> Why should a person who has root on a computer talk to another person,
Because they are a human, and a human being cannot survive without communicating and cooperating with other humans. Much less hold a job that grants them privileged access to a prototype high-capacity computer system.
> and just do what he is talked into doing?
Why does anyone do what someone else asks them to? Millions of reasons. Pick any one. AI for sure will.
> That's what you are talking about?
Other things as well, but this one too - though it will probably work by e-mail just fine.
> Because that's impossible to happen if her boss uses ECDSA encryption and signs his phone call with his private key.
1) Approximately nobody on the planet does signed and encrypted phone calls, and even less people would know how to validate those when on receiving end,
2) If the caller spins the story just right, applies right amount of emotional pressure, it might very well work.
3) A smart attacker, human or AI, won't make up random stories, but will use whatever opportunity presents itself. E.g. the order for an emergency transfer to a foreign account is much more believable when your boss happens to be in that country, and the emergency described in the call is highly plausible. If the boss isn't traveling at the moment, there are other things to build a believable lie around.
Oh, and:
4) A somewhat popular form of fraud in my country used to be e-mailing invoices to the company. When done well (sent to the right address, plausibly looking, seems like something company would be paying for), the invoice would enter the payment flow and be paid in full, possibly repeatedly month over month, until eventually someone flags it on an audit.
Because they are a human, and a human being cannot survive without communicating and cooperating with other humans. Much less hold a job that grants them privileged access to a prototype high-capacity computer system.
> and just do what he is talked into doing?
Why does anyone do what someone else asks them to? Millions of reasons. Pick any one. AI for sure will.
> That's what you are talking about?
Other things as well, but this one too - though it will probably work by e-mail just fine.
> Because that's impossible to happen if her boss uses ECDSA encryption and signs his phone call with his private key.
1) Approximately nobody on the planet does signed and encrypted phone calls, and even less people would know how to validate those when on receiving end,
2) If the caller spins the story just right, applies right amount of emotional pressure, it might very well work.
3) A smart attacker, human or AI, won't make up random stories, but will use whatever opportunity presents itself. E.g. the order for an emergency transfer to a foreign account is much more believable when your boss happens to be in that country, and the emergency described in the call is highly plausible. If the boss isn't traveling at the moment, there are other things to build a believable lie around.
Oh, and:
4) A somewhat popular form of fraud in my country used to be e-mailing invoices to the company. When done well (sent to the right address, plausibly looking, seems like something company would be paying for), the invoice would enter the payment flow and be paid in full, possibly repeatedly month over month, until eventually someone flags it on an audit.