Firewalls Are Useless and Blockchains are ‘Hackable’
When cryptocurrency first started making headlines, even people who couldn’t understand the concept picked up on one aspect of this new “virtual money:” it was un-hackable. “Blockchains cannot be altered,” the stories from a decade or so ago claimed, “making them impervious to hackers.” Um… wrong. Since 2017, close to US$2 billion in cryptocurrency has been stolen. The thefts have generally been from exchanges, but bear in mind that those figures are only what’s being reported to the public. As a refresher, let’s take a look at Technology Review’s definition of a blockchain, “A blockchain is a cryptographic database maintained by a network of computers, each of which stores a copy of the most up-to-date version. A blockchain protocol is a set of rules that dictate how the computers in the network, called nodes, should verify new transactions and add them to the database. The protocol employs cryptography, game theory, and economics to create incentives for the nodes to work toward securing the network instead of attacking it for personal gain. If set up correctly, this system can make it extremely difficult and expensive to add false transactions but relatively easy to verify valid ones.”
And there is where the problems arise. The “setting it up correctly” part. The more complex the systems get, the harder it becomes to avoid mistakes – and hackers are as opportunistic as any other predator: spot a weakness and attack. This applies to web users of all stripes. Most of us still go online rather recklessly, with misplaced confidence that we’re not targets for malware or hacking. Many a sad tale of being hit with ransomware, or having data stolen, might have been prevented with something as simple as safe browsing. By installing and running a safe browser extension with web security scanners, your internet use is scanned in real-time, keeping you safe from phishing, identity theft, and malware as you browse. A safe browser runs checks on each site you visit and – based on both AI algorithms and reports from a huge community of users, sites get either green-lit or blacklisted… and the lists are constantly being updated. Like every other evolutionary arms race, the “good guys” are fast finding ways to beef up security with blocking apps that utilize AI tech to warn or preempt attacks.
The applications for machine learning or artificial intelligence as protective tools extend from browsing to cryptocurrency protection to hacking prevention. AI programs can, for example, search for common characteristics in millions upon millions of malware files, with the AI looking for ‘repeats,’ a kind of fingerprint that provides clues as to who’s behind a cyberattack or a cryptocurrency theft. Malicious uses for AI have been downplayed or not given as much attention, said the authors of a major report titled “The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation” A sample of three of the many suggestions listed by this panel of over 20 experts in computing, risk management, and security include these recommendations, “1. Policymakers should collaborate closely with technical researchers to investigate, prevent, and mitigate potential malicious uses of AI. 2. Researchers and engineers in artificial intelligence should take the dual-use nature of their work seriously, allowing misuse-related considerations to influence research priorities and norms, and proactively reaching out to relevant actors when harmful applications are foreseeable. 3. Best practices should be identified in research areas with more mature methods for addressing dual-use concerns, such as computer security, and imported where applicable to the case of AI.”
From the student on a Chromebook to the data protection team of mega-corporations, a new mindset regarding digital security needs to evolve. For the average computer user, this means understanding that firewalls and other protection methods that sound so powerful are essentially ancient technology, and are easily overcome by bad actors. Safe browsing offers much more genuine protection than a firewall. For larger firms, a similar “unlearning” must take place. The “fortress mentality” so many adopt is pointless in a world where malicious actors can figuratively ‘walk through walls.’ Darktrace CEO Nicole Eagan told WIRED Magazine in 2017 that AI is the only real weapon against “unknown unknowns.” She noted that “The average attacker is in a network 200 days before real damage is done. You’ve got a lot of time.” –Yes, but only if you spot the anomaly… a task AI is extremely well-suited for.
Eagan ended by explaining that new safety approaches to web security need to become part of an “immune system,” that is in many ways, very similar to a safe browser: “That is where security needs to get. It needs to become something that, like our immune system, is just in the background always running—I don’t have to think about it.”