I’m not sure how much of this you already know, but the majority of security vulnerabilities are things like “failure to check the bounds of a buffer” or “failure to sanitize or escape user input before plugging it into a command parser”—dumb mistakes in implementation, in other words. It’s much rarer to find a problem in the cryptographic algorithms (although that happens occasionally, like MD5). If we look through OpenSSL’s already-fixed vulnerabilities list:
Browser page search says that “buffer over” (as in buffer overflow, overrun, or over-read) appears on the page 24 times (although there’s double-counting there, as it tends to appear in the title and once or twice in the description). You don’t need to be a world-class security researcher to find these security holes; it’s more a matter of (a) happening to look in the right place, (b) having some knowledge and creativity and intelligence in figuring out how it could be exploited.
[the NSA] wouldn’t be able to take over the world
The NSA isn’t able to run thousands of copies of itself on machines it hacks into, nor use that to quickly create more powerful instances of itself. So that part of world domination is clearly out.
But if you mean “the NSA wouldn’t be able to do that first step of taking over millions of computers” (which the hypothetical AI would then use to bootstrap)… I disagree. Do you know about Stuxnet? Believed to be written by some combination of the NSA and Mossad. Observe:
Stuxnet attacked Windows systems using an unprecedented four zero-day attacks (plus the CPLINKvulnerability and a vulnerability used by the Conficker worm[63]). It is initially spread using infected removable drives such as USB flash drives,[21][45] which contain Windows shortcut files to initiate executable code.[64] The worm then uses other exploits and techniques such as peer-to-peerremote procedure call (RPC) to infect and update other computers inside private networks that are not directly connected to the Internet.[65][66][67] The number of zero-day exploits used is unusual, as they are highly valued and malware creators do not typically make use of (and thus simultaneously make visible) four different zero-day exploits in the same worm.[23] Amongst these exploits were remote code execution on a computer with Printer Sharing enabled,[68] and the LNK/PIF vulnerability,[69] in which file execution is accomplished when an icon is viewed in Windows Explorer, negating the need for user interaction.[70]
So the NSA and/or Mossad had all these exploits and were sitting on them. Makes it plausible that, today, they have more that they’re sitting on.
The Conficker worm itself apparently did take over an estimated “9 million to 15 million” machines. So clearly that is doable.
I’m not sure how much of this you already know, but the majority of security vulnerabilities are things like “failure to check the bounds of a buffer” or “failure to sanitize or escape user input before plugging it into a command parser”—dumb mistakes in implementation, in other words. It’s much rarer to find a problem in the cryptographic algorithms (although that happens occasionally, like MD5). If we look through OpenSSL’s already-fixed vulnerabilities list:
https://www.openssl.org/news/vulnerabilities.html
Browser page search says that “buffer over” (as in buffer overflow, overrun, or over-read) appears on the page 24 times (although there’s double-counting there, as it tends to appear in the title and once or twice in the description). You don’t need to be a world-class security researcher to find these security holes; it’s more a matter of (a) happening to look in the right place, (b) having some knowledge and creativity and intelligence in figuring out how it could be exploited.
The NSA isn’t able to run thousands of copies of itself on machines it hacks into, nor use that to quickly create more powerful instances of itself. So that part of world domination is clearly out.
But if you mean “the NSA wouldn’t be able to do that first step of taking over millions of computers” (which the hypothetical AI would then use to bootstrap)… I disagree. Do you know about Stuxnet? Believed to be written by some combination of the NSA and Mossad. Observe:
So the NSA and/or Mossad had all these exploits and were sitting on them. Makes it plausible that, today, they have more that they’re sitting on.
The Conficker worm itself apparently did take over an estimated “9 million to 15 million” machines. So clearly that is doable.