A new report from the US State Department’s Global Engagement Center sheds light on China’s extensive investments in spreading disinformation. The report reveals that the Chinese government has invested billions of dollars to construct an information ecosystem that promotes propaganda and disinformation. The methods used by Beijing include online bot and troll armies, legal actions against critics of Chinese companies, and content-sharing agreements with Latin American and African media. The goal of these efforts is to coerce other governments into aligning with China’s objectives and sentiments.
While China has been attempting to control the information landscape for some time, these efforts have greatly expanded under the leadership of Chinese President Xi Jinping. However, the effectiveness of these campaigns has been mixed, particularly when targeting democratic countries. Local media and civil society often push back against Chinese propaganda and censorship, limiting their impact.
In other news, a cybercriminal associated with the ShinyHunters cyber gang has pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. Sebastien Raoult, a French citizen known as Sezyo Kaizen, was apprehended in Morocco last year and extradited to the US. Raoult and his co-conspirators hacked into the computers of corporate entities, stealing confidential information and customer records. They created fake login pages for legitimate businesses and used phishing emails to trick employees into providing login credentials. The stolen data was sold on the dark web, resulting in damages exceeding $6 million.
The US Department of Homeland Security recently hosted the Western Hemisphere Cyber Conference, bringing together officials from 21 nations to discuss cybersecurity challenges and identify opportunities for collaboration. The conference covered a range of topics, including cybersecurity training, vulnerability scanning, threat mitigation, public-private partnerships, cybercrime enforcement, and information sharing. Prior to the conference, trainings were provided to partner nations on topics such as Industrial Control Systems, network intrusion, and the use of cryptocurrency in criminal activities.
In June, an international government coalition released joint guidance on secure-by-design software manufacturing. This collaborative effort aims to shift the burden of cybersecurity risk away from customers to the private and public sectors. The document emphasizes the importance of security-by-design and -default approaches in software development. The US Cybersecurity and Infrastructure Security Agency (CISA) is leading efforts to promote this shift and is working with international partners to coordinate cybersecurity efforts.
The spread of misinformation remains a significant concern in the age of artificial intelligence (AI). While AI has the potential to detect phishing scams, a study by Egress, an intelligent email security firm, shows that AI detectors often fail to identify phishing emails written by chatbots. This raises concerns about the use of chatbots in cybercrime, as they can generate well-written phishing campaigns and gather public information on targets more effectively than humans. Additionally, chatbots can mimic the communication style of individuals, making it difficult to distinguish between legitimate messages and AI-generated ones.
Fact-checking websites have also faced challenges in combating the spread of disinformation. Digital disinformation campaigns have proliferated in recent years, particularly during the pandemic and elections. However, efforts to debunk falsehoods have waned, making it harder to curb the spread of misinformation. Fact-checking sites around the world are grappling with this issue and working to develop effective strategies to counter disinformation.
In conclusion, China’s investments in spreading disinformation, the guilty plea of a cybercriminal associated with the ShinyHunters gang, the Western Hemisphere Cyber Conference, joint guidance on secure-by-design software manufacturing, and concerns about AI and fact-checking highlight some of the key cybersecurity developments and challenges facing governments and organizations today.