Artificial intelligence is both an amazing and scary idea all wrapped up in one, don’t you think? True AI has been a fantasy that has been touted in many a sci-fi flick from terminator, ex Machina, I Robot, the matrix and even Wall-E (I am a bit of a sucker for kids movies), to list a few. Some good characters and some pretty awful ones but one day (yes it’s only a matter of time) AI will be removed from the world of fantasy and thrown into the mainstream world we live in. Many companies tout AI functionality in their products especially in cybersecurity but in all truth, it is only machine learning. True AI is yet to be realised but the characteristics are already starting to show themselves and when it does finally occur it will bring with it both good and bad scenarios.
It’s an interesting thought if you truly think about it, there are so many possibilities of how AI could be integrated into our lives for the better (and possibly worse). Machines could solve many of the complex problems that we face and be the final piece of the puzzle needed in the search for a cure for cancer or dementia or so many other problems. Seriously machines will look at problems in a completely different light to how we humans do which could be how these problems are solved. This includes cybersecurity, we are losing the battle at this time but AI could help us react faster, respond better or even just look at the issues differently. It’s a great thought isn’t it, some of the world’s most complex problems solved.
Now, this is about the time we throw caution to the wind and deep dive into all the AI scary movie type scenarios in which humans are deemed as less important to the newfound intelligent beings (if that is how they would be classified), humans are wiped out or enslaved Blah Blah Blah. You all know the storyline and how it goes we have seen it enough with all the Hollywood blockbusters.
It’s a common scenario that is thrown around and Look this is an unlikely scenario which I think is not going to come to fruition (at least I hope not anyway). I know some of you may still think this is a true possibility and you may be correct but let’s ignore those apocalyptic scenarios for the moment an hope that minds like Elon Musk get the right protections in place to ensure that can never happen (if you haven’t already check out his crazy idea for human and machine integration or direct mind-machine control here it’s almost a mad scientist idea but if anyone could pull it off it's him).
Let’s focus our attention on some real-world grounded scenarios that will soon become a real threat to our networks and society as a whole. AI-based cyber-attacks will soon become a threat that we will need to protect ourselves from and honestly it is going to be a tough job that will require us to truly think outside of the box. I recently read a whitepaper written by Darktrace on “AI driven cyber attacks” which outlines what possible scenarios we could see in the future and what threats they have already encountered. One of the scenarios they discussed was the idea of autonomous malware (had a scary thought when I started to read that – AI driven crypto that ex-filtrates all of your valuable data and then either encrypts or wipes out all your systems in one swipe of its AI virtual hand in just seconds – I am not looking forward to that).
Okay back to reality again, AI malware will be able to adapt and respond to your systems to be stealthier or just cause more damage. They will be difficult to detect as they will likely adapt their code as they move through systems and just be fast at what they are designed to do. In many cases, they may be finished and already cleaned their tracks before you know they were even there in the first instance. Kind of like a cybersecurity version of the boogie man. We will need to develop our versions of AI to help us detect and defend against these attacks but these tools could also be used against us by malicious actors so we will need to put strong protocols in place to ensure we remain in control of our own white hat boogie man so to speak (I am sure I could come up with a better name for it but you get the picture). It’s going to be a challenge that I don’t think we are prepared for.
Let’s go down the rabbit hole a bit further here and consider another scenario here that was touched on in the white paper of AI driven DDOS attacks. DDOS is a problem that any organisation that has an online presence needs to deal with and appears to be increasing in volume with a recent IoT Mirai-like botnet through almost 300,000 requests a second at an unidentified web service (Further info here) over a 13 day period, this botnet was made up of more than 400,000 devices mainly made up of home routers.
Imagine if an AI entity was set loose with the purpose of collecting zombie devices (there will be billions of IoT insecure devices that they could utilise if we don’t make them more secure), then when they reach a desired amount of devices in their army (which will be decided upon by the AI) will wage war on the determined target/s. these targets could be critical infrastructure, hospitals, banks who knows who this tsunami will be released against and if it is true AI even the initial creator may not have that control (that’s a scary thought) the AI might have just been given an objective “bring down the US or China or whoever” by all means necessary.
It will be a pretty safe attack for terrorist or nation-state actors. Set the AI beast loose and just wait for the chaos to ensue. How about I theorise one scenario for you all in my usual fashion. We have a nation-state group that has set lose an AI entity that has been created to attack Australia and its daily life for citizens. It gathers an army of a billion IoT devices that are probably as powerful as a current mobile device each, it then sets its target on our power grid. Within hours we have lost power to a majority of our country, we no longer have any means of buying food or other necessities. The AI botnet then turns its attention to water and telecommunications which is already crippled due to power loss and within a day we would be descended into chaos. Within days people would start to turn on each other (Look I would hope we last more than days before people started to loot or attack each other but it probably won’t), and with the AI attacking any infrastructure that comes back online as quickly as it is restored services will be hard to bring back up (it will happen but possibly not before it is already too late).
Let’s say it is only down for a week imagine the wide-reaching damage that will inflict on our country, businesses will possibly fold, the economy could fall into a recession or I don’t know what could be worse but it would look pretty bad. How could we stop this kind of attack though, yes we can pull the internet but as IoT is further integrated everything will rely on it and nothing will work if that plug is pulled so to speak. We will need to build in fail-safes to pull back control and prepare our systems to handle the through as pushing the pacific ocean through a garden hose. I know that sounds like a ludicrous idea but we will need to find a way, maybe with our own AI gatekeepers or something I honestly don’t have a solution but with some luck there will be a lot of people out there much smarter than me that can find the key we need to survive otherwise our idea of flying/autonomous vehicles will come to a crashing end.
I don’t want to paint a negative picture here of AI and depict it as the boogie man of cyberspace but it’s a scenario that truly needs our consideration before it is too late and we have lost control of our networks. Let’s start the conversation and but some brilliant minds on this task, I know it will help me sleep better at night. So as usual tell me what you think, laugh at me if you like and tell me I am losing it if that’s what you think but let’s do something to help fight this future threat before it’s too late.
Till next time…