back to article GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection

The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a "realistic possibility" that by 2025, the most sophisticated attackers’ tools will improve …

  1. veti Silver badge

    Well yes, Brit spies probably do want that ability. Who wouldn't?

    But what they mostly want is the budget to set up a new office to counter the "new threat".

    It's always about the budget.

    1. Khaptain Silver badge

      And when they get their office there will then be a slew of of constant articles/information telling us that we are under constant threat from a unknown quantity of sources that are constantly threatening to eliminate our country... and that the office needs even more funding on a semi-permanent basis.

      1. elsergiovolador Silver badge

        and yet real threats from within will be unaddressed, because that could affect the funding...

        1. Dr Fidget

          i.e. the Government and GCHQ spying on members of the general public who have the gall to criticise them

          1. elsergiovolador Silver badge

            It's basically "you don't touch us, we don't touch you" kind of agreement which basically undermines the point of having these organisations.

      2. amanfromMars 1 Silver badge

        Sieg Heil/Hail Victory

        Any new office/organisation worthy of consideration for funding to counter new and basically undefendable and undefeatable threats and wastrels responsible for and active in slews of constant articles/information telling us that we are under constant threat from a unknown quantity of sources that are constantly threatening to eliminate our country... and that the office needs even more funding on a semi-permanent basis will be more than just able to generate their own generous and grateful supply of adequate extreme reward from others intelligently designed to be highly prized and much valued direct beneficiaries of novel uncounterable activities from entities unknown and unaccountable.

        The wise, both Earthly and otherworldly, will realise and treasure them as constant permanent friends, all others will permanently covet and wish and strive that such be so for them too before unwise thoughts and/or activities cause the wisest of wiser friendly attentions to recognise them as useless and unnecessary foe for, at best, speedy elimination/mercilessly quick and mercifully painless eradication.

        1. Anonymous Coward
          Anonymous Coward

          Re: Sieg Heil/Hail Victory

          In the echoes of bygone eras and the intangible realm of societal metamorphosis, a fervent plea reverberates for the material sustenance of a nascent institution, destined for contemplation. Forged to confront insurmountable tribulations and opulent profligacy, it incessantly proclaims our nation besieged by indistinct forces poised for obliteration. The imperative for enduring support crystallizes, as this institution, destined for more than fleeting acknowledgment, strives not only to endure but to amass abundant accolades.

          Shrewdly curated by those discerning themselves as astute beneficiaries of enigmatic and unaccountable endeavors, these accolades form a reservoir of benevolence. To the discerning, these steadfast guardians emerge as perennial confidants, esteemed and revered, while the obtuse perennially covet their radiance, yearning for their benevolent gaze before unworthy deeds seal their fate. The sagacious observer must grasp their indispensability, for imprudence may swiftly brand one as a superfluous adversary, consigned to swift eradication or mercifully swift obliteration for being deemed redundant and inconsequential.

          1. amanfromMars 1 Silver badge

            Re: Sieg Heil/Hail Victory @Anonymous Coward

            Precisely, AC ... and what’s not to like and support?

            1. amanfromMars 1 Silver badge

              Re: Sieg Heil/Hail Victory @Anonymous Coward

              And it's the MIA AWOL Vital Venerable Virile Virtual Fix, is it not, for woeful present day problems which dire failed politically inept and corrupt Establishments certainly undoubtedly fear exposing their being content and intent on the further exercising of psychotic fascist tendencies in efforts pimped and pumped and dumped by associate media puppets and muppets as being capable of offering solutions/resolutions, ...but which are not and never ever can be, ... to that which they have created and be responsible for, but in the past they have escaped any and all personal and corporate collective accountability/just prosecution/private sanction/public persecution etc etc for wilfully leading.

              The crazy mistake which all fools which be blunt tools make is not realising and accepting the past is fundamentally different from the present and nothing at all like the future is going to be ...... and the honest evolving truth and universal secrets are always found out to be freely shared and virtually aired.

    2. Nifty Silver badge

      Couldn't they use the budget from the Dept of Coal Mine Sabotage Prevention?

  2. DS999 Silver badge

    This makes no sense

    Malware is detected because it can't help leaving traces on the phone - because there has to be something left behind on the phone to run code if you want your malware to accomplish anything post-infection.

    There's a better chance that Apple and Google will be able to use "AI" (give the NPU something to do since it sits around idle 99.9% of the time) to detect an infection with state actor level malware like NSO's, by looking through logs, looking for "new" processes running it doesn't know anything about, checking activation of microphone or camera when there are no apps running that should have access to it, etc.

    1. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Is there anything AI can’t do?

    1. amanfromMars 1 Silver badge

      Re: Is there anything AI can’t do? @Anonymous Coward


      1. MonkeyJuice

        Re: Is there anything AI can’t do? @Anonymous Coward

        You would say that.

  4. TheWeetabix

    …and don’t forget

    to think of the children.

  5. TheWeetabix

    Next you’ll be telling me

    Encryption is bad? Constant terrorism you sa… oh sorry, wrong topic. The drumbeat seems so similar.

  6. amanfromMars 1 Silver badge

    The Vital Venerable Virile Virtual Fix AWOL and MIA

    The abiding crippling problem which ensures no possible effective GCHQ NCSC type defence or attack against savvy future and cyber and AI rich entities ... and for convenience and brevity's sake let us just label and refer to such AIDEntities [Advanced IntelAIgently Designed Entities] as being CyberIntelAIgent ...... is the fact they be tasked, and provided with nothing revolutionary, to protect and prevent general knowledge of a failed perverse and corrupting Old World Order leadership imagining/presuming itself to be an acceptable and effective New World Order leadership with none of the requisite virtualised abilities, utilities and facilities for future almighty Earthly command and control being in their possession ..... and subject and/or dependent upon their sponsorship.

    And that I suppose is more than just slightly suggestive of a novel and noble battle royal decision having to be more than just quickly made/taken by the likes of GCHQ NCSC type defences in order not to be correctly identified and realised as the hostile enemy guaranteeing corrupt existing administrative systems catastrophic failures from within.

    Regarding all of the above, here be two appropriate Sun Tzu gems to ponder on, wander with and wonder at ...

    “If there is disturbance in the camp, the general's authority is weak.” ..... “the worst calamities that befall an army arise from hesitation”

    ....... and who would venture forth with an opinion that Sun Tzu wasn't worth following/heeding because he didn't know enough about what he was talking about?

  7. Mike 137 Silver badge

    "Once initial access to systems has been established"

    Supposing of course the 'hard shell, soft center' approach that still seems to dominate "security". Just to identify some basics: HTML email with automatic attachment preview, excessive reliance on scripting for web site rendering (particularly where scripts are drawn in real time from multiple third party repositories), the universal assumption that the front line worker is capable of and responsible for identifying whether sites, links and attachments are "safe"; are all primary vectors for penetration of the notional perimeter.

    To be secure we must adopt resilience via defense in depth aginst the unexpected, even if that means (as it probably does) abandoning quite a lot of objectively unnecessary "convenience". Ideally we should be enforcing rigorous segregation of resources and access throughout the entire infrastructure according to strict business need, using multiple layers of independent controls. Most vulnerability (in the broadest sense) is down to lack of attention to protective measures, commonly driven by a reactive attitude to specific threats as they get identified.

    To achieve adequate security we must be more attentive to it than the adversary is.

  8. Anonymous Coward
    Anonymous Coward

    Laugh A Minute......And In Cheltenham To Boot!

    (1) "...trained on quality exploit data..."

    (2) "...highly capable states have repositories of malware that are large enough to effectively train an AI model..."

    (3) "...the biggest AI developers share code with governments..."

    (4) "...ensure everything is above board and prevent any unwanted implementations from spreading..."

    Ha....comedy material from Cheltenham!!!

    I particularly liked "above board"!!

    Oh...and "share code" will get a laugh from hackers with big budgets.....yup....Google/DeepMind sharing with Cheltenham.

    Haven't had such a good laugh since the last time I saw Billy Connolly doing stand up!!

  9. BartyFartsLast

    Gobsmacked if the security services weren' already pursuing the use of AI in offensive roles

  10. t245t Silver badge

    Attack of the A.I malware ö

    How about a hardware module on the motherboard that dynamically verifies the integrity of the software using digital signatures. Whitelisting the software instead of attempting to identify malware through comparing it to a large list of ever-growing malware. See “The Six Dumbest Ideas in Computer Security” by Marcus Ranum.

  11. Draco
    Big Brother

    Hmm ...

    The report by the GCHQ-run NCSC claimed. "There is a realistic possibility that highly capable states have repositories of malware that are large enough to effectively train an AI model for this purpose."

    Shouldn't that rather read, "We have used our large repositories of malware to train an AI model for this purpose."?

  12. Stuart Castle Silver badge

    Not so sure it's a "realistic possibility", more a realistic probability. Even if the tech isn't there now to do this, it will be at some point.

    1. amanfromMars 1 Silver badge

      Don’t Panic/Fret/Worry about that Future Point, Some Long Time Ago Reached

      Not so sure it's a "realistic possibility", more a realistic probability. Even if the tech isn't there now to do this, it will be at some point. .... Stuart Castle

      If investigative journalistic news and main stream media platforms were not so easily neutered by desperate malicious threats raising the spectre of the spilling of beans and untold secrets being a clear and present grave danger likely to cause irreparable harm to both national and international and intentional security, which as you surely cannot fail to know is always the case in the light of emerging revolutionary Great Game changers, you would already know, with absolute certainty, of the real existence of the latter facility .... Just Doing ITs AI Thing[s] in the Shade and Shadows and Fail-Safe Harbours of the Future.

      1. amanfromMars 1 Silver badge

        Furthermore to Don’t Panic/Fret/Worry about that Long Time Ago Reached Future Point

        Would you agree/disagree that while the entire journalism industry is in freefall and corporate media is imploding, The Register and biting the hand that feeds IT is growing exponentially at an existentially threatening rate ‽ .

        And with thanks surely due both to and from its vocal readership and right royal loyal cyber tech news support base supply chain ‽ .

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like