Cyber attacks, regional conflict, weapons of mass destruction, terrorism, industrial spyware, AI, misinformation, disinformation, deepfakes and TikTok. These are only a number of the top perceived threats facing the United States, in line with the U.S. Government Intelligence Agency's latest global risk assessment.
The unclassified report released on Monday – disinfected for public release – gave a candid, annual look into the U.S. intelligence community's collective awareness of the threats it faces to the U.S. homeland based on its vast stores of collected information. Now, in an election yr, top U.S. spies are increasingly citing latest technologies and cybersecurity as aspects in assessing the country's national security posture.
In one (n unclassified session Before the Senate Intelligence Committee on Monday, top leaders of the U.S. government's intelligence agencies – including the FBI, NSA, CIA and others – testified before lawmakers, largely to reply their questions on the present state of worldwide affairs.
This is what we learned from the hearing.
At least 74 countries use industrial spyware
In recent years, the U.S. government has turned its attention to the state-run spyware industry, which currently includes corporations equivalent to NSO Group and Intellexa, and formerly Hacking Team and FinFisher. In its annual report, the intelligence community wrote: “From 2011 to 2023, no less than 74 countries contracted with private corporations to obtain industrial spyware, which governments are increasingly using to focus on dissidents and journalists.”
The report doesn’t make clear where the intelligence community got that number, and the Office of the Director of National Intelligence didn’t reply to a request for comment looking for clarification.
But last yr, the Carnegie Endowment for International Peace, a think tank in Washington, D.C., has published a report on the worldwide spyware industry which covered the identical number of nations and the identical data because the intelligence community's latest report. Reference is made to the Carnegie report written by Steven Feldstein and Brian Kot Data that the 2 of them collectedwhich they said got here from sources equivalent to digital rights groups and security researchers who’ve studied the spyware industry, equivalent to Citizen Lab, the Electronic Frontier Foundation and Privacy International, in addition to news reports.
It is vital to notice that the Carnegie dataset, as the authors explained last yrThis includes what we call government or industrial spyware, tools for hacking and remotely monitoring targets, equivalent to those made by NSO and Intellexa. But this also includes digital forensic software that extracts data from phones and computers which can be physically within the possession of the authorities. Two of probably the most well-known manufacturers of one of these tool are Cellebrite and Grayshift, each of that are widely used each within the United States and in other countries.
The US says it’s struggling to combat ransomware
The U.S. says ransomware poses an ongoing risk to U.S. public services and demanding infrastructure as cybercriminals linked to ransomware “increase their attacks, extort funds, disrupt critical services and expose sensitive data.”
Ransomware has turn into a worldwide problem as hacker gangs extort ransom payments, sometimes amounting to tens of millions, from corporations in an effort to get their stolen files back. Some cybersecurity experts have called on governments to ban ransom payments entirely if mandatory to stop hackers from making the most of cybercrime.
But the US has shunned that view and brought a distinct approach, selecting to systematically disrupt, exhibit and sanction a number of the worst offenders based in Russia and beyond the reach of US justice.
“Without cooperative law enforcement from Russia or other countries that provide a refuge or permissive environment for cybercriminals, containment efforts will remain limited,” the threat assessment said. In other words, so long as Russia – and another hostile states – don’t hand over on their criminals, ransomware will proceed to be the snowfall of the current.
The US warns against the increasing use of AI in influence operations
The use of generative AI in digital influence operations is just not latest, however the widespread availability of AI tools lowers the barrier for malicious actors to have interaction in online influence operations equivalent to election interference and the generation of deepfakes.
The emergence of detailed and convincing deepfake images and videos plays a job in information warfare by intentionally sowing confusion and discord and pertains to Russia's use of deepfake images against Ukraine on the battlefield.
“Russia’s influence actors have adjusted their efforts to higher conceal their hand and should use latest technologies equivalent to generative AI to enhance their capabilities and reach Western audiences,” the report warned.
Rob Joyce, director of cybersecurity on the NSA, said in early January that foreign hackers are using chatbot tools to generate more convincing phishing emails, but that AI can be useful for digital defense.
The report also noted that China is increasingly experimenting with generative AI, noting that TikTok accounts operated by a Chinese military propaganda arm “allegedly targeted candidates from each political parties through the 2022 U.S. midterm elections “.
There are not any laws stopping US spies from buying data from Americans
U.S. spy agencies have adopted a well-liked practice: Why get a search warrant for data when you possibly can just buy it online? Given the quantity of knowledge we share through our phone apps (which many don't give a second thought to), U.S. spy agencies are simply buying up vast stocks of commercially available location data and Americans' web traffic from the info brokers.
How is that this legal? After a transient exchange with the pinnacle of the Defense Intelligence Agency – one in every of the agencies confirmed having purchased access to a database containing location data on Americans – Senator Ron Wyden noted that the practice is permitted because there isn’t any constitutional or legal limit on purchasing commercially available data.
In other words, U.S. spy agencies can proceed to purchase data about Americans that is quickly available for purchase until Congress puts an end to the practice—even when the basis of the issue is that data brokers shouldn't have our data in the primary place .
