Strange encounters with algorithmic content moderation; the “sovereign” Russian Internet shoots itself in the foot; Biden can’t escape Trump’s China decoupling; what the Microsoft Exchange hack tells us about cybersecurity information sharing (and Microsoft)
A Taste of the Future
Algorithmic content regulation is beginning to reveal its peculiarities. @Swiftonsecurity noticed that your Twitter account could get blocked by tweeting “Memphis”. He speculated that a Twitter staffer probably tried to block a street address, “but the postal syntax acted as an escape sequence, or the original was multi-line and they only pasted the city.” (Or maybe they were trying to kill Tom Hall’s famous song). Another person observed that he got locked out of Twitter by mentioning the acronym of the open source image editing software GNU Image Manipulation Program (GIMP) This was deemed “hateful conduct” by the code, and so trusting was Twitter of its new theory of woke semantics – in which specific character strings have only one fixed meaning to all people in all places and times, and if that string is deemed a slur, it must be blocked, regardless of context and intent – that it upheld the suspension after appeal. The fun will only increase as the algorithms start to govern multiple languages; you might be slurring someone in Hindi or Cantonese without knowing it. This could also evolve into a cybersecurity issue. Clever hackers may learn how to game these algorithms to disable adversary accounts, or (if learning algorithms are employed), train them to modify the code in ways intended to “act on objectives.” Expect more of this: with a growing chorus telling us that open social media are dangerous, the demand for interventions in content by platforms grows but such is the scale of social media that only automated, algorithmic rules and word-lists can meet that demand.
Two years ago Russia’s Duma proudly passed legislation giving would-be Supreme Internet regulator Roskomnadzor the power to control the Russian net with Deep Packet Inspection boxes, so as to protect Russia’s sovereignty in cyberspace. But when they finally got a chance to exercise that supreme and exclusive power, Roskomnadzor managed to disable access to 25% of Russia’s own internet. Upset with the way Twitter was being used to support dissent, Roskomnadzor programmed its DPI boxes to target the domain t.co, Twitter’s link-shortening service. But Roskomnadzor let loose a bad substring match that affected any domain with the characters “t.co” in it, such as microsoft.com, knocking out mobile internet for many Russians. Maybe making national states central controllers of a complex network of networks is not such a good idea after all.
Still downhill: US-China cyber relations
US-China cyber relations continue to deteriorate, despite the new Presidential administration. An application for an international cable from Hong Kong to the US was withdrawn on March 10 as the U.S. interagency committee known as Team Telecom expressed “concerns …about direct communications links between the United States and Hong Kong.” The Justice Department is still trying to get the FCC to withdraw China Telecom’s licenses giving them the right to operate in the U.S. Rightwing Republicans such as Marco Rubio threatened the confirmation of Biden’s Commerce Secretary, Raimondo, until she agreed to keep Huawei and other Chinese firms on the entity list for export controls.
Ironically, both countries seem to think their own platforms are a threat as well. A month after Chinese financial regulators squashed Ant Financial’s IPO and sidelined Jack Ma, antitrust regulators are considering levying a $1 billion fine against Alibaba. AliBaba’s large media holdings, including the South China Morning Post, are now seen as a threat to the Chinese Communist Party’s propaganda apparatus and the government is pushing for divestitures. In the U.S. the Biden administration appointed Tim Wu Special Assistant to the President for Technology and Competition and nominated legal academic Lina Khan to an open seat on the Federal Trade Commissionold. Wu and Khan are both advocates of aggressive government intervention against the platforms. Additionally, several key U.S. politicians – and Microsoft – are supporting old media (cable networks and print news) as they exploit anti-platform sentiment to get some kind of subsidies from Google and Facebook.
Information sharing in the real world
Tens of thousands of users around the world are thought to have been affected by exploits targeting Microsoft’s Exchange email software. Security firm ESET described the hack as a “pre-authentication remote code execution vulnerability chain … that allows an attacker to take over any reachable Exchange server, without even knowing any valid account credentials.” Compromising Exchange allows adversaries to read private emails, among other intrusions. Microsoft attributed the activity to a state-sponsored Chinese group it named Hafnium. Predictable calls for militant response followed. But isn’t this diverting attention from a more responsible party?
The Hafnium/MS Exchange hack reveals a lot about the information sharing ecosystem underlying cybersecurity. The vulnerabilities were discovered not by Microsoft, but by Volexity and then a well-known vulnerability researcher known as Orange Tsai, who informed Microsoft on January 5, 2021. A blogpost by Volexity claimed that exploitation had already started two days earlier. According to Security Now!, “Microsoft first learned of this as a CRITICAL, five-alarm, easy-to-exploit pre-authentication attack against Exchange Server at the start of January. Then, by the end of January (the 27th) and the start of February (the 2nd) they learned from two additional independent firms that the vulnerabilities were now under active exploitation. But they did not act.” Instead, it waited. Eventually, it blamed its information-sharing program called the Microsoft Active Protections Program (Mapp), which reveals sensitive information about vulnerabilities to cybersecurity companies to help them detect and remediate threats. Mapp includes about 80 security companies world-wide, about 10 of which are based in China. According to a report in the Wall Street Journal, some of the tools used in the Feb 28 wave of attacks “bear similarities to ‘proof of concept’ attack code that Microsoft distributed to antivirus companies and other security partners on Feb. 23.” But what really seems to have happened is that the disclosure shifted the intrusions from stealth mode, which MSFT allowed to continue for almost two months, into a scramble to take advantage of the vulnerability as quickly as possible. By February 28 the vulnerabilities were being used by at least 10 different APT groups targeting any Exchange user indiscriminately. Microsoft, not just the Chinese hacker groups, has a lot to answer for.