No Go * (Star)

Book: 2028

“2028 – Hacker-AI and Cyberwar 2.0+”

Securing our Future: Proactive Resilience through Separated Security Measures

You can access here the entire book – for free.

AI-assisted Hacking (or Hacker-AI) is discussed for its use in Cyberwar and Cybercrime. It would be pure madness if we would let that happen. Cybersecurity paradigms must be modified and updated so that we have a chance to deal with threats from the use of AI in generating malware.

The solution is discussed in the following 3 chapters:

If you disagree, let me know: 2028 [at] If you agree, share this page.

Also, if you like this book, please consider buying a paperback/hardcopy or support this effort via Patreon




I have segmented the book into 1 file per chapter.

About Book/Author

  • Current cybersecurity and its paradigms are insufficient when AI is used by cyber-attacker. AI-assisted hacking is much faster, more flexible, and less detectable than tools from the most knowledgeable human hacker using today’s best attack tools.
  • We must stop malware-based cyberwar and cybercrime with proactive, preventative, redundant tools that give defenders sustainable advantages. This book is a step in that direction.
  • The Author, Erland Wittkotter, Ph.D., took a fresh from outside. He started this privately funded AI/ASI safety research in late 2019. As a mathematician with a Ph.D. in theoretical physics, most of his career, he was an entrepreneur working in tech. His interests include data architecture, AI, cryptography, cybersecurity, and understanding low-level computer features (CPU, OS Kernel, Databus/USB, etc.). Besides system programming in C/C++, he did Reverse Code Engineering (RCE) as a hobby hacker for about 30 years. As a software developer, he has a passion for Python, giving him hands-on experience with machine learning/AI concepts.
  • His approach: simple, reliable anomaly detection, “low-level” – unnoticeable for users and most developers – non-bypassable by attackers. We must apply the same security measures in AI/AGI/ASI safety. We should not forget: AI/AGI/ASI can never be trusted when computer vulnerabilities can be exploited covertly. We should not waste time. Hopefully, it’s not too late.

Preface, Introduction:

  • Main Takeaways
    • Hacker-AI is AI-assisted hacking (or AI-power or AI-driven hacking). Reason for this term: emphasizing AI’s role in the hacking. It can assist humans, but AI could also have a more active or independent role as an automated tool or resource used by the human hacker.
    • Computer vulnerabilities result from software complexity;  current OS security is insufficient to protect our devices.
    • Software can be modified covertly; tools cannot be trusted. Attackers vanish unidentified. Secrets are unreliable in defense. Defenders can be turned into traitors.
    • Hacker-AI generates undetectable and irremovable malware. It is uncertain who will develop and use it.
    • Hacker-AI-generated malware can steal data (keys), surveil at a mass scale, covertly communicate among user devices, and design/execute misdirection/deception campaigns.
    • Cyberwar 2.0 uses Hacker-AI to overthrow governments in targeted countries (less costly than conventional warfare). It could be used in China annexing Taiwan or the US assisting the Russian opposition in transitioning to a post-Putin country.
    • Although the experience of being in a Cyberwar 2.0 cannot be compared to the horrors of conventional wars, long-term consequences for people’s freedom and life are severe.
    • Cybercrime 2.0 includes disrupting eCommerce, money laundering, manipulating law enforcement, and even cyber jailbreaks where malware taints or creates confusion with evidence.
    • Proposed technical solutions for Hacker-AI include developer accountability, hashcodes/ whitelisting, and separating security from regular tasks. New cybersecurity paradigms are suggested; we need quick low-level security separation (L2S2) and an (open-source) expert development community.

1. Why do we have Vulnerabilities in our Computers?

  • Acknowledging Complexity
    • Complexity is the enemy of security
  • Who is Responsible for Vulnerabilities?
    • Attackers, developers, system designers, or users?
  • Layers and Components
    • When it helps developers, then it helps also attackers/hackers
  • Could OS Security be Strong Enough to Protect Devices?
    • Can we trust Apple’s (Lockdown) security?

2. Digging Deeper into Computer Vulnerabilities

  • Overview – reasons for vulnerabilities:
    • (1) Software is invisible
    • (2) Software is covertly modifiable
    • (3) Every tool/component could be compromised” or “Any app can be made dangerous
    • (4) Attacker chooses methods and timing”. Attackers have the first-mover advantage
    • (5) Attackers know more (about vulnerabilities)
    • (6) Attackers can adapt to (known) methods of detection (quickly)
    • (7) Attackers can get away unidentified
    • (8) Secrets are unreliable in defense
    • (9) Defenders can be compromised
    • (10) Software output could be faked (late)
    • (11) Complexity is an enemy of security
    • (12) Crypto-Keys/Units are unprotected
  • (Current) Cybersecurity Paradigms are:
    • (1) Do not trust CPU/OS – but still use it (no choice)(2) Blacklists of threats are sufficient(3) Software developers are not trusted partners(4) Single-Unit-Security
  • Institutional Resistance Against Better Security

3. Hacker-AI, Cyber Ghosts, and Cyber Devils

  • Hackers are Challenged  – Hacking is difficult and time-consuming
    • But: Automation and AI reduce the barrier to entry
  • Who will Develop and Use Hacker-AI
  • Software/Application Environments (as easy targets)
  • Undetectable Cyber Ghosts and Irremovable Cyber Devils
  • Hacker-AI Types (Type-I/-II)
  • Blindspots – even Hacker-AI has limits

4. Hacker-AI – Basic Features and Consequences

  • Overview of Feature Categories for Attacker Tools:
    • Preparation Tools – Information Gathering
    • Attack Tools – starting Hostilities
    • Attack Exploitation
    • Fortification/Protection of Position
    • Miscellaneous: Misdirection, Decision-/Planning Layer
  • Preparation – Information Gathering via
    • 1. Tech Library (getting details on all technologies)
    • 2. Cyber Reconnaissance (Info on all devices/targets)
    • 3. Tech-Simulator (extracting and testing exploits – before using it)
  • Attack Tools for Starting Hostilities
    • 4. Cyber Beachhead Planner (tools/exploits to get on devices – best: covert/click-free)
    • 5. Rights- or Permission-Elevation (exploits to get sys-admin rights – then do anything)
    • 6. Cyber Cradle Builder (effective hiding malware unpredictable)
    • 7. Cyber Whisperer (reliable backdoor usage and stealth piggybacking/communication)
  • Exploitation
    • 8. Cyber Masterthief (stealing data: user credentials, crypto-keys)
    • 9. Cyber Freeloader (utilizing other device apps, resources, and features, i.e., living off the land)
    • 10. Cyber Covert/Shadow Recorder (surveillanceware that stores from multiple devices pre-processed (aggregated) relevant intelligence about users – reducing load on attacker’s servers)

5. Hacker-AI – Advanced Features and Considerations

  • Fortification/Protection of Position (i.e., waiting for being used later)
    • 11. Cyber Ghost (undetectable software – avoiding any trace to show its presence)
    • 12. Cyber Devil (irremovable malware fights late-comers for exclusive use of devices – then: resistance is futile)
    • 13. Covert/Private Backdoor Facilitator (restricting access to a backdoor to their original owners/ creators using asymmetric encryption)
  • Misdirection/ Decision Layer
    • 14. Cyber Patsy Designer (tool to create “evidence” or diversions to have humans stop investigating suspicious problems arising from Hacker-AI or Cyberwar 2.0; only amateurs are caught)
    • 15. Attack Synchronization/Management (managing command and control of an attack – comprehensive/remote Cyberwar planning/operation)
  • Final Thoughts on Hacker-AI feature details
    • State-actors/leaders need to consider: who and how to control the AI operators?

6 War, Cyberwar and Hacker-AI

  • War is Politics with other means – the goals of war …
  • What is Cyberwar 1.0
    • Cyberwar 1.0 is damage-generating malware and digital propaganda
  • What is Cyberwar 2.0 .
    • Cyberwar 2.0 decapitates a country’s government or civil society – regime change
    • 2.0 uses the following capabilities:
      • (1) Surveillance
      • (2) Selective access denial (denying digital services to specific people)
      • (3) Directly intimidating people (psyops)
      • (4) Realtime Deep-Fakes, redefining truth, news-generation/rumors
      • (5) Reduction of costly consequences of a typical war.
      • (6) Misdirection.
    • Hacker-AI and cyberwar requirements
      • (i) hiding activities from the main OS
      • (ii) hide/change its attacking code/configuration against advanced detection/forensics, and
      • (iii) receive/request covert instructions from the outside on what to do
      • (iv) (potentially): connect with neighbors in occupied networks to share data, or explore more unoccupied devices
    • Cyberwar is a consequence of Hacker-AI
    • What is detectable in Cyberwar 2.0?
    • Simulation of Cyberwar 2.0 activities

7. Cyberwar 2.0 – A New Frontier in Warfare

  • Cyberwar 2.0 – Phases
    • CWP-I (Pre-War or Preparation)
    • CWP-II (Actual War)
      • No textbook case can help us to define when a (real) cyberwar starts or ends
      • We define: Cyberwar 2.0 begins when the assailing country infringes via coordinated cyberattacks on the sovereign rights within the targeted country’s territory
      • Cyberwar 2.0 ends with establishing a new puppet government controlled by the assailant
    • CWP-III (Post-War or Aftermath)
  • Comparing Cost of War: Conventional vs. Cyberwar 2.0
    • The first mover in a Cyberwar 2.0 most likely wins
  • Where could Cyberwar 2.0 Happen?
    • USA Using It Against …
    • China is Using It Against Taiwan
    • Rogue Actors Providing “Regime-Change as a Service”

8. How is it to be in a Cyberwar 2.0

  • Public View
  • Intimidated Clerks and Officials.
  • Security Officers as Unwilling Tools
  • Governments Receiving Intelligence and Preparing
  • Assailants Preparing and Executing an Attack

9. Cybercrime 2.0 – Scenarios

  • Where could we Expect Cybercrime 2.0
  • (1) Cyber Masterthiefs and Disruptors of eCommerce
  • (2) Money Laundry 2.0
  • (3) Manipulating Law Enforcement – (Cyber-Jailbreak?)
  • (4) On-/Offline Identity Management
  • (5) Cyberwar 2.0 as a Service

10. Cyberwar 3.0 – Start of a Solution

  • What is Cyberwar 3.0
    • Cyberwar 3.0 is a war against weapons – using non-lethal, autonomous microdrones
    • It’s a future war scenario in which humans do not belong on the battlefield
    • Without non-lethal weapons, every use of a drone is likely a kill
  • Cyberwar 3.0 targets
  • Cyberwar 3.0 drones – features
  • Other Cyberwar 3.0 attack scenarios
    • Stop civil wars or North Korea (DPRK)
  • The Aftermath of Cyberwar 3.0
  • Defense against Cyberwar 3.0
  • What’s the catch?
    • Prevent unauthorized, remote use of weapons
    • Make all weapons hacker-resistant – let’s hope the DoD read this memo

11. Countermeasures – Technical Solutions For Hacker-AI

  • Solution Components
    • (A) Making Developers Accountable (like medical doctors, lawyers, etc.)
    • (B) White-/Gray-/Blacklisted Hashcodes
    • (C) Separate Security-related from Regular Computations
      • We create another layer for security-related features, i.e., independent, separately controlled – no commingling between security and regular software
      • Security layer can detect suspicious anomalies
    • (D) No Crypto-Key in cleartext – every key that “could” appear in CPU/RAM is compromised
    • (E) Interguarding Multi-Unit Security
    • (F) Automated Security – excluding users from making (covert) exceptions

12. Countermeasures – Understanding why they work

  • Proposed Solutions Applied to Problems
    • Software-related issues/solutions
      • (1) Software is invisible but becomes (reliably) identifiable
      • (2) Software is (not) covertly modifiable
      • (3) Every tool/component could (still) be compromised, but we can stop it and know who did it
    • Attacker-related issues/solutions
      • (4) Attacker chooses methods and timing – but has no benefit from that
      • (5) Attackers know more (about vulnerabilities) – but they won’t dare
      • (6) Attackers can adapt to (known) methods of detection – but can’t bypass it
      • (7) Attacker can (not) get away unidentified
    • Defender-related issues/solutions
      • (8) Some secrets are unreliable in defense – others can be made reliable
      • (9) Defenders can (not) be compromised
      • (10) Software output could still be faked (late), but we generate irrefutable evidence
      • (11) Complexity is an enemy of security – we use/deploy simplified, dedicated systems for security
    • Crypto-related issues/solutions
      • (12) Crypto-Keys/Units are protected – crypto-misuse is detectable
  • New Cybersecurity Paradigms
    • (1) Do not trust CPU/OS
    • (2) Regular local code validation
    • (3) Software developers must be made trustworthy
    • (4) Preventing key-cleartext disclosures
    • (5) Establishing Multi-Unit-Security
    • (6) Security execution/detection must be automated (no exceptions allowed)

13. Development of Hacker-AI Countermeasures

  • Low-Level Security Separation (L2S2)
  • Product Stages:
    • Phase 1: basic Low-Level Security Separation (L2S2) – a redundant software solution that separates all security-relevant activities (with duplicated security features) from regular activities via quickly installable software security solutions
    • Phase 2: hardware that supports basic L2S2 solutions – made available as a retrofit and as an additional security component for most devices, including many legacy devices
    • Phase 3: technology that provides L2S2 support and security by default for new devices
  • Some Feature Details:
    • (1) Creating a local data inventory (software that needs protection)
    • (2) Protected loading of app/scripts/hashcodes
    • (3) Support for safe updates/installation of 3rd party software
    • (4) Safe updates for existing L2S2 implementations
    • (5) Independent L2S2 integrity checks
  • Open-Source Expert Development Community could also educate developers
  • Threat-Levels (TL)
    • TL-0: No advanced threat from Hacker-AI
    • TL-1: No evidence for Hacker-AI, but it is considered feasible
    • TL-2: Internal (i.e., not public) declaration that Hacker-AI malware is likely out there
    • TL-2-X or Emergency Level
    • TL-3: General agreement that Hacker-AI was used in a cyberwar
    • TL-4: Defeat – No chance of successful development of countermeasures
  • Protection of Development
    • (A) Preparation for late sabotage detection
    • (B) Instant repair of damages
    • (C) Hacker-AI impact reduction via “Digital-Clean-Rooms.”
  • Protection of Manufacturing, Distribution, and Deployment

14. Too Late – Civil Defense in Cyberwar 2.0

  • Situation/Scenario
    • A nation like PRC prepares and then wages a Cyberwar 2.0 on Taiwan.
    • PRC has invested in espionage, propaganda-based, damage-creating cyberwar weapons, and offensive malware-generating Hacker-AI and Cyberwar 2.0 capabilities.
    • Taiwan (ROC) has a high density of smartphones/IT devices. Annexation of Taiwan by PRC is example of an offensive Cyberwar 2.0 (i.e., not damage-creating weapons)
  • Preparation Goals/Measures for Cyberwar 2.0 Target
    • (a) Facilitating Information/Intelligence Gathering
      • Governments need reliable info on threats from intimidated people asap
    • (b) Preservation of Structures and organizational missions
      • Preventing government’s decapitation by (reduced) command and control
      • Preservation of existing bureaucratic/security structures and hierarchies
      • Increased organizational resilience against external influence or intimidation
    • (c) Protection against painful economic disruptions/damages
      • Reduction of economic disruption for defenders
      • Prepared methods to slow down detrimental, accelerating beneficial decisions
    • (d) Protected (unaltered) access to or communication with citizens
      • Dependable announcement that a comprehensive cyberwar has started (CUCA: Country is Under Cyber-Attack)
      • Establishing (reliable) methods of authorized information flow to all citizens
    • (e) Maintaining capability for reliable actions during cyberwar (CWP-II) and its aftermath (CWP-III)
      • Preparing a command/control backup (i.e., underground) for retaking governmental control – which is likely impossible
    • (f) Protection of people
      • Preventing arrests of innocent people in bureaucracy, security, or leadership – triggered by adversary.
      • Protection of people who have given information despite threats
    • Generally suggested methods/rules or behavior
  • Preparations for Not-Directly Targeted Countries
    • Objectives for countries not specifically targeted by Cyberwar 2.0 after confirmation:
      • (1) Increasing all security and defense measures to prevent that country becomes another victim of Cyberwar 2.0.
      • (2) Creating and protecting a safe environment to develop, manufacture, distribute, and deploy countermeasures

Final Thought

  • Software-related updates should be urgently developed to improve cybersecurity to create an incorruptible security layer below the operating system.
  • We need proactive security measures instead of reactive ones.
  • All security technologies must be open-source and constantly audited and scrutinized. A dedicated open-source expert/developer community should focus on developing countermeasures against malicious software.
  • Cybersecurity professionals should advise on security issues and refrain from creating exceptions.
  • Software developers must be accountable for ethical rules; excuses are not enough to avoid responsibility.
  • It’s not too late to implement better security measures, and individuals with resources should act quickly to make a difference.