人工智能也在改变犯罪方式

好的。

Okay.

我们将要听到的故事涉及犯罪暗网、尖端技术和全球经济，但它始于一个更为个人的地方。

The story we're about to hear touches on the criminal dark web, cutting edge technology, and the global economy, but it begins somewhere more personal.

就像任何事情一样，你知道，它始于我自己的焦虑。

Like anything, you know, it starts with my own anxiety.

这是库珀·卡茨·麦金，《指标》节目的制作人，来自NPR的每日经济播客《星球货币》。

That is Cooper Katz McKim, a producer for the indicator from Planet Money, NPR's Daily Economics podcast.

有那么一周的时间，我每天打开新闻，底部总会看到另一起数据泄露事件。

There was this week long period where I was opening up the news every day, and there would just be some other data breach that was at the bottom.

这让我非常不安。

And it freaked me out.

这让他感到不安，他想知道，这是我的错觉，还是这个问题真的在恶化？

It freaked him out, and he wanted to know, is this my imagination, or is this problem getting worse?

当他深入研究时，他发现

And when he dug into it, he found

美国的数据泄露事件正朝着创纪录的一年发展。

The US is on track for a record year in data breaches.

NPR新闻快讯迅速证实了这一点。

Which a quick spin through NPR's newscast confirms.

网络黑客已获取了Alliance Life公司140万客户中大部分人的个人数据。

Cyberhackers have accessed the personal data of most of the 1,400,000 customers of Alliance Life.

国会预算办公室表示其遭遇网络攻击，导致部分政府数据

The congressional budget office says it's been hit by a cyberattack partially disclosing government

泄露给百货商店Harrods。

data to department store, Harrods.

加密货币巨头Coinbase

Cryptocurrency giant, Coinbase,

表示，最近我尝试列清单时，发现它变得难以管理。

say The app tea recently I tried making a list at one point, and it just got unwieldy.

被黑图片被发布到了极右翼论坛4chan上。

Hacked images were posted to the fringe right wing message board, 4chan.

我是说，受影响的不仅仅是大型企业。

I mean, it's not just big businesses, though.

明尼苏达州的圣保罗市仍在从一起勒索软件攻击中恢复，该攻击

The city of Saint Paul in Minnesota is still recovering from a ransomware attack that

已经发生。

took place.

政府机构、学校、医院及其政府实体。

Governments, its schools, its hospitals, its government entities.

于是库珀开始研究是什么在助推这些黑客行为，结果发现一个重要答案是人工智能。

So Cooper started looking into what is supercharging these hackers, and it turns out one big answer is artificial intelligence.

他们速度更快、行为更隐蔽，且自主性远超以往。

They're faster, they're more opaque, and they're more autonomous than ever.

想想看：

Consider this.

人工智能让网络犯罪变得更轻松、成本更低且可规模化。

AI has made cybercriminals work easier, cheaper, and scalable.

这对我们其他人意味着什么？

What does that mean for the rest of us?

这里是NPR的Elsid Shang。

From NPR, I'm Elsid Shang.

这是NPR的《考虑一下》节目。

It's consider this from NPR.

Cooper Katz McKim的问题是：为什么数据泄露事件似乎层出不穷？

Cooper Katz McKim's question was, why does it seem like so many data breaches are happening?

这为我们打开了窥见现代犯罪全貌的大门。

It opened a door into a whole world of modern vice.

就像其他经济领域一样，事实证明AI正在彻底改变犯罪行业。

And just like the rest of the economy, it turns out that AI is really transforming the business of crime.

Cooper与NPR《金钱星球》栏目《指标》播客的同事们对此进行了调查，他现在将与我们详细探讨这个话题。

Cooper and his colleagues at the indicator podcast from NPR's Planet Money looked into this, and he's here with us now to talk all about it.

嗨，Cooper。

Hey, Cooper.

嗨，艾尔莎。

Hi, Elsa.

嘿。

Hey.

好的。

Okay.

我们刚才提到人工智能正在某种程度上助推数据泄露。

So we mentioned that AI is kind of helping supercharge data breaches.

对吧？

Right?

你能解释一下这是怎么发生的吗？

Can you just explain how that's happening?

因为它让数据泄露的几乎每个环节都变得更简单了。

Because it makes just about every aspect of data breaches easier.

假设你是那种想要获取大量密码的犯罪分子。

So let's say you're the type of criminal that wants a ton of passwords.

你成功了，发现自己手握百万密码。

You succeed and you find yourself with a million passwords.

你实际上就是得到了一大堆钥匙。

You've effectively just gotten a pile of keys.

一般来说，犯罪分子都很有耐心。

So generally, a criminal is very patient.

他们愿意用每把钥匙去试遍社区里每栋隐喻的房子，直到找到有用的东西，比如银行账户。

They're willing to try every key in every metaphorical house in the neighborhood until it leads to something useful, say a bank account.

而AI可以自动化这个过程，以小时而非天为单位，极快地测试出哪些钥匙有用。

Well, AI can automate that process and test which keys are useful way, way, way faster in hours rather than days.

所以AI让他们用更低的技术门槛实现更高效率，突然之间就获得了大量访问权限。

So it just makes them more efficient with less technical skill, and there's just suddenly a lot more access.

明白了。

Okay.

也就是说AI让这些犯罪分子能更好地进行数据抓取和数据处理。

So AI is enabling these criminals to better data scrape, data crunch.

这说得通。

That makes sense.

但我不得不说，当我第一次听说AI犯罪在增加时，我想象的是更炫酷的东西，比如更有阴谋感的犯罪。

But I I have to say, when I first heard that AI crime is on the rise, I was imagining something a little sexier, like, with a little more intrigue.

超级复杂的数据收集听起来并不那么有犯罪魅力

Super sophisticated data collection just doesn't sound all that criminally sexy to

对我来说。

me.

是的。

Yeah.

我是说，它绝对被用于更复杂的犯罪。

I mean, it is definitely used for more sophisticated crimes.

你知道，比如鱼叉式网络钓鱼这类手段。

You know, something like spear phishing, for example.

等等。

Wait.

就像你站在船上，手持长矛准备叉鱼那样吗？

Like, you're standing in a boat with a long spear ready to harpoon a fish?

好吧。

Okay.

不完全是这样。

Not quite.

更像是这个场景的隐喻版本。

It's like the metaphorical version of this.

这是一种针对特定个人的、高度定制化的网络攻击。

It's this targeted personalized kind of cyber attack that goes after one individual.

我向斯图尔特·马德尼克请教过这个问题。

I asked Stuart Madnick about this.

他是麻省理工学院的网络安全主管。

He's director of cybersecurity at MIT.

这需要时间和精力。

That takes time and effort.

猜猜怎么着？

Guess what?

人工智能系统可以出色地完成这些，速度更快，而且在许多情况下，质量比人类更高。

AI systems can do that splendidly, much faster, and in many case, higher quality than humans could.

是啊。

Yeah.

所以想象一下，你是个罪犯，试图让人们相信你是某个值得信赖的人。

So imagine you're a criminal and you're trying to convince people you're this trusted person.

可能是他们的老板或家人。

Maybe it's their boss or their family member.

你只需要大量真实信息来说服他们相信这一点。

You just need a lot of actual information to convince them of that.

可能是他们发消息的节奏或说话方式。

Maybe it's like the cadence of when they message you or how they talk.

人工智能可以帮助获取所有这些信息，让你作为鱼叉式网络钓鱼者更具说服力。

AI can help get all that information and make you more convincing as the spear phisher.

所以这种情况正在发生。

So that's happening.

与此同时，犯罪经济基础设施也在进步。

And meanwhile, the criminal economic infrastructure is also advancing.

网上还有现成的钓鱼工具包可以购买。

So there's ready made phishing kits that people can buy online too.

一旦我开发出这个工具，就可以轻松地说：'1万美元或收益的50%，我就给你这个工具'。

Once I built the tool to do that, it's kind of easy to say for $10,000 or 50% of the gain, here, I will give you this tool.

所以在坏人世界里存在一种倍增效应。

So there's a multiplying effect going on on the bad guy world.

有种叫SaaS（软件即服务）的东西。

There's this thing called SaaS, software as a service.

套路类似，但这次是犯罪服务，其中一些甚至提供订阅等级。

It's the same kind of shtick, but this time for crime, where there's literally subscription tiers for some of these services.

好的。

Okay.

假设我是个罪犯，想去购物。

So let's say I'm a criminal and I wanna go shopping.

我有哪些选择？

What are my options?

比如，我能买到些什么？

Like, what is out there for me to buy?

是啊。

Yeah.

你的选择比以往任何时候都多。

You have a lot more options than ever.

你运气不错。

You're in luck.

好的。

Okay.

现在还有勒索软件即服务。

There's ransomware is a service.

你可以直接租用银行恶意软件工具包、垃圾邮件发送服务。

You can literally rent banking malware kits, spam sending services.

所以进入这个世界的门槛非常低。

So one's ability to get into this world, the the bar is very low.

比如不知道你是否听说过DDoS攻击，这是一种复杂的网络攻击，目的是让网站瘫痪。

Like, don't know if you've heard of DDoS attacks, but it's like this complicated cyber attack intended to bring down a site.

没有编程经验的人现在也能租用这种工具包了。哇哦。

People with no coding experience can now rent a kit for that Wow.

然后独立运行它们。

And run them alone.

所以可获取性已经急剧上升。

So accessibility has just skyrocketed.

那么公司们如何试图保护自己免受这些威胁呢？

Well, then how are companies trying to protect themselves from all of this?

我们采访了一位名叫本·科尔曼的人，他一直在研究专门针对语音克隆技术的诈骗。

So we talked to a guy named Ben Coleman who's been looking at scams related specifically to voice cloning technology.

嗯

Mhmm.

他是一家名为Reality Defender的初创公司的CEO。

He's the CEO of this startup called Reality Defender.

他告诉我，像银行这样的大公司正在付费请他们提供保护，防范涉及深度伪造的诈骗，因为这是AI被用于犯罪的另一种方式。

He was telling me big companies like banks are paying them to protect themselves against scams and involve deepfakes because that's another use of AI to further crime.

例如，诈骗者可能会使用某人声音的深度伪造来打电话给银行，试图突破语音密码保护。

So for example, fraudsters might call bank using a deepfake of someone's voice and trying to break through the voice is my password protection.

等等

Wait.

那要怎么阻止这种情况？

So how do you stop that?

这有点讽刺。

It's kinda funny.

但我了解到的是，AI本身正被用来对抗AI。

But what I learned was that AI itself is being used to fight AI.

嗯。

Mhmm.

所以Reality Defender公司开发了自己的检测软件，利用人工智能来识别这些伪造的声音。

So Reality Defender has its own detection software utilizing artificial intelligence to identify these fake voices.

如今制作深度伪造音频实在太容易了。

So deepfakes are just so easy to do nowadays.

科尔曼甚至认为银行根本不该使用语音验证。

Coleman doesn't even think banks should be using voice verification.

这太容易破解了。

It's it's too easy.

不幸的是，许多机构——不仅是银行，还有政府组织、保险公司、媒体机构——仍在使用所谓的声纹识别技术，也就是用声音作为密码。

Unfortunately, many institutions, not only banks, but also government organizations, insurance companies, media organizations, are still using what are called voice biometrics, which is way of saying your voice is your password.

是啊。

Yeah.

银行为什么还在用这种方式？

Why are banks still doing this?

问得好。

Good question.

我们采访了PNC银行的马克·瓦皮泽夫斯基，他基本上说这只是整个安全体系中的一环。

We spoke with Mark Wapizewski at PNC Bank, and he basically said it's one piece of the puzzle.

并非全部。

It's not the whole thing.

我认为如果只依赖单一维度验证，任何方式都存在风险。

I think if you're only using the one dimension, there's risk in everything.

比如接受驾照验证也有风险——有人可能亲自到银行分行行骗，这就是为什么现在越来越多技术开始寻求多因素认证或其他辅助信号。

There'd be risk in accepting a driver's license, for example, somebody walking into your branch, which is why you're starting to see a lot more technologies that are looking for multifactor authentication or even just those other signals.

其他信号比如你的呼叫位置、使用设备，或者短信验证码。

Other signals like where you're calling from, from what device, maybe a text verification code.

但他表示更大的风险不仅在于银行会成为目标，客户同样面临威胁。

But he says the bigger risk isn't just that banks will be targeted, but that customers will too.

具体会如何针对客户？

Targeting customers how exactly?

这稍微回到了我们之前讨论的话题，骗子可能会冒充你信任的人给你打电话，比如银行工作人员。

So this is going back a little bit to what we were talking about earlier, where a fraudster might call you pretending to be this trusted person, like someone at your bank.

他们可以伪造号码，假装是你的银行，掌握你所有的信息，然后说：'嘿，你得赶紧把钱转走。'

They can spoof that number, pretend to be your bank, have all this information about you, and they say, hey, you gotta move your money quick.

这几乎每次都是个骗局。

And it is almost a it's a scam every time.

打电话的罪犯也可能假装是你的孩子或祖父母。

The criminal calling might also pretend to be your child or grandparent.

天啊。

Jeez.

在我从事的这个行业里，我和家人之间有个安全暗语。

Being in this part of the business I have with my family is essentially a safe word.

我们都知道，如果真遇到有人陷入困境要钱的情况，这个暗语是固定的。

And we all, you know, know if there's ever a situation where, you know, somebody's really in trouble and asking for money, it's consistent.

我们会要求对方说出这个安全暗语。

We will ask for this safe word.

这主意真是太棒了。

That is such a great idea.

我得想个安全词。

I need to come up with a safe word.

库珀，听你这么一说，潜在的安全漏洞范围似乎非常广泛。

So, I mean, just listening to you talk, Cooper, it just seems like the range of potential vulnerabilities is huge.

在这个AI既廉价又触手可及的世界里，2025年做个普通人似乎需要保持高度警惕。

In this world where, you know, AI is cheap and totally accessible, it just feels like being a person in 2025 now requires a really high level of vigilance.

光是和你聊这个话题就让我压力山大。

Like, I'm stressed out just having this conversation with you.

是啊。

Yeah.

这正是我们报道中贯穿的主题。

I mean, that's this that's the theme that came through in this reporting.

AI让犯罪手段升级了。

AI has supercharged crime.

它让犯罪变得更简单了。

It made it easier.

它变得更易获取。

It's more accessible.

它的规模可以无限扩大。

It's more scalable.

所有入行门槛都被彻底铲平了。

Just all barriers to entry have been torn down.

个人能做的防护实在有限，毕竟需要政府、企业和学术界通力合作。

And there's there's only so much an individual can do to protect themselves because, I mean, governments, businesses, academics, they need to work together.

我们采访的一位专家说要整合出切实可行的解决方案。

We heard from one expert to assemble an actual solution.

嗯。

Mhmm.

这种零敲碎打的方式显然行不通。

This piecemeal approach clearly isn't working.

我们之前提到的斯图尔特·马德尼克预计情况会变得更糟。

Stuart Madnick, who we heard earlier, expects things to get worse.

这并不意味着我们会放弃抵抗浪潮，但浪潮确实在向我们袭来。

Doesn't mean we're not gonna try to hold back the tide, but the tide is rising against us.

浪潮正在向我们袭来。

The tide is rising against us.

听起来很戏剧性。

That sounds Dramatic.

不祥之兆。

Ominous.

是啊。

Yeah.

知道。

Know.

我们就在这个不祥的音符上结束吧。

And we will leave it there on that ominous note.

NPR的库珀·卡茨·麦金。

NPR's Cooper Katz McKim.

他是《Planet Money》旗下《指标》播客的制片人。

He's a producer on the indicator podcast from Planet Money.

非常感谢你，库珀。

Thank you so much, Cooper.

谢谢邀请我。

Thank you for having me.

本期节目还得到了达里安·伍兹的补充报道。

Additional reporting in this episode came from Darian Woods.

关于犯罪演变的《指标》系列还有更多内容。

And there's a lot more in the indicators series on the evolution of crime.

请查看我们节目说明中的链接。

Check out the links in our episode notes.

本集节目由康纳·多诺万制作。

This episode was produced by Connor Donovan.

本期节目由凯特·康坎农和帕特里克·贾伦·瓦塔纳内克编辑，事实核查由塞拉·华雷斯完成。

It was edited by Kate Concannon and Patrick Jaren Watananek with fact checking by Sierra Juarez.

我们的执行制片人是萨米·叶尼根。

Our executive producer is Sammy Yenigan.

这里是NPR的《Consider This》节目。

It's Consider This from NPR.

我是艾尔莎·张。

I'm Elsa Chang.