As artificial intelligence grows, so does its criminal potential
Imagine receiving a phone call from your aging mother seeking your help because she has forgotten her banking password.
Except it’s not your mother. The voice on the other end of the phone call just sounds deceptively like her.
It is actually a computer-synthesized voice, a tour-de-force of artificial intelligence technology that has been crafted to make it possible for someone to masquerade via the telephone.
Such a situation is still science fiction — but just barely. It is also the future of crime.
The software components necessary to make such masking technology widely accessible are advancing rapidly. Recently, for example, Deep Mind, the Alphabet subsidiary known for a program that has bested some of the top human players in the board game Go, announced that it had designed a program that “mimics any human voice and which sounds more natural than the best existing text-to-speech systems, reducing the gap with human performance by over 50 percent.”
The irony, of course, is that the computer security industry, with $75 billion in annual revenue, has started to talk about how machine learning and pattern recognition techniques will improve the woeful state of computer security. But there is a downside. “The thing people don’t get is that cybercrime is becoming automated, and it is scaling exponentially,” said Marc Goodman, a law enforcement agency adviser and the author of “Future Crimes.” He added, “This is not about Matthew Broderick hacking from his basement,” a reference to the 1983 movie “War Games.”
‘Criminal franchise’
The alarm about malevolent use of artificial intelligence technologies was sounded earlier this year by James R. Clapper, director of national intelligence. In his annual review of security, Clapper underscored the point that while AI systems would make some things easier, they would also expand vulnerabilities of the online world.
The growing sophistication of computer criminals can be seen in the evolution of attack tools like the widely used malicious program known as Blackshades, according to Goodman. The author of the program, a Swedish national, was convicted last year in the United States.
The system, which was sold widely in the computer underground, functioned as a “criminal franchise in a box,” Goodman said. It allowed users without technical skills to deploy computer ransomware or perform video or audio eavesdropping with a mouse click.
The next generation of these tools will add machine learning capabilities that have been pioneered by artificial intelligence researchers to improve the quality of machine vision, speech understanding, speech synthesis and natural language understanding. Some computer security researchers believe that digital criminals have been experimenting with the use of AI technologies for more than half a decade.
That can be seen in efforts to subvert the internet’s omnipresent Captcha — Completely Automated Public Turing test to tell Computers and Humans Apart — the challenge-and-response puzzle invented in 2003 by Carnegie Mellon University researchers to block automated programs from stealing online accounts.
Both “white hat” artificial intelligence researchers and “black hat” criminals have been deploying machine vision software to subvert Captchas for more than half a decade, said Stefan Savage, a computer security researcher at the University of California, San Diego. “If you don’t change your Captcha for two years, you will be owned by some machine vision algorithm,” he said.
‘Social engineering’
Surprisingly, one thing that has slowed the development of malicious AI has been the ready availability of either low-cost or free human labor. For example, some cybercriminals have farmed out Captcha-breaking schemes to electronic sweatshops where humans are used to decode the puzzles for a tiny fee. So what’s next? Criminals, for starters, can piggyback on new tech developments. Voicerecognition technology like Apple’s Siri and Microsoft’s Cortana are now used extensively to interact with computers. And Amazon’s Echo voice-controlled speaker and Facebook’s Messenger chatbot platform are rapidly becoming conduits for online commerce and customer support. As is often the case, whenever a communication advancement like voice recognition starts to go mainstream, criminals looking to take advantage of it aren’t far behind.
“I would argue that companies that offer customer support via chatbots are unwittingly making themselves liable to social engineering,” said Brian Krebs, an investigative reporter who publishes at krebsonsecurity.com.