有上過計算機概論或人工智慧課程的人應該都聽過Turing Test,這是Alan Turing早在1950年的論文"Computing machinery and intelligence"所提出的概念。Alan Turing認為,要判斷一部機器是否具有智慧,應該要有一個放諸四海皆準的測試方法。他所提出的方法是由一個擔任裁判的人類,分別與要測試的機器及另一個人類對談。如果擔任裁判的人類,無法很有把握的分別出他所交談的對象那個是機器,那個是人類,那麼,這部機器就算是通過了Turing Test。
為了將這個測試限縮在機器的語言智慧能力,而不是在其他功能(例如text-to-speech),擔任裁判的人類只能利用純文字對談管道與接受測試的對象溝通(例如文字終端機介面)Turing test是不是真能判斷程式具有「智慧」仍有爭議,不過,對壞人來說,這種學理的探討完全是多餘的。蘇聯的駭客已經開始利用可以和人進行自由對話的chatbot程式來竊取個人隱私身分資料。這樣的方式威力何在?我們先回過頭來看看目前電腦上個人資料遭竊取的主要過程:對一個有心要透過網路竊取個資的駭客來說,目前主要都是利用惡意網站或電子郵件當作媒介,將木馬程式及鍵盤側錄程式安裝在被害人的電腦上。當被害人在網路銀行或電子商務網站進行交易時,這些惡意側錄程式便會竊取網路銀行的帳號密碼或信用卡卡號。只是目前越來越多使用者已經被教育不要隨便點選電子郵件或即時通訊軟體中的可疑連結,因此駭客要安裝木馬程式的困難度是提高了不少。
此外,對貪心的經濟罪犯來說,光只有網路帳號密碼或信用卡卡號也許還不夠,如果能夠把其他的個人資料(例如身分字號、電話、生日及住址等)與信用卡卡號再整合起來,那所能夠創造的「經濟效益」將會更大。不過,要將個人資料與信用卡卡號資訊整合起來,通常還需要在被害人的電腦上面做進一步的資料分析,這還是會耗費相當多的人力成本。
針對上面提到的兩個問題,蘇聯的駭客開發了一套叫做CyberLover的chatbot來提高安裝木馬程式的機率,與降低竊取個人資料的成本。這個CyberLover能夠進入聊天室內,在30分鐘內與10個人建立對談關係。由於CyberLover能與被害人建立一個完整的對話情境,而進入聊天室的人大多也習慣會透露出個人的背景資料,以便能夠與交談的對象建立後續的關係,因此CyberLover就能夠在被害人不知覺的情況下獲得個人資料。
CyberLover還能夠進一步導引被害人到含有木馬程式的Social Network網站中,以便在被害人網站上安裝木馬程式及鍵盤側錄程式。CyberLover最後會將對談的過程彙整成為一份報告,將其中個人資料的部分萃取出來。雖然報導中並沒有提及與CyberLover對談被發現是chatbot的機率有多高,但可以預見的趨勢是:未來網路詐騙與社交工程入侵,勢必將結合更多的人工智慧技術在內。
The creation of a computer program or robot with artificial intelligence that would be able to communicate freely with humans is a long-held dream of scientists and engineers the world over.
Anyone who has taken college courses in computing theory or artificial intelligence will be familiar with the "Turing Test", the concept first put forward by Alan Turing in 1950 in his paper "Computing Machinery and Intelligence." Turing suggested that, in order to determine whether a machine possessed true intelligence, it would be necessary to develop a test that would be universally applicable. The method that Turing proposed was for a human to hold a conversation with the machine being tested and a conversation with another human, without being aware which was which. If the human judge was unable to say with confidence whether they had been talking to a machine or a human, then the machine could be deemed to be intelligent.
To ensure that the test measured only the machine's speech intelligence capability, rather than other functions (such as text-to-speech), the human judge would only be allowed to communicate with the machine through a text interface. There is considerable debate as to whether the Turing Test can really measure "intelligence". However, from the point of view of criminals, these academic debates are irrelevant. Hackers in Russia have already developed "chatbot" programs that can talk to people and trick them into revealing confidential information. What makes this technique so effective? If one considers the main avenues whereby computers are used to steal personal information, currently, the most commonly used methods are the establishment of malicious websites, and e-mail (to install Trojan horse programs and keyboard loggers onto the victim's computer). When the victim undertakes an online banking or e-commerce transaction, the malware steals their bank account PIN number or credit card number. However, more and more computer users have been educated not to open suspicious e-mails or to click on hyperlinks inmessaging programs, so it is becoming more difficult for hackers to install Trojan programs in this way.
A further point is that, from the point of view of the whitecollar criminal, having access to the victim's bank account number or credit card number may not be enough. If they can also secure additional personal data, such as the victim's ID card number, telephone number, date of birth, address etc., then this information, used in combination with the bank account or credit card details, can create even greater "economic benefits" for the criminal. In the past, however, securing this additional information has required timeconsuming data analysis.
To get round this problem, hackers in Russia have developed a chatbot called "CyberLover" that facilitates the successful installation of Trojan programs, while reducing the time and effort that the hacker needs to expend to steal data. CyberLover is capable of entering online chatrooms and striking up relationships with 10 different individuals within 30 minutes. CyberLover creates a completely authenticseeming chat experience, and leverages the background information that victims reveal to establish an ongoing relationship through which CyberLover can steal personal information without the victim being aware of what is going on.
CyberLover can also induce victims to visit social networking sites through which Trojan programs and keyboard loggers can be installed on the victim's computer. In thefinal stage in the process, CyberLover compiles a reportthat summarizes the personal information obtained fromthe victim. The news reports that have appeared aboutCyberLover so far do not indicate how easy it is for computerusers to detect that CyberLover is a chatbot. However, itseems certain that, in the future, online scams and socialengineering attacks will come to make more and more useof artificial intelligence technology.
Posts
No comments:
Post a Comment