https://ift.tt/yKm9d58
A Google security expert warns that organized crime groups are increasingly roping teenage gamers into committing cyberattacks.
Heather Adkins, Google’s vice president of security engineering, is a founding member of the Google security team and cybersecurity expert focused on breach recovery, incident response, insider risks and building safe computing environments.
She also serves as deputy chair of the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Safety Review Board (CSRB). The trend of malicious hackers luring teenager gamers into committing cyber crimes was uncovered by CSRB in its review of hacker group Lapsus$.
“One of the things that I’m quite concerned about is so many teenagers online and they’ve all got digital skills, and they get into games like Minecraft and Roblox, and they all want free Roblox money,” Adkins said. “So they’re learning the cheats of the games. In my generation, it was the Nintendo cheat codes. They have online versions of this and the forums where they’re engaging. You also have organized crime roaming around [saying], ‘Hey, you’re a pretty good hacker. Do you want to make some money?’ And then suddenly we have these 16-year-olds getting arrested, but they’re kind of fronting some of these groups.”
Google Security Expert Likens Trend to Terrorist Group Recruitment
Adkins compares it to terrorist groups gaining members via online recruitment.
“It’s a bit like we’ve seen with extremist Islamic terrorism, people being radicalized online, going and joining ISIS,” she said. “It’s kind of the digital version of that. So we’re seeing kids who maybe have no guardrails at home or adults to help them in life, and getting roped into some of these very bad schemes that actually have real-world overlap with human trafficking and drugs, and all kinds of things. That worries me. We need to help the kids get into things like bug bounty programs and red teaming, and using those skills for good.”
Google’s Heather Adkins
Google is a collaborator and supporter of the Defense Advanced Research Project Agency (DARPA) AI Cyber Challenge. The semifinal competition took place during last month’s Def Con hacking conference at Black Hat in Las Vegas.
The competition brings together experts in AI and cybersecurity to create novel AI systems that can safeguard open-source software. It’s focused on leveraging the opportunity of large language models (LLMs), Adkins said.
“We are faced with having trillions and trillions of lines of code all over the world, so how are we possibly going to reduce the number of vulnerabilities in code?” she said. “Those finalists all had somewhat working solutions to find bugs and fix bugs, and in another year there’ll be more sophisticated solutions for the final. But teams did actually successfully find vulnerabilities in open source code like SQLite and the Linux kernel, so really important code bases, and managed to produce fixes.
“The idea here is that we start to automate as much of this work as we can because we simply don’t have enough people to do it manually, and people don’t want to do it manually forever given the size of these code bases,” continued Adkins. “It’s really quite exciting and I think this is really the future because we know the threat actors have access to LLMs as well, and if they’re the only ones finding bugs … then we’re going to be very far behind. So it’s important that we develop these capabilities and start to think about vulnerability management in a much more automated way.”
Scroll through our slideshow above for more from Google’s Heather Adkins.