At a glance.
- Blue-checked hoax riles markets, briefly.
- China's Volt Typhoon snoops into US infrastructure (China says it's US disinformation).
- Drawing a big Z with spoofed geolocations.
- TikTok soldiers and milbloggers.
- Russian hacktivists conduct DDoS attacks against Polish news outlets.
Blue-checked hoax riles markets, briefly.
Hoaxed, AI-generated, images purporting to show an explosion at the Pentagon were distributed by blue-checked Twitter accounts on May 22nd. The imposture started with a blue-checked impostor account misrepresenting itself as belonging to Bloomberg (which had nothing to do with either the account or the hoax). The real Bloomberg described what happened. "Just past 10 a.m. New York time, when the photo was circulating, the S&P 500 declined by about 0.3% to a session low. As news emerged that the image was a hoax, the index quickly rebounded," Bloomberg explained. "The fake photo, which first appeared on Facebook, showed a large plume of smoke that a Facebook user claimed was near the US military headquarters in Virginia." At that point "virality" took over, abetted by bad intentions, a will to believe, or the urge to chatter that drives gossip. "It soon spread on Twitter accounts that reach millions of followers, including the Russian state-controlled news network RT and the financial news site ZeroHedge, a participant in the social-media company’s new Twitter Blue verification system."
The hoax was quickly debunked, both by the online marketplace of ideas and by such official sources as the Arlington, Virginia, Fire and EMS Department. AFP has a good review of how easily fact-checked and exposed the fraud was. But the speed with which it spread, and the fleeting but discernible effect it had on the stock market, suggest that a warning of the malign potential of AI the US Securities and Exchange Commission issued earlier this month wasn't unfounded.
BleepingComputer writes, "While Twitter has now suspended the fake Bloomberg account, this highlights the dangers behind its pay-to-be-verified system, allowing any account to be verified by paying for a blue check which, for many, implies it can be trusted."
BoozAllenHamilton has published a call for study of ways in which sophisticated, AI-generated disinformation might be anticipated, prebunked, detected, and debunked.
China's Volt Typhoon snoops into US infrastructure (China says it's US disinformation).
A joint advisory from all Five Eyes (Australia, Canada, New Zealand, the United Kingdom, and the United States) reports a major Chinese cyberespionage operation that's succeeded in penetrating a range of US critical infrastructure sectors. Microsoft, in its own report on Volt Typhoon, as the threat activity is being called, says the group has been active since at least the middle of 2021. The targets of the spying have extended to the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
Much of Volt Typhoon's activity has been directed against Guam, a US Territory in the Western Pacific that hosts important US military bases. Those bases would be important to any US intervention on behalf of Taiwan, should China decide to take a page from Russia's geopolitical playbook and invade what it regards as a renegade province. For its part China dismisses the reports as a coordinated American disinformation campaign, and denies that it's engaged in any of the activities the Five Eyes and Microsoft associate with Volt Typhoon.
Wartime puerility (case #1): drawing a big Z with spoofed geolocations.
The UK's Ministry of Defence this morning pointed out a geolocation-spoofing stunt. Russian operators have been spoofing commercial ships' Automatic Detection System data to draw a big "Z" (emblem of patriotic support for Russia's invasion of Ukraine) virtually across the Black Sea. It's childish and represents no serious attempt at fooling anyone about ship movements (some of the ships being spoofed are represented as traveling at speeds of up to 103 knots). It's large scale virtual graffiti that's unlikely to persuade anyone to Russia's side, a stunt on a par with pilots drawing naughty images with fighter contrails. (It's also a hazard to navigation.)
Wartime puerility (case #2): TikTok soldiers and milbloggers.
The UK's Ministry of Defence assessed this week that Russian forces fought partisans within Russia proper over last weekend and into yesterday. "Russia will almost certainly use these incidents to support the official narrative that it is the victim in the war."
As the MoD suggests, some of the most important immediate effects of the engagement will be informational, but not in a necessarily well-controlled or entirely pro-Russian way. The Institute for the Study of War writes, "The Russian information space responded with a similar degree of panic, factionalism, and incoherency as it tends to display when it experiences significant informational shocks." The speculation has been especially febrile among Russian milbloggers, many of whom see the raid as a harbinger of the long-expected, still delayed, Ukrainian spring offensive. Wagner Group capo Prigozhin used the incident to excoriate the Russian Ministry of Defense for its sclerotic, bureaucratic prosecution of the war.
The Russian online and public responses to the raid suggest that it caught official Russia on the hop. "While the majority of milbloggers responded with relatively varied concern, anxiety, and anger," the Institute for the Study of War writes, "the information space did not coalesce around one coherent response, which indicates first and foremost that the attack took Russian commentators by surprise."
There's an interesting informational dimension to some of the cross-border partisan activity. The Telegraph reports that some of the fighters who claimed to belong to the Russian Volunteer Corps and The Liberty of Russia Legion were in an area of the Belgorod Oblast where they did no actual fighting, and where their purpose seemed to be gathering social media likes as opposed to tactical objectives. Similar groups have come to be referred to elsewhere in the war as "TikTok soldiers." They seem to be aiming for nothing more than the kind of online notoriety any feckless teenager might pursue.
Russian hacktivists conduct DDoS attacks against Polish news outlets.
Polish news agencies were taken offline yesterday by distributed denial-of-service (DDoS) attacks, Cybernews reports. The Polish government attributes the actions to Russian hacktivists. Such groups are well-known to function as auxiliary cyber forces. DDoS campaigns have become a characteristic feature of Russia's hybrid war. Help Net Security, citing a study by Arelion, reviews the ways in which DDoS attacks attend geopolitical conflict.