by Ken Wieland
16 July 2019
LONDON -- If you thought clever hackers mainly relied on machine-learning to carry out new and unexpected cyberattacks then think again. When it comes to disrupting social media platforms and tinkering with search engines, new research reveals they increasingly prefer to mess with existing AI software.
These are the
latest findings from a new report published by SHERPA, a research group funded
by the European Union. Established last year to explore how a combination of AI
and big data might impact ethics and human rights, SHERPA is led by De Montfort
Professor Bernd Stahl, the project’s coordinator and from
DMU, said online hackers were increasingly hijacking AI software found in
commonly used search engines, social media platforms and recommendation websites.
“Our consortium partners found that hackers tend to focus
most of their efforts on manipulating existing AI systems for malicious
purposes instead of developing new attacks that use machine learning,” said Professor
Stahl. And this type of manipulation, adds the report, is much more frequent
than most people realise.
Among SHERPA’s members is F-Secure, a cybersecurity firm
based in Finland. “Some humans incorrectly equate machine intelligence with
human intelligence, and I think that’s why they associate the threat of AI with
killer robots and out of control computers,” said Andy Patel, a researcher at
the F-Secure AI centre of excellence. “But human attacks against AI actually
happen all the time.”
Another finding from the report is that AI has advanced so
much that it can fabricate extremely
realistic written, audio and visual content. Fearful that they might be abused
by hackers, SHERPA reports that some AI models have even been withheld from the
public. “We can’t have meaningful conversations about human rights, privacy, or
ethics in AI without considering cyber security,” added Professor Stahl.
The SHERPA project has received €2.8m of funding from the
EU. DMU is working with partners from Universiteit Twente (Netherlands), the
European Network of Research Ethics Committees (Germany), University of Central
Lancashire (Cyprus), Depoorter Dries (Belgium), Trilateral Research (UK),
Stichting Nederlands Normalisatie (Netherlands), Mutual Shoots Ltd (UK),
Aequitas (Cyprus), European Business Summit (Belgium) and F-Secure (Finland).