The Silence of the Cyber-Lambs
Perry Carpenter: Recorded live from the 8th Layer Media studio, in the backrooms of the deep web, this is The FAIK Files. When tech gets weird, we are here to make sense of it. I'm Perry Carpenter. Mason Amadeus is out this week and, in spite of that, we have a really fun show for you. On today's show, we're going to start with a fun grab bag of items including two reality-shaking, new image generators that just dropped, again pushing the boundaries on realism and text generation. And second up, we have a really, really amazing interview with Cameron Malin, former FBI person that started the Cyber Behavioral Profiling Unit at the FBI and is full of fun stories. So, if you're a fan of true crime, then you definitely want to tune into that. And then we'll round it out with an AI dumpster fire of the week, where we're talking about AI slop, bots, and even worse. So, sit back, relax and just ignore that deepfake behind the curtain. We'll open up The FAIK Files right after this. All right, so this segment is going to be a little bit of a grab bag. This is just a few things that I wanted to give you updates on or that were really interesting that happened this week. So, really just four things. The first one is, if you remember a few weeks ago, I mentioned that I was going to be speaking and giving testimony to the Securities and Exchange Commission up in D.C. So, I did that, the testimony went great, the presentation went well, and they finally posted the video for them. So, I'm going to show you a couple of the things that went along with that. For those on YouTube, you can see that I pulled up the meeting agenda and we were in the afternoon panel. And this was a great panel kicked off by Erin West. Erin, who is a guest on the show, talks about pig butchering scams a lot and is really trying to do a ton of great work there. She painted a fantastic picture of how scary things are right now. Then we had David Maimon, who does some really interesting research into telegram channels and the way that fraudsters are sharing information and tools. Then I gave my testimony and presentation. And then Claire McHenry, who's the deputy director of the Nebraska Department of Banking and Financial Securities Bureau, gave the last presentation and she spoke a lot on policy work and what's being done really to enable public and private partnerships there and some really good work. So, that agenda is there. If you click on the testimony within each of those, it will take you to the written testimony. And so over here, again, for those on YouTube, you can see my written testimony that I presented was all around deepfakes and the future of financial deception. And then, also they posted the YouTube video of that. And so, here you can see me dressed all up presenting in front of the Securities and Exchange Commission, talking about deepfakes and some of the tools that are really being used and made available to both people who want to use these for legitimate purposes, but of course, also on the cybercrime side. So that is that. I'll put all the links in the show notes for that. Also, this week, there were a couple of really good image generation programs that dropped. The first one is a native model, and this was from OpenAI. And so, this is not strictly a diffusion model. This is a multimodal model that incorporates all the great things around large language models and multimodality into the way that it understands the prompts and then generates the images. And so, you can see here, as I go to the OpenAI website that announced "Introducing 4o image generation." 4o again, 4o is for the Omni; that's what the O stands for there. And it says, "Unlocking useful and valuable image generation with a natively multimodal model capable of precise, accurate, and photorealistic outputs." And they've got a ton of great information here. There are some, and again, the link will be in the show notes, you should go to this page, go ahead, read the content and see some of the sample images that they posted. For those watching on YouTube, you can see here a very photorealistic image of a young woman in an OpenAI shirt writing on a whiteboard. And you can even see like the outline or the reflection of somebody behind her, taking a picture with like an iPhone or some kind of mobile device. The text that is on the whiteboard looks real. It's legible. It is fully readable. And it's actually interesting because it's talking about the way that the model works. So, it's a little bit meta there. You can see the young lady and probably the guy that was supposed to be taking the picture, or the selfie, giving a high five. That's doesn't look great where their hands are meeting, but it's fine. If you were just scrolling through social media, you would just think that was an awkward pose. So really, really interesting. They talk about character consistency. They talk about text generation. They can also generate images with transparent backgrounds. You can edit images on the fly, like you create one image. The one that they're showing on their page is they create an image of a cat. And then they say, now give the cat a decorative hat and monocle. And it just adds that to the image, keeping the character consistence, the same cat. And people are doing really crazy stuff with this. If you go over to X, which is one of the good reasons to be on X right now, is there's a ton of people sharing great AI work. Not a lot of other good reasons to be on X, but the AI community is still there. I'm showing on screen an image that looks like Albert Einstein working out. And this looks photorealistic. This looks real to me. I'm not seeing a lot of AI tell, not seeing any AI tells, I'm not looking at it overly closely. But yeah, this looks like a shot that would be in a magazine to me. Very good. Everybody's experimenting with all the different styles that are available, the ability to make infographics, to upload a cartoon and turn that into a real person, or upload a real person and turn that into a cartoon, to upload real people and put them in different circumstances. All of that used to take creating custom trained models like LoRA models with FLUX. And now you can just do that with OpenAI's 4o model. So, that's really good. There's another fun one that somebody shared on X, where they took the characters in Severance and put them in a whole bunch of different styles, like stop motion and so on. And that was really fun to see also. Cartoons and line art and like Pixar -- so, yeah, really, really cool. And almost everybody has an OpenAI, ChatGPT subscription. It's available at all the different levels of subscription. So, if you are even subscribed at the most base level, then you have access. The other model that came out this week, right around the same time is this, it is Reve 1.0. And on the YouTube version of the podcast, I'm pulling up the Explore page right now and you can see a bunch of very realistic images. I mean, this is a really, really good model. Of course, it also does like cartoons and oil paintings and abstract work. But this is a very, very good realistic model, and we are entering the age right now where people will not be able to trust what they're seeing online. I'm going to play a quick video of the demo reel for this. And in this, you're seeing like oil painting styles, various art styles, various anime styles, represented photorealistic like magazine shots. Really, really good, even like candid shots with old photography styles, old camera lenses. Very, very good results with that. So, again, these image models keep getting better and better and better. And so, the last thing that I want to touch on is, because all of this is getting so good and because we're having to worry about deepfakes across all different types, not just images, but also audio and video, the National Cybersecurity Alliance is going to be celebrating AI Month in April. And so, they are creating this AI Fool's Day campaign. And I'll put a link to this in the show notes, too, where you can go to their website, you can download a toolkit that has PDFs, social media graphics, sample internet and email copy, if you're wanting to let your people or your family know about that. Other helpful materials, including a number of commercials that Mason and I created for them. So, a little 30-second ad spots that could be put on the radio, that dramatize some of the types of AI voice scams that are out there. Here's one of those real quick, just so you get an idea.
Brian: Hey, Melissa. It's Brian from Finance.
Melissa: Oh, hey, Brian.
Brian: We're closing a huge deal with a new vendor, and I need you to wire $150,000 to their account. I've got the bank details whenever you're ready.
Melissa: That's a big transaction. Got a reference number?
Brian: There's no time. I'll handle paperwork after. We have to close this deal ASAP.
Melissa: Hang on. Brian, what's the safe word?
Brian: What? I don't have time for games. If this deal falls through, I will personally --
Unidentified Person: With AI, scammers can sound like anyone. Create a safe word with your workplace today. Learn more at staysafeonline.org.
Perry Carpenter: So, with that, that is this segment. All the links are going to be in the show notes. Right now, we're going to go to a quick break and then we'll come back with our interview with Cameron Malin. Welcome back. Today I have the honor of introducing our guest, Cameron Malin. Cameron was a special agent at the FBI for over 20 years, and for the last 11 years of his career, he was working specifically on behavioral profiling. If you're interested in true crime dramas or movies like Silence of the Lambs, this is the basis of what many of those shows and movies were formed around, this idea of investigation, this idea of understanding the mind of the person that is doing the crime. That is what Cameron has built a career on and has still been building his career on since leaving the FBI. I'm going to pull up his LinkedIn real quick just so you can get an idea of who he is. Behavioral profiler, author and keynote speaker, cyber behavioral analysis, online influence and deception expert, FBI supervisory special agent and profiler retired, FBI behavioral analysis unit. And as we get into his About, over 20 years as an FBI special agent, the last 11, which was a behavioral profiler in the Behavioral Analysis Unit. He is an information security author, former prosecutor, now cyber behavioral profiler for Modus Cyberandi, which is an amazing name for a company. And his life's work is to better understand cyber adversary motivations, intentions and emotions and their decision-making process. So, he is all about bringing the skill set that he learned at the FBI and helped develop at the FBI to people like you and I and to organizations around the world so that we can up our understanding of our cyber adversaries. So, I hope you enjoy this interview with Cameron Malin. Let's go to it now. All right. Super excited to sit down with Cameron today. Right before we hit Record, we are talking a little bit about like different ways that people think about and define profiling. So, as you briefly do a little bit of opening comments, maybe talk about the Behavioral Analysis Unit at the FBI, the Cyber Behavioral Analysis Center, and how all those tie together with the FBI's long legacy of trying to understand the mind of the criminals that are out there.
Cameron Malin: Yeah. So, the Behavioral Analysis Unit, it's described as a unit -- and it's called the BAU, but it actually, it has a richer origin story and it's more than just one unit. It started as the Behavioral Science Unit. So, if you go back to let's call it 1972, there were two agents. There was Howard Teten and Patrick Mullany. When the academy was opened in 1972, they started Behavioral Science Unit and they started looking at abnormal psychology. They had a applied criminology course. And when, let's call it the '70s, mid to late '70s, when Robert Ressler, John Douglas, and then eventually Roy Hazelwood came to the unit, they started doing road shows and they started going out and interviewing serial killers and criminals in prisons and trying to understand how they commit these crimes, why they commit these crimes, and really get a good understanding of how these people think. And this went on for many, many years. And eventually in 1985, the BAU was created. It was created part of what's known as the National Center for the Analysis of Violent Crime. And it was placed over at the Critical Incident Response Group or CIRG. What it became is multiple units. So, yes, the BAU was over there, but it became a number of units. And I'll give you the lay of the land and the units that exist now, because over the years, especially when you talk to old-school profilers, they'll give you "It was this," "It was that," "It was this." So, it's the current incarnation of what is there. There are four operational units and there's an administrative and training unit. BAU-1 is also known as the Behavioral Threat Assessment Center, and they specialize in assessing persons of concern, communicated violence, stalking, bombings, arsons, terrorism. That unit is the Behavioral Threat Assessment Center, an amazing group of folks. BAU-2 is where I came from. I guess I'll leave that last because that might explain the differentiation between that unit and the others. BAU-3 is Crimes Against Child Victims. If it's a crime against a child victim based on age, it's going to go over to that unit. BAU-4 is when you think of Silence of the Lambs or Mind Hunter or Criminal Minds. This is crimes against adult victims. BAU-2 is a couple of different cells within the unit. BAU-2 has the Cyber Behavioral Analysis Center, which I helped establish in 2012. It also has what's known as the Behavioral Analysis Program. And then lastly, there is a Deception and Influence Group or the DIG. It has been, my understanding, since I retired, named differently now, but the intentionality, the focus, the cadre of specialists is the same, and that is people who specialize in understanding adversary use of deception information operations. And that was out of BAU-2.
Perry Carpenter: Can we take it out to the highest level, the most abstract, and in the simplest terms, can you describe what a profiler is and does?
Cameron Malin: Sure. So, I like to use the definition that John Douglas wrote in what's called an LEB or Law Enforcement Bulletin article. He basically said that it's an investigative technique by which to identify the major personality, behavioral, psychological, and emotional characteristics of an offender, based upon the analysis of the crime he or she committed, right? That is like textbook, black letter behavioral profiling. Now, it has been sort of, over the years it has sort of, changed names. So, it used to be known as behavioral profiling; it still is. Anyone that has done the job will still call it that. But in terms of the, I guess, the nomenclature, it's known as Criminal Investigative Analysis, which becomes kind of funny because the acronym is CIA, and then it makes no sense.
Mason Amadeus: Right.
Cameron Malin: You know, our backgrounds, like these are other agencies that we're very close to, so it is kind of funny that they named it CIA as the acronym.
Perry Carpenter: Yeah.
Cameron Malin: So, a behavioral profiler is selected into the unit. So, this is going to be somebody who is not going to be the lead investigator. You're going to be a special agent. You're selected as a special agent. Often, I would say on average, the amount of experience you've had in the field investigating and managing cases, is around ten years. Now, if you think about an agent's life cycle, you are eligible to retire at 20 years and 50 years old. So, when you think about the BAU, it is often halfway through your career. It can be a little earlier. There are some prodigies, for sure, that have come through the units. But as a general idea, you see people on the back nine of the golf course, doing this because they've had a lot of experience and they're selected for their respective unit because they have a lot of experience, and experience matters. Now, what behavioral profiling isn't is using gut instincts based on your experience, right? I think a lot of people consider that. They maybe look at the TV shows and movies, and to some extent, the older way maybe had a lot of that in there. I was very lucky to have some old copies, let's say, of the Dennis Rader's assessment, BTK, when he was first being assessed. And then I had the later assessment, when a more modern profiler had him as a subject to assess and actually interviewed him. And the assessments are very different. I used to have new profilers coming through the unit read both assessments to see the evolution over time in the units. There's a lot of science and something that I know you and Perry would both appreciate. There's a lot of cognitive science. There's a lot of psychology, sociology. There is a lot of anthropology. There's neuroscience. There's a lot of things that go into the process of understanding why someone did something, if you want to break it down at its highest level. We're in the why business, right?
Mason Amadeus: Right.
Perry Carpenter: Yeah.
Mason Amadeus: I have one follow-up just to tack on. What does the output of your day-to-day in that position look like? Are you contributing to some sort of a database of profiles, or is it like some kind of decision tree flow chart to analyze criminal behavior, or is it like a Dewey decimal system?
Cameron Malin: I like the way you think, Mason. You can already see how you visualize information, and it's interesting to hear how you're framing it. So, oftentimes what will happen is there will be an intake of a case. It might be that, let's say that you, me, and Perry are in the same unit, and we have a unit chief who's managing the profilers in the unit. And he or she may say, hey, we have a new, let's call it ransomware attack. Let's just use that, right? And we would jump on a call with the respective agency. It would say it's FBI internally. It could be DHS. It could be whoever wants. It could be international. Obviously, the FBI works very closely with international partners, particularly in cyber. Any violation, but cyber is ubiquitous, and you'd expect it to cross borders. We learn about the case, and then we learn about the requirement. We want to interview this person. We want to arrest this person. We want to understand the group. We want to cause fear in the group. Whatever the request is, we then assess, okay, here are the respective behavioral services that would best meet the needs of your requirements. Let's meet back in X number of weeks, and we'll do a consultation. And then from there, you do your case consultation. And after the case consultation, depending upon the request and how the client wants it distilled, it could be in a report. It could be, "Hey, just give us a verbal delivery. We're good with that." It could be that "We want a formal assessment, the PowerPoint," whatever it is. Maybe they need to take our assessment and provide it to another person they need to brief to. So, they would prefer a PowerPoint. It really depends, but there is an end deliverable based upon the requirements of the client.
Mason Amadeus: Interesting, and also a little spooky, and also super interesting.
Cameron Malin: Cool.
Perry Carpenter: Yeah. So, you know, as I think about the way that most people who have not directly worked with the FBI or spoken to somebody like yourself thinks about this, they're going off of like the Silence of the Lambs movies or Criminal Minds or something like that.
Cameron Malin: Sure.
Perry Carpenter: I guess a two-part question. How close is that to the way that it feels as an investigator? And then where does the cyber component come in when we talk about the cyber behavioral analysis?
Cameron Malin: Yeah. Oh man, Perry, great question. So, some of the movies don't do a great job. Criminal Minds, God bless Criminal Minds, very entertaining, had a great run. I think it might even still be running. I don't know. I mean, it's kind of a funny thing. My wife and I are both retired profilers, and it's very hard to watch those shows. So, I really am not up on those. And we kind of like as a guilty pleasure, like, should we watch one of these? And we just end up not doing it. I would say that Silence of the Lambs is just not accurate. It is a great movie. I think any behavioral profiler would say, "Hey, you know, I enjoyed that as a kid or whatever." But Clarice Starling was a new agent trainee in the Academy and was pulled out before she was even an agent to become the assessor and direct interface and interviewer of a very problematic serial killer. So, how she would be qualified as a profiler, let alone as an agent to be doing that, doesn't make any sense. Right? So that one is just wholesale, doesn't fit reality but is a great movie. And I would say that when you look at Manhunter or The Red Dragon, it's the same thing. You know, I think these books and movies are really great. With The Red Dragon, if you're familiar with that -- it's also known as Manhunter, depending on the year, the version you saw. The other weird part about that one is the protagonist there was William Graham or Will Graham, I think he was referred to. He had retired, and they called him out of retirement to handle the case. And again, that sounds really cool for a movie because they take the grizzled veteran, and they bring him back. But the reality is, if you're retired, you're retired and they're going to assign the case to a new profiler and that's it. They may call you and they say, "Hey, you know, you handled this case at this point. Can we chat with you?" If you're still holding your clearances and you're still doing work out in the industry as a consultant, you know, that might look and feel different too. But you're certainly not being called out of retirement. And I don't even know if you could find an agent that would say, "Yeah, I've retired, I'm collecting my pension and I'm doing other work now. And yeah, let me go back in and become a government employee again."
Perry Carpenter: Yeah. Right.
Cameron Malin: It just doesn't make a lot of sense. I'm sure you could appreciate that. But Mindhunter and Manhunt, which is about the Unabomber. Mindhunter is more of John Douglas's story. Very, very accurate. And also has all of the failures. It took some time and there were a lot of things that we did that didn't work. And I thought that that was a very honest depiction. And frankly, if you talk to most that are true crime lovers, that's the one that captures the imagination and is the most enjoyable because it's sort of gritty. It's not "everyone wins." And that one's the most realistic. And it makes sense because the person who it's around, was the consultant.
Perry Carpenter: Yeah.
Cameron Malin: It makes a lot of sense.
Perry Carpenter: Okay. So then, think about that perspective that seems very physically based and there's a lot of, you know, out in the field investigation. What is it like when you start thinking about the cyber dimension of this and the person that you're profiling is on the other side of a screen or is, you know, leading a multinational ransomware group or something like that?
Cameron Malin: Perry, this is such a good question. And it's really the origins of how I got into that space. If we can use the date 2007 -- so, I had been an agent for maybe five years in Los Angeles division. I did my time in Los Angeles from 2002 to 2011/12. We moved in the new year, and we started in the BAU in 2012, and I retired in 2013. So, you can kind of see 10 years on the front end, 11 years on the back end. And oddly, primarily in the BAU, if you split the career into half. I worked cyber cases from jump when I got to LA. That's why I got into the FBI. I was a prosecutor in Miami, and my last couple of years I was a high-tech crimes prosecutor. And when I joined the FBI, I wanted to go to a field office that I knew I was going to work hard cases with fantastic opportunities to learn and grow as an agent. And LA was that place, for sure. And I worked many cases, and this is -- if we use that time period of 2002 to 2007, if you roll back in time on what was going on in the cybercrime landscape, there were a lot of botnet cases, domestic botnet cases that hadn't all gone over to Eastern Europe. And there were cases they were going there, but there were a lot of domestic botnet operators. And it got me a lot of opportunities to investigate cases, do search warrants, do arrests, do interviews, wash, rinse, and repeat. And I had a lot of chances to meet and interview and learn about these people that were doing these attacks. And they were getting more, more sophisticated. And they were all very unusual people. They were not people with normal stories. They were criminals, but they were volatile. They were vulnerable. They could have been people you would be interested in having a coffee with or a beer with and could just talk to them. They did very bad things; they made very poor choices. So, it's not excusing them for those things, but just to give you a sense of the humanity behind some of these cases.
Perry Carpenter: Yeah.
Cameron Malin: Based upon that -- oh, go ahead, Mason. I see you might have a question.
Mason Amadeus: I think it might dovetail into what you were going to say anyway. Like when you are building a profile based on something digital in cyberspace, like what are the differences between the kinds of things you would use to build a profile between, you know, a traditional criminal case and a cyber case?
Cameron Malin: Sure.
Mason Amadeus: Like what different elements are you looking at and analyzing?
Cameron Malin: Yeah.
Mason Amadeus: And which are the same?
Cameron Malin: Yeah. No, for sure. So, with cyber, it could be with, you know, the people that, you know, you're actually doing warrants on criminal cases, where you're actually doing warrants and arrests and interviewing. It could be a very different animal than, say, something national security-related. It also could be very different if the subject and group associated with the attack is all extraterritorial, because now you're talking about collection of information through mutual legal assistance treaties, MLATs. It could be that you're through national security process, you're gathering information, and you're reviewing those data sources. And it varies depending upon the footprint this person has, what type of communications they use, what type of social media, what type of devices, what core process was used to get access to the devices. And I like to look at that, Mason, as a way of, if we had -- let's just use you as an example.
Mason Amadeus: Sure.
Cameron Malin: If we had your social media and you were out there on social media, and we had a pretty good footprint of you, and we were able to look at that and how you self-present and what's important to you and what you think and what you feel and what you say. But then we had access to your Google Drive. We had access to your laptop. We had access to your mobile devices. And it could be that, behind that, you have very different attitudes and beliefs and feelings and that the way that you're presenting online is very different than who you are as a person. And you're having to grapple with that. It creates things like cognitive dissonance. It creates things like shame. It could create things like fear that you're discovered. So, to answer your question kind of high-level, the information is somewhat dependent on what you can get through your investigation. But the thing I'd like to say about behavioral profiling generally, but specifically about cyber -- because there are so many different, unique data sources that can be used as behavioral evidence. Again, we're not talking about criminal evidence or national security-related evidence. We're talking about behavioral evidence, things that matter to you, things that are important and people that are meaningful to you, and concerns, and hopes, and fears, everything in the constellation of what it is to be human. Those types of sources of evidence can vary. And they're very case-dependent.
Mason Amadeus: Right.
Cameron Malin: Could be that someone has a lot of data out there about them. They might have a lot of devices. Their OPSEC might not be great, or they let their guard down, they lower their vigilance. And then some people, there's just years and years and years. And I guess I'll land the plane here, is that if you do have years and years and years, you do want to see the changes over time.
Mason Amadeus: Right.
Cameron Malin: Like any of us, we change. And what is it that causes those changes?
Mason Amadeus: Something that I think was interesting is that my brain, just because of my life experience, immediately goes just to OSINT techniques, things you can find online, like anyone can find. But you've referenced a couple of times other back channels that would be something the FBI would have, such as mobile device access, laptop access, getting into someone's Google Drive.
Cameron Malin: Yeah.
Mason Amadeus: What is the balance between those back channels and OSINT-type information gathering?
Cameron Malin: So, I would say that OSINT has been, is now, and always will be important. And I think it's finally getting its flowers in the industry. I think there have always been stalwarts that have used OSINT and believed in OSINT, but it's always, in all the INTs, it's not been perceived as, C, you know, the best prom date INT, right?
Mason Amadeus: Right.
Cameron Malin: There are really other great sources of intelligence, but OSINT is just as vital because you get a really good picture. And I think we all are very dialed into the fact that some really interesting findings have been discovered through OSINT. So, I don't think it's trivial. I would say this, though, Mason. What's interesting, I do a lot of expert testimony work and expert work for a number of groups as a consultant. And depending upon what is going on -- if there's a civil lawsuit, there's an investigation -- there are ways of still getting some pretty interesting data sources that are not open source through criminal or civil legal process. And with that, you can still do some very interesting behavioral analysis with non-OSINT sources. Some of the ones I'm thinking of, just off the top of my head, would be cell tower records. Depending upon the nature of the court authorization, it could be acquisition of cloud-based resources, acquisition of mobile phone backups. I mean, there's a lot of different things you can do through legal process if there's litigation pending.
Perry Carpenter: I remember like way back when I was working for one of the large mobile carriers -- and this was before location-based data was a thing. And we were kind of in that transition period where people were trying to decide, it's like, what do we do with location-based data? What do we do with potentially location-based advertising or service to third parties? What everybody in the phone company was starting to realize is that the richness of that data is something that really comes out the more and more you think about it. Because now I can realize that, oh, this person has a pattern of behavior where their location is, let's say in their home area for three nights a week. But one night a week, they're over in this other area. And their phone is really close to, if not right next to, this other person of interest. And then it moves away for a period of time. And so, that could show that maybe that they're having an affair or that they're doing something that would otherwise be untoward. Is that some of the kind of data and associations that you're thinking of?
Cameron Malin: Yeah, Perry, I mean, that's pretty good. And variations of this have come out recently in a couple of hearings. At risk of any politics, I won't describe the specific case. But there were some instances recently, let's say the last half year or maybe a little bit more, where there were hearings and someone did use that data and someone was caught in a pretty sticky situation, because the location data based upon movements with mobile devices, did not comport with the testimony given in the hearing. And that can be very, very problematic. There are some exceptional tools that can be used to do that, that can show movements, that can animate the movements based upon location data and tower data combined. Those are very, very powerful. And then if you start layering onto that health data from a mobile phone -- you know, mobile phones are looking to optimize your experience and help you with persuasive technology, like you took this many steps and you did great today, and high five, and here's the little icon you get for doing 10,000 steps. But when you forensically look at the 10,000 steps, well, it's telemetry data.
Perry Carpenter: Yeah.
Cameron Malin: It's showing where you're going. And there have been cases that you can tell like if a body was dragged, based upon, you know, the health data of the person's wearing an Apple phone, Apple watch, heart rate changes against distance. This has been seen from a victimology standpoint, when people are running away from offenders. I love the fact that you're bringing in kind of the traditional way we look at location data, but when you start making a mosaic of all these data sources, then it becomes really laser-focused. It's quite unique.
Mason Amadeus: To that end, the first thing that comes to mind, and I hope this isn't too soon in the interview to pivot to AI, but I'm curious about your feelings about what I'm sure will be AI systems used in this field, to aggregate and process this kind of data.
Cameron Malin: I think AI, when used ethically and thoughtfully and scientifically, it can augment so many different fields, and behavior profiling should not be one that's excluded. If it can help ensure veracity, it can, let's say, be used as a basis of an alternative competing hypothesis exercise. If an assessment is done and AI suggests that the probabilities and ideas should be pointing in this direction, but the evidence through the eyes of the profilers are in this direction, it's a really great way to use ACH techniques to determine and, number one, alleviate biases and, number two, ensure the highest quality and highest efficacy of accuracy in an assessment. I would never, just like anything else, I think you guys would agree, I would never use AI as the answer. I would use AI as a meaningful way of an assistance and augmenting processes, but never as the solution. And I know there's a lot of fears out there about AI, like it's going to replace people, it's going to become this, it's going to become that. There are some really interesting things that AI can do, and it will surely evolve. Like from the point of this, our conversation, we may look back at this conversation in a year and go, wow.
Mason Amadeus: Yeah.
Cameron Malin: That was so antiquated. That was so 2025, guys. We should have done better. But a person's ideas and intentions are the starting point for what's going on in AI. So, I think a person's never going to be replaced. I think they can be helped a lot, and I think they can be hurt a lot through AI. But it's a facilitation. It's a very meaningful facilitation of things.
Perry Carpenter: What do you think, then, about, let's say, the other side of this? I think we can think about weaponization of AI a lot. And we'll talk about deepfakes and everything else in a minute. But I'm wondering, you know, one of the things an investigator or anybody needs is to understand signal-to-noise. You want as much signal as you can so you can hone in on the things that matter. So, if I was a cybercriminal right now and was thinking about, like, the investigative techniques that might be used to track me, one of the things that I would be thinking about is, how do I create as much noise as possible? I think AI and automation would be one of the things that I'm trying to figure out, this phrase that's being overused right now, but basically how do I flood the zone as much as possible, to create as much distraction so that the investigators are, you know, having to track down ten other things, and I'm able to still get ahead?
Cameron Malin: Perry, I love the way you describe that. And I think we can break it down into some interesting deception nomenclature, and I think we could probably break it down into some behavioral profiling nomenclature that helps frame what you're saying. From a deceptive theorist standpoint, that's what's called a dazzle. Right? This is from Bowyer Bell and Barton Whaley's Ruse Matrix, and a dazzle is a way of dissimulating. It's a way of hiding by virtue of causing so much different signals, to assess on different channels, that it becomes very hard to see the real thing, right? It obfuscates it through all the noise, all the distractions. From a behavioral profiling standpoint, and I think this is just equally as meaningful here, is it's a way of staging. And staging is the intentional thwarting and misdirecting of an investigation by placing things in the way of the incident responders, the investigators, and creating red herrings, where you end up following leads that end up nowhere. And it's very hard to identify the real thing you should be looking at if it's staged correctly. If it's not staged correctly, then the profiler -- generally speaking, profilers are very good at picking up on staging, but the point of a staging artifact or multiple staging artifacts is to create that dazzle effect, where it's hard to focus on the real thing. You're distracted through these misdirected efforts.
Mason Amadeus: You mentioned a Ruse Matrix with some names attached to it.
Cameron Malin: Yeah. Yeah.
Mason Amadeus: And that immediately made me want to look it up and I could not find it. Can you say that again? Or describe it?
Cameron Malin: Yeah. Yes, Barton Whaley and Bowyer Bell. Bowyer is B-O-W-Y-E-R, Whaley, W-H-A-L-E-Y. Two of the most important deception theorists and academics and probably created some of the greatest American deception theory that we still have and use. And the Ruse Matrix is their effort of taking the ways that we are denied or how the real thing is not shown and how the fake is shown.
Mason Amadeus: Wicked.
Cameron Malin: Yeah.
Mason Amadeus: I'm going to have to do some reading after this.
Cameron Malin: All right.
Perry Carpenter: So maybe that's a good chance for us to pivot into some of the different things that our audience is going to be really interested in, which would be where we are in terms of deepfakes, manipulated realities, cheap-fakes, disinformation, and kind of, the scam landscape that you're seeing right now. Because you've got a few different companies.
Cameron Malin: Yeah.
Perry Carpenter: And work groups really, that focus on this. What do you see as like the state of now, when it comes to synthetic media attacks and what we should be thinking about?
Cameron Malin: Yeah. It's a great question, Perry. I know you're kind of in the same space. You're seeing a lot of the same things. I would say that, as we would expect, there is an uptick not only in volume, but there's an uptick in the fidelity and the believability of the synthetic media. If you go back, say, two years, a lot of the deepfakes were quite pedestrian. They were not very effective. And the central factors of, let's call them cognitive malware, that make them impactful on the viewer or the audience receiving them, it would be very low. The fidelity would be, you know, very low, and therefore, the intended impact would be ineffective. What we've seen pretty exponentially over the last few years is really, really great use of real-time deepfake. So being able to go on a call like this and sound and look like the person on the call, a digital impersonation that is believable, that has a low degree of imperfection, and is going to cause the type of intended behavior that was set out for the creation of the deepfake. So, whether we look at the transfer of money out of Hong Kong as an example, although I have not seen the deepfake, but from all descriptions, that was a recorded deepfake, it was not live. It was multiple people. It was supposedly four to five different C-suite executives giving instructions to the victim. But the channel is just as important. So, to the idea of channel, channel is the manner, means, or modality of how the deepfake is transmitted. It's very traditional, to persuasive communications, or deception. Channel is an important factor. A lot of the cases I see, maybe they start off as a voice-based deep fake, coming in through a communication platform, let's say WhatsApp. And it will start there. Now, it might be high fidelity, but there's still circumspection. The offender has the responsibility in their mind to lower vigilance, increase familiarity, and raise fidelity to the extent that the victim now feels comfortable to take an action that, generally speaking, could be at high risk. So, you're lowering the risk appetite, and you're making the person feel like it's something safe. There are a number of psychological factors baked into that but I think -- I don't know if offenders are doing now, Perry, or considering, but the outputs of their attacks certainly feel like they've gotten better at understanding some of the psychology behind how people trust.
Perry Carpenter: Yeah. From what I'm seeing in some of the investigative reporting at, you know, big scam centers like in Myanmar and others that are doing the pig butchering scams, they've developed playbooks. And so, I think that higher up, whether people have studied the psychology of it or not, what they've found is that they're able to hone the discipline and hone in on what works.
Cameron Malin: Yeah.
Perry Carpenter: Then build a playbook that they indoctrinate the people that come in, both willingly and unwillingly, to participate in the scam ecosystem.
Cameron Malin: Yeah.
Perry Carpenter: And then, you know, their performance reviews are not a lot of fun, and so, you're kind of incented over and over and over again to do the thing that's going to work. And so, I think in that respect, it's hard-won experience that's winning out, and then probably a little bit of oversight and consulting from people who really know how to build narrative frames that are going to be effective.
Cameron Malin: Yeah. No, I think you nailed it there with all of the underlying factors that are an incentive for them to be successful. And then, if you compound that with volume, and then their general methodology, their vector in, their entrance is always an interesting gambit. They always use really interesting ways of peaking on people's curiosity, loneliness, hopes, and they use a lot of behavioral economics in some of these efforts. It's not always the same, because I think there's so many people doing it, but I agree with you that there's likely a playbook or playbooks that are used across these groups. And they probably borrow and steal from each other.
Perry Carpenter: Yeah.
Cameron Malin: But that opening move, that pawn, rook, four move that they do to start the process with a victim, and then relying upon numbers, it's really quite interesting how far they'll go. Multimedia now, I'm sure you've gotten the ones where they're willing to send pictures, and they've got to be real careful, because once you start doing file exchanges, things can happen on either end. And you could reveal things about yourself, and you could also have someone send you something back. And depending on the intentions of whoever you got on the other end, bad things can happen back. So, I think it's a risk calculation game they play, it's a numbers game they play, and it is a lot of human science behind these attacks.
Perry Carpenter: So, pivoting off of strict scams then, what are the similarities and differences when it comes to information warfare, using these tactics for disinformation or whatever purposes?
Cameron Malin: Yeah, so for information warfare, a lot of it is going to come down to, number one, the way the country does their information warfare can shape the way it feels and looks. So, if we're talking about, say, Russia, Russia has a very long and rich provenance of using different styles of information warfare. And if we use the demarcation point of '82, let's just use that as a general number, I mean, Maskirovka goes way before then, but I like using that because that goes to Vladimir Lefebvre's work in creating reflexive control, which is a -- he was a mathematical psychologist. And so he would look at reactions and movements and things that would cause reflexes in people based on math. And so, if you look at any of his work, it has all these equations and diagrams with math. You might see how that looks different in, say, a 2016 election. It's very much, we know it's Russia, right, but we also know the style of the attack is a reflexive control attack. And it's also an active measures attack. An active measures attack is one in which it's based upon political propaganda and attitude shaping through society and through politics in particular. It's a riff off of an old Cold War tactic and philosophy that we moved away from. From the US's standpoint, the Active Measures Working Group was shut down in the 1980s, after the wall came down and after the Cold War ended. Russia did not stop their active measures. And so, that becomes a different animal entirely. If they are practiced over 40 more years, and we're not, it could look and feel quite different indeed. China's methodologies has a longer, richer history and stratagems in the way that they think about psychology. So, the information warfare, Perry, I think it will look different because the breadth and scope and channels they use versus, say, you know, pig butchering scam, oftentimes you're going to see that very SMS-based, Apple message based, although I did get one over email today, which was very bizarre.
Mason Amadeus: Oh, really?
Cameron Malin: Yeah. This was the first time I'd seen that. I won't derail too far here, guys, but it was the first time where someone sent me an email. And it was looking as if it was a DNA genealogy issue, where the person had concerns and referenced a relative of mine based upon my name, and it was only to me.
Perry Carpenter: Oh. Wow, okay.
Cameron Malin: So, you know, typically when you get emails that are totally nonsense, you're BCC'd.
Mason Amadeus: Yeah.
Cameron Malin: I was not BCC'd; this was one-to-one.
Mason Amadeus: Wow. >> Perry Anderson. That's spicy.
Cameron Malin: It was spicy. Mason, I was so excited, I mean, I'm sitting there going, did they know I wanted this? Like, you know, I wish it were not a scam, but it definitely was a scam and it's airy enough, it's just airy enough to not give you enough details. Where your curiosity is piqued, the name is familiar, obviously, so you're interested based on -- so are they cultivating through ancestry.com or some database? Now, I'm not in Ancestry, and I'm not in 23andMe, but are they trying to, are they using some sort of AI to go through there and go, well, by definition, this person probably is related to this person. It's very interesting.
Mason Amadeus: Well, and how much sense does that make? It's become normalized to message people you don't know personally, but you found relations through Ancestry.
Cameron Malin: Yeah. Yeah.
Mason Amadeus: That's normalized, that's a great vector. Oh my god.
Cameron Malin: It was pretty interesting. For them, what was bizarre is, remember, when we think of messaging, we're thinking about the source, the receiver, the channel, and the message, right? If we use that four-quadrant piece that is very traditional for persuasive communications and deception, the source didn't do a good job of credibility. Source credibility is key. It reigns king in any of the disciplines we just talked about, and they use some horrible email addresses. It's like, okay. Now, if you made it look like a law firm or you made it look like something medical-related, you could move it towards some financial thing. But I think the greater peak would be something professional, authoritative, expert-like, and trustworthy. As a reformed lawyer, I'm not sure if law firms fit in that anymore.
Mason Amadeus: I like that. Reformed lawyer, too. That's very good.
Cameron Malin: Yeah, yeah. I feel like I finally sweat it all out. You know, coming from some crazy Gmail address, like that's not going to happen, right? We're not doing that. But the body, the message, is what was really interesting. So, the source failed, the receiver was the right receiver, the channel was the right channel. They got it to me.
Mason Amadeus: And the message was good.
Cameron Malin: The message was fantastic, solid ten out of ten. But it's the source. And that we all know, like if anyone in your audience is looking to, as a general idea to brush up on any of these tactics, whether it's AI, traditional scams, you have to understand that quadrant of source, receiver, message, channel. That is how it works.
Perry Carpenter: There was one that came to my email the other day, so not as sophisticated as the one that got to yours, but it was purportedly from the pastor of the little church that I go to. And what you can tell is that the scammer found some kind of directory to who was going to that church, because the subject line was my wife's name. And so immediately, I see the display name is somebody that I know. The subject line is somebody that's very personal to me. And then it went into a more traditional scam. Here, I'll just read it, so I don't misquote it.
Cameron Malin: Amazing.
Perry Carpenter: Yeah. It says, "Do you have a moment? I have a request that I need you to handle discreetly," which, you know, seeing your wife's name there is a little bit scary. It says, "I'm currently busy in a prayer session. No calls, just reply to my email." And then it has his correct name and position. And then the name of the church, the address of the church at the bottom. And then a little giveaway, it says, "sent from myMail." And then, as I looked at the headers, under the display name, the actual email address was pastormail987@gmail.com.
Mason Amadeus: Yeah.
Perry Carpenter: So some things that would erode the credibility. But for somebody that wasn't looking for scams or didn't know about it, I think 80 percent of the people would potentially reply back to that email because it seemed that credible.
Mason Amadeus: Small community church.
Cameron Malin: Yeah. Yeah. It's actually somewhat unsettling that they were able to make the connection that you're a congregant.
Perry Carpenter: Yeah. They must have found a directory somewhere.
Cameron Malin: Yeah, that one's a good one though, Perry, simply because it's coming from a trusted source, and beyond trusted to the extent that there should be some sense of maybe higher deference, because it's a religious organization. And the leader of the religious organization. And if they're in need, we tend to want to help those that are spiritual in need, to do something altruistic. It's not going to be seen as being something nefarious, it's going to be presumed altruistic. It's a really interesting attack.
Perry Carpenter: Yeah. I think if I wasn't steeped in this kind of stuff, I wouldn't have seen some of the flags because there's a really big flag in the cybercrime industry, when it says, "Don't call me, just reply back to this email. I'm currently busy. I can't really engage with you. I just need you to do this thing." That's a huge, big flag for gift card schemes and things like that.
Cameron Malin: Yeah. No, I agree.
Mason Amadeus: This may be a potentially dumb question, but I lived my life so far asking dumb questions. Do you think there's value -- we talked a lot about profiling the criminal, but does the work ever stretch to profiling the victims of a crime, or is there utility in that? Particularly thinking in terms of cybercrime, when there's these broader scope pig butchering scams and stuff? How often does your work extend to that side?
Cameron Malin: Oh, always. Anytime you do a behavioral assessment, you are including what's known as victimology. And victimology is studying the intersection of how the adversary was able to gain, select, and victimize the victim. And so you want to understand the degree to which the victim was accessible. How desirable were they? How vulnerable were they? What was it about the victim that put them in a certain position to be targeted and to be availed upon? Were there things that they were doing that might have amplified that? Were there things they could have done that would have insulated them against that? It is truly its own -- I don't want to say its own subdiscipline, but victimology can be studied. I mean, there can be entire courses on victimology assessment. Some have described it forensic victimology; I wouldn't go that far. But any profiler is going to look at a case where there is a victim at the end of it. There are some assessments you do that there is not a specific describable victim, and you wouldn't apply it in there. But any case where you know there's been an impact to a person, organization, or group, you're going to study the victimology. It's a good question.
Mason Amadeus: Wicked interesting. And then, I have so many other questions, but I want to hit this one personal question. How has this career path changed the way that you fundamentally interact with people on a day-to-day? I'm sure it has to have, right?
Cameron Malin: Yeah. It's a really good question. It's a question that's really in many ways near and dear to my heart because any new profiler that comes into the unit when I was there, I would warn them about the importance of being able to turn it off. Because once you're trained and once you see things through a certain lens, it becomes second nature to interact and see the world and people through a particular lens. And it's very helpful. It's very, very helpful. But it's one degree and dimension of who you are as a person, and you don't want that to override and become the revised version of you, through the lens of only being a profiler. It's a science and an art, but it is not an identity. I think that as long as you keep that compass in mind, you're able to be a normal person to hang out with. You're not always studying things. You're not always assessing people. But I will tell you, though, the ability to observe and quickly do some assessment happens fast. That is something that you can't -- like if you pick up on someone's behavior -- I was with my son. I'll give you a quick story. I was with my son, and someone approached us and was saying some things. And you know, the person didn't appear to be violent, didn't appear to be ill-natured or harmful. But there were some anomalous things happening. And when we got back in the car, I was able pretty quickly -- my son was like, "That was very unusual. What was that about? What was wrong with that person?" And I was able to kind of walk through what was probably going on and why. And then we got into a really good conversation about how many people are like that and how many people -- should we be afraid of those kind of people? It was very, very interesting. So, it's not like I turn -- when I say turn it off, Mason, it's not like you don't see it or calculate it. It's just how you act upon it, right?
Mason Amadeus: Right. I imagine just as a very, like a person who's very anxious and neurotic, just reading the room constantly, I can only imagine if you've been trained in behavioral analysis, you are doing that constantly, like you're a hyper-anxious person.
Cameron Malin: Yeah. Yeah. I mean, certainly, it helps you read a room pretty well. But the other side of that is you also just want to enjoy life in the world, and you don't want to overthink too much. The beauty of being human is experience. I'm all about the experience. I'm not going to overthink that too much. But I'll always have that ability, like you're saying. You can't turn off the idea of seeing, assessing, understanding what you're seeing in front of you. You just got to take that mental step of being mindful of, hey, I want to enjoy life. I want to not always be in the process of coming up with some assessment in my mind.
Mason Amadeus: Right. Right. I can only imagine.
Cameron Malin: Yeah.
Perry Carpenter: All right. So, last question for us to out on. Talked about the fundamental importance of enjoying experiences. One of the experiences we're planning over the summer is this Offensive Cyber Deception master class, I think is the title we landed on. Describe a little bit what you are hoping people would get out of that.
Cameron Malin: Yeah, Perry, I'm very excited about this. It's a huge honor for me to be doing it with you and Matt and going out and offering this to folks who want to learn more and really get steeped in cyber deception across a variety of different modalities. For me, what I know we're going to bring to the table here versus any other opportunity that people have, is a very deep understanding through deception frameworks of what is underneath the hood and what offers the access to do these types of attacks. And I think once people understand that these are the things that are being manipulated at a human level and then be able to show, to some of the models we were talking about earlier, the existing historical ways that these areas of psychology, sociology, culture, anthropology can be quickly shaped through models, that would be a way of going down that funnel. And then, I think between the work that you're doing, and I'm doing, and Matt's putting in, we're going to be able to show demonstrably, through the respective types of cyberattacks out there, how these are leveraged in a very meaningful way. And I'm very confident that based on our experiences, based on our expertise, that right now there's nothing quite like that out there. There may be some that are very tactical, that the course is going to be about X. But nothing like this master class, where we are offering the students this incredibly intricate and broad tapestry of how it works, why it works, and then let them practice using those things.
Perry Carpenter: I think you're dead on. There's going to be tons of classes from people who will show you a spectrum of tools. There are going to be very few that show you the spectrum of tools and the cognitive frameworks and vulnerabilities that can be exploited using those tools, and some of the defensive mechanisms that we should be thinking about as well.
Cameron Malin: A hundred percent.
Mason Amadeus: It's exciting that you guys are doing this in person, too, because then there's value. Everyone attending will have a chance probably to speak with you and ask questions and get more information and such, right?
Cameron Malin: Yes.
Perry Carpenter: Absolutely.
Cameron Malin: And that's what I think, it's fair to say probably Perry and I are both introverts. But this is a really good way to be around those that have those similar interests where it feels like home. Right? You're around people that are very interested in the same thing. And so, for introverts like us, yes, it's going out in person, Mason, but it's like being in your living room.
Perry Carpenter: Except that your living room is in Vegas and a cyber deception expert that can read everybody else in the room.
Cameron Malin: Yeah. Yeah, yeah, yeah.
Perry Carpenter: No pressure. Let's close out with a couple interesting things that I think are scary and indicative of where the internet is going and where AI is going. This definitely qualifies as a dumpster fire because it's infecting reality. And one of the things we think about when it comes to AI, and when it comes to the internet, and the algorithmic influence of the internet is the fact that reality shifts based on the representation of certain types of data that can infect the way that large language models are trained, that can affect search results, all of that kind of stuff. We've touched on that several times. But there was a great piece from 404 Media this week, that made me revisit a couple core concepts. So, before we get to the 404 Media piece, let me go over to Wikipedia and reintroduce you to a phrase. This is the dead internet theory. It's a fairly pessimistic outlook on the state of the internet. And the Wikipedia article even mentions that, "The dead internet theory is a conspiracy theory that asserts that, due to a coordinated and intentional effort, the internet now consists mainly of bot activity and automatically generated content manipulated by algorithmic curation to control the population and minimize organic human activity." Now, I think most of us, when we use the phrase "dead internet theory" aren't thinking about that control aspect. But people are usually talking about the fact that there's just so much bot and automatically generated content on the internet that it's hard to find what is real, what's organic, what is intentionally and in a manmade way, put out onto the internet for the sake of actually connecting with people in a meaningful way. So, it is interesting to see this definition that talks about the fact that there's probably someone pulling the strings -- the way that they say it is there's someone pulling the strings behind all of this, in order to subdue humanity. And, you know, I think in many ways, we are subdued by the fact that we are content to doom scroll so much of the time rather than engaging in meaningful ways. And I'll just go ahead and finish this first paragraph. It says, "Proponents of the theory believe that these social bots were created intentionally to help manipulate algorithms and boost search results in order to manipulate consumers. Some proponents of the theory accuse government agencies of using tools to manipulate public perception. And the date given for this "death" is generally around 2016 or 2017. The dead internet theory has gained traction mainly because many of the observed phenomena are quantifiable, such as increased bot traffic. But the literature on the subject does not support the full theory." And I think that that is an important thing to realize. So the full theory, I think, is very largely based in conspiracy when it comes to, you know, somebody behind the scenes intentionally manipulating us like marionettes to keep the populace down. But if we are broadened out, if we zoom out and take the idea of the dead internet being this thing that's being created largely by bots and AI-generated content, then, yeah, I think we have to nod in agreement that there is some of that happening. So, that 404 Media article that we're going to get to in a minute led me down this trail for a second. So, let's go from there to another article. And this is in The Conversation, and it says, "The 'dead internet theory' makes eerie claims about an AI-run web. But actually, the truth is a little bit more sinister than that." And they're talking about the fact that there's so much AI-generated content out there. But also, in addition to that, there are heavily influenced aspects of the internet that are propaganda. And so, what they're getting at is that the motivation for accounts to generate interest may appear obvious, so it's like social media engagement, and that's what 404 Media is getting at in theirs. But there's also the idea of the fact that we can be really subjecting ourselves and subjecting the internet to bot-fueled disinformation. We saw that in the article that we looked at last week about the Russian propaganda network, that was putting tons of articles on Wikipedia and other "trusted sites" so that those could get ingested into large language models and train the output, to bias the output, so that the Russian propaganda was going to be something that would be reflected in the output of the chatbots, when people ask certain questions. So that's really interesting to see, and it's actually this article in The Conversation is tapping into that. And they say that, "The scale of influence is significant. Some reports even found that nearly half of internet traffic in 2022 was made by bots. With recent advancements in generative AI, such as OpenAI's ChatGPT, models like Google's Gemini, the quality of fake content will only be improving. And social media organizations are seeking to address the misuse of the platform." They go on to talk about, you know, the rise of bots and how that was affecting X, and the fact that Elon Musk, at one time, was saying that that was a huge problem that they were trying to deal with. But it goes on to say, "The dead internet theory is not really claiming that most of your personal interactions on the internet are fake. It is, however, an interesting lens through which to view the internet, that it is no longer for humans and by humans, and this is the sense in which the internet that we knew and loved is "dead." The freedom to care and share our own thoughts on the internet, social media, is what made it so powerful. Naturally, it is this power that bad actors are seeking to control. The dead internet theory is a reminder to be skeptical and to navigate social media or other websites with a critical mind. Any interaction, trend, and especially 'overall sentiment' could very well be synthetic designed to slightly change the way in which we perceive the world." And so, I encourage you to read this article from The Conversation. It's a good segue into the 404 Media article. The 404 Media article is titled "AI Swap is a Brute Force Attack on the Algorithms that Control Reality." Now, the 404 Media article is a little bit less about propaganda and more about the fact that we are dealing with an attention economy that is algorithmically controlled. And the algorithms are understanding what gets engagement. And so, as they're getting into what AI Swap is -- anybody that's watching on YouTube is seeing some fairly creative and potentially horrific images, lots of stuff with food, just nastiness, weirdness kind of mushed up together and crazy stuff. And they've got this video that was AI-generated, that was at a mall that shows this one person eating other people and being transformed into what ultimately is some weird version of a giraffe. Let's play that real quick. So a spider turning into this weird giraffe-like creature. It's pretty gross looking. And those are getting millions and millions of views. And then, also the reporter that has been reporting on this said now their Instagram feed is just all AI swap, all weird AI swap. And I've seen that personally. I've shared tons of videos on Instagram with Mason and other people, because that is my Instagram feed right now. It's all AI weirdness, again, because they know it gets that engagement. Anything that makes you stop for a couple of seconds in your doom scrolling is the thing that the algorithm is going to prefer. And sometimes shock or outrage, or just disbelief at what you're looking at is enough to make that happen. So, what they get at in this article is, ultimately what's happening is that people are just generating more and more AI-generated content, because of this effect. And people are not trying to serve other people with this content. They don't necessarily have a target viewer in mind. What they have in mind is the algorithm itself. Here's an interesting quote from the article. It says, "YouTube doesn't care about your production value. They care about feeding their audience. And their audience is hungry for short content. Ready to start feeding the algorithm what it's actually hungry for?" And that was an influencer kind of giving their pitch on just filling up your YouTube channel or any YouTube channel with AI-generated swap because you're trying to feed the algorithm, which is all about this short-form content. Then the article goes on talking to one of these creators. And the reporter says, "I spoke to someone who's doing this and asked him if he was using AI tools for 'brute-forcing social media algorithms.' And he said, 'Sounds about right, bro. I think that line of thought is correct. I agree with it.'" So the conclusion that the author of the article is coming to, the platforms are brute-forcing themselves. They're kind of in this cycle of madness. It says, "My brute force attack metaphor isn't perfect, because with a brute force attack, the ones being attacked try to stop what's happening. In this case, the platforms are both paying spammers to brute-force their platforms and increasingly have realized that they themselves can brute force their own users with AI-generated ads that they can help companies make and optimize." And so, they ended by talking about the cat and mouse game of all of this. It's a fairly lengthy article, and I may even try to get the author on the podcast to talk about it. And this is kind of the conclusion of it, is that people are teaching each other to generate content for algorithms, not for humans. And so, I'll just read a little bit of this, one of these concluding paragraphs to say, "Even though many of the AI images and reels that I see have millions of views, likes, and comments, it is not clear to me that people actually want this. And many of the comments that I've seen are from people who are disgusted or annoyed. The strategy with these posts is to make the human linger on them long enough to say to themselves 'What the F, or to be so horrified as to comment 'What the F, or to send to a friend saying 'What the F?' All of these are signals to the algorithm that it should boost this type of content but are decidedly not signals that the average person actually wants to see this type of thing. It's brute-forcing a weakness in the Instagram algorithm that takes any engagement at all as positive signals, and the people creating this type of content know this." The article goes on to make a number of different points about how influencers are using this, how they get targeted specifically on different platforms, and how platforms deal with it differently. So really, really great and interesting article was from Jason Koebler. He was a co-founder of 404 Media, previously editor-in-chief at Motherboard. And I encourage you to read the article. I'll go ahead and post that in the show notes. It is behind a paywall, but a lot of the stuff that 404 Media has been doing recently has been really good. So, it's worth it if you can go ahead and swing for a subscription. Otherwise, they do have a free tier that gives like a once a week wrap up. With that, that's the end of this week's episode. Thanks so much for tuning in. If you liked it, feel free to like, subscribe, do all the normal things, leave a review. If you're listening to this on a podcast platform, if you're on YouTube, like, subscribe to the channel, comment on the videos, do all the things that kick those precious algorithms into gear. Feel free to send us a note, voicemail. All of our contact information is in the show notes. So, we will see you next week. [ Music ]
