AI weapon of choice for cybercops — and cybercriminals
Another week, another data breach, bringing another arm of government to a standstill. If it’s not Transnet, it’s the department of justice. If it’s not a government ministry, it’s a local authority. And the hacking epidemic is not only a consequence of the South African government’s disgraceful tolerance of tender patronage over national interest.
The harsh reality is that even an efficient government remains vulnerable in an era when cybercriminals are becoming more sophisticated, using artificial intelligence (AI) to refine their attacks, which are, in turn, becoming more frequent and larger in scale. The result of the increasing complexity of threats is that no organisation can rely only on the capabilities of its internal information technology teams.
“The key is being able to automate your efforts,” says Shuman Ghosemajumder, global head of AI at networking applications provider F5. He became known as the “czar of click fraud” when he worked at Google from 2003 to 2010, where he developed techniques to identify and block software “bots” that were intended to defraud advertisers of billions of dollars. He subsequently led a team that built an AI platform for cybersecurity at Shape Security, which was then acquired by F5.
“When we were dealing with clicks, we were talking about billions of events on a daily basis that we would have to analyse. There was absolutely no way that a human being can do that, and there’s no way that you can use a simple rules-based approach to identify all the activity you’re trying to catch, because it’s constantly changing.
“The criminals are trying to figure out their end of the cat-and-mouse game, and create attacks that are not going to conform to the patterns we’ve seen before.”
Just as companies like Google, Shape and F5 are constantly enhancing their armoury with AI, so are the criminals.
“We used machine learning at a very large scale from the very beginning,” says Ghosemajumder.
“That allowed us to cast the net wide in terms of all of the different types of activities that we might not have seen in the past, but which might represent a pattern associated with suspected click fraud.
“But all of the machine learning solutions being built today are at the mercy of the data they’re being fed. So if you’re looking at the same types of signals that everybody else is looking at, like the IP address of the user, the cybercriminal has gotten sophisticated enough that they know how to spoof the signals.
“A cybercriminal attempting to log into a million different accounts from the same IP address can rent a botnet service for a few dollars an hour and bounce every single login request off a different IP address. So even using machine learning doesn’t get you that far.”
The answer was complex but deceptively simple. “We created new data that allowed us to go beyond the standard signal set that everybody else in the industry was using, including what we had access to at Google. This allowed us to ask very advanced questions of browsers and understand exactly what distinguishes a particular version of a browser from someone who is simply claiming to be that browser.
“The cybercriminal could then come to the bank that we were protecting, and they could create a bot that would try and log in and claim that it was a particular version of Chrome. But using our system, we would be able to determine that they were lying. When we do this at scale, all of a sudden we’re creating an extremely high barrier for cybercriminals to get around.
“It’s all about ‘how can we do this at scale?’ Now you no longer have human beings that are engaged in looking at individual incidents or events. Now the role of humans becomes to sit at the top of that stack, to ensure that this high level of automation is functioning and constantly evolving, and understanding how all of this comes together at a business level.
“It has been a given over the last 20 years that all C-level functions have to have a greater understanding of how technology works. That, increasingly, is going to turn into a greater understanding of AI as well.”