Beijing is getting savvy on AI-boosted influence operations, research finds
Chinese government-aligned social media operations are making greater and more skillful use of imagery generated from artificial intelligence to get more clicks and shares, according to Microsoft research out this morning.
It’s part of a broader uptick in Beijing-friendly influence campaigns online over the past year that include expanding to new languages and digital venues, the company said. It coincides with Chinese hackers sharpening their focus on the South China Sea region, U.S. government entities and U.S. defense, Microsoft said.
Artificial intelligence experts have worried AI could enhance foreign influence operations (IO). Microsoft shared only one image in its report today as an explicit example of China’s embrace of the technology — a depiction of the Statue of Liberty as a “goddess of violence” that the company said was shared by “a suspected Chinese IO asset” — but said the approach has netted gains.
“Since approximately March 2023, some suspected Chinese IO assets on Western social media have begun to leverage generative artificial intelligence to create visual content,” the Microsoft report says.
“This relatively high-quality visual content has already drawn higher levels of engagement from authentic social media users,” the report reads. “These images bear the hallmarks of diffusion-powered image generation and are more eye-catching than awkward visual content in previous campaigns. Users have more frequently reposted these visuals, despite common indicators of AI-generation — for example, more than five fingers on a person’s hand.”
The company didn’t provide the precise number of accounts that had fallen victim to the images.
Clint Watts, the general manager of Microsoft’s Digital Threat Analysis Center, said the practice is enhancing China’s AI rewards.
“When you keep pumping, high-volume, you get better every single day,” he said. “They’re not inventing anything new, but they’re watching what’s happening. And they’re looking at the tools that are available. And smartly, you know, they’re going to move to whatever those tools might be.”
Microsoft’s report mentioned several social media platforms affected by Chinese influence operations, and it provided examples in its report from Twitter, now known as X, which didn’t respond to a request for comment about the report on Wednesday night.
Beijing has limited the use of AI domestically, suggesting that it recognizes its potency.
Chinese companies have been experimenting with similar AI-generated video technology for years. China’s official news agency, Xinhua, unveiled AI-powered news anchors in 2018, developed in partnership with Chinese tech firm Sogou. Other state-run media have since launched similar projects.
As publicly accessible AI generative-image programs were gaining broad public attention last year, authorities in Beijing quickly recognized the potential to influence its own political environment.
The Cyberspace Administration of China (CAC) and other internet agencies released a raft of regulations around AI — including one that banned the dissemination of AI-generated images and videos in the country without a watermark. Users are also required to register for services using their real phone number, which is linked to their national ID number, making the content traceable.
The CAC said such AI-generated content has the potential to “endanger national security and social stability.”
ChatGPT and other similar programs were swiftly banned in China. Leading Chinese internet companies, including Alibaba and Baidu, have launched their own much more restricted programs, with long waitlists for trial access.
Beyond its use of AI, China has enhanced its tactics and focus in other ways, according to the Microsoft report.
“Chinese online influence campaigns have long relied on sheer volume to reach users through networks of inauthentic social media accounts,” it states. “Since 2022, however, China-aligned social media networks have engaged directly with authentic users on social media, targeted specific candidates in content about US elections, and posed as American voters.”
China has also harnessed the power of social media influencers who are affiliated with state media, Microsoft said.
The two things that China has achieved that are “incredible” with its influence operations are scale and centralization, or amassing a vast number of human influencers who send out a great number of messages in at least 40 languages, with most of the accounts originating in China, Watts said. Those accounts have reached a combined following of more than 103 million people across all major western social media platforms, according to Microsoft.
- “No other country really can do that,” Watts said of the scale and centralization. “And you can say the same for the cyber activity. They invest very heavily. They conduct a lot of activity. And because you do a lot of activity, some of it is successful. Ultimately, it’s an investment.”
- “I think the other part of it is they’re building capability in places where they just didn’t have it before,” Watts added. Comparing China now with the advent of Russian troll farms that appeared prominently in the 2016 U.S. elections, Moscow’s efforts then look “tiny,” Watts said.
Top cyber official accused of workplace misconduct in two reports from 2015 and last year
Anne Neuberger, the National Security Council’s deputy national security adviser for cyber and emerging technology, faced workplace misconduct allegations in two incidents dated in 2015 and last year, the Intercept’s Noah Kulwin and Sam Biddle report.
Neuberger’s previous tenure at the National Security Agency led to a 2014 inspector general investigation of allegations that she created a hostile work environment by berating, undermining and alienating colleagues. A subsequent 2015 report concluded that “there was not enough evidence to sustain allegations that Neuberger fostered a hostile work environment, but … she violated NSA policy by disrespecting colleagues,” according to the outlet.
- Neuberger at the time denied the allegations and argued that they stemmed from gender bias in her NSA department, according to letters. “I strongly disagree with the tentative conclusions of the OIG inquiry (that I sometimes failed to exercise courtesy and respect in dealing with fellow workers),” she wrote. “I firmly believe that I treated everyone with the respect and courtesy they deserved,” she added.
- “I worked at all times to be respectful and to listen to folks’ views,” she later wrote in a letter after the IG’s conclusions were released. “However, I also held folks accountable. Some people didn’t like that.”
- An anonymous woman told the Inspector General that when she was tapped at the time to be the NSA’s chief risk officer, there was instant angst among employees because of her “horrible reputation.”
Eight years after that incident, a female senior official in the Cybersecurity and Infrastructure Security Agency in the fall of 2022 filed a complaint against Neuberger, who had since joined NSC in her current role, alleging that she “pointed at the door and ordered her out like a child during a meeting with U.S. cybersecurity colleagues and a delegation of visiting Indian government officials,” Kulwin and Biddle write, citing three people familiar with the matter.
- CISA declined to comment to the Intercept, and the White House did not return responses to their inquiries.
The report comes months after a story from Bloomberg News that said Neuberger’s behavior was a large contributor to former national cyber director Chris Inglis’s departure from the Biden administration.
Compromised Microsoft engineer’s account led to recent Chinese hack of U.S. officials, company says
A recently disclosed Chinese hack of Commerce Department and State Department officials’ emails was linked to a Microsoft engineer’s compromised corporate account, the tech giant announced in a Wednesday blog post.
The penetrated account allowed the hacker group, dubbed by Microsoft as Storm-0558, allowed them to steal thousands of email exchanges from Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink, as well as Rep. Don Bacon (R-Neb.).
- The hackers leveraged a stolen Microsoft signing key used by the company to authenticate customers, allowing them to masquerade as federal users of Microsoft’s email services and access officials’ inboxes.
- That stolen key was leaked in an April 2021 “crash dump” that records some information when processes on a computer crash. The crash dump should not have contained the key, Microsoft said.
- The particular contents of that crash dump were moved to a company-owned, internet-connected debugging environment, allowing the hacking group to pilfer the key and access the engineer’s account, Microsoft said in the blog.
Sen. Ron Wyden (D-Ore.), who previously asked the Justice Department and Federal Trade Commission to investigate the incident, criticized Microsoft in the wake of the company’s blog post.
- “Following the SolarWinds hack, Microsoft told the Senate Intelligence Committee that hardware security modules were the best way to protect encryption keys from theft. The post-mortem published today fails to explain why Microsoft did not follow its own advice when it came to protecting consumer encryption keys,” Wyden told our colleague Joseph Menn. “Microsoft deserves credit for providing additional details about the hack, however it has an obligation to explain why it deviated from best practices and its own advice when it came to protecting highly sensitive encryption keys,” his statement adds.
A top cyberdefender at Google-owned Mandiant suggested that the hackers’ tactics could present a teachable moment. “The crash data accessed, and potentially targeted by the actor, could be used to develop exploits for broader use against related products. The actor’s presence in this system may have something to teach us about their evolving tactics,” John Hultquist, chief analyst at Mandiant, told The Cybersecurity 202 in a statement. He later added that Mandiant has “seen state actors going after researchers and internal vulnerability data in the past, and in this case, it may indicate an effort to target debugging data as well.”
- Our colleague Joseph reported for Reuters in 2017 that Microsoft’s secret internal database for tracking bugs in its own software was breached by a hacking group in 2013, but the company did not publicly disclose the matter.
Intelligence community working to woo Section 702 skeptics
The intelligence community is working to convince skeptics to support the renewal of a contentious surveillance authority, organizing meeting this month for public interest groups to speak with intelligence officials in Washington on the spying power that is set to expire at the year’s end, Ryan Lovelace reports for the Washington Times.
The Office of the Director of National Intelligence requested a meeting with the groups, according to an invitation viewed by the outlet.
- The spying authority — Section 702 of the Foreign Intelligence Surveillance Act — allows the FBI and National Security Agency to gather electronic data without a traditional warrant based on probable cause when the target is a foreigner overseas and it’s for foreign intelligence purposes. But those intercepted exchanges sometimes include conversations with Americans, raising concerns that U.S. communications are being warrantlessly targeted in the process.
- The intelligence community, calling it a boon for national security, will only be authorized to keep using the surveillance power if Congress re-ups it before it expires at the end of this year.
The meeting requests have prompted mixed reactions around Washington. “Cato Institute senior fellow Patrick Eddington received his invitation earlier this month and said he has no intention of attending,” Lovelace writes.
“Since last August at least, the ODNI & other IC elements have been lobbying the House and Senate to reauthorize the FISA Section 702 program, despite its 15-year history of serial abuses of Americans’ Fourth Amendment rights,” Eddington told the outlet.
Additionally, FBI Director Christopher A. Wray and other bureau officials met with Senate Judiciary head Richard J. Durbin (D-Ill.) on Tuesday to discuss 702, according to the outlet. “As I’ve said before and reiterated to Director Wray today, I will only support the reauthorization of Section 702 if there are significant reforms addressing the warrantless surveillance of Americans,” Durbin said in a statement to the outlet.
- Demand Progress, the American Civil Liberties Union, the Project on Government Oversight, the Electronic Privacy Information Center and the Center for Democracy and Technology will be among the groups attending the ODNI meeting, CyberScoop’s Tonya Riley reported.
CISA is wrapping up cyber incident reporting rule, director says (The Record)
Cybersecurity investments boost profitability, resilience: White House (Cybersecurity Dive)
U.S. lawmaker calls for ending Huawei, SMIC exports after chip breakthrough (Reuters)
Georgia prosecutors in Trump election case estimate four-month trial (Holly Bailey)
Cyber professionals say industry urgently needs to confront mental health crisis (CyberScoop)
Cyber company IronNet furloughs workers, explores bankruptcy (Wall Street Journal)
The government isn’t sure how to get small hospitals to take cybersecurity seriously (The Messenger)
Malicious Chinese code in Korean gear is just the tip of the iceberg (Bloomberg News)
China bans iPhone use for government officials at work (Wall Street Journal)
AUKUS partnership success hinges on export controls for sensitive tech, officials say (Nextgov/FCW)
How China demands tech firms reveal hackable flaws in their products (WIRED)
University of Michigan requires password resets after cyberattack (Bleeping Computer)
AT&T customers doxed themselves en masse in reply-all nightmare (Motherboard)
See Tickets says hackers accessed customers’ payment data — again (TechCrunch)
U.K. pulls back from clash with Big Tech over private messaging (Financial Times)
Government denies U-turn on encrypted messaging row (BBC News)
If you’ve got a new car, it’s a data privacy nightmare (Gizmodo)
- Ben Purser joined the Institute for Security and Technology as its vice president for geopolitical risk. He joined from Meta, where he worked on the company’s strategic response team.
- Chris DeRusha, Anne Neuberger, Avril Haines and other U.S. cyber officials speak at the Billington Cybersecurity Summit in D.C. throughout this week.
Thanks for reading. See you tomorrow.
