State-backed cyberattacks, AI deepfakes, and more: Experts reveal UK election cyber threats
Disinformation is expected to be among the top cyber risks for elections in 2024.
Andrew Brookes | Image Source | Getty Images
Britain is expected to face a barrage of state-backed cyber attacks and disinformation campaigns as it heads to the polls in 2024 — and artificial intelligence is a key risk, according to cyber experts who spoke to CNBC.
Brits will vote on May 2 in local elections, and a general election is expected in the second half of this year, although British Prime Minister Rishi Sunak has not yet committed to a date.
The votes come as the country faces a range of problems including a cost-of-living crisis and stark divisions over immigration and asylum.
“With most U.K. citizens voting at polling stations on the day of the election, I expect the majority of cybersecurity risks to emerge in the months leading up to the day itself,” Todd McKinnon, CEO of identity security firm Okta, told CNBC via email.
It wouldn’t be the first time.
In 2016, the U.S. presidential election and U.K. Brexit vote were both found to have been disrupted by disinformation shared on social media platforms, allegedly by Russian state-affiliated groups, although Moscow denies these claims.
State actors have since made routine attacks in various countries to manipulate the outcome of elections, according to cyber experts.
Meanwhile, last week, the U.K. alleged that Chinese state-affiliated hacking group APT 31 attempted to access U.K. lawmakers’ email accounts, but said such attempts were unsuccessful. London imposed sanctions on Chinese individuals and a technology firm in Wuhan believed to be a front for APT 31.
The U.S., Australia, and New Zealand followed with their own sanctions. China denied allegations of state-sponsored hacking, calling them “groundless.”
Cybercriminals utilizing AI
Cybersecurity experts expect malicious actors to interfere in the upcoming elections in several ways — not least through disinformation, which is expected to be even worse this year due to the widespread use of artificial intelligence.
Synthetic images, videos and audio generated using computer graphics, simulation methods and AI — commonly referred to as “deep fakes” — will be a common occurrence as it becomes easier for people to create them, say experts.
“Nation-state actors and cybercriminals are likely to utilize AI-powered identity-based attacks like phishing, social engineering, ransomware, and supply chain compromises to target politicians, campaign staff, and election-related institutions,” Okta’s McKinnon added.
“We’re also sure to see an influx of AI and bot-driven content generated by threat actors to push out misinformation at an even greater scale than we’ve seen in previous election cycles.”
The cybersecurity community has called for heightened awareness of this type of AI-generated misinformation, as well as international cooperation to mitigate the risk of such malicious activity.
Top election risk
Adam Meyers, head of counter adversary operations for cybersecurity firm CrowdStrike, said AI-powered disinformation is a top risk for elections in 2024.
“Right now, generative AI can be used for harm or for good and so we see both applications every day increasingly adopted,” Meyers told CNBC.
China, Russia and Iran are highly likely to conduct misinformation and disinformation operations against various global elections with the help of tools like generative AI, according to Crowdstrike’s latest annual threat report.
“This democratic process is extremely fragile,” Meyers told CNBC. “When you start looking at how hostile nation states like Russia or China or Iran can leverage generative AI and some of the newer technology to craft messages and to use deep fakes to create a story or a narrative that is compelling for people to accept, especially when people already have this kind of confirmation bias, it’s extremely dangerous.”
A key problem is that AI is reducing the barrier to entry for criminals looking to exploit people online. This has already happened in the form of scam emails that have been crafted using easily accessible AI tools like ChatGPT.
Hackers are also developing more advanced — and personal — attacks by training AI models on our own data available on social media, according to Dan Holmes, a fraud prevention specialist at regulatory technology firm Feedzai.
“You can train those voice AI models very easily … through exposure to social [media],” Holmes told CNBC in an interview. “It’s [about] getting that emotional level of engagement and really coming up with something creative.”
In the context of elections, a fake AI-generated audio clip of Keir Starmer, leader of the opposition Labour Party, abusing party staffers was posted to the social media platform X in October 2023. The post racked up as many as 1.5 million views, according to fact correction charity Full Fact.
It’s just one example of many deepfakes that have cybersecurity experts worried about what’s to come as the U.K. approaches elections later this year.
Elections a test for tech giants
Deep fake technology is becoming a lot more advanced, however. And for many tech companies, the race to beat them is now about fighting fire with fire.
“Deepfakes went from being a theoretical thing to being very much live in production today,” Mike Tuchen, CEO of Onfido, told CNBC in an interview last year.
“There’s a cat and mouse game now where it’s ‘AI vs. AI’ — using AI to detect deepfakes and mitigating the impact for our customers is the big battle right now.”
Cyber experts say it’s becoming harder to tell what’s real — but there can be some signs that content is digitally manipulated.
AI uses prompts to generate text, images and video, but it doesn’t always get it right. So for example, if you’re watching an AI-generated video of a dinner, and the spoon suddenly disappears, that’s an example of an AI flaw.
“We’ll certainly see more deepfakes throughout the election process but an easy step we can all take is verifying the authenticity of something before we share it,” Okta’s McKinnon added.
Microsoft Chairman and CEO Satya Nadella speaks during the Microsoft May 20 Briefing event at Microsoft in Redmond, Washington, on May 20, 2024. Nadella unveiled a new category of PC on Monday that features generative artificial intelligence tools built directly into Windows, the company’s world leading operating system.
Jason Redmond | AFP | Getty Images
Microsoft on Wednesday announced a tier of its Copilot assistant for corporate users with a consumption-based pricing model. The new Microsoft 365 Copilot Chat option represents an alternative to the Microsoft 365 Copilot, which organizations have been able to pay for based on the number of employees with access to it.
The introduction shows Microsoft’s determination to popularize generative artificial intelligence software in the workplace. Several companies have adopted the Microsoft 365 Copilot since it became available for $30 per person per month in November 2023, but one group of analysts recently characterized the product push as “slow/underwhelming.”
Copilot Chat can be an on-ramp to Microsoft 365 Copilot, with a lower barrier to entry, Jared Spataro, Microsoft’s chief marketing officer for AI at work, said in a CNBC interview this week. Both offerings rely on artificial intelligence models from Microsoft-backed OpenAI.
Copilot Chat can fetch information from the web and summarize text in uploaded documents, and people using it can create agents that perform tasks in the background. It can enrich answers with information from customers’ files and third-party sources.
Unlike Microsoft 365 Copilot, Copilot Chat can’t be found in Office applications such as Word and Excel. People can reach Copilot Chat starting today in the Microsoft 365 Copilot app for Windows, Android and iOS. The app is formerly known as Microsoft 365 (Office). It’s also available from the web at m365copilot.com, a spokesperson said.
Some management teams have resisted paying Microsoft to give the 365 Copilot to thousands of employees because they weren’t sure how helpful it would be at the $30 monthly price. Costs will vary for the Copilot Chat depending on what employees do with it, but at least organizations won’t end up paying for nonuse.
“As one customer said to me, this model lets the business value prove itself,” Spataro said.
Microsoft tallies up charges for Copilot Chat based on the tally of “messages” that a client uses. Each “message” costs a penny, according to a blog post. Responses that draw on the client’s proprietary files cost 30 “messages” each. Every action that an agent takes on behalf of employees costs 25 “messages.”
“We’re talking a cent, 2 cents, 30 cents, and that is a very easy way for people to get started,” Spataro said.
Salesforce charges $2 per conversation for its Agentforce AI chat service, where employees can set up automated sales and customer service processes.
The number of people using Microsoft 365 Copilot every day more than doubled quarter over quarter, CEO Satya Nadella said in October, although he did not disclose how many were using it. But sign-ups have been mounting. UBS said in October that it had 50,000 Microsoft 365 Copilot licenses, and in November, Accenture committed to having 200,000 users of the tool.
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports9 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway