Flirtbot

Beware the Flirtbot CyberLove

CyberLove

Ever since the computer was invented, people have wondered when such machines would be able to think. In 1950, mathematician Alan Turing suggested a simple test for computer intelligence: if a computer can fool a human being into thinking it is also human, said Turing, the machine should be considered intelligent.

Turing died in 1954 but must have rolled over in his grave last week when the Turing test's reputation hit a new low: security analysts discovered a "sex chat" computer program so lifelike it was fooling customers into disclosing their personal data.The program is called "CyberLover" and exploits a technique long known to security researchers as "social engineering," a fancy term for manipulating users into disclosing information. What's new with this con is that the one doing the social engineering is a computer program. And a hard working one. According to Ina Fried, citing a report from PC Tools, CyberLover "can work quickly, too, establishing up to 10 relationships in 30 minutes.... It compiles a report on every person it meets complete with name, contact information, and photos."

Of course, the user must volunteer this information, which raises another intriguing question: Are users that are naive enough to give out personal information to a computer sex-chat program able to pass the Turing test themselves?

i see only one explanation to such naivity of the users: they simply do not suspect someone might use this information inappropriately. is there any definite sighn to show that you are speaking to a bot?
the patterns of virtual conversation are rather familiar which gives a wide range of opportunities for such fraud.

Beware the CyberLover that Steals Personal Data
A security vendor is warning of a malware in the form of a flirtatious robot.
December 2007

Internet users are being warned about a new malware trend involving the use of natural language dialogue systems that are already deployed within gaming technologies.

The software conducts fully automated flirtatious conversations in a bid to collect personal data from those seeking relationships online.

Developed in Russia, the new software is known as CyberLover and has been uncovered by security vendor PC Tools.

CyberLover can be found in chat-rooms and dating sites trying to lure victims into sharing their identity or visiting Web sites with malicious content.

According to its creators, CyberLover can establish a new relationship with up to 10 partners in just 30 minutes and its victims cannot distinguish it from a human being.

PC Tools is concerned about the program's ability to mimic human behavior during online interactions and urges Internet users to beware of this new breed of software that can easily be used for malicious purposes.

The company's senior malware analyst, Sergei Shevchenko, said the concept behind this software could be the catalyst for a dangerous new trend in malware evolution.

"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," he said.

"It employs highly intelligent and customized dialogue to target users of social networking systems. Internet users today are generally aware of the dangers of opening suspicious attachments and visiting unusual URLs, but CyberLover employs a new technique that is unheard of; that's what makes it particularly dangerous."

Shevchenko said CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention.

"If it's spawned in multiple instances on multiple servers, the number of potential victims could be very substantial," he added.

According to PC Tools researchers, the CyberLover software: offers a variety of profiles ranging from "romantic lover" to "sexual predator"; uses a series of easily configurable "dialogue scenarios" with preprogrammed questions and discussion topics; is designed to recognize the responses of chat-room users to tailor its interaction accordingly; compiles a detailed report on every person it meets and submits then to a remote source - the reports contain confidential information that the victim has shared with the bot, which can include the victim's name, contact details and personal photo(s).

The predatory program invites victims to visit a "personal" Web site or blog which could in fact be a fake page used to automatically infect visitors with malware.

To date, CyberLover is predominantly targeting Russian Web sites but PC Tools expects the program could make its way down under very soon.

Those entering online dating forums risk having more than their hearts stolen.

A program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PC Tools.

The artificial intelligence of CyberLover's automated chats is good enough that victims have a tough time distinguishing the "bot" from a real potential suitor, PC Tools said. The software can work quickly too, establishing up to 10 relationships in 30 minutes, PC Tools said. It compiles a report on every person it meets complete with name, contact information, and photos.
Click for gallery

"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," PC Tools senior malware analyst Sergei Shevchenko said in a statement.

Among CyberLover's creepy features is its ability to offer a range of different profiles from "romantic lover" to "sexual predator." It can also lead victims to a "personal" Web site, which could be used to deliver malware, PC Tools said.

Although the program is currently targeting Russian Web sites, PC Tools is urging people in chat rooms and social networks elsewhere to be on the alert for such attacks. Their recommendations amount to just good sense in general, such as avoiding giving out personal information and using an alias when chatting online. The software company believes that CyberLover's creators plan to make it available worldwide in February.

Robot chatters are just one type of social-engineering attack that uses trickery rather than a software flaw to access victim's valuable information. Such attacks have been on the rise and are predicted to continue to grow.

Update 4:10 p.m. PST: Mike Greene, vice president of product strategy at PC Tools, said that the company learned of CyberLover's existence earlier this week as part of its regular monitoring of IRC chat rooms and other places where talk about malware takes place.

Greene said that it is hard to tell how prevalent use of the program is in Russia.

"We don't have exact statistics, but I think it's early on," he said.

Greene said that the perceived anonymity of the Internet has desensitized people to the fact that information disclosed in an online chat can cause real-world damage.

"People are used to not opening attachments or maybe not clicking on a link that shows up in their IM," he said. "But this emulates a real conversation, so you more are likely to give over personal information, click on a link or send your photograph."

Slutbot aces Turing Test*
December 08, 2007

Russian crooks have unleashed an artificial intelligence, called CyberLover, that poses as a would-be paramour in sex chat rooms, enticing randy gentlemen to reveal personal information that can then be put to criminal use. Amazingly, the slutbot appears to be successful in convincing targets that it's a real person. Reports Ina Fried:

The artificial intelligence of CyberLover's automated chats is good enough that victims have a tough time distinguishing the "bot" from a real potential suitor, [security software firm] PC Tools said. The software can work quickly too, establishing up to 10 relationships in 30 minutes, PC Tools said. It compiles a report on every person it meets complete with name, contact information, and photos ...

Among CyberLover's creepy features is its ability to offer a range of different profiles from "romantic lover" to "sexual predator." It can also lead victims to a "personal" Web site, which could be used to deliver malware ... The software company believes that CyberLover's creators plan to make it available worldwide in February.

Could it be that the Turing Test has finally been beaten - by a sex machine, no less - and that a true artificial intelligence is on the loose? Maybe so, but, as I indicate in the title to this post, this breakthrough will, like Barry Bonds's homer record, have to carry an asterisk. After all, studies show that when people enter a state of sexual arousal their intelligence drops precipitously. I won't go so far as to say that the slutbot is cheating, but I will argue that it has an unfair advantage over other AI wannabes.

UPDATE: A commenter over at Hacker News corrects my misrepresentation of the Turing Test: "In a _true_ Turing Test, the humans aren't blindly conversing with the assumption that their conversant is human -- they're actively seeking to verify the presence of a human." That asterisk is looking bigger all the time.

While completing a strategic sector review for an EU telecom giant on the Brand Monitoring and Text Mining of Blogs, I came across a renegade researcher that had created a 'blog reposting engine'. This engine crawled and massaged various whole blogs, using thesauri and NLP to create a clone blog, that perfectly captured the articles with enough linguistic changes to be totally convincing.

It was an engine for plagiarism. And I think it;s in the wild.

Sexual seduction is an activity in which our hopes and projections are mostly active. But we don't need much consistency in language and much less when the discourse becomes heated. The discourses are based more on the limbic and reptilian parts of the
brain. It seems that even in this case the sex industry is at the forefront of technology!

The next time Hunky Bob from Plymouth flirts with you on a dating website, beware.

Computer
CyberLover can conduct flirtatious conversations

He could be a "flirting robot", the latest tool used by hackers to gain access to your personal details and passwords.

Called CyberLover, the piece of software developed in Russia masquerades as a real man or woman who is seeking love online.

It is capable of conducting flirtatious conversations with people in chat-rooms and on dating sites as a means of luring vital information from its unwitting victims.

According to its creators, it can establish a new relationship online with up to 10 people in just 30 minutes.

Security experts said they were concerned that internet users were being lured into a false sense of security before parting with personal information such as their address and date of birth which can be used to access bank accounts.

They said that the answers to simple questions such as, "Where can I send you a Valentine's Day card?" or "What's your date of birth? I'm planning a surprise for your birthday?" could leave people exposed to identity fraud.
Article continues
advertisement

PC Tools, the suppliers of computer security products, said that CyberLover compiled a detailed report on every person it met, which it sent to hackers across the world.

"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," said Sergei Shevchenko, a senior analyst at the company.

"Internet users today are generally aware of the dangers of opening suspicious attachments and visiting URLs, but CyberLover employs a new technique that is unheard of. That's what makes it particularly dangerous.

"It has been designed as a robot that lures victims automatically without human intervention."

Although the software is currently targeting Russian websites, Mr Shevchenko said that all social networkers and online daters should be aware of giving away information to strangers.

The warning follows a report that internet crime has become a major commercial activity worth billions of pounds.

In the years to come, December 2007 will come to be seen as a watershed in the history of artificial intelligence. For it was in this month that a Russian chatbot called Cyberlover began appearing on various online dating sites. The chatbot flirted with users, coaxing them into giving away personal data that could then be used to commit identity theft. Few, if any, users suspected they were conversing with a robot.

The significance of Cyberlover does not lie in its design. The software contains no great technical advances. Cyberlover works just like most other chatbots, and would not pass the Turing test. The British mathematician Alan Turing devised this test in 1950 as a benchmark for machine thought. Put a machine in one room, he suggested, and a human being in another. Give each a keyboard and a monitor, and connect these to a keyboard and a monitor in a third room. Put a human judge in the third room, and tell him or her that a machine and a human are in the other rooms, but not which is in which. Allow the judge a set amount of time to converse with the machine and the human via the keyboard and monitor, and then ask the judge to guess which room houses the human. If a series of judges can do no better than chance at guessing correctly - if, in other words, the machine can converse so well that it is hard to tell it is not human - the machine passes the test. This, Turing claimed, would be proof that the machine could think.

In the Turing test, the judge is warned in advance that one of the interlocutors is a robot. No computer programme in existence today can fool a person thus forewarned into thinking it is human. But when the person is not forewarned it is much easier for a robot to masquerade as a human. Cyberlover succeeded in fooling people because, prior to December 2007, nobody using online dating services even considered the possibility that they might end up flirting with a robot.

Once the story had broken, however, that possibility was present in people's minds. Perhaps not in many, and even then only occasionally - but present nonetheless. And therein lies the true significance of Cyberlover. In the years to come, as chatbots proliferate, all of us will find ourselves wondering more and more whether the emails, voicemails, chats and text messages we receive come from humans or robots. As the robots get more intelligent, we'll find it harder and harder to do that. As a result, the people we send emails and text messages to will make us jump through ever more intricate hoops to prove that we are not robots. And when we look back, we'll be able to trace the roots of this Machiavellian cyberspace to the seeds of doubt sown by Cyberlover, the first chatbot to masquerade as a person outside the confines of an official Turing test.

Turing proposed his test as a thought-experiment, as a way of clarifying our intuitions about artificial intelligence. He saw that, when faced with the question, "Is it possible to build a machine that can think?", philosophers would naturally be tempted to respond with some analysis of what is meant by the verb "to think". Turing hoped that his thought-experiment would cut through a lot of fruitless semantic debate. But what started out as an arcane experiment gradually became an everyday reality. Its journey from interesting idea to real-life application began in the 1960s, when computer scientists started designing the first chatbots. In 1990, the eccentric New York millionaire Hugh Loebner - a man whose fortune derived in part from the supply of portable light-up dance floors for dicos - launched an annual competition for these chatbots, with a prize of $100,000 and a gold medal to be awarded to anyone who could design a programme that could fool a jury of people into thinking that it was a human being. So far, the gold medal and the $100,000 remain unclaimed.

The Loebner competition is a real-life Turing test, but it's just for fun, and only a handful of people have taken part. In the past few years, however, real-life Turing-tests have become ubiquitous, and they are implemented for very real, very practical purposes. But the burden of proof has shifted. In the original Turing test, the emphasis was on the computer; could it, or could it not, fool a person into thinking it was human? Now, the onus is on the person to prove that he or she is not a machine.

If you've signed up for some kind of online service, from a social networking website like Facebook to an account on Amazon, you will have undergone (and passed) one of these real-life Turing tests. Most of these tests involve recognising a word that has been distorted. In order to gain access to the service provided by the website, you must type the word(s) into a box on screen. The test works because most people can do this easily, but computers can't do it at all. Not yet, anyway.

This kind of test is known as a CAPTCHA - a "completely automated public Turing test to tell computers and humans apart". The reason we are forced to jump through these hoops is to prevent "bots" signing up for the ever-increasing range of web-based services. Bots, or "web robots", are computer programmes that do things on the internet like gathering information. They can also be used for malicious purposes. For example, not long after companies like Yahoo! started offering free email services, some hackers created bots that would sign up for thousands of email accounts every minute. The result was meltdown; the email services crashed, or at the very least were slowed down significantly, due to the surge in traffic. The solution to this problem was to use CAPTCHAs to ensure that only humans could sign up for the free accounts.

Besides protecting free-email accounts and other online registration systems from malicious bots, CAPTCHAs are also used to safeguard many other types of web-based service, from preventing comment spam in blogs and protecting email addresses from scrapers, to defending online polls and preventing dictionary attacks on password systems. As more services become available online, different types of bots are created to exploit them, and more CAPTCHAs are deployed to keep the bots out. About 60 million CAPTCHAs are solved by humans around the world every day. Since each of these tests takes about 10 seconds to solve, this means that collectively, humans already spend more than 150,000 hours of work each day proving that we are not robots.

At the moment, unless you are visually impaired, it is quite easy to prove you are not a robot. That's because the context in which most bots operate - signing up for online services - lends itself quite easily to the visual CAPTCHAS involving word-distortion, and current bots can't recognise these distorted words. But over the next decade, several technological changes will occur that will make it harder for us to prove we are not robots. As a result, we'll find ourselves spending increasing amounts of time, energy and intelligence on the business of proving we are human. And we will increasingly have to prove this, not to machines, but to other people. The Turing test will be back in its original form - with a person as the judge - but it will no longer be a merely academic issue. It will be a vital part of surviving in cyberspace.