Pages

18 January 2017

What If Deep Learning Was Given Command Of A Botnet?

Kalev Leetaru

Not a day goes by without some fascinating new advance in deep learning, yet most of the conversation around deep learning in the cybersecurity realm has focused on its defensive capabilities, using AI algorithms to hunt through network and server logs to ferret out anomalous activity. This raises the fascinating question of what deep learning might be capable of as an offensive weapon of cyberwarfare.

In the leadup to the US presidential election, the US Government proudly proclaimed that it had deployed its cyber warriors to burrow deep inside of Russian infrastructure systems in preparation for possible retaliatory strikes: “U.S. military hackers … penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary.” Such widespread infiltration likely took immense resources and preparation from a massive team of cyber experts. What if an organization like the NSA could instead simply fire up a deep learning algorithm, point it at the Kremlin and let the tool take it from there?

While we’re not quite at the point where deep learning is capable of the complex open-ended problem solving needed to launch its own autonomous cyberattack, we’re getting exceptionally close to having all of the necessary building blocks in place to start seeing autonomous cyber weaponry in action.

Perhaps the first incarnation of autonomous offensive cyberwarfare will come in the form of intelligent DDOS attacks. For all its strengths, the Internet is incredibly vulnerable to the simplest forms of attack. As Fortune put it, “It is a great irony that a system designed to withstand nuclear war falls so easily victim to a stampede of beeping baby monitors and webcams.”

Today, a script kiddie with a grudge can shell out a few bitcoin and rent a massive botnet capable of bringing even the most powerful companies on earth to their virtual knees or cause disruption across an entire nation. Such attacks rely on shear blind brute force of scale to overwhelm their victims. Yet, while an inexperienced script kiddie can wreak immense harm, that same botnet in the hands of a skilled team of elite hackers can inflict true devastation and be nearly impossible to stop with complex waves of attack that adjust in realtime to the victim’s mitigation strategies.

Now, imagine for a moment that you handed that botnet over to the control of a deep learning system and gave that AI algorithm complete control over every knob and dial of that botnet. You also give it live feeds of global internet status information from major cybersecurity and monitoring vendors around the world so it can observe second-by-second how the victim and the rest of the internet at large is responding to the attack. Perhaps this all comes after you’ve had the algorithm spend several weeks monitoring the target in exquisite detail to understand the totality and nuance of its traffic patterns and behaviors and burrow its way through its outer layers of defenses.

The result would be the closest thing we’ve ever seen to Skynet and perhaps the most powerful cyber weapon the world has ever seen. Much like that army of skilled nation state attackers, such a tool could dynamically and fluidly react to countermeasures, intelligently developing its own complex warfare strategies beyond anything any human has ever developed, involving complex layering of attacks to mitigate standard countermeasures and reacting at a speed that no human network administrators could hope to match. Even the most elite nation state defenders would be largely helpless against an adversary that could alter its attack strategy faster than they could discern what it was doing and capable of constructing novel strategies that no human in history has ever developed or to play devil’s advocate by playing out millions of possible future scenarios to find the best path forward in realtime.

It is not hard to imagine an agency like the NSA funding the creation of such a tool as the ultimate cyber warrior. Yet, given the dizzying pace of deep learning advances and the obvious application to cyberwarfare, it is likely that America’s adversaries are also rushing to explore this future landscape. Indeed, the widespread availability of such tools would further level of the cyber battleground by enabling small nation states and even terror organizations to operate with impunity in the cyber landscape. As President Obama noted, the US is perhaps the most vulnerable nation when it comes to cyberattacks, as “Our economy is more digitized, it's more vulnerable, partly because we're a wealthier nation, and we're more wired than other nations.”

Yet, it is not just DDOS attacks that deep learning could revolutionize. AI algorithms are immensely adept at teasing the subtlest and most nuanced of patterns from vast reams of data. It is not hard to imagine them finding a home in mapping and probing target networks in increasingly invisible ways, autonomously identifying and exploiting weaknesses to enter the network, scan the available data and sort it in order of value to the attacker, exfiltrate the material and then either destroy the target computers or go to sleep and await further instructions.

Imagine a deep learning algorithm that constantly monitors all available vulnerability notifications and exploit marketplaces and autonomously identifies tools that match its victim’s infrastructure, orders a human assistant to purchase the tool and then places that tool to work before the target’s teams even realize they have a vulnerability.

Or, imagine turning such a tool loose on Shodan and asking it to come up with a plan to sow discord in major cities across an enemy country. Take my “cyber first strike” outline from 2015 and have an AI system develop the perfect battle plan in minutes and adjust it in realtime. Or, take the Shodan data and construct a virtual simulation of the city and train an AI system on how to maximize gridlock quietly and undetectably in that city and then turn the final intricately tuned algorithm loose. As city traffic engineers attempt to adjust the timing of the traffic signals, the algorithm could monitor the traffic camera network to observe traffic patterns unfolding in realtime and adjust signals across the city, taking the city’s entire transportation network into account to effect maximum paralysis.

Putting this all together, we see that while we are not quite there yet, the first glimmers of offensive use of deep learning for cyberwarfare are closer than we might think and it is only a matter of time before the first ancestors of Skynet enter cyber service.

No comments:

Post a Comment