slider

Netizen: Monday Security Brief (8/19/2024)

Today’s Topics:

  • OpenAI Shuts Down Iranian Influence Campaign Leveraging ChatGPT
  • Ransomware Attack Cripples Flint, Michigan’s Online Services: City Scrambles to Restore Operations
  • How can Netizen help?

OpenAI Shuts Down Iranian Influence Campaign Leveraging ChatGPT

Last Friday, OpenAI announced the suspension of several accounts tied to a covert Iranian influence operation known as Storm-2035. This campaign used OpenAI’s ChatGPT to generate content aimed at swaying opinions around the U.S. presidential election and other hot-button issues. The operation has raised alarms about the potential misuse of artificial intelligence in geopolitical schemes.

The Storm-2035 operation focused on creating content that targeted audiences across the political spectrum in the United States. According to OpenAI, “This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as Storm-2035.” The content spanned topics from U.S. politics to the Gaza conflict, Israel’s role in the Olympic Games, and politics in Venezuela.

The operation aimed to stir division by engaging with both conservative and progressive audiences, appearing to align with their respective viewpoints. The articles were published on five websites posing as legitimate news outlets, each tailored to appeal to different segments of the U.S. population. “The first workstream produced articles on U.S. politics and global events, published on five websites that posed as both progressive and conservative news outlets,” OpenAI noted.

Despite its widespread efforts, the operation didn’t really take off. OpenAI pointed out that most of the content didn’t get much attention on social media platforms. “Similar to the covert influence operations we reported in May, this operation does not appear to have achieved meaningful audience engagement,” the company explained. Using Brookings’ Breakout Scale, the operation was categorized as being at the low end of Category 2. This means that while there was some activity across multiple platforms, there was no sign that real people picked up or widely shared the content.

The operation’s limited success extended beyond social media. OpenAI found “no indication that the web articles created using ChatGPT were shared on social media platforms.” Moreover, the attempt to generate engagement by mixing political content with lighter posts about fashion and beauty—probably to appear more authentic or build a following—also fell flat.

Storm-2035 used ChatGPT to create both long-form articles and shorter social media comments in English and Spanish. These were posted across multiple accounts on platforms like X (formerly Twitter) and Instagram. The operation had a strategy: asking ChatGPT to rewrite existing social media comments to push the campaign’s agenda. “Some of the X accounts posed as progressives, and others as conservatives. They generated some of these comments by asking our models to rewrite comments posted by other social media users,” OpenAI elaborated.

The topics covered were diverse, ranging from U.S. domestic politics to international issues like the Gaza conflict and Scottish independence. This content was then strategically mixed with lighter topics like fashion to create a more diversified and seemingly genuine online presence.

The disruption of Storm-2035 is part of a broader effort by tech companies and governments to combat foreign influence operations. Microsoft, for example, had previously highlighted the activities of Storm-2035 in its reports, describing it as an Iranian network “actively engaging U.S. voter groups on opposing ends of the political spectrum with polarizing messaging.” This network was known for trying to manipulate public opinion on issues like the U.S. presidential candidates, LGBTQ rights, and the Israel-Hamas conflict.

Additionally, Microsoft identified similar tactics used by other foreign influence operations, including those linked to Russian networks like Ruza Flood (also known as Doppelganger), Storm-1516, and Storm-1841 (also known as Rybar). These operations have been characterized by their use of AI and social media to amplify misleading or outright false information across multiple platforms.

One concerning trend in these influence operations is the evolution of tactics as they adapt to increased enforcement by social media companies and governments. For instance, Meta reported that Doppelganger had shifted its focus towards non-political posts and ads in an attempt to evade detection. These posts often spoofed entertainment and lifestyle news outlets, using compromised accounts to create ads that, when clicked, redirected users to politically charged content on counterfeit domains. “The posts contain links that, when tapped, redirect users to a Russia war- or geopolitics-related article on one of the counterfeit domains mimicking entertainment or health publications,” Meta noted.

The adaptation of such tactics highlights the ongoing challenge of securing democratic processes against foreign interference, particularly in the context of the 2024 U.S. election. As OpenAI pointed out, “Notwithstanding the lack of meaningful audience engagement resulting from this operation, we take seriously any efforts to use our services in foreign influence operations.”

In response to these threats, OpenAI emphasized its commitment to transparency and proactive measures to prevent the misuse of its AI technologies. The company has been actively sharing threat intelligence with government agencies, campaign teams, and industry stakeholders to support a coordinated response against foreign influence operations. “OpenAI remains dedicated to uncovering and mitigating this type of abuse at scale by partnering with industry, civil society, and government, and by harnessing the power of generative AI to be a force multiplier in our work,” the company stated.

This collaborative approach is crucial as the methods used by influence operations continue to evolve. By leveraging AI tools to detect and disrupt these activities, OpenAI and other tech companies aim to protect the integrity of information and democratic processes worldwide.


Ransomware Attack Cripples Flint, Michigan’s Online Services: City Scrambles to Restore Operations

Flint, Michigan, USA – January 23, 2016: Downtown Flint, Michigan and it’s digital sign welcoming visitors.

The City of Flint, Michigan, finds itself in the throes of a severe ransomware attack that has left critical online services crippled since August 14, 2024. The attack, which has drawn the attention of both federal and state authorities, has had widespread repercussions, affecting various aspects of daily operations and leaving residents and city officials alike grappling with uncertainty.

The ransomware attack has hit Flint hard, especially in terms of its ability to process payments and maintain communication with its residents. The city’s core payment processing system, BS&A, was among the hardest hit. This disruption means that residents have been unable to make online or credit card payments for essential services like water, sewer, and taxes. In response, city officials have moved quickly to ensure that residents are not penalized during this period of turmoil. “We want to assure everyone that no late fees will be applied, and water shutoffs are not going to happen while we work through this,” a city spokesperson said.

Beyond payment processing, the attack has had significant implications for the city’s communication infrastructure. Flint’s GIS maps have been taken offline, and there are major gaps in the city’s email, phone, and voicemail systems. These disruptions have made it challenging for city employees to maintain regular contact with residents, adding to the overall sense of disarray.

Despite these setbacks, Flint’s public safety services, including 911, dispatch, law enforcement, and fire operations, have remained fully operational. Public works services, including waste collection and water utilities, are also functioning normally, providing some relief amid the chaos.

Flint Mayor Sheldon Neeley addressed the public with a mix of resolve and concern as the city continues to grapple with the fallout. “We are working tirelessly to resolve this issue and minimize the impact on Flint residents. I want to thank our staff and partners for their hard work and dedication during this difficult time,” Mayor Neeley stated.

The attack is being treated with the utmost seriousness, with both the FBI and the Michigan Attorney General’s Office now involved in the investigation. Cybersecurity experts have been called in to assess the full extent of the damage and to help the city in its recovery efforts. However, despite the best efforts of all parties involved, there is no clear timeline for when the city’s systems will be fully restored.

One of the most pressing concerns for city officials is the potential exposure of sensitive personal data belonging to Flint’s residents and employees. The city is actively investigating whether any such data has been compromised in the attack. “We are investigating whether resident or employee personal data has been impacted. As always, we encourage individuals to take action to protect themselves from identity theft,” read a statement from the city. This ongoing uncertainty has understandably left many residents feeling anxious and concerned about their personal security.

Flint’s struggles are part of a larger, disturbing trend that has seen municipalities and organizations across Michigan targeted by increasingly sophisticated cyberattacks in recent months. While the situation in Flint is particularly severe, other cities in the state have faced similar challenges, forcing them to take drastic measures to protect their systems and services.

Flint’s response, however, has been bolstered by the unfortunate fact that they are not alone in facing such challenges. The city is able to draw on tested resources and strategies from these previous incidents as it works to bring its services back online. Mayor Neeley expressed confidence that, despite the current difficulties, the city would emerge stronger and more resilient in the face of these cyber threats.

As the city works to restore normal operations, Flint has implemented several temporary measures to ensure that essential services can continue.

  • Payments: Given that the BS&A system is offline, residents are now limited to making payments via cash or check. While this is far from ideal, city officials have emphasized that it is a necessary step to prevent further disruptions.
  • Communication: The city’s phone and voicemail systems are currently unreliable, and while some employees are able to access email, communication remains a challenge. Residents have been urged to be patient and persistent in their attempts to reach city services.
  • Website Access: The city’s website, hosted on a separate server, remains largely intact, but several linked platforms, including the billing system and GIS maps, are unavailable. Despite these challenges, the website continues to serve as a vital source of information for residents seeking updates on the situation.

Public health services have fortunately remained fully operational throughout the ordeal. Flint residents can still access water testing kits and filters at designated locations, ensuring that this essential service remains uninterrupted.

While the full impact of the ransomware attack on Flint is still unfolding, city officials have been steadfast in their commitment to overcoming this crisis. The involvement of federal and state law enforcement agencies, as well as top-tier cybersecurity experts, underscores the seriousness of the situation and the city’s determination to address it head-on.

“We are working around the clock to restore our systems and to ensure that this kind of disruption doesn’t happen again,” said Mayor Neeley. The road to recovery may be long and fraught with challenges, but Flint’s leadership and residents alike remain hopeful that the city will emerge stronger from this ordeal.


How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 


Copyright © Netizen Corporation. All Rights Reserved.