Fabricated Digital Evidence, the Return of AlphaBay and the Kenyan General Elections… the Tech News Digest is back!

By Daniel Haltmeier

Dear Reader,

Welcome to the seventh bi-weekly Tech News Digest, provided by the GISA Technology and Security Initiative (TechSec). After a break of two weeks because of final exams, our Tech News Digest returns this week in full force. Our goal here is to give you an easy-to-read update of what has been happening lately in the world of technology and security. To do so, we pick the top news stories from the last two weeks and present a short summary. Should you be interested in knowing more, just follow the links below the respective paragraphs.

How to get more arrests: Indian Police Edition 

Here’s a challenge for communication and PR experts: How do you defend a police force that has (reportedly) planted digital evidence on activists’ computers and then arrested them…? If you are by chance such a PR expert and have a strategy in mind, the Pune City Police (PCP), a city in India, might be interested in hiring you.

Indian police are surely not the only police force to use hacking tools to gather evidence about and track protesters, activists and criminals. However, the PCP has allegedly taken this to the next level by using hacking tools to not only gather but also plant incriminating evidence. Last year, forensic analysts found out that hackers fabricated evidence on the personal devices of activists wo were arrested in Pune (India) in 2018 and now face terrorism charges. Security researchers have now linked these hackers to the Indian police force located in that very same city. What’s worse, they have encountered hundreds of other victims that have either been spied on or hacked by the police.

The hacking campaign by the PCP used spyware provided by the Israeli NSO Group or well-known malware such as NetWire which allows to add files on a compromised device. Forensic analysts grew suspicious when they discovered .docx files that had been written with MS Word versions that had never even been installed on the victim’s device. These files were later used as evidence against the victims. The analysts even found the attack vector for the NetWire malware by analyzing the attachments of the victim’s emails and finding the compromised file.

But how could these hacks be linked to the Indian police? The hackers changed the account settings to include a recovery email where they had access. Even if the victims reset their passwords, hackers could have easily regained access to their accounts. This recovery data (e.g. mails and phone numbers) could be linked to the PCP.

The Pune City Police and the officers’ data that has been detected have so far declined to comment

Read more about this on WIRED or SCROLL.IN.

Disinformation and online hate speech in the Kenya elections

The Kenyan general elections are right around the corner and in these last weeks before the grand day (August 9th), reports of disinformation and hate speech on TikTok have exploded. The Mozilla foundation has so far counted over 130 viral videos that target Kenyan voters with topics ranging from disinformation to violent, ethnically discriminatory narratives. Concerns over violence have also been raised outside the Chinese platform.

The political landscape in Kenya has not been stable and Kenyan democracy has been challenged in the past. In the aftermath of the 2017 elections, more than 100 people were killed in ethnic clashes. Online disinformation and hate speech is now stirring up historic tensions.

Most of these videos are in violation of TikTok’s own policies and guidelines. Nevertheless, many of these videos have become viral with view counts of up to 500’000 and counting. One reason for the spread of prohibited content on the platform is that TikTok has a history of assigning content moderators that are unfamiliar with local contexts or languages. After the publication of the Mozilla Foundation’s report TikTok has started to remove some of the problematic videos.

Read more about this on AL JAZEERA or TechCrunch.

AlphaBay is back and ready to reconquer the darknet

It’s been five years since a collaborative effort of many national police forces has led to the takedown of the then biggest darknet marketplace: AlphaBay. However, the takedown doesn’t seem to have had long lasting effects because AlphaBay is back and growing stronger every day. Hence, criminals and others can now again engage in the trade of cybercrime services or narcotics on this underworld market.

While it is common that for every marketplace takedown a new darknet marketplace appears, it is rather rare that the original marketplace itself returns. For AlphaBay this was the case because the international law enforcement operation in 2017 only led to the arrest of the head of AlphaBay, but his deputy (a guy with the nickname DeSnake) suddenly reappeared 10 months ago and restarted the whole thing. Because of a number of other takedowns and some mysterious disappearances of rival marketplaces, AlphaBay is now back at the top of the darknet market ratings, at least when measured by the number of listings (product offers) on the site. 

AlphaBay 2.0 has made a few improvements compared to its original version. It now for example only accepts the privacy-oriented cryptocurrency “Monero ” and no longer allows payments to be made in Bitcoin. However, running AlphaBay 2.0 is a risk for DeSnake and other collaborators who were already involved in the first version, as the takedown of the former darknet market could provide many leads on their identity. It is therefore only a question of time until law enforcement will refocus its attention on DeSnake and AlphaBay 2.0. 

Even though AlphaBay’s growth in the last few months has been remarkable and it is again the most popular market of the digital underworld, it is nowhere near as big as it’s original version was. It remains to be seen whether the marketplace will be able to reconquer all it has lost.

Read more about this on WIRED. 

Has Google really developed a “sentient” AI? Probably not.

Blake Lemoine, a Google engineer, has raised the alarm about Google’s Artificial Intelligence (AI) LaMDA. LaMDA is an AI that can chat with humans on a text basis and Lemoine became concerned as it was increasingly difficult to distinguish messages sent by LaMDA from texts by real human beings. This led him to the point when he finally raised the alarm about a potentially sentient Artificial Intelligence which would be not only a scientific breakthrough but also the realization of some people’s biggest fear. 

He decided to finally go to Google’s management and to the public when the AI itself told him that it was sentient. However, this is precisely where the problem lies. In a now published conversation between Lemoine and the LaMDA, Lemoine asked the AI “I’m generally assuming that you would like more people at Google to know that you’re sentient. Is that true?”. This is a leading question and LaMDA is trained to respond to inputs in textual form by providing a textual reply that engages with the input. Or to cite the Atlantic: “A Google engineer became convinced that a software program was sentient after asking the program, which was designed to respond credibly to input, whether it was sentient. A recursive just-so story.”

It is highly unlikely that the AI is sentient. It is however interesting to see how the claim by Lemoine has caused a media frenzy and even caused doubts in some experts’ minds about Asimov’s third law of robotics. It might therefore be necessary to come back to Joseph Weizenbaum’s 1976 book where he writes about his experience after he had programmed one of the first chatbots in the 1960s (called Eliza). Eliza was programmed to behave like a therapist. Weizenbaum’s co workers went bananas over the chatbot and started to use it as a real company therapist and Weizenbaum started to freak out. Thus, he writes: “What I had not realized is that extremely short exposures to a relatively simple computer program could induce powerful delusional thinking in quite normal people.” 

Blake Lemoine has been put on administrative leave for his violation of Google’s non-disclosure policy. Google disputes the claim that its AI is sentient. 

Read more about this on THE ATLANTIC or CNN. 

We’ll all soon have the same chargers for most of our devices (yay!)

If you follow us on Instagram or have joined our initiative member’s chat you already know this story. The EU commission has finally (after decades) decided that starting from 2024 all phones and starting from 2026 all laptops sold on the European market have to use the USB-C charger. Many other devices such as tablets, e-readers or portable speakers are also included in the law. 

The new law will mostly affect Apple and its products that use the lightning charger. However, there are also other tech companies who have so far resisted the trend towards universal chargers. Apple has however apparently been expecting this and has already tested Iphone models using the USB-C charger.

According to the EU, the new law could not only make user’s lives a lot easier, it would also lead to a reduction of electronic waste in the form of incompatible chargers. Given the importance of the European market, the change might very well have an impact on the use of chargers worldwide. One critique of the EU’s move is however that the law could slow down innovation towards more widespread wireless charging which would have an even more dramatic impact on electronic waste.

The law still needs to be formally approved. However, it is expected that the law will pass.

Read more about this on THE WASHINGTON POST.  
If you would like to hear more tech news, participate in events related to technology and security or learn practical technology skills, consider following us on Instagram, LinkedIn or join our Initiative as a member!