Portal de Periódicos da CAPES

The Future of Cybercrime: AI and Emerging Technologies Are Creating a Cybercrime Tsunami

2023; RELX Group (Netherlands); Linguagem: Inglês

10.2139/ssrn.4507244

1556-5068

Philip Treleaven, Jeremy Barnett, Daniel W. Brown, Andrew Bud, Enzo Fenoglio, Charles Kerrigan, Adriano Koshiyama, Sally Sfeir-Tait, Martin Schoernig,

Ethics and Social Impacts of AI

It is generally agreed that society is on the threshold of an 'explosion' of cybercrime from AI and emerging technologies, and that law enforcement, (financial) regulators, and institutions are ill prepared. The key challenge is awareness: since cybercrime operates in a criminal ecosystem (i.e., parallel universe). In particular, law enforcement requires awareness training and radical restructuring of its operational model to detect and prosecute emergent and previously unseen cybercrime.A notable driver is generative AI (e.g., ChatGPT). GPT-4, trained on 170 trillion parameters, is just one emerging technological but a quantum leap (cf. iPhone). Plug-ins are now available using Microsoft 365 Copilot and GitHub, with numerous companies launching generative AI add-ins to their products, such as Bloomberg GPT (Bloomberg, 2023). And on the horizon is Algorithmic Superintelligence (ASI) far surpassing most gifted human minds.The current tsunami of digital legitimate innovation is matched by AI deep fakes, blockchain NFT fraud, smart contract vulnerabilities, denial-of-service infrastructure attacks, cryptocurrency ransomware, abusive metaverse avatars, etc., a digital Pandora's box. As a portent, cybercriminals are using ChatGPT to write crimeware programs and using data analytics to profile potential victims. Researchers at Microsoft demonstrated a text-to-audio tool that having heard just 3 seconds of audio can fully replicate your voice (Edwards, 2023). So much for identity theft and secure online banking platforms that use popular voice recognition "my voice is my password"! Cybercrime is also industrializing; increasingly sophisticated cybercriminals are collaborating, and also partnering with rogue governments for the assemblage of social media misinformation, autonomous agents and big data directed towards the manipulation of public opinion through computational propaganda (Chessen, 2017).All emerging technologies challenge society to balance innovation and regulation; and address emergent unforeseen abuses. Some illegal, some opportunistic. Traditionally, cyber 'crime' covers illegal activities in cyberspace, but arguably needs to cover a growing spectrum of future opportunistic unregulated dark or 'sludge' practices. Examples include (foreign) government propaganda and social manipulation, surveillance, jurisdictional arbitrage, utility companies 'harvesting' customer bank accounts, inflating customer renewals, AI training data involving copyright infringement, online platforms encouraging digital addiction, market manipulation, paid influencer promotions, reputational and abuse attacks, or using AI to generate crimeware, etc. (see Figure 1).More importantly, law enforcement and regulators traditionally operate a) retrospectively, b) with identifiable individuals and organizations, and c) in national jurisdictions. Cybercrime is changing all of this. Firstly, the dynamic nature of emerging technologies requires near real-time intervention using authentication and anomaly detection. Examples being misinformation or deepfake impersonation. Secondly, participants are increasingly anonymous: humans, algorithms, avatars, and organizations. Thirdly, innovations and abuses frequently occur in cyberspace domains unfamiliar to regulators and law enforcement. An example being young TikTok influencers offering financial advice to young naïve fans.For society, this is a technological singularity - a future point in time at which technological growth may become uncontrollable and irreversible, resulting in unforeseeable changes. Issues to be addressed include:▪ Agents/actors – participants moving from the realm of humans to algorithms, avatars, androids in virtual environments.▪ Algorithms–AIalreadyembracesgenerativeAI;onthehorizonisartificialgeneralintelligence (AGI) and Superintelligence (ASI), with society potentially losing control.▪ Deepfakes – AI deep learning algorithms are now capable of creating totally convincing texts, images, speech, and video.▪ Globalization – participants moving from identifiable humans and institutions operating in national jurisdictions, to digital agents/actors operating anonymously in global virtual environments.▪ Smart devices – the proliferation of 'smart' autonomous networked devices including smartphones, computers, Bluetooth devices, and internet of things (IoT) sensors in vehicles, machines, and the built environment etc.In confronting future cybercrime, law enforcement needs to utilize the very same AI and emerging technologies to automate. As illustrated by Figure 2, to move from a traditional 'physical' world to the new 'digital' ecosystem, of anonymous algorithms, inaccurate information, real-time interventions, global jurisdictions, and autonomous devices.We argue that the immanent rise of cybercrime requires law enforcement and regulators to radically rethink their operational model. In particular, law enforcement needs to replicate theinnovation and automation of (financial) regulators, notably the pioneering UK Financial Conduct Authority (FCA), who have leveraged AI and emerging technologies for data science and automation, through radical tech sprints (cf. hackathons) and experimental sandboxes to understand and support rapid innovation. Care must be taken to ensure that a distinction is made between automation of enforcement/litigation and automation of the judicial/regulatory decision making processes.This paper is a review of AI and emerging technologies from the perspective of cybercrime and law enforcement:▪ Emerging technologies (DeepTech) – introduction to AI and emerging technologies: hijacked by criminals and by necessity utilized by law enforcement and regulators to combat cybercrime.▪ Cybercrime innovation (CrimeTech) – what we have dubbed 'CrimeTech' is AI and emerging technologies exploited for criminal activities, either for abuse, to make money or cause damage (cf. FinTech for criminals).▪ Information Security Technology (InfoSec) – covers the tools and processes that organizations will use to protect information, devices and IoT infrastructure from future cybercrime.▪ Law Enforcement (LawTech) - using AI and emerging technologies to support law enforcement, regulation, and legal services: PoliceTech the wide range of scientific and technological methods, techniques, and analytics used in policing; SupTech supporting 'supervisors' (e.g., regulators, police); RegTech regulatory monitoring, reporting, and compliance; LegalTech supporting the legal services firms and JudicialTech an extension of the virtual court movement using decision making methods to narrow the issues and decide fault/culpability/sanction.The paper's contribution is firstly to raise awareness: alert readers to this 'parallel universe' of cybercrime and secondly to suggest an appropriate response for government and regulators . Given the scope, appendices list definitions of key terms for DeepTech, CrimeTech, InfoSec and LawTech.