by Ken Wieland
16 July 2019
LONDON — If you thought clever hackers mainly relied on machine-learning to carry out new and unexpected cyberattacks then think again. When it comes to disrupting social media platforms and tinkering with search engines, new research reveals they increasingly prefer to mess with existing AI software.
These are the latest findings from a new report published by SHERPA, a research group funded by the European Union. Established last year to explore how a combination of AI and big data might impact ethics and human rights, SHERPA is led by De Montfort University (DMU).
Professor Bernd Stahl, the project’s coordinator and from DMU, said online hackers were increasingly hijacking AI software found in commonly used search engines, social media platforms and recommendation websites.
“Our consortium partners found that hackers tend to focus most of their efforts on manipulating existing AI systems for malicious purposes instead of developing new attacks that use machine learning,” said Professor Stahl. And this type of manipulation, adds the report, is much more frequent than most people realise.
Among SHERPA’s members is F-Secure, a cybersecurity firm based in Finland. “Some humans incorrectly equate machine intelligence with human intelligence, and I think that’s why they associate the threat of AI with killer robots and out of control computers,” said Andy Patel, a researcher at the F-Secure AI centre of excellence. “But human attacks against AI actually happen all the time.”
Another finding from the report is that AI has advanced so much that it can fabricate extremely realistic written, audio and visual content. Fearful that they might be abused by hackers, SHERPA reports that some AI models have even been withheld from the public. “We can’t have meaningful conversations about human rights, privacy, or ethics in AI without considering cyber security,” added Professor Stahl.
The SHERPA project has received €2.8m of funding from the EU. DMU is working with partners from Universiteit Twente (Netherlands), the European Network of Research Ethics Committees (Germany), University of Central Lancashire (Cyprus), Depoorter Dries (Belgium), Trilateral Research (UK), Stichting Nederlands Normalisatie (Netherlands), Mutual Shoots Ltd (UK), Aequitas (Cyprus), European Business Summit (Belgium) and F-Secure (Finland).