Stephen Hawking is really worried about artificial intelligence

Stephen Hawking has warned artificial intelligence could wipe out mankind if we are not careful about it. Speaking at the launch of the Leverhulme Centre for the Future of Intelligence in Cambridge, the physicist said AI has the potential to develop a will of its own that could place it in direct conflict with humans, Terminator style.

However, he also said if we carry out enough research, it could also be used to eradicate disease and poverty. "I believe there is no deep difference between what can be achieved by a biological brain and what can be achieved by a computer. It therefore follows that computers can, in theory, emulate human intelligence – and exceed it," he said.

"Success in creating AI could be the biggest event in the history of our civilisation. But it could also be the last unless we learn how to avoid the risks.

"Alongside the benefits, AI will also bring dangers, like powerful autonomous weapons, or new ways for the few to oppress the many. It will bring great disruption to our economy. And in the future, AI could develop a will of its own – a will that is in conflict with ours.

"In short, the rise of powerful AI will be either the best, or the worst thing, ever to happen to humanity. We do not know which."

In his speech, he said the research being done at the Leverhulme Centre was imperative to the future of our species. "We spend a great deal of time studying history, which, let's face it, is mostly the history of stupidity," he said. "So it is a welcome change that people are studying instead the future of intelligence."

But this is not the first time Hawking has spoken out about the potential dangers of AI. Here are some of his previous comments on the subject.

January 2016

Ahead of his BBC Reith Lectures, Hawking said the biggest threats to humanity are ones we engineer ourselves: "We are not going to stop making progress, or reverse it, so we have to recognise the dangers and control them. I'm an optimist, and I believe we can."

October 2015

In a Reddit AMA, AI was a topic of focus for many users who wanted to know Hawking's thoughts on its future. Responding, he said: "The real risk with AI isn't malice but competence. A super-intelligent AI will be extremely good at accomplishing its goals, and if those goals aren't aligned with ours, we're in trouble.

"You're probably not an evil ant-hater who steps on ants out of malice, but if you're in charge of a hydroelectric green energy project and there's an anthill in the region to be flooded, too bad for the ants. Let's not place humanity in the position of those ants. Please encourage your students to think not only about how to create AI, but also about how to ensure its beneficial use."

October 2015

Hawking said computers could take over from humans in the next 100 years if we are not careful in an interview with Spanish newspaper El Pais. "Computers will overtake humans with AI at some point within the next 100 years," he said. "When that happens, we need to make sure the computers have goals aligned with ours."

December 2014

Following an upgrade to his communication system in 2014, Hawking was asked about the developments in AI. He said he was concerned about the potential for computers to become self-aware and turn on us.

"It would take off on its own, and re-design itself at an ever increasing rate. Humans, who are limited by slow biological evolution, couldn't compete, and would be superseded."

May 2014

Writing for the Independent, Hawking warned of an uncertain future regarding AI. "AI research is now progressing rapidly. Recent landmarks such as self-driving cars, a computer winning at Jeopardy! and the digital personal assistants Siri, Google Now and Cortana are merely symptoms of an IT arms race fuelled by unprecedented investments and building on an increasingly mature theoretical foundation. Such achievements will probably pale against what the coming decades will bring.

"One can imagine such technology outsmarting financial markets, out-inventing human researchers, out-manipulating human leaders, and developing weapons we cannot even understand. Whereas the short-term impact of AI depends on who controls it, the long-term impact depends on whether it can be controlled at all."

DNC hackers Fancy Bear targeted over 1,000 high-profile individuals between 9 to 5 office hours - ESET

The cyber gang called Sednit, also known by the names Fancy Bear, APT28, Pawn Storm and Sofacy, allegedly believed to be behind the controversial Democratic National Committee DNC hack, has been found to have targeted over a 1,000 high-profile individuals across the globe. Security researchers have also uncovered that the hacker group, which in the past has been linked to cyberattacks on the German parliament and a French TV network, has also targeted Nato officials, Ukrainian leaders and Russian dissidents, among others.

Researchers at cybersecurity firm ESET uncovered in part 1 of their research into the threat group in a paper titled "En Route with Sednit: Approaching the Target", that Sednit, which has been activesince 2004, has targeted nearly 1,888 individuals between 16 March and 14 September 2015.

The researchers also noted that most of Sednit's attacks occurred on Mondays or Fridays. The level of sophistication observed in the group's campaigns have led the researchers to agree with previous theories, which held that Fancy Bear is likely a state-sponsored hacking group.

The ESET researchers also uncovered that Sednit members appeared to be active during a specific time of day, coinciding with normal office hours. "Interestingly, the distribution of the hours matches the working hours from 9 am to 5 pm in UTC+3 time zone, with sometimes some activity in the evening," the researchers said.

Sednit used phishing emails, malware-infected fake websites and more

Sednit was found to be using phishing emails to steal targets' credentials. Targets were sent phishing emails, which would redirect them to fake login pages, wherein potential victims would be duped into entering their usernames and passwords. Sednit's phishing campaigns also made use of social engineering techniques to trick targets into thinking that the email they received required urgent action in the hope of getting the potential victims to hastily click on a malicious link, without considering security protocols.

The ESET researchers highlighted one particular instance of Sednit sending out an email containing a malicious attachment to an unspecified target. The mail was designed to pose as coming from the Ukrainian Academic Union and claimed to contain information about "relations between Russia and the EU". The malicious RTF attachment file came with the ability to exploit a vulnerability, which would function as a malware dropper, further infecting the target's computer.

Sednit was also found to have created fake malware-laced websites, specifically designed to lure victims to click on malicious links by displaying "headlines of legitimate news articles". Moreover, in 2015 alone, Sednit exploited nearly six zero day vulnerabilities in Windows, Adobe Flash and Java.

Who has Sednit targeted?

The ESET researchers found that most of Sednit's targets appeared to be individuals, the majority of whom had Gmail addresses. However, researchers also found that Sednit targeted embassies belonging to numerous countries across the globe, including those belogning to Algeria, Brazil, Colombia, Djibouti, India, Iraq, North Korea, Kyrgyzstan, Lebanon, Myanmar, Pakistan, South Africa, Turkmenistan, United Arab Emirates, Uzbekistan and Zambia.

The ministries of defence in Argentina, Bangladesh, South Korea, Turkey and Ukraine were also targeted by the threat actors.

Among Sednit's individual targets were political leaders and police chiefs of Ukraine, high-profile members of Nato institutions and members of Russia's People's Freedom Party.

"Shaltay Boltai", an anonymous Russian group known for releasing private emails of Russian politicians, Russian political dissidents, Eastern European-based journalists, Chechen institutions and international academics visiting Russian universities, was also among those targeted by Sednit.

ESET's upcoming additional two-part detailed analysis of the threat group is slated to discuss Sednit's various custom malicious programs, backdoors and rootkits, all designed to enhance the group's cyberspying abilities.

How to Hack a Website in Four Easy Steps

Step 1: Identify your target

While Anonymous and other online hacktivists may choose their targets in order to protest against perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the best thing to do is to identify a any website which has a vulnerability.

Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack. How did he/she identify these websites? Well, the key to creating a list of websites which are likely to be more open to attack, is to carry out a search for what is called a Google Dork.

Google Dorking, also known as Google Hacking, enables you find sensitive data or evidence of vulnerabilities by querying a search engine like Google or Bing. It basically allows you to enter a search term into Google and find websites which may have these vulnerabilities somewhere on the site.

Don't worry about needing technical expertise to know what to look for. Kind-hearted hackers have produced lists of these Google Dorks, neatly categorised into the type of vulnerability you are looking for. Looking for files containing passwords? There's got a Dork for that. Login credentials? There's a Dork for that.

For example, if you are looking for files stored on websites containing passwords, then a sample search query we found openly listed on one indexing site was: intitle:"Index of" master.passwd. This returns the results shown in the screengrab above.

So now you have a list of potential victims. Next you need to narrow this down even further.

Step 2: Check for vulnerabilities

Having a huge number of sites which may or may not be vulnerable is not much use unless you can pinpoint one which is actually open to attack. This is when a programme called a vulnerability scanner comes into its own and the most popular is called Acunetix.

Acunetix, developed by a UK-based company, was designed, and is still used, as a tool for web developers to test sites they are building. However the hacking community has commandeered the tool and uses it to identify existing vulnerable sites.

You can download a trial version of the software for free from the official Acunetix website or if you venture into the murky depths of a hacker forum and search for Acunetix, you can find cracked versions of the full application freely available.

Acunetix, as you can see from the screen shots above, is a simple, straight-forward Windows application and all you need to do is enter the URL of the site you want to target, and press Process. Acunetix will scan the entire website, including all pages associated with it, and return a list of vulnerabilities it finds. If you find the type you are looking for, you will need to move onto Step 3, as Acunetix does not perform any website penetration.

Step 3: Attack the website

Attacking a website is done by two main methods. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. We will deal with this type of attack later, but first we will look at how you can hack into an account and steal some information contained within databases on the site.

This type of attack is known as a SQL (pronounced sequel) Injection. A SQL Injection attack aims to capture information stored in a database on the particular website by introducing some SQL code. SQL is a programming language designed for managing data in a database.

But fear not, you won't need to understand a single line of SQL to carry out this attack. Thankfully another freely-available and easy-to-use application, originally developed in Iran, can be downloaded from the web saving you the trouble of dealing with any complex code.

The program is called Havij, the Farsi word for carrot, which is also a slang word for penis and so, unsurprisingly, this is the piece of software required to penetrate a website.

Again there are free and paid-for versions of Havij available with the paid-for version having more powerful capabilities. Again the world of hacker forums is your friend here and cracked versions of the full Havij application are available if you look for them.

The Havij interface is once again like any other Windows program and all a virgin hacker needs to do is simply copy-and-paste the address of their target website and press a button.

Havij allows you to perform a number of different types of operation including one called a Get, which unsurprisingly gets all the information stored on databases on that particular site which can be usernames, passwords, addresses, email addresses, phone numbers and bank details.

And that's it, within minutes you can search for, download and use a couple of automated tools which will allow you to access websites which are vulnerable to this type of attack. While most high profile companies' websites will be protected from this type of attack, the fact that Sony's website and the personal information of its customers was stolen in a manner similar to this, shows just how vulnerable the web is.

Step 4: If all else fails, DDoS

Hacktivist collective Anonymous changed their tactics in the last 12 months moving away from DDoS as their primary tool for attacking websites, preferring if possible to use SQL Injection instead. However, when this is not possible, they will revert to DDoS attacks, and you can to, with the help of another freely available tool.

And it turns out that DDoSing a website is no more difficult than carrying out a SQL Injection. The programme used is called Low-Orbit Ion Canon (LOIC) which was developed for web designers to stress test websites, but has been high-jacked by hackers in order to attack websites.

Available as a free download from Source Forge, LOIC employs a very user-friendly interface and all potential hackers need to is type in the URL of the site they want to crash and LOIC will do the rest. What the application will do is send up to 200 requests per second to the site in question.

While most bigger sites might be able to deal with this request without crashing, most websites out there will not, especially if you get together with some other hacking virgins and combine your efforts.

So easy is it to use this technology that you can even control it from your BlackBerry, meaning you can be enjoying a pint in the pub with your friends while carrying out a DDoS attack on a website of your choice.