In today’s episode, we delve into the findings of a recent investigation conducted by Insikt Group on an influence network known as CopyCop, likely operated from Russia and aligned with the Russian government. This network extensively employs generative AI to create and disseminate political content aimed at specific audiences, focusing on divisive issues and undermining Western governments. The episode also highlights the challenges posed by CopyCop’s AI-generated disinformation content and the broader implications on election defense strategies and the risks posed to media organizations. Check out the detailed technical analysis and insightful recommendations shared in the episode links: Recorded Future Analysis, AT&T Microsoft 365 Delay, and IoT Device Security Regulations.
00:00 Intro
01:02 Unveiling CopyCop: Russia’s AI-Driven Disinformation Campaign
03:43 The Spam Wave: AT&T and Microsoft 365’s Email Blockade
05:51 The IoT Security Challenge: Navigating New Regulations
Search Phrases:
- AI-generated disinformation threats
- Addressing CopyCop network disinformation
- Protecting content against AI plagiarism
- Impact of Russian-operated networks on disinformation
- AT&T email delivery delay issues
- Microsoft 365 email spam wave
- Gmail service disruption due to spam
- IoT security regulations compliance
- Preventing vulnerabilities in IoT devices
- Exploitation in connected products due to security flaws
A Network operated by the Russian government called CopyCop is using generative AI to plagiarize and disseminate divisive political content targeting Western audiences.
Raising concerns about AI generated disinformation and amplification by known Russian influenced actors in this the year of our election. How can private media organizations
Protect their content and reputation against this growing trend.
AT& T’s email servers are currently blocking Microsoft 365 due to a spam wave, causing significant delays in email delivery.
Who knew that spam could DDoS your email service?
And finally, IoT device manufacturers are facing increased pressure to improve security measures in compliance with new regulation standards in order to prevent exploitation and potential dangers stemming from the vulnerabilities in these connected products.
You’re listening to The Daily Decrypt.
Alright, well, you officially heard it here first, folks. Russia is meddling in our election. I know you all are surprised and you’ve never heard such an outrageous claim before, but it’s true. And now with the
use of large language models like OpenAI,
they can do a whole lot of damage, particularly in the realm of disinformation and divisive talk, so trying to get us to turn against each other. And they can do this automatically, using code, to grab articles from Reputable news sources and repost them by injecting AI generated content
to try to sway the results of the election.
So coming to you from recorded future, CopyCop utilizes generative AI to plagiarize and translate content from mainstream media outlets to create biased narratives, targeting specific audiences in the United States, the UK, and France, focusing on divisive domestic issues and supporting pro Russian viewpoints. The network is connected to disinformation outlet DC Weekly and Russian state sponsored influence actors, amplifying content to undermine Western policies and create distrust between these governments.
The network has expanded to operate a self hosted video sharing platform and a forum named Exposedum. Indicating growing ambitions AI generated content with truly human produced content. Making it even harder to spot the fake stuff.
So there is plenty of purely AI generated content out there.
But that’s not the most effective way to spread disinformation. The most effective way to spread disinformation is to take factual articles written by legitimate sources and change them a little bit.
To help spread the message you want to spread so Russia is doing just that they’re taking things that you’re reading and you’re like Oh, yeah, that’s true. I know that to be true. I know that to be true That makes sense And then you’re more likely to believe the little lies they slip in there
And so if you’ve listened to this podcast before you know my take on this but look at everything Skeptically every piece of information you read try to think about it in a way that it could be lying to you You don’t necessarily have to believe that it’s lying to you, but look at it as if it was, and what damage that would cause.
Who would benefit from that lie?
And at the very least, How could this be an over exaggeration of the truth?
And hey, once you master that skill, give me a call. We’ll probably be best friends. That’s I’m working on that really hard, but it will only go to benefit you pretty much everywhere in your life, except for around the table at Thanksgiving, your parents and your aunts and uncles are going to hate you for questioning everything they say,
so for pretty much this whole week, AT& T is experiencing delays in delivering emails from Microsoft 365. which is Microsoft’s cloud service, due to a surge in spam originating from Microsoft’s So customers have reported being unable to receive emails from Microsoft 365 addresses, specifically impacting those trying to email at att.
com, at sbcglobal. net, or at bellsouth. com. AT& T servers were refusing connections from Microsoft 365 because of a high volume of spam emails coming from their servers. So all that means is that someone who is using Microsoft’s cloud service is sending out tons of spam email to AT& T. Thus, AT& T has blocked everything from Microsoft 365.
Which is a pretty big detriment to those who use AT& T for their email. because now they can’t send emails or receive emails from anyone in Microsoft 365 cloud.
Now, Microsoft has addressed this with plans to combat spam by implementing a daily exchange online bulk email limit of 2, 000 external recipients, but that’s not starting until January of 2025.
And I’m sure that plan is going to have to be tweaked because
the company that I work for has more than 2, 000 email recipients. And like, how is that going to be affected? Maybe I guess you could email internal, but not external. I’m not sure. That’s a pretty low number for people to email each day.
But at the same time, I am also really surprised to see that Microsoft doesn’t have any external like sending limits, rate limits for its users that should at least be set at a threshold that doesn’t shut down all of AT& T, maybe a little more than 2000, but probably less than what it’s doing now. But, the point of the story is that apparently spam can DDoS your email service, and if you use AT& T, specifically one of those three domains, that might explain why you’ve been missing emails or unable to send to certain individuals.
And finally, IoT devices are coming under more and more scrutiny as they tend to be the gateway for spam. different types of attacks. They’re really easy to attack generally because they’re cheap and they’re unsupported. So whatever connectivity devices they have tend to become vulnerable and then they’re never patched.
So attackers can google what device they see in your network. And Google will literally return what they can do to infiltrate that device. And then once an attacker has infiltrated an IoT device, and in case you’re not familiar with what IoT is, it stands for Internet of Things, and it’s just the devices you get that are pretty cheap that connect to the internet.
So if you have any children’s Wi Fi
It can range from those all the way to dishwashers, to fridges, to cameras, remote control devices, etc. That’s what’s called IoT.
And once an attacker gets into an IoT, that IoT is in your network, and it can be used to pivot to other more critical assets, like your main computer, or your server that hosts all your documents, medical documents, etc.
It’s about time IOT came under the scrutiny.
And the article linked in the show notes by HelpNet Security outlines some historical timelines of how IOT devices are being more secured, such as in 2022,
NIST surveyed the state of IOT security and made a series of recommendations.
But most recently, the European Union has drafted what’s called the Cyber Resiliency Act and is set to begin rolling out in 2025. which will create new cybersecurity requirements to sell a device in the single market.
And a lot of devices that are sold in the European Union are also sold around the world, the United States, etc. So it’s going to have to abide by these regulations. Now, I wish that the country I resided in would start making these types of regulations, but at least we can piggyback off of the great things that they’re doing for data security in the European Union.
This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don’t forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.
Leave a Reply