How machine learning is changing identity theft detection

Published September 17, 2019   |   

In the wake of several high-profile data breaches, companies, governments, and cybersecurity experts are calling for a more proactive approach to data protection. Using machine learning and artificial intelligence, cybersecurity experts are detecting identity theft faster and more efficiently than ever before.

The state of cybersecurity in 2019

The Equifax hack in 2017 marked the beginning of a new era in data security. The sheer scope of the breach—with over 147.7 million Americans affected—embedded a sense of defeatism in data security. Many Americans have become apathetic to losing the privacy of their personal information, yet identity theft remains a $1.48 billion problem. But artificial intelligence (AI) is starting to change how we look at identity left.

Why we need artificial intelligence

The more connected we become, the more help we need to keep track of our information. The average email address in the US is connected to 130 individual user accounts across shopping, gaming, business, or banking websites. Any one of those accounts could include personal info like birth dates, credit card numbers, or social security numbers, and any individual company could be the target of a breach. With over 100 accounts per person, there’s far too much personal information floating around the web for any human-controlled security protocol to monitor and protect.

Machine learning uses algorithms to track and analyze huge collections of data. These programs “learn” by identifying and encoding patterns found in the data, improving their function over time. An AI-driven cybersecurity algorithm may be the only thing capable of sifting through the petabytes of information (think gigabytes, but in the millions) available on the dark web, the internet’s marketplace for stolen information.

AI-powered cybersecurity: how it works

Cybersecurity analysts are engaged in a constant arms race against identity thieves, hackers, and bad actors. And this arms race drives innovation on both sides. Staying ahead of threats requires the rapid development of counter-measures, which requires up-to-date and reliable data to create.

Cybersecurity teams are increasingly turning to AI to increase the speed and efficacy of their detection processes. The use of AI for this work breaks down to three phases: optimizing the data on the dark web, identifying key information, and developing early warning systems.

Phase 1: Sifting through the dark web

The dark web’s marketplaces for stolen data are only part of the picture; the dark web also stores millions of benign files that can confuse identity theft detection because they look like false leads. To dig through the dark web, AI algorithms are first trained to sift out these unneeded files. Many of these algorithms have a 99% accuracy rate or higher—and when a false positive does occur, an expert analyst can correct the AI and further refine its accuracy.

Phase 2: Threat identification

Once an AI system identifies what data is useful, the AI system can make connections between sales or conversations that occur on the dark web and the actual users behind the criminal activity. Marketplaces are used to exchange credit card info and “fullz”—a stolen identity that contains enough information for just about any form of identity theft. These marketplaces can pop up and vanish over just a few months or days, making them difficult to track.

As an AI system recognizes patterns in the dark web, it can form the basis of an anti-theft system. The MIT Lincoln Laboratory’s Artificial Intelligence Technology and Systems Group uses an AI that’s trained to link activity on the dark web to individual users by sniffing out miniscule similarities between usernames or the language used to sell the stolen information.

Phase 3: Early warning systems

A hack of a major company like Equifax or Marriott provides massive amounts of data for cybersecurity experts to examine after the breach, but researchers are beginning to look for patterns before a hack occurs.

Researchers at Kroll, a risk management firm specializing in cybersecurity, use AI to detect clusters of activity preceding a major breach. As bad actors begin distributing hacked information on the dark web, these AI algorithms can detect the upsurge in activity, allowing a large organization to protect compromised data before a full breach can happen.

AI-powered threats

Artificial intelligence technologies are not exclusive to cybersecurity firms, though. Machine learning tech is rapidly trickling down into the hands of bad actors who can use AI systems to capture personal information from vulnerable servers. A successful hacker wants to reach the maximum number of victims with minimal effort. This incentive to scale up an attack could drive many thieves to implement AI tools, which make short work out of large-scale problems.

AI tools are currently available as open-source software, allowing anyone to download and implement AI in a hacking routine. A motivated individual could find everything they need to train themselves in the use of AI, which makes the emergence of nefarious AI programs inevitable. A hacker might use an AI algorithm to shield their attack by replicating normal server traffic, or they might use it to design an adaptive computer virus that outpaces countermeasures.

Benevolent AI systems may also be vulnerable

Your identifying information is (more than likely) already in use by an AI. AI algorithms are plentiful in today’s world and are used for everything from your user profiles on music and video streaming sites to your ad profiles on social media. However, even benevolent AI tools are difficult to analyze.

While it’s clear that AI algorithms are effective, sometimes how an AI reaches a final decision is largely unknown. Even AI creators can’t often discern how an individual decision gets made by a complex AI—what’s known as a “black box” algorithm. This lack of visibility can make threat detection in an AI-powered system harder to map, and a hacker may soon be able to manipulate an AI’s decision process to reroute your data without human operators perceiving a threat.

How to protect your identity

Protecting your data in a post-AI world is a difficult problem to solve. The arms race in cybersecurity continues to accelerate, and AI algorithms have a habit of pushing down the gas pedal. The learning aspect of AI tools means they’re constantly improving at astounding rates. You can see the rapid increase by looking at how quickly facial recognition technology or “deepfake” algorithms have improved in the last few years.

That said, the scaling problem faced by hackers can give you an advantage when protecting your data. Identity thieves are looking for easy targets, and a few safety precautions could make your identity more trouble than it’s worth:

  • Step 1: Place a Security Freeze on Your Credit Score. A security freeze is a simple counter-measure that can prevent a would-be identity thief from opening new accounts in your name. You can file for one with Equifax, Experian, and TransUnion, the three major credit bureaus. Once a freeze is in place, your credit score will be given out only to institutions you already have a relationship with, like your bank.
  • Step 2: Sign Up for Identity Theft Protection. After several high-profile breaches in the last two years, it’s likely that your data is already out on the dark web. An identity theft protection service provides an additional layer of security, helping you respond faster to any unauthorized use of your identity by criminals. These services offer monitoring for your Social Security number and credit score along with insurance against loss in the event of an unavoidable breach.
  • Step 3: Follow the Security Basics. While the future of digital threats looks more and more complicated, following the basic steps to protect your identity still goes a long way. Use diverse and long passwords, stay away from untrusted websites, and regularly check your credit report. Take advantage of any free monitoring through your bank for suspicious activity to help catch fraudulent charges. You should protect any physical copies of your personal information, too, so keep your wallet or purse in a safe place and shred any sensitive documents when you throw them away.