From Espionage to Warfare - Cyber war grows
Source:
It is no secret I have a huge interest in the uses of AI not solely in regards to synthetic biology, and systems, but its impact on society as a whole. This substack will cover many parts of this subject that I find important. In that regard and something I covered before.
[
As I wrote in the substack above, there is a massive concern in regard to the gray area data brokers, and operate on. These companies specialize in collecting and selling various types of data, making them a quintessential double-edged sword. From a national security or government perspective, they are amazing since they bring the much-desired plausible deniability and to anybody’s surprise but my own.
However, data brokers essentially act as data mercenaries, selling data to anyone willing to pay. They amass data from diverse sources, including social media platforms, websites using tracking cookies for advertising purposes, and online or cloud services that stipulate the potential sale of users' data in their terms of service. The data collected by these brokers often include personal information such as browsing habits, financial transactions, and even intimate details of people's lives.
THE UNITED STATES government has been secretly amassing a “large amount” of “sensitive and intimate information” on its own citizens, a group of senior advisers informed Avril Haines, the director of national intelligence, more than a year ago.
The size and scope of the government effort to accumulate data revealing the minute details of Americans' lives are described soberly and at length by the director's own panel of experts in a newly declassified report. Haines had first tasked her advisers in late 2021 with untangling a web of secretive business arrangements between commercial data brokers and US intelligence community members.
What that report ended up saying constitutes a nightmare scenario for privacy defenders.
“This report reveals what we feared most,” says Sean Vitka, a policy attorney at the nonprofit Demand Progress. “Intelligence agencies are flouting the law and buying information about Americans that Congress and the Supreme Court have made clear the government should not have.”
In the shadow of years of inaction by the US Congress on comprehensive privacy reform, a surveillance state has been quietly growing in the legal system's cracks. Little deference is paid by prosecutors to the purpose or intent behind limits traditionally imposed on domestic surveillance activities. More craven interpretations of aging laws are widely used to ignore them. As the framework guarding what privacy Americans do have grows increasingly frail, opportunities abound to split hairs in court over whether such rights are even enjoyed by our digital counterparts.
We are currently experiencing the early stages of an AI arms race, and while AI and language models (LLMs) are powerful tools with the potential to change the world, it is undeniable that corrupt entities, such as governments puppeteered by wealthy elites, will exploit this technology to further their own goals. Apart from the infringement on privacy, the ease with which data can be weaponized using AI systems is a self-evident problem.
While the WHO is still in the process of adopting Europe’s “vaccine passport”, the EU is already putting certain measures in place, the second bullet point is the one you should pay more attention to. Denying entry to Europe if the person poses a high epidemic risk, not being vaccinated against whatever pathogen they list as an epidemic risk falls into that category.
This highlights the potential implications of leveraging AI in conjunction with vast amounts of data, a government or a company hired by a government can use AI to trace psychological, behavioral, and political profiles and predict how specific groups or persons will respond to specific measures, but to the main point of this piece, it will be easy to track the position of individuals towards these measures.
Giving the following discovery a rather alarming pertinence.
The Department of Homeland Security contracted the University of Alabama at Birmingham (UAB) in 2018 to design methods for assigning a “risk score” to potential pro-terrorists accounts on social media, as well as identifying information of interest regarding illegal opioid supply chain and disinformation efforts, according to internal DHS documents reviewed by Motherboard. The project is dubbed “Night Fury,” according to a report from the DHS Inspector General
Another document says the researchers will “build next generation capabilities.” This includes developing training data sets, algorithms, and methodologies, the document adds.
More specifically, the project planned to develop methods that could identify a location without GPS metadata, such as looking for certain keywords, the document reads. The researcher also planned to track threats beyond mainstream social networks like Facebook and Twitter to other communities. DHS planned to test the methods against live events unfolding in real-time, such as a hurricane scenario, the document adds.
This development aligns with the goals of Western governments in implementing travel restrictions to achieve their environmental objectives. The concept of a vaccine passport or restrictive measures cannot exist without the larger context of sustainability initiatives. A complex trojan horse.
Since data is the new gold, nation-states could employ LLMs for any sort of goals as highly advanced analytical tools, and given the current geopolitical tensions around the globe, it would be no surprise that cyber-attacks would pick up. Merely days ago a news article made the round, “Americans should prepare for cyber sabotage from Chinese hackers, US official warns”.
During an appearance at the Aspen Institute CISA (Cybersecurity and Infrastructure Security Agency) Director Jen Easterly said that Beijing was making major investments in the capability to sabotage U.S. infrastructure. When dealing with bureaucrats or… academics one can distill and reiterate the same information over, and over and over again so perhaps certain groups absorb the information better.
The news above, while pertinent and real, isn’t exactly… news in the sense that China has been investing in cyber capabilities for over a decade, and has developed some of the most advanced cyber espionage tools discovered so far. The Shadow War covers this tool, called Daxin. The BMO titled Hybrid War was what initiated the whole series, also enumerating many cyber-attacks, all it would take for an increase in its occurrence would be a further geopolitical fraction.
[
[
Back in May, “Microsoft said in a Wednesday post that the company has "uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States." There is no such thing as a string of coincidences from the world I come from, as such within a short timeframe the US and parts of the world where fell to a string of cyber-attacks.
Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday.
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant's chief technical officer, said in a emailed statement. That hack compromised tens of thousands of computers globally.
In a blog post Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks' Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.” It said the activivity began as early as October.
The U.S. government has been hit in a global hacking campaign that exploited a vulnerability in widely used software but does not expect it to have a significant impact, the nation’s cyber watchdog agency said on Thursday.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said several federal bodies had experienced intrusions following the discovery of a weakness in the file transfer software MOVEit, Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement.
“We are working urgently to understand impacts and ensure timely remediation,” he said. CNN first reported on the statement.
The MOVEit hack was done globally by exploiting a 0-day, in simple terms “0-day” refers to weak points, or flaws in the code (as well as unknown backdoors) unknown to the software developer or company selling a software (commissioned from a third party), it allows hacking groups or nation-state actors to leverage these vulnerabilities to carry out different form of attack, such as cyber espionage, data breaches, and direct infracture attacks. Oddly enough the Health Service of Ireland was also a target of this MOVEit exploit, and so did Shell (the oil company). And Johns Hopkins.
A few of these are not like the others, and this reads as a more targeted attack with significant obfuscation thrown into the mix. As the state of geopolitics and society is right now, health data is a lot more valuable than that of a big oil company.
On a personal level, I think it would be wise to follow what the CISA director advised, to prepare for disruption from cyber-sabotage at scale, no I don’t expect we will experience Cyber Polygon, WEF’s mythical scenario where a cyber pandemic to rival Covid-19 takes place and disrupts and destroy most of the internet as we know it, but I do expect growing disruption from a cyber war PoV, growing in both scope and frequency.
Given the information above on all the attacks and the dozens of significant targets, safe to infer more attacks are to come, and the data stolen will be both sold and weaponized.
If you choose to support this work in whatever form, thank you !