Book review: The Influencers

Posted on by
Reply

This novel by Anna-Marie McLemore takes a popular movement, that of social media influencer, and wraps a murder mystery around it. Actually, a family of influencers not unlike that infamous LA clan. The family has a bunch of siblings with month names to keep things either interesting or confusing. We quickly learn that the multiple narrators have strikingly different takes on the murder, their roles in the social media pecking order, and whether they deserve all the attention or not from their digital fans. One daughter has grown to hate her “highly-curated, affiliate-linked life” and tired of being as glam as possible even if just running out for a few groceries. The family matriarch led the assent into influencer-land, making millions off of her product recommendations and fancy lifestyle. But the attraction of always being on camera and in front of an audience of admirers eventually cools and there is trouble in paradise. Solving the murder — and hearing various whodunnit theories — occupies most of the book’s back-and-forth conflict amongst the family members, and whether the murder is an asset or a liability in each person’s brand identity. I initially liked the initial setup and the personalities of the family, but like them I eventually got tired of trying to keep all the month-names straight.

CSOonline: Agentic AI is both boon and bane for security pros

Posted on by
Reply

AI agents are predicted to reduce time to exploit by half in two years, here is what you need to know to figure out if your business need agentic AI and how to find the right one. Agentic AI has proved to be a huge force multiplier and productivity boon. But while powerful, agentic AI isn’t dependable, and that is the conundrum. In this post for CSOonline, I describe some of the issues and make some recommendations for how to safely and productively deploy this tech.

 

A new type of disinformation campaign based on LLM grooming

Posted on by
1

Most of us are familiar with the Russian state-sponsored Internet Research Agency. The group has been featured in numerous fictional spy movies and is responsible for massive misinformation campaigns that center around weaponizing political social media posts.

But the Russian misinformation network is branching out into the world of AI, specifically around poisoning or grooming the training models used by western AI chatbots. A recent report by NewsGuard documents this latest insidious move. 

Called Pravda — not to be confused with the print propaganda cold war “newspaper” of the former Soviet Union — it targets these chatbots by flooding search results and web crawlers, It doesn’t generate any original content. Instead, it aggregates a variety of Russian propaganda and creates millions of posts of false claims and other news-like items. The Pravda network serves as a central hub to overwhelm the model training space. As a result, many of the most popular chatbots reference these fictions a third of the time in their replies. In effect, they have turned chatbots into misinformation laundering machines. “All 10 of the chatbots repeated disinformation from the Pravda network, and seven chatbots even directly cited specific articles from Pravda as their sources,” Many of the responses found by their researchers included direct links to the Pravda-based stories, and in many cases, the AI citations don’t distinguish between reliable and unreliable sources.

What is curious about the Pravda network is that it isn’t concerned with influencing organic ordinary searches. Its component domains have few if any visitors of its websites or users on Telegram or other social media channels. Instead, its focus is on saturating search results from automated content scanners, such as would happen with AI training models. On average, the network posts more than 10,000 pieces of daily content.

Researchers at the American Sunlight Project call this LLM grooming and go into further details on how this works and why the Pravda network isn’t designed around human content consumption or any interaction. They show how Pravda makes extensive use of machine translation of its content into numerous languages, which post awkwardly worded pages. “The top objective of the network appears to be duplicating as much pro-Russia content as widely as possible,” they wrote.

The NewsGuard researchers examined 10 leading large-language model chatbots: OpenAI’s ChatGPT-4, You.com’s Smart Assistant, xAI’s Grok, Inflection’s Pi, Mistral’s le Chat, Microsoft’s Copilot, Meta AI, Anthropic’s Claude, Google’s Gemini, and PerplexityAI.

NewsGuard has been around for several years now and provides various auditing and transparency services. They found Pravda uses more than 150 different domains spreading more than 200 false claims in more than 40 languages, such as describing Zelensky’s personal fortune and how the U.S. operated secret bioweapons labs in Ukraine, just to pick two. The company, founded by Court TV’s Steven Brill and former Wall Street Journal publisher Gordon Crovitz, began tracking AI-based misinformation last summer. The American Sunlight Project is run by Nina Jankowicz, who has held fellowships at the Wilson Center and other NGOs as well as working for a Homeland Security disinformation board during the Biden years.

The risks are high: “There are few apparent guardrails that major companies producing generative AI platforms have deployed to prevent propaganda or disinformation from entering their training datasets,” writes the Sunlight team. And as this data is flooded with garbage, it will get harder for AI models to distinguish genuine human interaction in the future.

Personal cyber insurance may be a good idea but has issues

Posted on by
1

A few weeks’ back, I wrote about a friend of mine that I called Jane who had suffered from a phishing attack that led towards her losing more than $30,000 in a pig butchering scheme. She called me last week and stopped by to show me that thanks to her homeowners’ insurance policy, she was able to be reimbursed for $25,000 in losses. This is because of an endorsement that included personal cyber insurance. This is the first time that I have ever heard of such coverage, so naturally I wanted to take a deeper dive.

Probably the best starting point is this 2023 Nerdwallet blog, which also helpfully links to the various insurers. It shows you the numerous perils that could be covered by any policy and makes a point that this insurance can’t cover things that happened before the policy is in force. Another good source is this 2023 blog in Forbes. If scroll down past the come-on links, you will see the perils listed and some other insurers mentioned.

This complexity is both good and bad for consumers who are trying to figure out whether to purchase any cyber insurance. It is good because the insurers recognize that cyber is not just a category like insuring a fur coat, or some other physical item. If your washing machine springs a leak and you have coverage for water damage — something that happened to me a few years ago — it is nice to be insured and be reimbursed. Whether you get the level of reimbursement that will enable you to rip out your floors, replace it with something of approximate value, and get your expenses of having to move your stuff and live in a hotel for a couple of weeks is up to the insurer. And whether your claim will eventually trigger your insurer to drop you, and place you on a block list for the next five years is another story. But you can still purchase coverage and the coverage is — for the most part– well defined.

But cyber insurance is not well defined, because of all these various categories of perils can spill over. If your computer is infected with malware and the attackers ultimately get access to your bank accounts, how do you prove that causality to the satisfaction of the insurer? What happens if you are faced with a demand to pay a ransom to get access to your data? Or if you think you are sending funds to help a family member or co-worker in distress that turns out to be a criminal? Many of the problems happen at that hairy intersection between technology and human error.

Before you go any further down this path, I want to take a moment and describe an entirely different approach. What if the financial vendors took a more pro-active role in stopping cyber fraud? It is happening, albeit slowly and under certain specific situations.

One such example is Coinbase, who wrote about what they are doing in a February blog here. The post presents a series of situations where social engineering played a role in a particular fraudulent scheme. “Coinbase will never make an unsolicited phone call to a customer. Anyone who calls you indicating that they are from Coinbase and wants you to move assets is a scammer. Hang up the phone!” There are other recommendations that span the technical spectrum such as using better authentication factors and rotating API keys. As you may or may not know, Coinbase is deeply involved in crypto transactions, so this is a natural fit.

Contrast this with Bank of America, just to choose someone at random. If you know where to look, you can review five red flags used by scammers, including being contacted by someone unexpectedly, being pressured to act immediately, pay in an unusual way or asked for personal information. Unfortunately, they only allow you to specific two hardware security keys, which seems to go against best security practices.

And this is why we are in the state of affairs with scammers today. Incomplete, imperfect solutions have enabled the scammers to build multi-million dollar scam factories that prey on us all the time. Just this past weekend, both my wife and I got text reminders that the balance on our EZ Pass accounts was low. There were only two problems: neither of us use or even live near anyplace we can use them, and both originated from a French phone number. Sacre bleu! This is an attack which has been around for some time but recently resurfaced.

If you have decided to purchase this type of insurance for you or your family, there are two basic paths. First is to see if you can add a cyber “endorsement” to your existing homeowners or renters policy. If this is possible, decide how much coverage you need. Many insurers have these programs, and here it pays to read the fine print and understand when coverage will kick in and when it won’t:

If you have an insurer that doesn’t have this capability, you can go with one of two specialist cyber policies. Nerdwallet summarizes these offerings by NFP (they call it Digital Shield) or Blink, a division of Chubb. USAA (my current home insurer) works with Blink for example and offered me an add-on policy for $19/month. Blink doesn’t cover fraud from malicious family members or cyberbullying by employers, a widespread cyber-attack and some other situations. From my reading of the NFP’s Digital Shield webpage, it seems like these situations are covered by their policies. However, I couldn’t get anyone from NFP to return my calls.

The bottom line? While my friend was able to benefit from her cyber policy, you might not. Visesh Gosrani, who is a UK-based cyber insurance expert, told me “The limits these policies come with are normally going to be disappointing. The reason these policies are being bundled is that in the future homeowners are expected to realize that cyber insurance is important and more open to increasing their coverage if they have already had the policy. The short-term risk is that they end up being disappointed by the policy that they had for free or very little cost.”

How one PR firm has exploited AI agents

Posted on by
Reply

AI has certainly taken plenty of mindshare as of late. 10Fold is one Bay Area PR firm which has been using it for more than 18 months to develop its own AI agents and other routines to make them more productive, provide more focused service to their mostly hi-tech clients, and analyze suggested approaches to acquire new clients. I recently spoke to Susan Thomas, their CEO.

“Our first AI app was developed out of sheet desperation.” They had an army of interns to sort through the “coverage” or press clips about their clients and competitors. “The bigger the companies we followed, the more people we needed,” she said. They did more than just count clips but go deeper to look at keywords, sentiment, and messaging used in the clips. They also examine the quality of the articles and measure their engagement.  Their agent learned how to do all of this, and saved the time of three interns in total. It was developed by an outside firm that ended up costing $80,000. “Now we don’t have to hire this army of interns to do this analysis.”

They ultimately paid for licenses for ChatGPT. These, along with Gemini, proved their utility in what she calls the “discovery phase,” when they are approached by a prospective client. The manual process would take two or more hours; the chatbots took seconds. They would get all sorts of intel, such as venture funding, how many employees, where their offices were located, key analyst relationships and media coverage. “We also figured out how to find the prospect’s current PR agency, another long slog that was reduced to a few seconds,” she said.

When they first began using chatbots, they got some immediate benefit but it still took a series of eight or more separate prompts to do all of this research. Now they have an agent that consolidates this all together.

They wrote another AI agent that would research whether their ideas had been already used by the prospect. This has bled into having another AI agent analyze contributed article ideas to see if they are unique.

Thomas also uses AI to review her emails, catch typos and fix any style variations. She has uploaded their corporate handbook to make it easier to query about policies without having to read through the entire document.

The net result is that the majority of her staff now is AI fluent. “AI is making our media campaigns more successful, and making our reports more interesting. We aren’t writing the same materials over and over again, and our client retention is solid.”

What is most significant is that four of these agents Thomas wrote herself, with each one taking 10 or so minutes to code up. To me this demonstrates their power, and I recall when spreadsheets were first coming into corporations back in the early 1980s. AI agents are having a similar effect.

 

Arctic shipping isn’t economical — yet

Posted on by
2

All this talk about Occupy Greenland this week got me reading this 2013 report from the US Naval Institute about the harsh realities about shipping goods across the Arctic seas. The TL;DR: shipping loads of containers across the top of the world, while shorter in distance than sending it through Panama and Suez — isn’t necessarily cheaper when you do the basic math. Here is why:

First off, the problem is that the typical container ships are huge, and they come that way for a simple reason: the more they carry, the cheaper the cost per container to send it from one port to another. The smaller container ships that could be run in the Arctic are because the ice breakers aren’t as wide. There are also shallower channels that restrict the size of these ships when compared to the global routes. When you add all these factors up, a container going through the Arctic will cost more than twice as much as sending it “the long way around.”

Second, the Arctic isn’t ice-free year round. In actuality, even with global warming, routes are ice-free for only a third of the year, and sometimes less. On top of this, weather conditions can change quickly. Global shipping depends on tight schedules. These also involve making several stops along the way to supply just-in-time manufacturing systems, and spreading the costs of shipping across the route. A typical 40-some-day trip from the eastern US to Asia route is shared by a series of six ships making regular stops. This is called the network effect. Going across the Arctic would not have as many intermediate stops.

But what about other kinds of shipping, such as minerals or energy products that come from Arctic sources? It is possible, but still depends on all sorts of infrastructure to extract and load this material — which does not exist and probably won’t for quite some time.

Finally, with or without Greenland, to send stuff across the Arctic isn’t the same as crossing the Pacific or Atlantic oceans because the connectivity is poor. A typical route has to transit a series of narrow straits that is currently claimed by Russia, with high fees to move through these straits.

“Arctic routes do not now offer an attractive alternative to the more traditional maritime avenues, and are highly unlikely to do so in the future,” the report concludes. And while things have changed somewhat since this report was written, the factors cited above are still valid.

Book review: Saltwater by Katy Hays

Posted on by
Reply

This is a murder mystery in reverse: you know who died but don’t know the circumstances. Over the course of the plot, you find out more about the situation from various family members’ points of view. Normally, I find this structure annoying but it works for this novel. By the end of the book, you aren’t even certain who did what to whom. The action takes place mostly around Capri on the Italian coast in some pretty fancy digs, and the family members are all scions of wealth, or so it seems. I liked how things were tied up by the end which I can’t go into more details, the characters were all fascinating studies of family dysfunction and seemed very realistically drawn. Highly recommended.

CSOonline: Attack time frames are shrinking rapidly

Posted on by
Reply

Times are tough for cyber pros, quite literally. Two common malware time scale metrics — dwell time and time to exploit — are rapidly shortening, making it harder for defenders to find and neutralize threats. With attackers spending far less time hidden in systems, organizations must break down security silos and increase cross-tool integration to accelerate detection and response. I explain the reasons why these two metrics are shortening and what security managers can do to keep up with the bad guys in my latest post for CSOonline.

Beware of evil twin misinformation websites

Posted on by
Reply

Among the confusion over whether the US government is actively working to prevent Russian cyberthreats comes a new present from the folks that brought you the Doppelganger attacks of last year. There are at least two criminal gangs involved, Struktura and Social Design Agency. As you might guess, these have Russian state-sponsored origins. Sadly, they are back in business, after being brought down by the US DoJ last year, back when we were more clear-headed about stopping Russian cybercriminals.

Doppelganger got its name because the attack combines a collection of tools to fool visitors into thinking they are browsing the legit website when they are looking at a malware-laced trap. These tools include cybersquatting domain names (names that are close replicas of the real websites) and using various cloaking services to post on discussion boards along with bot-net driven social media profiles, AI-generated videos and paid banner ads to amplify their content and reach. The targets are news-oriented sites and the goal is to gain your trust and steal your money and identity. A side bonus is that they spread a variety of pro-Russian misinformation along the way.

Despite the fall 2024 takedowns, the group is once again active, this time after hiring a bunch of foreign speakers in several languages, including French, German, Polish, and Hebrew. DFRLab has this report about these activities.They show a screencap of a typical post, which often have four images with captions as their page style:

These pages are quickly generated. The researchers found sites with hundreds of them created within a few minutes, along with appending popular hashtags to amplify their reach. They found millions of views across various TikTok accounts, for example. “During our sampling period, we documented 9,184 [Twitter] accounts that posted 10,066 of these posts. Many of these accounts were banned soon after they began posting, but the campaign consistently replaces them with new accounts.” Therein lies the challenge: this group is very good at keeping up with the blockers.

The EU has been tracking Doppleganger but hasn’t yet updated its otherwise excellent page here with these latest multi-lingual developments.

The Doppelganger group’s fraud pattern is a bit different from other misinformation campaigns that I have written about previously, such as fake hyperlocal news sites that are primarily aimed at ad click fraud. My 2020 column for Avast has tips on how you can spot these fakers. And remember back in the day when  Facebook actually cared about “inauthentic behavior”? One of Meta’s reports found these campaigns linked to Wagner group, Russia’s no-longer favorite mercenaries.

It seems so quaint viewed in today’s light, where the job of content moderator — and apparently government cyber defenders — have gone the way of the digital dustbin.

Red Cross: Helping victims of an apartment fire in Little Rock on New Year’s Eve

Posted on by
Reply

The afternoon of the last day of 2024 saw a fire break out in the Midtown Park apartment building in Little Rock. And while confined to a single seven-story building, this like so many other fire incidents show the powerful role that the American Red Cross continues to play. Certainly, the fires surrounding Los Angeles continue to gather news attention, but this one building is a microcosm of how the Red Cross can focus on the various resources to help people move on with their lives and get the needed assistance.

The building had 127 occupied apartments: eleven residents were taken to the hospital for treatment, four of whom had critical injuries. Sadly, there was one fatality. The Red Cross was quickly on the scene, establishing a shelter at a nearby church with more than 40 volunteer nurses. You can read more on the Red Cross blog about what happened.