Disinformation, AI and ‘cyber chakravyuh’
Relevance: GS Paper III
Why in News?
The year 2024 had dawned with forebodings of a new wave of security threats, and security specialists the world over, had braced for a wave of attacks along a wide spectrum.
More About the News:
- Security specialist’s concern essentially stemmed from fears arising out of new threats posed by Artificial Intelligence (AI) and its different manifestations, including Generative AI and Artificial General Intelligence (AGI). Together with the expanding horizons of disinformation and cyber threats, the outlook seemed distinctly gloomy.
- The 33rd Summer Olympic Games in France, during July-August 2024, were seen as a real and tempting target for digital, including cyber and other criminals. Experts across the world were, hence, bracing themselves for digital attacks of a kind they had not encountered hitherto, quite apart from those launched by known terror groups.
- Such fears were not unfounded, given the rising profile of both AI and cyber, and the consequential increase in disinformation attacks.
Cyber attacks in 2024 and in the past:
- The year started seeming to confirm the prognosis that 2024 may well be the year when the world confronts a cornucopia of security threats. Disinformation was already having a field day in the run up to the elections in Taiwan in January 2024, and the atmosphere was loaded with fake posts and videos, causing widespread confusion.
- This was attributed to China, but we live in a world today where nothing is what it seems.
- A combination of cyber attacks and AI-enabled disinformation had and is still, causing grave havoc in the conflict in Ukraine.
- Ukraine is a good case study of how two sides in a conflict could employ disinformation — including AI-enabled disruption — against one another, to each other’s disadvantage.
- Together with cyber attacks, this has led to major disruptions in critical infrastructure, including telecommunications and power grids.
- The world had a preview of what could happen, or is in store, in the event of a massive cyberattack, whether AI-enabled or otherwise. A ‘glitch’ in a software update concerning Microsoft Windows caused a massive outage, which initially affected parts of the United States, but rapidly spread to different parts of the globe, including India. It disrupted flight operations, air traffic, stock exchanges and more. The Indian Computer Emergency Response Team (CERT-IN) issued a severity rating of ‘critical’ for the incident.
- This was, however, not a cyberattack, but it provided a preview of the kind of disruption that could take place in the event of a cyberattack.
- According to Microsoft, over eight million Windows devices failed, leading to global disruption on a massive scale.
- The world may, or may not, remember the widespread disruption that occurred in 2017 in the wake of the WannaCry ransomware attack employing the WannaCry ransomware cryptoworm, which infected well over 2,30,000 computers in 150 countries, resulting in damage amounting to billions of dollars.
- The same year witnessed another cyberattack using the Shamoon Computer Virus which was directed mainly against oil companies such as SA ARAMCO (Saudi Arabia) and RasGas (Qatar), and was labelled, at the time, as the ‘biggest hack in history’.
- Again, around the same period, a cyberattack involving the ‘Petya’ Malware severely affected banks, electricity grids and a host of other institutions across Europe and the United Kingdom, as also the U.S. and Australia.
- Few cyberattacks have, however, had a more devastating impact than that caused by the Stuxnet ‘attack’ in 2010. Over 2,00,000 computers were impacted and physically degraded as a result.
- Stuxnet was a malicious computer worm, believed to have been in development for nearly five years, and specifically targeting supervisory control and data acquisition systems.
- The target in this case was the Iran nuclear programme, leading to the inference that it was state sponsored.
Growing cyber threats:
- While the potential threat posed by AI disinformation looms large across the global landscape, for ordinary individuals, cyber is already a persisting threat.
- The number of victims of cyber fraud and cyber hacking has grown exponentially in recent years.
- Our day-to-day existence is threatened by fraudsters posing as delivery company agents and making delivery attempts, and, in the process, obtaining personal information for malicious use.
- There is today a rising curve of false credit card transactions, obtaining personal information in the process to defraud unwitting individuals. Compromising business e-mails is on the increase.
- One of the most widespread cyber frauds is ‘phishing’, that involves stealing personal information such as customer ID, credit\debit card numbers, and even PIN. The list is extensive and extends to ‘spamming’ as well (where someone receives unsolicited commercial messages sent through one of the many electronic messaging systems). ‘Identity theft’ is among the most serious dangers that has now become widespread.
- What was, however, evident was that the advent of AI seemed to have made it far easier to spread disinformation cloaked in the garb of reality. AI was the principal, though not, perhaps, the sole culprit.
- It is indeed true that spreading disinformation has become far easier with the advent of AI. Deep fakes, comprising digitally manipulated video, audio, or images, repeatedly hit the headlines today, causing a miasma of disinformation. The truth is revealed much later — and after the damage has been done.
Way Forward:
- Awareness of the growing danger of digital threats is but the first step in the battle against cyber and AI-directed threats.
- Unauthorised use of Generative AI content has already become the stock-in-trade of digital bullying. Preventing this demands a great deal of effort and adequate budgetary allocations — whether in the private or public domain.
- More than anything else, potentially dangerous digital technologies require more, and the specific, attention of those in-charge, specially in the case of democracies.
- Awareness about digital bullying and other forms of manipulation is fundamental if we are to prevent situations getting out of hand.
- More than anything else, there is a need to create a realisation that the struggle against digital threats calls for coordinated action. Also, a realisation that nations, especially democracies, are today under attack from a new and different source.
Beyond Editorial: Indian Computer Emergency Response Team (CERT-IN)
|