Troubled by something deeply unethical going on at work? Or maybe you are plotting to leak sensitive information on the company that just sacked you? Either way, you best think twice before making your next move because an all-seeing artificial intelligence (AI) might just be analyzing every e-mail you send, every file you upload, every room you scan into — even your coffee routine.
The latest wave of cyberdefense technology employs machine learning to monitor use of the ever-expanding number of smart household objects connected to the Internet of Things — shutting down hackers before they have broken into corporate databases or whistle-blowers before they have forwarded information to the media.
One of the leading proponents is cyberdefense company Darktrace, founded in 2013 by former British intelligence officers in Cambridge and today featuring 370 employees in 23 offices globally. The company is targeting growth in the Asia-Pacific region, where regional head Sanjay Aurora is promoting Darktrace’s Enterprise Immune System at the CeBIT Australia conference in Sydney on May 23.
Illustration: Yusha
In an interview ahead of the conference, Aurora told the Guardian that the Internet of Things, the interconnected everyday devices such as the smart refrigerator, offers more vulnerabilities to be hacked than ever before — but also more ways to scan for threats.
“In newspapers there is not a single day where we don’t read about an organization being breached,” he said. “At a time when even coffee machines have IP [Internet protocol] addresses, many people in security teams don’t so much as have visibility of the network.”
Where cybersecurity normally functions as a barrier to keep out previously identified threats, Aurora said Darktrace technology behaves more like a human immune system.
“Once you understand the devices and people, once you notice subtle changes within the network, you establish a pattern of life, and whether it is lateral movement or unusual activity — maybe an employee using a device they don’t normally use, or a fingerprint scanner acting unusually — the immune system notices and takes action, detecting these things in network before they become a headline,” he said.
Darktrace’s package includes a 3D topographical real-time “threat visualizer” that monitors everyday network activity and the responsive Antigena system, which can decide for itself to slow systems down to give security personnel time to stop a potential breach, cut off network access to particular individuals, or mark specific e-mails for further investigation.
“Let’s say an employee is made redundant and becomes a potential information threat, the machine will intelligently determine what is the problem, assess the mathematical threat and then decide what action is to be taken,” Aurora said.
Darktrace says its Enterprise Immune System has reported more than 30,000 serious cyberincidents in more than 2,000 deployments across the world, offering examples such as an employee who was disgruntled about their company’s Brexit plans and was caught before the person could leak the information.
FINGERPRINTS
Another case was put forward by Darktrace cofounder Poppy Gustafsson at the TechCrunch Disrupt conference in London last year.
Gustafsson cited the case of attackers sending a truck into the warehouse of a luxury goods manufacturer after uploading their fingerprints to the company’s system to bypass the biometric scanners.
“It’s one of the few attacks where a criminal has given their fingerprint ahead of time,” she said.
Darktrace is well on the way to establishing itself in Australia ahead of the CeBIT business tech conference, already boasting clients such as national telecommunications provider Telstra.
A Telstra spokesperson said the company “joined forces with Darktrace last year, adding it to a suite of complementary security technologies that are designed and utilized to protect customer and corporate information and the Telstra network.
Darktrace, along with our other technologies, people and processes, strengthens Telstra’s internal security through its ability to detect anomalous activity and its ability to visualize all network activity, resulting in a reduced time to detect potential threats.”
The move has attracted concern from Communication Workers Union national secretary Greg Rayner, who said the union was not consulted on the introduction of the technology.
“That’s disappointing and arguably a breach of Telstra’s obligations under the current enterprise agreement,” he said. “They’re supposed to consult on changes that will have a significant effect on the workforce. Telstra employees have been subjected to increasingly intense electronic monitoring in recent years, including scrutiny and recording of their online activities at work. We are obviously concerned that this technology will allow further intrusions into employees’ day-to-day working lives.”
Telstra has history in regard to unions and whistle-blowers — in 2008, former employee Jim Ziogas was fired after being connected to a leak to the media of internal plans to de-unionize the workforce.
Whistle-blowers Australia vice president Brian Martin does not have a lot in common with Darktrace, but he does share a fondness for immune-system analogies.
“Whistle-blowers are antibodies for corruption in organizations,” he said. “If it were possible to prevent leaks —and that remains to be shown — this might only allow problems to fester until they become much worse. Think of what happened to Volkswagen, which lacked any whistle-blowers or leakers and paid a much larger penalty than if its emissions fraud had been exposed years earlier.”
He said invading the privacy of workers has the potential to create resentment and undermine loyalty, and that a lack of independent monitoring means there are serious questions regarding the effectiveness of Darktrace’s Enterprise Immune System, particularly in regard to false positives and false negatives.
“The damage to morale done by falsely accusing an employee of planning to leak documents can be imagined,” he said. “How about this option? Adapt the software to monitor the e-communications of top managers to see whether they are planning reprisals against whistle-blowers. How do you think they would like that?”
Devised as it was by former agents from Britain’s MI5 and Government Communications Headquarters, inspired by the challenges they were facing in counterintelligence, Darktrace technology is also an interesting proposition for governments, but the company is more coy about the countries that it counts as clients than the businesses it services.
RIVALS
A spokesperson for the Australian Signals Directorate — the department of defense intelligence agency that bears the slogan “reveal their secrets, protect our own” — refused to confirm or deny use of Darktrace technology, saying it does not “provide commentary on capability or use of commercial products.”
There are certainly plenty of rivals to Darktrace technology also promoting their cybersecurity platform’s integration of the latest machine-learning capabilities, including CrowdStrike, Symantec and Cylance.
Then there are Darktrace’s true rivals — hackers themselves.
Thomas LaRock, technical evangelist at information technology company SolarWinds, said that machine learning is a tool that can be used to attack just as easily as it can be used to defend.
“If it is possible to use machine learning to build a model that helps them launch cyberattacks with greater efficiency, then that’s what you can expect to happen,” he said. “Think of this as a spy game, where you have agents that go from one side to another. There is bound to be a person somewhere right now working on machine-learning models to deter crime. One day they could be found to be working for the criminals, using machine learning models to help commit crime.”
Aurora defends the use of machine learning at Darktrace, saying this is one game companies cannot afford to opt out of.
“If you look at the way the threat landscape is moving, it is just simply humanly impossible using conventional methods — the only way to react to these threats is AI and machine learning,” he said. “We are proud to achieve on that front — pure, unsupervised machine learning, as employee behavior changes. That is the secret sauce — continuously evolving and learning.”
There is much evidence that the Chinese Communist Party (CCP) is sending soldiers from the People’s Liberation Army (PLA) to support Russia’s invasion of Ukraine — and is learning lessons for a future war against Taiwan. Until now, the CCP has claimed that they have not sent PLA personnel to support Russian aggression. On 18 April, Ukrainian President Volodymyr Zelinskiy announced that the CCP is supplying war supplies such as gunpowder, artillery, and weapons subcomponents to Russia. When Zelinskiy announced on 9 April that the Ukrainian Army had captured two Chinese nationals fighting with Russians on the front line with details
Within Taiwan’s education system exists a long-standing and deep-rooted culture of falsification. In the past month, a large number of “ghost signatures” — signatures using the names of deceased people — appeared on recall petitions submitted by the Chinese Nationalist Party (KMT) against Democratic Progressive Party legislators Rosalia Wu (吳思瑤) and Wu Pei-yi (吳沛憶). An investigation revealed a high degree of overlap between the deceased signatories and the KMT’s membership roster. It also showed that documents had been forged. However, that culture of cheating and fabrication did not just appear out of thin air — it is linked to the
The Chinese Nationalist Party (KMT), joined by the Taiwan People’s Party (TPP), held a protest on Saturday on Ketagalan Boulevard in Taipei. They were essentially standing for the Chinese Communist Party (CCP), which is anxious about the mass recall campaign against KMT legislators. President William Lai (賴清德) said that if the opposition parties truly wanted to fight dictatorship, they should do so in Tiananmen Square — and at the very least, refrain from groveling to Chinese officials during their visits to China, alluding to meetings between KMT members and Chinese authorities. Now that China has been defined as a foreign hostile force,
On April 19, former president Chen Shui-bian (陳水扁) gave a public speech, his first in about 17 years. During the address at the Ketagalan Institute in Taipei, Chen’s words were vague and his tone was sour. He said that democracy should not be used as an echo chamber for a single politician, that people must be tolerant of other views, that the president should not act as a dictator and that the judiciary should not get involved in politics. He then went on to say that others with different opinions should not be criticized as “XX fellow travelers,” in reference to
RSS