What Artificial Intelligence in Hands of Adversaries Means for Cyber Defense  


Governments and businesses need to prepare for the cyberattacks AI can make more effective.

Michelle Cantos is a strategic intelligence analyst at FireEye.

In a recent address to schoolchildren, President Vladimir Putin emphasized, “Artificial intelligence is the future, not only of Russia but of all of mankind … Whoever becomes the leader in this sphere will become the ruler of the world.” In the coming years, nations that find ways to generate and use artificial intelligence capabilities will have an advantage on the world stage—and that includes the cyber domain.

Russia and China both recognize the transformative potential of artificial intelligence to increase their economic and political power. Beijing’s and Moscow’s ambitious acquisition and implementation of AI technology could enable more efficient cyberattacks in the future.

In July, China announced their development plans to become an AI powerhouse by 2030 via national investments to bolster both their military and economic capabilities. Rapid AI development is not just a state-sponsored goal. Two of the nation’s largest technology companies, Baidu and Tencent, are developing research facilities in the United States to recruit American scientists to advance Chinese technology.

Internally, China is already leveraging the power of AI tools to censor government critics in online chat platforms. In the future, they plan on using AI capabilities to predict crime and identify potential criminals by examining facial imagery, gait and crowd dynamics.

Although Russia has not outlined an explicit expansion plan, the nation has already begun developing AI capabilities. Moscow’s “digitalization of justice” initiative will incorporate AI-based speech recognition systems to help prepare court records. Furthermore, internet service providers must comply with a new Russian law regarding data retention that requires ISPs to store consumer content for six months. The Russian government could use AI applications to analyze this data for defensive purposes.

Applications for AI in Cyber Security

In the hands of threat groups, AI applications could lead to an increase in the number of cyberattacks. These capabilities allow users to process large data sets in less time and can make future cyberattacks more efficient in their targeting and reach.

Security researchers have already demonstrated how AI can be used in cyberattacks. The Social Network Automated Phishing with Reconnaissance system, or SNAP_R, is a machine learning system that was as successful as a human when spear-phishing Twitter users. SNAP_R used a variety of AI-based approaches to suggest high-value targets and generate quality spear-phishing messaging based on the targets' previous tweets.

Moreover, what makes SNAP_R noteworthy is the amount of phishing tweets it sent in the two-hour contest against a human. SNAP_R delivered more than four times as many spear-phishing tweets as the human did, suggesting future AI enabled cyberattacks could have a wider digital reach.

AI tools can also generate fake messaging for spear-phishing attacks. SNAP_R demonstrates how these tools can accurately reflect a victim’s language patterns by monitoring personal data, such as social media accounts. Advances in AI can help adversaries improve the quality of their spear-phishing attacks and increase the volume of successful intrusions while making it more difficult for users to identify such attempts.  

Current AI technology used by businesses to analyze consumer behavior and find new customer bases can be appropriated to help attackers find better targets. Adversaries can use AI to analyze data sets and generate recommendations for high-value targets they think the adversary should hit. Improved targeting can lead to an increase in attacks against high-profile users and their affiliates.

Additionally, conventional password guessing tools improve their performance when they are combined with artificial intelligence. Researchers created a password tool called PassGAN that analyzed the database of leaked passwords from the RockYou hack and generated completely new passwords based on the knowledge it gained from examining the leaked data set. Although PassGAN had moderate success on its own, when combined with pre-existing password hacking tools, the hybrid tool had higher rates of success cracking passwords.

As Russia and China push for the rapid development of AI capabilities, it’s important for businesses and governments alike to understand how AI may change the nature of cyberattacks in the future.