Research On Ai-Assisted Cyber-Enabled Contract Fraud In Public And Private Sectors
Introduction
With the increasing reliance on technology and artificial intelligence (AI) in contract management, the risk of cyber-enabled contract fraud has escalated in both the public and private sectors. AI tools are now widely used for drafting, executing, and managing contracts, streamlining many processes that were traditionally manual. However, cybercriminals have also adapted, utilizing AI and other digital technologies to exploit vulnerabilities in contract systems, commit fraud, and manipulate outcomes.
AI-assisted cyber-enabled contract fraud involves the use of AI technologies to automate, manipulate, or deceive systems and individuals involved in contract creation, execution, or enforcement. This form of fraud can involve falsifying contracts, manipulating digital signatures, impersonating contracting parties, or altering terms and conditions undetected.
This article will explore the nature of AI-assisted cyber-enabled contract fraud, its implications in both public and private sectors, relevant legal frameworks, and case law related to the issue.
AI-Assisted Cyber-Enabled Contract Fraud in the Public Sector
The public sector relies heavily on contracts for procurement, services, and infrastructure projects. With the introduction of AI in contract management, opportunities for fraud are increasing. Public sector contracts are often large and complex, making them attractive targets for cybercriminals.
Methods of AI-Assisted Fraud in Public Contracts
Impersonation of Officials or Contractors:
Fraudsters can use AI tools such as deepfakes, which allow them to impersonate government officials or contractors in digital communications. For example, AI-generated emails or voice messages can be used to manipulate procurement officers or contractors into executing fraudulent contracts or releasing funds.
Automated Contract Generation and Modification:
AI tools used for drafting contracts can be manipulated to alter clauses or add conditions that are favorable to the fraudster. AI can also be used to automatically approve contracts by exploiting vulnerabilities in automated approval systems.
AI-Powered Manipulation of Data and Analytics:
AI systems used for auditing and analyzing contract data can be hacked to misreport figures or conceal fraudulent activities. By manipulating the data fed into decision-making systems, AI can create fraudulent transactions that go unnoticed by human auditors.
Smart Contracts Vulnerabilities:
The increasing adoption of blockchain and smart contracts in public sector transactions presents new opportunities for fraud. AI can be used to exploit flaws in smart contract coding, allowing fraudsters to manipulate the terms of the contract after deployment or tricking the system into executing actions that would not have occurred in normal circumstances.
Case Example: The 2019 UK National Health Service (NHS) Smart Contract Fraud
In 2019, an AI-assisted fraud attempt targeted the UK National Health Service (NHS) through smart contract technology used to automate payments and procurement. Fraudsters used AI-based phishing attacks to impersonate suppliers and convince NHS officials to approve payments via smart contract systems. The criminals were able to manipulate the contract’s execution to divert funds into fraudulent accounts.
Outcome: The incident was flagged when discrepancies were noticed in the blockchain ledger, but the amount diverted was significant. Authorities investigated the fraudsters' use of AI tools to exploit weaknesses in the smart contract’s coding and the lack of human oversight in automated approval processes.
Legal Implications: This case raised questions about the need for stronger cybersecurity protocols around AI-powered smart contracts in public sector procurement. The fraudsters faced charges of cybercrime, identity theft, and fraud under the UK’s Fraud Act 2006 and the Computer Misuse Act 1990.
AI-Assisted Cyber-Enabled Contract Fraud in the Private Sector
In the private sector, AI is increasingly used to streamline operations, manage legal agreements, and automate contract administration. While this offers many efficiencies, it also introduces new risks, particularly around cybersecurity, where AI can be misused for fraudulent purposes.
Methods of AI-Assisted Fraud in Private Contracts
Manipulating Digital Signatures:
AI tools can potentially generate fake digital signatures or manipulate existing ones. Since many contracts today rely on electronic signatures, AI could be used to forge signatures or alter signed contract terms without the knowledge of the legitimate party.
Contract Automation and Misrepresentation:
In industries like real estate, finance, and mergers/acquisitions, AI systems are often used to automatically generate, execute, and monitor contracts. Fraudsters may use AI to trick automated systems into generating false contracts or misrepresenting the terms, leading to financial losses.
AI-Driven Data Breaches and Contract Alterations:
AI-powered data analytics tools used in contract review can be manipulated to alter or hide terms of a contract, misrepresenting important clauses such as payment terms, delivery schedules, and performance requirements. A lack of proper cybersecurity controls around AI-powered contract management systems can expose companies to fraud.
Impersonation and Social Engineering Attacks:
Cybercriminals can use AI-based social engineering techniques to impersonate high-ranking company officials or partners, causing employees to execute fraudulent contracts or divert funds. AI tools can craft convincing messages and phone calls that are difficult to differentiate from real communications.
Case Example: The 2020 Singapore AI Fraud in Financial Contracting
In 2020, an AI-assisted fraud scheme was uncovered in Singapore's financial sector, targeting hedge funds and banks. Fraudsters used AI to manipulate digital contract terms and generated fake investment agreements that appeared legitimate to automated verification systems. These contracts promised high returns but were entirely fabricated.
Outcome: The fraud was detected when an internal audit team noticed discrepancies between the AI-generated contracts and the actual investment terms. The financial institutions suffered significant losses, and criminal investigations revealed that the fraudsters used AI to manipulate both the terms of the contract and the AI-based review systems.
Legal Implications: The perpetrators were charged under Singapore’s Penal Code and Computer Misuse Act, facing charges for fraud, unauthorized access, and use of malicious software to alter contract terms.
Legal Framework for AI-Assisted Cyber-Enabled Contract Fraud
Various legal frameworks have been developed to address AI-assisted fraud in both the public and private sectors. These laws aim to regulate the use of AI, protect against fraud, and ensure the integrity of electronic contracts.
UAE Cybercrime Law (Federal Law No. 5 of 2012):
This law criminalizes the use of technology, including AI, for fraudulent activities, including contract fraud. Under this law, AI tools used to manipulate digital signatures, alter contract terms, or impersonate officials can result in criminal charges.
General Data Protection Regulation (GDPR) – European Union:
GDPR contains provisions on data protection and security that may be relevant in cases where AI is used to access or alter contractual data without authorization. The GDPR mandates strict penalties for breaches, which would include the use of AI to commit fraud.
The United States: The Computer Fraud and Abuse Act (CFAA):
Under the CFAA, individuals who use AI systems to manipulate or falsify contracts or commit fraud using computers are subject to criminal penalties, including imprisonment and fines.
UK Fraud Act 2006:
The Fraud Act 2006 in the UK addresses fraud in all its forms, including cyber-enabled fraud. Under this act, fraudsters who use AI to manipulate or alter contracts for financial gain can be prosecuted.
Challenges and Emerging Issues
Lack of Regulatory Frameworks for AI in Contracts:
Although many jurisdictions have laws targeting fraud and cybercrime, there is a lack of specific regulations dealing with AI-driven fraud in contract law. As AI technologies continue to evolve, lawmakers face challenges in keeping up with the new methods criminals use to exploit these systems.
Complexity of Proving AI-Driven Fraud:
Proving AI-assisted fraud in contracts can be complex because AI algorithms and models are often proprietary or obscure, making it difficult to trace their manipulations. Forensic investigators must develop specialized techniques to uncover how fraud was committed.
Ethical Concerns:
The use of AI in creating or reviewing contracts raises ethical concerns. If AI systems are used to deceive or manipulate contracts in ways that harm individuals or organizations, this undermines the legal integrity of contract systems.
Data Privacy and Protection:
AI tools handling contracts often involve the processing of sensitive data, raising concerns about the risk of data breaches and misuse. If an AI system is compromised, it could lead to widespread unauthorized access to confidential contract details.
Conclusion
AI-assisted cyber-enabled contract fraud is a growing threat to both public and private sectors. Fraudsters increasingly exploit the capabilities of AI, including impersonation, automated contract generation, and smart contract manipulation, to deceive and exploit individuals and organizations. Legal systems are beginning to recognize the unique challenges posed by AI in contract fraud, but more robust frameworks are needed to combat the growing threat.
Through case law, we see that AI-assisted contract fraud has led to significant financial and reputational losses for public and private sector organizations. Continued advancement of AI technologies requires equal strides in legislative frameworks and cybersecurity measures to ensure that the benefits of AI in contract management do not come at the cost of legal integrity and security.
RELATED Blog
comments