory amount of Googling, Bob, so I'm going to just preface this that this to me feels like a discussion. If you have an email admin at your organization that maybe you should raise it with them because there feels like there should be something that they could do to optimize this for you given the kind of spam you're getting. However, my cursory Google said under options submenu tracking there's an option that says automatic meeting request processing. I'm going to have to take this person's word for it because I don't have Outlook. But this is basically the thing that says don't show a meeting invite on your calendar unless you have specifically hit yes on it. So all those tentatives and meetings that you haven't responded to yet will not show up on your calendar if you do not have this option selected, which for some people is not great. Some people, they're like, listen, I'm always buried in my email. I'm never on top of what meetings I've been invited to. This is the only way I know what the heck's going on. Because I don't always respond to meetings I've been invited to you or whatever. So this is not going to work for everybody.

Joe Kerrigan

I have used that feature, particularly with an Email that comes in like the morning of the meeting. And I don't know that I have that meeting because I've been working on something else. And all of a sudden I get a outlook pop up that says, hey, this meeting's starting at 15 minutes. And I'm like, what meeting?

Maria Varmazes

Yep.

Joe Kerrigan

Oh, somebody sent me that invitation 20 minutes ago and here we go. I guess we're having this meeting. So, yeah, I mean, if you, if you turn that feature off, you're not going to have those kind of alerts. I mean, you could turn around and say, hey, send out the meeting invitations a couple days ahead of time. But yeah, I was going to say work is work.

Maria Varmazes

We know how it works.

Joe Kerrigan

It's not going to fly. Right?

Maria Varmazes

Yeah, I was going to say, given some past jobs I've had that would absolutely have been suboptimal at best for me to turn that option off. But if you maybe are at a more sane workplace and your cadence isn't quite so high, then maybe you have the option of being able to see these things ahead of time. But that was the best I could see about that. Yes, you can turn off the option to show these tentative or not yet accepted meeting invitations. But yeah, that could mess other things up for you in terms of your workflows. But yeah, if you have an email admin or an IT admin that you can talk to, you know, get them a coffee, talk to them like a real human being. Have a conversation, you know, be like, hey, this is a problem I'm seeing. Is there? Like, what are you guys. What are your thoughts on what we can do about this? What is the best behavior? I think it could be worth a conversation. Be interesting. Deed Joe, your story. I am dying to get to this one, so let's, let's dive in.

Joe Kerrigan

Yes, this is from the Wall Street Journal and it is from Joanna Stern, who I can't remember. She. I think I've read a bunch of her stuff in the past, but also Jared Cole as well. And in this, in this article they have a video and the title of the article is we made a film with AI and you will be blown away and freaked out. And I watched this video and Joanna Stern spends a lot of time talking about how she made this video in the video, and then she actually shows you like a short little vignette, four minute long video movie that is done entirely with AI. There is no acting going on in this movie at all with the exception of Joanna gesticulating like a mad. Like she perceives a mad scientist would gesticulate so that her body movements can be grafted on to the model for a mad scientist that's talking about this robot. And actually, I got to tell you, the story that is written here is actually, you know, an interesting story. It's not. It's the, the, the. The story is called My Robot and Me. And it is, it's. I'm not, I don't want to spoil it because I think it's actually worth the watch if you can see it. But, I mean, I'm watching this video and there's. There's a scene where the robot is cooking a chicken breast like a boat. Well, I think it has bones in it. I can't really tell.

Maria Varmazes

But is it butterflied? What kind of chicken preparation? We talk.

Joe Kerrigan

It is not butterflied. It's like a whole big chicken breast in, in the pan.

Maria Varmazes

Oh, yeah, yeah. That's not a Spatchcock situation. That's. No, yeah, okay. That's a good idea.

Joe Kerrigan

You would never fry, you know, pan fry a chicken breast this way. So that's one of the things that sticks out.

Maria Varmazes

But the robot connoisseurs would know. Yep.

Joe Kerrigan

Right. The chick is touching the chicken breast like, like he's testing the, the firmness of it. And that looks pretty good. That looks pretty good. Now, there's other things in here, like where the model for Joanna is doing push ups, and that doesn't look exactly right. There are, there are, there are some things in here that, that, that maybe they look a little bit off, but by and large, it's really, really, really good in terms of the quality of what, what's going on here. So in the, in the text write up, which is really short, Joanna talks about how they tested a bunch of different options, but they landed on Google's VO3, which came out on May 20, and adds AI powered audio. And in the video, they link to this Will Smith eating spaghetti. Now, do you remember the Will Smith eating spaghetti video from like three years ago?

Maria Varmazes

Oh, my God.

Joe Kerrigan

We'll put a link in the show notes if you haven't seen that.

Maria Varmazes

It's horrifying and funny and horrifying and funny and horrifying. And f. It just. I'm, I just, I remember that those feelings coming up at the same time, it kind of. It grossed me out. But it's also, like, very unnerving.

Joe Kerrigan

It is very unnerving. So they did another test of this with, with VO3 and they have a Will Smith eating spaghetti now. And if you watch it without the Sound. You turn the sound on, it. It ruins everything. It's because it sounds like he's eating crackers. You know, like crunchy crackers. But if you leave the sound off.

Maria Varmazes

Some really al dente.

Joe Kerrigan

Right.

Maria Varmazes

If you leave watching it without the sound. All right.

Joe Kerrigan

It looks like Will Smith eating spaghetti.

Maria Varmazes

Yeah, it really. It does.

Joe Kerrigan

It.

Maria Varmazes

There's some weirdness with his head a little bit, but it's not like the one where it was like, three years ago. No, no. God.

Joe Kerrigan

It's both, like, you say, horrifying and hilarious at the same time.

Maria Varmazes

He becomes a flying spaghetti monster and all weirdness happens. Yeah. Wow.

Joe Kerrigan

But the.

Maria Varmazes

The thing is terrible.

Joe Kerrigan

Yeah. The sound. Are you. Are you listening to the sound of the.

Maria Varmazes

I did. I did with the sound. Okay.

Joe Kerrigan

The new one. The sound totally ruins it, but that's okay because you can make fake sounds or you can. You can add other sounds or other. You know, you can. You can fix that in post, if you will.

Maria Varmazes

He just said a phrase that I hate. But, yes, you're right. Yeah. If. If this was one of those. We've talked about, we've. So, Joe, I gotta tell you, in last week's episode, I had that phrase we've been saying. And then one of our. I think, actually one of our amazing editors, he was like, we gotta make a segment called We've Been saying, because I feel like I say that all the time. We've been saying this. I could see. I don't know what Will Smith eating spaghetti would be advertising, but you could imagine it on an Instagram or Facebook ad. Advertising. I don't know. Something. This would not get a second glance for most of us as to its reality. It looks. The pasta looks real. The fork isn't doing anything weird. Will Smith looks like Will Smith. There. There's nothing. Nothing. Even with intense scrutiny, I don't see anything that's like, obviously off.

Joe Kerrigan

Yeah. And you compare these two. These two videos from one from three years ago, one from last month, and you look at them, and it's the. It is Worlds of difference.

Maria Varmazes

It really is.

Joe Kerrigan

That is really what I find most concerning about this. Now, I. I will say this. What Joanna Stern did here is. Is really, I think, pretty cool. At the end of the video. At the end of the video in this article, she puts a. She puts the bloopers that happened. And some of those are like, this is ridiculous. But the thing is, if you get something that looks ridiculous, you just tell the.

Maria Varmazes

The.

Joe Kerrigan

The AI. You tell the model or whatever it is. You say, no, that's not what I'm looking for. And it will redo it and try again. Right. And it doesn't cost you anything. Any. Except for time. It does cost time.

Maria Varmazes

Yeah. I mean, I'm looking at her process and I'm thinking, I've taken film classes in my youth and I remember having to do storyboarding, for example, where you have to say, every scene, every shot's going to be looking like this, from this angle with these characters. And now you could essentially say, I have a storyboard in mind. I'm going to run these ideas through AI. And you could use sort of an AI built storyboard to make a film or even have that be the film, as opposed to just, you know, a rough. I mean, it's this AI. This Wall Street Journal version is indistinguishable from many student films I've seen before.

Joe Kerrigan

Yeah.

Maria Varmazes

So I guess a spoiler alert for our listeners is that when we do this show, we have a script where we share links as we're talking. And so, Joe, I put something in the script for you from Ars Technica that's also about specifically Google's VO3 and the headline hyperbolic. But AI video just took a startling leap in realism. Are we doomed?

Joe Kerrigan

Maybe, yeah.

Maria Varmazes

Yeah. Wait a minute. I sent this link to my family chat, which I don't normally send them stuff about tech because they're sort of sick of hearing me talk about this stuff. But I sent that on over and right before we started recording, I had to mute my family chat because it just. Everybody's just messaging each other about how crazy this is. And you have to take a look at some of the prompts they put through. It's like have a muscular barbarian holding an ax standing next to a CRT television set. And then there's very detailed acting instructions for the barbarian. And then the full script that he says. You would swear this was an actor saying this to camera. And it's all AI. It just. There's a whole list of them where all of them are just. You're just like, nobody would be filming this in real life. I don't know where you would find somebody. Oh, my favorite 1960s NASA footage of the first man stepping onto the surface of the moon who squishes into a pile of mud and yells in a hillbilly voice, what in tarnation? It's so funny. It's so funny. And like, here's one.

Joe Kerrigan

I gotta do this one. A middle aged, middle aged Balding man rapping IndyCore about Atari, IBM, TRS 80 Commodore VIC 20, Atari 800. They might as well just say Dave Bittner, except he's not balding.

Maria Varmazes

Yeah, there's. There's some really good. And the thing is, like, if you're watching these and you. You're watching these going, I know this is AI. So you're looking for what you consider sort of the usual AI tells of some weirdness in the animation, some hallucinations of stuff that shouldn't happen the way they do, or the face is looking weirdly smooth. None of it is giving any of those alarm bells that it should. So again, our old models, just a few years ago, we were saying, look for extra fingers. That's way gone. Way, way gone. We're nowhere near that. Ancient history. And so it's just amazing how their article surmises that a lot of these videos that Google has made that they've. The data set that the VO3 was trained on was basically YouTube. So if you train. If you ask the. I'm using language that I'm not quite used to saying yet. If you ask VO3 to generate something that you would probably find a flavor of on YouTube, it can do it, no problem. If you ask it to do something that does not really easily exist and it is not on YouTube, like for some reason holding up your fingers to the camera and counting down, or a man made of glass running into a brick wall and shatter. Like, YouTube has. Doesn't have a lot of videos of stuff like that. So it has a hard time with that kind of thing. But stuff that's sort of normal people. Stuff like talking heads on a podcast or somebody performing or a TED Talk doing a TED Talk about mushrooms. That's hilarious.

Joe Kerrigan

I cannot wait to watch that one. I'm looking at the barbarian looking at the crt. That guy looks a lot like Jason Momoa.

Maria Varmazes

Yes, he does. He does. I thought the same thing. Yep.

Joe Kerrigan

If you scroll down to. There's one that is an ASMR video of a muscular barbarian whispering slowly into a microphone. That guy looks like Andrew Tate.

Maria Varmazes

Yeah, yeah, I noticed that. All of that. Yep. And then there's the one.

Joe Kerrigan

There's a. Yep, go ahead.

Maria Varmazes

No, no, there. There's a. But there's a bunch of them are like that. They sort of look like other people. Vaguely Ish. I'm sure that's intentional. There's. Yeah, there's a one that looks sort of like. Oh, my gosh, I can't. I'm terrible at celebrity names. Nevermind, we'll move past it.

Joe Kerrigan

Right.

Maria Varmazes

But yeah, all of Them there's a psychedelic Mr. Rogers neighborhood TV show opening if it was done with like psychedelics and acid rocks.

Joe Kerrigan

Oh my gosh, I gotta watch this one.

Maria Varmazes

It's so funny.

Joe Kerrigan

And Bob Ross.

Maria Varmazes

Yeah, a lot of these. I'm watching these and I'm like, the prompt is brilliant because it's really odd because this would be difficult to do in real life and the AI is doing such a good job that I'm actually enjoying watching it. So it's AI slop, but it's entertaining enough where I'm going, oh my gosh. I'm not feeling physically repulsed by this, which is usually my reaction to a lot of this stuff. That's scary because you just, you know where our brains are gonna go is how is this gonna get misused to screw people over? And you just know this is.

Joe Kerrigan

I mean, it is perfectly fine to have a prompt that says 1950s musical jazz group with a scat singer singing about pickles amid pick.

Maria Varmazes

Yeah. And the guy looks like John Lithgow for some reason. I don't know why.

Joe Kerrigan

Yeah, yeah, he does. And the trumpet player looks like Horatio Sands from snl.

Maria Varmazes

Yes, he does. Yes. Yep, yep, I noticed that too.

Joe Kerrigan

And the, you know, that's, that's all fine and good and we'll all have a good laugh about this, but what about when it says, hey, make a video of Donald Trump declaring war on Russia because there's, there's a.

Maria Varmazes

Honestly, that's time for the bunker. I don't know what else to say anymore about this stuff. I mean, it is scary.

Joe Kerrigan

The reason I say that one is because there's one up here about a news footage about Russia invading the United States. But the, the infographic behind the news anchor says news in a viblid. Ned 10.8.

Maria Varmazes

That said, if you were to crop this video right, so that the, the, that part of the video, you would have. There was nothing else that I can see. What either the news, the fake news anchor, the reflections on the desk, the, the graphics behind her. All of it looks absolutely real. It does. It doesn't look like the weird AI news heads where you had like sort of a semi animated face with the mouth moving a lot. It's. They've. They've nailed it now. They've. It's. It's definitely more than plausible. So also, trust nothing. Trust nobody. Get in your bunker. I don't know.

Joe Kerrigan

It's clear to me that the AI thinks that the Russians are going to come from the west to the east to invade the United States.

Maria Varmazes

Well, if you can see Russia from your house in Alaska, then that seems like the fastest way to go.

Joe Kerrigan

There are places in Alaska where you can actually see places in Russia. So I mean, there are places. I mean, they're out in the islands. I mean, you can't see it from your house, but they are.

Maria Varmazes

You just will actually ed me on this. I'm sorry. Actually, yes, Joe.

Joe Kerrigan

My son in law will point that out to me whenever I do that. So quickly. And that's how he says he goes.

Maria Varmazes

Actually, Actually, yeah, in my household, you are technically correct, which is the best kind of correct. Best kind of correct, which is the Futurama quote. Yeah, we love. Yeah, that one's great. All right, so in the script, I'm going to send you another thing, Joe, and we'll put all of these in the show. Notes for everybody. This video was just posted a few days ago and it's called Impossible challenges via Google VO3. And it's imitating the ubiquitous influencers doing crazy challenges for views. And again, you watch this knowing that all of this is AI it has somebody, like, jumping into an active volcano or like all these, like, just leaping out of a plane with no parachute, things that would kill a person.

Joe Kerrigan

Right. I think I just saw one where somebody was supposed to be licking control.

Maria Varmazes

They're in Chernobyl. Yes. They're licking a radioactive rod.

Joe Kerrigan

Oh, this guy gonna drink gasoline.

Maria Varmazes

Oh, let's watch all this stuff where it's like, you will. You will absolutely die if you do these things. And the thing is, though, I watched this again knowing that this is AI with the audio on. It's. I actually started almost fearing for these people's lives as if they were real. Because that's how much even. Even knowing that this is fake, that I went. This feels real. Because I was like, wow, that's dangerous. That's a terrible idea. Don't do any of these because you will die. And yeah, yeah, it's wild. It's absolutely wild. Like staring into the sun for 10 minutes straight, counting every grain of sand on the beach, you know, waiting for this concrete to harden. Running away from people who are, oh, yeah, the Mr. Beast. I don't want to give all of it away, but it's just wild. Again, you look at all of it knowing that it's completely fake. And it can really easily get your subconscious going. Wait a second, that's really bad. Don't do that. So, yeah, I don't know.

Joe Kerrigan

Okay, there's a big pile of garbage covered in insects and I don't know. Oh, apparently this guy has angered some uncontacted tribe. Yep.

Maria Varmazes

And there's a, There's a guy who's, who's, who's trying to get into North Korea on a chair made of nothing but balloons, wearing a giant American flag T shirt. I mean, it's just like the sense of humor behind these is really, really.

Joe Kerrigan

Funny that, you know, that's. I wouldn't put that past some American, you know, I know. That's the thing.

Maria Varmazes

It's like these are plausible for some of them that somebody would try this. And then there's a cooking influencer cooking plutonium 239 in her kitchen. And the script is great. All of it. It's just wild how much you could actually see an influencer type person doing these things. And it's like, yep, either this is going to get people killed because people are going to think these are real and imitate them, or maybe we'll see the end of influencers doing stuff in real life because they can't one up jumping into a real volcano.

Joe Kerrigan

Yeah, yeah, hopefully. Hopefully we'll see that. But I don't know.

Maria Varmazes

I don't know. I genuinely worry about kids with some of this stuff now with these being so realistic, especially the ones that are really into watching what influencers do. If all these fake videos that are very, very, very realistic with the new AI developments come out, people are going to try and imitate some of this and. Oh, boy.

Joe Kerrigan

Yeah, I'm not looking forward to that.

Maria Varmazes

I'm not.

Joe Kerrigan

It's, you know, it's one of the things that, you know, I have to tell the young people in my family. I don't like saying grandkids.

Maria Varmazes

You might have to make a piece of that one. You might have to make.

Joe Kerrigan

I got three of them. I, you know, up here, I might as well, you know, I, I might as well do that. But up here, I'm still 35 years old. You know, it's.

Maria Varmazes

I get that.

Joe Kerrigan

That's how I feel. Anyway, you know, one of my, one of my things is I wanted, you know, I wanted to do fake videos of, you know, but with like, rag dolls of, of kids and have like one of my granddaughters doing ridiculous stunts and then make a rag doll over and throw it off and then show the kids, hey, look, remember how we made this video? Remember how that was all fake? There it is. And it looks kind of real. Right? You know, and maybe, maybe now my solution is I'll just get a subscription to VO3 and, and just demonstrate and just demonstrate. Yeah. Hey, look, here's a. Here's a video of you jumping off the roof. And now you're just ahead in a pair of shoes like Super Dave Osborne.

Maria Varmazes

Honestly, I had the same thought, like, I could show my kid this, but then she'll go, oh, that's really cool.

Joe Kerrigan

Right? Yeah.

Maria Varmazes

And I'm just like, what have I unleashed? I don't know. I've had the same thoughts, like, I should just demonstrate how easy it is because this just requires a basic Google account of some kind and money. You know, as, as I think all of these articles have gone through pains to point out, this does not require any specialized training at all. Basically, as long as you have some amount of money to pay for the service, you can make any of these videos with just a one sentence prompt.

Joe Kerrigan

So going back to the Joanna Stern story, she said, I think her total expense for making that three or four minute video was $1,000 total expense. And I think that includes hiring somebody to do the editing.

Maria Varmazes

My goodness. And that probably was the most expensive part. Probably was. And I'm sure the cost will continue to go down, so. Yep. Well, by the power of Grayskull, you all have the power to make all of these dreams come true with AI. So please be careful. I don't know.

Joe Kerrigan

I don't know what to tell you. The article here is, are we doomed? You know, that's the AR technical story. And you know my initial response, like I said earlier. Yeah, maybe.

Maria Varmazes

Let's take a break after. Quick message from our sponsor. I don't know where to take it from there. Aside from that, I don't. I don't like.

Joe Kerrigan

Nope, that's fine. That was perfect. Cut. I think.

Maria Varmazes

So.

Sponsor Voice

Let's return to our sponsor, ThreatLocker. ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data and even east and west network traffic. We thank Threatlocker for sponsoring our show.

Maria Varmazes

All right, well after that really uplifting story, Joe, and lots of us for lots of things for us to chew on, let's move on to catch of the day.

Joe Kerrigan

Our catch of the day comes from Clayton, who sent this to me on LinkedIn after he coincidentally asked me about a if we had an episode on that had employment scams in it and I referred him to the episode that dropped that dropped that day and he was kind enough to send this back. It is a virtual chat interview invitation with sodasia now. So To See is a company that has offices all over the world, including in the US and it is looks like it's coming from Soda See A USA Incorporated. But the email is actually a Gmail address, so probably not a Soda Sea email.

Maria Varmazes

I would guess not. No, not for a major company like that. Yeah.

Joe Kerrigan

Yeah. Who wants to read this?

Maria Varmazes

You know, Joe, why don't you do this one since you don't usually get to read these.

Joe Kerrigan

I don't. And you're about to find out why. Dear Applicant.

Maria Varmazes

Fair.

Joe Kerrigan

I hope this message finds you well. First and foremost, I apologize for the delayed communication. Our talent desk has recently reviewed your resume across various online platforms and we are pleased to inform you that you have been selected for an interview with one of our remote positions at Soda Sia. We have the following roles available, all of which are remote positions. Data entry clerk, Customer support Specialist, Executive Assistant, Virtual assistant. Wait a minute. Stop. Stop right now. I don't think I want a job as a versatile being. A virtual assistant sounds like a very replaceable position with a piece of Software, right?

Maria Varmazes

Google VO3 all over again. Yeah. Okay.

Joe Kerrigan

Safety manager, Project Manager, Database administrator, Data analyst, Accounting clerk, Accounts payable, Clerical administrative Assistant, Bookkeeper, Office assistant, Customer service representative, and payroll specialist. Some of these do lend themselves to to remote positions, but like safety manager, you got to be on site for that one.

Maria Varmazes

But I'm also just wondering. I mean this is a very wide range of job types.

Joe Kerrigan

It is, I think.

Maria Varmazes

Yeah. Okay.

Joe Kerrigan

Yeah. It. The. Here's the interview. It's going to be between 78 8am and 7pm There's a link that links to a teams.live.com address and you're going to be talking to Jacob Hatters, who's an HR manager. I don't know if that's real. To ensure everything goes smoothly, we kindly ask that you set up your screen Name prior to the interview with the link provided and then there's another teams link with a verification code. We are excited about the potential of you joining the team and appreciate your prompt response. If the proposed time doesn't work for you. I don't know how any proposed time wouldn't.

Maria Varmazes

From 8am to 7pm I'm only available at midnight. Sorry.

Joe Kerrigan

We'll gladly adjust to accommodate your schedule. Thank you once again and we look forward to speaking with you soon. Best regards, Human Resources Department. Soda. See you. So this is, you know, I don't know what the, what the end game is here. Maybe it's a, maybe it's an employment scam where, you know, an advanced, an advanced check scam. Maybe it's just something where they garner information from you. But there are numerous red flags in this message that stand out. One of them is that our talent desk has recently reviewed your resume across various online platforms. While that is possible, you don't say that in an email. I would never say that they say that an email. Also if they've, if they've reviewed my resume, they kind of know what I'm going for. And there's a wide range of things here from like data entry clerk, administrative assistant, bookkeeper, database administrator. These are all different, different.

Maria Varmazes

Data analyst. Safety manager. Yeah. Project manager.

Joe Kerrigan

Exactly.

Maria Varmazes

Yeah, yeah. These are huge, huge reasons.

Joe Kerrigan

That's what tips me off right there. And, and you, you keyed in on that right off the bat, Maria, you said that's too many things. And that's, that's, that's my feeling on this as well.

Maria Varmazes

So my, I mean I wouldn't put it past a company to try and make these all one roll. But that's just, that's, that's a different problem.

Joe Kerrigan

I get, I still on my professional email address which is, you know, a nice, you know, a nice looking email address. It doesn't have any numbers on it and doesn't say like, you know, deathstalkermail.com by the way, never use something like that as a resume on a resume. Use something professional sounding. So I have one of those and from time to time I get these kind of things in that email address. Usually they're the, the package scam. You know, hey, you're, you want to be a quality inspector for our company, you're going to take delivery of packages and drop them off at this other place. And I'm like, yeah, that's just, you just want a mule, a local mule. And then the other ones that I get are very similar to this but they're only hiring for one role. And it's obvious these people have never read my resume. Obvious?

Maria Varmazes

Oh, yeah.

Joe Kerrigan

And.

Maria Varmazes

And I. I get outreach through DICE all the time. I had my resume on DICE I. Years ago. And. And I get calls sometimes, like actual honest to God phone calls saying, hey, do you want to. I have. I'm hiring for a job in a location I'm nowhere near for, like a JavaScript developer.

Joe Kerrigan

Right.

Maria Varmazes

Where did you get. From my resume that. That is a skill set that I have.

Joe Kerrigan

Yeah.

Maria Varmazes

And by the way, it's a marketing contract. Yeah. It's like, what is. What. How are you making any money doing this? This is a spam nonsense. But, yeah, that's not. This. This is. I don't know, this. This makes me wonder if. When it has the part that says, use this specific link and the verification code, I'm wondering if maybe this is this email sort of a go between. Maybe my. Maybe I'm going too far with this, but there's a legitimate job that somebody in a different country is trying to apply for remotely, and they need someone in the US to actually pretend to be the applicant. Or, you know, maybe J. I don't know. I'm starting to wonder if there's. There's something really nefarious here, because verification code makes me go. So I don't know. But I don't know. This is. This is shifty. I wouldn't do it. Don't do it.

Joe Kerrigan

Shifty. Shifty. To say the least. Yes.

Maria Varmazes

Yeah.

Joe Kerrigan

Thank you, Clayton, for sending that in. It's a great, great catch. If you want to send us an email, you can send it to hackinghumans2k.com and we would love to have any of your. Any of your suggestions for catches of the day.

Maria Varmazes

Yes, indeed. As well as any jokes about chickens or chicken updates. You know that we're always. We're always game for that, so we will not run afoul. Okay, I'm gonna stop. Okay.

Sponsor Voice

And of course, we want to thank this week's sponsor, Threat locker. Go to threatlocker.com HH and check out their Zero Trust Endpoint Protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.

Maria Varmazes

And that's hacking humans, brought to you by N2K CyberWire. We would love to know what you think of this podcast. Hopefully you liked it. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, and we certainly hope that you do, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com we're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We are mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher and I'm Maria Varmazes.

Joe Kerrigan

And I'm Joe Kerrigan.

Maria Varmazes

Thank you for listening.