Daily Drop (573): FMIC, China: Stops Tower Merger, BRICS: Western Dominance, AI Safeguards, Japan: Digital Minister, Malicious LLMs Surge, Securing Chip Manufacturing, DARPA: Moon
08-17-23
Thursday, Aug 17, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
The Intelligence Community’s Foreign Malign Influence Center (FMIC)
Analyst Comments: The establishment of FMIC underscores the U.S. government's recognition of the growing threat of foreign interference in its democratic processes. By centralizing the analysis and response to such threats, FMIC can potentially offer a more coordinated and effective approach. However, its success will largely depend on inter-agency collaboration, the quality of intelligence it receives, and its ability to adapt to evolving tactics used by foreign actors. The provision for a potential termination in 2028 suggests a built-in review mechanism to assess the center's effectiveness and relevance in the future. Given the increasing sophistication of cyber threats and disinformation campaigns, the role of FMIC is likely to become even more critical in the coming years.
FROM THE MEDIA: The Foreign Malign Influence Center (FMIC), established by Congress, serves as the U.S. government's primary organization for analyzing intelligence related to foreign malign influence. This influence is defined as hostile efforts by specific countries, including Russia, Iran, North Korea, and China, to sway U.S. public opinion, policies, or elections. FMIC was created in response to concerns about foreign interference in U.S. elections, especially with the advent of tools like artificial intelligence in disinformation campaigns. The center is organized into three units: Mission Management, Analytic Integration, and Partner Engagement. It collaborates with domestic and international partners to counter foreign malign influence campaigns. An annual report from FMIC's Director is mandated, and there's a provision for the center's potential termination in 2028.
READ THE STORY: Eurasia Review
Beijing's silent treatment topples Tower Semiconductor merger with Intel
Analyst Comments: The termination of the Intel-Tower Semiconductor deal underscores the growing tensions between the U.S. and China in the semiconductor space. China's decision to withhold approval can be seen as a strategic move in the ongoing tech and trade wars. For Intel, the failed acquisition represents a setback in its ambitions to expand its foundry services and global semiconductor manufacturing capabilities.
FROM THE MEDIA: Intel's proposed acquisition of Israeli chip company Tower Semiconductor for $5.4 billion has been terminated due to a lack of regulatory approval from China. This move is perceived as Beijing's retaliation against U.S. semiconductor sanctions. The deal was announced 19 months ago and had received regulatory approval from all required territories except China. The initial deadline for the deal was extended twice while awaiting China's State Administration for Market Regulation (SAMR) approval. However, with the latest deadline of August 15 passed, both companies decided to terminate the agreement. As a result, Intel will pay Tower a termination fee of $353 million, which exceeds Intel Foundry Services' Q2 2023 revenue of $232 million. The acquisition was initially seen as a significant step in Intel's strategy to become a global provider of foundry services and semiconductor manufacturing.
READ THE STORY: The Register
BRICS nations to meet in South Africa seeking to blunt Western dominance
Analyst Comments: The upcoming BRICS summit highlights the bloc's ambition to reshape the global order and challenge Western dominance. The potential expansion of the BRICS, with many nations showing interest, indicates its growing influence. However, the absence of Putin and the differing stances of member countries on expansion suggest internal challenges. The emphasis on Africa underscores the continent's strategic importance in global geopolitics. The BRICS nations' desire to present themselves as alternative development partners to the West and their efforts to reform global governance systems further underline their aspirations to play a more significant role in global affairs.
FROM THE MEDIA: BRICS leaders, representing Brazil, Russia, India, China, and South Africa, are set to convene in South Africa to deliberate on transforming their collective, which represents a quarter of the global economy, into a geopolitical entity capable of challenging Western supremacy in global affairs. Notably absent from the meeting will be Russian President Vladimir Putin, due to an international arrest warrant related to alleged war crimes in Ukraine. The summit, scheduled from August 22 to 24, will see participation from Chinese President Xi Jinping, Brazil's Luiz Inacio Lula da Silva, and Indian Prime Minister Narendra Modi. A primary topic of discussion is expected to be the potential expansion of the BRICS, with around 40 countries, including Saudi Arabia, Argentina, and Egypt, expressing interest in joining. The summit's theme, "BRICS and Africa", underscores the bloc's intention to strengthen ties with the African continent.
READ THE STORY: Reuters
Senator calls on Google, OpenAI and others to commit to AI safeguards
Analyst Comments: Sen. Warner's call for enhanced AI safeguards underscores the growing concerns around the potential misuse of AI technologies. The voluntary commitments by major AI companies are a step in the right direction, but the emphasis on making these rules universally applicable suggests that piecemeal approaches might not be enough. The mention of open-source models and their potential risks indicates a broader concern about the democratization of AI and its implications. The fact that some major companies have not yet committed to these safety measures highlights the challenges in achieving industry-wide consensus. Given the rapid advancements in AI, it's crucial for both the industry and policymakers to collaborate closely to ensure that AI technologies are developed and used responsibly.
FROM THE MEDIA: On August 16th, 2023, Sen. Mark Warner (D-VA), chairman of the Senate Select Committee on Technology, urged leading artificial intelligence companies to prioritize safety and security in their AI products. He expressed concerns that the voluntary commitments recently agreed upon by companies such as Amazon, Google, Meta, Microsoft, and OpenAI, among others, might not be sufficient to mitigate risks. These commitments include security testing before product releases, information sharing, investments in cybersecurity, bug bounty programs, and clear labeling of AI-generated content. While Sen. Warner appreciated the collaboration between these companies and the federal government, he emphasized the need for these rules to be applicable across all products. He also highlighted concerns about open-source models and called for additional commitments to prevent misuse in areas like nonconsensual intimate image generation and real-time facial recognition. The senator also expressed disappointment that some companies, including Apple and Databricks, had not signed onto these commitments.
READ THE STORY: The Record
Japan's digital minister surrenders salary to say sorry for data leaks
Analyst Comments: The issues surrounding the My Number Card highlight the challenges governments face when implementing digital transformation initiatives, especially when they impact a large portion of the population. Minister Taro Kono's decision to give up part of his salary is a significant gesture in Japanese culture, emphasizing accountability and responsibility. The problems with the My Number Card, from its inception to its current state, underscore the importance of thorough planning, testing, and public communication when rolling out such large-scale projects. The resistance from the Japanese public also indicates a need for better public engagement and education about the benefits and functionalities of such systems.
FROM THE MEDIA: Japan's digital minister, Taro Kono, has decided to forgo three months of his salary as a gesture of apology for the problematic rollout of the country's digital ID, the My Number Card. This decision was announced in a press conference on August 15, following an interim report on August 8 that highlighted various issues with the My Number scheme. The report revealed public confusion about linking the My Number Card to disability records, instances of health insurance being connected to the wrong card, and errors in public servants' pension records. The My Number Card, introduced in 2016, is designed to link to various government services, including driving licenses and tax departments. However, the card has faced numerous issues, including at least 130,000 of 55 million people having their bank accounts linked to the wrong card. The government plans to review regulations and establish new guidelines for digital IDs by September's end. Kono has acknowledged the issues and blamed the Digital Agency's "inadequate" information sharing system for the delays in addressing them. The goal was for nearly all Japanese citizens to have a My Number Card by March 2023, but the public has resisted this move.
READ THE STORY: The Register
Cyber security researchers become target of criminal hackers
Analyst Comments: The blending of online threats with real-world consequences is a concerning trend, emphasizing the need for comprehensive security measures both online and offline. The fact that these threats can come from individuals not affiliated with any government or organization makes them unpredictable and challenging to counteract. The cybersecurity community will need to develop strategies to protect its members and ensure that the work of defending against cyber threats can continue without fear of retaliation.
FROM THE MEDIA: Cybersecurity researchers are increasingly becoming targets of criminal hackers, facing threats that sometimes escalate to physical danger. Robert M Lee, CEO of cybersecurity firm Dragos, experienced a threat to his family after refusing to pay a ransom to a criminal hacking group that had breached his company's network. The group escalated the threat by obtaining personal details about Lee's son. Other cybersecurity professionals have reported similar threats, with some even experiencing home break-ins and harassment. These threats often come from young, non-government-affiliated criminals who have ample time and few rules of engagement.
READ THE STORY: FT
WormGPT, FraudGPT, and the Disturbing Surge of Malicious LLMs
Analyst Comments: While LLMs offer promising applications, they can also be weaponized for malicious intents. The cybersecurity community's challenge lies in staying ahead of these threats, emphasizing the importance of continuous innovation, collaboration, and public awareness. The emergence of WormGPT and FraudGPT serves as a stark reminder that with every technological leap, there's a potential downside that needs addressing.
FROM THE MEDIA: In an article penned by Ronnie Atuhaire on 17/08/2023, the technological advancements and challenges presented by Large Language Models (LLMs) such as OpenAI’s ChatGPT are discussed. Notably, the article delves into the emergence of malicious LLMs, WormGPT and FraudGPT, which have been developed by cybercriminals to aid in illicit activities. These models are being promoted on dark-web platforms, with WormGPT described as an unethical alternative to ChatGPT and FraudGPT designed to facilitate cyberattacks. The rise of these malicious LLMs poses significant cybersecurity threats, potentially enhancing the capabilities of cybercriminals. To counteract these threats, the article suggests a multi-faceted approach involving proactive detection, dark-web monitoring, and collaboration between AI developers and security experts.
READ THE STORY: Dignited
Securing Chip Manufacturing Against Growing Cyber Threats
Analyst Comments: The emphasis on collaboration and the creation of industry-specific standards like SEMI E187 and SEMI E188 indicates a proactive approach to address these challenges. However, the article also highlights the industry's struggle with managing the vast number of suppliers and the inefficiencies of multiple security assessments. The mention of the Cyber Security Consortium by SEMI suggests a move towards a more unified and collective approach to tackle these threats.
FROM THE MEDIA: The semiconductor industry is witnessing an increasing number of security threats, with suppliers being the primary source of over 50% of these threats. The manufacturing sector, being a prime target, faces potential delays in shipments, intellectual property leaks, and operational downtimes when successfully attacked. The industry acknowledges the expanding threat landscape and underscores the necessity for collective efforts to establish security standards and processes. The rise of smart manufacturing and data sharing in the cloud has augmented the risk of cyber threats. The industry's growing reliance on programmable systems that interact
READ THE STORY: Semiconductor Engineering
Lost voices, ignored words: Apple's speech recognition needs urgent reform
Analyst Comments: While Apple has been a pioneer in many technological advancements, its Voice Control system seems to have been left behind, especially when compared to other tools like Dragon. The experiences shared by Hughes and others emphasize the real-world implications of these technological shortcomings. It's evident that while Voice Control is a step in the right direction, Apple needs to invest more in refining its accuracy and functionality to truly cater to its users' needs.
FROM THE MEDIA: Colin Hughes, a former BBC producer with a severe physical disability, critiques Apple's Voice Control in an opinion piece for The Register. Introduced in 2019, Voice Control was Apple's response to the growing need for voice dictation, especially after Nuance discontinued its Dragon speech-to-text software for Mac. While Apple has made strides in accessibility with updates across iOS 17 and macOS Sonoma, Hughes and other users like Ian Gilman and Shaun Preece find Voice Control lacking in accuracy, especially concerning proper noun recognition and grammar. Hughes believes that Apple should prioritize the development of personalized speech recognition to cater to users with non-standard speech.
READ THE STORY: The Register
Will Russia split up the BRICS?
Analyst Comments: The Brics summit underscores the challenges of aligning emerging economies with varied interests. While the group boasts significant economic potential, internal divisions and external geopolitical pressures could impede its progress. South Africa's ties with Russia and its role in the summit will be pivotal in shaping the Brics alliance's future and its global influence.
FROM THE MEDIA: The upcoming 15th annual Brics summit in Johannesburg is expected to be a platform for the member nations (Brazil, Russia, India, China, and South Africa) to showcase their collective strength. However, underlying tensions exist. China and India have longstanding border disputes and differing visions for the group's expansion. Russia seeks support for its Eastern European ambitions and a shift from the dollar in international markets. Brazil and South Africa might push for an "anti-America" stance, which could be too confrontational for India. Additionally, the nations have divergent energy policies. South African president Cyril Ramaphosa aims to use the summit to bolster ties with Russia and divert attention from domestic issues.
READ THE STORY: Unherd
Vietnam admits it has just ten percent of the infosec pros it needs
Analyst Comments: Vietnam's admission of its vast shortfall in infosec professionals is alarming, especially in the context of the increasing cyber threats and data trading activities. The country's digital infrastructure and data protection mechanisms are evidently at risk, given the lack of skilled personnel to manage and secure them. The rise in personal data sales, especially through encrypted platforms like Telegram, further exacerbates the situation. While the Ministry's acknowledgment is a step in the right direction, it is crucial for Vietnam to develop a comprehensive strategy to address this shortage, which may include investing in education, training, and international collaborations.
FROM THE MEDIA: Vietnam's Ministry of Information and Communications has publicly acknowledged a significant shortage in the country's information security professionals. The Ministry stated that there are currently only about 3,600 personnel working in the information security sector, which meets a mere ten percent of the actual demand. This shortage has become increasingly concerning due to a rise in the sale of personal information. The Information Security Authority, an agency under the Ministry, has identified that data trading activities are primarily conducted within closed social media groups, with a recent surge involving transactions through chatbots and Telegram accounts. The Authority has attributed the increased risks to weak security measures and has called for other agencies to bolster their data protection efforts. The Ministry has not provided any solutions or plans on how to address the deficit of over 30,000 information security professionals needed to enhance the nation's cybersecurity resilience.
READ THE STORY: The Register
DARPA wants interoperability standard for Moon living
Analyst Comments: DARPA's LunA-10 project is a forward-thinking initiative that recognizes the need for a unified approach to lunar infrastructure. By aiming to create a standard that can be globally adopted, DARPA is positioning itself as a leader in the future of lunar habitation. The comparison to the internet's development suggests a vision of a connected and integrated lunar community. However, the success of this project will depend on global cooperation, technological advancements, and addressing the challenges of the lunar environment. If successful, this could be a significant step towards establishing a sustainable human presence on the Moon.
FROM THE MEDIA: DARPA, the research agency, has initiated a project named LunA-10 to develop an integrated lunar infrastructure to support future habitation on the Moon. The project aims to create scalable, shareable, and interoperable systems that can serve multiple purposes. For instance, a wireless power station might also provide communication and navigation capabilities. The LunA-10 project will focus on three primary areas: transit/mobility, energy, and communications. The goal is to establish a technological standard for lunar infrastructure that can be adopted globally. DARPA envisions this infrastructure to be similar to the internet, starting with foundational nodes and expanding into a vast network. The agency hopes that the LunA-10 technology will be ready for deployment on the Moon by 2035.
READ THE STORY: The Register
Phishing campaign used QR codes to target large energy company
Analyst Comments: The exploitation of QR codes by cybercriminals is a concerning development in the cybersecurity landscape. The convenience and widespread use of QR codes, especially during the pandemic, have inadvertently made them a new vector for cyberattacks. The rapid growth of such phishing campaigns underscores the need for increased awareness and protective measures against QR code-based threats.
FROM THE MEDIA: In an article by Jonathan Greig on August 16th, 2023, cybersecurity researchers have identified a significant phishing campaign that leverages malicious QR codes to steal Microsoft credentials from targets, including a major U.S. energy company. The widespread adoption of QR codes, especially during the COVID-19 pandemic, has made them a prime target for cybercriminals. The campaign, which began in May, sent thousands of emails containing these malicious QR codes, redirecting users to a Microsoft credential phishing page. Cybersecurity firm Cofense, which reported on this campaign, highlighted that the number of such emails has grown by about 270% each month. The article also points out that most mobile devices, which are typically used to scan QR codes, are not regulated by employers, making them vulnerable to such attacks
READ THE STORY: The Record
What's the State of Credential theft in 2023?
Analyst Comments: The reliance on human elements, such as users, makes organizations vulnerable, as even a single mistake can lead to a breach. The rise of online black markets selling stolen credentials further exacerbates the problem. Organizations need to invest in advanced tools and training to mitigate these risks. The mention of tools like Specops Password Policy indicates a growing market for solutions that can detect and prevent the use of compromised credentials.
FROM THE MEDIA: In 2023, credential theft remains a significant concern for IT teams, primarily due to the high value of data for cybercriminals and their evolving techniques. The 2023 Verizon Data Breach Investigations Report (DBIR) highlighted that 83% of breaches were caused by external actors, with a financial motive behind almost all attacks. Of these breaches, 49% were due to stolen credentials. Users often become the weak link in security, with 74% of breaches involving human elements like human error, privilege misuse, social engineering, or stolen credentials. Cybercriminals are increasingly using social engineering techniques, such as 'pretexting', to trick users into giving up their credentials. Large organizations are not immune to these attacks, as demonstrated by the breach of Norton Lifelock Password Manager early in 2023. Cybercriminals are also purchasing stolen credentials from online black markets, with datasets containing hundreds of thousands of stolen credentials available for sale. To combat this, tools like Specops Password Policy with Breached Password Protection are essential for detecting compromised passwords.
READ THE STORY: THN
Let Venice Sink
Analyst Comments: Bennett's article is a compelling exploration of the intersection between heritage preservation and the realities of climate change. By using Venice as a case study, the piece effectively highlights the broader challenges faced by global heritage sites. The introduction of concepts like "transformative continuity" offers fresh perspectives on how societies might navigate the preservation of cultural landmarks in an era of environmental uncertainty. However, the article might be seen as controversial, especially by those who believe in the absolute preservation of historical sites. While the piece does well in presenting a balanced view, incorporating more voices from the local Venetian community could have added depth to the narrative.
FROM THE MEDIA: Catherine Bennett's article "Let Venice Sink" in WIRED delves into the provocative notion of allowing Venice to be submerged as a testament to the perils of global warming. Drawing from the 1970s perspective of British author Jan Morris, who suggested that Venice should be allowed to sink, the article underscores the urgency of the situation, with predictions indicating Venice could be underwater by 2100. UK-based cultural geography professor Caitlin DeSilvey emphasizes the evolving nature of heritage, suggesting a shift from preservation to allowing natural transformation. The article also touches on the financial and environmental implications of the MOSE flood barriers, which, while effective, are costly. The concept of "transformative continuity" is introduced, suggesting that places affected by climate change can serve as evolving memories.
READ THE STORY: WIRED
Bad software destroyed my doctor's memory
Analyst Comments: Pesce's article sheds light on a significant issue in the medical field: the transition from traditional paper-based systems to digital ones. While the narrative is anecdotal, it resonates with broader concerns about the integration of technology in healthcare. The piece underscores the importance of user-centric design, especially in critical sectors like medicine. It's a compelling argument for the IT sector to work closely with medical professionals to ensure that digital tools enhance their workflow rather than disrupt it.
FROM THE MEDIA: In a column for The Register, Mark Pesce discusses the challenges faced by medical professionals due to poorly designed digital systems. Pesce recounts a personal experience with a medical specialist who lamented the loss of his traditional paper-based patient files after transitioning to a digital system. While the new system digitized all patient records, it lacked the intuitive design of a physical file, making it difficult for the specialist to quickly access and relate information. The specialist expressed a desire for a digital design that mimics the chronological order of a physical file, allowing him to swipe through a patient's history. Pesce emphasizes that while digitization is crucial, the manner in which data is accessed post-digitization is even more critical. He argues that many IT systems in medicine prioritize the system's needs over the users', leading to design flaws that can compromise patient care. Pesce concludes by highlighting the importance of designing digital tools that enhance, rather than hinder, the medical professional's ability to provide care.
READ THE STORY: The Register
Items of interest
United States Imposes Unprecedented Outbound Investment Controls Focused on China
Analyst Comments: The introduction of this EO marks a pivotal change in U.S. policy towards outbound investments, particularly concerning China. By zeroing in on advanced technology sectors, the U.S. government is highlighting its apprehensions about the potential national security ramifications of U.S. investments in these domains. This policy shift could have profound repercussions for U.S. businesses and investors with stakes in China, especially within the highlighted technology sectors.
FROM THE MEDIA: On August 9, 2023, President Biden introduced an executive order (EO) that places restrictions on outbound investments from the U.S. to specific sensitive sectors in China, including Hong Kong and Macau. Named the "Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern," this directive establishes a new national security regulatory framework called the Outbound Investment Program. Administered by the US Department of the Treasury and the US Department of Commerce, the EO's primary objective is to regulate, and in certain instances, prohibit investments in various technology sectors within China. The main areas of focus include semiconductors and microelectronics, quantum information technologies, and certain artificial intelligence (AI) systems. The EO will predominantly affect U.S. citizens, lawful permanent residents, and entities organized under U.S. laws, even if they operate outside the U.S.
READ THE STORY: JDsupra
Countering Foreign Malign Influence While Protecting Civil Liberties (Video)
FROM THE MEDIA: The federal government has a responsibility to identify and disrupt foreign adversary campaigns intended to sow discord and misinformation. How can we ensure that in carrying out this activity, the government does not infringe on Americans’ First Amendment rights?
How Social Media is Shaping Our Political Future (Video)
FROM THE MEDIA: Drawing on her personal path from indifferent citizen to passionate campaigner, Victoria Bonney implores us to examine the ways citizens and elected officials alike are using social media to change democracy - for the better. From the swift engagement of hashtags to the transparency of tweeting policy-at-play in unfolding situations, social media is changing the way we see our representatives - and the way they see us.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.