Google sues Chinese cybercrime network that used Gemini to automate scams
Google sues Chinese cybercrime network that used Gemini to automate scams
谷歌起诉利用 Gemini 自动化诈骗的中国网络犯罪团伙
Google loves telling us all the ways people are using its generative AI products to build new things, grow businesses, and save the world. Supposedly. Of course, people are also using AI for crime. Google has announced a new legal salvo aimed at a Chinese group called Outsider Enterprise, which is allegedly responsible for a massive AI-powered scam campaign. Google says it’s working with law enforcement and mobile carriers to fight back.
谷歌乐于向我们展示人们如何利用其生成式 AI 产品来创造新事物、发展业务并拯救世界。当然,这只是理论上。事实上,人们也在利用 AI 进行犯罪。谷歌近日宣布发起新一轮法律攻势,目标是一个名为“Outsider Enterprise”的中国团伙,该团伙被指控策划了一场大规模的 AI 驱动诈骗活动。谷歌表示,目前正与执法部门及移动运营商合作进行反击。
According to Google’s legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their own. In its Telegram channels, Outsider Enterprise reportedly provided instructions on how to use Google’s Gemini AI to create websites that imitate those of Google, YouTube, and government agencies such as New York’s E-ZPass. The group offered nearly 300 scam templates.
根据谷歌提交的法律文件,Outsider Enterprise 通过 Telegram 进行运作。该团伙向那些技术能力不足、无法自行搭建欺诈网站和发起短信营销的人提供“网络钓鱼即服务”(phishing-as-a-service)。据报道,该团伙在其 Telegram 频道中提供了如何利用谷歌 Gemini AI 创建仿冒网站的教程,这些网站模仿了谷歌、YouTube 以及纽约 E-ZPass 等政府机构的页面。该团伙共提供了近 300 种诈骗模板。
Google says that scams enabled by Outsider Enterprise resulted in more than 2.5 million text messages being sent to Android users. About 55,000 of those messages happened in a two-week period last month. In all, Google has tracked 9,000 fake websites and 1 million URLs connected to the scam network. The text messages often made claims about account problems or issues with a package delivery. When users clicked on the links, they ended up on one of those fraudulent websites, designed by Gemini to look legitimate. The cybercriminals used these sites to steal personal data and banking details.
谷歌表示,由 Outsider Enterprise 促成的诈骗活动导致超过 250 万条短信被发送给 Android 用户。仅上个月的两周内,就发送了约 5.5 万条此类短信。总计,谷歌已追踪到 9,000 个虚假网站和 100 万个与该诈骗网络相关的 URL。这些短信通常声称账户出现问题或包裹派送异常。当用户点击链接时,他们会被引导至由 Gemini 设计的、看起来十分逼真的欺诈网站。网络犯罪分子利用这些网站窃取用户的个人数据和银行信息。
Google’s filing does not estimate the amount of money stolen through Outsider Enterprise scams, but the blog post notes that hundreds of people have lost some amount of money. Google worked with AT&T, Verizon, and T-Mobile to block many of these malicious text messages, and Google notes that its on-device scam detection in Google Messages probably helped reduce the number of successful phishing attempts, too. This AI-powered feature apparently stops 10 billion scam texts every month, so it’s fair to expect it caught at least some Outsider Enterprise activity.
谷歌的法律文件并未估算通过 Outsider Enterprise 诈骗窃取的金额,但其博客文章指出,已有数百人遭受了经济损失。谷歌与 AT&T、Verizon 和 T-Mobile 合作拦截了许多此类恶意短信,并指出其 Google Messages 应用中的设备端诈骗检测功能也可能减少了钓鱼攻击的成功率。这项 AI 驱动的功能每月能拦截 100 亿条诈骗短信,因此可以推断它至少拦截了部分 Outsider Enterprise 的活动。
Laws for AI threats
针对 AI 威胁的法律
Google has filed lawsuits against scammers before, but this is the first time it has taken direct action against a group alleged to be using Gemini as part of its scams. Google discusses the security measures it has baked into Gemini every time it announces a new model, but these can clash with the overarching need for chatbots to follow instructions and please users. And then you end up with thousands of scammers using Gemini to build fake websites.
谷歌此前曾起诉过诈骗者,但这是它首次针对被指控利用 Gemini 进行诈骗的团伙采取直接行动。谷歌在每次发布新模型时都会强调其内置的安全措施,但这些措施有时会与聊天机器人“遵循指令并满足用户需求”的核心目标产生冲突。结果就是,成千上万的诈骗者利用 Gemini 构建了虚假网站。
In addition to its civil lawsuit, Google is assisting the FBI’s cybercrime division with a parallel criminal investigation. However, no one knows who’s behind Outsider Enterprise, and even if Google did have names, there’s little to be done when the perpetrators are in China. The company can go after fraudulent domains and Telegram accounts in hopes of disrupting the Outsider Enterprise operation, but the scams may simply change form.
除了民事诉讼外,谷歌还在协助联邦调查局(FBI)的网络犯罪部门进行平行的刑事调查。然而,目前尚不清楚 Outsider Enterprise 的幕后黑手是谁,即便谷歌掌握了名单,由于肇事者身处中国,也难以采取进一步行动。该公司可以封禁欺诈域名和 Telegram 账号,希望能干扰 Outsider Enterprise 的运作,但诈骗手段可能会轻易变换形式。
Google believes that the era of AI calls for new approaches to law enforcement, so it’s taking this opportunity to renew its public support for a spate of legislation. The company has called out seven different potential federal laws, like the National Strategy for Combating Scams Act, the Strategic Task Force on Scam Prevention Act, and the AI Plan Act. Most of the legislation Google promotes calls on one or more federal law enforcement agencies to set up task forces to counter the threat of AI-assisted scams and market manipulation.
谷歌认为,AI 时代需要执法部门采取新的应对方式,因此它借此机会重申了对一系列立法提案的公开支持。该公司列举了七项潜在的联邦法律,例如《打击诈骗国家战略法案》、《诈骗预防战略工作组法案》和《AI 计划法案》。谷歌推动的大多数立法都呼吁一个或多个联邦执法机构成立工作组,以应对 AI 辅助诈骗和市场操纵的威胁。
One of them (Artificial Intelligence Public Awareness and Education Campaign Act) is aimed at improving the public’s ability to spot malicious uses of AI. However, the industry-wide goal of attaining human-like intelligence in AI systems will only make this content harder for people to spot, even with all the well-meaning government legislation in the world.
其中一项(《人工智能公众意识与教育运动法案》)旨在提高公众识别 AI 恶意用途的能力。然而,整个行业追求 AI 系统具备类人智能的目标,只会让此类内容变得更难被识别,即便有再多善意的政府立法也难以完全解决问题。