Are They Web Hackers or Care Bears? The Answer May Surprise You

Callum Borchers

In business, they say you can have better, cheaper or faster, but you only get to pick two. What if you could have all three? You can with Oracle Cloud infrastructure. Try OCI for free@oracle.com Wall street.

Patrick Coffey

Welcome to Tech News Briefing. It's Friday, July 25th. I'm Patrick Coffey for the Wall Street Journal. The names Lucky Mouse, Chatty Spider and Laundry Bear might make you think of Labubu, those cutesy Chinese dol that have taken America by storm. But they're actually the closest thing to supervillains in the high stakes world of international web hacking. Then CEOs are encouraging employees to apply AI to as many day to day tasks as possible, at risk of becoming all but irrelevant. But where will those AI powered time gains go? WSJ on the Clock columnist Callum Borchertz explains why your reward for getting more work done will probably be more work. But first, for a growing number of people, AI is no longer an option at work. The message from executives like Amazon CEO Andy Jassy is that employees who don't learn to use AI to do their jobs better are far more likely to be replaced by, you guessed it, AI. But if you think that becoming a prompt wizard will lead to fewer hours and less stress on the job, you may be disappointed. WSJ on the Clock columnist Callum Borchers joins us to discuss whether we can keep the time we save by using AI.

Callum Borchers

Callum, in your story you mentioned Amazon CEO Andy Jassy encouraging employees to use AI to work faster and more efficiently. He also recently said that these tools will absolutely eliminate jobs. What can we take from those two very different messages?

Well, it sounds like if you don't use AI to work faster and more efficiently, your job could be one of those that's eliminated. We've entered the brutal honesty phase of artificial intelligence. For the past few years, bosses have mostly tried to coax us into seeing AI as an ally that's going to relieve us of our grunt work instead of a threat that's going to take our jobs. And now some are just coming out and saying, actually, you know what? AI is going to lead to layoffs after all. And if we think critically about that promise of less grunt work, the question of course becomes, so do I get to work less now that AI makes me more efficient, or is my reward for working faster just more work?

The new survey that you mentioned in the story shows that nearly half of workers think that the time they save with AI, which is about one hour per day on average, should belong to them instead of their employers. Does this not seem to be a likely point of tension given recent statements about the potential headcount reduction from CEOs like Jassy and Jim Farley of Ford?

It's a major point of tension and employers may have the upper hand here, but that doesn't mean they can just pile more work on people's plates without any consequences. You noted that a lot of those workers feel their time savings should belong to them, and that comes from a new survey by SAP. These are folks who are likely to resent heavier workloads brought on by AI, which can lead to morale problems for companies. And the same survey also found that more than a fifth of workers would rather hide the fact that they can save time with AI than give their managers a reason to expect or output. And that kind of secrecy is bad for businesses that are trying to get the most out of this new technology.

This story asked a big question.

Patrick Coffey

Will AI's ability to speed up rote.

Callum Borchers

Tasks really allow employees to spend most of their work hours on projects that demand high levels of concentration without burning out? The answer seems to be a resounding no. So do we get a sense of how employers can temper their expectations on that front and whether they will be able to avoid creating more turnover?

Eliminating busy work sounds great until you consider whether we can really think those big thoughts eight hours a day, five days a week? That may just be unsustainable, realistically. So as you said, maybe we'll have more burnout. Some people see this as a case for the four day work week. I spoke with an economist at Boston College named Juliet Short, and she studied some of those experiments and wrote a book about them. She found that most of the businesses that tried it found that they could maintain or even exceed their old productivity levels in those four days. But the key, of course there was giving their employees the three day weekend to recharge. And so whether we see greater adoption of that very much remains to be seen. Because of course the temptation for businesses will be to say, great, look at how productive we can be in four. Let's just go back to five.

Now generally I recommend that no one ever read the comments on a story, but I found the comments on this one to be very interesting. The general sentiment was well expressed by this one. Why in the world would anyone think one's employer would reward your increased productivity by shortening your hours? Do we find that sentiment to be widely shared?

I also try to stay out of the comments, but I think that is a smart one. And yeah, history is not on workers side here. The more pessimistic side of me says the only thing that may really cause employers to curb that push is if it backfires. If what they find is that workers who are putting in long hours at AI aided levels of efficiency are just burning out and quitting, that would be an impetus to maybe change things.

Patrick Coffey

That was Journal reporter Callum Borchers. Coming up, who is Fancy Bear? Here's a hint. He's more likely to show up on a list of the FBI's most wanted international cybercriminals than on the list your five year old sends to Santa this Christmas. We'll explain after the break. Laundry Bear, Lucky Mouse, Chatty Spider. Unfortunately, these are not the hottest new plush toys. And Crimson Sandstorm isn't a first person shooter video game set in the Sahara desert. These are all nicknames for infamous hacker groups responsible for extracting ransom money from international businesses and and stealing personal information from millions of unsuspecting consumers. Julia Carpenter spoke to WSJ reporter Angus Loten about where these names came from and why some security chiefs have had enough of the cutesy monikers.

Angus Loten

Angus, can you describe some of these bad actors and their schemes?

These are groups of hackers that have been identified by patterns of tactics or their choice of targets. These sort of digital fingerprints. And do not be fooled by their names, they really do mean business. One out there right now is Scattered Spider. It was initially identified as UNC3944, a much more sober moniker. But this is a group that's being investigated as part of a string of attacks over the past few years on the Las Vegas casinos, some big retailers, Marks and Spencer, Victoria's Secret. And the group gets into a network by phishing, and then they hold the business's data for ransom even more. So Laundry Bear. Again, don't let the name fool you.

Right.

Laundry Bear breaks into digital systems for the purpose of espionage.

So Scattered Spider makes sense. It's scattered in its targets. Laundry Bear, what's the connection with the laundry?

Well, I don't think we should look too far into connections with any of these names. But Bear does denote Russia. But that does get to the idea of. So how do you come up with these silly names and what do they actually mean? They don't necessarily mean anything. So first it's just a quirk of the way the groups are identified by different and often competing cybersecurity vendors. So you end up with the same hacker groups having multiple names. One example is Microsoft. It uses Sandstorm to denote hacker Groups from or linked to Iran. And it's named one of those groups Crimson Sandstorm. Other cybersecurity teams have named that same group Curium, Imperial Kitten, Tortoiseshell Houseblende. And I'm told that at least some of this is marketing. So when you have such a crowded industry, they want to stand out.

And when did tech professionals adopt the practice of naming hackers with such seemingly innocuous names?

It's not new. The market got increasingly competitive, so you started getting a lot of different, more colorful names for some of these groups. It's been a practice that's been around when threat detectors got sophisticated enough to be able to identify similar patterns and have a pretty good guess that this was the same group doing the same sort of crime spree online.

Now, I think most people would say, well, silly hacker names aren't hurting anyone. But what do security professionals have to say?

Yeah, we spoke to corporate cybersecurity chiefs. They said the goofy names can be distracting, especially when you're in the middle of an attack. You're trying to impress upon C Suite executives the seriousness of the situation. And these are serious situations. Hacks can lead to tens of millions of dollars in damage control costs, Ransom payments, lost business lawsuits, damage to a brand. State sponsored attacks can shut down hospitals and airports. This is serious stuff. So many security chiefs say the names like Vengeful Kitten don't reflect the gravity of the threat that they're facing. We spoke to one chief security officer who told me about a situation where he was standing there in front of a corporate board of directors and saying the company was under siege by Velvet Ant, a group of hackers. And he says the briefing kind of went off track at that point. One executive asked, look, are we being attacked by an insect or a fragrance? So it did take away precious response time while they tried to get back on track.

But you interviewed another information security officer who said he's actually in favor of these names. So what's his argument?

There was actually a few security officers at companies who thought this wasn't just a bad thing after all. One we spoke to was a former security chief at McDonald's, T Mobile and Kimberly Clark. And he had said, look, these colorful names serve a purpose by sticking in the minds of cyber teams. If they are able to very quickly know an attacker and how they operate and what they're dealing with, that they can get a jump on the situation and try to contain it as quickly as possible. If you're using just random letters and numbers, they would have to go and try to cross reference that, figure out who exactly you're talking about. If it's Fancy Bear, you have a pretty good idea who it is right off the bat.

Patrick Coffey

That was Journal reporter Angus Loten. And that's it for Tech News Briefing. Today's show was produced by Zoe Culkin. I'm your host, Patrick Coffey. Additional support this week from Charlotte Gartenberg and Julie Chang. Jessica Fenton and Michael Lavall wrote our theme music. Our supervising producer is Melanie Roy. Our development producer is Aisha Al Muslim. Scott Salloway and Chris Sinsley are the deputy editors. And Falana Patterson is the Wall Street Journal's head of news audio. We'll be back this afternoon with TNB Tech Minute. Thanks for listening.

Reba

Isn't home where we all want to be? Reba here for realtor.com the Pro's number one most trusted app. Finding a home is like dating. You're searching for the 1 with over 500,000 new listings every month. You can find the one Today, download the realtor.com app cause you're nearly home. Make it real with realtor.

Callum Borchers

Com Pro's number one most trusted app based on August 2024 proprietary survey.

Angus Loten

Over 500,000 new listings every month based.

Callum Borchers

On average new for sale and rental listings February 2024 through January 2025.