“2028 – Hacker-AI and Cyberwar 2.0+”
Securing our Future: Proactive Resilience through Separated Security Measures
You can access here the entire book – for free.
AI-assisted Hacking (or Hacker-AI) is discussed for its use in Cyberwar and Cybercrime. It would be pure madness if we would let that happen. Cybersecurity paradigms must be modified and updated so that we have a chance to deal with threats from the use of AI in generating malware.
The solution is discussed in the following 3 chapters:
- Chapter 11. (Countermeasures – Technical Solutions For Hacker-AI) contains solution components.
- Chapter 12. (Countermeasures – Understanding why they work) explain why they are sufficient.
- Chapter 13. (Development of Hacker-AI Countermeasures) introduces an implementation: Low-Level Security Separation (L2S2).
If you disagree, let me know: 2028 [at] nogostar.com. If you agree, share this page.
Also, if you like this book, please consider buying a paperback/hardcopy or support this effort via Patreon
I have segmented the book into 1 file per chapter.
- Current cybersecurity and its paradigms are insufficient when AI is used by cyber-attacker. AI-assisted hacking is much faster, more flexible, and less detectable than tools from the most knowledgeable human hacker using today’s best attack tools.
- We must stop malware-based cyberwar and cybercrime with proactive, preventative, redundant tools that give defenders sustainable advantages. This book is a step in that direction.
- The Author, Erland Wittkotter, Ph.D., took a fresh from outside. He started this privately funded AI/ASI safety research in late 2019. As a mathematician with a Ph.D. in theoretical physics, most of his career, he was an entrepreneur working in tech. His interests include data architecture, AI, cryptography, cybersecurity, and understanding low-level computer features (CPU, OS Kernel, Databus/USB, etc.). Besides system programming in C/C++, he did Reverse Code Engineering (RCE) as a hobby hacker for about 30 years. As a software developer, he has a passion for Python, giving him hands-on experience with machine learning/AI concepts.
- His approach: simple, reliable anomaly detection, “low-level” – unnoticeable for users and most developers – non-bypassable by attackers. We must apply the same security measures in AI/AGI/ASI safety. We should not forget: AI/AGI/ASI can never be trusted when computer vulnerabilities can be exploited covertly. We should not waste time. Hopefully, it’s not too late.
Preface, Introduction: https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_00_Intro.pdf
- Main Takeaways
- Hacker-AI is AI-assisted hacking (or AI-power or AI-driven hacking). Reason for this term: emphasizing AI’s role in the hacking. It can assist humans, but AI could also have a more active or independent role as an automated tool or resource used by the human hacker.
- Computer vulnerabilities result from software complexity; current OS security is insufficient to protect our devices.
- Software can be modified covertly; tools cannot be trusted. Attackers vanish unidentified. Secrets are unreliable in defense. Defenders can be turned into traitors.
- Hacker-AI generates undetectable and irremovable malware. It is uncertain who will develop and use it.
- Hacker-AI-generated malware can steal data (keys), surveil at a mass scale, covertly communicate among user devices, and design/execute misdirection/deception campaigns.
- Cyberwar 2.0 uses Hacker-AI to overthrow governments in targeted countries (less costly than conventional warfare). It could be used in China annexing Taiwan or the US assisting the Russian opposition in transitioning to a post-Putin country.
- Although the experience of being in a Cyberwar 2.0 cannot be compared to the horrors of conventional wars, long-term consequences for people’s freedom and life are severe.
- Cybercrime 2.0 includes disrupting eCommerce, money laundering, manipulating law enforcement, and even cyber jailbreaks where malware taints or creates confusion with evidence.
- Proposed technical solutions for Hacker-AI include developer accountability, hashcodes/ whitelisting, and separating security from regular tasks. New cybersecurity paradigms are suggested; we need quick low-level security separation (L2S2) and an (open-source) expert development community.
1. Why do we have Vulnerabilities in our Computers? https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_01.pdf
- Acknowledging Complexity
- Complexity is the enemy of security
- Who is Responsible for Vulnerabilities?
- Attackers, developers, system designers, or users?
- Layers and Components
- When it helps developers, then it helps also attackers/hackers
- Could OS Security be Strong Enough to Protect Devices?
- Can we trust Apple’s (Lockdown) security?
2. Digging Deeper into Computer Vulnerabilities https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_02.pdf
- Overview – reasons for vulnerabilities:
- (1) Software is invisible
- (2) Software is covertly modifiable
- (3) Every tool/component could be compromised” or “Any app can be made dangerous
- (4) Attacker chooses methods and timing”. Attackers have the first-mover advantage
- (5) Attackers know more (about vulnerabilities)
- (6) Attackers can adapt to (known) methods of detection (quickly)
- (7) Attackers can get away unidentified
- (8) Secrets are unreliable in defense
- (9) Defenders can be compromised
- (10) Software output could be faked (late)
- (11) Complexity is an enemy of security
- (12) Crypto-Keys/Units are unprotected
- (Current) Cybersecurity Paradigms are:
- (1) Do not trust CPU/OS – but still use it (no choice)(2) Blacklists of threats are sufficient(3) Software developers are not trusted partners(4) Single-Unit-Security
- Institutional Resistance Against Better Security
3. Hacker-AI, Cyber Ghosts, and Cyber Devils https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_03.pdf
- Hackers are Challenged – Hacking is difficult and time-consuming
- But: Automation and AI reduce the barrier to entry
- Who will Develop and Use Hacker-AI
- Software/Application Environments (as easy targets)
- Undetectable Cyber Ghosts and Irremovable Cyber Devils
- Hacker-AI Types (Type-I/-II)
- Blindspots – even Hacker-AI has limits
4. Hacker-AI – Basic Features and Consequences https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_04.pdf
- Overview of Feature Categories for Attacker Tools:
- Preparation Tools – Information Gathering
- Attack Tools – starting Hostilities
- Attack Exploitation
- Fortification/Protection of Position
- Miscellaneous: Misdirection, Decision-/Planning Layer
- Preparation – Information Gathering via
- 1. Tech Library (getting details on all technologies)
- 2. Cyber Reconnaissance (Info on all devices/targets)
- 3. Tech-Simulator (extracting and testing exploits – before using it)
- Attack Tools for Starting Hostilities
- 4. Cyber Beachhead Planner (tools/exploits to get on devices – best: covert/click-free)
- 5. Rights- or Permission-Elevation (exploits to get sys-admin rights – then do anything)
- 6. Cyber Cradle Builder (effective hiding malware unpredictable)
- 7. Cyber Whisperer (reliable backdoor usage and stealth piggybacking/communication)
- 8. Cyber Masterthief (stealing data: user credentials, crypto-keys)
- 9. Cyber Freeloader (utilizing other device apps, resources, and features, i.e., living off the land)
- 10. Cyber Covert/Shadow Recorder (surveillanceware that stores from multiple devices pre-processed (aggregated) relevant intelligence about users – reducing load on attacker’s servers)
5. Hacker-AI – Advanced Features and Considerations https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_05.pdf
- Fortification/Protection of Position (i.e., waiting for being used later)
- 11. Cyber Ghost (undetectable software – avoiding any trace to show its presence)
- 12. Cyber Devil (irremovable malware fights late-comers for exclusive use of devices – then: resistance is futile)
- 13. Covert/Private Backdoor Facilitator (restricting access to a backdoor to their original owners/ creators using asymmetric encryption)
- Misdirection/ Decision Layer
- 14. Cyber Patsy Designer (tool to create “evidence” or diversions to have humans stop investigating suspicious problems arising from Hacker-AI or Cyberwar 2.0; only amateurs are caught)
- 15. Attack Synchronization/Management (managing command and control of an attack – comprehensive/remote Cyberwar planning/operation)
- Final Thoughts on Hacker-AI feature details
- State-actors/leaders need to consider: who and how to control the AI operators?
6 War, Cyberwar and Hacker-AI https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_06.pdf
- War is Politics with other means – the goals of war …
- What is Cyberwar 1.0
- Cyberwar 1.0 is damage-generating malware and digital propaganda
- What is Cyberwar 2.0 .
- Cyberwar 2.0 decapitates a country’s government or civil society – regime change
- 2.0 uses the following capabilities:
- (1) Surveillance
- (2) Selective access denial (denying digital services to specific people)
- (3) Directly intimidating people (psyops)
- (4) Realtime Deep-Fakes, redefining truth, news-generation/rumors
- (5) Reduction of costly consequences of a typical war.
- (6) Misdirection.
- Hacker-AI and cyberwar requirements
- (i) hiding activities from the main OS
- (ii) hide/change its attacking code/configuration against advanced detection/forensics, and
- (iii) receive/request covert instructions from the outside on what to do
- (iv) (potentially): connect with neighbors in occupied networks to share data, or explore more unoccupied devices
- Cyberwar is a consequence of Hacker-AI
- What is detectable in Cyberwar 2.0?
- Simulation of Cyberwar 2.0 activities
7. Cyberwar 2.0 – A New Frontier in Warfare https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_07.pdf
- Cyberwar 2.0 – Phases
- CWP-I (Pre-War or Preparation)
- CWP-II (Actual War)
- No textbook case can help us to define when a (real) cyberwar starts or ends
- We define: Cyberwar 2.0 begins when the assailing country infringes via coordinated cyberattacks on the sovereign rights within the targeted country’s territory
- Cyberwar 2.0 ends with establishing a new puppet government controlled by the assailant
- CWP-III (Post-War or Aftermath)
- Comparing Cost of War: Conventional vs. Cyberwar 2.0
- The first mover in a Cyberwar 2.0 most likely wins
- Where could Cyberwar 2.0 Happen?
- USA Using It Against …
- China is Using It Against Taiwan
- Rogue Actors Providing “Regime-Change as a Service”
8. How is it to be in a Cyberwar 2.0 https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_08.pdf
- Public View
- Intimidated Clerks and Officials.
- Security Officers as Unwilling Tools
- Governments Receiving Intelligence and Preparing
- Assailants Preparing and Executing an Attack
9. Cybercrime 2.0 – Scenarios https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_09.pdf
- Where could we Expect Cybercrime 2.0
- (1) Cyber Masterthiefs and Disruptors of eCommerce
- (2) Money Laundry 2.0
- (3) Manipulating Law Enforcement – (Cyber-Jailbreak?)
- (4) On-/Offline Identity Management
- (5) Cyberwar 2.0 as a Service
10. Cyberwar 3.0 – Start of a Solution https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_10.pdf
- What is Cyberwar 3.0
- Cyberwar 3.0 is a war against weapons – using non-lethal, autonomous microdrones
- It’s a future war scenario in which humans do not belong on the battlefield
- Without non-lethal weapons, every use of a drone is likely a kill
- Cyberwar 3.0 targets
- Cyberwar 3.0 drones – features
- Other Cyberwar 3.0 attack scenarios
- Stop civil wars or North Korea (DPRK)
- The Aftermath of Cyberwar 3.0
- Defense against Cyberwar 3.0
- What’s the catch?
- Prevent unauthorized, remote use of weapons
- Make all weapons hacker-resistant – let’s hope the DoD read this memo
11. Countermeasures – Technical Solutions For Hacker-AI https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_11.pdf
- Solution Components
- (A) Making Developers Accountable (like medical doctors, lawyers, etc.)
- (B) White-/Gray-/Blacklisted Hashcodes
- (C) Separate Security-related from Regular Computations
- We create another layer for security-related features, i.e., independent, separately controlled – no commingling between security and regular software
- Security layer can detect suspicious anomalies
- (D) No Crypto-Key in cleartext – every key that “could” appear in CPU/RAM is compromised
- (E) Interguarding Multi-Unit Security
- (F) Automated Security – excluding users from making (covert) exceptions
12. Countermeasures – Understanding why they work https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_12.pdf
- Proposed Solutions Applied to Problems
- Software-related issues/solutions
- (1) Software is invisible but becomes (reliably) identifiable
- (2) Software is (not) covertly modifiable
- (3) Every tool/component could (still) be compromised, but we can stop it and know who did it
- Attacker-related issues/solutions
- (4) Attacker chooses methods and timing – but has no benefit from that
- (5) Attackers know more (about vulnerabilities) – but they won’t dare
- (6) Attackers can adapt to (known) methods of detection – but can’t bypass it
- (7) Attacker can (not) get away unidentified
- Defender-related issues/solutions
- (8) Some secrets are unreliable in defense – others can be made reliable
- (9) Defenders can (not) be compromised
- (10) Software output could still be faked (late), but we generate irrefutable evidence
- (11) Complexity is an enemy of security – we use/deploy simplified, dedicated systems for security
- Crypto-related issues/solutions
- (12) Crypto-Keys/Units are protected – crypto-misuse is detectable
- Software-related issues/solutions
- New Cybersecurity Paradigms
- (1) Do not trust CPU/OS
- (2) Regular local code validation
- (3) Software developers must be made trustworthy
- (4) Preventing key-cleartext disclosures
- (5) Establishing Multi-Unit-Security
- (6) Security execution/detection must be automated (no exceptions allowed)
13. Development of Hacker-AI Countermeasures https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_13.pdf
- Low-Level Security Separation (L2S2)
- Product Stages:
- Phase 1: basic Low-Level Security Separation (L2S2) – a redundant software solution that separates all security-relevant activities (with duplicated security features) from regular activities via quickly installable software security solutions
- Phase 2: hardware that supports basic L2S2 solutions – made available as a retrofit and as an additional security component for most devices, including many legacy devices
- Phase 3: technology that provides L2S2 support and security by default for new devices
- Some Feature Details:
- (1) Creating a local data inventory (software that needs protection)
- (2) Protected loading of app/scripts/hashcodes
- (3) Support for safe updates/installation of 3rd party software
- (4) Safe updates for existing L2S2 implementations
- (5) Independent L2S2 integrity checks
- Open-Source Expert Development Community could also educate developers
- Threat-Levels (TL)
- TL-0: No advanced threat from Hacker-AI
- TL-1: No evidence for Hacker-AI, but it is considered feasible
- TL-2: Internal (i.e., not public) declaration that Hacker-AI malware is likely out there
- TL-2-X or Emergency Level
- TL-3: General agreement that Hacker-AI was used in a cyberwar
- TL-4: Defeat – No chance of successful development of countermeasures
- Protection of Development
- (A) Preparation for late sabotage detection
- (B) Instant repair of damages
- (C) Hacker-AI impact reduction via “Digital-Clean-Rooms.”
- Protection of Manufacturing, Distribution, and Deployment
14. Too Late – Civil Defense in Cyberwar 2.0 https://www.nogostar.com/Book/Hacker_AI_Cyberwar_2.0_Chapter_14.pdf
- A nation like PRC prepares and then wages a Cyberwar 2.0 on Taiwan.
- PRC has invested in espionage, propaganda-based, damage-creating cyberwar weapons, and offensive malware-generating Hacker-AI and Cyberwar 2.0 capabilities.
- Taiwan (ROC) has a high density of smartphones/IT devices. Annexation of Taiwan by PRC is example of an offensive Cyberwar 2.0 (i.e., not damage-creating weapons)
- Preparation Goals/Measures for Cyberwar 2.0 Target
- (a) Facilitating Information/Intelligence Gathering
- Governments need reliable info on threats from intimidated people asap
- (b) Preservation of Structures and organizational missions
- Preventing government’s decapitation by (reduced) command and control
- Preservation of existing bureaucratic/security structures and hierarchies
- Increased organizational resilience against external influence or intimidation
- (c) Protection against painful economic disruptions/damages
- Reduction of economic disruption for defenders
- Prepared methods to slow down detrimental, accelerating beneficial decisions
- (d) Protected (unaltered) access to or communication with citizens
- Dependable announcement that a comprehensive cyberwar has started (CUCA: Country is Under Cyber-Attack)
- Establishing (reliable) methods of authorized information flow to all citizens
- (e) Maintaining capability for reliable actions during cyberwar (CWP-II) and its aftermath (CWP-III)
- Preparing a command/control backup (i.e., underground) for retaking governmental control – which is likely impossible
- (f) Protection of people
- Preventing arrests of innocent people in bureaucracy, security, or leadership – triggered by adversary.
- Protection of people who have given information despite threats
- Generally suggested methods/rules or behavior
- (a) Facilitating Information/Intelligence Gathering
- Preparations for Not-Directly Targeted Countries
- Objectives for countries not specifically targeted by Cyberwar 2.0 after confirmation:
- (1) Increasing all security and defense measures to prevent that country becomes another victim of Cyberwar 2.0.
- (2) Creating and protecting a safe environment to develop, manufacture, distribute, and deploy countermeasures
- Objectives for countries not specifically targeted by Cyberwar 2.0 after confirmation:
- Software-related updates should be urgently developed to improve cybersecurity to create an incorruptible security layer below the operating system.
- We need proactive security measures instead of reactive ones.
- All security technologies must be open-source and constantly audited and scrutinized. A dedicated open-source expert/developer community should focus on developing countermeasures against malicious software.
- Cybersecurity professionals should advise on security issues and refrain from creating exceptions.
- Software developers must be accountable for ethical rules; excuses are not enough to avoid responsibility.
- It’s not too late to implement better security measures, and individuals with resources should act quickly to make a difference.