Unparalleled disinfo amplifies Israel-Gaza battle

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Oct 10, 2023 View in browser   By Joseph Gedeon With help from Maggie Miller, Antoaneta Roussi and Clothilde Goujard Driving the day — Social media platforms are struggling to keep up with the deluge of disinformation stemming from Hamas’ attack on Israel, which has now gone so unchecked experts fear it could worsen the violence. HAPPY TUESDAY, and welcome to MORNING CYBERSECURITY! Spooky season is upon us, and since I don’t dress up for Halloween, I decided to get my dog a costume. And you can’t tell me that a “hot dog” dog is too corny. Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in. Today's Agenda James Andrew Lewis, director for the Center for Strategic and International Studies’ strategic technologies program, is joining the Hudson Center’s director for the economics of the internet, Harold Furchtgott-Roth, for a conversation on the importance of spectrum availability for American security. Noon. Director of Madison Intelligence Mexico Jorge Tello Peon is joining CSIS for virtual discussion on managing geopolitical risk in Mexico's ICT sector, focusing on risks posed by Chinese information firms in Latin America. Noon.   Enter the “room where it happens”, where global power players shape policy and politics, with Power Play. POLITICO’s brand-new podcast will host conversations with the leaders and power players shaping the biggest ideas and driving the global conversations, moderated by award-winning journalist Anne McElvoy. Sign up today to be notified of new episodes – click here.     Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories. Cyber Warfare DISINFORMATION UNCHAINED — It’s a new chapter in the Israeli-Palestinian conflict, and what’s happening on the ground and in the skies is only being fanned by an unprecedented level of disinformation online — which has grown so rampant that cyber experts fear could worsen the violence. “We’ve identified millions of pieces of content flying back and forth,” Dan Brahmy, the CEO for the Tel Aviv-based social media threat intelligence company Cyabra, tells MC. “This is probably one of the first times I can tell you that it’s not just the quality — but it’s actually the quantity. It’s about three or four times bigger than we’ve ever seen.” — Context: There is an enormous amount of unverifiable content flying across messaging apps and social media, but it’s particularly stark with X — where experts say there has been little to prevent the social media storm. It includes old footage from other wars, footage from video games and misinformation about how the operation came to be and who is involved. It also includes a now-deleted tweet from Elon Musk, posting accounts to follow that are famous for their spread of fake news to his millions of followers. The amount of questionable content and the speed at which it is coming far outpaces efforts to verify the information, the Atlantic Council’s Digital Forensic Research Lab’s Middle East fellow Dina Sadek tells MC. “There is an overwhelming amount of content circulating on social media platforms and messaging apps at the moment,” Sadek said in an email. “The situation is still developing to determine the patterns, and misinformation and disinformation content is widespread amid a lot of confusion.” X did not respond to a request for comment. — Bot talk: According to an analysis of bot soldiers by Cyabra — which had been previously hired by Musk during his legal battle for the X platform last year — more than 20 percent of social media accounts in the conversation are fake, and they mostly operate on X and TikTok. When asked how X has been dealing with the scourge of disinformation, Brahmy says he hasn’t seen a decrease in the amount of disinformation — an indication that its efforts to stop it aren’t powerful enough. — Watch your pockets: It may not be just to create confusion, but also a tactic to extract information using phishing techniques in the midst of the chaos. Brahmy tells MC that Hamas-linked social accounts are being created for the purpose of gathering sensitive details from Israeli victims. “[People] become targets from a cybersecurity standpoint,” Brahmy said. “And it’s working as effectively as it can.” — Fog of war: Despite the hype, a major cyber disruption or destructive attack has not yet occurred — and claims online to the contrary may just be another example of disinformation. “We have not seen any evidence of Israel or Hamas using cyberattacks to augment the current situation on the ground,” threat intelligence analyst Alexander Leslie at Recorded Future tells Maggie. “The overwhelming majority of attacks claimed by hacktivist groups are false, misleading, or exaggerated in impact, with the goal of sowing fear, uncertainty, and doubt among observers.” When asked if Iran can be identified as being involved in the attacks, a State Department spokesperson tells MC “it’s too early to say,” adding that it is “actively monitoring any malign foreign state and non-state disinformation,” especially from Iran and Russia.   — Meanwhile: Israel, which imposes a land, air and sea blockade of the Gaza Strip with Egypt, plans to turn off the electricity in Gaza as part of its declared siege — which could also severely alter the cyber landscape. “Disinformation and propaganda are the nerves of cyber warfare,” said Mona Shtaya, a Ramallah-based non-resident fellow at the Tahrir Institute for Middle East Policy. “Israel deliberately cuts off electricity and shuts down the Internet every time it attacks the Gaza Strip in order to control the narrative.” HACK TIMELINE — Before Hamas launched rockets into Israel on Saturday morning, Iran-aligned hacking group Cyber Av3ngers claimed it had hit Noga, an independent infrastructure contractor of Israel’s National Electricity Authority, the group wrote on its Telegram channel. Here’s how it played out Saturday: — At 7:33 a.m.: The pro-Russian group Anonymous Sudan launched a distributed denial-of-service attack against Israel’s Red Alert app, which provides real-time rocket alerts to citizens. Meanwhile, a pro-Palestinian hacktivist group, AnonGhost, said it had tampered with the app’s messages, including by sending out a fake message about a nuclear bomb threat to several users. — At 6:54 p.m.: The Jerusalem Post’s English-language news site was taken down by Anonymous Sudan, which claimed it had deleted all articles as well. “We are actively addressing the situation and will be back soon, continuing to serve as your top source of information on Operation Swords of Iron and the violent attacks by Hamas,” the Jerusalem Post said on X. — 7:10 p.m.: Cyber Av3ngers claimed to have completely taken offline the Israeli Electric Corporation. The IEC’s site was still down after MC was readied Monday night. — By 8:41 p.m.: Anonymous Sudan wrote on its Telegram channel that it was targeting “critical endpoints in the alert systems of Israel, which may affect the Iron Dome” — the rocket air-defense system that protects major cities. Cyber Diplomacy INCOMING AI REGULATIONS — Leaders of the G7 have commit to a set of guiding principles for AI development and use, and the U.S. is expected to release an executive order on it "relatively soon," U.S. ambassador-at-large for cyber and digital policy Nate Fick told POLITICO’s Clothilde Goujard in an interview on Monday. America’s top cyber diplomat, in Japan for this week’s annual Internet Governance Forum, added that the EO is the "longest, most exhaustive and inclusive executive order I've ever seen." — How soon, you ask?: “We’re talking about this calendar year,” Fick said. The EO is expected to bring specific guidance on how the government will develop and use the rapidly-developing tech, which so far has piqued serious interest in Washington for its potential despite some cyber concerns — which include breaching systems for data and adversarial attacks. — Next steps: But first, they’ll be circulating those guiding principles in the coming “days and weeks ahead” with the goal of codifying them for AI developers and for G7 countries to sign, Fick said. G7 digital ministers will meet again in November. An outline of the 11 goals was presented at the U.N. Internet Governance Forum. They include pushing AI companies to take measures to limit misuse, identifying vulnerabilities (including through external tests known as red-teaming) and investing in cybersecurity.   GO INSIDE THE CAPITOL DOME: From the outset, POLITICO has been your eyes and ears on Capitol Hill, providing the most thorough Congress coverage — from political characters and emerging leaders to leadership squabbles and policy nuggets during committee markups and hearings. We're stepping up our game to ensure you’re fully informed on every key detail inside the Capitol Dome, all day, every day. Start your day with Playbook AM, refuel at midday with our Playbook PM halftime report and enrich your evening discussions with Huddle. Plus, stay updated with real-time buzz all day through our brand new Inside Congress Live feature. Learn more and subscribe here.     On the Hill COMING TO A PHONE NEAR YOU — Vietnamese government agents tried to hack the phones of American lawmakers with spyware while negotiating a cooperation agreement with the U.S. intended to counter growing Chinese influence in the region by posting links in the X comment section that would re-route to malicious websites. The clumsy attempt to lure in legislators, documented in the latest report Monday in the “Predator Files” investigation by over a dozen media outlets globally, targeted some of the Hill’s preeminent foreign policy buffs — Sens. Chris Murphy (D-Conn.), Gary Peters (D-Mich.) and John Hoeven (R-N.D.), and Rep. Michael McCaul (R-Texas). It’s unclear how serious the targeting operation had been. Hoeven, for example, might not have been the intended target in his case, since the link was in a response to a post from Taiwanese President Tsai Ing-wen. — The global context: The agreement that centered the attack was signed by President Joe Biden in September during a visit to Vietnam, and was seen as a major step forward in relations between the two countries. But the hacking attempts raise serious questions about Vietnam's commitment to the deal, which includes investments in semiconductors and collaborating on cyberthreats and AI technologies. — Who reads the comments anyways?: An aide with Murphy’s office tells MC they were made aware of the attempt by Google, and “to the best of our knowledge, no one in Sen. Murphy’s office clicked the link.” McCaul’s office tells MC it’s “highly unlikely” the Congressman or his staff who run his accounts would have clicked on the link. Industry Intel FIRST IN MC — A Tuesday report by The Software Alliance first obtained by Morning Cyber is urging policymakers worldwide to find ways to encourage AI adoption, arguing that the new tech is a powerful tool to counter bad guys increasingly using heavy-handed tactics to break into networks. To move the needle on AI, the BSA suggests focusing regulation on “high-risk AI,” promoting the tech as a key tool for cyber defense and innovation, and protecting data transfers – which it says helps detect malicious behavior. Members of the BSA include Microsoft, Adobe, Amazon Web Services, Cisco and other software companies around the globe. Tweet of the Day Turns out we weren’t the only ones to notice. Quick Bytes SURVEILLANCE FAIL — Israel's inability to stop the surprise Hamas attack shows the limits of even the most advanced and invasive surveillance dragnets. Experts say the sheer quantity of intelligence that Israel collects on Hamas may have played a role in obscuring plans for this particular attack, report Wired’s Matt Burgess and Lily Hay Newman. 404 FOR REAL — A new Magecart campaign hijacks online retailers' 404 error pages to steal credit card information from customers, writes Bill Toulas with Bleeping Computer. STOP THE STEAL — A massive data breach at 23andMe compromised the genetic data of nearly 1 million Ashkenazi Jewish users, likely through credential stuffing, raising questions about the cybersecurity of tech companies who could have prevented it. Get the details from The Messenger’s Eric Geller. Chat soon.  Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com; Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).   Follow us on Twitter Heidi Vogt @HeidiVogt Maggie Miller @magmill95 John Sakellariadis @johnnysaks130 Joseph Gedeon @JGedeon1   Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings This email was sent to salenamartine360.news1@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA Please click here and follow the steps to unsubscribe.