Will AI usher in a new era of hacking?

Machine vs. machine might be the future of cyber warfare, experts say

It may take several years or even decades, but hackers won't necessarily always be human. Artificial intelligence -- a technology that also promises to revolutionize cybersecurity -- could one day become the go-to hacking tool.

Organizers of the Cyber Grand Challenge, a contest sponsored by the U.S. defense agency DARPA, gave a glimpse of the power of AI during their August event. Seven supercomputers battled each other to show that machines can indeed find and patch software vulnerabilities.

Theoretically, the technology can be used to perfect any coding, ridding it of exploitable flaws. But what if that power was used for malicious purposes? The future of cyberdefense might also pave the way for a new era of hacking.

The possible dangers

For instance, cybercriminals might use those capabilities to scan software for previously unknown vulnerabilities and then exploit them for ill. However, unlike a human, an AI can do this with machine efficiency. Hacks that were time-consuming to develop might become cheap commodities in this nightmare scenario.

It’s a risk that the cybersecurity experts are well aware of, in a time when the tech industry is already developing self-driving cars, more advanced robots, and other forms of automation. "Technology is always frightening," said David Melski, vice president of research for GrammaTech.

Melski's company was among those that built a supercomputer to participate in August’s Cyber Grand Challenge. His firm is now considering using that technology to help vendors prevent flaws in their internet of things devices or make internet browsers more secure.

"However, vulnerability discovery is a double-edge sword," he said. "We are also increasingly automating everything."

So it’s not hard for security experts to imagine a potential dark side -- one where AIs can build or control powerful cyberweapons. Melski pointed to the case of Stuxnet, a malicious computer worm designed to disrupt Iran's nuclear program.

"When you think about something like Stuxnet getting automated, that’s alarming," he said.

Tapping into the potential

"I don’t want to give any ideas to anyone," said Tomer Weingarten, CEO of security firm SentinelOne. But AI-driven technologies that crawl the internet, looking for vulnerabilities, might be among the future realities, he said.

That streamlining of cybercrime has already taken place. For instance, buyers on the black market can hire "rent-a-hacker" services, built with slick web interfaces and easy-to-understand commands, to pull off cybercrime like infecting computers with ransomware.

robot hacking Michael Kan

Security experts wonder if AI will be used for malicious hacking.

Weingarten said it's possible these rent-a-hacker services may eventually incorporate AI technologies that can design entire attack strategies, launch them, and calculate the associated fee. "The human attackers can then enjoy the fruits of that labor," he said.

However, the term AI is a loaded one. Tech companies may all be talking about it, but no company has created a true artificial intelligence. The industry has instead come up with technologies that can play games better than a human, act as digital assistants, or even diagnose rare diseases.

Cybersecurity firms such as Cylance have also been using a subset of AI called machine learning to stop malware. That's involved building mathematical models based on malware samples that can gauge whether certain activity on a computer is normal or not.

"Ultimately, you end up with a statistical probability that this file is good or bad," said Jon Miller, chief research officer of the security firm. More than 99 percent of the time the machine learning works to detect the malware, he said.

"We're continually adding new data (malware samples) into the model," Miller said. "The more data you have, the more accurate you can be."

Escalation

A drawback is that using machine learning can be expensive. "We spend half a million dollars a month on computer models," he said. That money is spent on leasing cloud computing services from Amazon to run the models.

Anyone who attempts to use AI technologies for malicious purposes might face this same barrier to entry. In addition, they'll also need to secure top talent to develop the programming. But over time, the costs of computing power will inevitably decrease, Miller said.

Still, the day when hackers resort to using AI may be far off. "Why hasn’t this been done? It’s just not necessary," he said. "If you want to hack somebody, there are already enough known flaws in everything."

To this day, many hacks occur after a phishing email containing malware is sent to the target. In other instances, the victims secured their logins with weak passwords or forgot to upgrade their software with the latest patch – making them easier hack.

AI technologies like machine learning have shown the potential to resolve some of these problems, said Justin Fier, director for cyberintelligence at security firm Darktrace. But it may only be a matter of time before the hackers eventually upgrade their arsenal.

That will pit cybersecurity firms against the hackers, with AI on the frontlines. "It seems like we’re heading into a world of machine versus machine cyber warfare," Fier said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?