AI cybercrime

Behind the AI-Armed Black Market, a Hidden War Is Being Fought

Honghao Wang

4 min read
Behind the AI-Armed Black Market, a Hidden War Is Being Fought

Never-ending: Inside the AI-Powered Cybercrime Battle

image

I’ve long been fascinated by how the underground cybercrime industry is harnessing AI as a weapon.

AI’s societal benefits are widely recognized — few doubt it’s the future. But beneath the optimistic narrative lies a darker reality: AI is also supercharging cybercrime.

Many know about scams using deepfake face swaps or cloned voices for fraud.

What’s less visible is the growing sophistication and frequency of AI-driven attacks.

image

> The brighter the light, the darker the shadows.

> As AI grows stronger, the barrier to entry for cybercriminals drops dramatically.

I set out to explore how far AI-assisted cybercrime has advanced — and how frontline security experts are fighting this invisible war.

---

Why MYbank?

image

Finance is at the frontline of cybercrime defense, with the strictest security standards. I reached out to MYbank (Ant Group’s tech-driven banking venture) to interview their security engineers.

At first, I worried secrecy would block my request.

But within ten minutes, my contact replied warmly:

image

MYbank connected me to two seasoned engineers. Over the next week, we had two deep-dive interviews. After organizing my notes, I can now share a rare view into the AI-powered tug-of-war between cybercriminals and defenders.

---

Real-World AI Fraud Techniques

1. AI Face-Swapping

Once a strong defense, facial recognition is now frequently bypassed with AI.

  • Criminals can use just a single photo plus leaked personal data.
  • AI tools turn static photos into dynamic, lifelike videos.
  • Video injection feeds these deepfakes into apps in place of live camera feeds.
  • This happens invisibly to victims — even mid-meeting or asleep.

Last year’s deepfakes were crude; this year, they are often indistinguishable to the human eye.

---

2. AI Agents for Massive Automated Exploitation

If face-swapping is a sniper shot, AI Agents are carpet bombing.

  • They perform bulk login attempts using leaked credentials.
  • CAPTCHAs that once slowed attackers are now easily bypassed.
  • These Agents also scrape benefits — claiming mass rewards via hundreds of identities.

---

3. Automated, Precision Phishing

Outdated spam is giving way to targeted, AI-crafted traps.

Example from our interview:

  • AI scrapes public email addresses.
  • It finds your profession and company from other public data.
  • It generates industry-specific phishing emails with malicious attachments.
  • Opening one converts your computer into a zombie node for their network.

---

Beyond the Headlines

Even cryptocurrency exchanges now fall — e.g., Bybit lost $1.5 billion in Feb 2023 to coordinated attacks.

While professional hacker groups dominate high-value targets, AI has lowered the bar for entry, enabling ordinary criminals to attack more frequently and effectively.

In some cases, attack frequency has surged tenfold.

---

The Purple Team: Offensive Defense

At MYbank, the Purple Team attacks their own systems — simulating top hackers using advanced AI.

Their philosophy:

> “Better one punch today than a hundred punches tomorrow.”

They use the spear to sharpen the shield.

---

Case Study: Captcha Defense

Old Attacks

image

Sliding puzzle CAPTCHAs rely on aligning a piece with a missing slot.

Attackers previously:

  • Crawled and downloaded all possible images.
  • Precomputed the correct coordinates for each image.
  • Matched images by hash, answering in under 0.1 seconds.

New Defense: Infinite Maze

  • Use AI-generated CAPTCHA images in real time.
  • No finite image library to exhaustively catalog.
  • Forces attackers to revert to live recognition, which is slower and more costly.

---

AI vs AI: Behavioral Detection

Even real-time visual AI can’t mimic human micro-movements:

  • Subtle mouse path irregularities.
  • Speed variations.
  • Sensor wobble on mobile.

AI models detect hundreds of behavioral features to distinguish bots from humans.

---

Results

MYbank’s AI security framework delivers:

  • 99.99% accuracy with smooth user experience.
  • Real-time threat interception.
  • Continuous evolution over three years.

---

Security’s Core Strategy

Absolute security is impossible. The real goal:

  • Raise attack costs so high that criminals deem it not worth the effort.

---

Behind-the-Scenes Guardians

We use apps, shop, and stream freely thanks to unsung defenders fighting a silent, endless war.

They’re like the “Night Watch” — vigilant, invisible, and committed.

---

Responsible AI for Creators

Platforms like AiToEarn官网 showcase AI’s positive potential:

  • Open-source framework for content creation, publishing, and monetization.
  • Multi-platform reach, analytics, and AI model rankings.
  • Designed to empower creativity, not exploitation.

Links:

---

Final Thoughts

AI is Pandora’s box — its chaos is already here.

We can:

  • Protect our info.
  • Reject small, risky gains.
  • Avoid suspicious links.

The rest? Trust the security teams safeguarding us in silence.

Respect to them.

---

Read the original

Open in WeChat

---

If you found this valuable: like, mark as read, or share.

Star ⭐ the repository to get updates on future stories.

Read more