Troubled by something deeply unethical going on at work? Or maybe you are plotting to leak sensitive information on the company that just sacked you? Either way, you best think twice before making your next move because an all-seeing artificial intelligence (AI) might just be analyzing every e-mail you send, every file you upload, every room you scan into — even your coffee routine.
The latest wave of cyberdefense technology employs machine learning to monitor use of the ever-expanding number of smart household objects connected to the Internet of Things — shutting down hackers before they have broken into corporate databases or whistle-blowers before they have forwarded information to the media.
One of the leading proponents is cyberdefense company Darktrace, founded in 2013 by former British intelligence officers in Cambridge and today featuring 370 employees in 23 offices globally. The company is targeting growth in the Asia-Pacific region, where regional head Sanjay Aurora is promoting Darktrace’s Enterprise Immune System at the CeBIT Australia conference in Sydney on May 23.
Illustration: Yusha
In an interview ahead of the conference, Aurora told the Guardian that the Internet of Things, the interconnected everyday devices such as the smart refrigerator, offers more vulnerabilities to be hacked than ever before — but also more ways to scan for threats.
“In newspapers there is not a single day where we don’t read about an organization being breached,” he said. “At a time when even coffee machines have IP [Internet protocol] addresses, many people in security teams don’t so much as have visibility of the network.”
Where cybersecurity normally functions as a barrier to keep out previously identified threats, Aurora said Darktrace technology behaves more like a human immune system.
“Once you understand the devices and people, once you notice subtle changes within the network, you establish a pattern of life, and whether it is lateral movement or unusual activity — maybe an employee using a device they don’t normally use, or a fingerprint scanner acting unusually — the immune system notices and takes action, detecting these things in network before they become a headline,” he said.
Darktrace’s package includes a 3D topographical real-time “threat visualizer” that monitors everyday network activity and the responsive Antigena system, which can decide for itself to slow systems down to give security personnel time to stop a potential breach, cut off network access to particular individuals, or mark specific e-mails for further investigation.
“Let’s say an employee is made redundant and becomes a potential information threat, the machine will intelligently determine what is the problem, assess the mathematical threat and then decide what action is to be taken,” Aurora said.
Darktrace says its Enterprise Immune System has reported more than 30,000 serious cyberincidents in more than 2,000 deployments across the world, offering examples such as an employee who was disgruntled about their company’s Brexit plans and was caught before the person could leak the information.
FINGERPRINTS
Another case was put forward by Darktrace cofounder Poppy Gustafsson at the TechCrunch Disrupt conference in London last year.
Gustafsson cited the case of attackers sending a truck into the warehouse of a luxury goods manufacturer after uploading their fingerprints to the company’s system to bypass the biometric scanners.
“It’s one of the few attacks where a criminal has given their fingerprint ahead of time,” she said.
Darktrace is well on the way to establishing itself in Australia ahead of the CeBIT business tech conference, already boasting clients such as national telecommunications provider Telstra.
A Telstra spokesperson said the company “joined forces with Darktrace last year, adding it to a suite of complementary security technologies that are designed and utilized to protect customer and corporate information and the Telstra network.
Darktrace, along with our other technologies, people and processes, strengthens Telstra’s internal security through its ability to detect anomalous activity and its ability to visualize all network activity, resulting in a reduced time to detect potential threats.”
The move has attracted concern from Communication Workers Union national secretary Greg Rayner, who said the union was not consulted on the introduction of the technology.
“That’s disappointing and arguably a breach of Telstra’s obligations under the current enterprise agreement,” he said. “They’re supposed to consult on changes that will have a significant effect on the workforce. Telstra employees have been subjected to increasingly intense electronic monitoring in recent years, including scrutiny and recording of their online activities at work. We are obviously concerned that this technology will allow further intrusions into employees’ day-to-day working lives.”
Telstra has history in regard to unions and whistle-blowers — in 2008, former employee Jim Ziogas was fired after being connected to a leak to the media of internal plans to de-unionize the workforce.
Whistle-blowers Australia vice president Brian Martin does not have a lot in common with Darktrace, but he does share a fondness for immune-system analogies.
“Whistle-blowers are antibodies for corruption in organizations,” he said. “If it were possible to prevent leaks —and that remains to be shown — this might only allow problems to fester until they become much worse. Think of what happened to Volkswagen, which lacked any whistle-blowers or leakers and paid a much larger penalty than if its emissions fraud had been exposed years earlier.”
He said invading the privacy of workers has the potential to create resentment and undermine loyalty, and that a lack of independent monitoring means there are serious questions regarding the effectiveness of Darktrace’s Enterprise Immune System, particularly in regard to false positives and false negatives.
“The damage to morale done by falsely accusing an employee of planning to leak documents can be imagined,” he said. “How about this option? Adapt the software to monitor the e-communications of top managers to see whether they are planning reprisals against whistle-blowers. How do you think they would like that?”
Devised as it was by former agents from Britain’s MI5 and Government Communications Headquarters, inspired by the challenges they were facing in counterintelligence, Darktrace technology is also an interesting proposition for governments, but the company is more coy about the countries that it counts as clients than the businesses it services.
RIVALS
A spokesperson for the Australian Signals Directorate — the department of defense intelligence agency that bears the slogan “reveal their secrets, protect our own” — refused to confirm or deny use of Darktrace technology, saying it does not “provide commentary on capability or use of commercial products.”
There are certainly plenty of rivals to Darktrace technology also promoting their cybersecurity platform’s integration of the latest machine-learning capabilities, including CrowdStrike, Symantec and Cylance.
Then there are Darktrace’s true rivals — hackers themselves.
Thomas LaRock, technical evangelist at information technology company SolarWinds, said that machine learning is a tool that can be used to attack just as easily as it can be used to defend.
“If it is possible to use machine learning to build a model that helps them launch cyberattacks with greater efficiency, then that’s what you can expect to happen,” he said. “Think of this as a spy game, where you have agents that go from one side to another. There is bound to be a person somewhere right now working on machine-learning models to deter crime. One day they could be found to be working for the criminals, using machine learning models to help commit crime.”
Aurora defends the use of machine learning at Darktrace, saying this is one game companies cannot afford to opt out of.
“If you look at the way the threat landscape is moving, it is just simply humanly impossible using conventional methods — the only way to react to these threats is AI and machine learning,” he said. “We are proud to achieve on that front — pure, unsupervised machine learning, as employee behavior changes. That is the secret sauce — continuously evolving and learning.”
Saudi Arabian largesse is flooding Egypt’s cultural scene, but the reception is mixed. Some welcome new “cooperation” between two regional powerhouses, while others fear a hostile takeover by Riyadh. In Cairo, historically the cultural capital of the Arab world, Egyptian Minister of Culture Nevine al-Kilany recently hosted Saudi Arabian General Entertainment Authority chairman Turki al-Sheikh. The deep-pocketed al-Sheikh has emerged as a Medici-like patron for Egypt’s cultural elite, courted by Cairo’s top talent to produce a slew of forthcoming films. A new three-way agreement between al-Sheikh, Kilany and United Media Services — a multi-media conglomerate linked to state intelligence that owns much of
The US and other countries should take concrete steps to confront the threats from Beijing to avoid war, US Representative Mario Diaz-Balart said in an interview with Voice of America on March 13. The US should use “every diplomatic economic tool at our disposal to treat China as what it is... to avoid war,” Diaz-Balart said. Giving an example of what the US could do, he said that it has to be more aggressive in its military sales to Taiwan. Actions by cross-party US lawmakers in the past few years such as meeting with Taiwanese officials in Washington and Taipei, and
The Republic of China (ROC) on Taiwan has no official diplomatic allies in the EU. With the exception of the Vatican, it has no official allies in Europe at all. This does not prevent the ROC — Taiwan — from having close relations with EU member states and other European countries. The exact nature of the relationship does bear revisiting, if only to clarify what is a very complicated and sensitive idea, the details of which leave considerable room for misunderstanding, misrepresentation and disagreement. Only this week, President Tsai Ing-wen (蔡英文) received members of the European Parliament’s Delegation for Relations
Denmark’s “one China” policy more and more resembles Beijing’s “one China” principle. At least, this is how things appear. In recent interactions with the Danish state, such as applying for residency permits, a Taiwanese’s nationality would be listed as “China.” That designation occurs for a Taiwanese student coming to Denmark or a Danish citizen arriving in Denmark with, for example, their Taiwanese partner. Details of this were published on Sunday in an article in the Danish daily Berlingske written by Alexander Sjoberg and Tobias Reinwald. The pretext for this new practice is that Denmark does not recognize Taiwan as a state under