AI programs take computer hacking to new level

[Matrix]

The nightmare scenario for computer security - artificial intelligence programs that can learn how to evade even the best defences - may already have arrived.

That warning from security researchers is driven home by a team from IBM Corp who have used the artificial intelligence technique known as machine learning to build hacking programs that could slip past top-tier defensive measures. The group unveiled details of its experiment at the Black Hat security conference in Las Vegas.

State-of-the-art defences generally rely on examining what the attack software is doing, rather than the more commonplace technique of analysing software code for danger signs. But the new genre of AI-driven programs can be trained to stay dormant until they reach a very specific target, making them exceptionally hard to stop.

No one has yet boasted of catching any malicious software that clearly relied on machine learning or other variants of artificial intelligence, but that may just be because the attack programs are too good to be caught.

Researchers say that, at best, it's only a matter of time. Free artificial intelligence building blocks for training programs are readily available from Alphabet's Google and others, and the ideas work all too well in practice. "I absolutely do believe we're going there," said Jon DiMaggio, a senior threat analyst at cybersecurity firm Symantec Corp. "It's going to make it a lot harder to detect."

The most advanced nation-state hackers have already shown that they can build attack programs that activate only when they have reached a target. The best-known example is Stuxnet, which was deployed by US intelligence agencies against a uranium enrichment facility in Iran.

The IBM effort, named DeepLocker, showed that a similar level of precision can be available to those with far fewer resources than a national government.

In a demonstration using publicly available photos of a sample target, the team used a hacked version of videoconferencing software that swung into action only when it detected the face of a target.

"We have a lot of reason to believe this is the next big thing," said lead IBM researcher Marc Ph. Stoecklin. "This may have happened already, and we will see it two or three years from now."

At a recent New York conference, Hackers on Planet Earth, defense researcher Kevin Hodges showed off an "entry-level" automated program he made with open-source training tools that tried multiple attack approaches in succession.

"We need to start looking at this stuff now," said Hodges. "Whoever you personally consider evil is already working on this." 

 

Source

[Matrix]

5 hours ago, DonyMach1 said:

Whoever you personally consider evil is already working on this." 

 

Omg the moral of this story is stay tuned to Nsane and keep your machine up to date.

 

Lol even then if something like this really does happens we all will end up putting our heads between our legs and kissing our butts goodbye 

 

 

[straycat19]

5 hours ago, DonyMach1 said:

Omg the moral of this story is stay tuned to Nsane and keep your machine up to date.

 

The real moral of the story is quit relying on stupid AV programs and half ass firewalls to protect your systems, neither of which does that.  You need to invest in some cyber security training and learn the insides of your OS so you can harden it thru the settings available.  Though AIs may be new to most they have been actively used for several years by governments to come up with new ways of hardening their systems without adding third party software which only creates more vulnerabilities.  The fewer programs there are on a system the fewer the vulnerabilities that could be exploited.  The only problem in large organizations is getting the information out and getting their IT departments on board and using the information.  For most home users, they will go merrily along with their heads in the sand.  Which is one reason why computer ownership and internet access ought to be licensed just like the privilege of driving a vehicle, mandatory training, testing, licensing, and scheduled retesting.  Call it certification or licensing, or whatever you want, but it would ensure that most of the so-called experts (an EX is a has-been and a SPURT is a drip under pressure) would no longer have access to computers.  (I am not an expert, I don't claim to be.  I dabble in cyber security as an offshoot of forensics investigations which also takes me into malware research.  And that is the only portion of my job I will reveal.)

[plb4333]

It looks like you might be more of an idealist than practical? Going by your solutions to the GENERAL public

[lordnsane]

On 8/11/2018 at 8:51 PM, straycat19 said:

 

The real moral of the story is quit relying on stupid AV programs and half ass firewalls to protect your systems, neither of which does that.  You need to invest in some cyber security training and learn the insides of your OS so you can harden it thru the settings available.  Though AIs may be new to most they have been actively used for several years by governments to come up with new ways of hardening their systems without adding third party software which only creates more vulnerabilities.  The fewer programs there are on a system the fewer the vulnerabilities that could be exploited.  The only problem in large organizations is getting the information out and getting their IT departments on board and using the information.  For most home users, they will go merrily along with their heads in the sand.  Which is one reason why computer ownership and internet access ought to be licensed just like the privilege of driving a vehicle, mandatory training, testing, licensing, and scheduled retesting.  Call it certification or licensing, or whatever you want, but it would ensure that most of the so-called experts (an EX is a has-been and a SPURT is a drip under pressure) would no longer have access to computers.  (I am not an expert, I don't claim to be.  I dabble in cyber security as an offshoot of forensics investigations which also takes me into malware research.  And that is the only portion of my job I will reveal.)

 

The solution you have given sounds good, but isn't practical.

I still don't understand the hate on AV programs and firewalls, like how it's bad if something is watching over the data coming to you over the network, and analyzing the patterns if it could be an attack/brute force/DoS or anything? Or something that's actually watching over every file you execute to see if it's malicious, coz believe me, we all are humans, and even the best and most technical users sometimes makes mistakes, that antivirus could save you the hassle for just that one tiny mistake, that could have costed you your years of data. The only thing you got right is that more programs you have installed in your machine, more the attack surface. But then, what's the use of buying a PC worth $$$$ if you just want to install just bare minimum softwares on it. It sort of works for corporates, but at your home machine??, which is like ALL OF YOUR GENERAL PUBLIC out there.

Black Hat is already just a stupid conference with more emphasis on business networking rather than technical expertise, and in this article, they just touched one side of the coin. If an AI program can be used to attack a network or machine, a similar program could be installed on the end user machine to learn that attacking behavior and defending it, sort of like the AVs and firewalls you are hating on, just smarter and powered by AI.