Daily Drop (828): | Vol-Driven Internet Infra | Google: GenAI | Strategic Bitcoin | Vanishing CN Internet | Maritime: Cyber | Google Algo Update | BOTs | Under Sea Cables | DPRK | AI: Energy Cost
07-28-24
Sunday, Jul 28 2024 // (IG): BB // ShadowNews // Coffee for Bob
Measures of Effectiveness (MoE):
MoEs are used to assess how well a system or operation achieves its intended goals. They are qualitative or quantitative metrics that reflect the success of achieving desired outcomes. For example, in a cybersecurity context, an MoE could be the reduction in successful cyber-attacks after implementing new security protocols.
Results: We are seeing an uptick in “163.com”, “189.com” and “QQ” subscribers.
How China and Russia Could Hobble the Internet: The Vulnerability of Undersea Cables
Bottom Line Up Front (BLUF): Undersea cables, crucial for global internet connectivity, are increasingly becoming military targets. A RAND Europe study revealed significant vulnerabilities, highlighting the potential threats posed by China and Russia to this critical infrastructure.
Analyst Comments: The discovery of vulnerabilities in undersea cables underscores the strategic importance of securing this infrastructure against potential military threats. China's and Russia's growing interest in these cables suggests a new dimension of cyber and physical warfare. The exposure of sensitive details during the RAND Europe study reveals a pressing need for heightened security measures and international cooperation to protect these vital connections.
FROM THE MEDIA: A recent RAND Europe study commissioned by a British government department has brought to light the significant vulnerabilities of undersea cables, which are essential for global internet and electricity connectivity. The study involved public maps and expert interviews, leading to the realization that critical details could be exploited by adversaries like Russia. The research team, initially composed of members from various European countries, had to be restructured to UK-only participants due to the sensitivity of the findings. This reaction underscores the critical nature of the infrastructure and the urgent need for enhanced security measures.
READ THE STORY: The Economist
Volunteer-Driven Internet Infrastructure: A Risky Reality
Bottom Line Up Front (BLUF): The infiltration of malware into the XZ Utils software underscores the significant risks associated with the volunteer-driven maintenance of critical internet infrastructure, as highlighted by past vulnerabilities in widely used tools like OpenSSL.
Analyst Comments: The reliance on volunteers to manage crucial internet infrastructure presents a paradox where highly profitable companies depend on under-resourced and understaffed teams for their cybersecurity. This systemic issue not only makes the internet vulnerable to breaches but also highlights the need for better support and funding for open-source projects that underpin global digital security.
FROM THE MEDIA: A recent incident involving malware smuggled into XZ Utils, a widely used compression tool, has spotlighted the broader issue of the internet's reliance on volunteer-driven infrastructure. This problem was starkly revealed a decade ago with the Heartbleed bug in OpenSSL, a critical encryption tool maintained primarily by two volunteers, which exposed significant security flaws. The incident with OpenSSL illustrated how even essential security tools, used by nearly 20% of websites, including major tech companies, can suffer from underfunding and lack of professional oversight. This vulnerability stemmed from the fact that the code was managed in the developers' spare time, leading to acknowledged weaknesses in the software's security.
READ THE STORY: The Economist
Google Researchers Warn of Generative AI's Impact on Internet Authenticity
Bottom Line Up Front (BLUF): A new study by Google researchers highlights the negative impact of generative AI on the internet, revealing how it is inundating online spaces with fake content, undermining authenticity, and challenging public trust.
Analyst Comments: The study exposes the paradox of Google developing and promoting AI technology that contributes to the very problems its researchers are warning about. The proliferation of generative AI tools is blurring the lines between genuine and fabricated content, complicating the task of distinguishing reality from deception. This phenomenon underscores the urgent need for more robust measures to verify digital information and manage AI-generated content responsibly.
FROM THE MEDIA: Google researchers have published a paper highlighting the detrimental effects of generative AI on internet content authenticity. The study, reported by 404 Media, found that most users of generative AI employ the technology to create fake or doctored content, such as images and videos, with the intent to deceive, influence public opinion, perpetrate fraud, or generate profit. This misuse is exacerbated by the increasing sophistication and accessibility of AI tools, which require minimal technical expertise to operate. The paper reveals that the mass production of low-quality, spam-like, and deceptive synthetic content is overwhelming users, increasing skepticism towards digital information, and complicating verification processes. This influx of fake content is not only affecting general public perception but also allowing high-profile individuals to dismiss unfavorable evidence as AI-generated, thereby shifting the burden of proof and creating inefficiencies.
READ THE STORY: Futurism
Donald Trump Backs ‘Strategic Bitcoin Stockpile’ in Speech to Crypto Faithful
Bottom Line Up Front (BLUF): During his keynote at the Bitcoin 2024 conference, Donald Trump pledged to establish a "strategic Bitcoin stockpile," fire SEC chair Gary Gensler, create a crypto advisory council, and position the U.S. as the "crypto capital of the world."
Analyst Comments: Trump's ambitious crypto-friendly agenda aims to attract support from the burgeoning cryptocurrency community by proposing significant regulatory changes and national investment in Bitcoin. His promises, including the removal of SEC chair Gary Gensler, highlight a push for deregulation in favor of fostering a pro-crypto environment. While appealing to crypto enthusiasts, these proposals also signal potential shifts in the U.S. regulatory landscape that could have far-reaching implications for financial markets and institutional trust.
FROM THE MEDIA: At the Bitcoin 2024 conference in Nashville, Donald Trump outlined his vision to bolster the U.S. as a leader in the cryptocurrency sector. He proposed creating a "strategic Bitcoin stockpile" to ensure national investment in the digital currency and support its growth. Additionally, Trump vowed to dismiss SEC chair Gary Gensler, reflecting his criticism of current regulatory frameworks, and to establish a crypto advisory council to guide policy and innovation. Trump's agenda also includes making the United States the "crypto capital of the world," positioning the country at the forefront of the global digital currency revolution. This aligns with broader goals of enhancing national competitiveness in emerging financial technologies and appealing to a voter base increasingly interested in decentralized finance and digital assets.
READ THE STORY: Wired
The Vanishing Chinese Internet: A Growing Threat to Collective Memory
Bottom Line Up Front (BLUF): The Chinese internet is rapidly shrinking and censoring past content, erasing significant historical and cultural memories. This trend, driven by political pressures and technical challenges, threatens to undermine the collective memory of China's digital history.
Analyst Comments: The aggressive censorship and deletion of content on the Chinese internet represent a significant threat to the preservation of history and culture. This digital erosion not only limits access to past information but also manipulates public perception and historical narratives. The implications are profound, as it hinders academic research, distorts collective memory, and reinforces state control over information.
FROM THE MEDIA: China's internet is undergoing a drastic reduction in available content, leading to the disappearance of vast amounts of historical and cultural information. A widely shared post on WeChat highlighted that nearly all information from Chinese news portals, blogs, forums, and social media sites posted between 1995 and 2005 has vanished. The number of Chinese websites has dropped from 5.3 million in 2017 to 3.9 million in 2023, a decline driven by both political censorship and technical challenges in archiving content.
READ THE STORY: The New York Times
Cyber Attacks Surge in Maritime Industry Amid Rising Geopolitical Tensions
Bottom Line Up Front (BLUF): Cyber attacks on the shipping industry have increased dramatically due to geopolitical tensions, with state-backed hackers from countries like Russia, China, North Korea, and Iran targeting trade flows. The industry's lag in cybersecurity investment exacerbates its vulnerability.
Analyst Comments: The maritime sector, vital for global trade, has historically focused on physical security but is now facing a growing threat from cyber-attacks. The sharp increase in incidents highlights the sector's unpreparedness for digital threats. As geopolitical conflicts escalate, state-backed cyber attackers are leveraging these vulnerabilities to disrupt global trade. This situation underscores the urgent need for heightened cybersecurity measures and investment in the maritime industry to safeguard against these sophisticated attacks.
FROM THE MEDIA: The shipping industry is experiencing a significant rise in cyber attacks as geopolitical tensions fuel state-linked hacking activities. A study by NHL Stenden University of Applied Sciences recorded at least 64 cyber incidents in 2023, up from just three incidents a decade ago. Over 80% of these attacks are attributed to hackers from Russia, China, North Korea, and Iran. The increase in cyber threats coincides with the industry's ongoing struggle with the impact of global conflicts on trade routes. The digitization of ships and the widespread use of internet-enabled devices at sea have opened new avenues for cyber attacks. Notable incidents include attacks on Iran's Rajaee Port and the port of Rotterdam. The industry’s low IT investment and lack of cybersecurity expertise compound the problem, making it an attractive target for cybercriminals seeking ransom payments to restore critical systems.
READ THE STORY: FT
Google’s Algorithm Update and the Impact on the Internet’s Future
Bottom Line Up Front (BLUF): Google's recent algorithm updates and introduction of AI-generated answers are reshaping the internet, favoring major platforms like Reddit over smaller, independent websites, and sparking concerns about the future of online content and search reliability.
Analyst Comments: Google's ongoing changes to its search algorithm and the integration of AI-generated answers (AI Overviews) are creating significant disruptions for independent websites and smaller publishers. While aiming to reduce low-quality content, these updates inadvertently prioritize large, established platforms, diminishing the visibility and viability of smaller sites. This shift may lead to a homogenized internet where diverse, independent voices struggle to be heard, and users receive less nuanced, sometimes inaccurate information from AI summaries. The balance between curbing SEO abuse and preserving a vibrant, diverse web ecosystem is delicate, and Google's current trajectory appears to favor corporate interests over the richness of online discourse.
FROM THE MEDIA: Google's recent algorithm updates, particularly the "Helpful Content Update" launched in 2022 and subsequent changes in 2023 and 2024, have aimed to reduce low-quality, SEO-driven content from search results. These updates have significantly impacted independent publishers and small websites that produce original, high-quality content. For instance, HouseFresh, a site dedicated to air purifier reviews, experienced a drastic drop in traffic, leading to layoffs and potential closure. This trend has also affected larger entities; data from Semrush indicates significant traffic losses for sites like New York Magazine, GQ, and Urban Dictionary.
READ THE STORY: BBC
North Korea Vows 'Total Destruction' of Enemy on Korean War Anniversary
Bottom Line Up Front (BLUF): On the 71st anniversary of the Korean War armistice, North Korea has issued a stern warning of "total destruction" to its enemies, intensifying rhetoric amid ongoing geopolitical tensions.
Analyst Comments: North Korea's latest threats, issued on the Korean War armistice anniversary, underscore the persistent volatility in the region. The aggressive language, aimed particularly at the U.S. and South Korea, highlights Pyongyang's ongoing commitment to its military-first approach and its strategic use of heightened rhetoric to reaffirm its stance domestically and internationally. This follows a pattern of escalatory behavior, particularly in the absence of diplomatic progress since 2019.
FROM THE MEDIA: North Korea commemorated the 71st anniversary of the Korean War armistice with a strong declaration of potential "destruction" of its enemies should leader Kim Jong Un command it, state media KCNA reported. This message was delivered during a meeting attended by Kim, where senior military officials expressed vehement animosity towards the U.S. and South Korea, vowing to bolster their readiness for an overwhelming attack. The relationship between North Korea and the United States remains tense, with diplomatic talks stalled since 2019. North Korean state media has indicated a lack of expectation for changes in this dynamic, regardless of the U.S. presidential election outcome. Accusations from Pyongyang about the U.S. and South Korea's provocative nuclear war ambitions continue to fuel these tensions.
READ THE STORY: Reuters
Bots Now Constitute Nearly Half of Global Internet Traffic, Posing Rising Threats
Bottom Line Up Front (BLUF): Automated bot traffic has surged to nearly 50% of all internet activity in 2023, with malicious bots representing 32% of this traffic. This increase in bot activity is driving significant security challenges and financial losses for organizations globally.
Analyst Comments: The rising dominance of bot traffic on the internet underscores a critical and growing cybersecurity challenge. With nearly half of all web traffic now coming from bots, and malicious bots making up a substantial portion, organizations must invest heavily in bot management and API security to mitigate the risks. The sophistication and scale of these automated threats highlight the need for advanced defensive measures and proactive strategies to protect sensitive data and ensure operational resilience.
FROM THE MEDIA: In 2023, bot traffic accounted for 49.6% of all internet traffic, marking a 2% increase from the previous year and the highest level since 2013. The 2024 Imperva Bad Bot Report, released by cybersecurity leader Thales, reveals that bad bots alone constituted 32% of this traffic. These malicious bots, involved in activities ranging from web scraping to account takeover (ATO) attacks, are costing organizations billions of dollars annually.
READ THE STORY: Thales
AI's Energy Demands Are Out of Control: Welcome to the Internet's Hyper-Consumption Era
Bottom Line Up Front (BLUF): The rapid integration of generative AI tools has led to unprecedented energy consumption and environmental stress, as companies like Google and Microsoft struggle to balance technological advancements with sustainability goals.
Analyst Comments: The surge in generative AI tools has significantly increased energy and water demands in data centers. This trend, part of the "internet's hyper-consumption era," highlights the urgent need for more sustainable practices in AI development. Companies must invest in efficient hardware and renewable energy while addressing the broader environmental impact of AI technologies.
FROM THE MEDIA: The proliferation of generative AI tools, spurred by OpenAI's release of ChatGPT, has dramatically increased the energy and water consumption of data centers. These AI applications, which are now embedded in everyday online interactions, require far more computational power than traditional services like Google Search or email. Researchers like Sajjad Moazeni from the University of Washington estimate that generative AI applications are 100 to 1,000 times more computationally intensive. This has led to significant energy demands, with companies like Google and Microsoft struggling to maintain their sustainability commitments. For instance, Google recently ceased considering itself carbon neutral, while Microsoft's AI ambitions may compromise its sustainability goals.
READ THE STORY: Wired
The Risk from Russia After Sabotage Attacks at the Olympics
Bottom Line Up Front (BLUF): Concerns over potential Russian efforts to destabilize the Paris 2024 Olympics have been heightened following recent coordinated sabotage attacks on France’s railway network and the arrest of an alleged Russian spy. French authorities are on high alert, deploying extensive security measures to counter various threats.
Analyst Comments: Russia’s history of exploiting geopolitical tensions to create chaos in Western countries presents a significant risk to the Paris 2024 Olympics. The recent sabotage of French railways and the arrest of a suspected Russian spy underscore the Kremlin’s potential to employ covert operations to embarrass France and disrupt the Games. The extensive security and cyber threat countermeasures reflect the serious nature of the threat posed by Russian state-sponsored actors.
FROM THE MEDIA: French authorities have increased security measures for the Paris 2024 Olympics following a coordinated sabotage attack on the railway network and the arrest of an alleged Russian spy. The attack, targeting crucial points on the rail system, has raised fears of Kremlin-backed operations aimed at destabilizing the Games. Thomas Colley, a specialist in Russian propaganda, notes that Russia often seeks to cause chaos and exploit ethnic divides to damage Western rivals. French Interior Minister Gerald Darmanin indicated that other Russian individuals have also been detained on suspicions of plotting to interfere with the Olympics.
READ THE STORY: I News // Yahoo News
Intelligence Agencies Warn of North Korean Cyber Espionage Campaign
Bottom Line Up Front (BLUF): American, South Korean, and U.K. intelligence agencies have issued a warning about North Korea's global cyber-espionage campaign, targeting defense, aerospace, nuclear, and engineering industries, and funding these operations through ransomware attacks on U.S. healthcare providers.
Analyst Comments: North Korea's cyber-espionage activities highlight a significant and ongoing threat to critical industries worldwide. The use of ransomware to finance espionage campaigns underscores the sophisticated and multifaceted nature of these cyber operations. Industries such as defense and nuclear must prioritize cybersecurity measures to protect sensitive information from being exploited to advance North Korea's military and nuclear ambitions.
FROM THE MEDIA: A Joint Cybersecurity Advisory (JCA) from American, South Korean, and U.K. intelligence agencies accuses North Korea of a global cyber-espionage campaign targeting sensitive sectors like defense, aerospace, nuclear, and engineering. The North Korean state-funded group Andariel is specifically identified for obtaining classified technical information to support the regime's military and nuclear goals. The JCA outlines that defense-related targets include information on submarines and unmanned vehicles, while the aerospace sector faces threats related to missiles and defense systems. The campaign is financially supported through ransomware attacks on U.S. healthcare entities, demonstrating the integration of cybercrime and espionage activities.
READ THE STORY: Just The News
Mitsubishi Motors to Join Honda-Nissan Alliance, Expanding Collaboration
Bottom Line Up Front (BLUF): Mitsubishi Motors is set to join the Honda-Nissan alliance, creating a strategic partnership among Japanese automakers to enhance competitiveness in the electric vehicle (EV) market and standardize in-vehicle software.
Analyst Comments: The inclusion of Mitsubishi Motors into the Honda-Nissan alliance represents a significant consolidation in the Japanese automotive industry, aiming to strengthen their position against formidable competitors like Tesla and China's BYD in the EV sector. This alliance, which combines over 8 million vehicles in sales, will likely focus on cost reduction, increased innovation, and market share recovery, especially in the U.S. and China. The partnership reflects a broader trend of automakers seeking collaboration to cope with rapid technological advancements and market shifts toward electric and autonomous vehicles.
FROM THE MEDIA: Mitsubishi Motors is set to join the strategic alliance between Honda Motor and Nissan Motor, forming a powerful collaboration with combined sales exceeding 8 million vehicles, as reported by Nikkei. This move aims to standardize in-vehicle software and enhance competitiveness in the burgeoning EV market. Currently, Mitsubishi Motors is 34% owned by Nissan and is already part of an alliance with Nissan and France's Renault. This additional partnership with Honda and Nissan signifies an effort to streamline operations and cut costs in response to increasing competition from major EV players like China's BYD and Tesla.
READ THE STORY: Reuters
AI Firms Face Data Scarcity as They Deplete Internet Resources
Bottom Line Up Front (BLUF): Artificial intelligence (AI) companies are rapidly depleting the vast amounts of data available on the internet, leading to concerns about how they will continue to train and improve AI models in the future. Innovative strategies are needed to generate new data sources to sustain AI development.
Analyst Comments: The reliance on internet data for AI training has been a cornerstone of advancements in AI technologies. However, as companies exhaust readily available data, the challenge shifts towards finding or creating new, high-quality datasets. This issue highlights the need for sustainable data practices and may drive the development of synthetic data generation, collaboration with data-rich sectors, and improved data-sharing frameworks.
FROM THE MEDIA: AI research has historically benefited from the abundance of data on the internet. In 2006, Fei-Fei Li, then at the University of Illinois and now at Stanford University, pioneered the use of internet images to create ImageNet, a significant AI training resource. ImageNet demonstrated the power of large datasets in advancing AI capabilities, as it assembled millions of images to represent thousands of object categories. Today, AI firms face a looming crisis: the vast reservoir of internet data is running low. The practice of "mining the net" for AI training data has led to concerns about the sustainability of this approach. With the increasing sophistication of AI models, the demand for extensive and diverse data has skyrocketed, putting pressure on existing data sources.
READ THE STORY: The Economist
The Impact of Age Verification Laws on Internet Freedom
Bottom Line Up Front (BLUF): New age verification laws in the U.S. and other regions, primarily aimed at restricting access to pornography, could have far-reaching consequences on internet usage and digital privacy. Critics argue these measures may push users towards riskier online environments and erode online anonymity.
Analyst Comments: The introduction of age verification laws for accessing online pornography and potentially other digital content marks a significant shift in internet regulation. While proponents view it as a necessary step to protect minors, opponents warn of increased state and corporate surveillance, potential censorship, and a chilling effect on free speech. The implementation of these laws, coupled with ongoing legal and political debates, underscores the growing tension between digital safety and privacy rights.
FROM THE MEDIA: Recent laws in several U.S. states, such as Texas, Arkansas, and Virginia, mandate age verification for accessing pornographic websites, leading platforms like Pornhub to block users in those regions. These measures aim to shield children from potentially harmful content but have sparked significant controversy. Proponents, like Terry Schilling from the American Principles Project, liken these checks to age verification for purchasing cigarettes, asserting it's a straightforward approach to limit children's exposure to explicit material. They argue it’s a necessary move to safeguard youth from content that could normalize aggressive sexual behaviors.
READ THE STORY: BBC
Items of interest
The Evolving Role of Robots.txt in the Age of AI
Bottom Line Up Front (BLUF): Robots.txt, the longstanding protocol for managing web crawler access, is struggling to keep up as AI companies increasingly exploit web data for training models, threatening the foundational social contract of the internet.
Analyst Comments: The robots.txt file has been a critical tool for managing web crawler behavior, enabling a cooperative internet ecosystem. However, the rise of AI and the increasing value of data have disrupted this balance. AI companies, eager for training data, often disregard the intentions behind robots.txt, leading to a sense of exploitation among content creators and website owners. This evolution underscores the need for updated and enforceable standards to protect data ownership and maintain the integrity of web content usage. The ongoing tension between openness and control on the web could shape the future of Internet governance and data privacy.
FROM THE MEDIA: For decades, robots.txt has been a cornerstone of web management, allowing site owners to specify which web crawlers can access their content. This protocol, a product of early Internet collaboration, ensured mutual respect among web entities. However, the explosion of AI and its insatiable demand for data have strained this agreement. AI companies now utilize web crawlers extensively to gather training data, often without proper acknowledgment or permission from content owners. This shift has led to widespread pushback from publishers and platforms who feel exploited. Despite efforts by some companies like OpenAI to be transparent and compliant, the decentralized and voluntary nature of robots.txt leaves it vulnerable. As the AI landscape evolves, there is a growing call for more robust, legally enforceable measures to govern web crawling and data usage.
READ THE STORY: The Verge
Operation Clairvoyance: How APT Groups Spy on the Media Industry (Video)
FROM THE MEDIA: Cyber espionage actors have demonstrated great interest in the media industry. These actors seem to like to see Taiwan's daily activities through the "eyes" of these media companies and journalists. During Taiwan's intense 2022, we saw more and more Advanced Persistent Threat (APT) groups infiltrate Taiwan's media industry. In our observation, the media has become the first non-government target of those APT groups.
What Is Robots.txt (Video)
FROM THE MEDIA: Find out what is robots.txt and how it can benefit your site’s SEO.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.