Why Hackers Stay Ahead of Artificial Intelligence
It sounds like a heavyweight bout, but it's more of a schoolyard beatdown.
Since the question at the heart of Alan Turing’s influential 1950 essay “Computing Machinery and Intelligence,” “Can Machines Think?” has been largely resolved by neural net technology, another puzzler has stepped into the spotlight. Can machines think better than humans? It’s a question that, surprisingly, might share an answer with its own inversion. Can humans think better than machines? Yes.
Hackers, whose m.o. is to outthink machines, remain largely unconcerned about progress in artificial intelligence or artificial counterintelligence. They know that just because computers can be smarter and more facile than humans doesn’t mean humans can’t turn the tables.
“No A.I. that presently exists can emulate even the most basic hacker skills,” says Eric S. Raymond, a well-known developer and advocate of open source software. “Whether that will ever be possible in the future is unknown, and unknowable. We are not in a position to predict what the capabilities of A.I.s will be in 10, 20, or 50 years. Anybody who tells you they can is deceiving you, or, more likely, themselves.”
This is the sort of strident answer you get when you ask someone in the white hat community about A.I. hacking skills. They are, to a man, unimpressed by the capabilities of their autonomous rivals. The trash talk isn’t in binary, but the point should be clear to even the most basic program: You’ve got nothing.
To understand why, you have to understand what makes a good hacker.
Jon Erickson, a cryptologist and security specialist working in Northern California, thinks there are five essential skills all successful hackers need: programming, assembly language, debugging, reverse engineering, and researching.
- Programming: Programming is the ability to write code in order to formulate executable computer programs.
- Assembly language: Assembly languages are programming languages one step removed from a computer’s inherent machine language that read off as numbers no human can translate. This code allows hackers to access CPU architecture in order to ascertain what is happening rather than what was commanded. -Debugging:
- Debugging: Debugging is the process of cleaning up defects in a program. “Knowing how to use a low-level debugger allows a hacker to explore and inspect programs as they are executed,” Erickson says. “The use of a debugger is one of the best ways to see how everything actually interacts in practice.”
- Reverse Engineering: “Reverse engineering is basically a way to figure out what a program does, just by looking at the machine instructions or the data a program sends back and forth,” says Erickson. “Sometimes just looking at things like router firmware images or closed source software is enough to find backdoors or vulnerabilities in the code that exist simply because it was assumed no one would actually look at the machine instructions.”
- Researching: “Keeping up to date with new research and discoveries in the hacking world is important to stay ahead of the curve,” explains Erickson. “But this doesn’t mean old techniques aren’t worth knowing about. For example, stack-based overflow exploits have been around for over half a century and are still being used by hackers today.”
Could A.I.s possess all of these traits? Almost certainly. Programming and mastery of assembly language are pretty much built into A.I programs and reverse engineering is a more natural process for a machine than a human, who might not ever get to it, what with all the time debugging.
But A.I. programs aren’t good at research. Though they may have a catalog of information and even the built-in creativity to try various schematic approaches, changing conditions fluster machines. Humans can reorient themselves to seek results without process, but machines really can’t. They can only poke and prod, adapting to conditions reflexively rather than proactively. This is why systems that don’t stop human attacks can stymie A.I. hackers.
The ultimate hacker versus A.I. showdown is looming. The United States Military is prepared to host the 2016 DARPA Cyber Grand Challenge Finals at the annual DEF CON war games, an event that will feature seven teams (whittled down from 104) protecting security systems from attacks launched by other teams’ computer-hacking programs. It’s capture the flag and the flag is a data packet.
And it sounds considerably more exciting than it’s likely to be.
“The ability to replicate the incredible power of human ingenuity is not currently within our understanding,” says Alex Rice, co-founder and CTO of the cybersecurity firm HackerOne. “The best hackers I know are driven by a strong conviction that absolutely anything is possible.”
When a machine shows conviction, Rice says he’ll get worried. But machines don’t have egos — not yet.