open source and cybersecurity news

July 3, 2023

American Tech Used by Chinese to Spy on Americans; Stalkerware App Suffers Data Breach; US Cyber Command’s “Under Advisement”; Real or Fake? It’s up to you to decide

In this Episode:

Episode Transcription:

Pokie Huang:

From Sourced Network production in New York City. It’s 5:05. I’m Pokie Huang. Today is Monday, July 3rd. Here’s the full story behind today’s cyber security and opensource headlines. 

Hillary Coover: 

Hi, this is Hillary Coover. It should come as no surprise that the Chinese balloon was collecting activity-based intelligence on American citizens. Many of you might be thinking enough with the Chinese balloon story, but did you know it was fitted with American technology?

After analyzing the debris, US government investigators discovered tons of commercially available gear, crammed with specialized sensors and other equipment to collect photos, videos, and other information to transmit to China. It doesn’t seem like during the eight day trip above Alaska, Canada and the US that the balloon was successful in transmitting any data, but the fact that it was using American made technology is an interesting discovery. 

Washington has been strongly discouraged by China to release any information about the findings, so we may not discover exactly what commercial off-the-shelf items were crammed together, or whether some of these items were restricted items that found their way into the Chinese government’s hands.

In either case, it is a good reminder for technology companies to secure their supply chains, especially in the case of restricted items that can be used for surveillance purposes for our adversaries.

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

It’s bad enough when apps you use suffers a data breach. It’s worse when apps you didn’t know you have gets breached. Android stalkerware app, LetMeSpy, had suffered a data breach resulting from a security incident on June 21st. 

The app is used to spy or stalk on others and comes in either a free or paid version.

The user would install it on someone else’s Android phone, such as a partner, relative, or employee. The app hides itself from view and collects information such as text messages, call logs, and geolocation. All that information along with the email address, IP address, and payment log for those who sought out the software had been breached.

The company disabled all account related functions of the website once the incident was discovered. Those functions will be restored once the vulnerability exploited by the hacker has been removed. The company also said that they have informed the police and data protection watchdog about the privacy breach.

LetMeSpy has around 10,000 Android phones registered for the stalkerware and the app seems to only work for Android 4 to 7.

Katy Craig: 

US Cyber Command’s team of tech savvy military and civilian experts known as “Under Advisement”, is set to double in size over the next year. Currently comprising a dozen members, the team will expand to two dozen in enhancing their collaboration with private industry partners. 

This is Katie Craig in San Diego, California.

Under Advisement serves as a critical link between Cyber Command and companies, using platforms like Slack and Microsoft Teams to communicate daily about digital threats. Their partnership has already proven successful as shown during incidents like the Colonial Pipeline ransomware attack, and the Hafnium cyber espionage campaign linked to China.

By sharing information and improving defense planning, the program has evolved to match the pace of industry and produce operational results for both sectors. 

Under Advisement’s role complements the Cybersecurity and Infrastructure Security Agencies Joint Cyber Defense Collaborative, focusing on imposing costs on adversaries globally.

The expansion of Under Advisement will strengthen the collaboration between the public and private sectors, enhancing the country’s cybersecurity defenses. With this growth, the team will continue to serve as the canary in the coal mine, providing valuable insights and support to industry partners while benefiting from their expertise.

The cybersecurity landscape requires robust cooperation and Under Advisement’s success story sets an example for future partnerships. 

This is Katie Craig, stay safe out there.

Mark Miller: 

Last week in an article in the New York Times, and I’ll put a link in the resources section for you, evaluated the accuracy of a set of five AI detection tools for evaluating images. For the test case, 100 images real and fake, were used. In the best case scenario, 20% incorrectly identified whether an image was AI generated or not. In the worst case, all evaluation engines were incorrect. 

This is Mark Miller reporting from New York City. 

It is good to know that some companies are creating tools that identify fake from real. This is going to be essential when it comes to reputable mass media reporting, but on social media where anyone can put up anything they like, this is already becoming a problem. 

Take for example the image of Elon Musk in an embrace and kissing a robot whose face looks like Olivia Wilde while her body from the shoulders down is a robot right out of Ex Machina. This image was created using Midjourney by Guerrero Art. 40% of the evaluations marked this as a real photo. 

What’s the solution here? Social media platforms must begin immediately to incorporate, maintain, and continually upgrade their image detection algorithm so that this kind of manipulation doesn’t reach viral status

In one way, it’s already too late. The spread of image disinformation has started in political campaigns as displayed by the Ron DeSantis campaign use of fake images of Donald Trump hugging Anthony Fauci. 

While social media platforms and mass media outlets might choose to more closely evaluate what is being sent to them, this won’t help when it comes to disinformation sent through email and privately managed social media platforms. It’s a real dilemma. 

People will believe what they want to believe. That’s where we stand today. Moon landing’s faked? That tripe has been going around since 1969. I actually know people who believe it. Every conspiracy group will now have the tools to prove their case. 

Unless AI image evaluation engines become more accurate very soon and image creation engines watermark images created with AI, there’s going to be no way other than common sense to determine what is real and what is fake. 

With most of us living in our own echo chamber, even that won’t make a difference. 

Pokie Huang:

That’s our updates for today. July 3rd. I’m Pokie Huang. We’ll be back tomorrow… at 5:05. 



Leave the first comment