Notorious Russian cybercriminals head home after an historic prisoner exchange. An Israeli hacktivist group claims responsibility for a cyberattack that disrupted internet access in Iran. The U.S. Copyright Office calls for federal legislation to combat deep fakes. Cybercriminals are using a Cloudflare testing service for malware campaigns. The GAO instructs the EPA to address rising cyber threats to water and wastewater systems. Claroty reports a vulnerability in Rockwell Automation’s ControlLogix devices. Apple has open-sourced its homomorphic encryption (HE) library. CISA warns of a high severity vulnerability in Avtech Security cameras, and the agency appoints its first Chief AI Officer. We welcome Tim Starks of CyberScoop back to the show today to discuss President Biden's cybersecurity legacy. Can an AI chatbot recognize its own reflection?
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guests
Welcoming Tim Starks of CyberScoop back to the show today to discuss Biden's cybersecurity legacy. For more information, you can check out Tim’s article “Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility.” The National Cybersecurity Strategy can be found here.
Dave also sits down with Errol Weiss, CSO of Health-ISAC, sharing their reaction to the ransomware attacks against healthcare. Health-ISAC and the American Hospital Association (AHA) have issued an advisory to raise awareness of the potential cascading impacts of cyberattacks on healthcare suppliers and the importance of mitigating single points of failure in supply chains. Recent ransomware attacks on OneBlood, Synnovis, and Octapharma by Russian cybercrime gangs have caused significant disruptions to patient care, emphasizing the need for healthcare organizations to incorporate mission-critical third-party suppliers into their risk and emergency management plans.
Selected Reading
Jailed cybercriminals returned to Russia in historic prisoner swap (CyberScoop)
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White (American Hospital Association and Health-ISAC)
Iranian Internet Attacked by Israeli Hacktivist Group: Reports (Security Boulevard)
Copyright and Artificial Intelligence, Part 1 Digital Replicas Report (US Copyright Office)
Hackers abuse free TryCloudflare to deliver remote access malware (Bleeping Computer)
EPA Told to Address Cyber Risks to Water Systems (Infosecurity Magazine)
Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers (SecurityWeek)
Apple open-sources its Homomorphic Encryption library (The Stack)
CISA Warns of Avtech Camera Vulnerability Exploited in Wild (SecurityWeek)
Lisa Einstein Appointed as CISA’s First Chief AI Officer (Homeland Security Today)
Can a Large Language Model Recognize Itself? (IEEE Spectrum)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
[Music] You're listening to the Cyberwire Network, powered by N2K. [Sound of seagulls] This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify. The global commerce platform that supercharges you're selling, wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at shopify.com/tech, all lowercase, that's shopify.com/tech. [Music] When it comes to ensuring your company has top-notch security practices, things can get complicated fast. Vanta automates compliance for SOC 2, ISO 27001, HIPAA, and more, saving you time and money. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. Over 7,000 global companies, like Atlassian, Flow Health, and Quora, use Vanta to manage risk and prove security in real time. Our listeners can claim a special offer of $1,000 off Vanta at vanta.com/cyber. That's v-a-n-t-a.com/cyber for $1,000 off Vanta. [Music] [Music] Notorious Russian cyber criminals head home after an historic prisoner exchange. An Israeli hacktivist group claims responsibility for a cyber attack that disrupted internet access in Iran. The US Copyright Office calls for federal legislation to combat deep fakes. Cyber criminals are using a cloud flare testing service for malware campaigns. The GAO instructs the EPA to address rising cyber threats to water and wastewater systems. Clarity reports of vulnerability in Rockwell Automation's control logic devices. Apple has open sourced its homomorphic encryption library. SZA warns of a high severity vulnerability in Avtech security cameras and the agency appoints its first chief AI officer. We welcome Tim Starks of Cyber Scoop back to the show today to discuss President Biden's cyber security legacy. And can an AI chatbot recognize its own reflection? [Music] It's Friday, August 2nd, 2024. I'm Dave Bittner and this is your Cyberwire Intel Briefing. [Music] Happy Friday, everyone, and thank you for joining us here today. A significant prisoner exchange took place between the United States, Russia, and Germany, involving the release of prominent cyber criminals and others. This exchange included Wall Street Journal reporter Evan Gerskovich and former U.S. Marine Paul Whelan from Russia. The U.S. released Russian cyber criminals Roman Selaznath and Vadislav Klushin. Selaznath, a notorious hacker, was sentenced in 2017 to 27 years for his role in major credit card fraud. Known by aliases like Track 2, he operated large-scale cyber crime operations and sold stolen credit card data online. Klushin was extradited to the U.S. for a hack-to-trade scheme that earned $93 million by trading on confidential information. Convicted in February 2023, he was sentenced to nine years. President Biden described the swap which involved several countries as a diplomatic achievement. Experts consider it the largest such exchange since the Cold War. Both Selaznath and Klushin are now returning home as part of this extensive diplomatic effort. On yesterday's Cyberwire podcast, we covered the story of the U.S. blood supply being under pressure from a recent ransomware attack. It's one of many ransomware attacks targeting the healthcare sector. And for expert commentary on that, we reached out to Errol Weiss, Chief Security Officer of the Health ISAC, for his take on these ongoing ransomware attacks. Errol, welcome back. Great Dave, thanks for having me. So, what's your reaction to this? I mean, yesterday we report on the U.S. having pressure on our blood supply. This follows the similar incident that happened in the U.K. not long ago. Where do we stand here and where do we need to go? Yeah, and one not too long before that, another case in the U.S. with the blood supply and plasma supply as well back in June. So, three months, three separate ransomware incidents, Russian-based ransomware gangs targeting very specific pieces of the critical supply chain in healthcare. So, I used to say that a lot of these ransomware attacks, malware attacks seem like they were shotgun approaches, right? But the bad guys would send out millions of emails and try to find a victim. This doesn't seem like that anymore, so maybe that's not the case anymore. And maybe they are doing their homework and trying to figure out where are the critical spots in the ecosystem that they can go after that impact many. As we've seen in these last three incidents. What's the potential diplomatic angle on this? Is it possible for the U.S. to reach out to Russia and say, you know, hey, knock it off, you know, look, healthcare is off limits. I think we've been trying to do that for years to know if I'll. Yeah. What other possible responses do we have? I think the longer term issue is to try to apply more pressure when it comes to these international norms and trying to figure out how can we encourage. Countries like Russia and others that if they want to play in the in the international space in the international economy. They've got to show that they're actively prosecuting and punishing cyber criminals when they're caught or captured. And it's just not the case these days. And of course, we see these individuals operating with impunity. They keep going at it. They say they're not going to attack healthcare, but we know that that is just a smokescreen. There is absolutely no evidence to show that they're actually doing that. What about coming at it from the other side of things, I mean, looking at things like resilience and prevention at the outset? Yeah, I think that's the real crux of the matter here when we sat back and saw the two incidents a few weeks ago. And now we see three happening. I think the bigger issue was when we were collaborating with the American Hospital Association on this and really looking at these incidents as a whole and realizing that the bad guys are continuing to identify weak spots in the infrastructure. We need to encourage our organizations to look for those kinds of weak spots themselves, try to identify those concentration risks. Where are these points of failure that they can help identify? If they try to identify additional sources, so they're not just a single source or encourage the development of other suppliers as well so that they can have a backup in case the primary goes down. In my mind, it really speaks to the utility of the ISACs themselves to be able to be a clearinghouse for this information for the folks who are in this particular vertical. Yeah, I think here's a good case where there's a great amount of public and private collaboration happening. We're able to operate very nimbly so we can be out there very quick, recognizing when these new trends, these new threats and these new vulnerabilities pop up. We can put together an analysis like this very fast and get it out to the community so that they can better protect themselves. So we've been trying to work with HHS and other parts of the federal government as well and trying to raise the alarm there. So hopefully we'll get some support here soon for them as well. Errol Weiss is Chief Security Officer with the Health ISAC. Errol, thanks so much for joining us. Dave, thanks for having me. An Israeli hacktivist group called We Red Evils claimed responsibility for a cyber attack that disrupted Internet access in parts of Iran, including Tehran. The group announced the attack on Telegram, warning of imminent disruptions to Iranian Internet services. Reports confirmed Internet outages in Iran, though the extent is unclear. We Red Evils stated they accessed Iran's communication system and shared information with Israeli security forces. The group has launched multiple attacks since the October 2023 Hamas attack on Israel, escalating tensions with Iran. Their actions coincide with increased hostilities following the Israeli assassination of Ismail Haniye Hamas's political leader in Tehran. The Biden administration is preparing for potential Iranian retaliation with expectations of involvement from Hezbollah. We Red Evils previously claimed responsibility for hacking Iran's oil infrastructure and disabling Tehran's electrical grid, highlighting their ongoing cyber warfare efforts. The U.S. Copyright Office has released the first part of a comprehensive report examining the impact of artificial intelligence, focusing initially on the issue of digital replicas or deep fakes. The report highlights the rapid advancements in AI that enable the creation of sophisticated deep fakes, which can include AI-generated music, impersonations of political figures and pornographic videos. It stresses the urgent need for federal legislation to address the challenges posed by these technologies. The No Fakes Act, recently introduced in the Senate, aims to provide individuals the right to control the use of their likeness in digital replicas. The report supports the bill, emphasizing the importance of protecting artists, individuals' dignity, and public security from fraud. Future reports from the Copyright Office will explore other AI-related issues, including copyright ability and liability. U.S. Register of Copyright's Shira Perlmutter underscores the transformative impact of AI on creativity, raising questions about the role of human authorship and the balance between technological innovation and copyright protection. The report acknowledges AI's potential to amplify creativity, while also presenting existential challenges to copyright law and policy. Researchers at Proofpoint have identified a rise in cyber criminals using CloudFlare Tunnel's Tri-CloudFlare service for malware campaigns delivering remote access Trojans like Async Rat and Remco's Rat. Detected since February, these campaigns exploit Tri-CloudFlare's ability to create temporary encrypted tunnels, which mask IP addresses and avoid detection. Threat actors target sectors like law and finance, distributing malware via tax-themed emails. Proofpoint observed over 1,500 malicious emails sent since July 11, highlighting the service's exploitation for large-scale operations due to its free and reliable infrastructure. The U.S. Government Accountability Office reports that the Environmental Protection Agency must address rising cyber threats to water and wastewater systems. These systems face increased risks from nation-state actors, including Iran's Islamic Revolutionary Guard Corps and Chinese group Volt Typhoon. The EPA has not conducted a comprehensive risk assessment or developed a risk-informed strategy limiting its ability to tackle the most significant risks. Challenges include aging technology, increased automation, and workforce skills gaps. Many operators underestimate their vulnerability, especially in smaller or rural areas. The GAO recommends that the EPA conduct a sector-wide risk assessment, develop a cybersecurity strategy, evaluate its legal authorities, and revise the vulnerability self-assessment tool. The EPA has accepted these recommendations with plans to implement them by 2025. On August 1st, Clarity reported a vulnerability in Rockwell Automation's Control Logix 1756 devices, affecting guard logics and other controllers. This flaw allows attackers to bypass the trusted slot feature, enabling them to execute CIP commands that could alter user projects or device configurations. Clarity found that attackers could exploit this by jumping between slots in the 1756 chassis via CIP routing, bypassing security barriers. Rockwell and SISA have issued advisories and patches are available. Exploitation requires network access to the device. Apple has open sourced its Homomorphic Encryption Library under the Apache 2.0 license, providing swift libraries and executables for developers. Homomorphic Encryption allows computations on encrypted data without revealing the underlying information, enhancing privacy across various applications. Historically, Homomorphic Encryption implementations were complex and resource-intensive, but recent advancements have made them more practical for production use. Apple's implementation in iOS 18 for Live Caller ID Lookup enables encrypted queries for caller ID and spam blocking without exposing user data. The library uses a quantum-resistant scheme. Homomorphic Encryption, a key privacy enhancing technology, holds potential for securely leveraging data across jurisdictions. While companies like Microsoft and IBM offer Homomorphic Encryption Libraries, Apple's open source initiative is a notable step in expanding Homomorphic Encryption's practical applications. Experts, like Envail, CEO, Ellison and Williams, emphasize the transformative power of Homomorphic Encryption for secure data utilization and its role in the privacy enhancing technology ecosystem. The US Cybersecurity and Infrastructure Security Agency has issued an advisory regarding a high severity vulnerability found in Avtech's security cameras. This flaw affects Avtech AVM 1203 IP cameras with specific firmware versions, allowing remote, unauthenticated command injection. CISA reports active exploitation, but notes Avtech's lack of response to address the issue, leaving the vulnerability unpatched. Discovered by Akamai and confirmed by a third party, the vulnerability could impact various sectors, including healthcare and finance. Despite the critical nature, CISA has not yet included it in its known exploited vulnerabilities catalog. Avtech cameras have previously been targeted by IoT botnets like Hide and Seek and Mirai. Unrelated, CISA has appointed Lisa Einstein as its first chief artificial intelligence officer. Einstein, previously CISA's senior advisor for AI and executive director of the Cybersecurity Advisory Committee, has been instrumental in shaping CISA's AI initiatives. Her appointment aims to strengthen the agency's AI expertise and ensure safe AI adoption for critical infrastructure. CISA director Jen Easterly praised Einstein's leadership and vision in advancing AI efforts. Einstein emphasized her commitment to enhancing cybersecurity and infrastructure reliability through AI. Her achievements include developing CISA's AI roadmap and leading a pilot program for testing AI cybersecurity tools, with findings recently shared with the White House. Coming up after the break, Tim Starks from Cyber Scoop joins us to discuss President Biden's cybersecurity legacy. Stay with us. And now, a word from our sponsor, No Before. Where would infosec professionals be without users making security mistakes? Working less than 60 hours per week, maybe, actually having a weekend every so often. While user behavior can be a challenge, they can also be an infosec professional's greatest asset once properly equipped. Users want to do the right thing, but often lack the knowledge to do so. That's one of the reasons No Before developed Security Coach, a real-time security coaching tool that takes alerts from your existing security stack and sends immediate coaching to users who've taken risky actions. The existing security tools will likely block a user from visiting a high-risk website, for example, but the user might not understand why. Security Coach analyzes these alerts and provides users with relevant security tips via email or Slack, coaching them on why the action they just took was risky. Help users learn from their mistakes and strengthen your organization's security culture with Security Coach. Learn more at nobefore.com/securitycoach. That's nobefore.com/securitycoach. And we thank No Before for sponsoring our show. [MUSIC] The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now, employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. [MUSIC] It is my pleasure to welcome back to the show Tim Starks. He is a senior reporter at Cyber Scoop. Previous to that, he was at the Washington Post. Tim, that's when you and I got started doing these little segments together. But happy to have you back now that you are comfortably settled into your new role at Cyber Scoop. For some reason, I was just predicting you were definitely going to say ensconced. You know, if I had the wherewithal of the mental energy, I definitely would have... It was a word I was reaching for. [LAUGHTER] Well, it's good to be back. No, it's great to have you back. I want to dig into this article that you recently published over on Cyber Scoop. This is covering President Biden's cybersecurity legacy. Can we start off just what prompted you to write this up? Yeah, you know, the way it started was I was thinking it's the end of Biden's term, regardless of whether he is elected or not reelected or whatever the case may be. It's a good time to look at what we got with the four years we elected to. And I've always been fascinated. When we did talk, we talked about this fairly regularly. I've always been fascinated by the degree to which this administration has embraced regulation and embraced the idea that the private sector needs to be doing more. Now, obviously, the story came out after he announced his decision to leave, sorry, or to not seek re-election, but that didn't change what we were going to do. You know, it really didn't matter who was going to be up next. It was always about, okay, four years have happened. What did we get? And this issue of the regulation has always been fascinating to me. Like I said, it was worth just me taking stock and giving readers a sense of what had you gotten out of the four years you elected Biden to. Well, let's start off with the beginning of the timeline here. I mean, how would you describe the state of things as left by former President Trump? In this one regard, President Trump was like almost every other president before him, which was very light touch regulation. You know, the idea of being a regulatory, taking a regulatory approach to cybersecurity had been anathema to every president, no matter their party. Because the idea was if you create rules in cybersecurity and you create these regulations, then you might lock yourself into an accidental technology approach or the rules might be outdated by the time they're actually published. I mean, we've been waiting on the cyber incident reporting law to become a rule for a while now. It was passed years ago. So the idea was that regulation wasn't the appropriate policy solution to what happens in cyberspace. That was every president before this one. And there were early signs that this administration was wanting to do differently. When they published an executive order in the summer of 2021, or maybe it was early, early, maybe more spring, but that order, you know, hearing the people talk about it, who were the architects of it, we're saying this covers what the federal government does. These are rules for federal agencies to do things. But it also, you know, if you're a contractor and you're working with those agencies, you're going to have to subscribe to these rules too. And with the billions and billions of dollars that the federal government spends, the idea was, well, any company that wants to do business with the federal government is going to have to change their approach. So the idea was to use the purchasing power of the federal government to leverage and sort of indirectly impose rules on companies. That summer was a big one because you recall that that was colonial pipeline. That was a JBS processing company getting hacked. And suddenly, this was a big watermark moment of, oh, people are realizing that this can affect their lives in ways that they had not previously thought of. I mean, obviously cyber has been a way for people to steal money, but this was something else. This was a new way of looking at the way the market could be disrupted. And as it happened, Ann Newberger, who I interviewed for the article, I also interviewed Harry Coker and Jenny Sterely. Those are arguably the three top policy-making cyber officials in the U.S. government. Ann Newberger talked about how that got the attention of people inside the administration in a way that had them going further than they had previously in terms of putting rules in place. We saw TSA put them in place for the rules for pipelines. And it's kind of been a cascade ever since. You talk about CISA's Secure By Design Initiative, which certainly folks in cybersecurity know all about. At this point, are we at a point where we can evaluate whether or not that is going to be a success or has been a success? No, I don't think so. And I think even Jenny Sterely would tell you that it's too early. The other part of this shift, there's an embrace of the regulations and rules, but it's also that general shift of we want the private sector to be doing taking on more responsibility for protecting people. Right now, cyber attacks happen because somebody clicks on a link that they should have clicked on and suddenly they're in trouble or they are using a device that's vulnerable through no fault of their own. And so this Secure By Design is one answer and another answer to this approach of saying we want you, industry, private sector, critical infrastructure, software makers, we want you to be doing more. And while they do have a significant number of pledges, I think they're up to 168 to say the company saying we're committed to doing this. It is voluntary and that means that people might say they're committed to it doesn't necessarily mean they are. And to use the metaphor, Jen used, Ralph Nader was talking about seat belts in the 1960s and it was decades before we started getting airbags and seat belts as a default thing. That's the situation that we're in now. She's talked about this being at the very beginning of the process of shifting this responsibility. And I think that if you go back to the rules thing too, if you're trying to measure that, we're still seeing a lot of hacks. And had said in the story that the threat is high, our preparations were low. We're trying to get the preparation part to a medium at least. There's a lot more that they have to do that they say. >> Yeah, I really found that seat belt comparison pretty compelling. Someone who grew up during that era when suddenly seat belts became kind of the law of the land. I remember there were plenty of people out there who really thought it was a good plan that rather than wearing seat belts, they would be thrown from the car, thrown clear of the accident, which of course seems absurd now, but that was a sensible line of thinking back in the day. >> Growing up in the 80s, it was almost like people would talk about seat belts like they weren't cool. If you put on a seat belt, then people might make fun of you. What are you doing, nerd? >> Right, and it's hard to imagine. I don't feel comfortable in a car without a seat belt anymore. >> Absolutely. >> Yeah, but you're right, it took decades. Can we look at some of the things that have happened here recently, through the lens of bind administration? I mean, for me, one that you touched on in the article, which is the Supreme Court ruling on Chevron deference, how do we suppose that could play out in regards to how these folks are looking to regulate? >> That is such a fascinating question that nobody knows the answer to right now. And I think it certainly affects things going forward more than it does looking back as I understand the application of the rule. It may open things up to lawsuits, things that are existing, but as much as I've asked around, I'm not hearing a lot of planning going on around that from people in affected industries, you would think that if they did not like these rules and Chevron gave them an opening, they would go for it. That's not been their approach yet. I'm not saying it will always be, I'm not saying it's going to stay that way, but right now there's little to no evidence that that is happening. So I think it more affects how they might make decisions going forward. If you look at some of the interpretations of rules here that have let the administrator decide that they have these authorities who make new rules, then a little to quote a line from an article from my colleague Derek Gonson, creative lawyering. We think we have this authority because of this law that existed that wasn't necessarily geared towards cyber, but it can apply to cyber. And you saw a setback with this approach when the EPA put its water sector rules forward. It was seemed to be on the outer periphery of arguable authority to me that they had. I'm not a legal mind, but just my interpretation of things was some of this is clearer and some of it's less clear. And that was on the less clear side. When the states sued, they essentially dropped that rule. I don't know if they were convinced that it just wasn't going to happen or that it wasn't worth the time and money they'd spend to defend it. But there's already evidence that if they get too creative, they will face resistance. And so I think it's more if they're talking about doing something new, that Chevron won't come into play more than in the past, but really nobody knows in the administration and specifically said we're still analyzing that. So as far as what they might do, it's up in the air. Well, before I let you go, how about the CrowdStrike event? Certainly lots of chatter about the potential liabilities that CrowdStrike could face here. We hear Delta Airlines is lawyering up with a real high profile lawyer who once went after Microsoft. What's the buzz you're hearing when it comes to that? Yeah, we were talking about that lawsuit in a team meeting at CyberScript this morning. The software liability picture is a big part of what the administration is doing here. It's actually the piece that's the farthest behind. This is one of those situations where if you have the software and someone uses it and they sign a form, they basically are signing away their legal rights to pursue anything if things go wrong. And there's not a good way to go after these things right now. You do see every time there's a breach of some kind, there's a lawsuit. It pops up. I don't know that there have been that many that have been terribly terribly successful on the breach side. That's another open question that's really interesting to see to what degree you can go after someone who was responsible for software flaw. It's something that the policymakers are trying to address and it would be interesting to see how it plays out in the court and how that might have a ripple effect there. Yeah. Tim Starks is a senior reporter at Cyber Scoop. The article is titled "Biden's Cybersecurity Legacy, a Big Shift to Private Sector Responsibility." We will have a link in the show notes. Tim Starks, thanks so much for joining us. Hey, thanks Dave. Most of our listeners who deal with legacy privileged access management products know they tend to be expensive, difficult to deploy and hard to use. Keeper security is the answer. Keeper's Zero Trust solution delivers password, secrets and connection management in one easy to use platform. It's fast to deploy, agentless, clientless and has no implementation fees. Plus, Keeper is FedRAMP authorized. That's why we trust Keeper to prevent breaches and gain full control over privileged users. Visit keeper.io/cyberwire to schedule a quick demo. That's keeper.io/cyberwire and thanks to Keeper security for supporting our podcast. And finally, our Hal 9000 Appreciation Desk tells us of a team of Swiss researchers delving into a question straight out of a sci-fi movie. Could chatbots become self-aware? While this sounds like the setup for a blockbuster thriller, the researchers are taking it seriously, given the potential security implications. They devised a clever test to see if AI models can recognize their own outputs, akin to finding their reflection in a sea of digital doppelgangers. Historically, the notion of AI self-awareness was dismissed by experts. Despite the skepticism, recent chatter around anthropics clawed three opus being able to detect trick questions as reignited the debate. A majority of chat GPT users even believe in some form of chatbot consciousness. The research team led by Tim Davison from the Ecolle Polytechnic Federale de La Sal discovered that some AI models can identify their own responses from a lineup with more than 50% accuracy. This might suggest some self-recognition, but the reality is a tad more mundane. The models, it turns out, are merely selecting what they perceive as the best answer, not necessarily their own. It's like asking a dog to find its reflection and having it pick the shiniest bowl instead. Despite the model's penchant for vanity, Davison highlights the importance of this line of inquiry. If AI models eventually become capable of true self-recognition, it could lead to intriguing scenarios. Imagine AI-powered lawyers negotiating with one another. If one model recognizes it's sparring with a twin, it could gain an unfair advantage by predicting its counterparts' moves. While this may seem like a far-off dystopian tale, Davison advises cautious optimism. After all, as he puts it, you start fire-proofing your house before there's a fire. Keeping an eye on these developments ensures we're prepared for whatever AI's digital evolution brings, even if it's just making sure our chatbots don't outsmart us at their own game. And that's The Cyberwire. For links to all of today's stories, check out our daily briefing at TheCyberwire.com. Be sure to check out this weekend's research Saturday. At my conversation with Jason Baker, senior threat consultant at Guide Point Security, we're discussing their work worldwide web and analysis of tactics and techniques attributed to scattered spider. That's research Saturday, check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. Wear privilege that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes, our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Carve. Simone Petrella is our president. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. [Music] This September 18th and 19th in Denver, a tight community of leading experts is gathering to tackle the toughest cyber security challenges we face. It's happening at M-Wise, the unique conference built by practitioners for practitioners. Brought to you by Mandiant, now part of Google Cloud, M-Wise features one-to-one access with industry experts and fresh insights into the topics that matter most right now to frontline practitioners. Register early and save at M-Wise.io/Cyberwire. That's M-Wise.io/Cyberwire. [Music]
