In 1950, Alan Turing famously published a paper entitled Computing Machinery and Intelligence, which he started with the dramatic words, “I propose to consider the question, ‘Can machines think?’”
He came up with what is now known as the Turing Test, though he referred to it as the Imitation Game.
If humans conversing remotely with a computer genuinely couldn’t tell that it wasn’t human, suggested Turing, then it would be reasonable to say, from a human point of view, that the computer was ‘thinking’.
This was a fascinating starting point for the study of what we now variously call machine learning (ML) and artificial intelligence (AI), one of the most talked-about fields of study in computer science these days.
Remember that when Turing wrote this paper, electronic computers were rare, slow, typically had just a few hundred bytes of memory, and were largely limited to solving carefully-chosen numerical tasks.
In today’s jargon, we’d say that what Turing was talking about was AGI, or artificial general intelligence.
That’s where an AI system can simulate thinking across the apparently limitless range of the human intellect, rather than just than having the programming to solve one sort of problem by itself, such as quickly finding and welding every seam on a car body on an automotive production line.
Within twenty years of Turing’s paper, a team at Stanford Research Institute (SRI) had demonstrated the world’s first autonomous robot, Shakey.
Shakey’s self-deprecating name came from the way that its spindly camera superstructure wobbled as it moved.
Shakey could be set tasks to find, manipulate, and navigate its way around stylized physical objects dotted around the SRI offices, and apparently lured machine learning pioneer Marvin Minsky into predicting, in 1970, that “in from three to eight years we will have a machine with the general intelligence of an average human being.”
Useful AI of any sort, let alone the wide-ranging ability of an AGI, has turned out to be very much more difficult to implement than Minsky suggested.
More than 50 years later, the cloud, together with the truly enormous data centers it has given birth to, has turned AI into a useful tool, albeit still well short of what any reasonable person would consider ‘general intelligence.’
As online training company Pluralsight wrote in a recent review of popular on-line search-and-summarize AI bot Claude:
Claude AI, like other language models, is designed to generate text based on the patterns it has seen during training. While Anthropic [the company that created it] aims for factual accuracy, Claude is not perfect, and suffers from the same hallucination problems as [other AI engines].
Claude really doesn’t “know” what it knows; it just generates text based on statistical likelihoods. Saying “I don’t know” is generally not its strong suit. So, it’s always a good idea to fact-check important information.
But in many fields, this sort of broad-brush fact-matching ability makes for very useful automation tools, notably in cybersecurity.
New malware samples, for instance, show up at a rate that some experts estimate at more than a quarter-million a day.
Automated tools that can quickly pick out the most dangerous ones so they can be examined in detail by a human expert can clearly improve our collective protection.
Determining that two malware samples are somehow related, and therefore that it’s probably necessary to examine only one of them, not both, can often be done reliably, but it isn’t always quick and easy using conventional techniques.
For example, if you run two different malware files that you suspect are samples of the same ransomware family in a safe and controlled environment, known in the jargon as a sandbox, and they both end up scrambling the same set of files in the same order, albeit with different decryption keys, and popping up similar ransom demand messages at the end, it’s a good bet that they are built from the same malware core.
But even in apparently straightforward cases like this, actually confirming the similarities can be time-consuming.
If one of the details that gets altered every time a new sample is generated is how long it waits before deciding which files to scramble, so that some samples wait a few seconds but others wait a few hours, completing the sandbox comparison across a set of suspected similar samples will mean waiting for the slowest sample in the set to finish.
As this example suggests, the cost of determining, by run-time observation alone, which of today’s 250,000 new malware samples belong to the same family can be manipulated by the criminals who created each sample, which tips the cat-and-mouse game in their favor.
In contrast, the ‘statistical likelihood’ comparisons that AI engines can perform are based on matching each new sample against a pre-trained database of statistical weights derived from prior processing of known-good and known-bad files.
The initial training may take a long time (days, or perhaps even weeks), and require a vast collection of samples handled by a massive array of computers across multiple data centers.
But if the training is representative enough, then each subsequent statistical match can be performed efficiently, typically in a predictable and essentially constant time on a single computer, perhaps even in real-time right on your laptop or phone.
This makes AI anti-malware engines into useful threat pre-processing tools.
And once a human researcher has confirmed a selection of today’s new samples as known-good or known-bad, including correcting any misdiagnoses by the AI engine, those samples can be fed back into the database for the next run of the training system.
Ideally, this means that the overall system can steadily, albeit with some delay, adapt to new tricks and techniques introduced by the criminals, without requiring new ‘rules’ or ‘signatures’ to be created for every one of those 250,000 new samples showing up every day.
Used in the background, the AI engine doesn’t need to be completely accurate, merely accurate enough to boost the performance of human threat researchers.
After all, a human expert who is faced with 25 possibly brand-new and dangerous malware samples a day, chosen in a predictable time by an AI classification tool, will be very much more productive, even if only two or three of those samples turn out to be important, than an expert who has to dig out the important samples each day by hand from the swamp of 250,000 new files.
Additionally, pre-generated AI threat databases can be trained not merely to divide program file into ‘possible malware’ and ‘probably safe application’ categories, but also to split email samples into ‘likely spams-and-scams’ and ‘harmless messages’, to separate potential rogue web URLs from low-risk websites, and to perform numerous other sorts of differentiation and classification.
Unsurprisingly, of course, following the principle that what is good for the goose is good for the gander, this sort of self-adapting AI system can be utilized for cybercrime as well as cyber-defense.
Worse, perhaps, is that attackers are experimenting with AI engines that are more like Claude or ChatGPT: so-called generative AI tools that, very loosely speaking, work the other way around.
A generative AI doesn’t aim to deconstruct an input in order to decide which of a group of categories it belongs to, as an AI-driven malware filtering tool might, but instead aims to construct an output that believably fits into a pre-selected category.
Simply put, where a classifying AI might answer the question, “Does this email look like a phishing scam?”, which is clearly a useful tool in cyber-defense…
…a malevolently-instructed generative AI might instead act on a command along the lines of, “Write me a phishing email that looks like a legitimate special offer from a well-known supermarket chain.”
Annoyingly, if the attackers know or can guess which AI-driven phishing detector you are using, they can also test out the emails that their AI is generating to see if your AI detects them, and then adapt their own AI accordingly in the hope of bypassing your existing defense until your AI can be adapted in turn, and so on indefinitely.
What does all this mean for login security?
Phishing attacks, where believable emails lure you to visit imposter websites where you inadvertently enter vital personal information such as passwords and MFA (multi-factor authentication) codes, are still, by many accounts, the primary way that criminals gain illegal access to company networks.
As Microsoft warned its users about a year ago (my emphasis):
Phishing is a digital con artist’s elaborate scheme. It usually begins with a seemingly harmless email, message, or link that lures you into clicking, or downloading an attachment. […] Ransomware is predominantly delivered by phishing.
In fact, the ‘ransomware delivery’ referred to by Microsoft might happen in several stages, starting with data stolen through phishing.
A phishing criminal might acquire your login details and sell them on to a so-called IAB, or initial access broker:
The IAB, in turn, might sell those access credentials to a criminal who specializes in implanting downloader or zombie malware written to facilitate the delivery of yet more malware.
And that zombie-master, or bot-herder (so named because they hold sway over latent armies of zombified computers or bots, short for software robots), might sell on access to those pre-infected computers, for example to a ransomware attacker:
There is therefore understandably great concern about how easy it now seems to be for cybercriminals to bypass even the strongest login precautions, including those where MFA has been turned on.
That fear comes from the possibility of using generative AI to produce highly believable phishing messages:
If generative AI can improve the chance that phishing scams not only get past the technological protections your company has in place, but also convince you to believe in them…
…then surely even the much-vaunted additional protection of MFA (which often means entering a one-time code in addition to your password) won’t do much to protect you?
Crooks who know only your password – which might, for all you know, have been stolen weeks or months ago – will, indeed, by stymied by MFA, because your password alone isn’t enough to get into your account.
But a crook who can phish your password and your current MFA code at the same time has a brief but golden opportunity, even if it only lasts for a minute or so, to get into your account right now, before you even begin to suspect that something might be wrong.
Sure, smart or well-informed criminals have been producing highly-believable phishing scams for years, using human skills far better than any current generative AI, and probably better than generative AI tools of the next three to eight years, or even the next five decades.
So generative AI doesn’t bring anything truly novel to phishing, in linguistic, graphical, technical, or artistic terms.
But generative AI unarguably makes phishing easier for an ever-larger number of less well-informed criminals who might previously have tried their hand at phishing but failed.
And, in just the same way that automated malware modification tools have helped cybercriminal programmers to do more damage with each truly new malware creation…
…so generative AI is likely to help well-informed crooks (the very sort who could get by without AI) to do more harm, by evading detection for longer and by flooding researchers with an ever-greater number of troublesome phishing samples.
But are we all doomed?
Is MFA, as one recent headline dramatically claimed, really “under siege” from AI?
Fortunately, the answer is a resounding, “No!”
Unfortunately, even without AI, phishing can already be easily automated, for example by attackers who don’t try to copy or simulate someone else’s email style, but who simply use exact copies of genuine messages harvested from legitimate businesses.
Likewise, criminals setting up fake websites don’t need AI tools to make their sites look more realistic, given that open-source programs already exist that automatically make pixel-perfect clones of existing web pages, or that automatically create interstitial “manipulator-in-the-middle” (MitM) sites that mirror legitimate sites in real time.
Indeed, these tools, even those that knowingly include the adjective evil
in their name, are typically pitched as research projects, or as legitimate penetration testing tools, or simply as being for ‘learning purposes’, despite creating a clear and present danger in the hands of cybercriminals.
So, here are three tips to stay out of the clutches of phishing criminals, whether you are using MFA or not, and whether or not the attackers are using AI:
nevvs.test
instead of news.test
) will simply be ignored by the password manager. It therefore won’t put the right password into the wrong site, no matter how believable the message in which the URL arrived.Why not ask how SolCyber can help you do cybersecurity in the most human-friendly way? Don’t get stuck behind an ever-expanding convoy of security tools that leave you at the whim of policies and procedures that are dictated by the tools, even though they don’t suit your IT team, your colleagues, or your customers!
Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!
Featured image of padlocks by Vladislav Kosoborod via Unsplash.