With over 50 countries and more than half of the world’s population going to the polls in 2024 it’s entirely understandable that worries about the proliferation of disinformation tend to focus on threats to elections and attempts to undermine democracy.
But it is, as most politicians will tell you, pretty hard to influence voters. If malignant actors want to destabilise western countries, there’s a far wobblier pillar for them to attack. All it takes is a little lateral thinking.
We know that the number one theme of most elections is how well (or badly) the economy is performing. We know how dependent economies are on their banks. And we know that, because of how fractional reserve banking works, even the most sturdy institutions are potentially vulnerable to a loss of trust.
Social media can help a lie make several circuits of the earth before the truth has got its shoes on.Artificial intelligence is massivelyincreasing the volume, quality and effectiveness of disinformation and deepfakes. Anddigital payments mean customers no longer need to queue outside a branch to withdraw their money if they think a bank is in trouble.
All that’s needed is for some malignant actors to start joining these dots. There’s evidence to suggest they might already be doing so. Last year,Sahil Shah, the founder of Say No to Disinfo, conducted an exercise to identify the main risks to national security caused by AI-powered “influence operations”. Banks topped the worry list.
Financial institutions already face, and spend a fortune protecting themselves against, a constant barrage of cyber attacks such as phishing, spoofing, malware and denial-of-service attacks.A survey of bank executives conducted by KPMG last year found that more than two-thirds of respondents considered cybercrime their top concern.
JP Morgan, the world’s biggest bank, spends $15bn a year on technology and employs 62,000 technologists as part of the effort to keep its systems safe from hackers. At Davos this year, Mary Callahan Erdoes, the bank’s head of asset and wealth management, said: “The fraudsters get smarter, savvier, quicker, more devious, more mischievous.”These are the known unknowns.
However, one of the most vulnerable parts of any technological system is the incredibly glitchy organic matter with which it must interface.I know of one large financial institution that spent a nine-figure sum upgrading the defences of its cyber perimeter. It then paid ethical hackers to test the formidable new defences.
The hackers were inside the walls of the financial fortress within 17 minutes.How? They hired a beautiful young woman to tell an unwitting security guard she had forgotten her pass and could he, pretty please, give her a new one. Sure thing, love. Whoops.
Human beings and human behaviour are the financial system’s soft spots. Financial decision making is emotional and therefore exploitable. Fake pictures, internal documents or, even, leaked conversations could very easily create the impression that a bank is on the verge of collapse and spark wide-spread panic.
Many people now have multiple bank accounts. If they have cause to worry about the stability of one lender, it would cost them nothing to transfer their funds to another. It could, however, prove very expensive to do nothing.
Even those customers who are aware that the Financial Services Compensation Scheme protects deposits of up to £85,000 may worry about how long their money might be tied up and the hassle of claiming it. So why take the risk? Shah describes such decisions as having an “asymmetric cost function”.
If enough depositors think the same way, then a bank run becomes a self-fulfilling prophecy, gathering unstoppable momentum in a matter of hours. Within a few more, the markets would be asking: who’s next?
Shah says there is already evidence of untraceable “dark PR” about financial institutions being perpetrated on the deep web and funded by cryptocurrencies. Following the collapse ofSilicon Valley Bankin March last year, there was a spike in tweets andRedditposts from bots targeting First Republic Bank, which ultimately failed and had to be taken over by JP Morgan.
The perpetrators behind such attacks could be short-sellers looking to profit from the fall in a bank’s share price. But they could just as easily be state-sponsored operators.Whoever’s behind them, they’re becoming increasingly sophisticated.
The three British personalities most likely to appear in deepfake videos on social media are Rishi Sunak, Jeremy Hunt and Martin Lewis, the founder of MoneySavingExpert and one of the most trusted voices in the country, according to Shah.
Last year,Lewiswarned people not to fall victim to a “frightening” AI-generated video that appeared to show him endorsing a bogus investment project supposedly set up by Elon Musk. It is not hard to imagine how his likeness could be weaponised against banks.
Unfortunately, it’s not immediately obvious what individual institutions might do to protect themselves. Shah says lenders need to set up monitoring systems and sentiment analysis that are linked to real-time information on withdrawals for earlier detection of suspicious activity. “It is the time lag that really kills banks,” he says.
Firms might then limit withdrawals or offer higher interest rates to customers who don’t pull their money out of the bank. However, such actions could easily backfire and be seen as evidence that the rumours have credence. The more a bank says “keep calm”, the more customers will likely panic.
Shah believes that effective responses would therefore best be coordinated by the central bank, whose perceived impartiality would be crucial to restoring trust in the system. He is, however, worried that regulators have a tendency to fight the last war and the dangers of an AI-powered “credit crunch” are not being taken seriously enough.
Shah has written to the Bank of England to see if these kinds of attacks on financial institutions will be included in its next stress tests. However, he’s yet to receive a reply.
Financial regulators have plenty on their plate. But this is a risk that’s too big to ignore.
